Skip to main content

Privacy Policy


Challenger Bank Limited ABN 54 087 651 750 (‘Challenger’, 'we', 'us', 'our') is bound by the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) (Privacy Act).  We are also bound by Division 3 of Part IIIA of the Privacy Act, which regulates the handling of credit information, credit eligibility information and related information by credit providers; and the Credit Reporting Privacy Code.

This Privacy Policy outlines how we deal with your personal information (including credit-related information), as well as our legal obligations and rights as to that information.  If we agree with you to use or disclose any of your personal information in ways which differ to those stated in this Privacy Policy, the provisions of that agreement will prevail to the extent of any inconsistency.  

Key types of information 

Certain words have special meanings when used in this Privacy Policy. These are shown below. 

"Personal information" means information or an opinion about an individual who is identified, or who can reasonably be identified, from the information. Although we try to make sure that all information we hold is accurate, "personal information" also includes any inaccurate information about the individual. 

"Credit eligibility information" means information that has been obtained from a credit reporting body, or that has been derived from that information, that is about an individual's credit worthiness. 

"Credit information" means personal information that includes the following: 

  • information about an individual, like their name and address, that we may use to identify that individual 
  • information about an individual's current or terminated consumer credit accounts and, an individual's repayment history 
  • the type and amount of credit applied for in any previous consumer or commercial credit applications to any credit provider, where that credit provider has requested information 
  • information about an individual from a credit reporting body
  • information about consumer credit payments overdue for at least 60 days and for which collection action has started 
  • advice that payments that were previously notified to a credit reporting body as overdue are no longer overdue 
  • information about new credit arrangements an individual may have made with a credit provider, in relation to consumer credit currently or previously held, to deal with any defaults or serious credit infringements by that individual 
  • information about court judgments which relate to credit that an individual has obtained or applied for 
  • information about an individual on the National Personal Insolvency Index 
  • publicly available information about an individual's credit worthiness, and  
  • an opinion of a credit provider that an individual has committed a serious credit infringement of credit provided by that credit provider. 

“Related Body Corporate” means ‘Challenger Limited ABN 85 106 842 371 and its related entities. 

We may not hold all of these kinds of information about a particular individual. However, if we hold any of these kinds of information, it is protected as "credit information" under this Privacy Policy.  

"Credit-related information" means credit information, credit eligibility information and related information. 

Wherever possible, we will collect personal information (including credit information) directly from you. This information will generally come from what you provide in your application for one of our products or services and supporting documentation.   

We only ask for personal information relevant to our business relationship with a customer. When you apply for one of our products or services, we may request: 

  • identifying information, like your name, address and other contact details and your date of birth 
  • information about your financial position, like your income, expenses, savings and assets and any (other) credit arrangements 
  • your employment details 
  • your tax file number, and
  • your reasons for applying for a product or service. 

We may also collect personal information (including credit-related information) about you from related bodies corporate; third parties, such as any referees that you provide, your employer, other credit providers and third party service providers including credit reporting bodies.  Credit reporting bodies collect credit information about individuals which they provide as credit reports to credit providers and others in the credit industry to assist them in managing credit risk, collecting debts and other activities. You can also ask a credit reporting body, through contact details on their website, not to use or disclose your personal information if you believe on reasonable grounds that you have been or are likely to be a victim of fraud, including identity fraud. 

Some information is created through our internal processes, like credit eligibility scoring information. 


We may use your personal information (including credit-related information) for the purpose of providing products and services to you and managing our business. This may include: 

  • assessing and processing your application for the products and services we offer 
  • establishing and providing our systems and processes to provide our products and services to you
  • ensuring the target market determinations made for our products are appropriate
  • ensuring distribution of our products is in accordance with the target market determinations we've made 
  • executing your instructions 
  • charging and billing 
  • uses required or authorised by law 
  • maintaining and developing our business systems and infrastructure 
  • research and development
  • collecting overdue payments due under our credit products
  • managing our rights and obligations regarding external payment systems, or direct marketing, and
  • for any purpose for which you have given your consent.

Where you are a customer of any of the entities owned by our related body corporate, we may use personal information collected from Challenger to confirm eligibility for exclusive Challenger promotional offers and to pre-populate relevant application forms. In general, we do not use or disclose your personal information (including credit-related information) for a purpose other than: 

  • a purpose set out in this Privacy Policy 
  • a purpose you would reasonably expect 
  • a purpose required or permitted by law, or 
  • a purpose otherwise disclosed to you to which you have consented.  


We may disclose your personal information (including credit-related information) to other organisations, for example:

  • our related companies
  • external organisations that are our assignees, agents or contractors
  • external service providers to us, such as organisations which we use to verify your identity, payment systems operators, mailing houses and research consultants
  • insurers and re-insurers, where insurance is provided in connection with our services to you
  • superannuation funds, where superannuation services are provided to you
  • other financial institutions, for example, when you apply for a loan from another credit provider and you agree to us providing information
  • credit reporting bodies, including disclosing that you are in default under a credit agreement or commit a serious credit infringement, if that is the case
  • lenders' mortgage insurers, where relevant to credit we have provided
  • debt collecting agencies, if you have not repaid a loan as required
  • our professional advisors, such as accountants, lawyers and auditors
  • state or territory authorities that give assistance to facilitate the provision of home loans to individuals
  • certain entities that have bought or otherwise obtained an interest in your credit product, or that are considering doing so, and their professional advisors
  • your representative, for example, lawyer, broker, financial advisor or attorney, as authorised by you
  • if required or authorised by law, to government and regulatory authorities, or
  • where you have given your consent for us to share it with them.

We will take reasonable steps to ensure that these organisations are bound by sufficient confidentiality and privacy obligations with respect to the protection of your personal information. 

Sensitive information 

Where it is necessary to do so, we may collect personal information about you that is sensitive.  Among other things, sensitive information includes information about an individual's health, and membership of a professional or trade association. 

Unless we are required or permitted by law to collect that information, we will obtain your consent.  

Refusal of credit applications 

We may refuse an application for consumer credit made by you individually or with other applicants. Our refusal may be based on credit eligibility information obtained from a credit reporting body about either you, another applicant or another person proposed as guarantor. In that case, we will give you written notice that the application has been refused on the basis of that information. We will tell you the name and contact details of the relevant credit reporting body and other relevant information.  


We take all reasonable steps to ensure that your personal information (including credit-related information), held on our website or otherwise, is protected from:

  • misuse, interference and loss, and  
  • unauthorised access, disclosure or modification.   

We ask you to keep your passwords and personal identification numbers safe, in accordance with our suggestions.  

When we no longer require your personal information (including when we are no longer required by law to keep records relating to you), we take reasonable steps to ensure that it is destroyed or de-identified. 


This section explains how we handle personal information and credit information collected from our website. If you have any questions or concerns about transmitting your personal information via the internet, you may contact our Privacy Officer, whose details are in paragraph 14 of this Privacy Policy, as there are other ways for you to provide us with your personal information. 

Visiting our website 

Anytime you access an unsecured part of our website, that is, a public page that does not require you to log on, we will collect information about your visit, such as: 

  • the time and date of the visit
  • any information or documentation that you download
  • your browser type, and
  • internet protocol details of the device used to access the site. 

Our website may include a number of calculators, which may require you to enter your personal details. If you save the data you enter on the calculator, this information will be stored. 


A "cookie" is a small text file which is placed on your internet browser and which we may access each time you visit our website. When you visit the secured pages of our website (i.e. pages that you have to provide login details to access) we use cookies for security and personalisation purposes. When you visit the unsecured pages of our website (i.e. public pages that you can access without providing login details) we use cookies to obtain information about how our website is being used. You may change the settings on your browser to reject cookies, however doing so might prevent you from accessing the secured pages of our website. 


When we receive emails, we will retain the content of the email and our response to you where we consider it necessary to do so. Your email address will only be used or disclosed for the purpose for which it was provided. It will not be added to any mailing lists or used for any other purpose without your consent. 


We use up-to-date security measures on our website to protect your personal information and your credit information. Any data containing personal, credit or related information which we transmit via the internet is encrypted. However, we cannot guarantee that any information transmitted via the internet by us, or yourself, is entirely secure. You use our website at your own risk. 

Links on our website

Our website may contain links to third party websites. The terms of this Privacy Policy do not apply to external websites. If you wish to find out how any third parties handle your personal information or credit information, you will need to obtain a copy of their privacy policy.  


You may request access to the personal information (including credit-related information) that we hold about you at any time from our Privacy Officer whose details are in paragraph 14 of this Privacy Policy. 
We will respond to your request for access within a reasonable time.  If we refuse to give you access to any of your personal information, we will provide you with reasons for the refusal and the relevant provisions of the Privacy Act that we rely on to refuse access. You can contact our Privacy Officer if you would like to challenge our decision to refuse access. 

We may recover the reasonable costs of providing access to requested personal information.  


We take reasonable steps to make sure that the personal information (including credit-related information) that we collect, use or disclose is accurate, complete and up-to-date. However, if you believe your information is incorrect, incomplete or not current, you can request that we update this information by contacting our Privacy Officer whose details are in paragraph 14 of this Privacy Policy. 


We may use your personal information, including your contact details, to provide you with information about products and services, including those of third parties. We may also provide your details to other organisations such as business or loyalty partners for specific marketing purposes which we consider may be of interest to you.

We will consider that you consent to this, unless you opt out. You may opt out at any time if you no longer wish to receive marketing information or do not wish to receive marketing information through a particular channel, like email.  In order to do so, you will need to request that we no longer send marketing materials to you or disclose your information to other organisations for marketing purposes.  You can make this request by contacting our Privacy Officer whose details are below, or by 'unsubscribing' from our email marketing messages, which always include an unsubscribe option. 

To help us reach the right people with our credit direct marketing, we may ask a credit reporting body Equifax at to "pre-screen" a list of potential recipients of our direct marketing against our eligibility criteria to remove recipients that do not meet those criteria. The credit reporting body cannot use information about your existing loans or repayment history in carrying out its pre-screening and it must destroy its pre-screening assessment once it has given us, or a contractor acting on our behalf, the list of eligible recipients. If you do not want your credit information used for pre-screening by a credit reporting body that holds credit information about you, you can opt-out by informing that credit reporting body, whose contact details are on their website above. 

We may also share your data for preventing or investigating any actual or suspected fraud, unlawful activity or misconduct.

Changes to the Privacy Policy

We may make changes to this Privacy Policy from time to time (without notice to you) that are necessary for our business requirements or the law. Our current Privacy Policy is available on our website. 

Questions and complaints 

If you have any questions, concerns or complaints about this Privacy Policy, or our handling of your personal information (including credit-related information), please contact our Privacy Officer whose details are in paragraph 14 of this Privacy Policy. You can also contact the Privacy Officer if you believe that the privacy of your personal information has been compromised or is not adequately protected.

Once a complaint has been lodged, the Privacy Officer will respond to you as soon as possible. We will aim to deal with your complaint at the source of your complaint. If you are not satisfied with the response you receive, please let us know and our Company Secretary will investigate further and respond to you. 
If you are still not satisfied, you can contact an external body that deals with privacy complaints. This is Australian Financial Complaints Authority which is our external dispute resolution scheme, or the Federal Privacy Commissioner. Either of these bodies may forward your complaint to another external dispute resolution body if it considers the complaint would be better handled by that other body.  

Australian Financial Complaints Authority 
Post: GPO Box 3 MELBOURNE VIC  3001
Telephone: 1800 931 678

Office of the Information Commissioner 
Post: GPO Box 5218 Sydney NSW 2001 
Telephone: 1300 363 992 

Privacy Officer  

Our Privacy Officer's contact details are: 
Post: PO Box 297, Flinders Lane, Melbourne VIC 8009
Telephone:  1300 221 479

Privacy Principals





Open and transparent management of personal information

Ensures that APP entities manage personal information in an open and transparent way. This includes having a clearly expressed and up to date APP privacy policy.


Anonymity and pseudonymity

Requires APP entities to give individuals the option of not identifying themselves, or of using a pseudonym. Limited exceptions apply.


Collection of solicited personal information

Outlines when an APP entity can collect personal information that is solicited. It applies higher standards to the collection of sensitive information.


Dealing with unsolicited personal information

Outlines how APP entities must deal with unsolicited personal information


Notification of the collection of personal information

Outlines when and in what circumstances an APP entity that collects personal information must tell an individual about certain matters.


Use or disclosure of personal information

Outlines the circumstances in which an APP entity may use or disclose personal information that it holds.


Direct marketing

An organisation may only use or disclose personal information for direct marketing purposes if certain conditions are met.


Cross-border disclosure of personal information

Outlines the steps an APP entity must take to protect personal information before it is disclosed overseas


Adoption, use or disclosure of government related identifiers

Outlines the limited circumstances when an organisation may adopt a government related identifier of an individual as its own identifier, or use or disclose a government related identifier of an individual.

APP 10

Quality of personal information

An APP entity must take reasonable steps to ensure the personal information it collects is accurate, up to date and complete. An entity must also take reasonable steps to ensure the personal information it uses or discloses is accurate, up to date, complete and relevant, having regard to the purpose of the use or disclosure.

APP 11

Security of personal information

An APP entity must take reasonable steps to protect personal information it holds from misuse, interference and loss, and from unauthorised access, modification or disclosure. An entity has obligations to destroy or de-identify personal information in certain circumstances

APP 12

Access to personal information

Outlines an APP entity’s obligations when an individual requests to be given access to personal information held about them by the entity. This includes a requirement to provide access unless a specific exception applies

APP 13

Correction of personal information

Outlines an APP entity’s obligations in relation to correcting the personal information it holds about individuals.



Comprehensive Credit Reporting

Credit reporting laws have been updated, allowing us to share more of your credit information with credit reporting bodies.

Comprehensive Credit Reporting (CCR), also known as positive credit reporting, is being introduced across a number of financial institutions in Australia.

Over time, your credit report will provide a more accurate assessment of how you manage credit. In turn, this helps us to continue to meet your needs whilst lending responsibly and ultimately helping you to secure your financial wellbeing.

You can also read about credit reporting more broadly at CreditSmart, Australia's Retail Credit Association website.


*All depositors are protected by the Government guarantee. For further details, please refer

This information is intended to be general only and has been prepared without taking into account your objectives, financial situation or needs. Because of that, you should consider its appropriateness, having regard to your objectives, financial situation and needs before acting on any such information. You should obtain and consider the relevant Target Market Determination (TMD), General Terms, Product Disclosure Statement (PDS), Fees and Charges Schedule and Interest Rate Schedule before making a decision about whether to acquire or continue to hold the relevant product.

Issued by Challenger Bank Limited (ABN 54 087 651 750, AFSL/Australian Credit Licence 245606) which is an authorised deposit-taking institution (ADI) regulated by the Australian Prudential Regulation Authority. Challenger Bank Limited is a part of the group of companies constituted by Challenger Limited and its subsidiaries (Challenger Group). No other entity in the Challenger group apart from Challenger Bank Limited is an ADI, and that entity's obligations does not represent deposits or other liabilities of Challenger Bank Limited. Challenger Bank Limited does not guarantee or otherwise provide assurance in respect of the obligations of that entity, unless noted otherwise.