This Policy applies to Hewison & Associates Pty Ltd (ABN 51 006 082 257) (referred to as ‘Hewison Private Wealth’, ‘we’, ‘our’, ‘us’) and extends to and covers all operations and functions of our organisation.
This Policy outlines Hewison Private Wealth’s obligations to manage and protect personal information. Hewison Private Wealth is bound by the Australian Privacy Principles ('APPs') and the Privacy Act 1988 ('Privacy Act'). This Policy also outlines Hewison Private Wealth’s practices, procedures and systems that ensure compliance with the Privacy Act and the APPs.
- ‘Disclosing’ information means providing information to persons outside Hewison Private Wealth;
- ‘Individual’ means any persons whose personal information we collect, use or disclose.
- ‘Personal information’ means information or an opinion relating to an individual, which can be used to identify that individual;
- ‘Privacy Officer’ means the contact person within Hewison Private Wealth for questions or complaints regarding Hewison Private Wealth’s handling of personal information;
- ‘Sensitive information’ is personal information that includes information relating to a person's racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, sexual preferences and criminal record, and also includes health information; and
- ‘Use’ of information means use of information within Hewison Private Wealth.
WHAT KIND OF PERSONAL INFORMATION DO WE COLLECT AND HOLD?
As a financial planning organisation, we are subject to certain legislative and regulatory requirements which necessitate us collecting and holding certain personal information about individuals. The kinds of personal information we collect may include:
- telephone numbers;
- email addresses;
- employment details and employment history;
- details of the individual’s financial needs and objectives;
- details of the individual’s current financial circumstances, including the individual’s assets and liabilities (both actual and potential), income, expenditure, insurance cover and superannuation;
- details of the individual’s investment preferences and tolerance to risk;
- bank account details;
- drivers’ licence details; and
- other information that is relevant to the services that we provide.
HOW WE COLLECT PERSONAL INFORMATION.
Hewison Private Wealth will not collect sensitive information unless the individual has consented or an exemption under the APPs applies. These exemptions include if the collection is required or authorised by law or necessary to take appropriate action in relation to suspected unlawful activity or serious misconduct.
If the personal information we request is not provided by an individual, we may elect to terminate our retainer with the individual if we believe we are unable to provide the individual with a complete service.
Hewison Private Wealth does not give individuals the option of dealing with them anonymously, or under a pseudonym. This is because it is impractical, and in some circumstances illegal, for Hewison Private Wealth to deal with individuals who are not identified.
UNSOLICITED PERSONAL INFORMATION.
Hewison Private Wealth may receive unsolicited personal information about individuals. We destroy all unsolicited personal information, unless the personal information is relevant to Hewison Private Wealth’s purposes for collecting personal information.
ABOUT WHOM DO WE COLLECT PERSONAL INFORMATION?
The personal information we may collect and hold includes (but is not limited to) personal information about the following individuals:
- potential clients;
- service providers or suppliers;
- prospective employees, employees and contractors; and
- other third parties with whom we come into contact.
WHY DOES HEWISON PRIVATE WEALTH COLLECT AND HOLD PERSONAL INFORMATION?
We may use and disclose the information we collect about an individual for the following purposes:
- to assist Hewison Private Wealth in providing financial services requested by an individual, including preparing an individual’s financial plan, providing financial advice, reviewing financial plans and investment recommendations, and administering the individual’s financial affairs;
- to complete documentation and forms;
- to consider and assess an individual’s request for a product or service;
- to provide an individual with information about a product or service;
- to protect our business and other clients from fraudulent or unlawful activity;
- to conduct our business and perform other management and administration tasks;
- to consider any concerns or complaints an individual may have;
- to manage any legal actions involving Hewison Private Wealth;
- to comply with relevant laws, regulations and other legal obligations, including the Corporations Act 2001, Anti-Money Laundering and Counter-Terrorist Financing Act 2006, and Rules of Professional Conduct of the Financial Planning Association of Australia; and
- to help us improve the financial services offered to our clients, and to enhance our overall business.
HOW MIGHT WE USE AND DISCLOSE PERSONAL INFORMATION?
Hewison Private Wealth may use and disclose personal information for the primary purposes for which it is collected, for reasonably expected secondary purposes which are related to the primary purpose and in other circumstances authorised by the Privacy Act.
We use and disclose personal information for the purposes outlined in section 7 above. Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless the individual agrees otherwise, or where certain other limited circumstances apply (e.g. if required by law).
We engage other people to perform services for us, which may involve that person handling personal information we hold. In these situations, we prohibit that person from using personal information about the individual except for the specific purpose for which we supply it. We prohibit that person from using the individual’s information for the purposes of direct marketing their products or services.
In relation to sensitive information held by us, wherever possible, Hewison Private Wealth will attempt to de-identify the information. We also undertake to take reasonable steps to delete all personal information about an individual when it is no longer needed.
TO WHOM MIGHT WE DISCLOSE PERSONAL INFORMATION?
We may disclose personal information to:
- a related entity of Hewison Private Wealth;
- an agent, contractor or service provider we engage to carry out our functions and activities, such as our lawyers, accountants, debt collectors or other advisors;
- professional external auditors;
- organisations involved in a transfer or sale of all or part of our assets or business (individuals will be advised of any such transfer or sale);
- organisations involved in managing payments, including payment merchants and other financial institutions such as banks;
- regulatory bodies, government agencies, law enforcement bodies and courts, including the Financial Planning Association of Australia and the Australian Securities and Investments Commission;
- superannuation fund trustees;
- insurance providers;
- other financial product issuers; and
- anyone else to whom the individual authorises us to disclose it or is required by law.
We may also collect personal information from these organisations and individuals, and will deal with that information in accordance with this Policy.
SENDING INFORMATION OVERSEAS.
We will not send personal information to recipients outside of Australia unless:
- we have taken reasonable steps to ensure that the recipient does not breach the Act, and the APPs;
- the recipient is subject to an information privacy scheme similar to the Privacy Act; or
- the individual has consented to the disclosure.
MANAGEMENT OF PERSONAL INFORMATION.
Hewison Private Wealth recognises how important the security of personal information is to clients. We will at all times seek to ensure that the personal information we collect and hold is protected from misuse, interference and loss, and unauthorised access, modification or disclosure. Hewison Private Wealth respects the confidentiality of the personal information we collect.
Personal information is generally held in client files. Information may also be held in a computer database. All papers and files are stored in lockable cabinets and secure lockable offices, which are locked out of hours. All record movements off premises are recorded in a central register. All data stored off site is stored securely. Access to our premises is controlled by allowing only personnel with security passes to access the premises.
In relation to our computer-based information, we apply the following guidelines:
- data ownership is clearly defined within Hewison Private Wealth;
- data is backed up each evening;
- data is protected through the use of access passwords and passwords are routinely checked;
- employees’ access capabilities are changed when they are assigned to a new position;
- employees have restricted access to certain sections of the system;
- the system automatically logs and reviews all unauthorised access attempts;
- the system automatically limits the amount of personal information appearing on any one screen;
- unauthorised employees are barred from updating and editing personal information;
- all personal computers which contain personal information are secured, physically and electronically;
- data is encrypted during transmission over the network;
- print reporting of data containing personal information is limited;
- Hewison Private Wealth has created procedures for the disposal of personal information; and
- personal information is overwritten to the extent possible when the information is no longer required.
Where we no longer require the personal information for a permitted purpose under the APPs, and are no longer required to hold the information by law, we will take reasonable steps to destroy it. We will hold the individual’s personal information for at least 7 years in order to comply with legislative and professional requirements.
Hewison Private Wealth may use personal information collected form an individual for the purposes of direct marketing if:
- the personal information does not include sensitive information; and
- the individual would reasonably expect us to use or disclose the information for the purpose of direct marketing; and
- we provide a simple way of opting out of direct marketing; and
- the individual has not requested to opt out of receiving direct marketing from us.
An individual can contact us to opt out of receiving direct marketing material, and will give effect to the request within 2 weeks.
If the individual would not reasonably expect us to use or disclose the information for the purpose of direct marketing, we may only use or disclose that information for direct marketing if the individual has consented to the use or disclosure of the information for direct marketing or it is impracticable to obtain that consent.
In relation to sensitive information, Hewison Private Wealth may only use or disclose sensitive information about an individual for the purpose of direct marketing if the individual has consented to the use or disclosure of the information for that purpose.
Individuals may also request that Hewison Private Wealth provides them with the source of their information. If such a request is made, Hewison Private Wealth must notify the individual of the source of the information free of charge within a reasonable period of time.
We will not use identifiers assigned by the Government, such as a tax file number, Medicare number or provider number, for our own file recording purposes, unless one of the exemptions in the Privacy Act applies. Hewison Private Wealth endeavours to avoid data-matching, being the comparison of data collected and held for two or more separate purposes in order to identify common features in relation to individuals, as a basis for further investigation or action in relation to those individuals.
HOW DO WE KEEP PERSONAL INFORMATION ACCURATE AND UP-TO-DATE?
Hewison Private Wealth is committed to ensuring that the personal information it holds about individuals is relevant, accurate, complete and up-to-date.
We encourage individuals to contact us if they believe that any personal information held by us is inaccurate, incomplete or outdated. If we correct information that has previously been disclosed to another entity, we will notify the other entity within a reasonable period of the correction. Where we are satisfied information is inaccurate, we will take reasonable steps to correct the information within 30 days, unless the individual agrees otherwise. We do not charge individuals for correcting the information.
ACCESS TO PERSONAL INFORMATION.
Subject to the exceptions set out in the Privacy Act, individuals may gain access to the personal information that we hold about them by contacting the Hewison Private Wealth Privacy Officer. We will provide access within 30 days of the individual’s request. If we refuse to provide the information, we will provide reasons for the refusal.
An individual’s request for access to his or her personal information will be dealt with either by providing the individual with copies of the information requested by allowing the individual to inspect the information or providing the individual with an accurate summary of the information held. We will require identity verification and specification of what information is required. An administrative fee for search and photocopying costs may be charged for providing access.
UPDATES TO THIS POLICY.
This Policy will be reviewed from time to time to take account of new laws and technology, and changes to our operations and the business environment. This Policy is approved by the Board of Directors.
NON-COMPLIANCE AND DISCIPLINARY ACTIONS.
CONTRACTUAL ARRANGEMENTS WITH THIRD PARTIES.
- regulating the collection, use and disclosure of personal and sensitive information;
- de-identifying personal and sensitive information wherever possible;
- ensuring that personal and sensitive information is kept securely, with access to it only by authorised employees or agents of the third parties; and
- ensuring that the personal and sensitive information is only disclosed to organisations which are approved by Hewison Private Wealth.
If an individual has any concerns in relation to the disclosure of his or her personal information to third parties, they should contact us.
ENQUIRIES AND COMPLAINTS.
If you have any questions about our privacy procedures, or if wish to make a complaint about how we have dealt with your personal information you may lodge a complaint with us in any of the following ways:
- by telephoning – (03) 8548 4800
- by writing to – Hewison Private Wealth Privacy Officer, Level 8, 417 St Kilda Rd, Melbourne 3004
- by emailing – email@example.com
23. WHAT IF I AM NOT SATISFIED WITH THE RESPONSE?
If you are not satisfied with the result of your complaint to Hewison Private Wealth you can also refer your complaint to the Office of the Australian Information Commissioner.
You can contact the Office of the Australian Information Commissioner:
- by telephoning - 1300 363 992
- by writing to - Director of Complaints, Office of the Australian Information Commissioner, GPO Box 5218, SYDNEY NSW 2001
- by emailing - firstname.lastname@example.org