Updated: 31 October 2018
At Challenger, we understand your concerns about privacy and the security of your personal information. Your privacy is important to us and we are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (‘APPs’). We are committed to protecting the personal information that we hold about you.
1. What personal information is collected?
Challenger collects personal information that is reasonably necessary for us to provide you with financial products and services and to administer them. The kind of personal information we collect and hold will depend upon the type of products and services that you request from us and may include:
- information you give us when you request a product or service from us. This information may include your name, date of birth, address, contact details and relevant identification documents;
- communications between us and your financial, legal or other adviser, or your broker, agent or platform provider (if you have purchased a Challenger annuity via a platform)
- communications between us and associations that you are a member of and with which we have an affiliation;
- transactional information about the use of a product if you have or had a product with us;
- financial information about you such as your financial position and information obtained from credit checks if you have authorised us to carry out those checks;
- in some cases sensitive information obtained with your consent (e.g. if you are applying for the CarePlus Annuity, we require confirmation that you are eligible to receive government-subsidised aged care services) or otherwise where required or permitted by law (e.g. in relation to anti-money laundering);
- your name, contact details and date of birth where a policy holder who has listed you as a beneficial owner or other related party in connection with that policy (i.e. a nominated beneficiary or a reversionary under a policy or as the policy holder’s attorney);
- if you are a financial adviser or other authorised representative of a customer, your name, contact details and any other information you provide when communicating with us in relation to our products and services, or in connection with a mutual customer; and
- information regarding your website interaction with us (i.e. the sections or features of our website that you have visited or used). This information will be anonymous unless you are a registered user of the relevant Login Site (AdviserOnline or InvestorOnline). See the ‘Use of our website’ section of this policy for further information.
2. How is personal information collected?
Challenger usually collects your personal information in a number of ways including:
- directly from you (including via your financial, legal, or other adviser, or your broker or agent), such as when you provide the information by phone, email or in an application form or online quoting tool, or when you access a user account for one of our login sites (AdviserOnline or InvestorOnline), or when you participate in a survey, promotion or competition;
- from other Challenger group companies where permitted by law;
- from policy holders where they have listed you as a beneficial owner or other related person in connection with the investment (i.e. a nominated beneficiary, reversionary or an individual granted power of attorney) and have provided us with your name, date of birth and contact details);
- from third parties such as your financial adviser, platform provider, lawyer or other agents or credit reporting agencies, credit providers, or identity verification service providers, if you authorise us to do so; and
- from publically or commercially available sources for the purpose of complying with customer due diligence obligations under relevant legislation (e.g. anti-money laundering laws)
3. What if you do not provide certain information?
If you provide us with an incomplete application, we may not be able to provide you with the product or service until the application is complete.
If you do not provide us with all relevant identity verification documents, or adequately satisfy electronic identity verification requirements, we may not be able to provide you, or continue to provide you with the product or service.
If you choose not to disclose your Tax File Number (‘TFN’), TFN exemption or Australian Business Number (‘ABN’), we may have to deduct tax at the highest marginal rate (plus the Medicare levy) from distributions or income payments made to you. If you are a foreign tax resident and you have not provided us with information we have requested about your tax residency (i.e. your Tax Identification Number or similar number issued by the relevant foreign tax authority), we may not be able to process your request, or we may be required to notify the Australian Taxation Office (ATO).
If you choose not to disclose your account details or correctly answer verification questions, we may not be able to process transactions requested
4. How do we use and disclose your personal information?
Challenger may collect, use and disclose your personal information for the primary purpose of providing the products and/or services requested, as well as for related purposes such as:
- to verify your identity or transactions which you may enter into with us (including the identities of third parties connected with your product/service application, such as beneficiaries and beneficial owners, where applicable);
- to process your applications for our products and services;
- to administer and manage the provision of our products and services;
- to respond to queries, complaints or to provide you with our general customer services;
- to provide your nominated financial adviser or other agent with details of your investment;
- to confirm your membership of an association with which we have an affiliation;
- to assess credit which you seek from Challenger loan programmes and to administer any credit a Challenger loan programme provides, including providing your nominated mortgage broker with details of your loan;
- to provide you with offers of other Challenger products or services and to improve and personalise our products and services;
- to provide you with offers from organisations with whom we have an alliance;
- to comply with laws and regulatory requirements, including anti-money laundering, financial services and taxation laws, or complying with any request made by a governmental authority in connection with legal proceedings or the prevention or detection of fraud and crime;
- to comply with Challenger’s risk management policies and procedures;
- to conduct product and market research;
- to train our staff;
- if applying for employment with Challenger, to complete appropriate background checks; or
- if attending our offices in person, to assist Challenger in providing a safe and secure environment for employees and visitors.
We may disclose your personal information to:
- your financial, legal or other adviser, or your broker, agent or platform provider;
- a financial institution with whom we have a branding arrangement with;
- professional service firms that provide services to us, such as, legal, and audit, or data/information services;
- electronic identity verification service providers, in order for identity information (about you or related persons connected with your investment) to be verified against relevant government and other databases, for the purpose of complying with anti-money laundering laws;
- our related companies; or
- organisations with which we have an association and you are a member, and otherwise in accordance with this policy and the APPs.
5. Overseas transfer of personal information
Challenger does not disclose personal information to persons or entities in foreign countries.
In some cases, Challenger may utilise ‘Cloud’ storage solutions for data storage purposes, and the relevant servers may be located overseas. Please see the ‘Storage and security of information’ section of this policy for further details. However, in some cases, personal information may be used (or accessed) by third party service providers located overseas to perform administrative functions in relation to your annuity. This may occur where you have purchased your annuity via a platform provider that is supplying administrative services to Challenger (and the platform provider is using a third party administrator located overseas to perform certain administrative tasks in relation to investors using the platform). In such cases, Challenger will review these arrangements to ensure appropriate security protections are in place to protect the personal information of its annuitants.
6. Use of service providers
We may contract out some of our administrative and support functions such as mailing, settlement services, product administration services, document and data storage, background checking or identity verification services to external service providers from time to time. Only information necessary for the service provider to carry out their function will be provided and will be subject to confidentiality clauses in the relevant services agreement.
7. Keeping us up-to-date
Personal information such as your contact details may change from time-to-time and we ask that you keep us informed of any changes by notifying us. Where you have previously provided information about another person related to your investment (such as a beneficial owner, beneficiary or reversionary) and the information is no longer current, you must provide up-to-date information.
Changes to some details, such as a change of name, may require additional documentation to verify the change. Additionally, some changes may be required to be made on a specific form (such as a change of bank account from which direct debits are deducted). Challenger is unable to change any account details or provide any policy specific information through email. To change your contact information please download and complete the Change of details form (or go to ‘Our Products’ then select ‘Forms’).
Please see the ‘Contacting us’ section of this policy if you would like to request an update to the personal information we hold about you or your nominated beneficiary or reversionary.
If you have purchased your Challenger annuity via a platform provider, the process for updating your personal information may be slightly different. Please refer to the relevant PDS and the “Challenger annuities purchased via platform” section for further details.
8. Storage and security of information
Challenger stores personal information in a combination of computer storage facilities, paper-based files and other records. These are held on our premises and systems as well as offsite using trusted third parties. Some personal information may be held by data service providers located overseas (such as ‘Cloud’ service providers for data storage and management purposes) and Challenger maintains effective control of the information under contractual arrangements. We will take reasonable steps to protect personal information from loss, interference or misuse, and unauthorised access, modification or disclosure.
Where personal information is no longer required to be retained, we will take such steps as are reasonable in the circumstances to de-identify the information or put it beyond use.
This policy sets out Challenger’s policies on the management of personal information and is made freely available on our website, or in hardcopy if requested.
10. Access and correction
Generally, Challenger will provide you with access to your personal information that we hold, unless a particular exception applies, such as where:
- it would be unlawful to provide the information;
- providing access would be likely to prejudice an investigation of possible unlawful activity;
- the information is relevant to legal proceedings and would not be accessible in the normal discovery process;
- giving access would have an unreasonable impact on the privacy of other individuals;
- it would pose a serious and imminent threat to the life or health of any individual; or
- the request is frivolous or vexatious.
If a request for access would divulge a commercially sensitive decision-making process, then Challenger may provide an explanation rather than direct access to the information.
If we become aware that the personal information we hold about you is inaccurate, incomplete, misleading or irrelevant, then we will take reasonable steps to amend it. If we receive a request from you to correct your information, then we will seek to correct it within 30 days. If you and Challenger disagree about the accuracy, completeness or currency of our records, then you have the right to request that we note your disagreement on those records.
Please see the ‘Contacting us’ section of this policy if you would like to request an update or seek access to the personal information we hold about you.
If you have purchased your Challenger annuity via a platform provider, the process for accessing and correcting your personal information may be slightly different. Please refer to the relevant PDS and the “Challenger annuities purchased via platform” section of this policy for further details.
Challenger does not use any government-issued identifiers (such as TFNs, Medicare numbers and Drivers Licence numbers) for use as its own identifier for individuals. Instead, Challenger issued numbers such as investor numbers and account numbers are used to identify individuals and the Challenger products and services they obtain.
12. Anonymity and pseudonymity
Given legal requirements on financial institutions to identify their customers, in most situations Challenger is unable to allow you to transact with it on the basis of anonymity (including the use of pseudonym). Access to the Challenger public website and some other interactions with Challenger may be done anonymously, or in the case of general enquiries, using a pseudonym. However, we may not be able to respond to your queries unless you provide us with certain information.
13. Direct marketing
Challenger will not use your personal information for direct marketing purposes unless:
- we have obtained your consent or you would reasonably expect us to use your personal information for direct marketing purposes; and
- we have provided you with a simple means to “opt-out” from receiving direct marketing; and
- we have not received such a request from you.
Challenger will not use any sensitive information collected from you for direct marketing purposes. To opt-out of receiving direct marketing, please contact us (see ‘Contacting us’ section of this policy). If you have purchased your annuity via a platform provider, please refer to the relevant PDS which will explain how to opt-out.
14. Use of our website
We will collect some information from you when you visit the Challenger website. Your use of the facilities and services available through the website will determine the amount and type of information that we will collect about you. Some of this information will not be personal information because it will not reveal your identity.
The only personal information which we collect about you when you use the website is what you tell us about yourself; for example, by completing an online form such as an application form, asking for a Product Disclosure Statement (PDS) or sending us an email. When you access a user account for one of our login sites (AdviserOnline or InvestorOnline), we may subsequently collect information about your use of the site. This may be used in order to ‘personalise’ your experience on the site by displaying content that is likely to be most relevant to you. This information may also be used to help us understand whether you may benefit from additional support (e.g. we may contact you to determine whether you need assistance in finalising or progressing incomplete applications or quotes). You should refer to the ‘Login Sites’ section below.
If you access one of our login sites (AdviserOnline and InvestorOnline), cookies may also store information related to your session and visit duration, which can be linked back to your login identification. For more information on cookies, please refer to the ‘Cookies’ section below.
Because our login sites have access restricted to users with an account, you will be required to use your secure login. Unique identifiers (such as your login identification) are collected from website visitors to verify the user’s identity.
Unique identifiers may also be used to store information about preferences, to enable dynamic display of the site according to your preferences when you return.
Challenger uses the data collected for statistical analysis and business purposes. We may also use your personal information to contact you via email or phone to tell you about other products or services that we think may be of interest to you, or seek feedback relating to improving the customer experience. If you do not wish to be contacted for these purposes, you can opt-out by contacting us (see the ‘Contacting us’ section of this policy). The data is accessible only to authorised Challenger staff. Information which is automatically collected may be published internally as aggregated (de-identified) information to assist with improving the services offered by Challenger through the website.
Challenger uses third party web analytics providers to collect information on how people use our website and to help us know what our customers find interesting and useful in our website. Our web analytics providers use “cookies” and in some cases “clear gifs/web beacons” to collect information. For more information on our web analytics providers, please see Omniture and Google Analytics.
Challenger uses Google AdWords Remarketing and DoubleClick by Google to trigger advertisements across the Internet. AdWords Remarketing will display advertising based on what parts of the Challenger website have been visited by placing a cookie on your machine. This cookie does not identify you as an individual. Google AdWords Remarketing allows us to tailor our marketing to better suit your online activity and display ads that are relevant to you. Visit Google’s Ads Preferences Manager for more information on the Google AdWords Remarketing cookie and how to opt out from the use of these cookies.
Cookies are pieces of information that are transferred to your computer when you visit a website so that sites can record usage and, in some cases, provide you with tailored content or targeted advertising. Most web browsers are set to accept cookies. You can choose to disallow cookies by changing settings on your web browser. However, if you reject all cookies you may not be able to use some areas of our websites.
Clear gifs (also known as web beacons) are used in combination with cookies to help us understand how visitors interact with our website. A clear gif is typically a transparent graphic image (usually 1 pixel x 1 pixel) that is placed on a site. The use of a clear gif allows us to measure the actions of the visitor opening the page that contains the clear gif.
15. Challenger annuities purchased via platform
Please ensure you read the Privacy section of the relevant Challenger PDS as this will outline specific procedures for how you can access or seek to correct your personal information, as well as how to lodge a complaint if you feel your personal information has been mishandled. It will also explain how you can opt-out of receiving direct marketing in relation to your Challenger annuity.
16. Employment opportunities at Challenger
If you are seeking employment or contracting opportunities with Challenger, we will collect personal information from you and, where applicable, from any referees you have provided to us during the recruitment process. We may also collect sensitive information about you as part of our background checking process (with your consent). This information may be disclosed to (and obtained from) third party agencies that we engage to conduct screening checks on our behalf. Personal information gathered during the recruitment process will only be used to assess your suitability for the relevant role, and if you are not the preferred candidate, your information may be retained to assess your suitability for roles offered in the future.
17. Contacting us
If you would like more information about how we manage your personal information, our Client Services team is available Monday to Friday, from 8am to 6pm EST, and can be contacted on 13 35 66. Alternatively, you can write to us at the following address:
The Privacy Officer
Level 2, 5 Martin Place
Sydney NSW 2000
Or send an email to: firstname.lastname@example.org.
If you have purchased your Challenger annuity via a platform provider, please refer to the relevant PDS for the appropriate contact details. You should also refer to the “Challenger annuities purchased via platform” section of this policy.
18. Complaints about your privacy
If you wish to raise any concerns about any breach or potential breach of your privacy, please contact our Privacy Officer and we will make every effort to resolve your complaint internally. If you wish to raise a concern, you should be aware of the following;
- your complaint should be made in writing to the Privacy Officer (via post or email)
- we will attempt to respond within 30 days from receipt of your request
- if you feel your concerns have not been resolved, you may take them to an external dispute resolution service (such as the Australian Financial Complaints Authority)
- the complaint may be taken to the Office of the Australian Information Commissioner (OAIC).
If you have purchased your Challenger annuity via a platform provider, the process for lodging a complaint can be found in the relevant PDS. You should also refer to the “Challenger annuities purchased via platform” section of this policy.
For more information on how you may lodge a complaint with the OAIC, please contact the OAIC hotline service on 1300 363 992 or email email@example.com.
19. Information collected about UK/EU residents
Challenger from time to time transacts with counterparties in the UK or Europe whereby it may obtain personal data (e.g. in connection with reinsurance arrangements). If you would like further information about how Challenger satisfies its obligations under applicable UK/EU privacy laws (e.g. the General Data Protection Regulation, or ‘GDPR’), please contact us via one of the means described in Section 17.
Challenger may make changes to this policy from time to time for any reason and we will update the website in a timely manner.