At Retirement Essentials, we are committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth). This Policy describes how we collect, handle, use and disclose personal information. It also explains how you can complain if we breach the privacy laws, how you can access the personal information we hold about you and how to have that information corrected.
What information do we collect and hold?
In order for us to assist you with a financial service or financial advice, with your consent, we ask you to provide us with relevant information about you and if applicable your partner and other people that are important to you. Depending on the services you require this can include information ranging from your contact details and age to other information including gender, marital status, expected retirement age, superannuation fund balances and contributions, income sources, goals, assets and liabilities, and your government Centrelink entitlement eligibility, payments and related entitlements, and government identifiers (such as your Centrelink number).
We will collect sensitive information about you, with your consent, to enable us to assist you with the completion of government forms, including the relevant Centrelink entitlement application form. Sensitive information includes information about your race or ethnicity, political opinions, religious beliefs, criminal record, sexual information or health. We will not otherwise collect sensitive information.
We will communicate with you electronically unless you tell us that you do not wish to receive electronic communications.
How do we collect your information?
Generally, we collect your personal information directly from you. We could do this in a number of ways including when you apply for our products and services or when you contact us. We may do this through our website or mobile apps, in telephone calls, from documents you give us, or in emails.
We may collect personal information about you from other people or organisations where it is not reasonable or practicable for us to collect the information directly from you. Examples of how we may do this include collecting your personal information from:
- Government agencies (for example Centrelink, where we are authorised by you to liaise with Centrelink on your behalf);
- Organisations that have entered into arrangements with us provide services to their members or customers where you are a member or customer of that organisation.
What if you don’t provide some information to us?
If you do not provide us with some or all of the information that we ask for or require to assist you, we may not be able to provide you with financial services or financial advice that are suitable to your circumstances.
With respect to our Centrelink entitlement services, it is important that the information you provide us is accurate and we will ask you to confirm the accuracy of the information that is to be provided to Centrelink.
For what purposes do we collect, hold, use and disclose your information?
The main purpose for which we collect, hold, use and disclose your personal information is to provide you with our Services (for example to assist you to apply for the Age Pension etc). Other purposes for which we do this include:
- to assess how to provide you with our Services (for example, to assess whether you are eligible for the Centrelink entitlement or to assess how much money you can sustainably spend in retirement);
- to provide you with services, such as financial advice, to help optimise your pension, or to help manage your retirement and your investments;
- to liaise with government agencies where you want to receive government benefits;
- to verify your identity in accordance with the Anti-Money Laundering and Counter Terrorism Financing Act and any other relevant laws;
- to comply with legal and regulatory requirements, prevent fraud or crime; and
- to help us improve our Services, resolve any problems, develop our products and conduct research.
From time to time we will use your contact details to send you offers, updates, events, articles, newsletters, blogs or other information about options, services and solutions that we believe will be of interest to you. We will send you regular updates by email. We will always give you the option of electing not to receive these communications and you can notify us if you wish to unsubscribe at any time.
Will we disclose the information we collect to anyone?
We may disclose your personal information to:
- government agencies (such as Centrelink);
- your superannuation fund and our referral partners, for the purpose of keeping your fund and our referral partners informed of how we are assisting you and identifying further ways to assist you;
- regulatory bodies, law enforcement bodies and dispute resolution bodies (such as the Financial Ombudsman Service);
- our agents, service providers, business partners and contractors who provide you with services along with us or who supply services to us (for example to technology providers, data storage providers or marketing companies);
- other third parties if we are required to do so by law or under some unusual other circumstances which the Privacy Act permits;
- third parties whom we may refer you to for services that we are not in a position to offer you.
We will not sell, trade, or rent your personal information to others.
Will we disclose your information overseas?
We will not disclose your personal information overseas.
How do we hold and protect your information?
We strive to maintain the relevance, reliability, accuracy, completeness and currency of the personal information we hold and to protect its privacy and security. We keep personal information only for as long as is reasonably necessary for the purpose for which it was collected or to comply with any applicable legal or ethical reporting or document retention requirements.
We only hold the information we collect from you on servers located in Australia. In some cases, your file is archived and sent to an external data storage provider for a period. We only use storage providers in Australia who are also regulated by the Privacy Act.
We endeavour to ensure your information remains safe and secure. For example:
- Access to information systems is controlled through identity and access management.
- Employees are bound by internal information security policies and are required to keep information secure.
- We maintain physical security over our paper and electronic data and premises, by using locks and security systems.
We may aggregate Data
Aggregate data only contains anonymised account information or data (such as the number of people who use our Services and what they use our Service for), it does not contain information that could be used to identify you. We may use, sell, licence, redistribute and disclose aggregate data.
We collect Web Data
In order to provide you with a personalised service we collect data about how you use our website. We do not collect personal information about you. The information we collect includes the types of content you view or engage with or the frequency and duration of your activities, your server address, the date and time of your visit, the pages and links accessed, geocodes and the type of browser used. We only use this information for statistical purposes and to improve the content and functionality of our website, to better understand our clients and markets and to improve our Services.
In order to collect this anonymous data we may use “cookies”. Cookies are small pieces of information which are sent to your browser and stored on your computer’s hard drive. Sometimes they identify users where the website requires information to be retained from one page to the next. This is purely to increase the functionality of the site. Cookies by themselves cannot be used to discover the identity of the user. Cookies do not damage your computer and you can set your browser to notify you when you receive a cookie so that you can decide if you want to accept it. They allow the website to recognise your computer when you return in the future.
How can you check, update or change the information we hold?
You have a right to ask for access to your personal information and to request that we correct it.
If you wish to access or correct your personal information you can log in to your secure account at www.retirementessentials.com.au.
Otherwise, you can email us at email@example.com, in which case we will provide you with details of the personal information we hold about you. We will also correct, amend or delete any personal information that we agree is inaccurate, irrelevant, out of date or incomplete.
We do not charge for receiving a request for access to personal information or for complying with a correction request. We do not charge for providing access to personal information.
In some limited cases, we may need to refuse access to your information or refuse a request for correction. We will advise you as soon as possible if this is the case and the reasons for our refusal.
What happens if you want to complain?
Your complaint will be considered by us through our internal complaints resolution process and we will aim to resolve complaints within 30 days of you making the complaint.
If you are not satisfied with our handling of your privacy complaint, or your complaint is not resolved within 30 days, you can refer your complaint to the Office of the Australian Information Commissioner.
The Commissioner can be contacted at:
Office of the Australian Information Commissioner
GPO Box 5218 Sydney NSW 2001
Phone: 1300 363 992
There are other bodies you can go to including the Australian Financial Complaints Authority. If an issue has not been resolved to your satisfaction you can lodge a complaint with the Australian Financial Complaints Authority, or AFCA. AFCA provides fair and independent financial services complaint resolution that is free to consumers.
Telephone: 1800 931 678 (free call)
In writing to: Australian Financial Complaints Authority, GPO Box 3, Melbourne VIC 3001
What happens if there is a Data Breach
Should a data breach occur, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) of the data breaches that are likely to result in serious harm within 30 days of the breach event.The factors which might contribute to a reasonable person thinking “serious harm” might have occurred include:
- The sensitivity of the information;
- Whether the information was encrypted;
- Whether the information was in a secure file;
- How likely it is that the security could be breached; or
- The identity of the person who obtained the information, whether they intend to cause harm to the affected person and the nature of the harm.
By asking us to assist with your financial service and planning needs, you consent to the collection and use of the information you have provided to us for the purposes described above.
Tell us what you think
We welcome your questions and comments about your privacy. If you have any concerns or complaints, please contact us on firstname.lastname@example.org.