Privacy Disclosure Statement | Up - Super Powered Banking


This page has both our Privacy Disclosure Statement and Privacy Policy.

Privacy Disclosure Statement

Up is designed, developed and delivered through a collaboration between Ferocia Pty Ltd ABN 67 152 963 712 and Bendigo and Adelaide Bank Limited ABN 11 068 049 178, AFSL and Australian Credit Licence No 237879. Up is a software application ("Up") provided by Up Money Pty Ltd ACN 624 373 084 (“Up Money”), a subsidiary of Bendigo and Adelaide Bank Limited.

Up is committed to protecting your privacy and respect your rights under the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) (“Privacy Act”). By using this website or Up, you agree to and consent to the collection, use, holding and disclosure of personal information as set out in this Privacy Disclosure Statement and the joint Privacy Policy below.

In addition to any purpose notified to you at the time of collection, we use your personal information for the purposes of:

Prior to disclosing any of your personal information to another person or organisation, we will take all reasonable steps to satisfy ourselves that:

Your personal information is collected to administer the relationship with you and to promote and provide you with products and services. If you do not provide your personal information (or if you provide incorrect personal information) you will not be able to use Up.

We may from time-to-time use your personal information to provide you with offers you may find of interest or for marketing purposes that we think will be useful to you. Our marketing communications will provide you with details of how to opt-out.

The joint Privacy Policy below contains further information about:

Privacy Policy

This Privacy Policy contains important information about your personal information.

About this policy

Up is designed, developed and delivered through a collaboration between Ferocia Pty Ltd and Bendigo and Adelaide Bank Limited (collectively “we”, “our” and “us”). Up Money is a subsidiary of Bendigo and Adelaide Bank Limited ABN 11 068 049 178.

This document sets out how we safeguard your privacy.

This document has been developed to follow a ‘layered’ format which means that it offers layers of detail. You can therefore read as much or as little as you like and can find what you need quicker.

Privacy Policy

We recognise the importance of protecting your privacy. We are committed to ensuring the continued integrity and security of the personal information you entrust to us.

We appreciate that the success of our business is largely dependent upon a relationship of trust being established and maintained with past, current and prospective customers, shareholders and other individuals with whom we conduct business. We will therefore continue to collect and manage your personal information with a high degree of diligence and care.

Our aim is to comply at all times with the privacy laws (incorporating the Australian Privacy Principles) that apply to us. If you have a comment, query or complaint regarding a privacy matter, we encourage you to discuss it with us.


We usually collect personal information directly from you. Sometimes we collect or confirm this information from a third party such as a credit reporting body. We will use reasonable efforts to obtain your consent to do this.

We collect personal information that includes details such as your:

In some cases, we may need to collect sensitive information about you (such as health related information). We will first seek your consent to collect such information where we are required to do so.

As part of our business operations we collect personal information from other individuals such as shareholders and non-corporate suppliers. Where you are not a customer of ours you may still seek confirmation as to whether we hold information in relation to you. For the purposes of complying with our obligations under anti-money laundering laws, we are required to collect your personal information to confirm your identity and we may collect personal information about you from commercially available third party databases.

When you visit our website, apps or other web-based content and services (“Websites”), either we or our service provider will record information (such as your computer’s IP address and top level domain name, the type of browser you are using, the date, time and pages accessed) in relation to your visit.

Use and disclosure

We use your personal information in order to:

We may disclose your personal information to organisations that carry out functions on our behalf. This may include for example mailing and printing houses, electronic transaction processors, information technology service providers, professional advisers, account holders and operators, regulators and government authorities. Our agreements with these entities ensure your personal information is only used to carry out specific functions on our behalf.

We may disclose your personal information to an individual or an organisation (a “third party”) if:

Your consent to a third party obtaining or accessing information may be implied from:

You should never provide or disclose any of your pass codes to any third party to enable the third party to obtain or access to your personal information. If you do, you may breach the ePayments Code and the terms and conditions applying to the products and services we provide to you and you may be liable for any unauthorised transactions that subsequently occur. Pass codes include PINs, internet and telephone banking passwords, and codes generated by security tokens.

We may use your personal information to tell you about other financial products and services we think you may be interested in. This may include products and services offered or distributed by us or the companies we are associated with. You can opt out of receiving this information (see below - ‘Opting out of product promotions’). We do not sell your personal information to third parties.

We provide services to a number of business partners and their customers. In order to provide these services, personal information may be used and exchanged. The information is given the same level of protection and treated in the same way as for customers of ours.

Where we have collected your personal information on behalf of another party (for example, where we are an agent for another product issuer) the use of your personal information by that party is governed by their privacy policy. You should contact them to understand how they might use your personal information.

Disclosure to overseas recipients

In some cases, we may need to share some of your information with organisations outside Australia. For example, when you instruct us to carry out a transaction such as a telegraphic transfer to or from an overseas country, or when we use service providers located overseas to perform a function on our behalf.

We may share your information with overseas organisations located in the following countries:

When we share your information with organisations overseas we ensure appropriate data handling and security measures are in place.

Access and correction

In most cases you can gain access to your personal information held by us.

We will take reasonable steps to amend or correct your personal information to keep it accurate and up-to-date. Please contact us if you would like to access or request a correction of your personal information (see ‘Contacting us’ below).

Opting out of product promotions

You can opt out of receiving direct marketing material at any time by contacting us (see ‘Contacting us’ below).

If you do opt out, we will continue to provide information in relation to your existing accounts or facilities only (including new features or products related to these accounts/facilities).

Storage and security of your personal information

We will take reasonable steps to keep the personal information that we hold about you secure to ensure that it is protected from loss, unauthorised access, use, modification or disclosure.

Your personal information is stored within secure systems that are protected in controlled facilities. Our employees and authorised agents are obliged to respect the confidentiality of any personal information held by us.

You can help to keep the personal information that we hold about you secure by taking care before you authorise or otherwise assist any third party to obtain or gain access to that information (see ‘Use and disclosure’ above).

Our Websites and the use of cookies

We use our best efforts to ensure that information received via our Websites remains secured within our systems. We are regularly reviewing developments in online security; however, users should be aware that there are inherent risks in transmitting information across the internet.

We use cookies on our Websites. Cookies can make using our Websites easier by storing information about your preferences and enabling you to take full advantage of our services. Cookies are very small text files that a Website can transfer to your computer’s hard drive or portable electronic device’s memory for record keeping.

We may use cookies so that we can determine which parts of our Websites are visited most often, or whether you visited our site from another party’s website, and other sites you may visit from our Websites.

Sometimes cookies are used by a third party service provider with whom we have an agreement to monitor the success of our marketing campaigns. The third party service provider uses the cookies to collect information such as when you visited our site, your browser type and the server that your computer is logged in to.

The information is used in an aggregate form and generally no personal information is collected by the third party service provider. Our agreements with these third parties ensure this information is only used to carry out functions on our behalf, and if any personal information is collected the confidentiality of that information is maintained.

We may use cookies so that we can see which parts of our Websites you visit when you access those Websites. We may use this information for marketing products and services to you. We keep this information confidential and we do not disclose it to third parties.

Most internet web browsers are pre-set to accept cookies to enable full use of websites that employ them. However, if you do not wish to receive any cookies on an internet web browser you may configure your browser to reject them or receive a warning when cookies are being used. In some instances, this may mean that you will not be able to use some or all of the services provided on our websites. However you may still be able to access information-only pages.

Changes to this policy

From time to time, it may be necessary for us to review our Privacy Policy and the information contained in this document. We will notify you of any changes by posting an updated version on our Websites.

Privacy concerns or complaints

If you have concerns or wish to make a complaint regarding the handling of your personal information by us, please chat to us via the "Talk to Us" section of the app, call us on 1300 002 258 or e-mail us at We will promptly investigate your complaint and notify you of the outcome.

If you are not satisfied with the response provided by us, you may refer your complaint directly to the relevant External Dispute Resolution scheme:

Australian Financial Complaints Authority

GPO Box 3, Melbourne Vic 3001

Phone: 1800 931 678

Office of the Australian Information Commissioner

GPO Box 5218, Sydney NSW 2001

Online: 1300 363 992

Contacting us

If you have any questions about our Privacy Policy, what personal information we may hold in relation to you, or about the way we manage your personal information you can chat to us via the "Talk to Us" section of the app, call us on 1300 002 258 or e-mail us at

Further information about privacy

You can find more information about privacy (including information about specific issues, answers to frequently asked questions, and the Australian Privacy Principles) on the Office of the Privacy Commissioner’s website at

European Union General Data Protection Regulation (GDPR)

If you are in a country that is a member of the European Economic Area (EEA), you may be protected by the European Union General Data Protection Regulation 2016/679 (‘GDPR’).


This GDPR section of our Privacy Policy (‘GDPR Policy’) applies to you if you are in a country that is a member of the European Economic Area (‘EEA’) and you are protected by the General Data Protection Regulation 2016/679 (‘GDPR’) in relation to your personal data that we process or control (an ‘EU Data Subject’). We are the data controller under this GDPR Policy. If you are an EU Data Subject, the other sections of this Privacy Policy and our Credit Reporting Policy also apply to you, but they do not affect this GDPR Policy if they are not consistent with this GDPR Policy.


Your personal data will be:

These principles are subject to applicable laws, including any limits or exceptions to these principles in the GDPR.

Processing your personal data

We will only process your personal data if you have given consent, or when it is necessary:

We may also process your personal data if it is necessary for our legitimate interests or those of a third party. This includes processing for direct marketing purposes or preventing fraud, transmission of personal data within a group of companies for internal administrative purposes, processing for ensuring network and information security, and reporting possible criminal acts or threats to public security. However, this does not apply where these legitimate interests are overridden by your interests, or fundamental rights and freedoms which require protection of personal data.

We will not process your sensitive personal data, such as health information, racial or ethnic origin or political opinions unless you have given express consent for a specified purpose or in other special circumstances authorised under the GDPR, such as where it is necessary to protect your vital interests.

Generally, we retain your personal data while we have a customer relationship with you and to comply with any record-keeping requirements.

Your rights

Under the GDPR you have certain rights in relation to your personal data that we control. The following is a summary of the main rights which are in addition to any other rights that you may have under our Privacy Policy.

Data breaches

We will report a personal data breach to the relevant supervisory authority without undue delay unless we are not required to do so under the GDPR, such as when it is unlikely to result in any risk to the rights of individuals.

If the personal data breach is likely to result in a high risk to your rights and freedoms, we will communicate the breach to you without undue delay, unless we are not required to do so under the GDPR, such as when we have implemented appropriate measures such as encryption.

Transferring personal data

We may transfer your personal data collected in the EEA to a country outside the EEA which has an adequate level of data protection, or if we have provided for appropriate safeguards and there are enforceable data subject rights and effective legal remedies available in the country.

We may also transfer your personal data outside the EEA:

Contacting us

If you have any questions about our GDPR Policy, or if you want to exercise any of your rights under this GDPR Policy you may contact us by calling us on 1300 002 258 or e-mailing us at


You can make a complaint in relation to this GDPR Policy to our Customer Feedback Team on 1300 002 258 or e-mailing us at You can also complain to your local data protection authority in the EEA. Contact details for those authorities are available here.

Date of Publication – 26-June-2019

Previous version published 9-May-2019