top of page
My Fortress - Privacy Policy


This Policy applies to My Fortress Pty Ltd (My Fortress) and all its’ representatives. The privacy of your personal information is important to us at My Fortress.  We are committed to respecting your right to privacy and protecting your personal information. We are bound by the National Privacy Principles in the Privacy Act 1988. Our staff and representatives are trained to respect your privacy in accordance with our standards, policies and procedures.


About this Privacy Policy

This Privacy Policy outlines how we and our representatives manage your personal information. It also describes generally the sorts of personal information held and for what purposes, and how that information is collected, held, used and disclosed. Our Privacy Policy applies to all your dealings with us, our website or a financial adviser. We encourage you to contact us or check our websites regularly for any updates to our Privacy Policy.


Collecting your personal information

As a financial service provider, we are subject to certain legislative and regulatory requirements under the Corporations Act and the Anti-Money Laundering and Counter-Terrorism Financing Act 2006. These require us to obtain personal information about you including:


  • your name, contact details, date of birth, tax file number;

  • information regarding your dependents and family commitments;

  • your occupation, and employment history

  • your financial needs and objectives;

  • details of your investment preferences and risk tolerance; and

  • your assets, liabilities, income, expenses insurances, and social security entitlements.


If you want to make purchases from (or through) us we will also collect your payment information. We will also collect this information if we need to make payments to you. 


If you apply for employment with us we will collect information about your work history and ask your referees about you. 


If you apply to become an Authorised Representative we will collect information to enable us to assess whether you meet accepted standards for financial planners.


We collect personal information directly from you or from third parties once authorisation has been provided by you. You have the right to refuse us authorisation to collect such information from a third party.


If you give us information about another person (like your spouse) in relation to the services we provide, we require that you let that other person know that you have provided their personal information and direct them to our website for a copy of this Privacy Policy.


Sensitive information

We may also need to collect sensitive information if we organise insurance covers for you. Sensitive information includes such things as health information, racial information and genetic information.


We will only collect sensitive information that is reasonably necessary for us to perform our functions or activities in advising and dealing with you.


Unsolicited personal information

We don't usually collect unsolicited personal information. Where we receive unsolicited personal information, we'll determine whether or not it would have been permissible to collect that personal information if it had been solicited. If we determine that collection would not have been permissible, to the extent permitted by law, we'll destroy or de-identify that personal information as soon as practicable.


Dealing with us anonymously

You can deal with us anonymously where it is lawful and practicable to do so. For example, if you inquire about representatives who operate near to your location.


Using and disclosing your personal information

Primarily, your personal information is used in order to provide financial advice and services to you.

We may also use the information for the purpose of:

  • attempting to identify other products and services that may be of interest to you; and

  • disclosing your personal information to external associates and service providers who assist us to market our services.


If you do not wish to receive information relating to other products and services please contact us at any time.


We may disclose your personal information to the organisations described below.

  • Our representatives;

  • Organisations that assist in operating a financial planning business such as those that provide administrative, paraplanning, financial, accounting, insurance, research, legal, IT or other business services;

  • Product issuers;

  • Government and regulatory authorities and other organisations, as required or authorised by law;

  • A potential purchaser/organisation involved in the proposed sale of our (or our representatives) business for the purpose of due diligence, corporate re-organisation and transfer of all or part of the assets of our business. Disclosure will be made in confidence and it will be a condition that no personal information will be used or disclosed by them;

  • Your representatives or service providers such as your accountant, solicitor, tax agent, stockbroker, mortgage broker or bank;

  • where you have given your consent to disclose your personal information.


We may use your personal information to tell you about other service providers, with whom we have arrangements, those supply goods or services that may be of interest to you.


If you apply to become an Authorised Representative or apply for employment with us we will collect information about you to assist us to decide whether to appoint you.


We collect payment information in order to process your payments.


In certain circumstances, we may need to collect your tax file, Medicare or pension card number. We do not use or disclose this information other than for the purpose it was collected, authorised by law or if you have asked us to disclose this information to a third party.


We may disclose your personal information to overseas entities that provide support functions to us.  You may obtain more information about these entities by contacting us.


Where your personal information is disclosed we will seek to ensure that the information is held, used or disclosed consistently with the National Privacy Principles.  

Sharing of information with related entities

We use common cloud-based operating systems across our related entities to store client data. This means that some of the personal information we hold about you will be stored and visible to related entities on our shared customer databases. All personal information stored in these databases are subject to both this Privacy Policy and the Privacy Policies of our related entities and strict information security standards. Our related entities are not authorised to use or disclose your personal information without your consent (other than for direct marketing as set out below).


Direct marketing and how to opt out

Unless you opt-out we may to the extent permitted by law:

  • use or disclose your personal information to let you know about products and services that we believe may be of interest to you;

  • market our services to you through third party channels (such as social networking sites), or via other companies who assist us to market our products and services;

  • conduct these marketing activities via email, telephone, SMS, Instant Messaging, mail, or any other electronic or other means, including targeted advertising through our websites; and

  • disclose your personal information to our related companies so they can tell you about their products and services.


You can let us know at any time (see ‘Contact Us’) if you wish to opt-out of receiving direct marketing offers from us or our related companies. We will process your request as soon as practicable.


You may also be able to opt-out by following the instructions in particular direct marketing communications.


Keeping your personal information accurate and up-to-date

We aim to make sure that the personal information we collect, use or disclose is accurate, complete and up-to-date. We will take reasonable steps to make sure this is the case. This way we can provide you with better service. If you believe your personal information is not accurate, complete or up to date, please contact us. If we refuse to correct your personal information we will provide you with our reasons within 30 days.


Protecting your personal information

We store information in different ways, including in paper and electronic form. The security of your personal information is important to us and we take reasonable steps to protect it from misuse and loss and unauthorised access, modification or disclosure. Some of the measures that we have adopted are having facilities for the secure storage of personal information, having secure offices and access controls for our computer systems.


It is a legislative requirement that we keep all personal information and records for a period of 7 years. Should you cease to be a client of ours, we will maintain your personal information on or off-site in a secure manner for 7 years. After this, the information will be destroyed.


Organisations outside Australia

From time to time, we may have staff located in the Philippines or other countries.

We may use cloud storage to store the personal information we hold about you. The cloud storage and the IT servers may be located outside Australia.


As electronic or networked storage can be accessed from various countries via an internet connection, it’s not always practicable to know in which country your information may be held. If your information is stored in this way, disclosures may occur in countries other than those listed. Overseas organisations may be required to disclose the information we share with them under a foreign law. In those instances, we will not be responsible for that disclosure.


We will not send personal information to recipients outside of Australia unless:

  • we have taken reasonable steps to ensure that the recipient does not breach the Privacy Act and the Australian Privacy Principles;

  • the recipient is subject to an information privacy scheme similar to the Privacy Act; or

  • the individual has consented to the disclosure.


Your privacy on the Internet

Our Websites

We take care to ensure that the personal information you give us on our websites is protected. For example, our websites may have electronic security systems in place, including the use of firewalls and data encryption. User identifiers, passwords or other access codes may also be used to control access to your personal information.


Links to Other Sites

You may be able to access external websites by clicking on links we have provided. Those other websites are not subject to our privacy standards, policies and procedures. You will need to contact or review those websites directly to ascertain their privacy standards, policies and procedures.



We may use cookies on our website. Cookies are small data files that are downloaded from our website and stored on your computer when you visit our website. Cookies are used to allow us to see which pages and what information is of most interest to visitors to our website, which in turn enables us to improve our offerings to our customers. Your computer's web browser will allow you to configure your computer to refuse to accept cookies. You can also delete cookies from your computer's hard drive at any time.


Other Technology

We may use technology such as beacons, tags, scripts and tracking pixels to collect, store and use anonymous data about how you use our website / mobile technology. This includes your server address, the date and time of your visit, the pages and links accessed, the type of browser used and other information about your browsing activities. This data is used to increase functionality and can also enable us to display information and content that is tailored to our understanding of your interests. This information alone cannot be used to discover your identity.


Gaining access to your personal information

You can gain access to your personal information. This is subject to some exceptions allowed by law. Should we refuse you access to your personal information, we will provide you with a written explanation for that refusal.


We ask that you provide your request for access in writing (for security reasons) and we will provide you with access to that personal information.


We will provide you access within 30 days if it is reasonable and practicable to do so, but in some circumstances, it may take longer (for example, if we need to contact other entities to properly investigate your request).

We do not usually charge you for access to your personal information. However, if the request is complex, we may charge you the marginal cost of providing access, such as staff costs of locating and collating information or copying costs. If charges are applicable in providing access to you, we will disclose these charges to you prior to providing you with the information.


If charges are applicable in providing access to you, we will disclose these charges to you prior to providing you with the information.


Notifying you of certain data breaches

A data breach occurs when personal information held by us is lost or subjected to unauthorised access or disclosure. If we suspect or know of a data breach, we will take immediate steps to limit any further access or distribution of the affected personal information or the possible compromise of other information.


When we have reasonable grounds to believe that a data breach is likely to result in serious harm – for example, identity theft, significant financial loss or threats to physical safety we will notify individuals at likely risk as soon as practicable and make recommendations about the steps they should take in response to the data breach. We will also notify the Office of the Australian Information Commissioner.  


Notifications will be made using our usual method of communicating with you such as by a telephone call, email, SMS, physical mail, social media post, or in-person conversation. If we are unable to contact you, (or your nominated intermediary) by any of the above methods we will publish a statement on the front page of our website and place a public notice on our reception desk.


Resolving your privacy concerns

If you have any issues you wish to raise with us or would like to discuss any issues about our Privacy Policy, please contact our Privacy Officer. Our Privacy Officer will investigate the issue and determine the steps we will undertake to resolve your complaint. We will contact you if we require any additional information from you and will notify you in writing within 30 days of the determination of our Privacy Officer.


Phone:            1800 611 950


In writing to:    Advice Dispute Resolution Team

                        My Fortress Pty Ltd

                        62 Charters Towers Rd

                        Hermit Park QLD 4812


If you are not satisfied with the outcome of your complaint, you are entitled to contact the Office of the Australian Information Commissioner.



Phone:         1300 363 992

Mail:             Director of Complaints, Office of the Australian Information Commissioner GPO Box 5218, Sydney NSW 2001



Contact the Australian Financial Complaints Authority (AFCA):



Phone:              1800 931 678

In writing to:      Australian Financial Complaints Authority

                         GPO Box 3 

                         Melbourne VIC 3001

bottom of page