1.2 We are committed to complying with the Privacy Act 1988 (Cth) (Privacy Act) in relation to all personal information we collect. Our commitment is demonstrated in this policy. The Privacy Act incorporates the Australian Privacy Principles (APPs). The APPs set out the way in which personal information must be treated. Further information on privacy can be obtained from the website of the Office of the Australian Information Commissioner at https://www.oaic.gov.au/
1.3 This policy applies to any dealings and interactions (in person, online, by phone, fax or mail, or any other form of communication) between us and any person for whom we currently hold, or may in the future collect, personal information.
1.4 This policy applies to personal information. In broad terms, ‘personal information’ is information or opinions relating to a particular individual who can be identified.
1.5 Information is not personal information where the information cannot be linked to an identifiable individual.
2.0 HOW DO WE MANAGE THE PERSONAL INFORMATION WE COLLECT?
2.1 We manage the personal information we collect in numerous ways, such as by:
(a) implementing security systems for protecting personal information from misuse, interference and loss from unauthorised access, modification or disclosure;
(b) appointing a privacy officer within our business to monitor privacy compliance;
(c) implementing procedures for identifying and managing privacy risks at each stage of the information lifecycle, including collection, use, disclosure, storage, destruction or de-identification;
(d) regularly providing staff with training on privacy issues;
(e) appropriately supervising staff who regularly handle personal information;
(f) implementing procedures for identifying and reporting privacy breaches and for receiving and responding to complaints;
2.2 Subject to our professional obligations and legal, we will take reasonable steps to destroy or permanently de-identify personal information if that information is no longer needed for the purposes for which we are authorised to use it.
2.3 We are also subject to legal obligations that may affect how we deal with personal information
3.0 WHAT KINDS OF INFORMATION DO WE COLLECT AND HOLD?
3.1 The information we collect from you (through any means of communication, including by face-to-face interview, data collection form, telephone conversations, and online via email or other internet communication), your creditors, your financial institutions, from credit reporting bodies or other authorised parties such as your financial planner or adviser can include a broad range of information ranging from your name, address, contact details and age to other personal information including your credit history, credit worthiness, personal financial information and financial position (including income, expenditure, bank accounts and payment details), [how many dependants you have], your employment status, government identifiers such as your tax file number, Medicare number and/or pension card number and other such information.
3.2 We do not generally collect sensitive information about individuals. That is:
(a) information or an opinion about an individual’s:
(i) racial or ethnic origin; or
(ii) political opinions; or
(iii) membership of a political association; or
(iv) religious beliefs or affiliations; or
(v) philosophical beliefs; or
(vi) membership of a professional or trade association; or
(vii) membership of a trade union; or
(viii) sexual orientation or practices; or
(ix) criminal record; that is also personal information; or
(b) health information about an individual; or
(c) genetic information about an individual that is not otherwise health information; or
(d) biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or
(e) biometric templates. If we need to obtain this type of information, we will ask for your consent, except where otherwise permitted by law.
4.0 HOW AND WHEN DO WE COLLECT PERSONAL INFORMATION?
4.1 Our usual approach to collecting personal information is to collect it directly from you or from a third party as authorised by you.
4.2 We will ask you to give us authority to access and share your personal information with creditors, financial institutions and third parties such as your financial planner and other professional advisers where necessary to provide services as your authorized agent.
4.3 We strive to maintain the relevance, reliability, accuracy, completeness and currency of the personal information we hold and to protect its privacy and security. We keep personal information only for as long as is reasonably necessary for the purpose for which it was collected or to comply with any applicable legal or ethical reporting or document retention requirements.
5.0 HOW DO WE HOLD PERSONAL INFORMATION?
5.1 Our usual approach to holding personal information includes:
(a) physically at our premises (securely);
(i) on a private cloud; and
(ii) on our website.
5.2 We secure the personal information we hold in numerous ways, including:
(a) using secure servers to store personal information;
(b) using unique usernames, passwords and other protections including firewalls on systems that can access personal information; and
(c) by maintaining physical security over our paper and electronic data stored at our premises, by using deadlocks and alarm monitoring security systems
6.0 WHY DO WE COLLECT, USE OR DISCLOSE PERSONAL INFORMATION?
6.1 We take reasonable steps to use and disclose personal information for the primary purpose for which we collect it. The primary purpose for which information is collected varies, depending on the particular service being provided, but it generally includes:
(a) to provide mortgage broking provide lending services, debt management services, personal financial management services, including cash flow management, cash flow reporting and payment arrangements;
(b) establish your identity and assess applications for products and services;
(c) price and design our products and services;
(d) administer our products and services;
(e) manage our relationship with you;
(f) manage our risks and help identify and investigate illegal activity, such as fraud;
(g) contact you, for example if we suspect fraud on your account or need to tell you something important;
(h) conduct and improve our businesses and improve the customer experience;
(i) comply with our legal obligations and assist government and law enforcement agencies or regulators;
(j) identify and tell you about other products or services that we think may be of interest to you.
We may also collect, use and exchange your information in other ways where permitted by law
6.2 We may be required to provide the information which we collect from you, third parties and credit reporting bodies to your creditors/financial institutions to enable them to consider any payment arrangements, as authorised by you, which we propose on your behalf. In some circumstances the creditors/financial institutions may already have all of the information we provide to them, in other circumstances they may only have some of that information.
6.3 We do not sell, trade, or rent your personal information to others. Personal information may be used or disclosed by us for secondary purposes that are within your reasonable expectations and that are related to the primary purpose of collection. For example, from time to time we will use your contact details to send you offers, updates, events, articles, newsletters or other information about products and services that we believe will be of interest to you. We may also send you regular updates by email or by post. We will always give you the option of electing not to receive these communications and you can unsubscribe at any time by notifying us that you wish to do so. We may also use your information internally to help us improve our services and help resolve any complaints.
6.4 We may need to provide your information to contractors who supply services to us, including but not limited to external data storage providers and to organisations who provide us with IT services or to other companies in the event of a corporate sale, merger, reorganisation, dissolution or similar event. However, we will take all reasonable steps to ensure that they protect your information in the same way that we do.
6.5 We may also provide your information and/or government related identifiers to others if we are required to do so by law or under some other circumstances which the Privacy Act permits or when authorised by you. Persons or entities to whom these disclosures may be made can include:
(a) compliance consultants;
(b) your professional advisers;
(c) government and regulatory authorities and other organisations as required by law – for example the disclosure of information to government or regulatory bodies for the purpose of public health or safety, or the prevention or detection of unlawful activities, or to protect the public revenue;
(d) third parties for the purpose of resolving complaints or disputes, including complaints or disputes arising or continuing beyond the end of your contract for our services;
(e) product planning and development officers;
(f) researchers for the purpose of improving our current and future services;
(g) creditors with whom we are making payment arrangements; and
(h) relevant authorities if we reasonably believe that such a use or disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of any individual or to public health or safety.
6.6 We may access and share your personal information with people or entities referred to in this policy by phone, mail, facsimile or by electronic transmission (e.g. email).
6.7 We may need to transfer some of your information overseas if we are dealing with an overseas based entity in relation to the mortgage broking services, debt management services, personal financial management services, including cash flow management, cash flow reporting and payment arrangements we are providing to you. This information may include your indentifying details, such as name, date of birth and address, details of other payments you are required to make, and information about your personal and financial situation. We will only disclose this information to the extent necessary to carry out the dealing with the overseas based entity.
From time to time, we may send your information overseas to service providers or other third parties who enter, operate or hold data outside Australia. Where we do this, we use reasonable efforts to make sure appropriate data handling and security arrangements are in place. Please note that Australian law, including privacy laws, may not apply to some of these entities.
6.8 We may exchange your information with third parties where this is permitted by law, for any of the purposes mentioned in section 6.1 or where you otherwise give your consent. Third parties include (among others): those to whom we outsource certain functions, for example, direct marketing and information technology support; brokers, agents and advisers and persons acting on your behalf, for example guardians and persons holding power of attorney; other financial institutions; employers; government and law enforcement agencies or regulators; credit reporting bodies and credit providers; entities established to help identify illegal activities and prevent fraud.
6.9 In certain circumstances we may collect government identifiers such as your tax file number or Medicare number, we do not use this information other than when required or authorised by law or if you have voluntarily consented to disclosure of this information to any third party.
7.0 WHAT IF I DON’T PROVIDE YOU WITH PERSONAL INFORMATION?
7.1 If you do not provide us with some or all of the information that we ask for or refuse to authorise us to collect information from a third party, we may not be able to provide appropriate services as per our agreed arrangements with you.
8.0 HOW DO YOU MAKE COMPLAINTS, ACCESS AND CORRECT YOUR PERSONAL INFORMATION?
8.1 It is important that the information we hold about you is up-to-date. To ensure we are able to maintain relevant, reliable, accurate, complete and current personal information we request that you:
(a) inform us of any errors in your personal information as soon as possible; and
(b) update us with any changes to your personal information as soon as possible.
Access to information and correcting personal information
8.2 You may request access to the personal information held by us or ask us for your personal information to be corrected by using the contact details in this section.
8.3 Upon receipt of your written request and enough information to allow us to identify the information, we will disclose to you the personal (or credit) information we hold about you. We will also correct, amend or delete any personal information that we agree is inaccurate, irrelevant, out of date or incomplete
8.4 In keeping with our commitment to protect the privacy of personal information, we may not disclose personal information to you without proof of identity.
8.5 We may deny access to personal information if:
(a) the request for information is frivolous or vexatious;
(b) providing access would have an unreasonable impact on the privacy of another person;
(c) providing access would pose a serious and imminent threat to the life or health of any person or to public health or public safety;
(d) the information is related to existing or anticipated legal proceedings between us and would not be discoverable in those proceedings;
(e) providing access would reveal our intentions in relation to negotiations with you in such a way as to prejudice those negotiations;
(f) providing access would be unlawful;
(g) denying access is authorised by or under an Australian law or an order of a court or tribunal;
(h) we have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to our function or activities has been, is being or may be engaged in and the giving of access would be likely to prejudice the taking of appropriate action in relation to the matter;
(i) providing access would be likely to prejudice enforcement related activities conducted by or on behalf of an enforcement body, or an enforcement body requests that access not be provided on the grounds of national security;
(j) providing access would reveal evaluative information generated by us in connection with a commercially sensitive decision-making process;
(k) there are other legal grounds to deny the request.
8.6 We may charge a fee for reasonable costs incurred in responding to an access request. The fee (if any) will be disclosed prior to it being levied.
8.7 If the personal information we hold is not accurate, complete and up-to-date, we will take reasonable steps to correct it so that it is accurate, complete and up-to-date, where it is appropriate to do so.
(a) The complaint must be firstly made to us in writing, using the contact details in this section. Your complaint will be considered by us through our internal complaints resolution process and we will try to respond with a decision within 45 days of you making the complaint.
(b) In the unlikely event the privacy issue cannot be resolved, you may take your complaint to the Office of the Australian Information Commissioner.
Who to contact
8.9 A person may make a complaint or request to access or correct personal information about them held by us. Such a request must be made in writing to the following address:
9.0 CHANGES TO THE POLICY
9.2 This policy is effective February 2016. If you have any comments on the policy, please contact the privacy officer with the contact details in section 8 of this policy.
10.0 YOUR CONSENT
10.1 By asking us to assist with mortgage broking services or your personal financial management needs, you consent to the collection and use of the personal information you have provided to us or which has been provided by third parties for the purposes described above.
11.0 WEB DATA
11.1 We use technology to collect anonymous information about the use of our website, for example when you browse our website our service provider logs your server address, the date and time of your visit, the pages and links accessed and the type of browser used. We use this information for statistical purposes and to improve the content and functionality of our website, to better understand our clients and markets and to improve our services.
11.3 We will also collect any personal information or other data which you submit to us through our website. We use this information for the purposes of providing you with the service as you requested, for example a download, newsletter or consultation to discuss the ways in which we can assist you. We may use your contact details to send you offers, updates, events, articles, newsletters or other information about products and services that we believe will be of interest to you. We may also send you regular updates by email or by post. However, we will always give you the option of electing not to receive these communications and you can unsubscribe at any time by notifying us that you wish to do so.
TELL US WHAT YOU THINK
We welcome your questions and comments about privacy. If you have any concerns or complaints, please contact our Privacy Officer, at PO Box 1556 Caplalaba QLD 4157, or at firstname.lastname@example.org or by telephone at 07 3362 6500.