Privacy 

Privacy Notice & Consent

Privacy

 

Virgin Money Australia, a division of Bank of Queensland Limited ABN 32 009 656 740 AFSL 244616, the issuer of the products (“we”, “our” or “us”) collects, uses and discloses your personal information, to consider and assess this application for a transaction and/or savings account and for other related purposes. If you apply for a credit card, then a reference to “we”, “our” or “us” includes a reference to Citigroup Pty Limited.

Our Privacy Policy, found at www.virginmoney.com.au, sets out how we collect and use your information, how you can access and correct information we hold about you (including credit reports and other credit information), how you can lodge a complaint and how your complaint will be handled. You can view Citigroup’s Privacy Policy at www.citibank.com.au/privacy.

Why we collect your information

We collect your information to:

  • Assess your application for our products and services
  • Carry out eligibility, device risk profiling  and other checks for onboarding
  • Create profiles using installed application information for the purpose of improving customer experience and security measures
  • Manage your account
  • Support financial activities, like payments and securitisation
  • Send you statements and other information
  • Let you know about features or offers of any rewards programs that may be part of your product
  • Respond to your questions
  • Solve your problems
  • Know what type of services are likely to be useful to you
  • Verify your identity and manage our relationship with you
  • Minimise risks and identify or investigate fraud, possible money laundering or terrorism financing activities or other illegal activities
  • To comply with laws and assist government or law enforcement agencies
  • Develop a better understanding of your needs using information we have about you or our other customers (transaction information), we may combine data from other sources such as third party websites or the Australian Bureau of Statistics.

We may collect your Tax File Number (TFN) in order to calculate our tax withholding obligations. You are not required to provide your TFN, but if you do not, we may be required to withhold amounts from you and remit them to the Australian Taxation Office.

We may also create behavioural information derived from the information sourced from you and our vendors. We may also collect your installed application information to help prevent financial crime.

If you choose not to provide us with the information we request, including data collected during the onboarding process, we may not be able to provide you with the requested products and services.

How we collect and share your information

Your information is collected directly from you wherever possible, encompassing personal and financial details, installed application information, biometric information like a selfie photo of you, or how you use and interact with our app (such as how you type, click, scroll and swipe). We may collect this information to generate a ‘behavioural profile’ that relates specifically to you, which we can use to identify unusual behaviour.

You may also choose to share full name, mobile number & email address information for specific contacts from your mobile devices contacts list when you use our mobile app. This information will be used to add new payee details to make adding a payee easier.

We may also need to collect information and/or combine information from other sources and share this information with other entities to deliver our products or services to you which may include marketing our own products and can include credit providers, our corporate partners, service providers administering online verification of your identity and credit reporting bodies (CRBs), regulatory bodies and government agencies, courts and external dispute resolution schemes, our agents, contractors and professional advisers who assist us in providing our services, your referees and guarantors, your or our insurers, and organisations that carry out functions on our behalf including mailing houses, data processors, researchers and analysts, system developers or testers, accountants, auditors and lawyers.

While we share your information with them, these partners are not able to disclose it to others or use it for purposes other than the delivery of Virgin Money products and services unless you have provided consent. We do not sell your personal information to other entities for marketing purposes or allow other entities to do this.

We may also use the information collected to verify your identify electronically using government sources and/or credit reporting agencies in line with our Electronic ID Verification Procedures. Note that if you do not wish to be identified electronically you can call us on 13 81 51 to discuss alternate options for identification. This may include situations where you do not wish that we use your credit information file for the purpose of verifying your identity.

Sometimes we may need to check your information with our various databases and external service providers and other third parties who may be located outside Australia in countries including New Zealand, Philippines, Thailand, China, India, the United States of America, Singapore, United Kingdom, Spain, Israel, and the Netherlands.

We may provide you with direct marketing, if you do not wish to receive direct marketing from us please update your marketing preferences in the Virgin Money App.

You acknowledge that:

  • You agree to the collection, use and sharing of
  • your information as outlined here and in the
  • If you apply for a credit card, then in respect of that credit card application you acknowledge that by consenting to Citigroup disclosing your personal information to overseas recipients, those recipients may not be subject to obligations similar to the Australian Privacy Principles.
  • All the information you have provided to us is complete and correct and that we may rely on this information for the purpose of assessing this application.
  • Where there are changes to your personal details, you agree to notify us as soon as possible.

How do we protect personal information?

We take all reasonable steps to protect your personal information (including credit information and credit eligibility information) from misuse, loss and unauthorised access, modification or disclosure. These include:

  • using appropriate information technology and processes;
  • restricting access to your personal information to our employees and those who perform services for us who need your
  • personal information to do what we have engaged them to do;
  • protecting paper documents from unauthorised access or use through security systems we deploy over our physical
  • premises;
  • using computer and network security systems with appropriate firewalls, encryption technology and passwords for the
  • protection of electronic files; and
  • requesting certain personal information from you when you wish to discuss any issues relating to the products and services we provide to you.

Whilst we take reasonable measures, no data transmission over the Internet can be guaranteed as fully secure and accordingly, we cannot guarantee or warrant the security of any information you send to us using our online forms or products. You submit information over the Internet at your own risk.

If we no longer require your personal information (including credit information and credit eligibility information), we will take reasonable steps to destroy or de-identify it unless we are required to keep it by law.

We train our staff to respect your privacy and keep your personal information confidential, and we ask the same standards of our service providers.

Are your online transactions secure?

We ensure your protection with Transport Layer Security (TLS) which secures communications between your web browser and the server by encrypting your data, converting it from plaintext to cipher text making the data unreadable to prevent anyone from reading or changing it.

Transport Layer Security (TLS) does this by:

Server authentication

Communications between your browser and the web server are encrypted to secure transmitted data. The web server sends a digital certificate to your device computer so that you can be sure of its identity (and know that the connection transaction is protected and secure - you‘ll see a lock symbol on the top left bottom right of the browser window).

Client authentication

Your device computer authenticates itself to the server by showing its digital signature.

Encryption

When you log into our websites or applications, we encrypt data sent from your device to our systems so that no one else can decipher it.  We have a number of other ‘defence in depth’ systems to prevent unauthorised people from accessing your information.

See our comments above regarding the websites of third parties including those that are linked to our website.

Privacy Policy

What's Virgin Money's Privacy Policy all about?

This policy sets out how Virgin Money handles your personal information (including credit information and credit eligibility information) and explains the measures we have taken to make sure we abide by the Privacy Act 1988 (Cth), (Privacy Act) including Division 3 of Part IIIA and the Australian Privacy Principles as well as the Privacy (Credit Reporting) Code 2014 (CR Code).

It also aims to answer all the questions you might have about how we collect, hold, use and disclose your personal information (including credit information and credit eligibility information).

For the purposes of this Privacy Policy, “Virgin Money’’ or “we” means Virgin Money Australia, a division of Bank of Queensland Limited (ABN 32 009 656 740) and each of its related bodies corporate, including Virgin Money (Australia) Pty Limited ABN 75 103 478 897 and Virgin Money Financial Services Pty Ltd (ABN 51 113 285 395). Virgin Group Companies means businesses that are part of the Virgin family.

We may, in connection with particular services offer or provide to you, make other privacy disclosures to you or seek your authority to use your personal information in ways which are different from or more specific than those stated in this Privacy Policy. In the event of any inconsistency between the provisions of this Privacy Policy and those other disclosures, the other disclosures will apply.

These principles may not apply to certain records and practices relating to the employment relationship between us and our employees or to certain disclosures between related bodies corporate.

It is important that you read and understand this Privacy Policy.

What is 'personal information'?

“Personal information” is information or an opinion about a reasonably identifiable individual. The types of personal information that we collect and hold include the information you give us when you make an enquiry, register as a customer or apply for a product, including your contact details and general demographic and financial information.

We also collect and hold information about how you use our products and consume our services, including transaction and payment information, and details of any contact you have with our staff. We may also collect information regarding your internet activity (including your location) when you use our website, mobile app or online services.

Sensitive information

“Sensitive information” is a subcategory of personal information which includes information about your health. We may be required to collect sensitive information about your health in certain circumstances, for example when you make an application for assistance with financial hardship caused by illness or injury. We realise that this is often sensitive information and we will treat it with the highest degree of security and confidentiality.

What is 'credit eligibility information'?

“Credit eligibility information” is personal information that has been obtained from a credit reporting body (CRB) (e.g. a consumer credit report), or personal information that has been derived from that information, that is about an individual’s consumer credit worthiness.

The kind of information we might derive from a consumer credit report includes:

  • information which assists us to assess your suitability for credit;
  • information about your credit history with other credit providers; and
  • the likelihood of you being able to meet your commitments to us

What is 'credit information'?

“Credit information” is certain types of personal information that includes the following:

  • information about an individual, like their name and address, that we may use to identify that individual;
  • information about an individual’s current or terminated consumer credit accounts and an individual’s repayment history;
  • the type and amount of credit applied for in any previous consumer or commercial credit applications to any credit provider, where that credit provider has requested information;
  • information about an individual from a CRB;
  • information about consumer credit payments overdue for at least 60 days and for which collection action has started;
  • advice that payments that were previously notified to a CRB as overdue are no longer overdue;
  • information about new credit arrangements an individual may have made with a credit provider, in relation to consumer credit currently or previously held, to deal with any defaults or serious credit infringements by that individual;
  • information about court judgments which relate to credit that an individual has obtained or applied for;
  • information about an individual on the National Personal Insolvency Index; 
  • publicly available information about an individual’s credit worthiness; and
  • an opinion of a credit provider that an individual has committed a serious credit infringement of credit provided by that credit provider.

We will hold all of this information about an applicant for credit, a guarantor, or related person (e.g. a director of a company which has applied for credit).

Why do we collect personal information?

As a general rule, the collection, holding and use of your personal information (including credit information and credit eligibility information) will be necessary for us to provide you with particular products and services. This includes:

  • assessing your application for our products and services
  • assessing your eligibility for credit-related products
  • managing your account
  • sending you statements and other information
  • letting you know about features, rewards or offers you may be eligible to receive
  • responding to your questions
  • solving your problems
  • knowing what type of services are likely to be useful to you
  • verifying your identity
  • minimise risks and identify or investigate fraud, possible money laundering or terrorism financing activities or other illegal activities
  • to comply with laws and assist government or law enforcement agencies
  • develop a better understanding of your needs using information we have about you or our other customers (transaction information), data from other sources such as third party websites or the Australian Bureau of Statistics.

If you don’t provide us with your personal information or otherwise authorise us to collect this information from third parties, we may not be able to provide you with one or more of our products and services.

We may also use and exchange your personal information for other reasons where the law allows or requires us to do so. 

Is any of the information we collect required by law?

Yes, we may also collect your personal information to comply with legislative and regulatory requirements including, but not limited to, those imposed by the:

  • Superannuation Industry (Supervision) Act 1993
  • Superannuation Guarantee (Administration) Act 1992
  • Insurance Contracts Act 1986
  • Corporations Act 2001
  • National Consumer Credit Protection Act 2009
  • Anti-Money Laundering and Counter -Terrorism Financing Act 2006

Do you ever send me advertising materials?

From time to time, we may also use your personal information to let you know about other products and services from Virgin Money that you might be interested in. We might also want to let you know about products and services from Virgin Group Companies, partners, merchants and other companies.

What if I don't want to receive advertising materials?

That’s fine. Just let us know by calling us on 13 81 51, email us at privacy@virginmoney.com.au or change your marketing preferences via the Virgin Money App.

If you apply for any Virgin Money products and your application is declined, we may keep your details on file to let you know about future Virgin Money products.

How do we collect personal information?

We will ordinarily collect any personal information (including credit information and credit eligibility information) about you directly from you or where it is provided to us with your authority. For example, we collect personal information directly from you through forms you fill out when applying for our products and services, when you make a claim under an insurance policy or through your ongoing interaction with us.

When you call us on the telephone, we may monitor and in some cases record the telephone conversation for staff training and record keeping purposes. Further, when we communicate with you by email, we may use technology to identify you so that we will be in a position to know when you have opened the email or clicked on a link in the email.

When you use the Virgin Money App we may collect information about and/or monitor your activities, transactions, location, and behaviours.

We may also be required to collect personal information (including credit information and credit eligibility information) about you from a third party. These parties may include other credit providers or financial institutions, your representatives such as financial advisers or accountants, your insurers, publicly available sources (e.g. telephone directories), brokers, referrers or other intermediaries, government agencies (e.g. Centrelink) and CRBs. 

Sometimes we may be required to collect sensitive health information about you from a third party, for example a doctor or a hospital.

Further, if personal information about you is collected by third parties on any website you have accessed through our websites or mobile app, we may also collect or have access to that information as part of our arrangement with those third parties.

We may also collect basic personal information about third parties (e.g. an employer or a health provider) if provided by you as part of providing our services

Online links to Third Party and Co-Branded sites?

Virgin Money may establish relationships with business partners that allow visitors to our website or the Virgin Money App, to link directly to sites operated by these partners. Some of these sites may be ‘’co-branded” with our logo; however, these sites may not be operated or maintained by or on our behalf. These sites may collect personal information from you that may be shared with us. 

This Privacy Policy will apply to any personal information we obtain in this manner. Despite this, we are not responsible for the content or practices of websites operated by third parties that are linked to our website. 

These links are meant for the user’s convenience only. Links to third party sites do not constitute sponsorship, endorsement or approval by us of the content, policies or practices of those third party sites. Once you have left our website via such a link, you should check the applicable privacy policy of the third party site.

Do we use cookies on our website or within the Virgin Money app?

Our website is designed to make it easy for you to find out about our products, to apply for them and to manage your money. 

To do this we use cookies, which are pieces of information that a website transfers to your computer’s memory or hard disk for record keeping purposes.

Cookies can help us make your experience of the website more relevant, and they can also help us learn about how people use our website (and therefore help make it better).

Certain sections within the Virgin Money App may also use cookies to manage our rewards hub.

Most web browsers are set to accept cookies, but you can always change your computer settings to stop them. If you choose to do that, you may not be able to take full advantage of our online services.

How do we store personal information?

We store your personal information (including credit information and credit eligibility information) in a number of ways including:

  • on secure servers including on cloud based services;
  • in electronic systems and devices;
  • in telephone recordings:
  • in paper files; and
  • document retention services off-site.

This may include storage on our behalf by third party service providers. See our comments below about how we protect your personal information.

Why do we exchange personal information with third parties?

We may sometimes exchange your personal information (including credit information and credit eligibility information) with other companies to deliver our products or services to you which may include dealing with complaints or marketing our own products.

The types of organisations to which we may disclose this information include other credit providers (particularly when you are seeking finance from them), loyalty or rewards providers that we partner with to provide our products and services, regulatory bodies and government agencies, courts and external dispute resolution schemes, your agents, including brokers or financial advisers, our agents, contractors and professional advisers who assist us in providing our services, your referees and guarantors, your or our insurers, and organisations that carry out functions on our behalf including mailing houses, data processors, researchers and analysts, system developers or testers, debt collectors, insurance administration and claim service providers, accountants, auditors and lawyers.

While we share your personal information with them, these partners are not able to disclose it to others or use it for purposes other than the delivery of Virgin Money products and services unless you have provided consent.

We may also disclose your personal information to third parties where you request us to or consent to us doing so or in order to fulfill our legal obligations. The information we provide to other organisations will be limited to what is required to provide the service or comply with the law. We don’t give your personal information to other companies for any other purposes not mentioned above e.g. marketing non Virgin Money products and services.

Exchange of information within the group.

We may also exchange information between members of the Bank of Queensland Group of Companies, including Virgin Money (Australia) Pty Limited and Virgin Money Financial Services Pty Ltd.

Exchange of information with overseas parties.

Some of the parties with which we exchange your personal information, including our partners, service providers and other third parties listed above, may be located outside Australia in countries including New Zealand, Thailand, China, Philippines, India, Singapore, the United States of America, United Kingdom, Spain, Israel and The Netherlands.

When we do disclose and/or store personal information overseas, we protect that information with various security measures and contractual safeguards.

Important information about the exchange of credit-related information with credit reporting bodies (CRBS)

If you apply for credit or offer to act as a guarantor, we may exchange certain credit-related personal information with CRBs. 

The types of information we may disclose to CRBs may include that we provide credit to you, the type of credit you hold, the amount of credit provided to you, when your credit account is opened and closed, how you repay your credit, that you have made payments on time or corrected a default, the fact that you have failed to meet your repayment obligations or that you have committed a serious credit infringement. CRBs may include that information in reports provided to credit providers like us to assist them to assess your creditworthiness. 

Under the Privacy Act, CRBs are also permitted to assist credit providers like us who wish to direct market to you by ensuring you meet certain specified criteria (called “pre-screening”). You have a right to request that CRBs not use your credit-related information for this purpose by contacting them using the details below. 

You also have a right to request that a CRB not use or disclose your credit-related information if you believe that you have been a victim of fraud (including identity fraud) by contacting them using the details below.

The CRB we exchange information with is:

Equifax Information Services & Solutions Ltd 

PO Box 964 North Sydney, NSW, 2059 

Phone: 1300 850 211 

Website: www.mycreditfile.com.au

Equifax’s Privacy Policy is located at www.equifax.com.au/privacy

You may obtain a copy of Equifax’s privacy policy at the above website or by contacting Equifax using the details provided.

Access and correction to your personal information.

We take reasonable steps to ensure that your personal information is accurate, complete and up-to-date. You may request access to the personal information we hold about you at any time by calling us on 13 81 51 or emailing us at privacy@virginmoney.com.au

Under certain circumstances, we may not tell you what personal information we hold about you or allow you to access that information, for example where the information relates to legal proceedings with you or where we are prevented by law from disclosing the information, or providing access would prejudice certain investigations.

If one of the exceptions applies, we will consider whether the use of an intermediary is appropriate and would allow sufficient access to meet the needs of both parties. Where we do grant access to your information, we may charge you a fee for accessing your personal information.

Under the Privacy Act, you also have a right to request that we correct information that you believe to be inaccurate, out of date, incomplete, irrelevant or misleading. If at any time you believe that personal information that we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please advise us by calling us on 13 81 51 or emailing us at privacy@virginmoney.com.au and we will take all reasonable steps to correct the information. You can ask us to associate with the information held, a statement from you claiming that the information is not correct. 

If there is a denial of access to your personal information or a dispute as to the correctness of any personal information held, we will provide you with reasons for the denial or its refusal to correct the personal information. If you disagree with our decision for the denial or refusal to correct the personal information, you may request that we review the decision via our complaints handling procedures which are outlined below.

Dealing with us anonymously or using a fake name.

We will generally need to know who you are in order to provide you with our products and services. 

Despite this, in some circumstances you are entitled to deal with us anonymously, or by using a pseudonym (fake name), for example when making general enquiries about the services we offer. 

In some circumstances, you may receive a better service or response if we know who you are. For example, we can keep you up-to-date and better understand a complaint you might have if we know who you are and the circumstances of your complaint. 

You must tell us when you are using a pseudonym when applying for our services. If we need to identify you, we will tell you whether or not your real name is required to access those services

What happens if our Privacy Policy changes in future?

This statement sets out our current Privacy Policy. It replaces any of our other Privacy Policies which have been issued before the date of this Privacy Policy.

We listen to the feedback our customers give us, and also what the broader public has to say about what we do. This informs how we develop new products and services, and also new ways of working. Because of this, our Privacy Policy may need to change from time to time. If it does, we'll notify you by publishing the new version on our website at virginmoney.com.au.

We encourage you to periodically review our Privacy Policy for any changes.

Contacting us.

We take privacy concerns seriously, and we’ll work to address any problems we become aware of. If you have any further questions or concerns about the way we manage your personal information, including if you think we have breached the Australian Privacy Principles, please call us on 13 81 51 or email us at privacy@virginmoney.com.au.

Virgin Money Australia, a division of Bank of Queensland Limited ABN 32 009 656 740 Australian Credit Licence/AFSL 244616.

How will a complaint be handled?

If you have a problem, complaint or dispute

Our Service commitment

At Virgin Money we are committed to providing our customers with innovative banking solutions and the best customer service experience. 

Resolution of problems is a priority for us. If at any time our service does not meet your expectations we would like you to let us know.

How to contact us

If you have a complaint, there are a number of ways to contact us:

How will your complaint be handled?

If we cannot solve your problem on the spot, we will let you know who is handling your complaint and how long it is likely to take for it to be resolved.

For further information about how we handle complaints, ask our friendly staff or download a copy of our Complaint Guide available on our website.

What to do if you feel your complaint has not been resolved

If you're unhappy with our response you can approach the Australian Financial Complaints Authority (AFCA). AFCA provides a free and independent complaint resolution service for financial services. To contact them you can:

  • Call: 1800 931 678 (free call)
  • Email: info@afca.org.au
  • Website: www.afca.org.au
  • Write to: GPO Box 3, Melbourne VIC 3001

You may also elect to contact the Office of the Australian Information Commissioner (OAIC) if you have a complaint about the way we handle your personal information at:

Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Call: 1300 363 992
Email: enquiries@oaic.gov.au
Website: www.oaic.gov.au