Privacy Statement (including Credit Reporting Policy)
Read about how Telstra collects, secures, uses and discloses your personal information.
Privacy at Telstra
Our Privacy Commitment
Privacy matters to us and we know it matters to you.
We provide a wide range of products and services and to do this we need to collect, store, use and disclose a broad range of information.
We are committed to protecting your privacy, keeping your information safe and ensuring the security of your data.
Our Privacy Statement
Our Privacy Statement explains how we collect, use and protect your information. It applies to all the businesses in the Telstra Group including Telstra Corporation Limited. It extends to both our control and processing of personal information. It also incorporates our Credit Reporting Policy which lets you know how we use any credit related information we might collect.
This current policy came into effect at 1 August 2019. We may need to update it over time but if we do, we will post the updated version on our website.
What information do we collect?
The types of information we collect depends on how you use our products and services as well as the relationship we have with you as a customer.
This can include straightforward information like your name, date of birth, contact details (including address, email address, phone number or mobile telephone number), occupation, driver's licence or passport number, Telstra PIN, username or password and financial information (such as credit card or bank account numbers).
We may also collect more in-depth information including:
- Financial and Credit Information related to your financial relationship with us, such as your income details, payment history, your credit history and your service history. For more details, see the section on Credit Reporting below.
- Information about your products and services including device-specific information such as your hardware model, operating system version, unique device and service identifiers, device status, serial numbers, settings, configuration and software and mobile network information.
- Information about how you use your products and services such as:
- Your network usage including time and duration of your communications as well as information about the operation of the equipment, services and applications you use on our networks
- How you use our services to access the internet, such as information about websites visited
- Your location or the location of your devices when you are using our products and services
- Information that allows us to identify you for verification purposes including, when you have given us permission to do so, biometric information like your fingerprints and voice patterns.
- Technical Information about your products and services including details about our network performance including information about how you use our networks.
Sensitive information includes information about a person's race, ethnic origin, political opinions, health, religious or philosophical beliefs and criminal history. We may collect some forms of sensitive information. For example we may collect limited health information to provide priority assistance services or a Centrelink customer reference number to provide you with a pensioner discount. We are subject to strict requirements in relation to sensitive information including to only collect and use sensitive information with consent or otherwise in accordance with applicable law such as the Commonwealth Privacy Act 1988.
You might also need to provide personal information about other individuals to us (e.g. about your authorised representative). If so, we rely on you to have informed those individuals that you are giving their personal information to us and to have advised them about this statement.
How do we collect your information?
There are three ways that we can collect your information.
- You give it to us when you or your representative interacts with either us or one of our trusted partners. This might happen when you are setting up an account with us or using one of our products or services.
- We obtain information from outside sources like credit reports, marketing mailing lists, and public information, (including public posts to social networking sites) and commercially available personal, identity, geographic and demographic information. This can also include information gained from our partners if you have interacted with them. These partners include our business and commercial partners, identity and fraud checking services, credit reporting bodies and wholesale and other customers.
We understand that you might not want to give us particular personal information. If so, that may mean we are not able to provide you with the products or services you need.
How do we keep your information?
We may store your information in hard copy or electronic format, and keep it in storage facilities that we own and operate ourselves, or that are owned and operated by our service providers.
We use a combination of technical solutions, security controls and internal processes to help us protect your information and our network from unauthorised access and disclosure.
We endeavour to ensure that personal information is kept as current as possible and that irrelevant or excessive data is deleted or made anonymous as soon as reasonably practicable. However, some personal information may be retained for varying time periods in order to comply with legal and regulatory obligations and for other legitimate business reasons.
How do we use your information?
We will only use your information if we have a lawful reason to do so such as when it’s our legal duty or we have your consent and when it’s in our legitimate interest to do so. These include:
Administration - To help us properly manage the products and services we provide to you and to maintain and update our records. For example, we need to be able to verify your identity to detect, prevent and address fraud. We also use your information for charging and billing and to identify breaches of our terms and conditions of service.
Network, security and fraud protection - As part of our network protection activities, we monitor Domain Name Servers (DNS) for known malicious domains which can, amongst other things, lead to the downloading of malicious software on to devices. Where Telstra’s DNS services are used to connect to these known malicious domains, we may identify impacted customers for the purposes of notifying them so they can take action to protect themselves.
Communication - We need to be able to communicate with you in order to provide you with our products and services. We might do this on mediums such as email, SMS, social media, search engines and web pages you may visit.
Improvement – We are constantly working to not only maintain and improve our products, services and processes but to develop new ones. We use information we hold to help us do this in a number of ways. For example to monitor network use, quality and performance, and to operate, maintain, develop, test and upgrade our systems and infrastructure. We may also combine information from one service with information from one of our partners’ services to improve our credit assessment and debt recovery processes.
Development and analysis - It’s important we understand your information and communication needs. One of the ways we do this is through using analysis and business intelligence techniques. This gives us high level insights into things like usage patterns, network performance, demographic trends and other types of behavioural data. In many cases this information is aggregated and de-identified when analysed. We may share these anonymised insights with select business and commercial partners. In some cases, we may create insights with your information on an identified basis but would only do so in compliance with privacy laws (such as, with your consent).
Direct marketing - We want to make sure that you know about all our products, services and special offers that are relevant and are of interest to you. We may use the information we hold to market and promote them directly to you. This also may include products, services and offers provided by our trusted partners. In some cases this marketing activity can continue after you have stopped using our products or services, unless you opt-out. You can stop us using your information for direct marketing by updating your preferences by logging into My Account online or by calling us on 1800 039 059 or
Compliance - There are a number of circumstances where we are required or authorised by law to collect, use or disclose information. These include:
- as required or authorised by legislation (for example under the Telecommunications Act 1997 (Cth) and the Telecommunications (Interception and Access) Act 1979 (Cth) including the data retention provisions)
- to produce and distribute an alphabetical public number directory (known as the White Pages) in compliance with our Carrier Licence Conditions
- as required by or in accordance with any industry code or industry standard registered under the Telecommunications Act 1997 (Cth)
- when we need to undertake identity checks for pre-paid public mobile telecommunications services under the Telecommunications (Service Provider-Identity Checks for Prepaid Mobile Carriage Services) Determination 2013
- providing emergency call service centres and the relevant emergency services organisation(s), the most precise mobile location information we can access about the device from which a call is made to the emergency call service number (000 and 112) at the time of the call
- providing information in relation to calls to the emergency call service number (000 and 112) or to prevent or lessen threats to a person’s life or health under the Telecommunications Act 1997, Telstra’s Carrier Licence Conditions and the Telecommunications (Emergency Call Service) Determination 2009.
When do we share your information?
We may share your information with other parties who provide services to us, including organisations, agents, partners and contractors that assist us with providing our business processes and products and services. These services include:
- providing, managing or administering your product or service including customer enquiries and support services
- installation, maintenance and repair services
- mailing operations, billing and debt-recovery functions
- information technology and network services
- to develop our credit assessment and credit worthiness rating system
- fraud, crime or misconduct identification, investigation and prevention services
- market research, marketing, telemarketing and door-knocking services
- development, analysis and business intelligence functions.
We may also disclose your information to:
- your authorised representatives or advisers
- other parties when you ask us to do so or when you consent to that disclosure for the purposes of fraud, crime or misconduct identification, investigation and prevention services
- credit-reporting bodies (for more information see the Credit Reporting section below) for identity checking and credit related purposes such as credit-worthiness, credit rating, default listing, credit provision and financing. These include:
- Equifax Australian Group Pty Ltd (formerly known as Veda)
Address: Equifax Australian Group Pty Ltd
PO Box 964
North Sydney NSW 2059
- Illion Australia (formerly trading as Dun and Bradstreet (Australia) Pty Ltd)
Telephone: 1300 734 806
- Equifax Australian Group Pty Ltd (formerly known as Veda)
- our dealers, our related entities or our business or commercial partners and other businesses we work with
- other telecommunication and information service providers or to our wholesale and other customers from or through whom you may acquire products or services
- the manager of the Integrated Public Number Database (IPND), and other organisations as required or authorised by law (please see www.acma.gov.au for more information)
- parties that assist us with fraud and identity checking including financial institutions and the Government’s National Document Verification Service, to verify the validity of any Government issued documentation you provide as proof of identity ie: to check a Drivers Licence, Medicare, Passport etc.
- law enforcement and national security agencies, and other government and regulatory authorities as required or authorised by law
- other parties who assist us in managing or developing our business and corporate strategies and functions, including our corporate risk or funding functions
- financiers, investors or other participants and parties (such as service providers and ratings agencies) and advisers involved in any sale of our debts, securitisation or other financing arrangement (for example, a sale of amounts payable by you to Telstra)
- our contractor, Sensis, to enable us to meet our Carrier Licence Conditions to produce and distribute an alphabetical public number directory (known as the White Pages). Note, if you have requested a silent line number your number will not be published in the White Pages.
- other parties as required by or in accordance with any industry code or industry standard registered under the Telecommunications Act 1997 (Cth)
- government agencies for purposes associated with connecting new services to the National Broadband Network
- and for the purposes of facilitating or implementing a transfer/sale of all or part of our assets or business.
In some cases, the organisations that we may disclose your information to may be based outside the location where the information is collected. For example, we may share your information with other parties in Australia, Canada, Chile, China, Hong Kong, countries within the European Union, India, Japan, Malaysia, New Zealand, Philippines, Romania, Russia, Singapore, South Africa, South Korea, Sri Lanka, Taiwan, the UAE, Ukraine, the United States of America and Vietnam.
Where we do this, we require these parties to take appropriate measures to protect that information and to restrict how they can use that information.
Sometimes, such as when we are checking your credit worthiness or assessing your credit situation, we might collect credit information from or give information to credit reporting bodies. Credit information can include:
- identification information
- details about information requests made about you to credit reporting bodies
- current and historical details about credit applications you have made and credit arrangements you have entered into
- information about overdue payments, default listings and about serious credit infringements and information about payments or subsequent arrangements in relation to either of these
- various publicly available information like bankruptcy and credit-related court judgments
- credit scores or risk assessments indicating an assessment of your credit worthiness.
Credit information relates primarily to your dealings with other credit providers (for example, banks, other financial institutions, or other organisations that may provide you with credit in connection with their products or services). It may also include certain credit worthiness information that we derive from the data that we receive from a credit reporting body. Sometimes we may collect this information about you from other credit providers.
We may disclose your credit information to credit reporting bodies. They in turn may include it in credit reporting information they provide to other credit providers to assist them to assess your credit worthiness.
We may use or disclose your credit information for purposes such as:
- developing our credit assessment and credit worthiness rating system
- processing credit-related applications and managing credit that we provide
- assisting you to avoid defaults
- collecting amounts you may owe us in relation to such credit and dealing with serious credit infringements
- assigning our debts or acting in connection with any securitisation or other financing arrangement
- participating in the credit reporting system
- dealing with complaints or regulatory matters relating to credit or credit reporting
- when required or authorised by another law
- those purposes under “How do we use your information?” and “When do we share your information?” above except in relation to information we collect from credit reporting bodies.
You have the right to request credit reporting bodies not to:
- use your credit eligibility information to determine your eligibility to receive direct marketing from credit providers; and
- use or disclose your credit eligibility information if you have been or are likely to be a victim of fraud.
How can you access or correct your personal information?
To ensure that we are able to provide you with the best products and services possible, it’s important that you make sure the personal information we hold about you is accurate, up-to-date and complete. If any of your details change, you can either update them yourself via MyAccount or you may contact us using the contact details below so that we can consider and respond to your request. You also have the right to request a copy of your information that we hold about you. There is no charge to submit a request or to correct information, however we may apply an administrative charge for providing access to your personal information on request. To make this request visit here or email us at firstname.lastname@example.org.
How can you make a privacy complaint?
You can also use our contact details to notify us of any privacy complaint you have against us. We are committed to acknowledging your complaint in a prompt manner and will give you an estimated timeframe for when we will respond to your complaint.
If your complaint is in relation to a credit reporting issue we will acknowledge your complaint in writing as soon as practicable within 7 days. We will aim to investigate and resolve your complaint within 30 days of receiving it. If we need more time, we will notify you about the reasons for the delay and indicate a new estimate time frame. We may need to consult with a credit reporting body or another credit provider to investigate your complaint.
While we hope that we will be able to resolve any complaints you may have without needing to involve third parties, you may also be able to lodge a complaint with a relevant regulator such as the Australian Information Commissioner or the Telecommunications Industry Ombudsman.
How can you contact us?
If you have any questions in relation to this Privacy Statement, our management of your information or you would like a copy of this statement sent to you, please call us on 1800 039 059 or email us at email@example.com.
You may also contact our Chief Privacy Officer/Data Protection Officer by emailing us at firstname.lastname@example.org
If you would like this statement on CD or in Braille please call Telstra's Disability Enquiry Hotline on 1800 068 424. The office hours are Monday-Friday 8 am-5 pm EST. You can also download a pdf copy of this statement on our website.