This is important information we need to share with you, so we recommend taking the time to read through the details so you can get up to speed. It's actually pretty interesting stuff!
If you are an Australian customer, the Policy explains how we collect your personal information, what we do with it, and, most importantly, how it's protected.
It all comes down to Virgin Mobile Australia being much more than just a phone company. Every day we're using personal information in innovative ways to provide great products and great service.
Virgin Mobile Australia is part of the Optus Group and we may share your personal information within the Optus Group. In this Policy, references to “we”, “us” and “our” are references to both Virgin Mobile Australia and the Optus Group.
Why we collect personal information
We collect personal information from you and in relation to your activities when it is reasonably necessary for a business purpose.
This means we collect it to supply you with the products and services you have asked for and to provide you with the best possible service.
Other reasons we collect personal information are to:
- Understand you, and how we can meet your needs now and in the future
- Develop or evaluate products
- Make ads more relevant to you, whether they're about our products or those of other companies
- Manage our business
- Comply with our legal obligations
- Provide listings in third party directories
- Analyse usage and statistical information
The type of information we collect
Generally, we collect personal information like your name, address, date of birth, gender, occupation, interests, location, contact details, payment details, financial information, and information about how and where you purchase and use our products.
There are a few different ways we collect this information.
What we collect straight from you
Most of the personal information we collect, such as your name and address, we collect directly from you. For example, you might fill out a form online or in a store, or give it to one of our representatives on the phone, or engage with us on social media.
Of course, you can choose not to provide your personal information or may just want to deal with us anonymously. If this happens, we may not be able to provide you with the product you've asked for or give you the level of service you expect.
What we collect while you are with us
We also collect personal information and de-identified information during our relationship with you. For example, we may collect personal information:
- When you pay your bill or purchase products
- When you use our products, apps, self-service channels
- When you join or use our rewards programs
- When and where you use our networks and services
We are authorised to collect information about the contents and substance of the communications we carry by Division 3, Part 13 of the Telecommunications Act 1997 (Cth).
All telecommunications providers, including Optus, now have an obligation to retain certain network data and customer information (called 'metadata') for a period of at least two years for use by criminal law enforcement agencies. Network data has always been collected so that we can run our network properly, and it is now being retained for two years to meet the government requirement. We also collect customer information and retain it for at least 2 years. Please consult https://www.ag.gov.au/dataretention for more information on what we are required to retain and why.
What we collect from your online activity
- Site performance identifiers: these give us information about how our websites or apps are used. If you access our services from a mobile or other device, this may include your device ID, device and software characteristics (such as type and configuration), geolocation data, and connection information.
- Analytics cookies: we use these to gather statistics about our site and apps. For example, they help us monitor how many users are on the site or app, and what sections are most popular
- Advertising cookies: we use these cookies to improve our understanding of the kind of advertising that may be relevant to your aggregated segment.
It's important to know you can clear cookies or digital identifiers from your device and also disable future use of them by changing the security settings on your web browser or in apps. However, doing this might mean that parts of our websites and apps may not work as they should.
We also use system information arising from your use of our services for de-identified statistical analysis.
What we collect from others
Other people or entities might give us personal information about you. For example, we might be given personal information by your parent or guardian if you are under 18.
We may also collect personal information from other companies that are able to disclose it to us, if it's not practical to collect it from you. For example, we buy or obtain personal information from trusted sources to help us identify people who might be interested in hearing about our products.
We will take reasonable steps to make sure you know we have your personal information, how we got it and how we'll handle it.
Your credit situation
We collect some types of personal information to assess your credit situation when you apply for certain services. For more details, see the section on 'Credit related information' further below.
Insights from analytics and research
We may aggregate and process personal information and de-identified system information to generate new insights about the Optus network, products and customers. An example of such an insight is that a particular type of phone plan is popular in a specific region of Queensland.
These insights are about overall patterns, and by applying privacy protection and aggregation techniques, the Optus Group ensures that these insights will not identify you.
We use these insights to make better business decisions, and to provide you with better products and services.
Sensitive personal information
When we talk about sensitive information, we mean things like biometric information, such as your fingerprint or voiceprints. Sensitive information could also refer to details about your race, ethnicity, politics, religious or philosophical beliefs, sexual preferences, health, genetics or criminal record.
There may be times when you choose to provide us with your sensitive information. With your agreement, we might also collect biometric information for use with new technologies like voice or fingerprint recognition. This could happen as technology changes and evolves over time.
Remember, this kind of information will only be collected with your permission, and we will only use it for the purpose for which you provided it.
Who we work with
We work with a number of other companies, and in certain circumstances may share personal information with them.
The Optus Group
Different companies within the Optus Group provide different services. The Optus Group includes our parent company SingTel, SingTel Optus Pty Ltd and their subsidiaries.
Parties we work with
We sometimes team up with other companies to offer products. If you purchase a product that is delivered by one of our partners, we'll give them the personal information they need to provide it and manage their relationship with you. In these circumstances, we have arrangements in place with our partners that limit their use or disclosure of your personal information to these purposes.
We work with third parties and provide limited data to assist them to provide services to banks and other entities to help fight financial fraud.
We also team up with other Virgin branded companies ("Virgin Family") such as Virgin Australia Airlines Pty Ltd, Velocity Frequent Flyer Pty Limited and their subsidiaries. For example, if you are also a Velocity Frequent Flyer member and have provided your member number to us, we may share your personal information with Velocity so we can enrich any profile that we have about you, gain further insights about you, and ensure that our products remain relevant to you.
Outsourcing and third parties
Virgin Mobile Australia and the Optus Group work with third parties to provide some types of sales, business and customer support. They may have access to systems that include your personal information. These companies are subject to strict controls that protect your information from unauthorised use or disclosure, and limit their access to your personal information to the extent necessary to do their job.
In order to provide device assessment, repair or replacement services, we may sometimes need to send your device to a repair centre or the device manufacturer. You should always ensure that you back up your device and do a factory reset before you provide us with your device for any reason, so that it no longer contains your personal information.
Access to personal information from overseas
We work with a number of companies which are located overseas. These companies are involved in providing services like data storage, data analysis, targeted advertising and reporting, and customer and technical support. We only give them secure access to personal information they need to do their job. The countries and regions in which they are located include Singapore, India, Philippines, USA, Canada, the European Union (including the UK), the Bailiwick of Jersey, Mexico, Malaysia, Japan, Israel and New Zealand.
The Optus Group maintains effective control of your information at all times, including by ensuring that parties located overseas are subject to strict controls that limit access and subsequent handling of your information to the extent strictly necessary to perform the relevant function and protect your information from unauthorised use and disclosure.
When you engage with us through social media platforms such as Facebook or Twitter, we may need to collect and disclose personal information through these platforms in order to respond to your inquiry.
In some circumstances, we may need to refer or sell overdue debts to debt collectors or other companies. If we do this, we'll give them secure access to the personal information they need to handle the debt.
We may also update credit reporting agencies about some types of payment defaults, although we'll always tell you before we do this.
Legal obligations and other privacy exceptions
We give access to personal information where we are permitted or obliged to do so by Australian law. For example, in some circumstances we will use or disclose personal information to react to unlawful activity, serious misconduct, or to reduce or prevent a serious threat to life, health or safety. We are obliged to cooperate with law enforcement bodies in some circumstances. We may disclose personal information, including information about phone calls and service use, when we receive an access request or warrant that is authorised under Australian law.
We also give information about some of our telephone products to the Integrated Public Number Database, where it's used to do things like assist with the dispatch of emergency services and for directory publishing (if relevant). We may also provide your geolocation information directly to emergency services (i.e. 'triple 0') when you call them on your mobile.
You should always ensure the details that we have for you are up to date, and accurate. For example, you should contact us if you move to a new house. We will then update the IPND with your new details.
We will only disclose personal information to others if you've given us permission, or if the disclosure relates to the main reason we collected the information and you'd reasonably expect us to do so.
Everyone hates being bombarded with ads for things they don't need or have any interest in. We may use your personal information, or engage third parties who collect information about you from publicly available sources, to deliver advertising that is customised or more relevant to your interests, characteristics or general location. This doesn't necessarily mean you'll get more advertising. It just means that the advertising that you see will hopefully be more relevant to you.
In order to carry out targeted advertising to your aggregated segment, we may build a user and/or device profile by:
- Using personal information and de-identified system information that we hold.
- Collecting information through cookies or digital identifiers. This includes publicly available advertising identifiers provided by mobile operating systems like iOS and Android, which you can reset by using the setting on your device.
- Engaging third parties who provide us with information about you collected from publicly available sources or from their own databases.
We may enhance our user and/or device profiles by working with third parties, and using device matching technologies. This technology uses your mobile device advertising identifier, as well as cookies, to try and match you with devices that you may be using.
We may also work with third parties and use technologies that rely on cookies, to recognise visitors to our website, and better deliver targeted advertising.
Advertising our products
We advertise by mail, phone, email, text, and online via the internet and in apps.
Advertising other products
We may also work with other companies to advertise their products online. We don't give them access to your personal information when we do this. Instead, we work with them to understand the type of audience they want to advertise to, and deliver the ad for them.
We'll make sure that any marketing emails, texts and letters we send you clearly tell you how to opt out, or you can tell our phone staff.
You can opt out of receiving online relevant advertising material at any time, usually by clicking on the symbol displayed on an online ad. You can also do so by calling us on 1300 555 100.
If you opt out, you can choose to opt out of particular direct marketing, or all direct marketing. Of course, there are some types of marketing we can't control on an individual basis, like general letterbox drops or online ads that are not targeted specifically to you.
We will continue our direct marketing activities with you until you opt out, even if you no longer have a service with us.
Credit related information
We collect and use personal information to verify your identity and assess your credit situation when you apply for some products. For example, we generally do a credit assessment before you take a product with a monthly billing account.
We might ask you for information about yourself and things like your employment details and credit history, and then seek a credit report from a credit reporting agency.
We'll always tell you before we seek a credit report, and we won't get one if you're under 18.
The credit report provided by a credit reporting agency may include information like your employment history, previous credit checks, any problems you've had paying bills and whether those issues were resolved. We use this information to assess whether we're entering into an arrangement that is sensible for both you and us.
After you become a customer, we store the crucial bits of information from the credit report and our own credit assessment. We may continue to use this information, or add to it using your history with us, to manage credit and future credit applications, and to make sure we're offering and providing the right services to you.
We don't use credit related information to generate marketing lists. We work with customer service partners inside and outside Australia on credit related matters. Where necessary, we give our partners access to the credit information they need to help manage credit and your services.
You can get access to credit related information we hold about you, ask us to correct it, or make a complaint, as described elsewhere in this policy. If we agree that our records need to be corrected, and we've previously disclosed that information to a credit reporting agency or other person, we'll tell them about the correction too.
You can ask the credit reporting agencies not to use or disclose the information in their files if you think you have been or are likely to become a victim of fraud.
You can find out more about the credit reporting agencies we work with at www.equifax.com.au and www.dnb.com.au. Their websites give their contact details and their policies about the management of your personal information.
Security is serious. We're committed to protecting your personal information.
Some of the security measures we use include:
- Firewalls and access logging tools that protect against unauthorised access to your data and our network
- Secure work environments and workflow systems that prevent unauthorised access and copying of your personal information
- Secure server and closed network environments
- Encryption of data in transit
- Virus scanning tools
- Management of access privileges, to ensure that only those who really need it can see your personal information
- Ongoing training and security reviews
These measures are robust, but security risks do change. We will remain vigilant in our efforts to protect your personal information.
How to access your personal information
If you ask us, we will usually give you access to the personal information we hold about you. We will always confirm your identity before giving access to your personal information.
You can ask for access by calling us on 1300 555 100. It will really help if you tell us what you're looking for.
There are circumstances under Australian privacy laws where we may not give you access to the personal information we hold about you. For example, we can't give you access if it would unreasonably affect someone else's privacy or if giving you access poses a serious threat to someone's life, health or safety.
There is generally no cost for accessing the personal information we hold about you, unless the request is complex or resource intensive. If there is a charge, it will be reasonable and we will let you know what it is going to be so that you can agree to it before we go ahead.
Quality of personal information
We aim to keep the personal information we hold about you accurate, up-to-date and complete. If you think our records need to be corrected, please call us on 1300 555 100.
We encourage you to update your details with us so we can deliver better service to you, and so the others we work with (like emergency services) have access to the information they need to do their job.
Getting in touch
We recognise that your personal information is important to you, so please let us know if you have any questions or concerns about this policy or our practices.
Here's the date, section and description for each change to the policy above since it was first published in its current form on 6 March 2014:
6 March 2016 - ADVERTISING - update about how you can opt-out of some types of online ads.
10 April 2017 - THE TYPE OF INFORMATION WE COLLECT - update relating to changes to the Telecommunications (Interception and Access) Act and obligation to retain metadata.
17 May 2017 - VARIOUS:
- Rearranged information to better explain the Optus Group's role in providing directory listings
- Clarified the information that Virgin Mobile and the Optus Group collects while a customer is with us
- Included a section on how insights from analytics and research may be used
- Included information on Virgin Mobile and the Optus Group's arrangements when providing device assessment, repair or replacement service
- Amended language to describe targeted advertising arrangements
- Included information on how Virgin Mobile works with other companies in the Virgin Family
21 July 2017 - THE TYPE OF INFORMATION WE COLLECT and ADVERTISING:
- General update to clarify the type of information that we collect, and how it is used
- Advising about the sort of information we may disclose to emergency services, and when this will occur
- Included information about how the we may use aggregated insights from analytics and research
- Updated 'Advertising' section to clarify the information that we use to carry out targeted advertising
22 June 2018 – VARIOUS:
- Updated countries where companies that Optus works with will likely be located.
- Updated information about how we work with Social media
- Updated information about how we work with directories and the IPND
- Updated information about how we use credit information
- Included information about efforts to fight financial fraud