Last Revised: 8 March 2017
“Personal Information” means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
(a) whether the information or opinion is true or not; and
(b) whether the information or opinion is recorded in a material form or not.
Personal information may include “Sensitive Information” being:
(c) information or an opinion about an individual’s:
(i) racial or ethnic origin; or
(ii) political opinions; or
(iii) membership of a political association; or
(iv) religious beliefs or affiliations; or
(v) philosophical beliefs; or
(vi) membership of a professional or trade association; or
(vii) membership of a trade union; or
(viii) sexual orientation or practices; or
(ix) criminal record;
that is also personal information; or
(d) health information about an individual; or
(e) genetic information about an individual that is not otherwise health information; or
(f) biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or
(g) biometric templates.
THE KINDS OF PERSONAL INFORMATION THAT WE COLLECT AND HOLD
2 General personal information
We may need to collect, hold, use and disclose a range of Personal Information from you to allow us to provide you with relevant products and services which, dependant on your interaction with us, may include, but is not limited to:
(a) your name and date of birth;
(b) your gender and marital status;
(c) your contact information, including:
(i) work, postal and residential address(es);
(ii) telephone and facsimile number(s); and
(iii) email address(es);
(d) your financial information, including:
(i) bank account or credit card details;
(iii) assets and liabilities;
(iv) account balances and financial statements;
(v) tax statements;
(vi) employment details; and
(vii) citizenship and residence status;
(e) your tax file number information;
(f) records of your communications and other interactions with us; and
(g) any content that you provide in connection with the use of our website including, but not limited to, postings on any blogs, forums, wikis and other social media applications and services that we may provide.
3 Non-personal information
We may also collect, hold, use and disclose information about you that is not necessarily personal information including, but not limited to:
(a) data relating to your activity on our website or our mobile applications via tracking technologies such as analytic, cookie and session tools, which data can include:
(i) the identity of your internet browser;
(ii) the type of operating system or mobile operating system you use;
(iii) your IP address;
(iv) the type of mobile device you use;
(v) the mobile device unique ID;
(vi) the domain name of your internet service provider;
(vii) the pages accessed on our site; and
(viii) the next site visited; and
(b) non-personal details of any survey responses you provide.
We may use this non-personal information for internal purposes including, administering our services, diagnosing problems, generating statistics and trends and improving the quality of our products and services
4 Sensitive information
If we require your Sensitive Information, we may collect, hold, use and disclose it only with your consent, only as permissible by law and only if the information is reasonably necessary for one or more of our functions or activities or as otherwise required by the law. By providing or enabling us to collect Sensitive Information, you consent to our collection, holding, use and disclosure of that information for the purpose of discharging our statutory and other functions.
If we wish to use or disclose your Sensitive Information for any secondary purpose, we will only do so with your consent and only if the secondary purpose is directly relevant to the primary purpose for which the information was collected. We will not disclose your Sensitive Information for the purpose of Direct Marketing without your consent.
5 Government related identifiers
Other than where permitted by the Principles or any other law, we will not use or disclose any government related identifier of you or adopt it as our own identifier.
HOW WE COLLECT AND HOLD PERSONAL INFORMATION
6 Direct collection of personal information from you
We collect your Personal Information directly from you wherever it is reasonable and practical to do so. This can be:
(a) when we contact you or you contact us;
(b) when we communicate with you including, recording the information you provide via phone calls, interviews and other forms of communication;
(c) when you attend our office;
(d) through applications or other forms that you complete and provide to us including surveys;
(e) when you attend an event we have organised or sponsored;
(f) when you post about us on any blogs, forums, wikis and other social media applications and services;
(g) when you use our website or mobile applications including, through the use of third party analytic, cookie and session tools; and
(h) any other means by which you directly communicate or provide the information to us.
7 Collection of personal information from external sources
Sometimes, we may also collect your Personal Information from external sources where it is unreasonable or impracticable to collect it from you direct. These external sources may include, but are not limited to:
(a) public records or sources of information (e.g. telephone directories, government registers, market research organisations, credit reporting bodies); and
(b) people authorised by you to provide us with your Personal Information (e.g. your lawyer, accountant, tax adviser, financial planner, insurance broker, employer).
When an external source provides us with your Personal Information we will we attempt to ensure that you and the external source are aware of certain matters including our identity and contact information. If an external source provides us with your Personal Information and we are aware that they have not informed you that they will be doing so, we will notify you of our collection of your Personal Information and soon as practicable after it has been provided to us.
8 Unsolicited personal information
If we received your Personal Information in an unsolicited manner, within a reasonable period after receiving the information, we will determine whether or not we could have collected the information under the Privacy Act and the Principles as if we had solicited the information and:
(a) if we determine we could not have collected your Personal Information and your Personal Information is not contained in a Commonwealth record, we will, as soon as practicable but only if it is lawful and reasonable to do so, destroy your Personal Information or ensure that your Personal Information is de-identified; or
9 How we hold personal information
We will generally hold your Personal Information as either physical records at our premises or off-site or, as electronic records on our servers or on third party servers and, in any case, in accordance with the storage and security of personal information procedures detailed below.
PURPOSE FOR WHICH WE COLLECT, HOLD, USE AND DISCLOSE PERSONAL INFORMATION
10 Primary purposes
The products and services that we offer to our clients are wide ranging and we need to collect certain Personal Information in order to be able to provide these effectively to our clients.
We will collect, hold, use and disclose your Personal Information where it is reasonably necessary for primary purposes including, but not limited to:
(a) providing or offering to you relevant products and services (including mobile applications);
(b) responding to your requests or inquiries;
(c) establishing, managing and maintaining any relevant products and services provided to you;
(d) arranging for other related products or services to be provided or offered to you by third parties;
(e) any other purposes that you may reasonably expect;
(f) any other purposes that have been disclosed to and authorised by you (including, but not limited to, those you consent to below); and
(g) any purpose authorised or required by law, court or tribunal including those required by the Anti- Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), the Corporations Act 2001 (Cth), and the U.S Foreign Account Tax Compliance Act (US).
These primary purposes may include disclosures to organisations or third parties that handle information on our behalf or provide us with technical/ support services and professional advice.
11 Secondary purposes
If we have collected Personal Information (other than a government related identifier) for a primary purpose, we will not use or disclose the Personal Information for another purpose (other than for Direct Marketing) unless:
(a) you have consented to the use or disclosure of the Personal Information; or
(b) you would reasonably expect us to use or disclose the Personal Information for the other purpose and the other purpose is:
(i) if the information is Sensitive Information—directly related to the primary purpose; or
(ii) if the information is not Sensitive Information—related to the primary purpose; or
(iii) otherwise authorised by law, court or tribunal.
12 Your consent
By providing us with your Personal Information, you consent to us collecting, holding, using and disclosing your Personal Information (including holding by, using by and disclosure to any third parties or overseas recipients):
(b) for the primary purposes referred to above;
(c) for the secondary purposes referred to above;
(e) to provide you with news and information about our products and services or events;
(f) for any purposes necessary or incidental to the provision of our products and services (including mobile applications);
(g) to provide you with the functionality on our website including customising and improving your online experience with us;
(h) to personalise your experience with our products and services (e.g. via use of blogs, forums, wikis and other social media applications and services);
(i) for internal purposes including, administering our services, diagnosing problems, generating statistics and trends and improving the quality of our products and services;
(j) to send you marketing and promotional material (including Direct Marketing) that we believe you may be interested in, either from any of our related entities or a third party business which we consider may be of interest to you and;
(k) to seek your feedback on our products and services, or for market research purposes;
(l) as part of a corporate transaction such as a sale, divestiture, merger or acquisition; and
(m) for any other purpose required or authorised by law, court or tribunal.
13 Other uses
Your Personal Information may also be used and disclosed in order to protect our rights or property and that of our users and, where appropriate, to comply with legal processes, which may include disclosures to law enforcement, regulatory or government agencies.
14 We may use your Personal Information to communicate directly with you to inform you of a new product, service or event offered or distributed by us and that we believe you may be interested in (Direct Marketing).
You can opt-out of receiving Direct Marketing information from us at any time. If you receive Direct Marketing information from us and do not wish to continue receiving it, please contact us, asking to be removed from all future Direct Marketing programs. Once we have received your opt-out request, we will remove you from our Direct Marketing programs as soon as reasonably practicable.
WHO WE DISCLOSE PERSONAL INFORMATION TO AND CROSS BORDER DISCLOSURE
15 Who we disclose personal information to
We may share your personal information with other parties. These parties will vary according to the product or service involved, but could include:
(a) your accountant, tax adviser or financial planner;
(b) contracted service providers and specialist advisers we engage to provide us with services such as administrative, financial, insurance or research services, some of whom may contact you on our behalf;
(c) third-party suppliers (each, a Third Party Supplier) who provide us with necessary hardware, software, networking, connectivity, functionality, storage and related technology required to provide our products and services (including mobile applications), some of whom may contact you on our behalf;
(d) third-party data sources (each, a Third Party Connector) that you may connect to and import data from whilst using our products and services (including mobile applications),
(e) courts, tribunals and other dispute resolution bodies in the course of a dispute;
(f) credit reporting or reference agencies or insurance investigators;
(g) anyone authorised by you or to whom you have provided your consent (either expressly or impliedly); and
(h) anyone to whom we are required or authorised by law to disclose your Personal Information (e.g. law enforcement agencies and national and international government and regulatory authorities including but not limited to the Australian Taxation Office, the Australian Prudential Regulation Authority, the Australian Securities and Investments Commission, the Australian Transaction Reports and Analysis Centre and the United States Internal Revenue Service).
16 Whether we disclose personal information to overseas recipients
We may disclose your Personal Information to our servers, agents and employees, Third Party Suppliers, Third Party Connectors, and other third parties and service providers located overseas (each, an overseas recipient) including holding your personal information on third party servers located overseas. We will only do so with your consent (including your consent given above or any implied consent) or otherwise in compliance with the Privacy Act and the Principles. We will inform you as far as reasonably practical of the countries in which overseas recipients are likely to be located.
Web traffic information may be disclosed to Google Analytics or other analytics providers when you visit our websites. These analytics providers may store this information across a large multiple of countries (to which it is impracticable to name each one).
When you communicate with us through a social network service such as Facebook or Twitter, the social network provider and its partners may also collect and hold your personal information overseas across a large multiple of countries. These social networking services have their own privacy policies and we strongly recommend that you review them.
17 Countries where overseas recipients are located
The country in which an overseas recipient is likely to be located is the Philippines.
In relation to Third-Party Connectors, we are not able to inform you of which overseas countries they may be located in as this will depend on your actions and whatever agreement(s) you have with Third-Party Connectors which is beyond our control and knowledge.
ANONYMITY, PSEUDONYMITY AND CONSEQUENCES IF PERSONAL INFORMATION IS NOT PROVIDED
18 Anonymity and pseudonymity
Where possible, if you wish to remain anonymous or to use a pseudonym when interacting with us, we may be able to provide you with limited information or services, such as general details about our products and services.
However, in many cases it will be impracticable or impossible for us to assist you if you wish to remain anonymous or use a pseudonym. The provision of many of our products and services is highly personalised, with the quality and scope of our products and services heavily dependent on the individual circumstances of each customer. Because of this, if you choose not to identify yourself or wish to use a pseudonym, we may be unable to provide you with the specific product or service you want.
19 Consequences if personal information is not provided
It's your choice whether to provide your Personal Information however, if you don't provide all the requested Personal Information, it may not be possible to fulfil your request for a specific product or service and it may also affect the functionality of a specific product or service and the benefits you could possible derive from them.
STORAGE AND SECURITY OF PERSONAL INFORMATION
20 Storage and security of personal information
We have in place reasonable commercial standards of technology and operational security to protect all Personal Information provided to us from misuse, interference, loss, unauthorised access, modification or disclosure.
We take steps to protect the security of your Personal Information by:
(a) regularly assessing the risks of misuse, interference, loss, unauthorised access, modification or disclosure; and
(b) taking measures to address those risks.
For further information on the way we manage security risks in relation to your Personal Information please feel free to contact our Privacy Officer.
21 Destruction of records
We may be legally required to maintain some of your Personal Information for a significant period of time, however once we no longer need your Personal Information, subject to any legal requirement; we will take such steps as are reasonable in the circumstances to destroy the information or ensure that the information is de-identified.
PRIVACY AND THE INTERNET
22 Internet transmission of information
Where appropriate we use secure transmission facilities; however, no transmission of information over the internet can be guaranteed to be completely secure and we do not warrant the security of any information transmitted by or to us over the internet. Users enter our website and use our mobile applications and other products and services at their own risk.
23 Cookies and website analytics
Our website and mobile applications may use a range of tools provided by third parties, including Google, Bing and our web hosting company to collect or view website and internet traffic information. These sites have their own privacy policies.
Cookies are frequently used on many websites on the internet and you can choose if and how a cookie will be accepted by changing your preferences and options in your browser. You may not be able to access some parts of our website if you choose to disable the cookie acceptance in your browser, particularly the secure parts of the website. We therefore recommend you enable cookie acceptance to benefit from all the services on the website.
Website analytics measurement software may also be used to assist in tracking traffic patterns to and from websites, anonymously surveying users of the sites. The system is used to collect such information as the number of unique visitors, how long these visitors spend on a website when they do visit, and common entry and exit points into and from a website.
This non-personal information is collected and aggregated by third party software and provided to us to assist in our analysis of our websites and mobile applications. You cannot be identified personally from this information and no Personal Information is stored about you.
24 Social networking services
We may use social networking services such as Twitter, Facebook and YouTube to communicate with you and the public at large about our work. When you communicate with us using these services we may collect your Personal Information, but we only use it to help us to communicate with you and the public. The social networking service will also handle your Personal Information for its own purposes. These social networking services have their own privacy policies and we strongly recommend that you review them.
25 Linked websites
ACCESS TO AND CORRECTION OF PERSONAL INFORMATION
26 Quality of personal information
We will take reasonable steps to ensure that your Personal Information is accurate, complete, up to date and relevant whenever it is collected, used or disclosed.
We rely on the accuracy of the information you, and any one authorised by you, provides to us. If you think that we may hold information about you that is incorrect in any way, please contact us. If your Personal Information is found to be inaccurate, not up to date, incomplete, irrelevant or misleading having regard to the purpose for which it is held, we will take reasonable steps to correct your Personal Information.
27 Your access to personal information
You may request access to your Personal Information by contacting the Privacy Officer.
You are also welcome to contact our Privacy Officer to:
(c) update or correct your Personal Information;
(d) ask about accessing or correcting your Personal Information that we hold;
(e) opt-out of receiving Direct Marketing information; or
(f) make a privacy related complaint.
Subject to us being permitted or required by law to withhold your Personal Information, we would be happy to advise you what Personal Information we hold about you. We will respond to all requests within a reasonable period.
There may be some cost to you to cover the cost of retrieving and processing your Personal Information if it requires a significant amount of time to locate, collect or to present it to you in an appropriate form. We will let you know in advance if any charges will apply. The cost will not be excessive and will not apply to the making of the request.
28 Privacy Officer details
If you have any questions, concerns or requests regarding your privacy or your Private Information or, if you would like to make a complaint, please direct your correspondence or communication to our Privacy Officer at:
The Privacy Officer
PO Box 6233 Linden Park South Australia 5065
Telephone: 0488 559 069
29 Complaint procedure
If you wish to make a complaint to us about how we have handled your Personal Information please do so in writing addressed to our Privacy Officer. If you need help lodging a complaint, please feel free to contact us.
We take all complaints seriously, and will respond to your complaint within a reasonable period.
We will determine what (if any) action we should take to resolve the complaint. If we decide that a complaint should be investigated further, the complaint will usually be handled by a more senior officer than the officer whose actions you are complaining about.
30 Further action you can take
If you believe that we have not adequately handled your complaint you may contact us further to advise of your concerns and, if we are unable to reach a satisfactory resolution, you may contact the Office of the Australian Information Commissioner via their website at https://www.oaic.gov.au/ or via the following contact details:
Office of the Australian Information Commissioner
GPO Box 5218
SYDNEY NEW SOUTH WALES 2001
Telephone: 1300 363 992
31 Further information
For further information about privacy and the protection of privacy, visit the Office of the Australian Information Commissioner's website at https://www.oaic.gov.au/.