2. Collection of personal and credit information
We will only collect personal information about an individual where the information is reasonably necessary for one or more of our functions, operations or activities or to comply with the law. The kinds of personal information collected and held, and how that information is collected and held and the purpose for which that information will be collected, held, used and disclosed will depend on the circumstances. For example, we collect and process your personal information as necessary in order to provide you with our services and/or products, as part of our general business operations, employees and contractors, emergency management, to assist with queries, to consider applications from prospective employees, contractors or service providers or to comply with the law.
• contact information such as your name and address, telephone numbers and email address;
• financial information, including bank account details;
• business details, including Tax File Number and Australian Business Number (“ABN”);
• identification information such as name, date of birth, current or previous address, driver’s licence number;
• trade references – name of entity, ABN, contact name, telephone number, fax number, email, years trading with you;
• information about our services and/or products acquired or supplied;
• information from enquiries made;
• communications between us and an individual;
• third party information from our employees and contractors such as details of family members and next of kin.
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. When you visit our websites, we may collect the following information from you automatically through cookies or similar technology:
• your server address;
• your top level domain name (for example, .com, .gov, .au);
• the date and time of your visit to the site;
• the pages you accessed;
• the previous site you have visited; and
• the type of browser you are using.
• for essential purposes for the basic function of our website;
• for performance and functionality to manage and improve our website;
• to improve our business functions.
You can set your browser to accept or decline cookies, however, some of our website features may not function or function fully as a result.
4. Means of collection of personal data and credit information
Your personal information and credit information may be collected in a number of ways, including:
• directly by our employees when you seek, or enquire about, our services;
• when you use our website or complete a form on our website or provided directly by our employees;
• from a third party such as a contracting company or through third party service providers (including recruitment service providers providing services to us).
In some circumstances, where it is unreasonable or impracticable to collect information from you or to supplement information provided, we may collect information about you from a third party source (including public records). In such a case we will take reasonable steps to ensure that you are made aware of the personal information provided to us by the third party.
You need not provide all the information requested by us, but this may prevent us from providing some or all of our goods or services to you.
5. Purposes of collection and use
We collect and use your personal and credit information for the following purposes:
• as a necessary part of providing our goods and services to you including providing general financial product advice, managing and administering products and services, establishing and managing investments and accounts, processing contributions, transferring funds and making payments and reporting on investment performance and conducting our anti money laundering /counter terrorism financing compliance program;
• facilitating product and service reviews;
• sales and billing;
• to promote and market our products and services to you or provide you with information that we believe may be of interest to you (unless as directed otherwise);
• to personalise and customise your experiences with our website;
• to help us research the needs of our customers and to market our goods and services with a better understanding of your needs and the needs of customers generally;
• to allow us to provide advertising material to you regarding us, our clients, and other business partners (unless as directed otherwise);
• internal management purposes;
• to consider applications from prospective employees, contractors or service providers;
• emergency management;
• to comply with the law;
• other purposes related to any of the above.
We will only use your information for the purposes for which it was collected (“primary purposes”) or a purpose related to the primary purpose, if this use would be reasonably expected by you, or otherwise, with your consent.
We may disclose your information to certain third parties to assist us with the primary purpose for which your information was collected. Third parties we may disclose your information to for this purpose include:
• third parties that provide goods and services to us or through us;
• third parties, such as marketing and digital agencies, who may send to you our e-newsletters on our behalf, however you may request not to receive such information by opting-out or by contacting our Privacy Officer (details below);
• financial institutions, fund managers, financial advisers, stockbrokers, actuaries, custodians, share registries, insurers, investment managers, auditors, and external dispute resolution services;
• our related bodies corporate;
• where necessary to protect the rights or safety of any of its employees or a third party;
• our website host or software application providers.
We may also be required to disclose information to third parties to comply with laws and regulations. This may include disclosure to:
• government agencies as required by law;
• third parties who perform an audit of our business;
• third parties for a business acquisition, sale or restructure;
• third parties which we are required or authorised by law to make disclosures to; and
• other third parties as authorised by you from time to time.
We do not disclose your personal information to overseas recipients unless required as a matter of law, or, if required to service your needs, to our related companies in Singapore.
We do not disclose your credit information to any credit reporting bodies. Where personal information is disclosed to a third party, we will take all reasonable steps to satisfy ourselves that the information is held, used and disclosed in accordance with the APPs and the GDPR.
7. Quality, access to and correction of information
We will take appropriate steps to verify your identity (or verify that you act as an authorised agent of the individual concerned) before granting a request to access your personal information.
We will respond to your request for access to your personal information within a reasonable time after you make the request and if access is granted, access will be provided within 30 days from your request. We will, on request, provide you with access to your personal information or update or correct your personal information, unless we are lawfully excluded from granting your request, including if:
• giving access would be unlawful;
• we are required or authorised by law or a court/tribunal order to deny access; or
• giving access is likely to prejudice one or more enforcement related activities conducted by an enforcement body.
Where your request for access is accepted, we will provide you with access to your personal information in a manner, as requested by you, providing it is reasonable to do so.
Your request for correction will be dealt with within 30 days, or such longer period as agreed by you. If we deny your request, we will provide you with a written notice detailing reasons for the refusal and the process for making a complaint about the refusal to grant your request.
We will accept your request for correction of your credit information where we are satisfied that it is inaccurate, out-of-date, incomplete, irrelevant or misleading.
Upon accepting a request for correction of your personal information, we will take all steps that are reasonable in the circumstances, having regard to the purpose for which your information is held, to correct your personal information.
If your request for correction of credit information is accepted, we will provide written notice of this correction to any entity to which we have disclosed this information previously, to the extent that this is practicable.
8. Storage and security
Your personal and credit information will be stored as physical files in a secured area in Australia, on our electronic data base system and on computers with appropriate back up and security systems. All our servers are located in Australia. Any personal or credit information which is collected via our website, or which is held on our computer systems, is protected by safeguards including physical, technical (including firewalls and SSL encryption) and procedural methods.
We take reasonable steps to hold information securely in electronic or physical form. We are committed to keeping secure the data you provide to us and we will take all reasonable precautions to protect your personally identifiable information from loss, misuse, interference, unauthorised access or alteration.
We aim to achieve this through:
• imposing confidentiality requirements on our employees;
• implementing policies in relation to document storage security;
• implementing security measures to govern access to our systems;
• only providing access to personal information once proper identification has been given;
• controlling access to our premises; and
• implementing website protection measures.
In the event of a data breach, we are committed to complying with our obligations at law, including our notification obligations.
10. Data subject rights under the GDPR
• right of access – you have the right to ask us for copies of your personal data;
• right to rectification – you have the right to ask us to rectify your personal data you think it is inaccurate. You also have the right to ask us to complete your personal data if you think it is incomplete;
• right to erasure – you have the right to ask us to erase your personal data;
• right to restriction of processing – you have the right to ask us to restrict the processing of your personal data;
• right to object to processing – you have the right to object to the processing of your personal data.
• right to data portability – you have the right to ask that we transfer the personal data you gave us to another organisation, or to you.
These rights are not absolute, and some only apply in certain circumstances.
You are not required to pay any charge for exercising your rights over your personal data.
If you make a request in relation to any of these rights, we have one month to respond to you. Please contact our Privacy Officer (details below) if you wish to make a request.
Our Privacy Officer will consider your complaint and respond as soon as reasonably possible, but no later than 30 days from receiving the complaint.
If you are unsatisfied with the outcome of your complaint you may refer your complaint to the Office of the Australian Information Commissioner.
If you are an individual residing in the EU, you may submit your complaint to your local data protection authority.
If you wish to:
• gain access to your personal information;
• contact us with a query about how your information is collected or used;
contact our Privacy Officer:
Privacy Officer contact: Head of Legal, Governance & Reporting
Postal address: Duxton Capital (Australia) Pty Ltd, PO Box 785, Stirling South Australia 5152
Phone: +61 8 8130 9500
For more information on privacy, see the Office of the Australian Information Commissioner's website at: http://www.oaic.gov.au.