Last updated 5 December 2022

1. Introduction

This Privacy Policy applies to My Financial Advisor Pty Ltd (“mFA”, “we” or “us”), which holds Australian financial services licence (AFSL) number 222497.

We recognise that your privacy is important to you, and we are committed to protecting your privacy and handling your personal information in an open and transparent way.

2. What does this Privacy Policy cover?

This Privacy Policy explains how we collect, handle, store and protect personal information, including when:

  • we provide services or products to you;
  • you use our website or services; or
  • we perform any other activities that form part of the operation of our business.

3. What laws apply to us?

When handling personal information we will comply with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (Privacy Act) and other applicable legislation (such as Australian State and Territory health privacy legislation), as well as the Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth).

The APPs are legally binding principles that are designed to ensure that an individual’s personal information is protected throughout the information lifecycle, i.e. from the time the information is collected through to its destruction. The APPs also give individuals the right to access their personal information and have it corrected if it is incorrect.

We are required or authorised to collect personal information under various laws including:

  • Corporations Act.
  • Taxation legislation (including without limitation the Income Tax Assessment Acts and the Taxation Administration Act).
  • Superannuation Guarantee (Administration) Act.
  • Superannuation Industry (Supervision) Act.
  • Anti-Money Laundering and Counter-Terrorism Financing Act.
  • Foreign Account Tax Compliance Act.
  • Tax Common Reporting Standard.
  • Criminal Codes.
  • Other related regulations and legislative instruments.
  • Additional information about privacy is available on the website of the Office of the Australian Information Commissioner at www.oaic.gov.au.

4. Personal information we collect

Generally, we only collect personal information that is reasonably necessary for, or directly related to, one of more of the functions and activities of our business. For example, we may request that you provide your personal information when you instruct us to provide services, acquire financial products, invest with us or interact with us, e.g., via our website. There may be other occasions when we collect personal information about you or from other sources, such as from our related entities, a publicly maintained record or from an information service provider. We may also share personal information about you with our related entities.

The types of personal information we collect or may be provided with include, but are not limited to:

  • Name and address, including residential and postal details.
  • Contact details, including telephone, mobile and email.
  • Date of birth and gender.
  • Information to verify your identify, e.g., passport, birth certificate, drivers’ licence, and Medicare details.
  • Health and medical information for insurance purposes.
  • Superannuation and membership information
  • Tax file number.
  • Family and beneficiary information, including spouse, children and other family members.
  • Occupation, work, employment and pastime details.
  • Financial and transactional information, including income and expenses, assets and liabilities, payment and banking information, bank account, debt / credit card details, source of funds and source of wealth details.
  • Information relating to your credit information and reports for the purpose of checking your credit history, to assess your ability to manage credit, assess applications for credit, and exchanging information with them in relation to your credit history with us, or to collect overdue payments or other monies owing to us.
  • Recording of your communications and interactions with us (including telephone, email or online) for security, investigative, record (including in relation to claims), dispute resolution, quality assurance, training and other purposes.
  • Your location information, IP address, cookies and information about third party sites you access.
  • Details of complaints.
  • Other details and information of your interactions with us.
  • The Privacy Act protects your sensitive personal information (also called ‘special category information’). This includes information about your religion, ethnicity, political opinions, health or biometrics such as your fingerprints. We do not collect or hold this type of sensitive information. If we need this type of information, we will ask for your permission or consent, except where otherwise allowed by law.

5. Collection and use of personal information

5.1 How we collect personal information

Generally, we will collect your personal information from you (or from your authorised representatives) when you contact us or otherwise interact with us regarding the provision of services or products available from us (such as the provision of financial product advice), when you attend an mFA event (or an mFA sponsored event), when you apply for a job with us, when you enter into a contract with us or deal with us in other ways. We may also collect personal information (such as contact details and account details) from suppliers, contractors and third party service providers that we engage to help us operate our business.

Personal information may be collected when we deal with you in person or over the phone, when you send us correspondence (including via email), when you complete a form, questionnaire or survey, when you attend an mFA event (or mFA sponsored event) or when you use our website, online services or our social media.

Sometimes it may be necessary for us to collect your personal information from a third party. For example, we may collect your personal information from a publicly available record (such as a company search), information provider or your authorised representative.

5.2 Providing personal information about someone else

If you provide us with someone else’s personal information, you should only do so if you have their authority or consent to provide us with their personal information. You should also take reasonable steps to inform them of the matters set out in this Privacy Policy.

5.3 Holding personal information

In the event you cease to be a client of mFA, personal information we hold about you will be maintained for at least as long as we are required to comply with any legislative document retention requirement. After that time, we may destroy your personal information or put it beyond use, e.g., de-identify the personal information so it cannot be used to identify you.

5.4 Purpose for collecting, holding, using and disclosing personal information

Primarily, your personal information is used in order to for us to provide financial services to you, such as financial product advice, and related services. We may also use the information for purposes related to the primary purpose where it is reasonable for you to expect the information to be disclosed.

Specially, mFA collects, holds and uses personal information for a number of purposes including:

  • To manage our relationship with you.
  • To process and respond to your applications, instructions and requests.
  • To provide you with financial product advice and other financial services.
  • To respond to requests or queries.
  • To provide you with information about financial products or services, such as marketing material.
  • To operate our business and any company, managed investment scheme, trust or syndicate, including entering details on a register of members and performing compliance reviews or audits.
  • To maintain contact and keep you informed of our services, updates, industry developments and events.
  • To ascertain or verify your identity, including your authority to act on behalf of a customer.
  • For administrative purposes, including processing applications, distributions and payment transactions.
  • For recruitment purposes and matters relating to the employment of our personnel, providing internal services or benefits to our staff.
  • When engaging service providers, contractors or suppliers relating to the operation of our business.
  • To manage any complaint or conflict of interest.
  • For seeking your feedback on our services or to conduct surveys.
  • To meet any legal or regulatory obligations, e.g., providing the Australian Taxation Office with tax file numbers.
  • For purposes relating to any actual or potential business sale, disposition, merger, joint venture, alliance, acquisition or referral arrangement.
  • For training, developing and testing products, services and systems.
  • Gather and aggregate information for statistical, prudential, actuarial, data analytics and research purposes, including market research and data matching.
  • For statistical, prudential, research, audit, actuarial and reporting purposes, designing new or enhancing, updating, improving our products, services and offerings.
  • For market or other research purposes.
  • To perform internal statistical analysis, including of our databases and website.
  • To investigate, manage and prevent actual, potential or suspected improper conduct such as fraud or other illegal activities.
  • To assist in law enforcement purposes, investigations by police or other government or regulatory authorities and to meet reporting obligations and requirements imposed by law or agreed to with government or regulatory authorities in any jurisdiction.
  • To manage and improve our website.
  • To monitor and protect our brands.
  • To manage our business.
  • For any other business related purposes.
  • We may also use, disclose and exchange your information for other purposes where the law allows or requires us.

Where you accept our Privacy Policy or where we are otherwise permitted by law, we and our service providers may use your personal information (including your telephone number and your email or other electronic addresses) to provide marketing communications that may be of interest to you, including about insurance and financial products and services, programs or events, health and wellness products and services.

Communications may be provided on an ongoing basis by telephone, email, online (including via our website, social media and mobile apps) and other means. We may imply your consent to receive these communications from our existing business relationship or in some circumstances where you or your authorised representatives have provided us with your contact details (including telephone or email address).

If you do not provide us with the personal information we have requested, we may not be able to complete or fulfil the purpose for which such information was requested or collected, including providing you with the services or products we were engaged to perform.

5.5 Who may have access to your personal information?

The parties with whom we exchange your personal information varies depending on a number of factors, including the service being provided, the product and the stage of the process involving the transaction. Depending on the circumstances specific to the services provided or to the policy or product, we may exchange your personal information with:

  • Accountants, financial advisers or other professional advisers you nominate.
  • Your financial institutions.
  • Other financial services organisations involved in providing, managing or administering products or services recommended as part of financial advice we may provide to you.
  • Law enforcement, regulatory or government agencies (including the Australian Taxation Office or the Australian Securities and Investments Commission).
  • The trustee or administrator of a superannuation fund and/or your employer.
  • Health professionals, medical providers and hospitals, dieticians, pharmacists, fitness trainers and rehabilitation providers.
  • The policy owner (where you are a life insured who is not the policy owner) and the life insured (where you are the policy owner who is not the life insured).
  • Any other party with which we have an arrangement for the promotion and sale of products offered or distributed by us.
  • Bodies that administer applicable industry codes.
  • Credit reporting bodies and credit providers.
  • Third parties we engage to assist us in providing services to our clients or in the operation of our business (i.e. subcontractors, advisors and suppliers).
  • Third parties we engage to provide due diligence, compliance, custody, administration, technology, auditing, mailing, printing or other services.
  • Third parties we engage to verify the identity of customers.
  • Our authorised representatives and employees.
  • Our professional advisers, including experts, legal and accounting firms, auditors, consultants and other advisers.
  • A potential purchaser/organisation involved in the proposed sale of our business (or part of our business) for the purpose of due diligence, corporate re-organisation and transfer or all or part of the assets of our business.
  • A new owner of our business (or part of our business) that will require the transfer of your personal information.
  • Other third parties from time to time with your implied or express consent or as required or authorised by law.
  • We do not disclose personal information to third parties for the purpose of allowing them to send marketing material to you.

Where we provide your personal information to a third party, the third party may collect, use and disclose your personal information in accordance with their own privacy policy and terms of use. A third party’s privacy policy and terms of use, the legal protections afforded to you by them, and the third party’s ability to collect, use and disclose your personal information, may be different to that set out in this document and, if the third party is located outside Australia, are likely to be governed by the laws of a jurisdiction other than Australia. We recommend that you carefully read and familiarise yourself with the privacy policy and terms of use of any third party with whom we are required to share your personal information. You should contact other third parties directly for copies of their privacy policies.

6. Security

6.2 Storage of personal information

We take steps to protect personal information from misuse, interference and loss including by implementing physical, technical and administrative security standards to secure and protect your personal information from unauthorised access, modification, use or disclosure. Steps we take can include implementing and imposing:

  • Confidentiality requirements on our employees and other representatives.
  • Policies on document storage security.
  • Administrative and technical controls to restrict access to personal information to only those people who need access.
  • Technological security measures, including passwords, firewalls, encryption and anti-virus software.
  • Physical security measures, such as restricted access our premises, locked cabinets and offices.
  • Website protection security measures.
  • We generally store personal information in our computer databases. We do not utilise third party storage providers and do not store data or personal information outside of Australia.

6.2 Retention / Destruction

When all of our legal obligations to retain your personal information have expired, or we no longer need your information for a purpose permitted under law, we will take such steps as are reasonable to destroy or de-identify it.

7. Privacy on our website

7.1 Automatic collection of personal information

Cookies and other technologies may be used by us on our website and through email to automatically collect certain types of information. The collection of this information may allow us to customise your online experience, market products and services to you, improve the performance, usability and effectiveness of our online presence and to measure the effectiveness of our marketing activities.

If you register or log into our website and provide information about your preferences, we may use your information to personalise your user experience. If you register or log into our website using a third party account, we may collect any information you have permitted the third party service to share, such as your name and email address, which will be dependent on the privacy settings that have been set with the third party service provider and their privacy policy.

7.2 IP addresses

An IP address is a number assigned to your computer whenever you access the internet. It is not linked to personally identifiable information. We may use IP addresses to analyse trends, administer the website, track user’s movement, and gather broad demographic information.

7.3 Cookies

A ‘cookie’ is a small text file that is placed on your computer or internet-enabled device whenever you visit our website. This allows the website to remember your computer or device and serves a number of purposes.

The use of cookies is an industry standard and many major browsers are initially set up to accept them. You can reset your browser settings to either refuse to accept all cookies or to notify you when you have received a cookie. You may also delete cookies from your device at any time. However, if you refuse to accept cookies, you may not be able to access or use all of the features available on our website.

Cookies by themselves do not tell us your email address or otherwise identify you personally. In our analytical reports, we may obtain other identifiers including IP addresses, but this is for the purpose of identifying the number of unique visitors to our website and geographic origin of visitor trends, and not to identify individual visitors.

7.4 Location-based tools

We may collect and use the geographical location of your computer or mobile device. This location data may be collected for the purpose of providing you with information regarding services which we believe may be of interest to you based on your geographic location, and to improve our products and services.

7.5 Social media features

Our website may host blogs, forums and other applications or services (collectively “social media features”). The purpose of social media features is to facilitate the sharing of knowledge and content. Any personal information that you provide on any of our social media features may be shared with other users of that social media feature (unless otherwise stated at the point of collection), over whom we may have limited or no control.

7.6 Links to third party websites

mFA’s websites may contain links to third party websites. Those other websites are not subject to our Privacy Policy and procedures. You will need to review those websites to view a copy of their privacy policy and terms of use. Unless otherwise stated, mFA does not endorse, approve or recommend the company, product or service provided on or associated with any external link.

7.7 Your choice

You have several choices regarding your use of our website. In general, you are not required to provide personal information when you visit our website. However, if you apply to receive information about our services, events, newsletters and updates, wish to acquire products or services or apply for a job, the provision of certain personal information will generally be required.

8. Children

We understand the importance of protecting children’s privacy, especially in an online environment. In particular, our website is not intentionally designed for or directed at children under the age of 18. It is our policy to never knowingly collect or maintain information about anyone under the age of 18, except as part of a specific engagement to provide services or products that necessitates such personal information being collected, such as to provide estate planning, family continuity or wealth transition services.

9. Accessing your personal information

You can request access to your personal information, subject to some limited exceptions permitted or required by law. Such requests must be made in writing to our Privacy Officer. If we decline your request for access, we will provide a written explanation to you for the refusal.

Upon confirmation of your identity, we may provide you with access to information by either providing you with copies of the information requested or allowing you to inspect the information. We may charge reasonable costs for providing you access to, or copies of, your personal information.

We will not provide you with access to information which would reveal any confidential formulae or the detail of any in-house evaluative decision making process, but may instead provide you with the result of the formulae or process or an explanation of that result (if applicable).

10. Correcting your personal information

If you believe that any personal information we have collected about you is inaccurate, not up-to-date, incomplete, irrelevant or misleading, you may request the information to be corrected. To do so, please contact our Privacy Officer and we will take reasonable steps to correct the information in accordance with the requirements of the Privacy Act.

11. Complaints

If you have a concern or complaint about your privacy, please contact us so we can try to resolve your concerns or complaint. We have internal dispute resolution processes for handling customer complaints, including privacy complaints. You may be asked to set out the details of your complaint in writing.

We will endeavour to reply to you within 30 days of receipt of the complaint and, where appropriate, will advise you of the general reasons for the outcome of the complaint. In some circumstances, our Privacy Officer may decline to investigate the complaint, e.g., if the complaint relates to an act or practice that is not an interference of the privacy of the person making the complaint.

If your complaint is not resolved to your satisfaction by our internal dispute resolution process, you may choose to take your complaint to:

The Office of the Australian Information Commissioner
GPO Box 5288
Sydney NSW 2001
Telephone: 1300 363 992
Email: enquiries@oaic.gov.au
www.oaic.gov.au

12. Changes to this Privacy Policy

We may modify or amend this Privacy Policy from time to time. Before providing us with personal information, please review the current Privacy Policy on our website.

To let you know when we make changes to this Privacy Policy, we will amend the revision date at the top of this page. The new modified or amended Privacy Policy will apply from that revision date. Therefore, we encourage you to periodically review this Privacy Policy to be informed about how we are protecting your information.

This Privacy Policy supersedes and replaces all previous privacy policies issued by mFA that you may have received or accessed, including those contained in or referred to in any correspondence, telephone call or Financial Services Guide.

13. Our contact details

If you have a query in relation to this Privacy Policy or you would like to notify mFA that you no longer wish to receive marketing material from us, access or correct your personal information or to make a complaint about our handling of your personal information, please contact us as follows:

My Financial Advisor Pty Ltd
ABN 45 078 892 887
AFSL 222497

Telephone: +61 7 3221 2372

Facsimile: +61 7 3229 7810

Address: Level 22
127 Creek Street
Brisbane, Queensland 4000
Australia

Post: GPO Box 1255
Brisbane, Queensland 4001
Australia

Email: infomation@myfinancialadvisor.com.au