“Personal information” is information or an opinion about an identified individual, or about an individual who is reasonably identifiable.
“Sensitive information”, a sub-set of personal information, is information or an opinion about an individual’s racial or ethnic origin, political opinions, political association membership, religious beliefs or affiliations, philosophical beliefs, professional or trade association membership, trade union membership, sexual orientation or practices or criminal record, and includes health information and genetic information.
What personal information will we collect and hold?
The kinds of personal information we collect from you or about you depend on the transaction you have entered into with us, the services you or your organisation have contracted us to provide, and the services you or your organisation are interested in. Generally, the types of personal information that we may collect and hold will include:
- your name and birth date;
- your contact information, including postal and residential addresses, telephone and facsimile numbers, and email addresses;
- where relevant to the services we are providing you, your financial information about your assets, occupation and income, bank account balances, account activities, payment history;
- government identifiers (such as TFN).
- shareholdings and details of investments;
- details of superannuation and insurance arrangements;
- educational qualifications, employment history, and salary;
- visa or work permit status; and/or
- personal information about your spouse and dependants.
How do we collect and hold personal information?
We aim to collect personal information only directly from you unless it is unreasonable or impracticable to do so. For example, we may collect personal information from you or about you from correspondence that you submit to us, telephone calls and face-to-face meetings with us, emails, hardcopy forms, the information you provide us through paper-based and electronic client surveys and from your activity on our website
In some instances, we may also receive personal information about you from third parties, such as associated businesses and/or federal government departments
You can be anonymous or use a pseudonym when dealing with us, unless:
- the use of your true identity is a legal requirement; or
- it is impracticable for us to deal with you on such a basis.
Why do we collect, hold, use and disclose personal information?
We collect, hold, use and disclose personal information from you or about you where it is reasonably necessary for us to carry out our business functions and activities. For example, we collect, hold, use and disclose personal information as necessary to provide services to you or your organisation.
We may collect sensitive information from or about you where there is a legal requirement to do so, or where we are otherwise permitted by law. In all other situations, we will specifically seek your express consent.
If we do not collect, hold, use or disclose your personal information, or if you do not provide your consent, then we may not be able to answer your enquiry, complete the transaction you have entered into or provide the services you have engaged us to provide.
We collect, hold, use and disclose your personal information for related purposes that you would reasonably expect, such as our administrative and accounting functions, credit checks, processing your payments, obtaining product registrations and approvals, providing you with information about other services provided by us, market research, client satisfaction surveys, newsletter communications, statistical collation and website traffic analysis.
We may also use your personal information for marketing and promotional activities, and for maintaining our newsletters. Where we use your personal information for marketing and promotional communications, you can opt-out at any time by emailing firstname.lastname@example.org
We may disclose your personal information to third parties (including government departments and enforcement bodies including ASIC, APRA, AFSA and the ATO) where required or permitted by law.
From time to time, we may need to disclose your personal information to third party service providers, located both inside and outside Australia (for further information in relation to our overseas disclosure of personal information, please see below). For example, we may disclose personal information to one or more of the following:
- our clients’ personal financial advisers and related service providers;
- our clients’ personal and legal representatives;
- external information security and document storage providers; and
- other third party organisations to which disclosure is reasonably necessary to enable us to carry out our business functions and activities.
How do we store your personal information?
Your personal information is held and stored on paper, by electronic means or both. ‘Electronic means’ include, physical servers located on premises, servers maintained by cloud service providers, laptops, desktop computers, tablets and other mobile devices. We have physical, electronic and procedural safeguards in place for personal information and we take reasonable steps to ensure that your personal information is protected from misuse, interference, loss and unauthorised access, modification and disclosure.
For example, our IT systems feature password protections, firewalls, and intrusion detection and site monitoring functionalities. Data held and stored “in the cloud” is protected by internal and external firewalls, limited access via file passwords, files designated read-only or no access. We also require our IT contractors and other third parties to implement privacy safeguards. Further, our staff members receive regular training on our strict privacy and confidentiality procedures in relation to all personal information stored by us electronically and in printed form.
Destruction and De-identification
We will retain your personal information whilst it is required for our business functions or any other lawful purpose. We use secure methods to destroy or permanently de-identify your personal information when it is no longer needed.
Our business is affiliated with other businesses located overseas. In the course of doing business with you, we may disclose some of your personal information to overseas recipients. However, we will only do so where:
- it is necessary to complete the transaction you have entered into or for us to complete the services we are providing; and
- we use our best endeavours to ensure overseas providers comply with our data handling policies and procedures under the APPs; or
- it is otherwise required by law
Access to, and Correction of, Personal Information
We have procedures in place for dealing with and responding to requests for access to, and correction of, the personal information held about you.
In most cases, we expect that we will be able to meet your requests. However, if we do not agree to provide you with access, or to correct the information as requested, we will provide you with written reasons regarding our decision.
Should you wish to access your personal information, please contact your local firm’s Privacy Officer and request a “Personal Information Access Form” (our Privacy Officer’s contact details are set out below).
We do not generally charge for requests to access your personal information. However, we may charge a fee:
- If an extended amount of time is required to locate, retrieve, collate and prepare any necessary materials; and
- in relation to any costs for the services of any intermediaries required to retrieve the information.
We will advise you of the estimated timeframe and costs (if any) in connection with any request for access to, or the correction of, your personal information
To assist us to keep our records up-to-date, please notify your local firm’s Privacy Officer of any changes to your personal information.
Complaints and Concerns
We have systems and procedures in place for dealing with complaints and concerns about our practices in relation to the Privacy Act and the APPs. We will respond to your complaint in accordance with the relevant provisions of the APPs.
If you wish to make a complaint about our handling of personal information, please contact your local firm’s Privacy Officer or our National Privacy Officer. Contact details below. If you lodge a complaint with us, it will be dealt with in accordance with our Internal Dispute Resolution process and we will endeavour to provide a formal response to your complaint within 30 days. If the matter proves to be complex, we will advise you in writing of any necessary extension of time for our response.
If you feel that your complaint is not handled in a satisfactory manner, you may refer your complaint to the Office of the Australian Information Commissioner (the details of which are set out below).
Privacy Officer Contact Details
PO Box 5020, South Melbourne, VIC 3205
Phone: (03) 9690 3455
The Commissioner can be contacted at
GPO Box 5218, Sydney, NSW 2001
hone: 1300 363 992