This Policy applies to My Fortress Pty Ltd (My Fortress) and all its’ representatives. The privacy of your personal information is important to us at My Fortress. We are committed to respecting your right to privacy and protecting your personal information. We are bound by the National Privacy Principles in the Privacy Act 1988. Our staff and representatives are trained to respect your privacy in accordance with our standards, policies and procedures.
Collecting your personal information
As a financial service provider, we are subject to certain legislative and regulatory requirements under the Corporations Act and the Anti-Money Laundering and Counter-Terrorism Financing Act 2006. These require us to obtain personal information about you including:
your name, contact details, date of birth, tax file number;
information regarding your dependents and family commitments;
your occupation, and employment history
your financial needs and objectives;
details of your investment preferences and risk tolerance; and
your assets, liabilities, income, expenses insurances, and social security entitlements.
If you want to make purchases from (or through) us we will also collect your payment information. We will also collect this information if we need to make payments to you.
If you apply for employment with us we will collect information about your work history and ask your referees about you.
If you apply to become an Authorised Representative we will collect information to enable us to assess whether you meet accepted standards for financial planners.
We collect personal information directly from you or from third parties once authorisation has been provided by you. You have the right to refuse us authorisation to collect such information from a third party.
We may also need to collect sensitive information if we organise insurance covers for you. Sensitive information includes such things as health information, racial information and genetic information.
We will only collect sensitive information that is reasonably necessary for us to perform our functions or activities in advising and dealing with you.
Unsolicited personal information
We don't usually collect unsolicited personal information. Where we receive unsolicited personal information, we'll determine whether or not it would have been permissible to collect that personal information if it had been solicited. If we determine that collection would not have been permissible, to the extent permitted by law, we'll destroy or de-identify that personal information as soon as practicable.
Dealing with us anonymously
You can deal with us anonymously where it is lawful and practicable to do so. For example, if you inquire about representatives who operate near to your location.
Using and disclosing your personal information
Primarily, your personal information is used in order to provide financial advice and services to you.
We may also use the information for the purpose of:
attempting to identify other products and services that may be of interest to you; and
disclosing your personal information to external associates and service providers who assist us to market our services.
If you do not wish to receive information relating to other products and services please contact us at any time.
We may disclose your personal information to the organisations described below.
Organisations that assist in operating a financial planning business such as those that provide administrative, paraplanning, financial, accounting, insurance, research, legal, IT or other business services;
Government and regulatory authorities and other organisations, as required or authorised by law;
A potential purchaser/organisation involved in the proposed sale of our (or our representatives) business for the purpose of due diligence, corporate re-organisation and transfer of all or part of the assets of our business. Disclosure will be made in confidence and it will be a condition that no personal information will be used or disclosed by them;
Your representatives or service providers such as your accountant, solicitor, tax agent, stockbroker, mortgage broker or bank;
where you have given your consent to disclose your personal information.
We may use your personal information to tell you about other service providers, with whom we have arrangements, those supply goods or services that may be of interest to you.
If you apply to become an Authorised Representative or apply for employment with us we will collect information about you to assist us to decide whether to appoint you.
We collect payment information in order to process your payments.
In certain circumstances, we may need to collect your tax file, Medicare or pension card number. We do not use or disclose this information other than for the purpose it was collected, authorised by law or if you have asked us to disclose this information to a third party.
We may disclose your personal information to overseas entities that provide support functions to us. You may obtain more information about these entities by contacting us.
Where your personal information is disclosed we will seek to ensure that the information is held, used or disclosed consistently with the National Privacy Principles.
Keeping your personal information accurate and up-to-date
We aim to make sure that the personal information we collect, use or disclose is accurate, complete and up-to-date. We will take reasonable steps to make sure this is the case. This way we can provide you with better service. If you believe your personal information is not accurate, complete or up to date, please contact us. If we refuse to correct your personal information we will provide you with our reasons within 30 days.
Protecting your personal information
We store information in different ways, including in paper and electronic form. The security of your personal information is important to us and we take reasonable steps to protect it from misuse and loss and unauthorised access, modification or disclosure. Some of the measures that we have adopted are having facilities for the secure storage of personal information, having secure offices and access controls for our computer systems.
It is a legislative requirement that we keep all personal information and records for a period of 7 years. Should you cease to be a client of ours, we will maintain your personal information on or off-site in a secure manner for 7 years. After this, the information will be destroyed.
Organisations outside Australia
From time to time, we may have staff located in the Philippines or other countries.
We may use cloud storage to store the personal information we hold about you. The cloud storage and the IT servers may be located outside Australia.
As electronic or networked storage can be accessed from various countries via an internet connection, it’s not always practicable to know in which country your information may be held. If your information is stored in this way, disclosures may occur in countries other than those listed. Overseas organisations may be required to disclose the information we share with them under a foreign law. In those instances, we will not be responsible for that disclosure.
We will not send personal information to recipients outside of Australia unless:
we have taken reasonable steps to ensure that the recipient does not breach the Privacy Act and the Australian Privacy Principles;
the recipient is subject to an information privacy scheme similar to the Privacy Act; or
the individual has consented to the disclosure.
Your privacy on the Internet
We take care to ensure that the personal information you give us on our websites is protected. For example, our websites may have electronic security systems in place, including the use of firewalls and data encryption. User identifiers, passwords or other access codes may also be used to control access to your personal information.
Links to Other Sites
You may be able to access external websites by clicking on links we have provided. Those other websites are not subject to our privacy standards, policies and procedures. You will need to contact or review those websites directly to ascertain their privacy standards, policies and procedures.
We may use technology such as beacons, tags, scripts and tracking pixels to collect, store and use anonymous data about how you use our website / mobile technology. This includes your server address, the date and time of your visit, the pages and links accessed, the type of browser used and other information about your browsing activities. This data is used to increase functionality and can also enable us to display information and content that is tailored to our understanding of your interests. This information alone cannot be used to discover your identity.
Gaining access to your personal information
You can gain access to your personal information. This is subject to some exceptions allowed by law. Should we refuse you access to your personal information, we will provide you with a written explanation for that refusal.
We ask that you provide your request for access in writing (for security reasons) and we will provide you with access to that personal information.
We will provide you access within 30 days if it is reasonable and practicable to do so, but in some circumstances, it may take longer (for example, if we need to contact other entities to properly investigate your request).
We do not usually charge you for access to your personal information. However, if the request is complex, we may charge you the marginal cost of providing access, such as staff costs of locating and collating information or copying costs. If charges are applicable in providing access to you, we will disclose these charges to you prior to providing you with the information.
If charges are applicable in providing access to you, we will disclose these charges to you prior to providing you with the information.
Notifying you of certain data breaches
A data breach occurs when personal information held by us is lost or subjected to unauthorised access or disclosure. If we suspect or know of a data breach, we will take immediate steps to limit any further access or distribution of the affected personal information or the possible compromise of other information.
When we have reasonable grounds to believe that a data breach is likely to result in serious harm – for example, identity theft, significant financial loss or threats to physical safety we will notify individuals at likely risk as soon as practicable and make recommendations about the steps they should take in response to the data breach. We will also notify the Office of the Australian Information Commissioner.
Notifications will be made using our usual method of communicating with you such as by a telephone call, email, SMS, physical mail, social media post, or in-person conversation. If we are unable to contact you, (or your nominated intermediary) by any of the above methods we will publish a statement on the front page of our website and place a public notice on our reception desk.
Resolving your privacy concerns
Phone: 1800 611 950
In writing to: Advice Dispute Resolution Team
My Fortress Pty Ltd
62 Charters Towers Rd
Hermit Park QLD 4812
If you are not satisfied with the outcome of your complaint, you are entitled to contact the Office of the Australian Information Commissioner.
Phone: 1300 363 992
Mail: Director of Complaints, Office of the Australian Information Commissioner GPO Box 5218, Sydney NSW 2001
Contact the Australian Financial Complaints Authority (AFCA):
Phone: 1800 931 678
In writing to: Australian Financial Complaints Authority
GPO Box 3
Melbourne VIC 3001