- The kinds of personal information collected;
- How this information is collected;
- The purpose for which it is collected;
- How a client can access their information;
- How a client can complain if there has been a breach;
- Whether the information will be disclosed to overseas recipients and if so, to whom.
1. Scope – What Does This Policy Cover?
2. Why we collect information
We collect information from clients for a number of reasons including:
- To deliver products or services to you;
- To better understand your requirements and preferences;
- To improve our service to you;
- Preparing your financial plan;
- To provide financial advice to you;
- Establish and manage your investments and accounts;
- Implement your investment and insurance instructions;
- Process any contributions, transfers or payments of benefits;
- Monitor and report the investment performance of your account;
- Reviewing your financial plan;
- To provide you with future products and services you may be interested in;
- To fulfil our regulatory and legislative requirements.
2. How we collect this information
Information is generally collected from:
- Submitting your details on our website using forms or booking any consultations on
- When we ascertain from clients the facts necessary to make a fair and reasonable
assessment of their insurance or financial needs and objectives (“Fact Find”);
- When a client completes an application form for insurance;
- When a client completes an application form for an insurance claim;
- When a client completes an application form for investments;
- When a client completes an application form for superannuation
- When a client completes an application form to increase their level of insurance;
- When a client completes supplementary medical or financial questionnaires.
If a client is unable to provide us with their personal information, we may not be able to organise for them to receive a product or service. Clients can nominate an Authorised Representative to access their personal information. This can be revoked at any time.
We Are Gen Y may collect personal information from a third party (such as another Financial Adviser, Product Provider or Medical Practitioner) or a publicly available source but only if the client has consented to the collection or it can reasonably be expected that it has been provided by the client.
2.1 Life insurance products
Where a client applies for certain life risk products (such as life insurance, trauma insurance, total and permanent disability insurance) it will be necessary for We Are Gen Y and our Authorised Representatives to collect information about a client’s health and the health of their family members. This information will only be collected when the client gives their consent by completing the product’s application form. The information will be sourced by the Life Insurance company from the client, their medical professional and by other medical professionals where medical tests may have been performed. Due to confidentiality, it is sometimes the case whereby We Are Gen Y or the Authorised Representative may not be made fully aware of the medical circumstances by the Life Insurance company.
2.2 Privacy on the internet
We Are Gen Y and our Authorised Representatives may use websites to collect personal information from clients. Clients and Authorised Representatives may receive a password and a personal identification number to access details online. It is a condition of use that this information is kept confidential and secure at all times.
These are text files stored on a person’s computer when they visit a website. Its sole purpose is to identify users and possibly prepare customised web pages or to save site login information.
Although We Are Gen Y and our Authorised Representatives strive to ensure a client’s security, no data transmission over the internet can be guaranteed to be completely secure.
2.2.2 Links to third party websites
We Are Gen Y and our Authorised Representatives may provide links on our web pages to external industry parties. The content and views expressed on these third party websites are not the responsibility of We Are Gen Y or our Authorised Representatives.
2.3 Tax File Numbers
We Are Gen Y and our Authorised Representatives may need to collect a client’s tax file number to provide them with a product or a service (for example, managed fund investments and superannuation products). However this information will be kept securely.
3. What we collect
- Phone number;
- Email address;
- Age details;
- Financial details;
- Health Details;
- Transaction information;
- Bank account details;
- Tax File Number;
- Income details from employers;
- Details of dependents;
- Beneficiary details.
Where the information is deemed to be sensitive, for example, the collection of health information, there will be higher level of privacy protection afforded.
4. Disclosure of personal information
There may be cases where We Are Gen Y and our Authorised Representatives will need to disclose a client’s personal information to third parties. This is generally to assist us in providing the client with a product or service. This may include:
- Doctors, medical services or other organisation to help assist with the collection of information for an insurance application or a claim;
- Any fund (investment administrator or superannuation trustee) to which your benefit is transferred, created or rolled over;
- Your employer where it relates to your employer sponsored superannuation arrangement;
- Your personal representative or any other person who may be entitled to receive your death benefit;
- An external dispute resolution service, insurer or legal representative (where required or applicable);
- The policy owner (where the client is the life insurer but not the owner);
- Exchange of information with authorised financial institutions to confirm bank account details for payment.
- We may contract with third parties to supply services to you on Our behalf. These may include payment processing, delivery of goods, search engine facilities, advertising and marketing. In some cases, the third parties may require access to some or all of your data. Where any of your data is required for such a purpose, We will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, Our obligations, and the obligations of the third party under the law.
- We may compile statistics about the use of Our Site including data on traffic, usage patterns, user numbers, sales and other information. All such data will be anonymised and will not include any personally identifying information. We may from time to time share such data with third parties such as prospective investors, affiliates, partners and advertisers. Data will only be shared and used within the bounds of the law.
- In certain circumstances We may be legally required to share certain data held by Us, which may include your personal information, for example, where We are involved in legal proceedings, where We are complying with the requirements of legislation, a court order, or a governmental authority. We do not require any further consent from you in order to share your data in such circumstances and will comply as required with any legally binding request that is made of Us.
- If required by law or a regulatory body to do so, We Are Gen Y and our Authorised Representatives will comply and provide the appropriate body with the required client information.
4.1 Sale of an Authorised Representative’s business
In the event that either our Authorised Representative or we propose to sell our business, we may disclose some of a client’s personal information to potential purchasers for the purpose of conducting due diligence investigations. Any such disclosures will be made in the strictest confidence and conditional that no personal information will be used or disclosed by them. In the event of a sale being effected, we or our Authorised Representatives may transfer a client’s personal information to the purchaser of the business. The client will be granted at least 14 days notice by mail to their last known mailing address that such a transfer will be taking place. They will then have the opportunity to object to the transfer.
5. How Do We Use Your Data?
5.1 All personal data is stored securely in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR). For more details on security see section 6, below.
5.2 We use your data to provide the best possible services to you. This includes:
5.2.1 Providing and managing your Account;
5.2.2 Providing and managing your access to Our Site;
5.2.3 Personalising and tailoring your experience on Our Site;
5.2.4 Supplying Our services to you;
5.2.5 Personalising and tailoring Our services for you;
5.2.6 Responding to communications from you;
5.2.7 Supplying you with email e.g. newsletters, alerts etc. that you have subscribed to (you may unsubscribe or opt-out at any time by clicking the link in the email);
5.2.7 Analysing your use of Our Site [and gathering feedback] to enable Us to continually improve Our Site and your user experience;
5.3 In some cases, the collection of data may be a statutory or contractual requirement, and We will be limited in the services We can provide you without your consent for Us to be able to use such data.
5.4 With your permission and/or where permitted by law, We may also use your data for marketing purposes which may include contacting you by email AND/OR telephone AND/OR text message AND/OR post with information, news and offers on Our services. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that We fully protect your rights and comply with Our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, as amended in 2004, 2011 and 2015.
5.5 Advertisers whose content appears on Our Site may engage in what is known as “behavioural advertising” – advertising which is tailored to your preferences, based on your activity. Your activity is monitored using Cookies, as detailed below in section 12. You can control and limit your data used in this way by adjusting your web browser’s privacy settings. Please note that We do not control the activities of such advertisers, nor the information they collect and use. Limiting the use of your data in this way will not remove the advertising, but it will make it less relevant to your interests and activities on Our Site.
5.6 Under GDPR we will ensure that your personal data is processed lawfully, fairly, and transparently, without adversely affecting your rights. We will only process your personal data if at least one of the following basis applies:
a) you have given consent to the processing of your personal data for one or more specific purposes;
b) processing is necessary for the performance of a contract to which you are a party or in order to take steps at the request of you prior to entering into a contract;
c) processing is necessary for compliance with a legal obligation to which we are subject;
d) processing is necessary to protect the vital interests of you or of another natural person;
e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; and/or
f) processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
6. How and Where Do We Store Your Data?
6.1 We only keep your data for as long as We need to in order to use it as described above in section 5, and/or for as long as We have your permission to keep it. In any event, We will conduct a regular review to ascertain whether we need to keep your data. Your data will be deleted if we no longer need.
6.2 Some or all of your data may be stored or transferred outside of the European Economic Area (“the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland and Liechtenstein). You are deemed to accept and agree to this by using Our Site and submitting information to Us. If We do store or transfer data outside the EEA, We will take all reasonable
steps to ensure that your data is treated as safely and securely as it would be within the EEA and under the GDPR. Such steps may include, but not be limited to, the use of legally binding contractual terms between Us and any third parties We engage and the use of the EU-approved Model Contractual Arrangements.
Data security is of great importance to Us, and to protect your data We have put in place suitable physical, electronic and managerial procedures to safeguard and secure data collected through Our Site.
Steps We take to secure and protect your data include but not limited to:
6.2.1 Password protection
6.2.2 Anti-virus softwares
6.2.3 Online security protection softwares
Notwithstanding the security measures that We take, it is important to remember that the transmission of data via the internet may not be completely secure and that you are advised to take suitable precautions when transmitting to Us data via the internet.
7. Your Right to Withhold Information and Your Right to Withdraw Information After You Have Given it:
- You may access Our Site without providing any data at all. However, to use all features and functions available on Our Site you may be required to submit or allow for the collection of certain data.
- You may withdraw your consent for Us to use your personal data at any time by contacting Us, and We will delete Your data from Our systems. However, you acknowledge this may limit Our ability to provide the best possible services to you.
8. Access to personal information
When you submit information via Our Site, you may be given options to restrict Our use of your data. We aim to give you strong controls on Our use of your data (including the ability to opt-out of receiving emails from Us which you may do by unsubscribing using the links provided in Our emails.
Clients are able to access any personal information that is held by We Are Gen Y or our Authorised Representatives subject to limited exceptions or required by law. The following factors will be considered:
- The information is related to a commercially sensitive decision making process;
- Access would be unlawful;
- Denying access is required or authorised by or under law;
- Providing access would be likely to prejudice an investigation of possible unlawful activity.
To access the information, a client will need to contact the Privacy Officer as detailed in this policy. If the information is inaccurate, incomplete or not up to date, the client is encouraged to update their details.
The We Are Gen Y Privacy Officer will be able to advise the client how long it will take to provide the information. Generally however, clients will receive the requested information within 14 days of the request.
Where we are unable to provide you with the information you have requested, we will information you and explain the reasons why.
9. Summary of Your Rights under GDPR
Under the GDPR, you have:
- the right to request access to, deletion of or correction of, your personal data held by Us;
- the right to complain to a supervisory authority;
- be informed of what data processing is taking place;
- the right to restrict processing;
- the right to data portability;
- object to processing of your personal data;
- rights with respect to automated decision-making and profiling (see section 14 below).
10. Automated Decision-Making and Profiling
In the event that We use personal data for the purposes of automated decision-making and those decisions have a legal (or similarly significant effect) on You, You have the right to challenge to such decisions under GDPR, requesting human intervention, expressing their own point of view, and obtaining an explanation of the decision from Us.
The right described in section above does not apply in the following circumstances:
a) The decision is necessary for the entry into, or performance of, a contract between the You and Us;
b) The decision is authorised by law; or
c) You have given you explicit consent.
Where We use your personal data for profiling purposes, the following shall apply:
a) Clear information explaining the profiling will be provided, including its significance and the likely consequences;
b) Appropriate mathematical or statistical procedures will be used;
c) Technical and organisational measures necessary to minimise the risk of errors and to enable such errors to be easily corrected shall be implemented; and
d) All personal data processed for profiling purposes shall be secured in order to prevent discriminatory effects arising out of profiling.
11. Privacy Officer
We Are Gen Y has nominated a Privacy Officer to handle any queries or issues related to Privacy. This person has been nominated at a senior level and has access to the Board.
Name: Sarah Riegelhuth
Phone: 08 600 22 179
Post: 77 City Rd, Southbank VIC 3006
We take our client’s privacy seriously and will address your concerns through our complaints handling process. All complaints will be given fair consideration and will aim to be resolved within 45 days. We encourage you to submit your complaint to the Privacy Officer (details above) either via email to post. Where it is found that we are unable to finalise the investigation of your complaint within 45 days, we will contact you to request an extension. If you believe you did not receive a satisfactory resolution to your concern, you may contact the Office of the Australian Information Commissioner. You are able to do so by:
- Visiting www.oaic.gov.au and submitting an online form;
- Obtaining a hard copy form at www.oaic.gov.au/about-us/contact-us-page;
- Phone: 1300 363 992;
- Fax: 02 9284 9666;
- Email: firstname.lastname@example.org
The Office of the Australian Information Commissioner is also available via Social Media outlets. Please refer to their Contact Us page.