“Personal information” is information or an opinion about an identified individual, or about an individual who is reasonably identifiable.
“Sensitive information”, a sub-set of personal information, is information or an opinion about an individual’s racial or ethnic origin, political opinions, political association membership, religious beliefs or affiliations, philosophical beliefs, professional or trade association membership, trade union membership, sexual orientation or practices or criminal record, and includes health information and genetic information.
What personal information will we collect and hold?
The kinds of personal information we collect from you or about you depend on the transaction you have entered into with us, the services you or your organisation have contracted us to provide, and the services you or your organisation are interested in.
Generally, the types of personal information that we may collect and hold will include individuals’ names, residential addresses, email addresses, phone numbers, banking details, dates of birth, investment details, payroll details, taxation details and other related accounting and financial services information.
How do we collect and hold personal information?
We aim to collect personal information only directly from you, unless it is unreasonable or impracticable to do so. For example, we may collect personal information from you or about you from correspondence that you submit to us, telephone calls and face-to-face meetings with us, emails, hardcopy forms, information you provide us through paper-based and electronic client surveys and from your activity on our website.
In some instances, we may also receive personal information about you from third parties, such as associated businesses and / or federal government departments.
You can be anonymous or use a pseudonym when dealing with us, unless:
- the use of your true identity is a legal requirement; or
- it is impracticable for us to deal with you on such a basis.
Why do we collect, hold, use and disclose personal information?
We collect, hold, use and disclose personal information from you or about you where it is reasonably necessary for us to carry out our business functions and activities. For example, we collect, hold, use and disclose personal information as necessary to provide services to you or your organisation.
We may collect sensitive information from or about you where there is a legal requirement to do so, or where we are otherwise permitted by law. In all other situations, we will specifically seek your express consent.
If we do not collect, hold, use or disclose your personal information, or if you do not provide your consent, then we may not be able to answer your enquiry, complete the transaction you have entered into or provide the services you have engaged us to provide.
We collect, hold, use and disclose your personal information for related purposes that you would reasonably expect, such as our administrative and accounting functions, credit checks, processing your payments, obtaining product registrations and approvals, providing you with information about other services provided by us, market research, client satisfaction surveys, newsletter communications, statistical collation and website traffic analysis.
We may also use your personal information for marketing and promotional activities, and for maintaining your online subscription/s to our newsletters. Where we use your personal information for marketing and promotional communications, you can opt-out at any time by following the unsubscribe link contained within our marketing communications.
We may disclose your personal information to third parties (including government departments and enforcement bodies including ASIC, APRA, AFSA and the ATO) where required or permitted by law.
From time to time, we may need to disclose your personal information to third party service providers, located both inside and outside Australia (for further information in relation to our overseas disclosure of personal information, please see below). For example, we may disclose your personal information to:
- Our professional advisors;
- Other entities in the Byrons group and or part of any Association Network we belong too; or
- Our agents, contractors and external service providers.
We may be required to disclose personal information to Law enforcement, Government agencies or regulatory bodies, as part of an engagement, (for example, the Australian Taxation Office).
These entities and third parties may sometimes be located in other countries, in particular the Philippines, India and Sri Lanka.
Where we disclose your personal information to other entities in the Byrons Network, or to third party service providers, we will at all times remain accountable for their handling of that information. This includes taking steps to ensure that those recipients protect that information from unlawful access, modification or disclosure, and from misuse, interference and loss. Your personal information is not disclosed to third parties for the use of allowing them to send marketing material to you. However, we may share non-personal, de-identified or aggregated information with them for research, data analytics or promotional purposes.
How do we store your personal information?
Your personal information is held and stored on paper, by electronic means or both. ‘Electronic means include, physical servers located on premises, servers maintained by cloud services providers, laptops, desktop computers, tablets and other mobile devices. We have physical, electronic and procedural safeguards in place for personal information and we take reasonable steps to ensure that your personal information is protected from misuse, interference, loss and unauthorised access, modification and disclosure.
For example, our IT systems feature password protections, firewalls, and intrusion detection and site monitoring functionalities. Data held and stored “in the cloud” is protected by internal and external firewalls, limited access via file passwords, files designated read-only or no access. We also require our IT contractors and other third parties to implement privacy safeguards. Further, our staff members receive regular training on our strict privacy and confidentiality procedures in relation to all personal information stored by us electronically and in printed form.
Where a breach of security gives rise to a ‘data breach’, being an incident when personal information, in any format, held by an agency or organisation is lost or subjected to unauthorised access, modification, disclosure or other misuse or interference, we will comply with our obligations under the Notifiable Data Breaches Scheme under the Privacy Act.
Destruction and De-identification
We will retain your personal information whilst it is required for our business functions or any other lawful purpose. We use secure methods to destroy or permanently de-identify your personal information when it is no longer needed.
Our business is affiliated with other businesses located overseas. In the course of doing business with you, we may disclose some of your personal information to overseas recipients. However, we will only do so where:
- it is necessary to complete the transaction you have entered into or for us to complete the services we are providing; and
- we use our best endeavours to ensure overseas providers comply with our data handling policies and procedures under the APPs; or
- it is otherwise required by law.
Currently, we (and our network entities) may disclose personal information to overseas recipients located in Philippines, India and Sri Lanka.
Access to, and Correction of, Personal Information
We have procedures in place for dealing with and responding to requests for access to, and correction of, the personal information held about you.
In most cases, we expect that we will be able to meet your requests. However, if we do not agree to provide you with access, or to correct the information as requested, we will provide you with written reasons regarding our decision.
Should you wish to access your personal information, please contact your local firm’s Privacy Officer and request a “Personal Information Access Form” (our Privacy Officer’s contact details are set out below).
We do not generally charge for requests to access your personal information. However, we may charge a fee:
- If an extended amount of time is required to locate, retrieve, collate and prepare any necessary materials; and
- in relation to any costs for the services of any intermediaries required to retrieve the information.
We will advise you of the estimated timeframe and costs (if any) in connection with any request for access to, or the correction of, your personal information.
To assist us to keep our records up-to-date, please notify us of any changes to your personal information.
Complaints and Concerns
We have systems and procedures in place for dealing with complaints and concerns about our practices in relation to the Privacy Act and the APPs. We will respond to your complaint in accordance with the relevant provisions of the APPs.
If you wish to make a complaint about our handling of personal information, please contact your local firm’s Privacy Officer. Contact details below. If you lodge a complaint with us, it will be dealt with in accordance with our Internal Dispute Resolution process and we will endeavour to provide a formal response to your complaint within 30 days. If the matter proves to be complex, we will advise you in writing of any necessary extension of time for our response.
If you feel that your complaint is not handled in a satisfactory manner, you may refer your complaint to the Office of the Australian Information Commissioner (the details of which are set out below).
If you are concerned about cookies, most browsers permit individuals to decline cookies. In most cases, a visitor may refuse a cookie and still fully navigate our websites, however other functionality in the site may be impaired. After termination of the visit to our site, you can always delete the cookie from your system if you wish.
We use Google Analytics to analyse our website usage and create reports for internal use at Byrons.
Google Analytics Cookies
Privacy Officer Contact Details
62 Burwood Road
Burwood NSW 2134
Phone: 02 8745 3433
Email: [email protected]