At SmartMoney Wealth Management Group Pty Ltd (ACN 613 355 598) (referred to as SmartMoney Wealth Management Group, we, our, us), we understand that the privacy of your information is important to you, and we respect the confidentiality and security of the information that you provide to us. Protecting your information is an important part of maintaining trust between us and our clients and by handling information in a secure manner we build strong business relationships.
This document provides information and details about how we manage the personal information that we collect, hold, use and disclose about individuals.
- SmartMoney Financial Services Pty Ltd (ABN 67 618 468 741 | CAR No. 001265087);
- SmartMoney Home Loans Pty Ltd (ABN 82 618 468 867);
- SmartMonwy Property Investment Pty Ltd (ABN 82 618 468 803).
We are bound by the Privacy Act 1988 (Privacy Act) and we manage and protect your personal information in accordance with the Australian Privacy Principles (APPs).
- Disclosure of information means providing information to persons outside of SmartMoney Wealth Management;
- Personal information means information or an opinion relating to an individual, which can be used to identify that individual;
- Privacy Officer means the contact person within SmartMoney Wealth Management for questions or complaints regarding SmartMoney Wealth Management’s handling of personal information;
- Sensitive information is personal information that includes information relating to a person’s racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, sexual preferences and criminal record, and also includes health information; and
- Use of information means use of information within SmartMoney Wealth Management.
We generally collect personal information directly from you. For example, personal information will be collected through our application processes, forms and other interactions with you in the course of providing you with our products and services, including when you visit our website, use a mobile app from us, call us or send us correspondence.
We will not collect sensitive information about you without your consent, unless an exemption in the APPs applies. These exceptions include if the collection is required or authorised by law, or necessary to take appropriate action in relation to suspected unlawful activity or serious misconduct.
If the personal information we request is not provided by you, we may not be able to provide you with the benefit of our services or meet your needs appropriately.
We do not give you the option of dealing with them anonymously, or under a pseudonym. This is because it is impractical, and, in some circumstances, illegal for ## to deal with individuals who are not identified.
Unsolicited personal information
We may receive unsolicited personal information about you. We destroy or de-identify all unsolicited personal information we receive, unless it is relevant to our purposes for collecting personal information. We may retain additional information we receive about you if it is combined with other information we are required or entitled to collect. If we do this, we will retain the information in the same way we hold your other personal information.
Why we collect and use personal information
We collect, hold, use and disclose personal information so we can provide you with financial products, advice and service relevant to your needs. We may also collect, use and disclose your information for related purposes such as:
- Complying with our legal obligations, such as verifying your identity
- Assisting with your questions and complaints
- Arranging for services to be provided by third parties
- Internal operations, such as record keeping, data analytics, auditing or training
- Promotion of other products and services that may be of interest to you
- Help us improve the products and services offered to you and enhance our overall business.
We collect, use, hold and sometimes disclose personal information about financial advisers, credit representatives and other people who we do business with (including employees) in order to administer and manage our business operations. This information is afforded the same standard of care as that of our clients.
We may also use and disclose your personal information for secondary purposes which are related to the primary purposes set out above, or in other circumstances authorised by the Privacy Act.
Sensitive information will be used and disclosed only for the purposes for which it was provided (or a directly related secondary purpose), unless you agree otherwise, or an exemption in the Privacy Act applies.
What personal information we collect
We may collect and hold a range of personal information to assist us in providing relevant products and services. The information we collect could include (but is not limited to) your name, date of birth, contact details, financial information, employment details, residency and citizenship status. We may also collect the personal information of your family members where it is relevant to the advice being provided.
We may also collect sensitive information about your medical history and your health and lifestyle to provide financial advice about life insurance products.
In most instances, we collect personal information directly from that person when they:
- complete a financial product application form,
- complete an identification form,
- complete data collection documentation,
- interact with an online interactive tool, such as a budget planner,
- provide documentation to us, or
- when you communicate with us in person, over the telephone, fax, email, internet or by using other electronic devices.
Situations where we collect personal information from other people and organisations include (but are not limited to):
- a financial adviser,
- a mortgage broker or other credit representative,
- other professionals who act on your behalf, such as a lawyer or accountant,
- health professionals,
- other organisations, who jointly with us, provide products or services to you, and
- social media and publicly available sites.
It’s your choice whether to provide your personal information. You have the right to not to provide personal information, including about your identity. However, in this case, your adviser will warn you about the possible consequences and how this may impact on the quality of the advice provided. Your adviser may also decline to provide advice if they feel they have insufficient information to proceed. In some instances, we will decline to provide services or advice if we feel we have insufficient information for the scope of the service or advice requested.
Further, in some circumstances the law requires us to obtain and verify details of photographic and non-photographic identification documents.
Cookies and other web technologies we use
Some personal information may be collected automatically, without your knowledge, whilst navigating through and interacting with the content of our websites. The electronic methods of collection we use include cookies, log files and web beacons.
Web beacons are small pixel files that help us better manage content on our websites by allowing us to understand usage patterns, fix issues, and improve the products and services offered to you on our websites. Log files contain information about the devices and browsers used to access our websites and help us to diagnose problems, analyse trends, administer the site or mobile application.
The information we collect by these electronic means is generally not stored for long – they are temporary records – and can include device-specific data or log data such as your IP address, device screen size, device type, browser information, referring domain, pages visited, the date and time website pages were visited, and geographic location (country only).
Accessing and updating personal information
You can request access to personal information we hold. There may be a cost involved with locating, copying or sending you the information you request. The cost will be discussed and agreed with you at the time.
There may be circumstances where we refuse to provide you with the information you request, for example when the information is commercially sensitive. In these situations, we will inform you and provide an explanation as to why.
We will deal with requests for access to your personal information as soon as possible and aim to respond within 14 business days. The time we require will depend on the type of information requested.
We will update your personal information if you contact us. In most cases, you can update your personal information over the phone, by contacting your adviser or broker or electronically.
If you wish to remain anonymous or to use a pseudonym when dealing with us, we may only be able to provide you with limited information or services. In many cases it will not be possible for us to assist you with your specific needs if you wish to remain anonymous or use a pseudonym.
Who we share personal information with
From time to time, we may share your personal information with other entities both within and outside of the Licensee. This will vary according to the product or service involved, but could include:
- any person acting on your behalf, including your financial adviser, solicitor, accountant, executor, administrator, trustee, guardian or attorney
- financial product and service providers, including financial planning software providers and paraplanners
- for corporate superannuation members, your employer or your employer’s financial adviser
- other organisations within the Licensee including related bodies corporate and advice firms we have authorised,
- medical practitioners and health service providers, such as pathology services
- companies involved in the payments system including financial institutions, merchants and payment organisations
- organisations who assist us with certain business functions, such as auditors, compliance consultants, direct marketing, debt recovery and information and communication technology support
- our solicitors, our insurers, courts, tribunals and dispute resolution organisations
- other organisations who provide us with products and services so that they may provide their products and services to you or contact you on our behalf, and/or
- anyone to whom we, or our service providers, are required or authorised by law to disclose your personal information to (for example, law enforcement agencies, Australian and international government and regulatory authorities).
We may also disclose your information to a third party where you have given your consent or where you would reasonably expect us to disclose your information to that third party.
We may also disclose the personal information we hold about our financial advisers to professional organisations, companies and consultants that we work with.
The only circumstances in which we would collect, use or disclose your government related identifiers is where we are required or authorised by law to do so. For example, we may be required to disclose your Tax File Number (TFN) to the Australian Taxation Office, a superannuation or retirement income product provider. Likewise, we may need to disclose your Medicare number to Centrelink in order to assess your social security eligibility. Drivers licence numbers and passport numbers may also be collected when we are required to verify your identity.
Personal information collected may also be used for direct marketing purposes to promote events, products or services that may be of relevance to you. Please contact us should you wish not to receive direct marketing.
Disclosure of personal information overseas
We may disclose your personal information to service providers who operate outside Australia. The most common example of when we share your personal information overseas is when we work with overseas service providers who prepare financial advice documents.
These recipients may be located in the following countries: Philippines.
We will not send personal information to recipients outside of Australia unless:
- we have taken reasonable steps to ensure that the recipient does not breach the Act, the APPs;
- the recipient is subject to an information privacy scheme similar to the Privacy Act; or
- the individual has consented to the disclosure.
When we send your personal information to overseas recipients, we make sure appropriate data handling and security arrangements are in place.
If you consent to your personal information being disclosed to an overseas recipient, and the recipient breaches the APPs, we will not be accountable for that breach under the Privacy Act, and you will not be able to seek redress under the Privacy Act.
Your adviser may enter into their own outsourcing arrangements to countries other than those detailed above. If so, your adviser will disclose these arrangements separately to you. All reasonable steps will be taken to ensure that offshore service providers comply with the Privacy Act.
Personal information is generally hosted on servers located in Australia. If you access our services from outside Australia, you consent to the transfer of your personal information to Australia, a jurisdiction that may not provide the same high level of protection we apply in Australia.
How we protect personal information
We strive to ensure that the personal information that you provide to us is stored safely and securely. We take a number of precautions to protect the personal information we hold about you from misuse, interference and loss, and from unauthorised access, modification or disclosure.
We have a range of practices and policies in place to protect personal information we hold, including:
- educating our staff and representatives about how to protect your personal information and updating them about cybersecurity developments, threats and scams,
- requiring our staff and representatives to use passwords when accessing our systems,
- where appropriate, using strict confidentiality arrangements restricting third parties’ use or disclose of personal information for any unauthorised purposes,
- employing physical and electronic means, including access controls (as required) to protect against unauthorised access to buildings,
- employing firewalls, intrusion prevention systems and virus scanning tools to protect against unauthorised persons, malware and viruses from entering our systems,
- some of the systems we use are on dedicated secure networks or transmit electronic data via encryption, and
- providing secure storage for physical records and securing paper files in locked cabinets and physical access restrictions.
Where personal information is no longer required, we take steps to de-identify or destroy the information in a secure manner.
Where our employees work remotely or from home, we implement the following additional security measures: two-factor authentication is enabled for all remote working arrangements;
- password complexity is enforced, and employees are required to change their password at regular intervals;
- we ensure that employees only have access to personal information which is directly relevant to their duties;
- employees are not permitted to work in public spaces;
- we use audit trails and audit logs to track access to an individual’s personal information by an employee;
- we monitor access to personal information, and will investigate and take appropriate action if any instances of unauthorised access by employees are detected;
- employees must ensure that screens are angled so that they cannot be used by anyone else, and are locked when not in use;
- employees must ensure that no other member of their household uses their work device;
- employees must store devices in a safe location when not in use;
- employees may not make hard copies of documents containing personal information, nor may they email documents containing personal information to their personal email accounts; and
- employees may not disclose an individual’s personal information to colleagues or third parties, via personal chat groups.
We do not adopt identifiers assigned by the Government (such as drivers’ licence numbers) for our own file recording purposes, unless one of the exemptions in the Privacy Act applies.
How do we keep personal information accurate and up-to-date?
We are committed to ensuring that the personal information we collect, use and disclose is relevant, accurate, complete and up to date.
We encourage you to contact us to update any personal information we hold about you. If we correct information that has previously been disclosed to another entity, we will notify the other entity within a reasonable period of the correction. Where we are satisfied information is inaccurate, we will take reasonable steps to correct the information within 30 days, unless you agree otherwise. We do not charge you for correcting the information.
Accessing your personal information
Subject to the exceptions set out in the Privacy Act, you may gain access to the personal information that we hold about you by contacting the SmartMoney Wealth Management’s Privacy Officer. We will provide access within 30 days of the individual’s request. If we refuse to provide the information, we will provide reasons for the refusal.
We will require identity verification and specification of what information is required. An administrative fee for search and photocopying costs may be charged for providing access.
Complaints about privacy
We have an effective complaint handling process in place to manage privacy risks and issues. We will acknowledge receipt of a complaint immediately, however, where this is not possible, acknowledgement will be made as soon as practicable. We will then investigate the complaint and respond to you within 45 days. Some complex matters may require an extension to thoroughly investigate the complaint and bring it to resolution.
The complaints handling process involves:
- identifying (and addressing) any systemic/ongoing compliance problems;
- increasing consumer confidence in our privacy procedures; and
- helping to build and preserve our reputation and business.
If you have any queries or are concerned about how your personal information has been collected, used or disclosed and you wish to make a complaint, please contact the Privacy Officer on the information below:
Mail Level 2, 6 Parkview Drive, Sydney Olympic Park NSW 2127
Phone 1300 966 330
Email [email protected]
If you are not fully satisfied with our response, you can contact an external body. In cases of privacy related complaints, this is generally the Office of the Australian Information Commissioner (OAIC).
The contact details for OAIC are:
Director of Complaints, Office of the Australian Information Commissioner
GPO Box 5218 Sydney NSW 2001
Phone 1300 363 992
Email [email protected]
You may also direct privacy complaints related to financial advice to the Australian Financial Complaints Authority (AFCA). The contact details for AFCA are:
Mail GPO Box 3, Melbourne, VIC 3001
Phone 1800 931 678 (free call)
Email [email protected]