Privacy at Telstra

Your privacy matters to us

In our busy, connected world, protecting what's private is more important than ever. At Telstra, we're committed to keeping your personal information safe and your data secure.
Credit information

What is a privacy statement and why does it matter?

Privacy policies help you to understand how an organisation handles your personal information, so you can make an informed choice as a customer. They also let you know your rights.

Telstra's Privacy Statement explains how we collect, store, use and share your personal information. 

This Privacy Statement came into effect on 1 July 2024. We may need to update it over time but if we do, we will post the updated version on this page.

You can download our Privacy Statement (PDF, 269KB) or read it in full below.

Who is this privacy statement for?

If you're a Telstra customer, use any of our products or services, access our website or interact with us, our Privacy Statement is for you. It applies to Telstra Group Limited and all of its Australian businesses, including Belong, but excluding Telstra Health, Telstra Foundation (PDF, 153KB), Telstra Super, and other Telstra businesses that have their own privacy policies.  

Some parts of this Privacy Statement only apply when you use specific products and services. We'll let you know whenever that's the case.

Other relevant information

Making privacy simple

We think understanding how we handle your personal information should be simple. This quick overview will help you get to know the main points of our Privacy Statement. It doesn't contain every detail. If you want more information, please read our full Privacy Statement.

We need your personal information to provide our products and services to you

We collect different types of personal information about you. The types of personal information we collect depend on which of our products and services you use, how you use them, and our relationship with you. 

Sometimes, we may also need to collect personal information about other people from you.  Where this is the case, we rely on you to let those people know you are providing us with their information. We also rely on you to let them know about this Statement. Find out what types of information we collect.

We collect your personal information in three main ways

We collect your personal information when you or your authorised representative give it to us. For example, this could be in a web form or during a chat session, when you use our networks, products and services, or when we get information about you from other places, including regulators, our related entities, service providers or public posts to social networking sites. Learn more about how we collect your personal information

We use your personal information in a variety of ways

We mainly use your personal information to provide products and services to you. But we also use your information for other business purposes like administration, security, fraud protection, marketing, analysis of product and service usage, improvement and development of new and existing products and services. Learn more about the ways we use your personal information.

How we look after your personal information, including when we share it

We work hard to keep your personal information secure

We use a combination of technical solutions, security controls and internal processes to help us protect your personal information from unauthorised access and disclosure. We're constantly updating our security measures. Learn more about everything we do to keep your information safe.

We may share your personal information with others who help us provide our services to you

We may share your personal information with other parties who play an important role in helping us run our business and provide products and services to you. These include our suppliers, agents, partners and contractors. 

We may also share your personal information with other third parties. This may include financial institutions, credit reporting bodies, and our corporate partners. In some cases, we share your information with organisations that may be based outside Australia.  We take steps to ensure that they meet the same privacy requirements we place on ourselves. Learn more about how we share your personal information.

You're in control of your personal information

You can access, view and correct your personal information

You have the right to request a copy of the personal information we hold about you, and the right to correct it if you need to. It’s always a good idea to keep your personal information up to date. Learn more about your right to access and correct your personal information.

You can make a complaint to us or a regulator about any privacy concerns

Our contact details are available for you to notify us of any privacy complaints you have against us. While we hope we’ll always be able to resolve any issues you have, you can also lodge a complaint with the relevant regulator, for example the Telecommunications Industry Ombudsman (TIO) or the Office of the Australian Information Commissioner (OAIC). Find out more about lodging a complaint and how you can contact us.

Our full Privacy Statement explains how we collect, store, use and share your personal information. Select a topic to find out more.

We collect different kinds of personal information about you. It’s information we need in order to provide our products and services to, or do business with you. The types of information we collect depends on which products and services you use, how you use them, and our relationship with you.

Below are the main types of personal information we may collect: 

Identity information

This is information we need to make sure you are who you say you are. Verifying your identity allows us to provide you with our products and services, and also communicate with you about the products and services you use.

This information often includes your name, date of birth, contact details, proof of identity documents, property information (for example, rental lease and utility statements), Telstra PIN, payment information and whether you are a customer of one of our trusted partners. 

Financial information

We may collect your employment, financial and credit information, like your employment and income details, payment history, credit history and service history.

For more details on how we manage your credit information, check out our Credit Reporting Policy. You can find it on our website at telstra.com/privacy/credit.

Sensitive personal information

We will only collect your sensitive information if it’s relevant to the products or services we provide you. In Australia, sensitive information is specifically defined in the Privacy Act, and covers things like biometric, ethnic origin and health information. For example, we may need to collect:

  • Limited health information, for example to work out if you’re eligible to be a Priority Assistance telecommunications customer.
  • Biometric information like your voice patterns, for example to verify your identity or detect fraud.

Except in situations where we are legally permitted or required to do so, we will always ask for your consent before we collect or use your sensitive information.

Concession details

If you're a concession customer, we may collect information about the concessions you’re entitled to. For example, if you’re claiming a pensioner discount we’ll need your Centrelink Customer Reference Number (CRN).

Information to protect against fraud, crime or misconduct

This includes different kinds of information we collect to protect either you or a third party, such as the time and date of a transaction made with a bank, retailer or other trusted partner. We sometimes need to compare this against Telstra service or account activity when we’re identifying and helping prevent identity theft, unauthorised transactions, or other fraudulent activities.

On-site information

This is information we collect when you visit a Telstra store or premises. For example, via CCTV or as a written report. This sort of information helps us protect our staff and customers, and is important for preventing fraud, crime and misconduct.

Your activity on our website, systems and applications

This includes information collected via cookies and other technologies as well as information collected during network fault finding and diagnostic testing activities. For more information about the types of cookies that Telstra uses, and how you can manage your settings, please visit Managing your cookies

Other information we may collect

Depending on the Telstra products and services you use, we may also collect:

Telecommunications & associated products and services 
  • Information about products and services you have with us. This includes technical information about your devices such as:
    • Your hardware model
    • Operating system version
    • The serial number of your devices
    • The settings on your devices
    • Our network performance
    • How you use our networks.
  • Information about how you use our products and services. This includes:
    • Your network usage, for example the volume, time and duration of calls and SMS messages, along with information about the operation of the equipment, services and applications you use on our networks
    • How you use our services to access the internet, for example websites you visit
    • Your location, or the location of your devices
    • Usage logs, communications content and call recordings that identify users only if enabled or requested as part of a product or service, for example Telstra’s security monitoring and voice solutions, or if allowed by law.

Providing information on behalf of others

Sometimes you may need to provide personal and/or sensitive information about other individuals to us, for example your authorised representatives, or when someone at your property requires life support equipment or Priority Assist. In those cases, it’s your responsibility to tell those individuals you’re giving us their personal information and also to tell them about this Privacy Statement. We rely on you to do this.

Stay privacy smart whenever you're online

It's important to note that our products, services and website often contain links to other websites or platforms operated by third parties. These third parties do not need to comply with our Privacy Statement. 

We recommend checking the privacy statement of the site or platform you're dealing with to understand how they handle personal information. Their privacy practices and privacy policies may be very different to ours. 

There are three main ways we collect your personal information:

1. You give it to us

This might happen during any interaction you have with us or one of our trusted partners and includes anyone acting on your behalf. It covers a wide range of activities where you might give us information about yourself, for example when you set up an account, fill out a form on our website, chat with us online or over the phone, use one of our products or services, or contact us with a question or complaint.

2. We collect it ourselves

This is information we collect about you when you interact with us, our network, product or services in some way. We might do this when you visit our website (including via cookies and other technologies) or use our products and services, including communicating with our call centres and participating in Telstra loyalty programs. We may also collect information about you when you visit a Telstra store or premises. 

3. We get it from other sources

These may include organisations like regulators, or sources like marketing mailing lists or commercially available information sources that contain personal, identity, geographic or demographic information. It may include information that's publicly available, like public posts on social networking sites you've used to interact with us. We may also collect information about you from our related entities, business and commercial partners, along with our service providers, for example identity and fraud checking services we use.

Depending on which of our products and services you use, or how you use our network, we may also collect your personal information from other participants in the telecommunications sector. This might include organisations that use the Telstra network, such as our wholesale customers (e.g., Boost Mobile).

Don't want to share your information? We get it

Personal information is about you, and in some situations, you might not want to provide us with particular details. If that's the case, keep in mind that we may not be able to provide you with the products or services you need.

We use your personal information in a variety of ways:

To provide products and services to you

We may use your personal information to provide products and services to you and conduct our business.  

Administration

This includes many of the ordinary activities necessary to run our business. We may use your personal information to help us manage the products and services we provide to you, deal with enquiries and complaints and maintain and update our records. 

For example, if you contact us with a question about your account, we’ll need to verify your identity first to protect against fraud and will use your personal information to do that.

We also use your information for charging and billing and to identify breaches of our terms and conditions of service.

Network and security monitoring

We undertake a range of network and security monitoring activities, including identifying and blocking malicious content. For example, SMS and messages to your Telstra email we identify as scam or associated with cybercrime. We also monitor our Domain Name Servers (DNS) for known malicious domains which can lead to the downloading of malicious software onto devices. 

Where Telstra’s DNS services are used to connect to known malicious domains, we may use your personal information to determine whether you might be impacted. If so, we may take action to block malicious activity and/or notify you so that you can take action to protect yourself.

Identifying fraud, crime and misconduct

We may use your personal information to identify and help prevent identity theft, unauthorised transactions or other fraudulent activities. These activities may happen either on or off our networks, for example fraudulent transactions with banks, retailers and other trusted partners. Personal information captured within our stores or premises, including via CCTV, may also be used to manage fraud, crime, and misconduct.

Communicating with you

Businesses need to be able to communicate with their customers, and we’re no different. We may use phone, email, SMS, postal mail, chat functions and social media to communicate with you. We may also provide you with personalised experiences within search engines and web pages you visit.

Improvement, development and analysis

We are continually working to maintain and improve our products, services and processes and to develop new ones, and we may use your personal information to help us do this. For example, when we’re analysing network use, quality, and performance, and when we are operating, maintaining, developing, testing and upgrading our products, systems and infrastructure. 

We also use analysis to obtain high level insights into things like usage and location patterns or trends, network performance, demographic trends, and other types of behavioural data. This information is generally aggregated or de-identified when we analyse it, which means the information isn’t personal information. We may share these insights with trusted partners. 

In some cases, we may create or share insights based on personal information, but if we do it’s always in accordance with our privacy obligations. We may also combine information we hold about you with information from one of our partners’ services to improve our credit assessment, debt recovery and other processes.

Direct marketing 

We want to make sure you hear about products, services or special offers from us (or one of our entities) that you might find useful or interesting. We may use the personal information we collect and hold about you to market and promote products, services and special offers directly to you, including as part of Telstra’s loyalty programs. 

We may also contact you with information about products, services and offers provided by our trusted partners. In some cases, this marketing activity can continue for up to 13 months after you have stopped using our products or services (including Telstra’s loyalty programs), unless you opt out. 

You have the right to opt out of marketing communication from us

If you don’t want your personal information to be used for marketing you can simply opt out. Below are the ways that you can opt out:

  • You can stop Telstra using your personal information for direct marketing, or update your marketing preferences, by following the unsubscribe instructions in any of our marketing communications, logging into My Telstra in a browser at my.telstra.com.au, via the My Telstra app, or by calling us on 1800 039 059. 
  • You can stop Belong using your personal information for email marketing by unsubscribing at Belong or visiting belong.com.au/go/privacy-and-terms/privacy
  • Australian enterprise customers can stop Telstra Enterprise using personal information for direct marketing by following the unsubscribe instructions in any of our marketing communications, or by visiting telstra.com/enterprise/unsubscribe

Keep in mind that when you opt out of marketing messages, we will still send you important messages related to the operation of your account, for example administration or safety messages.

Compliance

There are certain circumstances where we are required or allowed to collect or use your personal information, including, but not limited to those described below. 

Telecommunications & associated products and services

We may collect or use your personal information:

  • As required or permitted by telecommunications laws and industry codes and standards legislation, including the Telecommunications Act 1997 (Cth) and the Telecommunications (Interception and Access) Act 1979 (Cth) (which includes data retention provisions)
  • To produce and distribute an alphabetical public number directory (known as the White Pages) in compliance with our Carrier Licence Conditions. Please note, if you've requested an unlisted number your number will not be published in the White Pages
  • When we need to do identity checks for pre-paid public mobile telecommunications services under the Telecommunications (Service Provider - Identity Checks for Prepaid Mobile Carriage Services) Determination 2017
  • When we need to verify your identity for certain transactions in accordance with the Telecommunications Service Provider (Customer Identity Authentication) Determination 2022
  • To provide emergency call service centres and the relevant emergency services organisations with information in relation to calls to the emergency call service number (000 and 112) (e.g., the most precise mobile location information we can access about the relevant device when it is used to call the emergency call service number under the Telecommunications (Emergency Call Service) Determination 2019)
  • To prevent or lessen threats to a person’s life or health under the Telecommunications Act 1997 (Cth) or Telstra’s Carrier Licence Conditions.

Keeping your personal information safe is vital for our business, and information security is a priority for the products and services we offer. Our approach is based on innovation and continuous improvement, where we anticipate threats instead of simply responding to them. 

We use a combination of advanced technical solutions, security controls and internal processes to help us protect your personal information and our network from unauthorised access and disclosure.

We store your information securely

We may store your personal information securely in hard copy or electronic format and keep it in storage facilities that we own and operate ourselves or that are owned and operated by our service providers.

We limit the amount of information we keep

We aim to ensure that personal information is kept as current as possible, and that irrelevant or excessive data is destroyed or de-identified as soon as reasonably possible. 

Telstra is subject to a number of legislative requirements to retain information for different periods of time. When personal information is not, or is no longer, subject to these legislative retention requirements, and no longer required for a legitimate business reason, we take reasonable steps to destroy or de-identify it.

We work with a range of external suppliers, agents, partners, and contractors who help us with our business processes and/or provide you with products and services on our behalf. We may share your personal information with these parties, who provide the following kinds of services:

  • Providing, managing or administering our products or services, including customer enquiries and support services
  • Installation, maintenance and repair services
  • Mailing operations, billing and debt-recovery functions
  • Information technology and network services
  • Development of our credit assessment and credit worthiness rating system
  • Fraud, crime or misconduct identification, investigation and prevention services
  • Market research, marketing and telemarketing services
  • Development, analysis and business intelligence functions. 

We may also share your personal information with other parties, including:

  • Your authorised representatives or advisers
  • Our dealers, our related entities or our business or commercial partners and other businesses we work with
  • Parties that assist us with fraud and identity checking including financial institutions and the document issuer or official record holder
  • Other third parties for the purpose of helping to protect either you or the third party against fraud, crime or misconduct. This includes situations like assisting to prevent identity theft, unauthorised transactions or fraudulent activities either on or off our networks. It may also include the provision of fraud protection services to third parties, for example banks, retailers, or other trusted partners, as part of our business
  • Law enforcement and national security agencies, and other government and regulatory authorities as required or permitted by law, including for the purpose of responding to complaints
  • Other parties that assist us in managing or developing our business and corporate strategies and functions, including providers of professional services that support our corporate risk or funding functions
  • Financiers, investors or other participants, parties (such as service providers and ratings agencies) and advisers involved in securitisation or other financing arrangements
  • Other parties for the purpose of facilitating or implementing a transfer or sale of all or part of our assets or business
  • Other parties as required or permitted by law.

Depending on the type of Telstra products and services you use, we may also disclose your personal information to the following other parties:

Telecommunications & associated products and services 

  • Other telecommunication and information service providers, for example when you’re porting a service, or our wholesale and other customers who provide you with products or services, or help you to get them
  • The manager of the Integrated Public Number Database (IPND) and other organisations as required or permitted by law (see acma.gov.au for more information)
  • Our contractor, Thryv Australia (formerly known as Sensis), to enable us to meet our Carrier Licence Conditions to produce and distribute an alphabetical public number directory, known as the White Pages. Please note, if you’ve requested for your number to be unlisted, it will not be published in the White Pages
  • Government agencies in relation to the connection of new services to the nbn's network
  • Government agencies responsible for an emergency alert service. We may need to provide your information in response to a request by those agencies.

We may share your information outside Australia

In some cases, we may need to share your personal information with organisations or other Telstra Group entities that are located outside of Australia, for example in the following countries and regions:

Canada, Chile, China, Hong Kong, the European Union, India, Israel, Japan, Malaysia, Moldova, New Zealand, Philippines, Singapore, South Africa, South Korea, Sri Lanka, Taiwan, the UAE, United Kingdom, the United States of America and Vietnam.

Whenever we do this, we require these parties to take appropriate measures to protect your information and restrict how they can use it.

It's important that your personal information is kept accurate, up-to-date and complete. If any of your details change, for example if you move house or change your name, we’ve made it straightforward to update your information.

You have the right to request a copy of the personal information we hold about you. There's no charge to submit a request or correct your personal information, however we may charge an administrative fee for providing access to your personal information at your request.

Need to update or access your personal information?

Follow the directions below:

Your privacy matters, and we want to get it right. If you believe we've missed the mark, you can use our contact details as outlined below to notify us of any privacy complaints you have against us.

We will acknowledge your complaint in writing as soon as possible and will give you an estimated timeframe for when we will respond.

While we hope to be able to resolve any complaints you have, you can also lodge a complaint with any of the following regulators:

Telecommunications & associated products and services 

If your complaint cannot be resolved, you can also contact the Office of the Australian Information Commissioner.

If you have any questions about our Privacy Statement or the way we manage your personal information, or you'd like a copy of this Privacy Statement sent to you (including in Braille), please call us on 1800 039 059 or email privacy@online.telstra.com.au.

You can also download a print-friendly PDF of our Privacy Statement on this page.