We are required by the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (the ‘Privacy Amendment Act') to comply with the Australian Privacy Principles (APPs). The APPs regulate the manner in which personal information is handled throughout its life cycle, from collection to use and disclosure, storage, accessibility and disposal.
Personal information is information or an opinion about an identified individual or an individual who is reasonably identifiable; whether the information or opinion is true or not and whether the information or opinion is recorded in material form or not. Examples include an individual's name, address, contact number and email address.
Special provisions apply to the collection of personal information which is sensitive information. Sensitive information includes, for example, information about a person's membership of a professional or trade association. We do not collect sensitive information, including information relating to a person's; race, religion, political views, sexual preferences, criminal convictions, membership of professional trade associations or unions or health information.
2. What Personal Information do we collect?
The Financial products and services provided by us include both direct to client services and services provided through financial planners and fund managers. The information we collect directly from clients, financial advisors and fund managers includes; name and contact information, date of birth, tax file number, occupation, employer, financial information regarding the products they invest in, data required for AML/CTF purposes and any other information required to administer the products they invest in.
3. How do we collect and hold Personal Information?
When we collect personal information directly from an individual, we take reasonable steps at or before the time of collection to ensure that the individual is aware of certain key matters, such as the purposes for which we are collecting the information, the organisations (or types of organisations) to which we would normally disclose information of that kind, the fact that an individual is able to access the information and how to contact us to either access or correct their personal information.
We will collect personal information directly from an individual where it is reasonable and practicable to do so. Where we collect information from a third party such as a financial planner or fund manager, we will still take reasonable steps to ensure that an individual is made aware of same key matters as set out above.
We take reasonable steps to ensure that the personal information that we collect, use and disclose is accurate, complete and up to date, by reviewing personal information provided as part of the application process against certified documentation to make sure it meets requirements before processing. We advise clients to keep their information up to date and provide mechanisms for them to do so.
We take reasonable steps to protect the personal information that we hold from misuse and loss and from unauthorised access, modification or disclosure by using security procedures and the latest technology. Account information is password and security question protected and instructions are verified before they are processed.
Personal information is stored on both onsite servers located in secured server rooms and in our Sydney data centre. Data from onsite servers is backed up both to tape and pushed over the network to the data centre. Backups within the data centre are stored in two separate physical locations within New South Wales. Information which is classified as personal information is scrambled before being moved out of production environments. Any personal information sent to external locations is secured with encryption.
We may disclose personal information to the following:
- Internally to our staff;
- Related bodies corporate;
- Financial institutions, where necessary, to allow us to establish accounts or other banking facilities on behalf of clients or investors;
- Professional advisers including; auditors, accountants and lawyers, within normal business practices;
- Support Services; and
- Where otherwise required or authorised by law.
If other organisations provide support services to us, they are required to appropriately safeguard the privacy of the personal information provided to them.
Where personal information collected is no longer needed for any purpose that is permitted by the Privacy Amendment Act, we will delete, securely destroy or permanently de-identify the personal information.
4. Use of Commonwealth government identifiers
We do not use Commonwealth government identifiers (Identifiers) as its own identifier of individuals. We will only use or disclose Identifiers in the circumstances permitted by the Privacy Amendment Act.
5. Purposes of collection
We will not collect personal information from an individual or third party unless that information is reasonably necessary for or directly related to one or more of our functions or activities.
We will only collect personal information from an individual or third party which is reasonably necessary to provide our products or services. We collect personal information for the following purposes (primary purposes), including:
- Processing applications and other transactions for products and services offered by us and our clients;
- Providing information and communications to account holders, necessary for the operation of products and services offered by us and our clients, or to comply with Corporations Act requirements;
- To record and maintain investor details necessary for providing the unit registry services offered by us and our clients;
- Establishing accounts or other banking facilities on an individual's behalf with third party financial institutions and administering an individual's accounts or other banking facilities;
- Communicating with clients and investors;
- Conducting our internal business operations, including meeting any relevant regulatory or legal requirements;
- As agent, collecting information to enable our clients to comply with Anti-Money Laundering and Counter-Terrorism Financing Law; and
- Assessing applications for employment.
If we use or discloses personal information for a purpose (secondary purpose) other than a primary purpose, to the extent required by the Privacy Amendment Act, we will ensure that:
- the individual has consented to the use or disclosure of their personal information for the secondary purpose; or
- the individual would reasonably expect us to use or disclose the information for the secondary purpose and the secondary purpose is related to the primary purpose of collection, and in such way that one would reasonably expect us to use or disclose the information.
We do not collect any sensitive information.
6. Accessing your Personal Information or Making a Complaint
Any individual about whom we hold personal information, can contact us to access or correct their personal information. We will take all reasonable steps to provide access to or amend any personal information that is incorrect. If we are unable to correct your personal information we will advise you with an explanation why in writing.
You can contact us to either access or correct personal information, or complain about any breach of the APPs by writing to the Privacy Officer at:
Compliance Department, PO Box R1926, Royal Exchange, NSW, 1225.
We will acknowledge your complaint in writing within 7 days of receipt, and process and respond to your complaint within 30 days. If we cannot resolve your complaint within 30 days of receipt we will contact you with an explanation why and ask permission for an extension of time.
If (after 30 days) you are not satisfied with our response, you can raise your concerns with the Office of the Australian Information Commissioner:
Phone: 1300 363 992
Fax: +61 2 9284 9666
Mail: GPO Box 5218, Sydney NSW 2001 or GPO Box 2999, Canberra ACT 2601.
7. Disclosing personal information overseas
Some of our third party contractors and service providers may perform certain services overseas. As a result, personal information collected by us may be disclosed to a recipient in a foreign country. We outsource back office administrative services and anti-money laundering counter-terrorism financing screening services to providers who operate overseas. The countries in which such overseas recipients are likely to be located are the United Kingdom, Canada, Singapore, The Netherlands and India.
We take reasonable steps to ensure these overseas recipients comply with the APPs by implementing contractual arrangements with overseas service providers to ensure the personal information is appropriately safeguarded and to ensure that these overseas service providers comply with the APPs.