This policy also contains information about how you can access the information 360Private holds about you, how you can seek to have us correct any such information, and how you can make a complaint if you have any concerns about how your information is being managed.
By personal information, we mean information or a statement of opinion about you that reasonably identifies you. This information includes information or opinions whether they are true or not.
360Private is bound by the Privacy legislation and the 13 Australian Privacy Principles established under the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (APPs). A summary of the APPs is available by contacting our office. Our contact details are provided at the end of this document.
The Privacy legislation relates only to personal information concerning individuals, not companies or other types of organisations.
As a financial services provider 360Private needs to obtain certain personal information from and about our clients so that we can understand and effectively meet your specific needs. Obtaining this information also allows 360Private to meet our legislative obligations, particularly under the Corporations Act 2001 and the Anti-Money Laundering and Counter-Terrorism Financing Act 2006.
For us to provide you with a comprehensive financial planning and advice services, information we need to collect and store may include:
1Reference to 360Private Pty Limited includes the following entities: 360Private Audit Pty Ltd ACN 609 416 597, 360Private Estate Management Pty Ltd ACN 088 309 504, 360Private Legal Pty Ltd ACN 609 085 967, 360Private Management Services Pty Limited ACN 064 634 546.
Wherever possible, 360Private will collect personal information directly from you. We will only collect this information about you if you have:
Your personal information will only be collected, maintained and used, as required, to provide you with our financial services such as:
Sensitive information is personal information about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record, health or genetic information.
360Private will not collect or disclose sensitive information about you, unless we need that specific information to provide you with the financial service you need and we have your prior consent, or if we are required to do so by law.
For example, in order to provide you with advice on appropriate risk insurances such as life, income protection or trauma, 360Private will need to collect health information from you or your medical practitioner in order to obtain relevant quotes and help you with your application.
The purposes for which we may use your personal information include:
We will not disclose your personal information for any purpose other than:
We are obliged under the Corporations Act 2001 and the National Consumer Credit Protection Act 2009 to maintain certain records and make them available for inspection by the Australian Securities and Investments Commission. The Anti-Money Laundering/Counter-Terrorism Financing Act 2006 also requires us to collect certain personal information about new and existing clients.
In addition, we may contract external parties to conduct due diligence, compliance or financial audits and this may involve the disclosure of your personal information.
We may disclose your personal information to superannuation fund trustees, insurance providers, mortgage providers and product issuers to give effect to your financial strategy, the recommendations we make to you and the administration of your affairs.
It is unlikely that 360Private will need to disclose your personal information to organisations located overseas. However, if you require 360Private’s assistance to acquire a financial product from an overseas organisation, 360Private may need to provide your personal information to that entity.
If we disclose your personal information overseas, we are required to take steps to ensure that your personal information is substantially treated in accordance with the Australian standards.
We may use your personal information to provide you with direct marketing material that you may find of interest.
You can contact us at any time if you do not want to receive this information and we will stop sending it to you within two weeks of your request.
360Private protects your personal information from misuse and loss, and from unauthorised access, modification or disclosure. At all times your personal information is treated as confidential and can only be accessed by persons who have been properly authorised.
360Private may store personal information in hard copy or electronically. Physical security of paper files and data storage is maintained through locks and a security system.
All computer-based information is protected through the use of access passwords on each computer. Data is backed up each evening and stored securely off site.
In addition, 360Private monitors its online services, such as our client portal to ensure that your personal information is appropriately protected when you use this service.
If you use our client portal, you can assist us in protecting your personal information by ensuring that you keep your username and password secure at all times. You should contact 360Private immediately if you suspect that your username and password have been disclosed to another person.
In the event you cease to be a client, any personal information that we hold will be maintained on site or in a secure off-site storage facility for at least seven years in order to comply with legislative and professional requirements. After that time, the information may be destroyed.
With some exceptions, you may request access to the personal information 360Private holds about you; however, before providing you with any of your personal information, we will have to verify your identity.
We will provide you with access by whichever means you request, as long as it is reasonable and practical to do so and within a reasonable amount of time. Depending on the complexity of the request, there may be a fee for this service.
We will not provide you with access to personal information which would reveal any confidential formulae or the detail of any in-house evaluative decision making process. Instead, we may give you the result of the formulae or process or an explanation of that result.
The Australian Privacy Principals place other restrictions on accessing your personal information. Some of the restrictions include where:
If 360Private is unable to provide you with the requested information, we will provide you with a written notice giving our reasons and how you can complain about the refusal.
360Private strives to ensure that, at all times, the personal information we hold about you is accurate and up to date. If you can show us that the personal information we hold about you is inaccurate, incomplete or outdated, and we agree that the information requires correcting, we will take all reasonable steps to correct it.
If 360Private does not believe that the personal information we hold about you is inaccurate, incomplete or out of date, we will write to you giving our reasons and how you can complain about the refusal.
If 360Private refuses your request, you can ask us to include a statement in your file that the information is inaccurate, out of date, incomplete, irrelevant or misleading.
If at any time you believe we have compromised your privacy, or if you believe 360Private has breached the Privacy legislation, you have a right to complain.
To lodge a complaint you can contact our Privacy Officer via the means referred to below. We will try to resolve any concerns you may have to your satisfaction within seven working days. If this is not possible, 360Private will contact you within that time period to let you know how long it will take to resolve your complaint.
The Privacy Amendment (Notifiable Data Breaches) Act 2017 established the Notifiable Data Breaches (NDB) scheme in Australia.
The NDB scheme introduces an obligation for agencies to notify individuals whose personal information is involved in a data breach that is likely to result in serious harm. In this context, serious harm refers to serious physical, psychological, emotional, financial or reputational harm to an individual or individuals.
360Private will manage all data breaches in accordance with the NDB.
If a suspected or known data breach occurs, 360Private’s Privacy Officer will initially respond and work with the affected area to contain further access or disclosure of the data. The Privacy Officer will then determine whether serious harm is likely from the suspected or known breach.
If serious harm is likely from the data breach, 360Private will immediately notify the affected individuals to advise that a suspected or known data breach has occurred which includes their personal information, and actions are being undertaken to limit or mitigate the harm as much as possible.
360Private will also prepare a statement to the OAIC via the NDB Statement – Form (available from www.oaic.gov.au) notifying the following to the OAIC:
360Private will then work with OAIC on any recommendations or directions from the Information Commissioner relating to the breach.
360Private will review the incident to determine possible causes of the breach and revise its internal policies and/or procedures to prevent reoccurrence. Possible actions will include updating policies and procedures relating to records management and additional staff training on privacy.
While we may update our Policy from time to time, the most recent version of this Policy will always be available on our website. If we change the Policy in any material way we will post a notice on our website along with the updated Policy. We may also contact you via your contact information on file, for example by email, notification or some other equivalent measure.
Our website contains links to other websites. When a user clicks on a link to another site, they are no longer subject to this Policy.
To: The Privacy Officer
Address: Level 1, 170 Greenhill Road Parkside SA 5063 / GPO Box 946 Unley SA 5061
Telephone: +61 8 8291 2111
If you are unhappy with our response, you are entitled to contact the Office of the Australian Information Commissioner who may investigate your complaint further.
Additional information about privacy in Australia may be obtained by visiting the web site of the Office of the Australian Information Commissioner at www.oaic.gov.au.