This policy applies to Ballast Financial Management Pty Ltd, and all our representatives. This policy sets out how we collect and manage personal information we collect from you. The Privacy Act 1988 requires us to handle personal information in accordance with the Australian Privacy Principles.
Collection of information – What is collected and why we collect it
Personal information means information, or an opinion about, an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion. We are an Australian Financial Services Licensee. When we provide you with financial services, we may be required by Corporations Act 2001, Anti-Money Laundering and Counter Terrorism Financing Act 2006 and regulatory requirements to seek to obtain certain personal information about you, including, but not limited to:
- Your name, date of birth, TFN, contact details.
- Information regarding, dependents and family commitments.
- Your occupation, employment history, employment circumstances, details family commitments, social security eligibility.
- Your financial needs and objectives.
- Your assets and liabilities (current and future), income, expenses.
- Your superannuation and insurance details.
- Your investment preferences and attitude or tolerance to investment and financial risk.
- Sensitive information
We may also need to collect sensitive information if we organise insurance covers for you. Sensitive information includes health information, racial information, genetic information, etc.
We will only collect sensitive information that is reasonably necessary for us to perform our functions or activities in advising you and dealing with you.
How we collect personal information
We collect personal and sensitive information in a number of ways, including:
- Directly from you such as when you provide the information at meetings, by phone, email, in data collection forms and when you visit our websites.
- Indirectly from fund managers, superannuation funds, life insurance companies and other product issuers once you have authorised us to obtain such information or authorised other parties to provide us with this information.
Are you obliged to provide us personal information?
You are not required to provide us the information that we request, or to allow us to collect information from third parties. However, where you choose not to provide us with the information we request, we may not be able to provide you with services that you have requested from us, and we may elect to terminate our arrangement with you. Importantly, if you provide either inaccurate or incomplete information to us you risk obtaining products or services that may not be appropriate or suitable for your needs and you may risk suffering a financial detriment or financial loss.
What happens if we obtain information about you which we have not solicited?
Where we receive unsolicited personal information about you, we will consider if we could have collected the information if we had solicited the information. Where we determine that we could have collected the personal information from you, we will treat your personal information in the same manner as if we have solicited the information directly from you. Where we determine that we could not have collected the personal information, we will destroy the information or ensure that the information is de-identified as soon as practicable.
How we use your information
We use your personal information for the primary purpose for which the information was obtained. As an AFS licensee, that will typically mean for the purpose of:
- Providing financial services to you.
- Implementing investment or risk management recommendations on your behalf.
We may also use the information for the secondary purpose of attempting to identify other products and services that may be of interest to you. We may also disclose your personal information to external associates and service providers who assist us to market our products and services.
If, at any time, you do not wish to receive this information, you may contact us with this request.
When we disclose your personal information
We may disclose your personal information to the organisations described below.
- Our representatives.
- The product issuers of products and services that you have elected to acquire, vary or dispose of using our assistance.
- Our external service providers.
- Your professional advisers as authorised by you.
- Our regulators.
For example, information may be disclosed to the following parties:
- Product issuers for the purpose of giving effect to the recommendations made by us, and other organisations who support the products and services we offer.
- Other parties involved in the administration of your financial products or insurance cover (e.g. custodians, credit reporting bodies, actuaries, call centres, mail houses, product registries, any persons who propose to guarantee (or have guaranteed) repayment of any credit provided to you, claims assessors etc.).
- Other professional advisers, including your solicitor or accountant as authorised by you.
- Our external service providers (e.g. IT providers, professional advisers and contractors).
- Government and regulatory authorities and other organisations, as required or authorised by law.
- Any person considering acquiring, or acquiring, an interest in our business.
Government related identifiers
Although in certain circumstances we are required to collect government identifiers such as your tax file number, Medicare number or pension card number, we do not use or disclose this information other than when required, authorised by law or unless you have voluntarily consented to disclose this information to any third party.
Cross-border disclosure of personal information
We may transfer personal information to related bodies corporate or external service providers in locations outside Australia (including, but not limited to, the United States, Taiwan, Singapore, Finland, Belgium & Ireland) in the course of storing that information and when using or disclosing it for one of the purposes referred to above. When transferring personal information to foreign jurisdictions, we take reasonable steps to ensure the overseas recipient does not breach the Australian Privacy Principles in relation to the information.
How we store and secure your personal information
We keep your personal information in your client file and our computer database. We take reasonable steps to ensure the personal information collected and held by us is protected from misuse, interference, loss, unauthorised access, modification or disclosure.
Hard copy files are accessible to authorised personnel only and are appropriately secured. All computer-based information is protected through the use of access passwords. Data is backed up regularly and stored securely off-site.
In the event you cease to be a client of ours, any personal information which we hold about you will be maintained for a period of 7 years in order to comply with legislative and professional requirements. After this, the information will be destroyed.
Notifiable Data Breaches
A Notifiable Data Breach is a data breach that is likely to result in serious harm to any of the individuals to whom the information relates. A data breach occurs when personal information held by an organisation is lost or subjected to unauthorised access or disclosure.
Within 30 days of being aware, Ballast is required to investigate and create an Assessment Report of any eligible data breach where remedial action has been ineffective. Details of the nature and extent of any loss will be provided to you as soon as practicable after the completion of this report. Ballast will also advise you of the suggested course of action in mitigating any potential harm caused by the breach.
The substance of any information we provide you will also be supplied to the Privacy Commissioner.
Ensure your personal information is correct
We will take reasonable steps to ensure that the personal information we collect, use and disclose is accurate, complete and relevant. In the event that you become aware, or believe, that any personal information which we hold about you is inaccurate or incomplete, you may contact us to correct the information.
If we disagree about the correction you have supplied, and refuse to correct the personal information, or if we believe that we are unable to comply with your request to access the personal information that you have provided us, we will give you a written notice to that effect. You have a right to make a complaint if you disagree with our decisions in relation to these matters (see below).
Access to your personal information
You may request access to the personal information we hold about you by contacting our Privacy Officer at firstname.lastname@example.org with your request stating your advisers name and the information you require. We will respond within a reasonable period after the request is made. Where we provide you access to such information, we may charge a reasonable fee to cover our costs. We will disclose the amount of such costs to you prior to providing you with the information.
Dealing with us anonymously
You can deal with us anonymously, or using a pseudonym, where it is lawful and practicable to do so. For example, if you telephone requesting our postal address.
When you visit our website we may collect certain information such as browser type, operating system, website visited immediately before coming to our site, etc. This information is used in an aggregated manner to analyse how people use our website and to improve our website.
Third party sites
Our website has links to other websites that are not owned or controlled by us. We are not responsible for these sites or the consequences of you going on to those sites, except as required by law. Use of link to third party websites is entirely at your own risk.
We aim to investigate and respond to your complaint within 45 days. If you are not satisfied with the outcome of your complaint, or require further information on privacy, you are entitled to contact the Office of the Australian Information Commissioner (www.oaic.gov.au)
This policy is subject to change from time to time.
Privacy Officer: Tara Roberts
9/233 Berrigan Drive, Jandakot WA 6164
08 9417 4727