Protecting your personal information is important. McKinley Plowman respects your privacy and is committed to protecting your privacy. We understand the importance you attach to information that identifies you (your ‘personal information’) and we want to help you protect it.
We are bound by, and committed to supporting, the Australian Privacy Principles (APPs) and the Privacy Act 1988 (Cth) (Privacy Act) and any relevant privacy code registered under the Privacy Act.
Personal information you give us about someone else
Why we collect your personal information
The main purposes for which we collect personal information are:
- to provide the services you have requested of us;
- to market other services to you;
- to maintain contact with you;
- to keep you informed of the services we offer and of current developments;
- to notify you of events, services and service offers;
- for recruitment and employment (including expressions of interest in working for us); and
- for administration and management purposes.
Types of information we may collect about you
The type of personal information we collect from you will depend on what you have provided us with. Generally, it will include your name, your mailing address, telephone number, e-mail address, date of birth, marital status, your partner’s name and date of birth, income and other financial details, tax file numbers, employment details, credit history and other financial information.
Sensitive personal information
Unless specifically necessary for us to provide services to you and you have expressly consented to us doing so, we will not usually seek sensitive information from you or about you. Sensitive information can include things like your religion, ethnicity, criminal history, medical condition and sexual preference.
In certain circumstances, such as when completing a Financial Needs Analyser, it may be necessary for us to collect sensitive information from you in order to provide our services. Again, we will only collect sensitive information if you consent to its collection and if it is reasonably necessary for us to carry out at least one of our functions or activities, or its collection is otherwise legally permissible.
In collecting sensitive information, we may collect personal information incidentally. By providing us with unsolicited sensitive personal information incidentally, you consent to us using the information subject to applicable laws. Collecting this information allows us to effectively provide our organisations with whom we have a business relationship with, financial products and services including (but not limited to):
- life insurance advice and products protecting against risk;
- investment products to build wealth;
- superannuation and retirement income products to provide for retirement;
- lending and leasing services and products;
- financial planning advice and other services to help individuals understand their financial needs and make financial and investment decisions; and
- management of investment assets such as shares.
How we collect your information
We collect most personal information about you, directly from you. We will only collect personal information from you by lawful and fair means, without being unreasonably intrusive, such as when you fill in the Financial Needs Analyser, subscribe to our investment newsletters, visit our website, deal with us over the telephone, send us a letter, or have contact with us personally etc.
Sometimes it may also be necessary for us to collect your personal information from a third party, or from a publicly available source, however we will only do that when it would be reasonable to expect us to do so, or where it is not reasonable to expect us to do so, then with your consent.
At or before the time we collect personal information from or about you, we will take reasonable steps to inform you who we are and how to contact us, why we are collecting that personal information, your ability to access the information, who else we might disclose that personal information to, any laws requiring the information to be collected and what will happen if you do not provide personal information to us.
How we may use your information
We will never sell your personal information.
We will only use your personal information for the purpose of providing you with the services you have requested, responding to your requests or providing you with further information about us. Where you consent, your personal information may also be used for another related purpose where you reasonably expect us to use the personal information for that other related purpose.
Your personal information may be disclosed to:
- Product providers you were placed in by your Authorised Representative;
- Other areas within our corporate group;
- Anyone authorised by you, as specified by law or the contract;
- Third parties who we engage to provide services to you or to assist us to provide services to you such as outsourced contractors, cloud computing and software providers, CRM providers, bookkeepers, typists, solicitors and other professional, secretarial or expert services. We will always request that such third parties deal with and protect your personal information in accordance with the APPs and the Privacy Act but we will not be liable if they fail to do so.
- Where it is permitted or required by law, or we reasonably believe it is necessary on health and public safety grounds to use the personal information for another purpose.
From time to time, we may also use your personal information to market to you our services or business. You will always have the opportunity to opt out of receiving such material from us by following the links included in such correspondence.
We may be compelled by law to disclose personal information about you, for example, under court order or statutory notice to produce documents, including with respect to laws regarding social security, taxation, bankruptcy, anti-money laundering, counterterrorism and the management of incorporated entities.
We will not disclose your personal information unless the disclosure:
- Is required, or allowed under law, or in connection with legal proceedings;
- Has your consent (expressly or implied); or
- Is to organisations with whom we have a business relationship (including outsourced contractors, cloud computing and software providers, CRM providers, bookkeepers, typists, solicitors and other professional, secretarial or expert services). We will only provide these organisations the information they need to deliver the service. You agree that not all recipients of your personal information may have privacy policies equivalent to ours and you consent to the disclosure of your personal information for those purposes.
Disclosure to overseas recipients
There may be occasions where the nature of our business and the services requested of us require that personal information be disclosed to overseas recipients.
In addition, we may utilise overseas IT services for things such as data storage facilities via our arrangements with third party service providers.
The location of any overseas recipients of this information will depend upon the nature of the services being provided or contemplated.
It is not always possible to know where your information may be held but could include the United Kingdom, Ireland, the United States and the Philippines.
When you provide us with your personal information you agree and consent to the possible disclosure, transfer, storage or processing of that information outside of Australia. In so doing, you acknowledge and understand that countries outside of Australia may not always be subject to the same privacy protections as Australia in relation to your personal information.
By providing your consent, under the Privacy Act we are not required to take reasonable steps to ensure any offshore recipients of your personal information do not breach the Privacy Act.
However, we understand the importance of protecting your personal information and have taken reasonable steps to ensure your information is used securely in accordance with the Privacy Act and the APP.
If you do not agree to the disclosure, transfer, storage or processing of your personal information outside Australia, please advise us immediately.
A list of our current overseas providers can be found in our Terms of Business and is subject to change from time to time.
How long we will hold your personal information
We will hold your personal information for as long as is required to fulfil the purpose(s) for which it was collected or as required by law.
Your use of our website
Our website may use Analytics tracking code that supports Display Advertising, including Remarketing and Google Display Network Impression Reporting. Please take note of the following:
- You can opt-out of Google Analytics for Display Advertising and customize Google Display Network ads using Google’s Ads Settings, by using the Google Analytics opt-out browser add-on, or by visiting the Network Advertising Initiative opt-out page.
- Third-party vendors, including Google, may show our ads on sites across the Internet.
- We and third-party vendors, including Google, use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick cookie) together to inform, optimize, and serve ads based on someone’s past visits to our website.
- We and third-party vendors, including Google, use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick cookie) together to report how our ad impressions, other uses of ad services, and interactions with these ad impressions and ad services are related to visits to our site.
Our website may host various blogs, forums and other social media profiles or services that allow you to share personal information and content with other users (Applications). Any personal information or content that you contribute to any Applications can be read, collected and used by other users over whom we may have no control. We are not responsible for any use, misuse or misappropriation by other users of any personal information or content that you contribute to any Applications.
You may choose to provide us with personal information in some circumstances when you subscribe to our newsletters and other marketing material.
Dealing with us anonymously
Wherever it is lawful and practicable, we will give you the option of not identifying yourself or not providing personal information when dealing with us. However, failure to provide full and complete information we request may mean that we are unable to provide you with the services you have requested completely and properly.
Access to your personal information
You can request us to provide you with access to personal information we hold about you. We may allow an inspection of your personal information in person, or provide copies or a summary of relevant documents, depending on what is the most appropriate in the circumstances. Any charge we make for providing access will be reasonable and will not apply to lodging a request for access.
Your request to access your personal information will be dealt with in a reasonable time. Note that we need not provide access to personal information if a request is frivolous, or where to provide access would pose a threat to health or public safety, unreasonable interference with another person’s privacy, or be a breach of the law. If we refuse access, we will provide you with reasons for doing so.
How we store and protect your personal information
We take your privacy and the privacy of our affiliates and their clients very seriously. We take reasonable steps to protect your personal information from misuse, interference, loss, unlawful access, modification and disclosure.
We also understand and respect that, in the event of a notifiable data breach, you are entitled to be made aware of this breach so you can take appropriate actions to protect yourself.
We store hardcopy documents containing your personal information in secure facilities. Electronic documents containing your personal information are stored with security measures to ensure the security and confidentiality of the documents and the personal information contained in them.
The measures we can put in place to protect your personal information and data include (but are not limited to):
- The ability to apply two step (2SA) authentication to access across all sensitive applications (not on an application by application basis).
- Restriction of remote access to specific locations and/or block overseas access to our systems.
- Track and monitors attempted access to our systems and identify suspicious activity
- Log usage in an audit trail and retrospectively determine the suspected source of a breach to report to authorities. With this tool we can see what applications were accessed, when they were accessed and from where.
- Terminate user access to all sensitive cloud applications by disabling a single user account.
- Remotely wipe mobile devices in the event they’re breached, lost or the user associated with the device is terminated. We can restrict access to reasonable times such as business hours.
- We are able to share access to applications using a single user ID without having to divulge cloud app passwords to staff.
- Our staff only need to remember one single password to all sensitive applications decreasing the risk associated with ‘password sprawl’.
- The ability to federate our identity systems so that access to desktops, servers and browser-based cloud applications are accessed via one single identity.
We have policies and documentation in place that:
- Educates and sets expectations on best practice password and access management to staff in the form of an IT and Internet usage policy.
- Third party access agreements that govern and limit liability in the event a third party such as an IT contractor or outsourced provider should breach our data security policies
- A data breach response plan that lays out the steps we take in the event of a breach and communicates our obligations under the Notifiable Breach Legislation
- A specialist data security legal service contracted to support us in the event of a breach to ensure the appropriate remediation and notification steps are taken.
- A retainer-based engagement with a specialist cyber-security firm that provides guidance and best practice systems to protect our clients’ privacy
- This cloud best practice certification that validates our firm as a responsible data custodian
We also have access to external advisors with expertise to handle privacy and data protection matters.
We will not adopt as our own, any identifiers you may provide to us such as TFNs, Medicare numbers etc.
Accuracy of personal information
We will take reasonable steps to ensure that the personal information we collect is accurate, current and complete.
If you believe that any personal information we hold about you is inaccurate, incomplete or out of date, please inform us so that we can take reasonable steps to update the information in accordance with the requirements in the APPs and the Privacy Act.
If you believe that we have failed to meet our privacy obligations or infringed your rights under the APPs and the Privacy Act, you may make a written complaint to us. Our contact details are set out below.
We will review your complaint, consider our conduct in relation to the complaint and with regard to the requirements contained in the APPs and the Privacy Act and determine whether appropriate action needs to be taken. We will respond to your complaint within 30 days of receiving the complaint.
If you are not satisfied with our response to your complaint, you may contact the Office of the Australian Information Commissioner.