This privacy statement is made on behalf of Capital Dynamics (Australia) Limited ACN 129846260 AFSL 326283 (“CDAL”). CDAL is committed to protecting your privacy and to compliance with the Australian Privacy Principles contained in the Privacy Act 1988 (Cth). If you have any questions relating to this privacy statement or your privacy rights please contact us.
This Privacy Statement sets out the policy of CDAL for management of personal information. We are committed to ensuring the privacy of your information and recognise that you, as a customer, are concerned about your privacy and about the confidentiality and security of information that CDAL may hold about you.
This Policy is designed to inform customers of –
- What information we collect and the purposes for which we collect it;
- Use and disclosure of information collected;
- Security of your personal information;
- Gaining access to information we hold about you;
- What to do if you believe the information we hold about you is inaccurate;
- Complaints in relation to privacy; and
- How to contact us.
Personal information is information or an opinion about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion. CDAL will also collect any personal information necessary for the purposes of complying with the Anti-Money Laundering and Counter-Terrorism Financing Act 2006.
The information we collect from you will depend on what services we provide to you and may include the following:
- your name, address and contact details;
- your e-mail address;
- your tax file number;
- Bank account details;
- Identification and verification information; and
- details of specific transactions.
Open and transparent management of personal information
CDAL seeks to ensure that personal information we hold about an individual is managed in an open and transparent manner. We have implemented procedures to ensure compliance with the Australian Privacy Principles and any applicable codes, and to deal with any complaints relating to our compliance therewith.
Collection of personal information
This policy details how CDAL adheres to the Australian Privacy Principles regarding the collection of solicited personal information. CDAL only collects personal information directly from individuals, which is reasonably necessary for the provision of our services, and only by lawful and fair means. Information is generally sought through our application forms, in which the purpose is articulated. Accordingly, we will always ensure you are apprised of our purpose in collecting information, and your right to gain access to such information. If you do not provide the information requested, we may be unable to provide you with our services.
Please note that generally we will only use the personal information (e.g. postal address, e-mail address, telephone numbers, facsimile number, date of birth, bank account details, TFN, details related to the provision of verification and identification documentation) we collect for the main purposes disclosed at the time of collection such as to provide financial services.
Where possible we will collect the information directly from you via our application form.
We may also collect information about you from our web site but this information will only identify who you are if you provide us with your details (eg. if you e-mail your contact details to us). When you visit our web site our web server collects the following types of information for statistical purposes:
- your Internet service provider’s address;
- the number of users who visit the web site;
- the date and time of each visit;
- the pages accessed and the documents downloaded;
- the type of browser used.
No attempt is made to identify individual users from this information.
The CDAL web site contains links to the web sites of third parties. If you access those third party web sites they may collect information about you. CDAL does not collect information about you from the third parties. You will need to contact them to ascertain their privacy standards.
A cookie is a small text file placed on your computer hard drive by a web page server. Cookies may be accessed later by our web server. Cookies store information about your use of our web site. Cookies also allow us to provide you with more personalised service when using our web site.
- determine whether you have previously used the CDAL web site;
- identify the pages you have accessed; and
- facilitate administration of the site and for security purposes.
If you provide us with your e-mail address during a visit to our web site it will only be used for the purpose for which you provided it to us. It will not be added to a mailing list without your consent unless the mailing list is related to the purpose for which you provided your e-mail address to us. We may use your e-mail address, for example, to provide you with information about a particular service or respond to a message you have sent to us.
If you subscribe to one of our services and provide your e-mail address to us so that we may communicate with you through e-mail, we may also use your e-mail address to advise you of upgrades and changes to those services.
Unsolicited personal information
Where we receive personal information about an individual which is unsolicited by us and not required for the provision of our services, we will destroy the information (provided it is lawful and reasonable for us to do so).
Notification of the collection of personal information
When we obtain personal information about you, we ensure that you have our contact details and that you are aware of the collection of information and our purposes for doing so. As per above, we are unable to provide certain services if the requested information is not provided. We do not disclose your information to third parties, unless they are related entities or services providers, in which case they are required to conform to our procedures.
Use and disclosure of personal information
CDAL collects and holds personal information about an individual for the purpose of providing financial services. We collect this information with your consent as per our application form or other documentation, for the primary purpose disclosed to you at the time of collection.
However, in some cases CDAL will use or disclose personal information for secondary purposes (any purpose other than a primary purpose). Personal information obtained to provide financial services may be applied to secondary purposes if the secondary purpose is related to the primary purpose of collection and the person concerned would reasonably expect the personal information to be used or disclosed for such secondary purpose.
In some cases we may ask you to consent to any collection, use or disclosure of your personal information. Your consent will usually be required in writing but we may accept verbal consent in certain circumstances. We may also disclose your personal information where it is required or authorised by law.
We may use your personal information to:
- process your investment application;
- respond to any specific requests you may make of us;
- notify you of any products that may be of interest to you;
- audit and monitor the services we provide to you;
- update your personal files; and
- enable us to meet our obligations under law, for example, the Anti-Money Laundering and Counter Terrorism Financing Act 2006 (Cth.), Financial Transaction Reports Act 1988 (Cth.) and Australian taxation laws.
We may disclose your personal information to:
- our agents, contractors or third party service providers to enable them to provide administrative and other support services to us; and
- where the disclosure is required by law, for example to government agencies and regulatory bodies as part of our statutory obligations, or for law enforcement purposes.
CDAL may use third party service providers to maintain some of our data systems and provide auxiliary services. We require any party that has access to personal information to conform to our privacy standards.
CDAL will only use personal information obtained for the provision of financial services, for the secondary purpose of direct marketing where:
- CDAL collected the personal information from the individual; and
- The individual would reasonably expect CDAL to use or disclose the information for the purpose of direct marketing; and
- CDAL provides a simple means through which an individual can request to not receive marketing communications; and
- The individual has NOT requested such communications cease.
Often the law requires us to advise you of certain changes to products/ services or regulations. You will continue to receive this information from us even if you choose not to receive direct marketing information from us. We will not disclose your information to any outside parties for the purpose of allowing them to directly market to you.
Cross border disclosure/Sensitive information/Use of government identifiers/Anonymity & Psuedonymity
CDAL does not, for the purposes of the Privacy Act, collect sensitive information. Wherever lawful and practicable, individuals may deal anonymously with CDAL but given the nature of our services, it is unlikely that this will be a viable option. CDAL does not use official identifiers (e.g. tax file numbers) to identify individuals. An individual’s name or Australian Business Number is not an identifier for the purposes of the Privacy Act and hence may be used to identify individuals.
CDAL may on occasion transfer personal information to its parent company overseas, and ensures that entity remains bound by these requirements.
Quality of personal information
CDAL takes all reasonable steps to ensure the personal information held about individuals is accurate, up-to-date and complete. We verify personal information at the point of collection. The accuracy of records is also maintained by regular mail-out of statements.
CDAL encourage you to help us by telling us immediately if you change your contact details (such as your phone number, street address or email address) or if any of your details need to be corrected or updated. A person wishing to update their personal information may contact our staff or the Privacy Officer on the contact details shown within this document.
Access to personal information
Where a person requests access to their personal information, our policy is, subject to certain conditions (as outlined below) to permit access. CDAL will correct personal information where that information is found to be inaccurate, incomplete or out of date. We will not charge you a fee for your access request but may charge you the reasonable cost of processing your request.
If a person wishes to access their personal information or correct it, they should contact the Privacy Officer, and we will seek to provide such information within a reasonable period of time, and in the manner so requested (where reasonable to do so).
CDAL may not always be able to give you access to all the personal information we hold about you. If this is the case, we will provide a written explanation of the reasons for our refusal, together with details of our complaints process for if you wish to challenge the decision.
We may not be able to give you access to information in the following circumstances:
- Where we reasonably believe this may pose a serious threat to the life, health of safety of any individual or to public health/safety;
- Which would unreasonably impact the privacy of another individual;
- Where such request is reasonably considered to be frivolous or vexatious;
- Which relates to existing or anticipated legal proceedings which would otherwise not be accessible in the discovery process relating to such proceedings;
- Which would reveal our intentions and thereby prejudice our negotiations with you;
- Which would be unlawful;
- Which is prohibited by law or a court/tribunal order;
- Which relates to suspected unlawful activity or serious misconduct, where access would likely prejudice the taking of appropriate action in relation thereto;
- Where enforcement activities conducted by or on behalf of an enforcement body may be prejudiced; or
- Where access would reveal details regarding a commercially sensitive decision-making process.
Correction of personal information
Where CDAL believes information we hold about an individual is inaccurate, out-of-date, incomplete, irrelevant or misleading, OR an individual requests us to correct information held about them, CDAL will take all reasonable steps to correct such information in a reasonable time frame. No fees are payable for such requests. If you request us to similarly advise a relevant third party of such correction, we will facilitate that notification unless impracticable or unlawful for us to do so.
If CDAL intends to refuse to comply with your correction request, we will notify you in writing of our reasons for such refusal, and the complaints process you may avail if you wish to challenge that decision. You may also request that we associate the personal information we hold with a statement regarding your view of its inaccuracy.
Security of personal information
We take reasonable steps and precautions to keep personal information secure from loss, misuse, and interference, and from unauthorised access, modification or disclosure
If you use the Internet to communicate with us, you should be aware that there are inherent risks in transmitting information over the Internet. CDAL does not have control over information while in transit over the Internet and we cannot guarantee its security.
Where information is no longer required to be held or retained by CDAL for any purpose or legal obligation, we will take all reasonable steps to destroy or de-identify the information accordingly.
Notifiable Data Breaches Scheme
We will report ‘eligible data breaches’ to the affected individual(s) and the Australian Information Commissioner in relation to the (including suspected) unauthorised access or disclosure of personal information held, which is likely to result in serious harm to the relevant individual(s), and where we have been unable to prevent the likely risk of serious harm with remedial action.
We will formulate a data breach response plan, to limit any negative consequences of such a breach. An effective response involves a process to contain, assess, notify and review.
EU General Data Protection Regulation
In accordance with the new data protection requirements in the European Union General Data Protection Regulation (EU GDPR) which apply from 25 May 2018, we provide the following additional measures which we have adopted in relation to all EU clients and third parties:
- We will limit the processing, collection and retention of data to the extent legally possible and practically viable.
- We will not request or collect data that is not required for the purpose of providing our services or meeting our legal obligations.
- We will delete your information, and acknowledge your right of erasure or to be forgotten, as soon as we are legally able and subject to our other legal and regulatory obligations regarding record-keeping.
- You may advise us at any time that you withdraw any consent previously given to us, and require us to stop processing your data.
- You may object to any decision based on automated processing, and you may request a manual review.
- You have the right to request a transfer of your personal information, which will be provided in a machine-readable electronic format.
- Where we intend to process/utilise your personal data beyond the disclosed legitimate purpose for which it was collected, we will obtain a clear and explicit consent from you (which can be withdrawn at any time).
- We will maintain a Personal Data Breach Register, and notify the relevant regulator in a timely manner as required.
- We ensure that organisational and technical mechanisms are utilised to protect personal data when we are designing new systems and processes.
- We will conduct Data Protection Impact Assessments when initiating a new project/change/product which involves significant changes to the processing of personal information.
- We ensure our representatives are regularly trained regarding our obligations and their responsibilities under applicable privacy/data protection regulations.