The aim of this policy is to take all reasonable steps in the collection and management of personal information about our clients.
As an Australian Financial Services Licensee and a holder of personal information about our clients, it is our objective to ensure that bdhSterling AFSL Pty Ltd (bdhSterling AFSL) and its representatives comply with all relevant aspects of the Australian Privacy Principles (APPs), as set out in the Privacy Amendment (Enhancing Privacy Protection) Act 2012.
The APPs require bdhSterling AFSL to take reasonable steps to protect the personal information it holds from misuse, interference and loss, as well as unauthorised access, modification or disclosure under APP11 – Security of Personal Information.
As a Licensee, bdhSterling AFSL ensures that there are adequate resources in place to develop, implement and maintain the privacy program and response plan. All representatives of bdhSterling AFSL are aware of the privacy program and are encouraged to identify privacy issues and notify directly to bdhSterling AFSL.
bdhSterling AFSL is required to meet legislative and regulatory requirements. The information that we seek to collect about you will depend on the products or services that we provide. If you provide inaccurate or incomplete information, we may not be able to provide you with the services you requested.
The Office of the Australian Information Commissioner (OAIC)’s focus of the Privacy Act and obligations is to increase protection levels and keep individual’s personal information more secure. It’s the responsibility of APP entities to secure and protect the personal information they hold and prevent breaches from occurring.
The Notifiable Data Breach Scheme provides a framework that requires businesses to respond swiftly and with transparency to mitigate the damage potentially caused by a breach.
This ultimately gives consumers more confidence that their personal information is being appropriately safeguarded and that they will be made aware if their information is compromised.
bdhSterling AFSL’s Commitment to Privacy for our Clients
bdhSterling AFSL is committed to providing the highest levels of client service.
bdhSterling AFSL recognises that privacy is very important to everybody. As such, the organisation is committed to providing a privacy program that ensure the correct management of personal information, identification of breaches or suspected breaches of the Policy and utilising the breach Response Plan to ensure we can respond quickly to suspected data breaches, and take appropriate steps as required under the NDB Scheme.
What are the Australian Privacy Principles (APP)?
1. Open and transparent management of personal information
2. Anonymity and pseudonymity
3. Collection of solicited personal information
4. Dealing with unsolicited personal information
5. Notification of the collection of personal information
6. Use or disclosure of personal information
7. Direct Marketing
8. Cross-border disclosure of personal information
9. Adoption, use or disclosure of government related identifiers
10. Quality of personal information
11. Security of personal information
12. Access to personal information
13. Correction of personal information
bdhSterling AFSL as an organisation has ensured that its privacy program embraces the principles established by the APPs under the Privacy Act.
Your Personal Information
What bdhSterling AFSL may collect:
When you apply for our products or services, we may ask for identification information. This could include your name, address, contact details and date of birth. We may also collect your tax file number if we are authorised to collect it, and if you choose to supply it.
Some of the information we collect is to ensure that we can meet other legislative requirements such as the Anti-Money Laundering and Counter-Terrorism Financing Act 2006.
How bdhSterling AFSL collects Personal Information:
We collect personal information directly from you and, if authorised by you, from third parties also. You have a right to refuse authorisation for us to collect information from a third party.
How bdhSterling AFSL uses your Personal Information:
Primarily, your personal information is used to provide you with products or services. We may also use the information that is related to the primary purpose, and it is reasonable for you to expect that information to be disclosed to assist us in providing you with the service.
Occasionally, we may provide you with direct marketing material. This will include articles and newsletters that may be of interest to you. We may only use sensitive information about you for direct marketing once we have received your consent.
bdhSterling AFSL maintains records of the source of the personal information used for direct marketing and you have the right to request these details. We will endeavour to meet your request within two (2) weeks.
In compliance with the Anti-Hawking legislation, we maintain a register for those individuals not wanting to receive direct marketing materials.
When bdhSterling AFSL can disclose your information:
In line with the business practices of many financial institutions, and to meet your specific needs, we may disclose your personal information to the following organisations:
- superannuation fund trustees, insurance providers, fund managers and other product providers in order to manage or administer your product or service,
- compliance consultants,
- temporary staff to handle workloads during peak periods,
- mailing houses,
- your professional advisers, including your solicitor or accountant as authorised by you,
- information technology service providers,
- Government and regulatory authorities, as required or authorised by law,
- another authorised representative of bdhSterling AFSL if necessary,
- a potential purchaser/organisation involved in the proposed sale of bdhSterling AFSL’s business for the purpose of due diligence, corporate re-organisation and transfer of all or part of the assets of the business. Disclosure will be made in confidence, and it will be a condition of that disclosure that no personal information will be used or disclosed by them,
- a new owner of the business that will require the transfer of your personal information.
bdhSterling AFSL’s employees and the outsourcing companies/contractors are obliged to respect the confidentiality of any personal information held by bdhSterling AFSL.
The Corporations Act has provided the Australian Securities and Investments Commission (ASIC) with the authority to inspect certain personal information that is kept on bdhSterling AFSL’s files about you.
bdhSterling AFSL takes its obligations to protect your information seriously, this includes if/when bdhSterling AFSL operates throughout Australia and overseas, as part of its operations.
Some uses and disclosures of your information may occur outside your State or Territory and/or outside of Australia. In some circumstances we may need to obtain your consent before disclosure of your information outside Australia occurs.
How bdhSterling AFSL stores and secures your Personal Information:
bdhSterling AFSL keeps your personal information in your client files or electronically. These files are accessible to authorised personnel only and are appropriately secured and subject to confidentiality requirements.
Personal information will be treated as confidential information and sensitive information will be treated highly confidential.
It is a legislative requirement that bdhSterling AFSL keeps all personal information and records for a period of seven (7) years. Should you cease to be our client, we will maintain your personal information on or off site in a secure manner for seven (7) years. After this period, the information will be appropriately destroyed.
Ensuring your Personal Information is correct:
bdhSterling AFSL takes all reasonable precautions to ensure that the personal information collected, used and disclosed is accurate, complete and up to date. To ensure that we can maintain this level of accuracy and completeness it is recommended that, as soon as possible, you:
- Inform us of any errors in your personal information, and
- Update us with any changes to your personal information.
Receiving Unsolicited Information:
bdhSterling AFSL does not usually collect unsolicited personal information. Where we received unsolicited personal information, it will be determined whether it would have been permissible to collect this information if it had been solicited. If bdhSterling AFSL determines that collection would not have been permissible, to the extent permitted by law, the personal information will be appropriately destroyed or de-identified as soon as practicable.
Accessing your own Personal Information:
You have a right to access your personal information, subject to certain exceptions allowed by law. We ask that you provide a request in writing (for security purposes) and we will provide you with access to that personal information. Access to the requested personal information may include:
- Providing you with copies,
- Providing you with the opportunity for inspection, or
- Providing you with a summary.
If charges are applicable in providing access to you, these charges will be disclosed to you prior to providing the information. Some exceptions exist where bdhSterling AFSL will not provide you with access to your personal information, these include if:
- Providing access would pose a serious threat to the life or health of a person,
- Providing access would have an unreasonable impact on the privacy of others,
- The request for access is frivolous or vexatious,
- The information is related to existing or anticipated legal proceedings between bdhSterling AFSL and a client and would not be discoverable in those proceedings,
- Providing access would reveal bdhSterling AFSL’s intentions in relations to negotiations with you in such a way as to prejudice those negotiations,
- Providing access would be unlawful,
- Denying access is required or authorised by or under law, and
- Providing access would be likely to prejudice certain operations by, or on behalf of, an enforcement body or an enforcement body requests that access not be provided on the grounds of national security.
Should we refuse you access to your personal information, a written explanation for that refusal will be provided.
Using Government Identifiers
In certain circumstances bdhSterling AFSL is required to collect Government identifiers such as your tax file number (TFN), Medicare number or pension card number. bdhSterling AFSL does not use or disclose this information other than when required or authorised by law or unless you have voluntarily consented to disclose this information to any third party.
Dealing with bdhSterling AFSL Anonymously
You can deal with us anonymously or by using a pseudonym where it is lawful and practicable to do so, for example when telephoning to request publicly accessible information such as our postal address or operating hours.
It would not be lawful to access our products or services anonymously or by using a pseudonym.
Your Sensitive Information
Without your consent bdhSterling AFSL will not collect information about you that reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs or affiliations, memberships of professional or trade associations, membership of a trade union, details of health, disability, sexual orientation or criminal record.
This is subject to some exception, including if collection is required by law or when the information is necessary for the establishment, exercise or defence of a legal claim.
bdhSterling AFSL’s Website
bdhSterling AFSL’s website may provide links to third party websites. If you disclose personal information to these third-party sites, the use of your information by these third-parties is not within bdhSterling AFSL’s control and bdhSterling AFSL cannot accept responsibility for the conduct of these organisations. Other websites are not subject to bdhSterling AFSL’s privacy standards. You will need to contact or review those websites directly to ascertain their privacy policies
You may register on bdhSterling AFSL’s website to receive newsletters and other information, and by doing so, your name and email address will be collected and stored on bdhSterling AFSL’s database. We will take care to ensure that the personal information you provide on our website is protected by having electronic security systems in place, including the use of firewalls and data encryption.
If you do not wish to receive any further information from bdhSterling AFSL, or you wish to update your registration details, please email your request directly to us. We will endeavour to meet your request within five (5) business days
Our website utilises cookies to provide you with a better user experience. Cookies also allow bdhSterling AFSL to identify your browser while you are using the site – the cookies do not identify you personally. If you do not wish to receive cookies, you can instruct your web browser to refuse these cookies.
Spam is a generic term used to describe electronic ‘junk mail’ – unwanted messages sent to a person’s email account or mobile phone. In Australia, spam is defined as “unsolicited commercial electronic messages”.
Electronic messaging covers emails, instant messaging (IM), SMS and other mobile phone messaging, but it does not cover normal voice-to-voice communications by telephone.
bdhSterling AFSL complies with the provisions of the Spam Act 2003 when sending commercial electronic messages. In addition, bdhSterling AFSL is also bound by their own internal AntiHawking Policy.
The Spam Act 2003 specifies that the person’s consent has been withdrawn within five (5) working days from the date that an ‘unsubscribe’ request was sent (in the case of electronic unsubscribe messages) or delivered (in the case of unsubscribe messages sent by post or other means).
bdhSterling AFSL follows the following steps when using electronic messaging:
1. Consent – only commercial electronic messages are sent with the addressee’s consent, either inferred or expressed consent.
2. Identify – electronic messages will include clear and accurate information about the person and the bdhSterling AFSL contact that is responsible for sending the commercial electronic message.
3. Unsubscribe – bdhSterling AFSL ensures that a functional unsubscribe facility is included in all its commercial electronic messages and deals with unsubscribe requests promptly
Commercial Communications with a Forwarding Facility (Viral Messages)
bdhSterling AFSL ensures that Commercial Communications that include a Forwarding Facility comply with the law by containing a clear recommendation. This recommendation is that the Recipient should only forward the Commercial Communication to persons with whom they have a relationship, and where that relationship means that the person could be said to have consented to receiving Commercial Communications.
Complying with the Age Sensitive Content of Commercial Communication
Where content of a Commercial Communication seeks to promote or inspire interaction with a product, service or event that is age sensitive, bdhSterling AFSL takes reasonable steps to ensure that such content is sent to Recipients who are legally entitles to use or participate in the product, service or event.
Related Laws and Regulations
There may be times when other legislation or obligations override the obligation in the Privacy Act 1988 and the Privacy Amendment (Enhancing Privacy Protection) Act 2012. These include, but are not limited to:
- The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act), where bdhSterling AFSL is required to report to suspicious matters and large money transactions AUSTRAC.
- Regulatory Guide 78 Breach reporting by AFS licensees, where Licensees are required to report any breach or potential breach to ASIC
- Mandatory reporting requirements during a Disaster Recovery event or in the event of a Cyber breach as detailed in the Corporations Act 2001
- Requirement with regards to ATO requests
Privacy Complaints Process
Clients may contact bdhSterling AFSL’s Privacy Officer if you wish to complain about any breach or potential breach of your privacy rights. Your complaint will be responded to within seven (7) days. bdhSterling AFSL’s Privacy Officer will investigate the issue and determine steps to undertake to resolve your complaint.
bdhSterling AFSL’s Privacy Officer will contact you if any additional information is required from you and will notify you in writing of the determination.
If you are not satisfied with the outcome of your complaint, you are entitled to contact the Office of the Australian Information Commissioner.
bdhSterling AFSL Privacy Officer: Jacqui Stewart
Address: D2, 118 Railway Street, West Perth WA 6005
Telephone Number: 08 6180 2555
This policy shall be updated, reviewed or further developed in consultation with the stakeholders of the organisation.
This policy is approved for use by the Compliance Committee and takes effect immediately.
|January 2022||GRC Essentials||New Policy Set – external compliance rollout to client being undertaken|
|For any existing versions of this policy, please refer to GRCPlus|
What information do we collect about you?
We collect information about you when you engage us for financial planning services. This information will relate to your personal and financial circumstances. It may also include special categories of personal data such as data about your health, if this is necessary for the provision of our services.
We may also collect information when you voluntarily complete client surveys or provide feedback to us.
Information relating to usage of our website is collected using cookies. These are text files placed on your computer to collect standard internet log information and visitor behaviour information. We’ll use your information collected from the website to personalise your repeat visits to the site.
Information about connected individuals
We may need to gather personal information about your close family members and dependants in order to provide our service to you effectively. In such cases it will be your responsibility to ensure that you have the consent of the people concerned to pass their information on to us. We’ll provide a copy of this privacy notice for them or, where appropriate, ask you to pass the privacy information to them.
Why do we need to collect and use your personal data?
The primary legal basis that we intend to use for the processing of your data is for the performance of our contract with you. The information that we collect about you is essential for us to be able to carry out the services that you require from us effectively. Without collecting your personal data we’d also be unable to fulfil our legal and regulatory obligations.
Where special category data is required we’ll obtain your explicit consent in order to collect and process this information.
We may use your data for commercial purposes (i.e. marketing) using legitimate interests as our legal basis for processing. We will ensure that this does not outweigh your own interests, rights and freedoms and we will not process your data in any way which you may not reasonably expect. You may be assured that we and any company associated with us will treat all personal data and sensitive personal data as confidential and will not process it other than for a legitimate purpose.
How will we use the information about you?
We collect information about you in order to provide you with the services for which you engage us.
Who might we share your information with?
If you agree, we may email you about other products or services that we think may be of interest to you.
If you agree, we’ll pass on your personal information to our group of companies so that they may offer you their products and services.
We won’t share your information for marketing purposes with companies outside our group of companies/other companies.
In order to deliver our services to you effectively we may send your details to third parties such as those that we engage for professional compliance, accountancy, financial planning or legal services as well as product and platform providers that we use to arrange financial products for you.
Where third parties are involved in processing your data we’ll have a contract in place with them to ensure that the nature and purpose of the processing is clear, that they are subject to a duty of confidence in processing your data and that they’ll only act in accordance with our written instructions.
To fulfil our obligations in respect of prevention of money-laundering and other financial crime we may send your details to third party agencies for identity verification purposes.
How long do we keep hold of your information?
During the course of our relationship with you we’ll retain personal data which is necessary to provide services to you. We’ll take all reasonable steps to keep your personal data up to date throughout our relationship.
We’re also subject to regulatory requirements to retain your data for specified minimum periods. These are, generally:
- Five years for investment business
- Three years for mortgage business
- Indefinitely for pension transfers and opt-out business
- Three years for insurance business
These are minimum periods, during which we have a legal obligation to retain your records.
We reserve the right to retain data for longer where we believe it’s in our legitimate interests to do so.
In any case, except for pension transfers and opt-outs, we’ll not keep your personal data for longer than 15 years after our relationship with you has ended.
You have the right to request deletion of your personal data. We’ll comply with this request, subject to the restrictions of our regulatory obligations and legitimate interests as noted above.
How can I access the information you hold about me?
You have the right to request a copy of the information that we hold about you. If you’d like a copy of some or all of your personal information please email or write to us using the contact details noted below.
When your personal data is processed by automated means you have the right to ask us to move your personal data to another organisation for their use.
We have an obligation to ensure that your personal information is accurate and up to date. Please ask us to correct or remove any information that you think is incorrect.
We’d like to send you information about our products and services and those of other companies in our group which may be of interest to you. If you’ve agreed to receive marketing information, you may opt out at a later date.
You have a right at any time to stop us from contacting you for marketing purposes or giving your information to other members of the group. If you no longer wish to be contacted for marketing purposes, please contact us by email or post.
For further information visit http://www.allaboutcookies.org/
You can set your browser not to accept cookies and the above website tells you how to remove cookies from your browser. However in a few cases some of our website features may not function as a result.
What can you do if you are unhappy with how your personal data is processed?
You also have a right to lodge a complaint with the supervisory authority for data protection. In the UK this is:
Information Commissioner’s Office
0303 123 1113 (local rate)
This policy is subject to a formal review on an annual basis.
How to contact us
Or write to us at:
4-6 Church Street