Our privacy policy

About Athena and our commitment to you

‘We’, ‘us’ and ‘our’ refer to Athena Mortgage Pty Ltd ACN 619 536 506, Australian Credit Licence 502611 and our related businesses.

We are committed to protecting your personal information.

We recognise that any personal information we collect about you will only be used for the purposes we have collected it for or as allowed under the law. It is important to us that you are confident that any personal information we hold about you will be treated in a way which ensures protection of your personal information.

Our commitment in respect of personal information is to abide by the Australian Privacy Principles (APPs) and Part IIIA of the Privacy Act 1988 (Cth) (Privacy Act), the Privacy (Credit Reporting) Code 2014 (CR Code) and any other relevant law.

This document sets out our commitment in respect of the personal information (including credit-related information) we hold about you and what we do with that information including:

  • what personal information we collect from you through our products and services and via our online presence, which includes our main website at Athena.com.au, as well as information we collect about you from other source;

  • how we keep your information safe and who we share it with;

  • your rights and choices, how you can contact us and access or correct your information; and

  • how your personal information is managed in relation to a credit application. This is our Notifiable Matters Statement.

This policy doesn’t cover any other parties, even if they link to our services or websites and you should make sure you review their privacy practices directly yourself.

Collection statement

By providing us with any of your personal information, you consent to us and our related bodies corporate collecting, using, holding and disclosing (including to some overseas recipients) personal and credit information about you.

We are committed to safeguarding your personal information and ensuring its responsible use. Here is a list of the ways we may use the personal information we collect from you:

Loan Application Process

When you apply for a loan with us, whether it be via brokers, business partners, or directly with us, we collect and use your personal information to facilitate the loan application and assessment process. This includes, but is not limited to, information about your identity, financial situation, and property details.

Multiple Application Channels

You have the option to submit loan applications through various channels, and we acknowledge the possibility of receiving applications from you through brokers, business partners, or directly. To enhance the efficiency of our services, we may utilise the personal and financial information collected (including any credit information obtained from third parties) across each application you submit with us. This information may be collectively used in our assessment processes, ensuring its accuracy and relevance.

Product and Service Offerings

Your personal information may be used to offer you additional products and services that we believe may be of interest to you. This could include information about new products, or services being offered by us.

Internal Operations and Portfolio Management

We may use your information for internal operations, including portfolio management, risk management, and compliance with legal obligations. This helps us ensure the effectiveness and integrity of our services.

Improvements and Planning

Your personal information may be used for planning and improving our products and services. We continuously strive to enhance our offerings based on customer needs and feedback.

Communication and Contact

We may use your contact information to communicate with you regarding your loan application, updates on our products and services, and other relevant information. This ensures that you are informed about your financial relationship with us.

Legal Compliance

We may use your personal information to comply with legal requirements, including those stipulated by the National Consumer Credit Protection Act 2009 (Cth) and the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth).

If you do not provide us with this consent or provide us with your personal information we may not be able to arrange finance for your or provide other related services. In addition, if we are required to comply with certain legislation to provide you with the products and services you choose, then collection of certain personal information will be mandatory.

What personal information do we collect?

When we refer to personal information we mean information or an opinion from which your identity is reasonably apparent. This information may include information or an opinion about you. The personal information we hold about you may also include credit-related information.

The kinds of personal information we may collect about you include your name, contact details (including mailing address, email address, telephone number and mobile phone number), date of birth, tax file number, driver licence details and any other information we made need to identify you.

Over the course of our relationship with you, we may collect and hold additional personal information about you, including transactional information, account or policy information, complaint or enquiries about your product or service.

If you are applying for finance or provide a guarantee, we may also collect information about you such as income, insurance, dependents, employment details and proof of earning and expenses. If you apply for any insurance product through us we may collect information about what is being insured, the beneficiaries and your health information including medical and lifestyle information from you or your health professionals. We will only collect health information from you with your consent.

What credit information do we collect?

Credit-related information means:

  • Credit information

    , which is information which includes your identity; the type, terms and maximum amount of credit provided to you, including when that credit was provided and when it was repaid; repayment history information, default information (including overdue payments); payment information; new arrangement information; details of any serious credit infringements; court proceedings information; personal insolvency information and publicly available information; and

  • Credit eligibility information

    , which is credit reporting information supplied to us by a credit reporting body, and any information that we derive from it.

We use your credit-related information to assess your eligibility to be provided with finance. Usually, credit-related information is exchanged between credit and finance providers and credit reporting bodies.

Dealing with us anonymously or by use of a pseudonym

Generally it will be necessary for us to identify you in order to successfully do business with you. You have the option of not identifying yourself (or using a pseudonym) when making enquiries. Where it is lawful and practicable to do so, we will offer you the opportunity of doing business with us without providing us with personal information, for example, if you make general inquiries about interest rates or current promotional offers. However, before we can provide you our products and services, we’ll need to know and verify who you are.

Tax file numbers

When you provide us with documents, the documents may contain your Tax File Number. Use and disclosure of TFNs is strictly regulated under the Privacy Act and tax laws. We will maintain the confidentiality and security of your TFN in accordance with these rules.

Sensitive Information

We don’t generally collect personal information about you that is sensitive, such as information that includes information relating to your racial or ethnic origin, political persuasion, memberships in trade or professional associations or trade unions, sexual preferences, criminal record, or health. If we do, due to it being required to provide our product and services (e.g. financial hardship relief) or authorised by law, then we will obtain your consent to its collection.

With your explicit consent or if required or allowed by law, we may collect your genetic or biometric data (your fingerprint, voice or facial features) which may be used to verify your identity or as an extra means of security in apps when you choose for such authentication to authorise transactions.

How we collect your personal information

Directly from you

We collect most personal information directly from you when you progress or complete an application with us online at athena.com.au, or other surveys we make available and information you provide us over email or on the phone.

From your co-borrower if you have a joint application

If you have submitted a joint home loan application form, we will collect information at the time of application from either of the joint applicants where that applicant has entered information into the application on behalf of all applicants and it is therefore unreasonable or impractical for us to also collect that information directly from you.

From Third Parties

We may need to source personal information about you from a third party, where you’ve given consent or you would reasonably expect us do this. For instance, we may collect certain personal information about you from credit reporting bodies, mortgage and finance brokers, government departments, providers of surveys, competition or marketing related services, your employer or representatives (to include other people such as lawyers and accountants). You may also have other external parties authorised by you that provide your personal information to us.

If we obtained your personal information through any of these methods and you would like a list of these entities or websites, or if you feel you have not given us consent to use your details, please contact us.

Information collected via your website activity

When you use our websites or mobile applications, we may collect information about your location or activity including IP address, telephone number and whether you’ve accessed third party sites, the date and time of visits, the pages that are viewed, information about the device used and other user location information. We also monitor your use of our online loan portal. This is done to, amongst other things, ensure we can verify you and that you can receive information from us that you need to. We also use it to identify ways we can improve our services and understand you better. When you engage with us through social media channels we may also collect information about you.

Some of this information is collected using cookies. For more information on how we use cookies and tracking tags see the section ‘Treatment of Online Information’ below.

Unsolicited Information

Sometimes people share information (including sensitive information) with us we have not sought out. If we receive unsolicited personal information about you, we will determine whether we would have been permitted to collect that information. If so, we will then handle this information the same way we do with other information that we seek from you.

If not and the information is not contained in a Commonwealth record, then we will destroy or de-identify it as soon as practicable, but only if it is lawful and reasonable to do so. Often, it is not possible for us to neatly unbundle this information then destroy or de-identify only certain sections or parts of it, and we may need to store this information for future use, such as to help resolve disputes or assess future applications by you.

Do we disclose your personal information?

We may from time to time disclose your personal information to external parties (Third Parties) in order to deliver products and / or services to you. Prior to disclosing any of your personal information to a Third Party, we will take all reasonable steps to satisfy ourselves that:

[a] the Third Party has a commitment to protecting your personal information at least equal to our commitment, or [b] you have consented to us making the disclosure.

Third Parties include:

Providing information to other financial institutions, credit providers and/or other intermediaries

  • Other financial institutions, such as banks, credit unions, building societies and payment services in order to set up and manage your account and manage account transactions and, at their request, to provide an opinion or information about your credit worthiness, credit standing, credit history or credit capacity at their request.

  • Prospective funders, credit providers or other intermediaries in relation to your finance requirements.

Providing information to other organisations

  • Other entities related to us, in order to manage the products and services you have with us and to conduct portfolio analysis.

  • Other organisations that are involved in managing or administering your finance such as third party suppliers, printing and postal services, call centres, lenders, mortgage insurers, trade insurers and credit reporting bodies.

  • Associated businesses that may want to market products to you.

  • Companies that provide information and infrastructure systems to us.

  • Any person acting on your behalf including your financial adviser, power of attorney, solicitor or accountant, your referee(s), your guarantor(s).

  • Your employer, former employer or referees.

  • Any person who introduces you to us, including mortgage intermediaries and agents.

  • Organisations undertaking reviews of the integrity of our operations, including accuracy and completeness of our information.

  • Any third party product and service supplier that we have an arrangement with.

  • Insurers, including Lenders Mortgage Insurance (LMI) providers for the purpose of deciding whether to provide LMI in connection with your mortgage and for the purpose of administering any claims.

  • Our solicitors, valuers, insurers, re-insurers, auditors and health care providers.

  • Claims related providers, such as assessors and investigators who help us with claims.

  • Credit reporting or information verification agencies (or their affiliated entities) in order to obtain and provide details about your credit history or status, to verify other information about you including your identity, to carry out your request to correct your credit information or to resolve your complaint about the handling, use or disclosure of your credit information (for more detail, refer section on “Credit-related Information” below).

  • Anyone, where you have provided us consent.

  • Other guarantors or borrowers (if more than one).

  • Borrowers or prospective borrowers including in relation to any credit you guarantee or propose to guarantee.

  • Organisation involved in securitisation arrangements.

  • Investors, agents or advisers, trustees, rating agencies or any entity that has an interest in your finance or our business (and assets) generally.

  • Organisations who perform services or functions on our behalf (including those that help us to conduct screening and checks, which help us comply with our regulatory obligations and manage our regulatory risks).

  • Organisations undertaking compliance reviews of mortgage intermediaries.

  • Fraud bureaus or other organisations to identify and prevent fraud or misconduct.

  • Organisations that provide products or services used or marketed by us.

  • Comparison sites, mortgage brokers or providers of investment, finance or credit where it is legal for us to do so.

  • Australian Government’s Document Verification Service and CRBs to compare identification details you provided against online government records and/or your credit information, and/or to verify your identity for the purposes of the anti-money laundering and counter-terrorism financing legislation.

  • Where we are authorised to do so by law, such as under the Anti-Money Laundering and Counter Terrorism Financing Act 2006 (Cth), government and law enforcement agencies or regulators.

  • Our agents, contractors, external service providers to outsource certain functions, for example, statement production, debt recovery, mailing services, document storage services, direct marketing, data and identity verification services, information technology support and printing our standard documents and correspondence.

Corporate Transactions

In the event that we enter into, or intend to enter into, a transaction that alters the structure of our business, such as a reorganisation, merger, sale, joint venture, assignment, transfer, change of control, or other disposition of all or any portion of our business, assets or stock, we may share personal information with the entities and other third parties in connection with such transaction.

For the avoidance of doubt, this includes the bundling of assets of a similar nature (such as loans) and selling those bundled assets to an entity established for this purpose. Such bundled assets may include your loan which is taken by another lender through such sale.

Any entity which forms part of the transactions will have the right to continue to use your personal information for the purposes of that entity taking an assignment of the contract related to that loan; and/or, to enable that entity to continue providing you a product and service, but only in the manner set out in this Privacy Policy; and/or within the requirements of the Privacy Act and the Privacy (Credit Reporting) Code, unless you agree otherwise.

Credit-related Information

We exchange credit-related information for the purposes of assessing your application for finance, managing that finance, and generally assisting you with your finance requirements. If you propose to be a guarantor, one of our checks may involve obtaining a credit report about you.

This credit-related information may be held by us in electronic form on our secure servers and may also be held in paper form. We may use cloud storage to store the credit-related information we hold about you. The cloud storage and the IT servers may be located outside Australia.

When we obtain credit eligibility information from a credit reporting body about you, we may also seek publicly available information and information about any serious credit infringement that you may have committed.

Sending information overseas

We may disclose your personal information and credit-related information overseas, for example, if required to complete a transaction, to provide you with products or services, or where we outsource a function to an overseas contractor. You may obtain more information about these entities by contacting us. Where we do this, we make sure appropriate data handling and security arrangements are in place that are compliant with Australian privacy laws and standards. However you should note that while they will often be subject to an enforceable contract specifying confidentiality or privacy obligations, overseas entities may have a foreign law obligation to handle personal information and credit-related information we share with them in a particular way.

As it relates to the processing and reviewing credit applications, we have service providers based in the Philippines to help assist us.

Direct Marketing

From time to time, we may use your personal information to offer you products and services that we believe may interest you, changes to our organisation, or new products or services being offered by us or any company with whom we are associated.

We do not sell or rent your personal information to any unrelated third parties for their marketing purposes without your explicit consent. However, we may supply your personal information to direct marketing agencies, selected affiliated service providers, or any of the service providers for the sole purpose of those companies contacting you about our products and services that may be of interest to you.

If you have provided consent to receive electronic marketing communication from us, you can easily unsubscribe by following the instructions included in the communication you receive. We will not charge you for giving effect to your request and will take all reasonable steps to meet your request at the earliest possible opportunity.

Accessing and correcting your personal information


You may request access to personal information and credit-related information that we hold about you by contacting us in any way shown on ‘How to contact us’. Any request for access to your personal information or credit-related information may only be made by you or by another person who you have authorised to make a request on your behalf, such as a legal guardian or authorised agent. We will require you to verify your identity, or the identity and authority of your representative.

We may charge an access fee for complex requests and if so will only pass through reasonable costs to recover any expenses incurred in retrieving and collating the requested information.

Depending on the type of request that you make we may respond to your request immediately, otherwise we usually respond to you within seven days of receiving your request. We may need to contact other entities to properly investigate your request.

There may be situations where we are not required to provide you with access to your personal or credit-related information, for example, if the information relates to existing or anticipated legal proceedings, if your request is vexatious or if the information is commercially sensitive.

An explanation will be provided to you, if we deny you access to the personal or credit-related information we hold about you.


We assume that any information you give us is correct, however we’ll also take reasonable steps to ensure your personal information is accurate, up-to-date, complete, relevant and not misleading.

If you learn that any of your personal information that we hold is incorrect, has changed or requires updating, you should contact us straight away.

If appropriate we will correct the personal information at the time of the request, otherwise, we will provide an initial response to you within seven days of receiving your request. Where reasonable, and after our investigation, we will provide you with details about whether we have corrected the personal or credit-related information within 30 days.

We may need to consult with other finance providers or credit reporting bodies or entities as part of our investigation.

If we refuse to correct personal or credit-related information we will provide you with our reasons for not correcting the information.

Protection and storage of your personal information

The security of your information is very important to us. Our aim is to ensure that any details are securely protected from misuse, interference and loss, and from unauthorised access, modification or disclosure. We are focused on maintaining or bettering industry standard technology and procedures in respect to our information management and provision of online services via encryption techniques and virus protection. We also do or have the following:

  • identity management and confidentiality requirements for our employees;

  • encryption of some sensitive data;

  • security measures for access to our systems;

  • only giving access to personal information to a person who is verified to be able to receive that information;

  • control of access to our buildings; and

  • cyber security controls on our website

We will follow the Office of the Australian Information Commissioner’s (OAIC) guidelines to contain, assess and respond to suspected data breaches in a timely fashion and to help mitigate potential harm to affected individuals.

Our commitment to de-identify or destroy your information when we no longer need it

If we no longer require your personal information for a purpose, for example, to manage or provide you with product and services, then we will take reasonable steps to securely destroy it or permanently remove all identifying features from that information. This obligation is subject to any legal requirements to keep personal information for a certain period of time - in most cases, personal information records are kept for a period of 7 years after their creation or 7 years after all accounts you hold with us are closed.

Treatment of online information

Staying safe online

We are always focused on keeping your information safe while you’re browsing our websites or apps. You should also follow good online security like keeping your operating system, browser and anti-virus software up-to-date as well as employing good password management and storage techniques.

Information we collect about you online and how we use that information

When accessing any of our websites, we use ‘cookies’ (a small text file sent by your computer each time you visit our websites, unique to your Athena account or your browser) to make it easier for you to use our sites, or so we can record data relating to the pages you viewed and activities you carried out during your visit. We may use this information to improve your experience with us.

When you visit our websites or related landing pages to read, browse, submit or download information, our system will record/log information such as your Internet protocol address (or ‘IP address’), date and time of your visit to our site, the pages viewed and how you navigate our websites, and any information downloaded. We may automatically collect non-personal information about you such as the site from which you linked to our websites. In some cases, we may also collect your personal information through the use of cookies.

You can configure your browser to refuse cookies or delete existing cookies. Rejecting cookies may have the effect of limiting access to or functionality of parts of our websites.

Where you access third party websites via a link from our websites, we may also collect or have access to that information as part of our arrangements with those third parties.

We may advertise on other websites you visit, and we may collect information from these sites on your browser type, the date and time of your visit and the performance of their marketing efforts.

When you access our websites after viewing one of our advertisements on another website, the advertising agency may collect information on how you utilise our websites (e.g. which pages you view) and whether you commenced or completed an online application.

We may use cookie information to display targeted advertisements or content on our websites, and also on third party networks and websites such as Google and Facebook. We may use remarketing tools such as Google AdWords to tailor our marketing to (for example) better suit your needs and only display advertisements that are relevant to you.

We may also use cookies for purposes such as site usage analytics, auditing and reporting, as well as content and ‘advertising/marketing personalisation’. We may share any data collected from cookies with third parties to provide you with relevant advertising when browsing third party websites.

Online applications

If you start but don’t finish an online application, we might use the details you provide to get in touch with you, or to offer help finishing the application if needed.

You can also save online applications, so you can complete and submit the applications at a later time. If you suspend or save your application, the information that you have entered will be retained in our systems so that you may recover the information when you resume your application. Online applications that have been suspended or saved may be viewed by us.

Notifiable Matters Statement

The law requires us to advise you of ‘notifiable matters’ in relation to how we may use your credit information. You may request to have these notifiable matters (and this policy) provided to you in an alternative form, such as a hard copy.

We may exchange personal information with credit reporting bodies (CRBs) to obtain from them a consumer and commercial credit reports about you. With the introduction of Consumer Credit Reporting (CCR) means credit reports could record both positive and negative credit information on your credit history. CCR could benefit those with positive credit histories by highlighting good behaviour, whereas other information may reflect adversely on your credit worthiness, for example, if you fail to make payments, enter into a hardship arrangement or if you commit a serious credit infringement (like obtaining credit by fraud). That sort of information may affect your ability to get credit from other lenders. You can find out more about CCR from CreditSmart.

We use the credit-related information that we exchange with the credit reporting body to confirm your identity, assess your creditworthiness, assess your application for finance or your capacity to be a guarantor and manage your finance.

The credit reporting body may provide the information that we report about you to other credit providers to assist them to assess your credit worthiness. We may also obtain information that other credit providers have provided to the credit reporting body to use in our assessments of your credit-worthiness.

The information that we can exchange includes your identification details, what type of loans you have, how much you have borrowed, whether or not you have met your loan payment obligations, if you have entered into any hardship arrangements and if you have met those and if you have committed a serious credit infringement (such as fraud).

Where we provide a loan to you or we have arranged a loan for you, iIf you fail to meet your payment obligations in relation to that loan, or enter into a hardship arrangement or have the loan contact varied as a result of hardship, or if you commit a serious credit infringement, we may disclose this to the credit reporting body.

If you fail to meet your payment obligations in relation to any loan that we have provided to you, or any loan that we have arranged for you, or if you commit a serious credit infringement, we may disclose this to the credit reporting body.

You have the right to request access to the credit information that we hold about you and make a request for us to correct that credit information if you believe the information is out-of-date, incomplete or incorrect. Please refer to the section ‘Accessing and Correcting your Personal Information’.

Sometimes your credit information will be used by CRBs for the purposes of ‘pre-screening’ credit offers on the request of other credit providers. You can contact the credit reporting body at any time to request that your credit information is not used in this way.

You may contact the CRB to advise them that you believe that you may have been a victim of fraud. For a period of 21 days after the credit reporting body receives your notification the CRB must not use or disclose that credit information. You can contact any of the following CRBs for more information:

Equifax Australia Pty Limited equifax.com.au equifax.com.au/privacy

Changes to this policy

We are constantly reviewing all of our policies and attempt to keep up to date with market expectations. Technology is constantly changing, as is the law and marketplace practices.

As a consequence we may change this policy from time to time or as the need arises. We will post any changes to this policy on our website.

From time to time, we may enhance and optimise our privacy processes and controls. To the extent necessary, we will update this policy to reflect those changes and publish it on our website and share it with you.

Getting in touch about Privacy

How to contact us

If you have any concerns or questions in relation to how we handle your privacy, or if you would like a printed version of this policy sent to you, let us know.

To contact Athena, you can:

Weekdays 8AM - 8PM AET | Sat & Sun 10AM - 4PM AET

Write Athena Mortgage Pty Ltd GPO Box 1624, Sydney NSW 2001

Concerns or complaints

If you are dissatisfied with how we have dealt with your personal information, or you have a complaint about our compliance with the Privacy Act and the Credit Reporting Code, please contact us immediately.

We will acknowledge your complaint within seven days and aim to resolve the complaint as quickly as possible. We will provide you with a decision on your complaint within 30 days. If you are dissatisfied with our response, you can refer your complaint to the following external dispute resolution bodies:

Australian Financial Complaints Authority

Write Australian Financial Complaints Authority GPO Box 3 Melbourne VIC 3001

Privacy Commissioner

Write Office of the Australian Information Commissioner GPO Box 5218 Sydney NSW 2001

Further information

You may request further information about the way we manage your personal or credit-related information by contacting us.

Electronic communications

Where you consent, then we may provide any document to you electronically, either by displaying them on-screen or emailing them to you. This could include your credit contract (including related disclosures), and other documents we are required to provide such as credit guides and notices. Before consenting, you should understand that:

  • Paper versions of these documents may no longer be given;

  • You should regularly check your electronic communications, such as email accounts, for documents we may have sent you; and

  • You may withdraw your consent to receive documents electronically at any time by contacting us.

We may also, where you consent, require you to digitally sign documents, such as your credit contract.

You also confirm that you have the facilities to print any notice or document that we send you by email, if desired.

This privacy policy came into existence on Thursday, 29 Oct 2020.

Athena acknowledges the traditional owners of the land on which we gather the Gadigal people of the Eora nation. We acknowledge that sovereignty was never ceded and respect their continued and continuing connection to this place.