Privacy Notice & Consent


January 2024

Bank of Queensland Limited (“we”, “our” or “us”) collects, uses and discloses your personal information to consider and assess this application and for other related purposes. 

Our Privacy Policy, found at or obtain a copy by calling 1300 55 72 72, sets out how we collect and use your information, how you can access and correct information we hold about you (including credit reports and other credit information), how you can lodge a complaint and how your complaint will be handled. 

If you wish to find out more information, or raise any specific or general concerns about us and our Privacy Policies, the contact details are as follows:  

Bank of Queensland Privacy Officer 

GPO Box 898 Brisbane QLD 4001 

Telephone: 1300 55 72 72 


Why we collect your information 

We collect your information to:

  • Consider any application you make to us now and in the future
  • Confirm your identity and manage our relationship with you
  • Provide, manage and improve our products and services
  • Conduct reviews of your facility
  • Tell you about other products and services you might be interested in
  • Comply with relevant laws both in Australia and overseas, for example the Anti-Money Laundering and Counter-Terrorism Financing Act, State/territory property laws and the responsible lending provisions of the National Consumer Credit Protection Act
  • Carry out eligibility, device risk profiling and other checks for onboarding.
  • Support financial activities, like payments and securitisation.

We may collect your Tax File Number (TFN) in order to calculate our tax withholding obligations. You are not required to provide your TFN, but if you do not, we may be required to withhold amounts from you and remit them to the Australian Taxation Office.

We may also require sensitive information about your health if you apply for assistance due to financial hardship caused by illness or injury. We will not collect sensitive information about you without asking for your permission.

If you choose not to provide us or any of our third parties with all the information we request, or the information provided is incorrect or incomplete, we may not be  able to provide you with the requested products and services.

How we collect and share your information 

Your information is collected directly from you wherever possible, encompassing personal and financial details, installed application information, biometric information like a selfie photo of you, or how you use and interact with our app (such as how you type, click, scroll and swipe). 

We may collect this information to generate a ‘behavioural profile’ that relates specifically to you, which we can use to identify unusual behaviour.  You may also choose to share full name, mobile number & email address information for specific contacts from your mobile devices contacts list when you use our mobile app. This information will be used to add new payee details to make adding a payee easier.

We may also need to collect information from and share information with other entities including credit providers, employers, financial advisers, your insurers, mortgage insurers, brokers, government agencies (e.g. Centrelink), guarantors, our corporate partners, service providers administering online verification of your identity, to identify illegal activities and fraud prevention, and credit reporting bodies (CRBs).

We may also share your information with any other person named as an applicant such as a co-borrower, business owner or director in this application.

Sometimes we may need to check your information with our various databases and external service providers and other third parties who may be located outside Australia in countries including New Zealand, Philippines, India, Singapore, The United States of America, United Kingdom, Spain, Israel, Finland, Canada, Mongolia, Costa Rica, Bulgaria, and The Netherlands.

We may also use the information collected to verify your identify electronically using government sources and/or credit reporting agencies in line with our Electronic ID Verification Procedures. Note that if you do not wish to be identified electronically you can call us on 13 72 72  to discuss alternate options for identification. This may include situations where you do not wish that we use your credit information file for the purpose of verifying your identity.1

You acknowledge that:

  • You agree to the collection, use and sharing of your information as outlined above and in the Privacy Policy.
  • All the information you have provided to us is complete and correct.
  • Where there are changes to your personal details, you agree to notify us as soon as possible.

Privacy Notice & Consent PDF

Download a copy of  BOQ Privacy Notice & Consent

Privacy Policy

About this statement

Effective Date: 21 September 2021

Bank of Queensland is committed to respecting the privacy of your personal information, including credit-related personal information.

This policy statement explains how we collect, store, use and disclose personal information (including credit information and credit eligibility information) and what steps we take to comply with privacy laws.

In this Policy, we use the terms “us”, “we” and “our” to refer to the Bank of Queensland Limited ABN 32 009 656 740, BOQ Finance (Aust) Limited ABN 56 065 745 735; BOQ Credit Pty Limited ABN 92 080 151 266; BOQ Funding Pty Limited ABN 35 079 936 495; BOQF Cashflow Finance Pty Ltd ABN 68 062 762 921 and BOQ Equipment Finance Limited ABN 78 008 492 582.

We are bound by the Privacy Act 1988 (Cth) (Privacy Act) including Division 3 of Part IIIA and the Australian Privacy Principles contained in the Act as well as the Privacy (Credit Reporting) Code 2014 (CR Code) and are committed to protecting personal information (including credit information and credit eligibility information) we may hold at any time in respect of any individual, in accordance with those requirements.

Those principles do not apply to certain records and practices relating to the employment relationship between us and our employees. In addition, certain disclosures of personal information between related bodies corporate do not have the same protection as disclosures to other persons.

We may, in connection with particular services we offer or provide to you, make other privacy disclosures to you or seek your authority to use your personal information in ways which are different from or more specific than those stated in this Privacy Policy. In the event of any inconsistency between the provisions of this Privacy Policy and those other disclosures, the other disclosures will apply.

It is important that you read and understand this Privacy Policy. 

What is “personal information”?

“Personal information” is information or an opinion about a reasonably identifiable individual.  The types of personal information that we collect includes the following information about you which is relevant to our relationship or the product or service you are enquiring about or making an application for: name, address, contact details, date of birth, financial details such as income, savings and expenses and information from other financial institutions, employment details and the reason you might be applying for a financial product we supply. We may also collect your tax file number if we are authorized to collect it and if you choose to supply it.  

We may also collect information regarding your internet activity (including your location) when you use our website or online services. 

Sensitive information 

“Sensitive information” is a subcategory of personal information which includes information about your health. We may be required to collect sensitive information about your health in certain circumstances, for example when you make an application for assistance with financial hardship caused by illness or injury. We realise that this is often sensitive information and we will treat it with the highest degree of security and confidentiality.

What is “credit eligibility information”?

“Credit eligibility information” is personal information that has been obtained from a credit reporting body (CRB) (e.g. a consumer credit report), or personal information that has been derived from that information, that is about an individual’s consumer credit worthiness. 

The kind of information we might derive from a consumer credit report includes:

  • information which assists us to assess your suitability for credit;
  • information about your credit history with other credit providers; and
  • the likelihood of you being able to meet your commitments to us.

What is “credit information”?

“Credit information” is certain types of personal information that includes the following:

  • information about an individual, like their name and address, that we may use to identify that individual;
  • information about an individual’s current or terminated consumer credit accounts and an individual’s repayment history;
  • the type and amount of credit applied for in any previous consumer or commercial credit applications to any credit provider, where that credit provider has requested information;
  • information about an individual from a CRB;
  • information about consumer credit payments overdue for at least 60 days and for which collection action has started;
  • advice that payments that were previously notified to a CRB as overdue are no longer overdue;
  • information about new credit arrangements an individual may have made with a credit provider, in relation to consumer credit currently or previously held, to deal with any defaults or serious credit infringements by that individual;
  • information about court judgments which relate to credit that an individual has obtained or applied for;
  • information about an individual on the National Personal Insolvency Index;
  • publicly available information about an individual’s credit worthiness; and
  • an opinion of a credit provider that an individual has committed a serious credit infringement of credit provided by that credit provider.

We will hold all of this information about an applicant for credit, a guarantor, or related person (e.g. a director of a company which has applied for credit).

Why do we collect personal information?

We only collect, hold and use personal information (including credit information and credit eligibility information) about you which is necessary for us to establish and administer the products you hold with us, provide services to you or to comply with the law. 

We will tell you the main reasons for collecting your personal information when we ask for it, however, the purposes for which we will generally collect and use your information include considering any application you make to us and providing services to you, assessing your eligibility for credit-related products, performing administrative functions, conducting customer satisfaction research, improving our products and developing new products, telling you about our other products and services, and telling you about products and services we distribute on behalf of other organisations. You may tell us at any time that you do not want us to advise you about other products and services (see Marketing below for more details). 

We may also collect your personal information to comply with legislative and regulatory requirements, for example under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) and / or the National Consumer Credit Protection Act 2009 (Cth).  

How do we collect personal information?

We ordinarily collect personal information (including credit information and credit eligibility information) directly from you or where it is provided to us with your authority (e.g. from a person appointed to act on your behalf). For example, we collect personal information through forms you fill out when applying for our products and services or through your ongoing interaction with us for example by telephone, mail and electronic communications, when you visit a branch or when you make a transaction.

We may also be required to collect personal information (including credit information and credit eligibility information) about you from a third party. These parties may include other credit providers or financial institutions, your representatives such as financial advisers or accountants, your insurers, publicly available sources (e.g. telephone directories), brokers, referrers or other intermediaries, government agencies (e.g. Centrelink) and CRBs. 

Sometimes we may be required to collect sensitive health information about you from a third party, for example a doctor or a hospital.

In addition to the above, we may use technology called “cookies” to collect statistical information on our website use. When you call us on the telephone, we may monitor and in some cases record the telephone conversation for staff training and record-keeping purposes. Further, when we communicate with you by email, we may use technology to identify you so that we will be in position to know when you have opened the email or clicked on a link in the email.

If personal information about you is collected by third parties on any website you have accessed through our websites, we may also collect or have access to that information as part of our arrangement with those third parties.

We may also collect basic personal information about third parties (e.g. an employer or a health provider) if provided by you as part of providing our services.

Finally, from time to time we may receive information that we have not asked for about you from third parties. We will only keep, use and disclose this information as permitted by law.

How do we store personal information? 

We store your personal information (including credit information and credit eligibility information) in a number of ways including:

  • in electronic systems and devices;
  • in telephone recordings;
  • in paper files; and
  • document retention services off-site. 

This may include storage on our behalf by third party service providers. See our comments below about how we protect your personal information.

How do we protect personal information?

We take all reasonable steps to protect your personal information (including credit information and credit eligibility information) from misuse, loss and unauthorised access, modification or disclosure. These include: 

  • using appropriate information technology and processes;
  • restricting access to your personal information to our employees and those who perform services for us who need your personal information to do what we have engaged them to do;
  • protecting paper documents from unauthorised access or use through security systems we deploy over our physical premises;
  • using computer and network security systems with appropriate firewalls, encryption technology and passwords for the protection of electronic files;
  • securely destroying or “de-identifying” personal information if we no longer require it subject to our legal obligations to keep some information for certain prescribed periods; and
  • requesting certain personal information from you when you wish to discuss any issues relating to the products and services we provide to you.

Whilst we take reasonable measures, no data transmission over the Internet can be guaranteed as fully secure and accordingly, we cannot guarantee or warrant the security of any information you send to us using our online forms or products. You submit information over the Internet at your own risk.

Why do we exchange personal information with third parties?

We may need to disclose personal information (including credit information and credit eligibility information) about you to certain organisations in connection with the establishment and administration of your accounts and when dealing with complaints.

The types of organisations to which we may disclose this information include other credit providers (particularly when you are seeking finance from them), regulatory bodies and government agencies, courts and external dispute resolution schemes, your agents, brokers, referrers and other intermediaries, credit and debt agencies, payments systems participants, agents, contractors and professional advisers who assist us in providing our services, your referees and guarantors, your or our insurers, third parties for securitisation purposes and organisations that carry out functions on our behalf including mailing houses, data processors, researchers, debt collectors, insurance administration and claim service providers system developers or testers, accountants, auditors, valuers and lawyers.

We may also disclose your personal information to third parties where you request us to or consent to us doing so or in order to fulfil our legal obligations.

The information we provide to other organisations will be limited to what is required to provide the service or comply with the law.

Exchange of information within the group

Unless you tell us not to, we may also exchange information (including credit information and credit eligibility information) between members of the Bank of Queensland group including each of the companies listed in this Policy as “us”, and Virgin Money (Australia) Pty Limited, Virgin Money Financial Services Pty Ltd, Virgin Money Home Loans Pty Ltd, St Andrew’s Australia Services Pty Ltd, St Andrew’s Insurance (Australia) Pty Ltd, St Andrew’s Life Insurance Pty Ltd, BOQ Cashflow Finance Ltd and BQL Management Pty Ltd. We may also exchange information with companies outside the Bank of Queensland group who assist us to market our products and services.

Exchange of information with overseas parties

Some of the parties with which we exchange your personal information (including credit information and credit eligibility information), such as our service providers and other third parties listed above, may be located outside Australia.  A list of countries where we are likely to disclose personal information to is set out in Appendix A. 

We may also need to send your information overseas in order to process transactions you have instructed us to make, such as international money transfers. In such cases, the countries to which we disclose your information will depend on the transaction details.

Important information about the exchange of credit-related information with Credit Reporting Bodies (CRBs)

If you apply for credit or offer to act as a guarantor, we may exchange certain creditrelated personal information with CRBs.

The types of information we may disclose to CRBs may include that we provide credit to you, the type of credit you hold, the amount of credit provided to you, when your credit account is opened and closed, how you repay your credit, that you have made payments on time or corrected a default, the fact that you have failed to meet your repayment obligations or that you have committed a serious credit infringement. CRBs may include that information in reports provided to credit providers like BOQ to assist them to assess your creditworthiness. 

Under the Privacy Act, CRBs are also permitted to assist credit providers like BOQ who wish to direct market to you by ensuring you meet certain specified criteria (called “pre-screening”). You have a right to request that CRBs not use your creditrelated information for this purpose by contacting them using the details below.

You also have a right to request that a CRB not use or disclose your credit-related information if you believe that you have been a victim of fraud (including identity fraud) by contacting them using the details below.

The CRB we exchange information with is:

Equifax Information Services & Solutions Ltd

PO Box 964

North Sydney, NSW, 2059

Phone: 1300 850 211


Equifax’s Privacy Policy is located at

You may obtain a copy of Equifax’s privacy policy at the above website or by contacting Equifax using the details provided.


From time to time we may also use your personal information to let you know about other products and services from us that you might be interested in, but we will not do so if you tell us not to. We might also want to let you know about products and services from our related companies and corporate partners.

If you don’t want to receive advertising materials, please contact us on 1300 55 72 72.

In certain circumstances, we may be unable to give you access to all of your personal information in our possession. Some of these circumstances include: 

  • where giving you access would compromise some other person’s privacy;
  • where giving you access would disclose commercially-sensitive information of ours or any of our agents or contractors;
  • where we are prevented by law from giving you access; or
  • where the personal information you request relates to existing or anticipated legal proceedings. 

Accessing and correcting personal information

We take reasonable steps to ensure that your personal information (including credit information and credit eligibility information) is accurate, complete and up-to- date.

You may request access to the personal information (including credit information and credit eligibility information) we hold about you at any time by:

  Bank of Queensland 

  GPO Box 898

  Brisbane QLD 4001   

If we are unable to give you access, we will consider whether the use of an intermediary is appropriate and would allow sufficient access to meet the needs of both parties.

Where we do grant access to your information, we may charge you a fee for accessing your personal information.

Under the Privacy Act, you also have a right to request that we correct information (including credit information and credit eligibility information) that you believe to be inaccurate, out of date, incomplete, irrelevant or misleading.

If at any time you believe that personal information about you is inaccurate, out of date, incomplete, irrelevant or misleading, please advise us by contacting our Privacy Officer by:

  Bank of Queensland 

  GPO Box 898 

  Brisbane QLD 4001  

We will take all reasonable steps to correct the information. If we do not correct the information, you can also ask us to include with the information held, a statement from you claiming that the information is not correct.

If there is a denial of access to your personal information or a dispute as to the correctness of any personal information held, we will provide you with reasons for the denial or its refusal to correct the personal information. If you disagree with our decision for the denial or refusal to correct the personal information, you may request that we review the decision via our complaints handling procedures which are outlined below.

Dealing with us anonymously or using an alias

We will generally need to know who you are in order to provide you with our products and services. Despite this, in some circumstances you are entitled to deal with us anonymously, or by using a pseudonym (alias), for example when making general enquiries about the services we offer.

In some circumstances, you may receive a better service or response if we know who you are. For example, we can keep you up-to-date and better understand a complaint you might have if we know who you are and the circumstances of your complaint.

You must tell us when you are using a pseudonym when applying for our services. If we need to identify you, we will tell you whether or not your real name is required to access those services.

Changes to this Privacy Policy

This statement sets out our current Privacy Policy. It replaces all previous BOQ Privacy Policies which have been issued before the date of this Privacy Policy.

This Privacy Policy may change from time to time. Changes will be notified by posting an updated version on the BOQ website at

A copy of the current BOQ Privacy Policy may be obtained by:

We encourage you to periodically review our Privacy Policy for any changes.

Our internet websites

This Privacy Policy applies to our website operated by us at the following domain name, and any other website/s operated by us or on our behalf which we authorise to provide a link to this Privacy Policy.

When you use a link from our website or from any other website to which this Privacy Policy applies, to the websites of third parties, those websites are not subject to our privacy standards. Those third parties are responsible for informing you of their own privacy policies.

If you have a problem, complaint or dispute

(a) Our service commitment

At BOQ we are committed to providing our customers with innovative banking solutions and the best customer service experience. Resolution of problems is a priority for us. If at any time our service does not meet your expectations we would like you to let us know.

(b) How to contact us

  If you have a complaint, there are a number of ways to contact us:

Phone: 1800 663 080


Mail: Customer Relations Team 

GPO BOX 898 

Brisbane, QLD, 4001

(c) How will your complaint be handled?

If we cannot solve your problem on the spot, we will let you know who is handling your complaint and how long it is likely to take for it to be resolved.

For further information about how we handle complaints, ask our friendly staff or download a copy of our Complaint Guide available on our website.

(d) What to do if you feel your complaint has not been resolved

If your privacy complaint relates to a matter with Bank of Queensland Limited, BOQ Credit Pty Limited, BOQ Funding Pty Limited or Cashflow Finance Pty 

Ltd and you’re unhappy with our response you can approach the Australian Financial Complaints Authority (AFCA). AFCA provides a free and independent complaint resolution service for financial services. AFCA can be contacted at:

Phone:  1800 931 678



Mail:  AFCA 

GPO Box 3 

Melbourne, VIC, 3001

You may also elect to contact the Office of the Australian Information Commissioner (OAIC) if you have a complaint about the way we handle your personal information at:

GPO Box 5218

Sydney NSW 2001

Phone: 1300 363 992

Email:  Website:

Contacting us

If you have any further questions or concerns about the way we manage your personal information (including credit information and credit eligibility information), or if you think we have breached the Australian Privacy Principles, Part IIIA of the Privacy Act or the CR Code please contact: 

Mail: Privacy Officer 

Bank of Queensland GPO Box 898 

Brisbane, 4001

Phone: 1300 55 72 72


Privacy Policy PDF

Download a copy of the BOQ Privacy Policy

Appendix A – Offshoring of Information - List of  Countries

  • New Zealand 
  • Philippines 
  • India 
  • Singapore
  • The United States of America 
  • United Kingdom
  • Spain 
  • Israel
  • Finland
  • Canada 
  • Mongolia
  • Costa Rica
  • Bulgaria
  • The Netherlands