Menu Contact Us
Start the adventure


134 782
8AM-7PM Mon - Fri, 9AM-7PM Sat, 10AM-7PM Sun
STA Travel Money Card

Privacy Policy 


In handling your personal and financial information, Tuxedo Money Pty Ltd ACN 612 042 038 (‘Tuxedo’, ‘us’, ‘we’, ‘our’) is committed to complying with the Privacy Act 1988 (‘Privacy Act’) and the Australian Privacy Principles. Tuxedo recognises the importance of your privacy and is committed to protecting all personal and financial information about you that we hold. We are committed to safeguarding your privacy. Our staff are trained to conduct business that ensures your privacy.

This Privacy Policy outlines how we deal with your personal information, as well as our legal obligations and rights to that information. If we agree with you to use or disclose any of your personal information in ways which differ to those stated in this Privacy Policy, the provisions of that agreement will prevail to the extent of any inconsistency.

Your Personal Information

“Personal information”, as defined under the Privacy Act 1988, means information or an opinion about an identified individual, or an individual who is reasonably identifiable whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or not. Although we try to make sure that all information we hold is accurate, “personal information” also includes any inaccurate information about an individual.

In providing a product or service to you, Tuxedo may collect, use and where appropriate, disclose personal information such as:

  • identifying information including your full name, title, date of birth, current residential addresses, your current residency status, your driver’s license or passport number, and/or Medicare number and;
  • the reasons for you applying for a product or service.

We collect and use your information for a number of reasons, including:

  • confirming your identity;
  • processing applications;
  • managing your products and providing our services;
  • to understand how you use your eccount; and
  • to develop and improve our services to you.

Any information that you provide will only be used for the purposes described in your current Terms and Conditions that apply to the relevant product or service.

How we collect your personal information
We collect your information in a number of ways, and these are categorised below.

Directly from you:
•    when you apply for our products and services
•    when you talk to us on the phone or in-store
•    when you use our websites
•    via email, or in writing

From the products and services you use:
•    payment and transaction data including location, amount, frequency, origin and recipient
•    profile and usage data including how you use our services and websites

From third parties we work with:

  • Companies that introduce you to us;
  • Retailers;
  • Information verification service providers;
  • Law enforcement agencies;
  • Public information sources;
  • Agents working on our behalf; and
  • Government and law enforcement agencies.

By providing personal information to us, you consent to us collecting, using, disclosing and storing your personal information in accordance with this Policy. You may choose to deal with us anonymously where it is lawful or practical to do so, such as when you make a general enquiry about our products and/or services. You can choose not to provide us with your personal information. However, this may mean that we will not be able to provide you with our managed products and/services or be limited in how we can do so.


Why we collect and use your Personal Information

Tuxedo collects personal information about you before, during or after the provision of products and services to you and when you inform us of any change to the information we hold about you. We also collect your personal information from others when you transact on your account, visit our website, as required by relevant laws or with your specific consent in managing our business.


The Privacy Act allows us to use your personal information for the purposes for which it is intended – the provision of products and services to you. Tuxedo complies with the Australian Privacy Principles, meaning that your personal information is:

  • fairly and lawfully processed;
  • managed in a way that is open and transparent;
  • only collected when relevant and necessary, and we will notify you if we receive any unsolicited information if it is not relevant and necessary;
  • not used for any reason that has not been disclosed to you;
  • accurate and complete;
  • processed in accordance with your rights;
  • kept secure; and
  • not transferred to countries without adequate protection.

We use your personal information when:

  • considering your application;
  • providing you with products and services;
  • executing your instructions;
  • providing you with information about other products and services that may be of interest to you;
  • assisting other organisations with whom we have an agreement with their processes and systems to provide products and services to you;
  • conducting research and development for our processes and systems;
  • managing our rights and obligations regarding external payment systems;
  • marketing products and services to you;
  • managing your account, including handling your concerns or complaints or any legal action, to identify, prevent or investigate any fraud, unlawful activity or misconduct or suspected fraud, unlawful activity or misconduct, or omissions or acts or omissions with the potential to breach the Terms and Conditions, this Privacy Policy or any other policy;
  • maintaining and developing our business systems and infrastructure; and
  • as required by relevant laws and regulations.

We may monitor and record our communications with you, including emails and phone conversations. Information that we collect in this way may be used for training purposes; quality assurance; to record details about our website, applications and services you order from us or ask us about; and in order to meet our legal and regulatory obligations.


Tuxedo ensure a lawful basis for processing your personal data, and this is categorised as follows:


 What we use your personal information for Our lawful basis Our reasons for this
• To manage our relationship with you or your business.
• To manage our products and services.
• To detect, investigate, report, and seek to prevent financial crime.
• To manage risk for us and our customers.
• To obey laws and regulations that apply to us.
• To respond to complaints and seek to resolve them.

• Effectively fulfilling our legal duties.
• Ensuring compliance with regulations and legal requirements that apply to us.
• Developing and improving how we deal with financial crime, as well as doing our legal duties in this respect.

• To manage our relationship with you or your business.

• To manage our products and services.
• To test and develop new products and services.
• To manage how we work with other companies that provide services to us and our customers/clients.

Contract • Exercising our rights set out in agreements or contracts (informal or formal).
• Ensuring we provide the level of service that you'd expect, in line with any terms and conditions or contracts of service.
• Campaign measurement.
• To develop new ways to meet our customers’ needs and to grow our business.
Legitimate Interest Monitoring campaign data through our websites, and identifying how we can improve our products and services.

To create specific and tailored marketing based on your activity.

Consent Ensuring you always have the option to update your marketing preferences, allowing you to maintain complete control over what marketing information you receive.

Sharing your personal information 

The Privacy Act allows Tuxedo to disclose personal information about you when related to the primary purpose for which it was collected. In general though, we do not use or disclose your personal information for a purpose other than:

  • a purpose set out in this Privacy Policy;
  • a purpose you would reasonably expect;
  • a purpose required or permitted by law; or
  • a purpose otherwise disclosed to you to which you have consented.

For the purpose of providing managed products and services to you and managing our business, we may give information to:

  • external service providers to us, such as organisations which we use to verify your identity, payment systems operators, printing and mailing houses, administrative and operational services and research consultants;
  • to persons acting as our agents and our partners who sell our cards under a strict code of confidentiality;
  • to anyone to whom we transfer, or may transfer, our rights and duties under product terms and conditions with you;
  • third party marketing agencies for the purposes of marketing our managed products and services to you;
  • our professional advisors, such as accountants, lawyers and auditors;
  • information technology service providers including those who assist or support us with data storage and processing and software development;
  • organisations with who we have an alliance or agreement for the purpose of promoting our respective products or services and agents used by us and our business partners in administering such an alliance or agreement;
  • your representative, for example, lawyer, other financial institution, financial advisor or agent, your executor, administrator, trustee, guardian or power of attorney and other person authorised by you or to the extent deemed necessary by Tuxedo in order to deliver any instruction you give us;
  • to law enforcement agencies and other organisations who may use the information to prevent fraud, money laundering, terrorism financing, tax evasion or any other offence against a law of the Commonwealth or of a State or Territory; and
  • government and regulatory authorities, such as Australian Transaction Reports and Analysis Centre and Australian Securities and Investments Commission, if required or authorised by or under Australian law.

We will not use or disclose your information for a secondary purpose unless you consent to us doing so, or under certain circumstances as permitted by relevant law.

We process your data within the EEA as a standard. In doing so, we take reasonable measures to ensure all our service providers and agents comply with the Australian Privacy Principles, along with the General Data Protection Regulations.

Overseas Disclosures

As Tuxedo is a subsidiary of Omnio London Limited, a UK company, your information is disclosed overseas to the United Kingdom. We may also disclose your personal information to other jurisdictions where some of our third-party providers operate - India, Romania, Singapore, India. All service providers are required to have adequate safeguards in place to protect your Personal Information. Where we do disclose your information outside Australia, we will do so on the basis that the information will be used only for the purposes set out in this Privacy Policy.

Electronic Verification of Personal Information

Under the Anti-Money Laundering and Counter-Terrorism Financing Act, we can disclose your name, residential address and date of birth to an electronic verification service (Equifax and the Document Verification Service - DVS). The purpose of this disclosure is to ask them to assess whether the personal information disclosed matches (in whole or part) personal information about you held in their records (if any). This electronic verification process helps us to verify your identity.

If you choose not to provide Personal Information

We may need to collect personal information by law, or under the terms of a contract we have with you.

If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations. It may also mean that we cannot perform services needed to maintain your products and could mean that we cancel a product or service you have with us.

Any data collection that is optional will be made clear at the point of collection.

Managing your Personal Information

We take all reasonable steps to ensure that all your personal information held on our systems, website or otherwise, is protected from:

  • misuse, interference and loss, and
  • unauthorised access, disclosure or modification.

We do this in a number of ways, such as:

  • implementing document retention policies and security measures for systems access;
  • implementing access control for our offices;
  • training our employees about our privacy obligations;
  • allowing access to information only where an individual has the authority to access it; and
  • taking reasonable steps to destroy or de-identify personal information when we no longer require the information, or we are no longer required by the law to retain that information.


We may use your personal information, including your contact details, to provide you with information about products and services, including those of third parties, which we consider may be of interest to you. We are permitted to do this while you are our customer, and even if you are on the Do Not Call Register.

We may also provide your details to other organisations for specific marketing purposes. We will consider that you consent to this, unless you opt out. You may opt out at any time if you no longer wish to receive marketing information or do not wish to receive marketing information through a particular channel, like email. In order to do so, you will need to request that we no longer send marketing materials to you or disclose your information to other organisations for marketing purposes. You can make this request by calling us on 1300 360 715; emailing us at or contacting our Privacy Officer whose details appear below. Our electronic marketing messages will include an ‘unsubscribe’ option allowing you to opt out of receiving further direct marketing.

Whether you give your consent to receive marketing or not, you will still receive your statements, and any important information, including but not limited to: changes to your existing products or services; changes to any loyalty or cashback schemes; any additional information relating to the operation of your account.

We may ask you to confirm or update your consent if you take out any new products or services with us in future. We may also ask you to do this if there are changes in the law, regulation, or the structure of our business.

Visiting our Website
Cookies are small text files which are transferred from our websites, applications or services and stored on your device. We use cookies to help us provide you with a personalised service, and to help make our websites, applications and services better for you.

We use cookies to:
•    gather customer journey information across our site
•    ensure your privacy in our secure sites, and prevent unauthorised access to your data
•    store log in details for our secure sites, so you don’t have to key them every time you log in
•    temporarily store details input into our calculators, tools, illustrations and demonstrations
•    store details of your marketing, product and business unit preferences to improve our targeting and enhance your journey through our sites
•    evaluate the advertising and promotional effectiveness of the site

The cookies we use may be session cookies (temporary cookies that identify and track users within our websites, applications or services which are deleted when you close your browser or leave your session in the application or service) or persistent cookies (cookies which enable our websites, applications or services to “remember” who you are and to remember your preferences within our websites, applications or services and which will stay on your computer or device after you close your browser or leave your session in the application or service).

The specific cookies we use are:

Strictly necessary cookies - These are cookies which are needed for our websites, applications or services to function properly, for example, these cookies allow you to access secure areas of our website or to remember your details for you.

Performance cookies and analytics technologies - These cookies collect information about how visitors and users use our websites, applications and services, for instance which functionality visitors use most often, and if they get error messages from areas of the websites, applications or services. These cookies don't collect information that identifies a visitor or user. All information these cookies collect is aggregated and therefore anonymous. We only use these cookies to improve how our website, applications and services work.

Functionality cookies - These cookies allow our websites, applications and services to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites.

We do not store personal information obtained from cookies in a way that others could read and understand, and we never sell or distribute cookie information without your permission.

You may be able to restrict cookies or block all cookies if you wish. However if you disable cookies this may affect your ability to use certain websites, applications or services.

IP Address and traffic data
We keep a record of traffic data which is logged automatically by our servers, such as your Internet Protocol (IP) address, device information, the website that you visited before ours and the website you visit after leaving our site. We also collect some site, application and service statistics such as access rates, page hits and page views. We are not able to identify any individual from traffic data or site statistics.

Emailing us

When we receive emails, we will retain the content of the email and our response to you where we consider it necessary to do so. Your email address will only be used or disclosed for the purpose for which is was provided.

We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with industry standards. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.

We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.

Online security

We keep your information secure by taking appropriate technical and organisational measures against its unauthorised or unlawful processing and against its accidental loss, destruction or damage.

On registering your personal information for our managed products and services you will have been granted a username and password, allowing you to access certain restricted parts of our websites. You are responsible for all information posted on the website by anyone using your username and password.

If you believe your personal information has been compromised, please contact us using the below details.

You must be responsible for protecting your own personal data, and we recommend that you:

  • keep your PC updated with current anti-virus software;
  • treat emails with caution – remember we will never ask you to disclose your personal information via email;
  • ensure you choose a password that could not easily be guessed by someone else;
  • regularly visit the Australian Cyber Security Centre website to keep up to date with tips to protect yourself from the latest scams.

Links on our Website
Our website may contain links to third party websites. The terms of this Privacy Policy do not apply to external websites. If you wish to find out how any third parties handle your personal information or credit information, you will need to obtain a copy of their privacy policy.

Online encryption

All forms and online pages that hold your information use 128-bit encryption. This encryption makes your information unreadable to anyone who might intercept it. The latest browsers support at least 128-bit encryption, so we recommend that you always update your browser to the latest version.

In addition, a Secure Sockets Layer (SSL) is used to connect your browser to our secure servers. This is a commonly used method of managing the security of messages transmitted across the Internet. You can tell that SSL is in use when a small padlock icon appears on your browser status bar.

It is our policy that if any of our customers or clients are victims of unauthorised access to their eccounts (provided they have not breached our security procedures, acted fraudulently or without reasonable care), we will cover any direct financial loss which they have suffered.

In addition, a Secure Sockets Layer (SSL) is used to connect your browser to our secure servers. This is a commonly used method of managing the security of messages transmitted across the Internet. You can tell that SSL is in use when a small padlock icon appears on your browser status bar.

It is our policy that if any of our customers or clients are victims of unauthorised access to their eccounts (provided they have not breached our security procedures, acted fraudulently or without reasonable care), we will cover any direct financial loss which they have suffered.

Your Rights

Under the Australian Privacy Principles, you have rights as an individual which you can exercise in relation to the information we hold about you.

Access to your personal information
To make a request for any personal information we may hold you need to put the request in writing addressing it to the Privacy Officer and writing to the address provided below.

If your personal information is incorrect

You have the right to question any information we hold about you that you think is wrong or incomplete.

If you believe we hold inaccurate or incomplete personal data about you please contact us using the details below, and we will take reasonable steps to check its accuracy and make any necessary corrections.

If corrections to your data are required, we will notify any relevant third parties and/or data processors that share this data, so they can also make corrections.

Destruction and de-identification of Personal Information in certain circumstances
We will destroy/erase personal information which is no longer needed for the purpose for which it was collected, unless we are otherwise required or authorised by law to retain the information for a period of time.

Automated decision making

At times we will use systems to make automated decisions based on your personal information. This enables us to make quick and fair decisions, based on what we know. These automated decisions can affect the products, services, or features we may offer you.

When you open an eccount with us, we use automation to check that the product or service is relevant for you, based on what we know. We also check that you meet the conditions of the product. This may include checking age, residency, nationality or financial position.

We also use your personal information to understand how you use your product(s), and to spot any activity that could potentially facilitate financial crime or any other offence against a law of the Commonwealth or of a State or Territory. If we think there is a risk of criminal activity, we may freeze your products or refuse access to them.

You have rights over automated decisions and can request that we do not make our decisions based on an automated score alone. You can challenge an automated decision and ask that a person reviews the data. If you want to talk to us about an automated decision, please get in touch using the details below.

Notifiable Data Breaches

We take data breaches very seriously. If you reside in Australia, in the event that there is a data breach, we will take all reasonable steps to contain the suspected or known breach where possible and follow the following process.

We will take immediate steps to limit any further access or distribution where possible. If we have reasonable grounds to suspect that the data breach is likely to result in serious harm to any individuals involved, then we will take all reasonable steps to ensure an assessment is completed within 30 days of the breach or sooner if possible. We will follow the guide published by the Office of the Australian Information Commissioner (if any) in making this assessment.

If we reasonably determine that the data breach is not likely to result in serious harm to any individuals involved or any remedial action we take is successful in making serious harm no longer likely, then no notification or statement will be made.

Where, following an assessment and undertaking remedial action (if any), we still have reasonable grounds to believe serious harm is likely, as soon as practicable, we will provide a statement to each of the individuals whose data was breached or who are at risk. The statement will contain details of the breach and recommendations of the steps each individual should take. We will also provide a copy of the statement to the Office of the Australian Information Commissioner.

Making a complaint

We will always aim to collect and use your personal information in a way meets the highest data protection standards. We take any complaints about data privacy very seriously. If you have any questions, concerns or complaints about this Privacy Policy, or our handling of your personal information, please contact our Privacy Officer whose details are below. You can also contact the Privacy Officer if you believe that the privacy of your personal information has been compromised or is not adequately protected. Where necessary, we may consult with third parties about your complaint. We will attempt to resolve your complaint within 10 business days and will notify you in writing of our decision at this time. Where this is not possible, we will contact you to let you know when the complaint is expected to be resolved.

If you are still not satisfied, you can contact external bodies that deal with privacy complaints, which includes the Australian Financial Complaints Authority (AFCA), our external dispute resolution scheme, or the Office of the Australian Information Commissioner.


Post: GPO Box 3, Melbourne, VIC 3001

Telephone: 1800 931 678



Post: GPO Box 5218 Sydney NSW 2001

Telephone: 1300 363 992

Changes to this Privacy Policy

We may modify this Policy at any time, and by continuing to use our managed products you accept the Policy as it applies and as amended from time to time without notice. Your continued use of our managed products after any modification to this Policy will constitute your acceptance of such modification. We encourage you to check our website from time to time to view the current Privacy Policy.

Contacting us

If you want to request any further information or make a complaint regarding your personal information you can write to us using the following details:

Post: Attn Privacy Officer, Tuxedo Money Pty Ltd, GPO Box 82, Melbourne VIC 3001