AJ FINANCIAL PLANNING PTY LTD
ACN 147 115 026
PRIVACY AND INFORMATION SECURITY POLICY
This policy explains how AJ Financial Planning Pty Ltd, ACN 147 115 026 and its representatives (together we or AJFP) collect and manage information.
Part A is our privacy policy about personal information. It explains what personal information we routinely collect, how we collect it and how we manage it. It also provides information about how personal information can be accessed and updated, and how complaints may be made about the way we have handled personal information.
Part B is about our tax (financial) advice services. It explains the circumstances in which we may disclose client information to third parties in connection with the provision of those services.
PART A – PRIVACY POLICY
OUR PHILOSOPHY
The Privacy Act 1988 (Cth) (the Act) and the Australian Privacy Principles in it provide a framework for collecting and managing personal information. We are sometimes, but not generally, required to comply with the Act because we are a small business. However, we use the Act to inform our policy, practices, procedures and systems even where we are not required to do so. We are required to comply with the Act in relation to tax file numbers and activities connected with the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML-CTF laws).
PERSONAL INFORMATION COVERED BY THIS POLICY
In our Privacy Policy, “personal information” has the same meaning as in the Act. In essence, it is information or opinion about an individual who is identified or reasonably identifiable. It does not cover information about companies.
Personal information includes “sensitive information” and “health information”. In our Privacy Policy, these phrases also have the same meaning as in the Act. In essence:
· sensitive information includes (among other things) health information, biometric information and information about membership of a union or professional body;
· health information includes (among other things) information about health or disability, health records, test results, symptoms, diagnoses and the health services had or to be received.
COLLECTION OF PERSONAL INFORMATION
Primary purpose of collection
Primarily, we collect personal information to provide financial services, tax (financial) advice services and related services that our clients require or may require in the future.
We also collect personal information that is required by law. For example, the AML-CTF laws require us to verify the identity of a client before we provide a financial services.
Personal information we collect
The kinds of personal information we collect about clients depends on the nature of our relationship. We commonly collect personal information such as:
· name, date of birth, address and contact details
· information to verify identity, such as personal identity documents and government related identifiers;
· information about personal and financial circumstances that are relevant to the financial services our clients require or may require in the future (such as information about employment, business relationships, family relationships, financial dependants, beneficiaries, investments, assets, liabilities, cashflow, credit worthiness, tax situation, succession planning, estate planning and superannuation);
· information about personal and financial goals and objectives of our clients;
· information about the experience of our clients in making investments and their appetite for risk; and
· the tax residency status of our client and controlled trusts.
We also collect sensitive information where it is required by law or reasonably needed in connection with the services required or that may in future be required by our clients. For example, we may collect for health information to help us provide services relating to personal risk insurances, superannuation, investment strategies, succession planning or estate planning.
You do not have to give us the information we request, but if you choose not to, we may not be able to provide the services that you require or may require in the future.
How we collect personal information
Standard process
We will collect personal information by any means that is lawful and fair.
Typically, we will collect personal information from the person to whom it relates, unless that is not practicable or reasonable. We routinely collect personal information in person, by video conference, telephone, electronic means (email, portal or text) or by mail. We may record all communications by telephone and in conference (including video conference) whether or not we provide a specific alert.
However, we may also collect personal information about clients from third parties including:
· related bodies corporate
· employers
· service providers (such as legal advisers, accountants, medical and other professionals)
· insurers
· financial institutions
· ratings agencies, search agencies and credit organisations
· public registries
· regulatory and licensing bodies
· parties to whom you refer us
· online searches
· social media (such as LinkedIn)
If we receive personal information about a client that we did not request, we will decide whether it is reasonably necessary for us to hold it. If so, we will manage it in accordance with this privacy policy. If not, we will destroy or de-identify it (if it is lawful and reasonable to do so).
Also, if we collect personal information about a client and it is not obvious from the circumstances that the client knows or would reasonably expect us to have the information, we will take reasonable steps to notify the client.
Where you refer us to a third party to collect personal information, and where you provide us with personal information about another individual, we ask you to ensure that the other person has been referred to this privacy policy and understands the purposes for which we may collect, use and disclose the relevant personal information. We will assume that you have done this.
Sensitive information
We will generally seek consent to the collection of sensitive information about clients. We routinely seek consent:
· when we are engaged to provide services;
· when our engagement to provide services is renewed (which is usually annually); and
· in connection with specific disclosures of sensitive information from time to time.
When we seek this consent, we will also provide a link to this privacy policy and take reasonable steps to explain:
· the specific purpose of collecting the information and why it is necessary;
· the implications of providing or withholding the information;
· whether collection is authorised by law or required by law; and
· the likelihood of disclosure to overseas recipients.
Clients may alter or withdraw consent at any time by notifying us in writing. However, if you alter or withdraw your consent, we may not be able to provide you with some or all of the services you seek.
We may also collect sensitive information without client consent in the following situations:
· collection is required or authorised by or under an Australian law or by order of a court or tribunal
· a “permitted general situation” (as defined in the Act) exists. The Act prescribes numerous “permitted general situations”. Those which are most likely to occur in connection with the types of client relationships we have are:
o it becomes necessary for us to take appropriate action in relation to suspected unlawful activity or serious misconduct;
o it becomes necessary to assert or defend a legal or equitable claim;
o it becomes necessary to conduct a confidential dispute resolution process.
· a “permitted health situation” (as defined in the Act) exists. This situation is not likely to arise in connection with the types of client relationships we have.
Government related identifiers
Government related identifiers are identifiers assigned to you by or on behalf of an agency, government authority or their contracted service providers. They include:
· Australian passport numbers
· Driver’s licence numbers
· Centrelink customer reference numbers (CRN)
· Medicare numbers
· Tax file numbers (TFNs)
· Department of Veterans Affairs numbers
· Individual Health Identification numbers (a unique 16-digit number used to identify an individual for health care purposes in Australia).
Australian Business Numbers, Australian Registered Body Numbers and Australian Company Numbers are not considered to be government related identifiers under the Act or this policy.
We will not adopt any government related identifiers as our own customer reference numbers. We will collect government related identifiers as follows.
Australian passport numbers, driver’s licence numbers and Medicare numbers
We are required by laws such as the AML-CTF laws to verify your identity before we provide a financial service to you. For that purpose, we routinely ask for proof of your identity and collect government related identifiers (such as Australian passport numbers, driver’s licence numbers and Medicare numbers).
Tax file numbers
We are routinely engaged to provide services where it is reasonably necessary to have access to TFNs to help manage taxation, superannuation or personal assistance affairs of clients, and it is our policy to seek client consent to collecting TFNs.
We only request and collect TFNs for purposes authorised by a taxation law, personal assistance law or superannuation law, and when it is necessary and relevant for us to do so. If we request TFN information, we take reasonable steps to inform clients about:
· the law which authorises us to request or collect it;
· the purpose/s for which it is being requested or collected;
· that declining to provide a TFN is not an offence; and
· the consequences of not providing it. You are not required to provide us with a TFN but there may be financial or taxation consequences if you don’t.
We are obligated to comply with the Act and various other laws relating to taxation and tax agents, in requesting and handling TFNs.
Other government related identifiers
It is not routine for us to ask you for Department of Veterans Affairs numbers or CRNs. We will not ask for your Individual Healthcare Identifier.
DEALING WITH PERSONAL INFORMATION
Use and disclosure for primary purpose of collection
We use and disclose personal information for the primary purpose for which we collected it (see above).
Use and disclosure for secondary purposes
We may use and disclose personal information for a purpose other than the primary purpose for which we collected it (a “secondary purpose”) with client consent.
Alternatively, we may use and disclose personal information without client consent for a related secondary purpose (or in the case of sensitive information for a closely related secondary purpose) that clients would reasonably expect. For example, we may disclose personal information to:
· consultants so that they can provide paraplanning and other services that enable us to provide financial services to clients;
· external service providers so that they can provide us with services related to the operation of our business, such as cloud data storage, management and processing;
· your nominated professional advisers, such as your accountant or mortgage broker, to facilitate the services for which you have informed us that you have engaged them;
· superannuation fund trustees, financial institutions, insurance providers, stockbrokers, stock exchanges, product issuers, listing houses and technical teams, to enable us to provide financial services to clients.
Use and disclosure with legal authority or to meet legal requirements
We may use and disclose personal information without client consent if we are required (expressly or impliedly) or authorised to do so by or under an Australian law, including by order of a court or tribunal. For example, in those circumstances we may disclose personal information to:
· an insurer as required by a contract of insurance;
· a regulator, government agency or enforcement body; or
· a court, tribunal or other body under subpoena or other compulsory legal process.
Use and disclosure when a permitted general situation exists
We may use and disclose personal information without client consent if a “permitted general situation” (see above) exists, such as where we reasonably believe it is necessary for us to use or disclose personal information:
· to take appropriate action in relation to suspected unlawful activity or serious misconduct;
· to assert or defend a legal or equitable claim; or
· to conduct a confidential dispute resolution process.
Use and disclosure for enforcement related activity
We may use or disclose personal information without client consent if we reasonably believe the use or disclosure is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body. We will keep a written note of any such use or disclosure.
Use and disclosure to related body corporate
We may disclose personal information (other than sensitive information) to a related body corporate without client consent, and the related body corporate may use the personal information in accordance with this privacy policy.
Use and disclosure to credit reporting bodies
Under AML/CTF laws, we may disclose a client’s name, residential address and date of birth to credit reporting bodies for the purpose of identity verification, with client consent. For example, we may ask a credit reporting entity to provide an assessment of whether the personal information we hold matches personal information held by the credit reporting body, in which case the credit reporting body may use personal information for the purpose of preparing such an assessment and providing it to us. If we propose to do so, we will inform the affected client about:
· the request;
· the reasons for making it;
· what personal information may be disclosed; and
· how the information may be used.
Use and disclosure for direct marketing
We may use or disclose personal information (other than sensitive information) that we have collected directly from a client for the purpose of direct marketing to that client, provided the client would reasonably expect us to do so. Otherwise, we may only use and disclose personal information we have collected for the purpose of direct marketing with client consent or if it is not practicable to obtain that consent.
We routinely request client consent to provide direct marketing communications so that we can provide clients with information of potential interest.
Clients can request not to receive to receive direct marketing communications by advising us in writing using the contact details below. We will not use or disclose personal information to provide direct marketing communications to clients who have requested not to receive them.
Use and disclosure to overseas recipients
We share information with external service providers so that they can provide us with services necessary for the operation of our business, such as:
· data storage, management and processing tools;
· workflow management tools;
· communication, conferencing and business management tools;
· document sharing and execution tools;
· financial modelling and projection tools;
· investor risk-profiling tools;
· trade execution facilities for local and overseas markets; or
· facilities to manage exchange traded investment portfolios.
Most of these external service providers are located in Australia or have Australian-based subsidiaries. However, some have data storage facilities or offices in the United Kingdom or the United States. We also use engage contractors in the Philippines to provide financial services to you.
We take reasonable steps to ensure that our contractors in the Philippines do not breach the APPs in relation to personal information that we disclose to them. For example, we require them to handle personal information in accordance with APPs, provide education to them and undertake monitoring activities.
We believe that recipients based in the United Kingdom and the United States are subject to GDPR and/or US privacy laws. We also believe that those laws or binding schemes have the effect of protecting the information in a way that, overall, is at least substantially similar to the way the APPs protect the information and offer mechanisms that can be accessed by the individual to enforce the protection of those laws or binding schemes. We are not required to obtain client consent to these disclosures and are not accountable for privacy compliance by these entities.
Our services may involve overseas investments and dealings on behalf of clients. In order to fulfil this function, some personal information may be disclosed to overseas recipients such as product providers, stock exchanges and listing houses, for the purposes of making foreign investments. For example, we may disclose personal information such as name, address, contact details and tax status to a facilitate overseas dealings.
If we do not believe a recipient is subject to APPs, or to laws or schemes that provide substantially similar protection for personal information and have accessible and effective mechanisms to enforce them, we may nevertheless seek your consent to the disclosure of information. You may refuse consent. If consent is provided in those circumstances, we will not be obliged to take reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to the personal information.
Despite the above, we are permitted to make disclosure to an overseas recipient as authorised by or under an Australian law or a court/tribunal order.
Tax file numbers
We will only use and disclose your TFN for a purpose authorised by taxation law, personal assistance law or superannuation law, or for the purpose of giving you any TFN information that we hold about you.
We will take reasonable steps to protect your TFN from misuse and loss, and from unauthorised access, use, modification and disclosure. For example, we will restrict access to staff who need to handle it and will train our staff.
We will also securely destroy or permanently de-identify TFN information where it is no longer required by law to be retained for a purpose under taxation law, personal assistance law or superannuation law (including the administration of such law).
INTEGRITY OF PERSONAL INFORMATION
We will ask you to update the personal information that we have collected, to ensure it is accurate, up-to-date and complete. To help us ensure that personal information we use or disclose is accurate, up-to-date, complete and relevant, you agree to update us with relevant changes to your personal information, even if we have not asked for an update.
We may hold your personal information in hard copy form or as electronic data in our software or systems. Personal information will also be held in cloud computing systems by arrangement with third party cloud service providers, or similar types of electronic storage.
We will take reasonable steps to ensure that your personal information is protected from misuse, interference and loss, and from unauthorised access, modification and disclosure.
When we no longer need your personal information for any purpose for which we may use or disclose it, we will destroy the information by reasonably secure means or de-identify it, where required by law. However, we will not destroy or de-identify personal information that we are required to retain by or under a law, by order of a court or tribunal or that is contained in any Commonwealth record.
ACCESS TO PERSONAL INFORMATION
You may request access to your personal information at any time by providing us with a written request. We will respond to your request within a reasonable time after we receive it, and we will give you access to your information in the manner requested by you, if it is reasonable and practicable to do so. We may impose a reasonable charge for providing you with such access.
In certain circumstances we may refuse to give you access to your personal information, for example where such access would have an unreasonable impact on the privacy of others, would be unlawful, or if we reasonably believe that giving access may pose a serious threat to the life, health or safety of another person or to public health or safety. If we refuse to give you access we will notify you in writing of out our reasons for the refusal, (unless, depending on the grounds for the refusal, it would be unreasonable to provide our reasons).
DATA BREACHES
If a data breach occurs, we will seek to contain the breach and take remedial action, where possible. We will provide notice of the breach to affected individuals and to the Office of the Australian Information Commissioner, if and as required by the Act.
CHANGES TO OUR PRIVACY POLICY
We may make changes to and update our privacy policy from time to time. We will let you know of any changes by posting a notification on our website at www.ajfp.com.au. Any information collected after an amended privacy policy has been posted on the site will be subject to that amended privacy policy. Please refer to our website regularly to view the most up to date version of our privacy policy.
COMPLAINTS AND CONTACT DETAILS
If you have any questions about this privacy policy, please direct them to:
AJ Financial Planning
49A Porter Street
Prahran VIC 3181
Phone: (03) 9077 0277
Email: info@ajfp.com.au
If you wish to make a complaint about a breach of the Act, the APPs or this privacy policy, please address your complaint to The Complaints Manager and post or email it to AJ Financial Planning at the address specified above. We will respond to you as soon as reasonably practicable, usually within 30 days.
If you have not received a response within 30 days or feel that the response is not satisfactory, you may contact the Office of the Australian Information Commissioner:
GPO Box 5218
SYDNEY NSW 2001
Phone: 1300 363 992
Email: enquiries@oaic.gov.au
Online: www.oaic.gov.au
PART B – INFORMATION SECURITY POLICY
This ‘Part B – Information Security Policy’ only applies in relation to the supply of tax (financial) advice services.
The Tax Agent Services Act 2009 (Cth) contains a Code of Professional Conduct (the Code). The Code states that unless they have a legal duty to do so, Qualified Tax Relevant Providers must not disclose any information relating to a client’s affairs to a third party without our client’s permission. Alex Jamieson is a registered Qualified Tax Relevant Provider.
THE INFORMATION TO WHICH THIS POLICY APPLIES
This policy concerns information that relates to the affairs of clients who engage AJFP to supply any tax (financial) advice service. Information that relates to the affairs of those clients may be collected or obtained from the client or from other sources, and may also relate to the affairs of others, such as persons and entities related to the client. The information to which this policy applies is called “client information”.
PERMISSION TO DISCLOSE TO THIRD PARTIES
By engaging us to supply any tax (financial) advice service and providing us with your consent to collect, use and disclose information in accordance with this Information Security Policy, you agree and acknowledge that we may:
· collect client information primarily for the purposes related to the supply of any tax (financial) advice service/s;
· use client information for the purpose of supplying any tax (financial) advice service for which we are engaged and for any related secondary purpose for which you would reasonably expect us to disclose client information; and
· disclose client information to any third party in accordance with this Information Security Policy.
You may alter or withdraw your consent at any time by notifying us in writing that you wish to do so, however we may not be able to supply you with a tax (financial) advice service if you alter or withdraw your consent.
Irrespective of your permission, we may disclose client information where we have a legal duty to do so.
PURPOSES OF USE AND DISCLOSURE
We are permitted generally to collect client information for purposes related to the supply of any tax (financial) advice service and may use and disclose it for that purpose and for any related secondary purpose for which you would reasonably expect us to disclose client information (“Permitted Purposes”).
TO WHOM DISCLOSURE MAY BE MADE
We may share client information with our employees and officers in order to use it for Permitted Purposes. We may disclose client information for the Permitted Purposes to one or more of the following third parties:
· the Australian Taxation Office;
· our representatives and authorised representatives;
· officers, employees and representatives of the client;
· persons (including entities) related to the client and their officers, employees and representatives;
· professional advisers to the client;
· superannuation fund trustees, financial institutions, insurance providers, stock brokers, stock exchanges, product issuers and technical teams; or
· third party data services providers whom we engage from time to time to manage, process or store information electronically (including client information).
We are also permitted to disclose to third parties (such as your employer, insurer, credit organisation, financial institution or professional services provider), that we are providing tax (financial) advice services to you, for the Permitted Purposes including the collection of client information that is relevant to any tax (financial) advice service for which we are engaged.
We may also seek specific permission to make a particular disclosure to a specific third party or parties, from time to time.
We will use our reasonable endeavours to limit the disclosure of client information to third parties that respect the confidentiality of client information.
LEGAL DUTY TO MAKE DISCLOSURE
From time to time, a legal duty may require us to make disclosure. If we are under a legal duty to make disclosure, we are permitted to make disclosure in order to satisfy our duty, whether or not you give us permission to do so. A legal duty to make disclosure may arise expressly or impliedly. Merely by way of example we may be required to disclose your personal information:
· to an insurer where required by a contract of insurance;
· to a regulator, government agency or enforcement body
· by a subpoena or other compulsory process of a court, tribunal or authorised body.
COMPLAINTS AND CONTACT DETAILS
If you have any questions about this Information Security Policy, please direct them to:
AJ Financial Planning:
49A Porter Street
Prahran VIC 3181
Phone: (03) 9077 0277
Fax: (03) 9078 1098
Email: compliance@ajfp.com.au
If you wish to make a complaint about a breach of confidentiality, please address your complaint to The Complaints Manager and post or email it to AJ Financial Planning at the address specified above.
We will respond to you as soon as reasonably practicable.
If you have not received a response within 30 days or feel that the response is not satisfactory, you may contact the Australian Securities and Investments Commission (ASIC). Since June 2022, ASIC has handled all complaints about the tax (financial) advice services of Qualified Tax Relevant Providers:
GPO Box 9827
BRISBANE QLD 4001
Phone: 1300 300 630
Online: https://asic.gov.au/about-asic/contact-us/complaints-about-companies-organisations-or-people/money-i-have-invested-financial-services-and-advice/
END