Privacy Policy

The aim of this policy is to take all reasonable steps in the collection and management of personal information about our clients.



As an Australian Financial Services Licensee and a holder of personal information about our clients, it is our objective to ensure that bdhSterling AFSL Pty Ltd (known as bdhSterling) and its representatives comply with all relevant aspects of the Australian Privacy Principles (APPs), as set out in the Privacy Amendment (Enhancing Privacy Protection) Act 2012, and with the Notifiable Data Breach Scheme (NDB Scheme) and adheres to the Financial Adviser Standards and Ethics Authority Ltd (FASEA), the standards body for Part 7.6 of the Corporations Act 2001, known as the Code of Ethics.

The APPs require bdhSterling to take reasonable steps to protect the personal information it holds from misuse, interference and loss, as well as unauthorised access, modification or disclosure under APP11 – Security of Personal Information. Licensees who trade in personal information have additional obligations under the remaining APPs. All Licensees holding personal information are expected to implement a Privacy Policy in compliance with the APPs. In addition, the NDB Scheme applies to entities that have an obligation under APP 11 of the Privacy Act to protect the personal information they hold.

Adherence to the bdhSterling Privacy Breach Policy and Data Response Plan (The Policy) is expected and will be monitored to ensure that personal information is secured adequately and breaches, both suspected and actual, are treated appropriately as per the guidelines set by the Office of the Australian Information Commissioner (OAIC).


The OAIC’s focus of the Privacy Act and NDB Scheme obligations is to increase protection levels across the board and keep individual’s personal information more secure. It’s the responsibility of APP entities to secure and protect the personal information they hold and prevent breaches from occurring. The NDB Scheme provides a framework that requires businesses to respond swiftly and with transparency to mitigate the damage potentially caused by a breach. This ultimately gives consumers more confidence that their personal information is being appropriately safeguarded and that they will be made aware if their information is compromised.

bdhSterling as an organisation has undertaken to ensure that its privacy program embraces the principles established by the APPs under the Privacy Act and abides by the requirements of the NDB Scheme.

Privacy Act 1988 (Privacy Act)

Australian Privacy Principles

APP 1 — Open and transparent management of personal information

APP 2 — Anonymity and pseudonymity

APP 3 — Collection of solicited personal information

APP 4 — Dealing with unsolicited personal information

APP 5 — Notification of the collection of personal information

APP 6 — Use or disclosure of personal information

APP 7 — Direct marketing

APP 8 — Cross-border disclosure of personal information

APP 9 — Adoption, use or disclosure of government related identifiers

APP 10 — Quality of personal information

APP 11 — Security of personal information

APP 12 — Access to personal information

APP 13 — Correction of personal information

The NDB Scheme (under Part IIIC of the Act)


bdhSterling is committed to providing you with the highest levels of client service. bdhSterling recognises that your privacy is very important to you.  As such, the organisation is committed to providing a privacy program that ensure the correct management of personal information, identification of breaches or suspected breaches of the Policy and utilising the breach Response Plan to ensure we are able to respond quickly to suspected data breaches, and take appropriate steps as required under the NDB Scheme.

bdhSterling is committed to all stages of the NDB Scheme and the reporting of data breaches from identification of a breach/potential breach including containment, evaluation, notification and review of the breach including acting to prevent future breaches.

Refer Appendix A; comprehensive information on how this company will undertake its NDB Scheme.

Further information on privacy in Australia may be obtained by visiting the website of the Office of the Australian Information Commissioner at

bdhSterling believes that this Privacy Policy discloses the purpose, and how the personal information you provide to us and our representatives, is collected, used, held, disclosed and disseminated.

As a Licensee, bdhSterling ensures that there are adequate resources in place to develop, implement and maintain the privacy program and response plan. All representatives of bdhSterling are made aware of the privacy program and are encouraged to identify privacy issues and notify directly to bdhSterling.

bdhSterling is required to meet legislative and regulatory requirements. The information that we seek to collect about you will depend on the products or services that we provide.   If you provide inaccurate or incomplete information, we may not be able to provide you with the services you requested.

We encourage you to check our website regularly for any updates to our Privacy Policy.

Operational Controls

Your Personal Information

When you apply for our products or services, we may ask for identification information. This could include your name, address, contact details and date of birth. We may also collect your tax file number if we are authorised to collect it and if you choose to supply it.

How bdhSterling Collects Personal Information

We collect personal information directly from you or from third parties once authorisation has been provided by you. You have a right to refuse us authorisation to collect information from a third party.

How bdhSterling Uses Your Personal Information

Primarily, your personal information is used in order to provide you with products or services. We may also use the information that is related to the primary purpose and it is reasonable for you to expect the information to be disclosed.

From time to time, we may provide you with direct marketing material.  This will include articles and newsletters that may be of interest to you. We may only use sensitive information about you for direct marketing once we have obtained your consent.

bdhSterling maintains details of the source of your personal information used for direct marketing and you have the right to request these details.  We will endeavour to meet your request within two (2) weeks.  A register is maintained for those individuals not wanting direct marketing material.

When bdhSterling Discloses Your Personal Information*

In line with modern business practices common to many financial institutions and to meet your specific needs we may disclose your personal information to the following organisations:

  • superannuation fund trustees, insurance providers, fund managers and other product providers in order to manage or administer your product or service;
  • compliance consultants;
  • temporary staff to handle workloads during peak periods;
  • mailing houses;
  • your professional advisers, including your solicitor or accountant as authorised by you;
  • information technology service providers;
  • Government and regulatory authorities, as required or authorised by law
  • another authorised representative of bdhSterling if necessary;
  • a potential purchaser/organisation involved in the proposed sale of bdhSterling’s business for the purpose of due diligence, corporate re-organisation and transfer or all or part of the assets of the business. Disclosure will be made in confidence and it will be a condition of that disclosure that no personal information will be used or disclosed by them;
  • a new owner of the business that will require the transfer of your personal information.

bdhSterling’s employees and the outsourcing companies/contractors are obliged to respect the confidentiality of any personal information held by bdhSterling.

The Corporations Act has provided the Australian Securities and Investments Commission (ASIC) with the authority to inspect certain personal information that is kept on bdhSterling’s files about you.

bdhSterling takes its obligations to protect your information seriously, this includes if/when bdhSterling operates throughout Australia and overseas, as part of its operations. Some uses and disclosures of your information may occur outside your State or Territory and/or outside of Australia.  In some circumstances we may need to obtain your consent before disclosure of your information outside Australia occurs.

How bdhSterling Stores and Secures Your Personal Information

bdhSterling keeps your personal information in your client files or electronically.  These files are accessible to authorised personnel only and are appropriately secured and subject to confidentiality requirements.

Personal information will be treated as confidential information and sensitive information will be treated highly confidential.

It is a legislative requirement that bdhSterling keeps all personal information and records for a period of seven (7) years. Should you cease to be our client, we will maintain your personal information on or off site in a secure manner for seven (7) years. After this period, the information will be destroyed.

Ensure Your Personal Information Is Correct

bdhSterling takes all reasonable precautions to ensure that the personal information collected, used and disclosed is accurate, complete and up to date. To ensure that we can maintain this level of accuracy and completeness, it is recommended you:

  • inform us of any errors in your personal information; and
  • update us with any changes to your personal information as soon as possible.

Unsolicited Information

bdhSterling does not usually collect unsolicited personal information. Where we receive unsolicited personal information, it will be determined whether or not it would have been permissible to collect that personal information if it had been solicited. If bdhSterling determines that collection would not have been permissible, to the extent permitted by law, the personal information will be destroyed or de-identified as soon as practicable.

Access to Your Personal Information

You have a right to access your personal information, subject to certain exceptions allowed by law. We ask that you provide your request for access in writing (for security reasons) and we will provide you with access to that personal information. Access to the requested personal information may include:

  • providing you with copies;
  • providing you with the opportunity for inspection; or
  • providing you with a summary.

If charges are applicable in providing access to you, these charges will be disclosed to you prior to providing the information.

Some exceptions exist where bdhSterling will not provide you with access to your personal information if:

  • providing access would pose a serious threat to the life or health of a person;
  • providing access would have an unreasonable impact on the privacy of others;
  • the request for access is frivolous or vexatious;
  • the information is related to existing or anticipated legal proceedings between bdhSterling and the client and would not be discoverable in those proceedings;
  • providing access would reveal bdhSterling’s intentions in relation to negotiations with you in such a way as to prejudice those negotiations;
  • providing access would be unlawful;
  • denying access is required or authorised by or under law;
  • providing access would be likely to prejudice certain operations by or on behalf of an enforcement body or an enforcement body requests that access not be provided on the grounds of national security.

Should we refuse you access to your personal information, a written explanation for that refusal will be provided.

Using Government Identifiers

Although in certain circumstances bdhSterling is required to collect Government identifiers such as your tax file number, Medicare number or pension card number, bdhSterling does not use or disclose this information other than when required or authorised by law or unless you have voluntarily consented to disclose this information to any third party.

Dealing with bdhSterling Anonymously

You can deal with us anonymously or by using a pseudonym where it is lawful and practicable to do so. For example, if you telephone requesting our postal address.

Your Sensitive Information

Without your consent bdhSterling will not collect information about you that reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs or afflations, membership of professional or trade association, membership of a trade union, details of health, disability, sexual orientation, or criminal record.

This is subject to some exceptions including:

  • the collection is required by law; and
  • when the information is necessary for the establishment, exercise or defence of a legal claim.

bdhSterling’s Website

bdhSterling’s website may provide links to third party websites. The use of your information by these third-party sites is not within bdhSterling’s control and bdhSterling cannot accept responsibility for the conduct of these organisations. Other websites are not subject to bdhSterling’s privacy standards. You will need to contact or review those websites directly to ascertain their privacy policies.

You may register with bdhSterling to receive newsletters and other information. By doing so, your name and email address will be collected and stored on bdhSterling’s database. We will take care to ensure that the personal information you provide on our website is protected. For example, bdhSterling’s website has electronic security systems in place, including the use of firewalls and data encryption.

If you do not wish to receive any further information from bdhSterling, or you wish to update your registration details, please email your request. We will endeavour to meet your request within five (5) working days.

Our website utilises cookies to provide you with a better user experience. Cookies also allow bdhSterling to identify your browser while you are using the site – the cookies do not identify you. If you do not wish to receive cookies, you can instruct your web browser to refuse these cookies.

Spam Policy

Spam is a generic term used to describe electronic ‘junk mail’- unwanted messages sent to a person’s email account or mobile phone. In Australia, spam is defined as ‘unsolicited commercial electronic messages’.

‘Electronic messaging’ covers emails, instant messaging, SMS and other mobile phone messaging, but does not cover normal voice-to-voice communication by telephone.

bdhSterling complies with the provisions of the Spam Act when sending commercial electronic messages.

Equally importantly, bdhSterling makes sure that its practices are in accordance with the Australian Privacy Principles in all activities where bdhSterling deals with personal information. Personal information includes bdhSterling’s clients contact details.

The Spam Act specifies that the person’s consent has been withdrawn within five working days from the date that an unsubscribe request was sent (in the case of electronic unsubscribe messages) or delivered (in the case of unsubscribe messages sent by post or other means).

Internal Procedure for Dealing with Complaints

The three key steps bdhSterling follows:

Consent – Only commercial electronic messages are sent with the addressee’s consent – either express or inferred consent.

Identify – Electronic messages will include clear and accurate information about the person and the bdhSterling contact that is responsible for sending the commercial electronic message.

Unsubscribe – bdhSterling ensures that a functional unsubscribe facility is included in all its commercial electronic messages and deal with unsubscribe requests promptly.

Comply with the Law regarding Viral Messages

bdhSterling ensures that Commercial Communications that include a Forwarding Facility contain a clear recommendation that the Recipient should only forward the Commercial Communication to persons with whom they have a relationship, where that relationship means that person could be said to have consented to receiving Commercial Communications.

Comply with the Age Sensitive Content of Commercial Communication

Where the content of a Commercial Communications seeks to promote or inspire interaction with a product, service or event that is age sensitive, bdhSterling takes reasonable steps to ensure that such content is sent to Recipients who are legally entitled to use or participate in the product service or event.

Complaints Resolutions

You may contact bdhSterling’s Compliance Officer if you wish to complain about any breach or potential breach of your privacy rights. Your complaint will be responded to within seven (7) days.  bdhSterling’s Compliance Officer will investigate the issue and determine the steps to undertake to resolve your complaint.

bdhSterling’s Compliance Officer will contact you if any additional information from you is required and will notify you in writing of the determination.

Address: E2,118 Railway Street, West Perth, WA, 6005

Telephone: 08 6180 2555


If you are not satisfied with the outcome of your complaint, you are entitled to contact the Office of the Australian Information Commissioner.

Review of this Policy

This policy is subject to a formal review on an annual basis.

What information do we collect about you?

We collect information about you when you engage us for financial planning services. This information will relate to your personal and financial circumstances. It may also include special categories of personal data such as data about your health, if this is necessary for the provision of our services.

We may also collect information when you voluntarily complete client surveys or provide feedback to us.

Information relating to usage of our website is collected using cookies. These are text files placed on your computer to collect standard internet log information and visitor behaviour information. We’ll use your information collected from the website to personalise your repeat visits to the site.

Information about connected individuals

We may need to gather personal information about your close family members and dependants in order to provide our service to you effectively. In such cases it will be your responsibility to ensure that you have the consent of the people concerned to pass their information on to us. We’ll provide a copy of this privacy notice for them or, where appropriate, ask you to pass the privacy information to them.

Why do we need to collect and use your personal data?

The primary legal basis that we intend to use for the processing of your data is for the performance of our contract with you. The information that we collect about you is essential for us to be able to carry out the services that you require from us effectively. Without collecting your personal data we’d also be unable to fulfil our legal and regulatory obligations.

Where special category data is required we’ll obtain your explicit consent in order to collect and process this information.

We may use your data for commercial purposes (i.e. marketing) using legitimate interests as our legal basis for processing. We will ensure that this does not outweigh your own interests, rights and freedoms and we will not process your data in any way which you may not reasonably expect. You may be assured that we and any company associated with us will treat all personal data and sensitive personal data as confidential and will not process it other than for a legitimate purpose.

How will we use the information about you?

We collect information about you in order to provide you with the services for which you engage us.

Who might we share your information with?

If you agree, we may email you about other products or services that we think may be of interest to you.

If you agree, we’ll pass on your personal information to our group of companies so that they may offer you their products and services.

We won’t share your information for marketing purposes with companies outside our group of companies/other companies.

In order to deliver our services to you effectively we may send your details to third parties such as those that we engage for professional compliance, accountancy, financial planning or legal services as well as product and platform providers that we use to arrange financial products for you.

Where third parties are involved in processing your data we’ll have a contract in place with them to ensure that the nature and purpose of the processing is clear, that they are subject to a duty of confidence in processing your data and that they’ll only act in accordance with our written instructions.

To fulfil our obligations in respect of prevention of money-laundering and other financial crime we may send your details to third party agencies for identity verification purposes.

How long do we keep hold of your information?

During the course of our relationship with you we’ll retain personal data which is necessary to provide services to you. We’ll take all reasonable steps to keep your personal data up to date throughout our relationship.

We’re also subject to regulatory requirements to retain your data for specified minimum periods. These are, generally:

  • Five years for investment business
  • Three years for mortgage business
  • Indefinitely for pension transfers and opt-out business
  • Three years for insurance business

These are minimum periods, during which we have a legal obligation to retain your records.

We reserve the right to retain data for longer where we believe it’s in our legitimate interests to do so.

In any case, except for pension transfers and opt-outs, we’ll not keep your personal data for longer than 15 years after our relationship with you has ended.

You have the right to request deletion of your personal data. We’ll comply with this request, subject to the restrictions of our regulatory obligations and legitimate interests as noted above.

How can I access the information you hold about me?

You have the right to request a copy of the information that we hold about you. If you’d like a copy of some or all of your personal information please email or write to us using the contact details noted below.

When your personal data is processed by automated means you have the right to ask us to move your personal data to another organisation for their use.

We have an obligation to ensure that your personal information is accurate and up to date. Please ask us to correct or remove any information that you think is incorrect.


We’d like to send you information about our products and services and those of other companies in our group which may be of interest to you. If you’ve agreed to receive marketing information, you may opt out at a later date.

You have a right at any time to stop us from contacting you for marketing purposes or giving your information to other members of the group. If you no longer wish to be contacted for marketing purposes, please contact us by email or post.


We use cookies to track visitor use of the website and to compile statistical reports on website activity.
For further information visit

You can set your browser not to accept cookies and the above website tells you how to remove cookies from your browser. However in a few cases some of our website features may not function as a result.

Other websites

Our website contains links to other websites. This privacy policy only applies to this website so when you link to other websites you should read their own privacy policies.

What can you do if you are unhappy with how your personal data is processed?

You also have a right to lodge a complaint with the supervisory authority for data protection. In the UK this is:

Information Commissioner’s Office
Wycliffe House
Water Lane

0303 123 1113 (local rate)

Changes to our privacy policy

This policy is subject to a formal review on an annual basis.

How to contact us

Please contact us if you have any questions about our privacy policy or information we hold about you: by email at

Or write to us at:

bdhSterling Ltd
Capitol Square
4-6 Church Street
KT17 4NR