We are bound by the Australian Privacy Principles and the Notifiable Data Breaches (NDB) scheme under the Privacy Act.
This policy explains how we will collect, store, verify, use and disclose the information we hold and the conditions under which information may be accessed. It also explains our obligations for responding to data breaches.
Fundbase Group is bound by the Privacy Act, it’s Amendment (Enhancing Privacy Protection) Act, and it’s Privacy Amendment (Notifiable Data Breaches) Act, and we will protect your personal information in accordance with the Australian Privacy Principles. These principles govern how we can collect, use, hold and disclose your personal information, and how we respond when a data breach (including cyber and data security breaches), is likely to result in serious harm to any individuals whose personal information is involved in the breach.
What kinds of personal information do we collect and hold?
When you apply for our services, we may collect information that is necessary to be able to provide you with those services. For instance, we may ask for identification information such as your name, address and date of birth. Any unsolicited personal information we may collect will be promptly destroyed.
Why do we collect, hold, use and disclose personal information?
The main reason we collect, use, hold and disclose personal information is so we can service your request concerning financial advice. This may include:
- Checking your eligibility for the service; and
- Providing you with the service.
How do we collect personal information?
We collect most of the personal information we need directly from you. Sometimes we collect personal information about you from other people such as publicly available sources of information.
How do we hold personal information?
Much of the personal information we hold will be stored electronically and securely by us and we use a range of security measures to protect the personal information we hold.
Who do we disclose your personal information to, and why?
Sometimes we may disclose your personal information to organisations outside FundBase. These entities may include our service providers that we may perform our services.
Who do we notify when there is a data breach of your personal information?
In accordance with the Notifiable Data Breaches scheme under the Privacy Act, we are obliged to notify individuals whose personal information is involved in a data breach that is likely to result in serious harm (these are referred to as ‘eligible data breaches’). This notification must include recommendations about the steps individuals should take in response to the breach. The Australian Information Commissioner (Commissioner) must also be notified of eligible data breaches.
In summary, subject to certain exemptions, the scheme requires us to:
- carry out a reasonable and expeditious assessment if there are reasonable grounds to suspect that there may have been an eligible data breach (and to take reasonable steps to complete that assessment within 30 days); and
- make the prescribed notifications (to the Commissioner, and if practicable, to affected individuals) as soon as we are aware that there are reasonable grounds to believe that there has been an eligible data breach. The notifications must include a description of the data breach, the kinds of the information concerned and recommendations about the steps individuals should take in response to the data breach.
Do we disclose personal information overseas?
We may disclose your personal information to recipients located outside Australia. These entities may include our service providers.
Do we use or disclose personal information for marketing?
We may use your personal information to offer you services we believe may interest you. We will not do this if you tell us not to. We will provide you with an opportunity to ‘Opt-Out’.If you do not want to receive marketing offers from us, please contact us on the details listed at ‘Contact us’.
Access to and correction of personal information
You can request access to the personal information we hold about you. You can also ask for corrections to be made to your personal information. To do so, please contact us on the details listed at ‘Contact us’.
Resolving your privacy concerns and complaints – your rights
If you are concerned about how your personal information is being handled or if you would like to make a complaint, please contact us on the details listed at ‘Contact us’. If you are unhappy with our response, there are other bodies you can go to.
This information is provided for information purposes only. It does not constitute an offer or invitation to enter into any legal agreement of any kind for our services.