The privacy of your personal information is important to us.
2. Personal Information
The Privacy Act sets out the information that it protects – namely personal information and sensitive information.
Personal information generally means information or an opinion about a person, where the person is identified or is reasonably identifiable.
Sensitive information means a person’s health information, genetic information, certain biometric information and biometric templates. It also means certain personal information, being information or an opinion about a person’s:
- racial or ethnic origin;
- political opinions;
- membership of a political association;
- religious beliefs or affiliations;
- philosophical beliefs;
- membership of a professional or trade association;
- membership of a trade union;
- sexual orientation or practices; or
- criminal record.
3. Personal information collected and held
We only collect and hold personal information that is relevant to, and reasonably necessary for, the financial services we provide to you. In addition, we only collect sensitive information if you consent, or in specific circumstances set down in the Australian Privacy Principles.
The kind of personal information we will be likely to collect and hold includes:
- your contact details, date of birth, gender;
- your investment preferences;
- your Tax File Number;
- your Australian Business Number;
- your bank account or other financial institution details; and
- identification documents.
4. Consequences of not providing your personal information
You are not obliged to give us your personal information. However, if you decide not to give us information needed in order to provide you with services, we may not be able to provide those services to you.
5. How your personal information is collected and held
We will generally collect your personal information as much as possible directly from you. For example, we collect information about you through your application.
We may on occasion collect your personal information from publicly available sources of information and from third parties, including for example, from:
- your financial adviser;
- Australia Post and / or the Australian Taxation Office (if we cannot contact you); or
- direct marketing organisations and data providers.
We only collect “sensitive information” if you have consented to the collection of the information and the information is reasonably necessary for one or more of our functions or activities or if the collection of sensitive information is authorised or required by a court / tribunal order or an Australian law, including the following Australian laws:
- Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth);
- Corporations Act 2001 (Cth);
- Income Tax Assessment Act 1936 (Cth) and Income Tax Assessment Act 1997 (Cth);
- Privacy Act.
Much of the information we hold about you will be stored electronically in secure data centres located in Australia. We also store information in the data centres of our contracted service providers, and some of these data centres may be located outside Australia.
We use a range of physical, electronic and other security measures to protect the security, confidentiality and integrity of the personal information we hold both in Australia and overseas.
When you use our website, we may also indirectly collect your internet protocol (IP) address, device identifiers, browser type, operating system, internet service provider, location, mobile network information, pages accessed, time stamps and your online transaction history.
Some of the pages on our website use "cookies", which are small files that may be placed on your hard disk for record-keeping purposes. Cookies helps us remember who you are and may collect and store your server address, top level domain name (e.g. .com, .gov, .net etc), the date and time of your visit, country your service address is located in, the type of browser you used, the pages viewed and any downloads made, the previous site you visited and the site you visited next. Cookies can make your subsequent visits to our website simpler and more efficient (for example, your password may be saved so you do not need to re-enter it). We may also use the information to assist in improving the website, marketing and product development.
You can set your browser to notify you when you receive a cookie, giving you the chance to decide whether or not to accept it. (However, by not accepting cookies, some pages on the website may not display properly or you may not be permitted to access certain information.) A server cannot find out a name or email address, or anything about you by using cookies.
We do not store or collect cookie information. Once we receive information from you, via email or any other means, the information is stored in a secure environment.
6. How your personal information is used
We collect, use and disclose your personal information in order to provide managed discretionary account services to you, including for the following purposes:
- Your identification details are used to process your application, manage your investment, ensure that you receive your distributions, provide you with information about your investment from time to time, process redemptions and to ensure that we comply with our legal and regulatory obligations.
- During the time you are an investor in our managed discretionary account service we will hold investment-related information about you including the amount you have invested and your investment preferences.
- Your Tax File Number and Australian Business Number (where relevant) is collected in order for us to ensure that your investment is taxed correctly.
- Your identification details are used to provide you with information about any important changes to the managed discretionary account services we offer you, and related services, as well as any changes to IPL generally.
- We may also use your personal information for any purpose:
- for which your personal information was originally collected or you have consented;
- for enforcement related activities conducted by, or on behalf of, an enforcement body; or
- which is authorised or required by a court/tribunal order or an Australian law.
We may collect, use and disclose your personal information to provide you with information about our products and services offered by other parties that we believe may be of interest to you (including by way of direct mail, telephone, email, text, secure Implemented Portfolios portals, and online advertising and marketing) or to request your feedback for research purposes. You always have the right to opt-out of receiving such information. You may exercise that right by contacting us as set out below in section 12 below.
7. Do we disclose your personal information overseas?
We may disclose personal information to overseas recipients.
We will only disclose your personal information to a recipient overseas in accordance with the Privacy Act. Circumstances in which we will do this include:
- you have asked us to or we have your consent to do so;
- we have outsourced a business activity or function to an overseas service provider;
- we reasonably believe that the overseas recipient is subject to a law or binding scheme that protects the information in a way that is substantially similar to the way the information is protected under the Privacy Act and the Australian Privacy Principles, and there are mechanisms you can access to take action to enforce that protection; or
- the disclosure is required or authorised by or under an Australian law or a court/tribunal order.
Please note that the laws on processing personal information in other countries may be less stringent than in Australia. When we disclose your personal information overseas, we will take reasonable measures to ensure that your information is held, managed and accessed in accordance with the standards that apply in Australia, including the Australian Privacy Principles.
8. Data quality and protection
We will take reasonable steps:
- to make sure all personal information we collect is accurate, complete and up-to-date at all times; and
- to make sure all personal information we use or disclose is (having regard to the purpose of the use or disclosure) accurate, complete up-to-date and relevant at all times.
The people within our organisation who handle your personal information are only those who have the need to access it and they have the training and skills to protect your personal information from unauthorised access or misuse.
We will also take reasonable steps to protect your personal information from misuse, interference and loss, and from unauthorised access, modification and disclosure.
We implement multiple layers of security controls throughout our systems so that in the event that one control fails, or a vulnerability is exploited, there are other measures still in place to protect your personal information. Relevant measures include firewalls, data encryption, limiting physical access to data centres and controls over access to information.
Our website uses industry standard security protocols to protect the personal information you disclose in using our online facilities. We use encryption to provide more secure communications when using our online facilities.
If you provide us with your personal information over the internet you accept that such information will be transmitted at your own risk as the security of such information cannot be guaranteed.
You are responsible for keeping your account details, including user name and password, confidential and secure.
Once we no longer require your personal information, we will take reasonable steps to destroy or permanently de-identify that personal information, except in circumstances where we are required by law to retain it.
If you cease your relationship with us, we will only retain your personal information on file to the extent necessary to meet our regulatory obligations and we will only contact you with your consent.
9. Access and correction
You have the right to:
- request access to personal information that we hold about you; and
- request that we correct personal information we hold about you.
If you think the personal information we hold about you is not accurate, complete or up-to-date, you should let us know. Also, please let us know any relevant changes to your personal circumstances as soon as possible.
We will take reasonable steps to correct information where you provide sufficient evidence or we are otherwise satisfied, having regard for the purpose for which the information is held, that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading. We will also notify the correction to other parties to whom we have previously disclosed the information and if such a party refuses to make a correction, we will notify you of that refusal and how you can make a complaint.
If you require access to personal information we hold about you, please contact us (see section 12 for details). We will generally allow access, unless certain exceptions apply under the Australian Privacy Principles – for example, if we reasonably consider providing access would pose a serious threat to the life, health or safety of any person, or providing access would be likely to prejudice action being taken by an enforcement body, or providing access would be unlawful.
Your request should specify the information to which you require access or which you wish to be corrected. We will keep a record of your request and the manner in which it was dealt with.
We will not charge you for requesting access to, or correction of, your personal information. We may, however, charge you the costs associated with meeting your request for access, for example photocopying and postage costs.
We are required to respond to your request for access or correction within a reasonable period, of receipt of your request.
We will provide you with access in the manner you request, if it is reasonable and practicable to do so.
If we cannot meet your request for access or correction, we will notify you by email and where possible we will give you our reason and take steps to provide you with access. We will also tell you about how you can complain about our decision.
We endeavour to ensure that the personal information we hold about you is accurate, up-to-date, complete, relevant and not misleading, and therefore we may ask you to check and correct your personal details from time to time. We may do this as part of our regular communications with your financial adviser, when you contact us or through other means.
You can contact us anonymously or by using a pseudonym. However, being unable to identify you will limit the services we can provide you and there may be specific cases where we are prevented by law from dealing with you unless we identify you.
11. Data Breach
Should a data breach occur, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) of the data breaches that are likely to result in serious harm within 30 days of the breach event.
The factors which might contribute to a reasonable person thinking “serious harm” might have occurred include:
- The sensitivity of the information;
- Whether the information was encrypted;
- Whether the information was in a secure file;
- How likely it is that the security could be breached; or
- The identity of the person who obtained the information, whether they intend to cause harm to the affected person and the nature of the harm.
12. Who to contact if you have privacy related questions
If you would like further information about how we handle your personal information, you may contact us by any of the following methods.
Telephone: (02) 9164 9800
Chief Operating Officer
Implemented Portfolios Limited
Level 10, 60 Carrington Street
Sydney, NSW, 2000
13. Complaints and further information
If you are not satisfied with the services we provide to you, you should take the following steps:
1. Contact your external financial adviser and tell them about your complaint
2. If your external financial adviser has not satisfactorily resolved your complaint within 5 days, please contact us (see section 12 for the relevant contact details)
If your complaint is made in writing, please mark the envelope or the email subject line (as applicable) “Notice of Complaint”. We will try and resolve your complaint quickly and fairly.
3. If you are not satisfied with the manner in which we deal with your complaint you may refer it to the Office of the Australian Information Commissioner (OAIC). You can contact the OAIC:
GPO Box 5218
Sydney NSW 2001
4. If the complaint cannot be resolved to your satisfaction within 45 days, you have the right to escalate the matter to the Australian Financial Complaints Authority (AFCA). AFCA can be contacted in a number of ways:
- Making a complaint online: https://afca.org.au/make-a-complaint/complain/
- Telephone: 1800 931 678
- Email: firstname.lastname@example.org
- Or you can write to AFCA at:
Australian Financial Complaints Authority Limited
GPO Box 3
Melbourne VIC 3001
14. Related policies
This policy is also related to the following separate policies:
- Data Breach Policy
- Complaints Policy
- Incidents and Breaches Policy
15. Changes to this policy