At Challenger, we understand your concerns about privacy and the security of your personal information. Your privacy is important to us and we are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles ('APPs'). We are committed to protecting the personal information that we hold about you.
1. What personal information is collected?
Challenger collects personal information that is reasonably necessary for us to provide you news, updates and invitations (if you are opted in to receive this information), provide financial products and services and to administer these products. The kind of personal information we collect and hold will depend upon the type of information, products and services that you request from us and may include:
- information you give us when you request a product or service from us. This information may include your name, date of birth, address, contact details and relevant identification documents;
- communications between us and your financial, legal or other adviser, or your broker, agent or platform provider (if you have purchased a Challenger annuity via a platform)
- communications between us and associations that you are a member of and with which we have an affiliation;
- transactional information about the use of a product if you have or had a product with us;
- financial information about you such as your financial position and information obtained from credit checks if you have authorised us to carry out those checks;
- in some cases sensitive information obtained with your consent (e.g. if you are applying for the CarePlus Annuity, we require confirmation that you are eligible to receive government-subsidised aged care services) or otherwise where required or permitted by law (e.g. in relation to anti-money laundering);
- your name, contact detail, identity documents and date of birth where a policy holder has listed you as a beneficial owner or other related party in connection with that policy (i.e. a nominated beneficiary or a reversionary under a policy or as the policy holder's attorney);
- if you are a financial adviser or other authorised representative of a customer, your name, contact details and any other information you provide when communicating with us in relation to our products and services, or in connection with a mutual customer;
- information (including your name, email address, phone number, post code and any other information as specified at the point of collection) you give us when you agree to receive updates and marketing material from us; and
- information regarding your website interaction with us (i.e. the sections or features of our website that you have visited or used). Challenger will not be able to identify you unless you are a registered user of the relevant Login site (AdviserOnline or InvestorOnline). See the 'Use of our website' section of this policy for further information.
2. How is personal information collected?
Challenger usually collects your personal information in a number of ways including:
- directly from you (including via your financial, legal, or other adviser, or your broker or agent), such as when you provide the information by phone, email or in an application form or an online form (such as a quoting tool, signing up to newsletters or downloading educational material), or when you access a user account for one of our login sites (AdviserOnline or InvestorOnline), or when you participate in a survey, promotion or competition;
- from other Challenger group companies where permitted by law;
- from policy holders where they have listed you as a beneficial owner or other related person in connection with the investment (i.e. a nominated beneficiary, reversionary or an individual granted power of attorney) and have provided us with your name, date of birth and contact details);
- from third parties such as your financial adviser, platform provider, lawyer or other agents or credit reporting agencies, credit providers, or identity verification service providers, if you authorise us to do so; and
- from publicly or commercially available sources for the purpose of complying with customer due diligence obligations under relevant legislation (e.g. anti-money laundering laws).
3. What if you do not provide certain information?
If you provide us with incomplete details on a contact form or application, we may not be able to provide you with the information, product, or service until you provide the details we require.
If you do not provide us with all relevant identity verification documents, or adequately satisfy electronic identity verification requirements, we may not be able to provide you, or continue to provide you with a product or service.
If you choose not to disclose your Tax File Number ('TFN'), TFN exemption or Australian Business Number ('ABN'), we may have to deduct tax at the highest marginal rate (plus the Medicare levy) from distributions or income payments made to you. If you are a foreign tax resident and you have not provided us with information we have requested about your tax residency (i.e. your Tax Identification Number or similar number issued by the relevant foreign tax authority), we may not be able to process your request, or we may be required to notify the Australian Taxation Office (ATO).
If you choose not to disclose your account details or correctly answer verification questions, we may not be able to process the transactions you request or allow access to our online services.
4. How do we use and disclose your personal information?
Challenger may collect, use and disclose your personal information for the primary purpose of providing the information, products and/or services requested, as well as for related purposes such as:
- to verify your identity or transactions which you may enter into with us (including the identities of third parties connected with your product/service application, such as beneficiaries and beneficial owners, where applicable);
- to process your applications for our products and services;
- to administer and manage the provision of our products and services;
- to respond to queries, complaints or to provide you with our general customer services;
- to provide your nominated financial adviser or other agent with details of your investment;
- to confirm your membership of an association with which we have an affiliation;
- to provide you with updates and marketing material, including offers of other Challenger products or services and to improve and personalise our products and services;
- to provide you with offers from organisations with whom we have an alliance;
- to comply with laws and regulatory requirements, including anti-money laundering, financial services and taxation laws, or complying with any request made by a governmental authority in connection with legal proceedings or the prevention or detection of fraud and crime;
- to comply with Challenger's risk management policies and procedures;
- to conduct product and market research;
- to train our staff;
- to provide a seamless online experience and to provide you with control of your personal information and easy access to it;
- if applying for employment with Challenger, to complete appropriate background checks; or
- if attending our offices in person, to assist Challenger in providing a safe and secure environment for employees and visitors.
We may disclose your personal information to:
- your financial, legal or other adviser, or your broker, agent or platform provider;
- a financial institution with whom we have a branding arrangement with;
- professional service firms that provide services to us, such as, legal, and audit, or data/information services;
- electronic identity verification service providers, in order for identity information (about you or related persons connected with your investment) to be verified against relevant government and other databases, for the purpose of complying with anti-money laundering laws;
- our related companies; or
- organisations with which we have an association and you are a member, and otherwise in accordance with this policy and the APPs.
5. Overseas transfer of personal information
Challenger does not disclose personal information to persons or entities in foreign countries.
In some cases, Challenger may utilise 'Cloud' storage solutions for data storage purposes, and the relevant servers may be located overseas. Please see the 'Storage and security of information' section of this policy for further details.
Likewise, in some cases, personal information may be used (or accessed) by third party service providers located overseas to perform administrative functions in relation to your annuity. This may occur where you have purchased your annuity via a platform provider that is supplying administrative services to Challenger (and the platform provider is using a third party administrator located overseas to perform certain administrative tasks in relation to investors using the platform). In such cases, Challenger will review these arrangements to ensure appropriate security protections are in place to protect the personal information of its annuitants.
6. Use of service providers
We may contract out some of our administrative and support functions such as mailing, settlement services, product administration services, document and data storage, background checking, online identity validation or identity verification services to external service providers from time to time. Only information necessary for the service provider to carry out their function will be provided and will be subject to confidentiality clauses in the relevant services agreement.
7. Keeping us up-to-date
Personal information such as your contact details may change from time-to-time and we ask that you keep us informed of any changes by notifying us. Where you have previously provided information about another person related to your investment (such as a beneficial owner, beneficiary or reversionary) and the information is no longer current, you must provide up-to-date information.
Changes to some details, such as a change of name, may require additional documentation to verify the change. Additionally, some changes may be required to be made on a specific form (such as a change of bank account from which direct debits are deducted). Challenger is unable to change any account details through email. To change your contact information please download and complete the Change of details form (or go to 'Our Products' then select 'Forms').
Please see the 'Contacting us' section of this policy if you would like to request an update to the personal information we hold about you or your nominated beneficiary or reversionary.
8. Storage and security of information
Challenger stores your personal information in a combination of hard copy and electronic records. These are held on our premises and systems as well as offsite using trusted third parties.
We take reasonable steps to protect personal information from loss, interference or misuse, and unauthorised access, modification, or disclosure, such as:
Training our staff on how to protect your personal information.
When we engage third parties to handle or store data, we put in place arrangements to protect your information.
When you access our login websites, we encrypt data sent from you to our systems to prevent unauthorised access.
We use firewalls, intrusion detection and virus scanning tools to prevent viruses and third parties from accessing our systems.
When we send your electronic data to other organisation, we use secure networks or encryption
We employ physical security measures, such as alarms, cameras, guards and other controls to prevent unauthorised access.
Where personal information is no longer required to be retained, we will take such steps as are reasonable in the circumstances to de-identify the information or put it beyond use.
Generally, Challenger will provide you with access to your personal information that we hold, unless a particular exception applies, such as where:
- it would be unlawful to provide the information;
- providing access would be likely to prejudice an investigation of possible unlawful activity;
- the information is relevant to legal proceedings and would not be accessible in the normal discovery process;
- giving access would have an unreasonable impact on the privacy of other individuals;
- it would pose a serious and imminent threat to the life or health of any individual; or
- the request is frivolous or vexatious
If a request for access would divulge a commercially sensitive decision-making process, then Challenger may provide an explanation rather than direct access to the information.
Please see the "Contacting us" section if you would like to make an access request to the personal information we hold about you.
If we become aware that the personal information we hold about you is inaccurate, incomplete, misleading or irrelevant, then we will take reasonable steps to amend it. If we receive a request from you to correct your information, then we will seek to correct it within 30 days. If you and Challenger disagree about the accuracy, completeness or currency of our records, then you have the right to request that we note your disagreement on those records.
Please see the 'Contacting us' section of this policy if you would like to request an update to the personal information we hold about you.
Challenger does not use any government-issued identifiers (such as TFNs, Medicare numbers and Drivers Licence numbers) for use as its own identifier for individuals. Instead, Challenger issued numbers such as investor numbers and account numbers are used to identify individuals and the Challenger products and services they obtain.
12. Anonymity and pseudonymity
Given legal requirements on financial institutions to identify their customers, in most situations Challenger is unable to allow you to transact with it on the basis of anonymity (including the use of pseudonym). Access to the Challenger public website and some other interactions with Challenger may be done anonymously, or in the case of general enquiries, using a pseudonym. However, we may not be able to respond to your queries unless you provide us with certain information.
13. Direct marketing
Challenger will not use your personal information for direct marketing purposes unless:
- we have obtained your consent or you would reasonably expect us to use your personal information for direct marketing purposes; and
- we have provided you with a simple means to "opt-out" from receiving direct marketing; and
- we have not received an opt-out request from you
Challenger will not use any sensitive information collected from you for direct marketing purposes. To opt-out of receiving direct marketing, please contact us (see 'Contacting us' section of this policy). If you have purchased your annuity via a platform provider, please refer to the relevant PDS or contact your platform directly to find out how to opt-out.
14. Use of our website
We will collect some information from you when you visit the Challenger website or use InvestorOnline. Your use of the facilities and services available through the website will determine the amount and type of information that we will collect about you. Some of this information will not be personal information because it will not reveal your identity.
The only personal information which we collect about you when you use the website is what you tell us about yourself; for example, by completing an online form such as an application form, provide account instructions online, change your personal or contact details, within a tool, asking for a Product Disclosure Statement (PDS), signing up for our email communications or sending us an email. When you access a user account for one of our login websites (AdviserOnline or InvestorOnline), we may subsequently collect information about your use of the website. This may be used to 'personalise' your experience on the website by displaying content that is likely to be relevant to you. This information may also be used to help us understand whether you may benefit from additional support (e.g. we may contact you to determine whether you need assistance in finalising or progressing incomplete applications or quotes).
If you access one of our login websites (AdviserOnline and InvestorOnline), cookies may also store information related to your session and visit duration, which can be linked back to your login identification. For more information on cookies, please refer to the 'Cookies' section below.
Because our login sites have access restricted to users with an account, you will be required to use your secure login. Unique identifiers (such as your login identification) are collected from website visitors to verify the user's identity.
Unique identifiers may also be used to store information about preferences, to enable dynamic display of the website according to your preferences when you return.
Challenger uses the data collected for statistical analysis and business purposes. We may also use your personal information to contact you via email or phone to tell you about other products or services that we think may be of interest to you, or seek feedback relating to improving the customer experience. If you do not wish to be contacted for these purposes, you can opt-out by contacting us (see the 'Contacting us' section of this policy). The data is accessible only to authorised Challenger employees. Information which is automatically collected may be published internally as aggregated (de-identified) information to assist with improving the products and services offered by Challenger.
Challenger uses third party tracking tools to collect information on how people use our website and to help us segment customers for certain marketing activities. We also use AppDynamics to monitor system performance and track errors in order to gain accurate browser-user insights to optimise web experiences. Our third party tracking tool providers use "cookies" and in some cases "clear gifs/web beacons" to collect information. Examples of data collected includes page views, button clicks, IP address, ISP, errors, device, device OS and browser. For more information on our third party tracking tool providers, please see Adobe Analytics, AppDynamics, Eloqua, Google Analytics and Sitecore.
Challenger uses the Facebook Pixel and the LinkedIn Insight Tag to enable in-depth campaign reporting and to help us unlock valuable insights about our website visitors. We use both the Facebook Pixel and the LinkedIn Insight Tag to track conversions, retarget website visitors, and unlock additional insights about Facebook and LinkedIn members interacting with our Facebook and LinkedIn adverts. Challenger will only use the Pixel and the Insight Tag to retarget and analyse aggregate data for non-EU residents.
Cookies are pieces of information that are transferred to your computer when you visit a website so that sites can record usage and, in some cases, provide you with tailored content or targeted advertising. Most web browsers are set to accept cookies. You can choose to disallow cookies by changing settings on your web browser. However, if you reject all cookies you may not be able to use some areas of our websites.
15. Challenger annuities purchased via platform
Please ensure you read the Privacy section of the relevant Challenger PDS as this will outline specific procedures for how you can access or seek to correct your personal information, as well as how to lodge a complaint if you feel your personal information has been mishandled. It will also explain how you can opt-out of receiving direct marketing in relation to your Challenger annuity.
16. Electronic verification
We are required by the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 to verify your identity before we can provide you with financial products and services. We may need to verify your identity electronically if the copies of the identity documents you provide have not been certified or if we need to perform any additional checks to meet our legal requirements.
How electronic verification works
To verify your identity electronically, we will pass certain information to official State and Commonwealth record holders via our service provider to electronically match your information with information on their databases. These organisations will compare the information to their records and confirm whether all or some of the information you provided matches their records.
What information will be shared and who will it be shared with
If we need to verify your identity electronically, we will provide the following information to our service provider:
- Full name
- Date of birth
- Residential address
- Government identifiers such as your passport or driver’s licence number.
We have engaged VixVerify Pty Ltd to check the relevant identity document details you have provided against the records held by the government authority that issued it (either via the government’s Document Verification Service or directly with the relevant issuer) and to check the document is valid and has not expired.
If you have any questions around our electronic verification process, please give us a call on 13 35 66.
17. Employment opportunities at Challenger
If you are seeking employment or contracting opportunities with Challenger, we will collect personal information from you and, where applicable, from any referees you have provided to us during the recruitment process. We may also collect sensitive information about you as part of our background checking process (with your consent). This information may be disclosed to (and obtained from) third party agencies that we engage to conduct screening checks on our behalf. Personal information gathered during the recruitment process will only be used to assess your suitability for the relevant role, and if you are not the preferred candidate, your information may be retained to assess your suitability for roles offered in the future.
18. Information collected about UK/EU residents
Challenger from time to time transacts with counterparties in the UK or Europe whereby it may obtain personal data (e.g. in connection with reinsurance arrangements). If you would like further information about how Challenger satisfies its obligations under applicable UK/EU privacy laws (e.g. the General Data Protection Regulation, or 'GDPR'), please contact us via one of the means described in Section 22.
19. Complaints about your privacy
If you wish to raise any concerns about any breach or potential breach of your privacy, please contact our Privacy Officer and we will make every effort to resolve your complaint internally. If you wish to raise a concern, you should be aware of the following;
- your complaint should be made in writing to the Privacy Officer (via post or email)
- we will attempt to respond within 30 days from receipt of your request
- if you feel your concerns have not been resolved, the complaint may be taken to the Office of the Australian Information Commissioner (OAIC)
- alternatively, you may also take the complaint to an external dispute resolution service, such as the Australian Financial Complaints Authority (AFCA)
- AFCA provides fair and independent financial services complaint resolution that is free to consumers. There are some time limits for lodging certain complaints, please consult the AFCA website to find out if or when the time limit relevant to your circumstances expires.
If you have purchased your Challenger annuity via a platform provider, the process for lodging a complaint can be found in the relevant PDS. You should also refer to the "Challenger annuities purchased via platform" section of this policy.
For more information on how you may lodge a complaint with the OAIC, please contact the OAIC hotline service on 1300 363 992 or email email@example.com. Alternatively, AFCA may be contacted at 1800 931 678 or firstname.lastname@example.org.
20. Information collected about UK/EU residents
Challenger from time to time transacts with counterparties in the UK or Europe whereby it may obtain personal data (e.g. in connection with reinsurance arrangements). If you would like further information about how Challenger satisfies its obligations under applicable UK/EU privacy laws (e.g. the General Data Protection Regulation, or 'GDPR'), please contact us via one of the means described in Section 17.
Challenger may make changes to this policy from time to time for any reason and we will update the website in a timely manner.
22. Contacting us
If you would like more information about how we manage your personal information, our Client Services team is available Monday to Friday, from 8am to 6pm EST, and can be contacted on 13 35 66. Alternatively, you can write to us at the following address:
The Privacy Officer
Level 2, 5 Martin Place
Sydney NSW 2000
Or send an email to: email@example.com.
If you have purchased your Challenger annuity via a platform provider, please refer to the relevant PDS for the appropriate contact details. You should also refer to the "Challenger annuities purchased via platform" section of this policy.