1. This Policy
In this Policy, references to ‘we’, ‘our’, and ‘us’ are references to Human Financial Pty Limited and all members of the Human Financial group of companies including ClearView Financial Management Limited.
2. Personal information we collect and hold
We will collect and hold personal information relevant to the product and services provided. This may include a your:
date of birth;
contact details (including telephone numbers and email address);
government issued identifiers, such as a Tax File Number (TFN);
credit card or bank account details;
occupation and employment details;
records of contact with us, such as voice call recordings (although not all of a voice recording may be personal information) and other correspondence;
voice print and facial recognition biometrics and location information from a mobile device;
other information required to allow us to provide you with the products and services you have requested.
Personal information includes information or an opinion about an identified individual or an individual who is reasonably identifiable.
We only collect sensitive information when we have your consent, or when we are required by law, or otherwise permitted under the Privacy Act 1988 (Cth) (Privacy Act) to do so.
If you decide to provide your TFN to us, we are subject to laws which say how your TFN may be used and handled.
3. Why do we collect personal information?
We collect, hold, use and/or disclose your personal information for a range of our activities. These include:
meeting our obligations under business arrangements we have with other parties;
enabling us to provide the products and services for which you apply (including improving customer outcomes);
processing your application for a financial product or service;
performing our administration functions such as accounting, risk management, actuarial, monitoring and evaluating of price, and prevention of fraud;
monitoring, evaluating, developing and designing products and services;
conducting market research (including client surveys);
meeting obligations required by law, including assisting law enforcement bodies and regulators;
resolving complaints or litigation matters; or
for any other activity or purpose to which you agree.
We are required to comply with legislation and codes which relate to privacy. These include the Privacy Act which incorporates the Australian Privacy Principles, the Spam Act 2003 (Cth) and the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth).
4. Data analytics
We may also use your personal information for data analytics. That is, where we, or someone working on our behalf, analyses data so we can, for example, develop forecasts of future trends and better customer outcomes. The data to be processed may be de-identified as required (i.e. the personal identifiers will be removed) before processing occurs and may be combined with data provided or obtained by an external supplier. We may use analytics for other purposes as the technology and our needs develop.
5. Collection and storage of personal information
We will collect personal information from you only by lawful and fair means.
We may collect information about you during the life of the products or services provided.
In certain circumstances, you may choose to deal with us anonymously or by using a pseudonym. We will inform you when you may deal with us anonymously or by pseudonym.
If you choose not to give us the personal information that we need, then we may not be able to provide the product or services that you need.
Much of the personal information will be obtained directly from you. We may collect personal information from you over the phone, by letters, emails and other electronic means such as from your application for a financial product or service.
If you provide us with personal information about another person, we require that you have the consent of that person to provide it. It is your responsibility to ensure that the other person:
is aware you have provided their personal information to us;
understands who we are and how to contact us;
knows they may have access to their personal information;
knows the purposes for which you provided their personal information to us; and
We may collect personal information about you from third parties, such as:
our commercial partners or other third parties we deal with in providing our services and products;
other members of the Human Financial group of companies;
your appointed representatives or someone you have agreed to act on your behalf (for example, your financial adviser, legal adviser, accountant, guardian, trustee or attorney); or
publicly available sources including social media and forums.
If third parties approach us and request your personal information, we will ask for your consent before it is released.
We may receive personal information about you from a third party which we did not request from you. We will evaluate whether we can keep the information or whether we must destroy or de-identify the information in accordance with the Privacy Act. If we keep the information, we will take reasonable steps to notify you of this
6. Storage of personal information
Information that we hold about you that is not stored in electronic form will be securely stored within Australia. Information in electronic form will be securely stored in data centres in Australia or overseas.
We will only retain your personal information for as long as reasonably required, unless we are required or permitted by law.
7. Security of personal Information
We understand the importance of keeping personal information safe and secure. We take reasonable steps to protect personal information from unauthorised access, modification, disclosure, or other misuse, interference and loss. This includes limiting access to such information through the permissions granted at various user access levels, having documented procedures and having policies that govern employees’ use of systems.
We have in place information security practices that consist of administrative, technical, and physical safeguards and controls that are appropriate for:
the type of customer data stored; and
the need for security, integrity, confidentiality, availability, and privacy of such information.
Our security practices are designed to:
help protect the confidentiality, integrity, availability, and privacy of customer data in our possession or control;
help protect against any reasonably anticipated threats or hazards to the confidentiality, integrity, availability, or privacy of customer data;
help protect against unauthorised or unlawful access, use, disclosure, alteration, or destruction of customer data;
help protect against accidental loss or destruction of, or damage to, customer data; and
comply with applicable regulatory regimes.
We also have in place a process to identify, manage and remediate privacy and data breaches.
If a data breach occurs that is likely to result in a risk of serious harm to you, we will notify you and the Office of the Australian Information Commissioner (OAIC) unless we have already taken appropriate remedial action and there is no risk to you of serious harm. If we are required to notify you, we will keep in contact with you about what has happened, inform you about the steps we are taking to resolve the situation, and recommend steps for you to take to limit the impact of the breach to your privacy.
8. Website and cookies
We also collect personal information when you visit our websites or use our mobile and tablet applications. To enable us to improve the experience for you and other clients, we may collect information (such information will be de-identified) including:
when you visited the website;
the pages you viewed;
how you browsed and moved around the website;
the general location from where you accessed the website;
the type of electronic device you used when you accessed the website; and
your Internet Protocol (IP) address.
9. Disclosure of personal information
We may share your personal information with:
organisations that we have a business relationship with;
our third-party service providers including administrators, custodians, lawyers, accountants, auditors, or fraud detection;
professional advisers and consultants;
mailing houses and storage providers;
product and system designers and development providers, payment, and IT service providers;
with other members of the Human Financial group of companies;
providers of market research and statistical or data analysis services; or
people you have consented that we may disclose to.
We may be required to disclose your personal information to law enforcement including where we believe it is necessary to prevent a serious threat to life, health or safety, or a criminal activity is involved.
We may also disclose your information to:
statutory authorities or government departments and agencies, for example, the Australian Securities and Investments Commission (ASIC), the Office of the Australian Information Commissioner (OAIC), the Australian Transaction Reports and Analysis Centre (AUSTRAC), the Australian Taxation Office (ATO) and
dispute resolution bodies, for example, the Australian Financial Complaints Authority (AFCA).
10. Sharing of personal information overseas
We may disclose your personal information outside of Australia. Depending upon the products or services, this may include entities based in:
Member states of the European Union;
South Korea; and
These countries may change from to time to time. If your personal information is sent or held overseas, we may be required to comply with privacy legislation that applies to the country where it is sent or held.
When we do this, we will take reasonable steps to protect the privacy of your personal information, including where possible requiring the overseas third party providers to comply with both the Privacy Act and the privacy laws applicable to their jurisdiction.
You should understand that by providing your personal information, you consent to it being sent to overseas third-party providers. You should also understand that these overseas providers are not bound by the Australian Privacy Principles and you will not be able to exercise the rights you have under the Privacy Act if an overseas third-party provider does not meet those privacy obligations.
11. Access, correction and retention of personal information
11.1. Access to your personal information
You generally have the right to request access to your personal information. To do so, please email your request to firstname.lastname@example.org. Your right to access your personal information is subject to some exceptions, including where:
we believe that accessing your personal information could pose a threat to an individual or the public;
the information is protected from disclosure by law or disclosure is illegal;
the release of the information may be prejudicial to us in relation to a dispute or in relation to your complaint;
we reasonably believe that the information is commercial-in-confidence;
giving access would have an unreasonable impact on another person’s privacy;
we or a relevant law enforcement agency suspect unlawful activity and appropriate action is likely to be prejudiced; or
we reasonably conclude your request is frivolous or vexatious in nature.
We will not provide copies of voice recordings of your contact with us. We may provide a transcript with identification of any third parties (including that of our employees) redacted when we are required to provide you access to your personal information. We will deal with your request for access within 30 days after the request is made and give access to the information in the manner you requested, if it is reasonable and practicable for us to do so. We may charge a fee to access the personal information that you have requested (for example, to cover photocopying, or producing a transcript and its delivery). If we decline to provide access to, or disclosure of, your personal information, we will not do so unreasonably. We will give you a list of the documents we have declined to provide, our reasons in writing for doing so, and provide information on how to make a complaint.
11.2. Correction of your personal information
Please let us know as soon as possible of any changes to your personal information so we can correct it. If you believe that the personal information we hold about you is inaccurate, incomplete, out of date or irrelevant, you can ask us to correct it and we will take reasonable steps to do so. If there are any instances where we cannot do this, we will let you know. If we disagree with your opinion, we will take reasonable steps to include a note of your opinion on your record. If we believe that any personal information that we hold about you is inaccurate, incomplete or out of date, we will endeavour to contact you. If needed, we may seek data from other sources such as public records and organisations.
11.3. Retention of your personal information
We will retain your personal information in accordance with our internal policy and regulatory requirements.
12. Marketing and opting out
From time to time, we may use your personal information to offer you, invite you to apply, or promote our products and services that we feel may be of interest to you. We may contact you by a variety of means including mail, email, SMS, telephone, and other available mediums. We will do so when you have consented or where it could be reasonably expected that your personal information could be used for that purpose.
Please contact us at email@example.com if you wish to ‘opt out’ or no longer want to receive this marketing information.
However, if you elect to opt out, we will still need to communicate with you about existing products or services that you use. For example, we will continue to send you such documents as your annual statements.
We do not sell your personal information to anyone.
13. How do I make an enquiry or complaint?
If you have an enquiry about how your personal information is being handled by us, our affiliates or service providers, in the first instance you should contact our Privacy Officer (contact details listed below).
Information on how you can make a complaint about how we deal with your personal information can be found in our Complaints Handling Policy.
GPO Box 4232 – Reply Paid
Sydney NSW 2001
Phone: 1800 265 744
Office of the Australian Information Commissioner
GPO Box 5288
Sydney NSW 2001
Phone: 1300 363 992 (10am to 4pm, Monday to Friday AEST/AEDT)