Your privacy is important to us. We are bound by the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs), and this policy explains how we manage your personal information and the safeguards we have in place to protect your information. For the avoidance of doubt, this policy also applies to how we manage the personal information of AFS Licensees and their advisers and representatives, and our employees.
We may update this policy from time to time for any reason and without notice, so recommend that you regularly review this policy from the links provided on our website (located at the bottom of each web page). Alternatively, you can contact us to request a copy free of charge.
2. Collection of personal information
2.1 What personal information we collect
We will collect information from you to provide you with services and products. This includes collecting information when you:
Contact us – we will require information to verify who you are, such as your name, address, date of birth, email and other personal information (unless you contact us via phone or one of Netwealth’s social media channels to make a general enquiry, complaint or comment only, in which case you may choose to be anonymous or use a pseudonym although we may require further information to respond to your complaint, enquiry or comment).
Wish to provide your representatives or clients products and services offered by or available via us (where you are an AFS Licensee, adviser orrepresentative) – we will require information to verify who you are, your bank details and other credentials as required by us to assess, record and review matters relevant to our obligations and risks.
Open one or more of our products or services, or one or more products or services that we administer for a third party issuer * – we will require your personal information, along with other information to enable us or the third party issuer, whichever relevant, to offer that product, such as name, date of birth, contact details, identification documents, tax information, residency status, bank account details, occupation status, and any other personal information for us to comply with our obligations and manage risks . If you have a financial, legal or other adviser or representative, broker or agent, we will require their personal information to facilitate communications and relevant authorities.
Utilise one or more of our optional services/functionality connected with the products or services offered or available via platform, such as nominating beneficiaries or requesting particular investment options – we will request details to be able to provide these services, such as the beneficiary details, and specific authorisations around the investment option.
Utilise one or more of our services, such as Self Managed Superannuation Fund administration.
Utilise a service you’ve subscribed to, we may request details such as your SMSF, your property(s) or bank account details to provide a Whole of Wealth view, your Netwealth account details to provide you access to the service as well as a bank account to deduct subscription fees.
Request for us to facilitate any other arrangement involving a third party who provides services in accordance with your request including where you enquire about a Netwealth product via a third-party product provider website * – such as where we provide a link to a third party website and/or you request that third parties send us your personal information (for example, bank feeds and other data feed arrangements).
Request additional products or services provided by a third party – such as a request for insurance through your superannuation or a request to use BPAY.
Seek employment or contracting opportunities with us – we will require personal information from you to identify who you are, your employment history, and sensitive information where required and with your consent, to assess your application. Information about referees may also be requested and if so please ensure you obtain their prior consent before providing us with their personal information. If employed/engaged by us, from time to time we may require attestation of past information provided and/or additional personal information, including sensitive information with your consent, in accordance with policies or procedures or to meet other obligations and manage risks.
*Where Netwealth is an administrator for a third party issuer, or where you have asked a third party to send us your personal information, you should read the privacy section of the relevant issuer’s disclosure document and the privacy policies of any third parties involved in that arrangement to understand details about how your personal information will be managed and who you should contact in the first instance
2.2 How we collect personal information
Most of the personal information we collect will be directly from you (including via your financial, legal or other adviser or representative) when you submit an application or other form (including an enquiry form via a third party product provider website), login online and make changes or when you talk to us in person or over the phone.
Sometimes, we collect information about you from other parties without your direct involvement, such as:
Third party product and services providers, such as your insurer or annuity provider, or an online electronic services provider for the purposes of verifying your identify or other information, or where your adviser has received your prior consent to send your details to Netwealth.
When you request to use our Bank Feeds Service or Property Feeds Service, we will collect financial information via a third party about your banking or property details.
Where your adviser or representative has signed up to utilise a data integration service with a third party (where they supply data they hold about you to us).
AFS Licensees and their advisers and representatives
Family members (for example where they have named you as a beneficiary of their interest in a product or service) or your appointed agent or personal legal representative
Regulators and government agencies, such as the Australian Tax Office, and various publicly or commercially available sources including individual and business registers
2.3 What if you do not provide us with the information that we request?
You are not required to give us the information that we request. However, if you do not provide us with the information, or provide us inaccurate information, it may:
Prevent us from being able to offer you with products and services or, where we administer products or services for a third-party issuer, prevent that issuer from being able to offer you the products or services
Prevent us from providing you with information on your products and services if we are unable to verify your identity
Cause delays in processing your request(s)
Impact the tax treatment on your account
Affect your eligibility for certain insurance cover
3. Use of personal information
3.1 How we handle your information
We handle your personal information carefully. We collect and hold your personal information for the purposes of:
Verifying your identity (including via an online electronic service where you have consented to electronic use of your personal information for that purpose)
Assessing or processing your application for a product or service
Providing you information, services and product updates
Providing you with products and services
Enabling us to contact you and to manage our relationship with you
Providing information to us about our products, services and technology, the way they are utilised and managed
Improving our service to you
Facilitating the provision of products and services to you from third parties, where you have requested the use of those products and services or where you have agreed or not opted out to the sharing of your personal information with such a third party
Complying with laws, and assist government or law enforcement agencies
Managing risks, fraud and security (including using your mobile phone number and any other relevant identifier for two-factor authentication purposes)
Assessing and managing employee and contractor applications and records
Marketing our products and services to you*
* If you do not want to receive direct marketing messages, you must inform us. You can do this by contacting us on Freecall 1800 888 223 (within Australia) or by writing to us.
From time to time we may also combine information that we have about you with other data we hold or have collected from a third party. This information helps us understand trends in the industry as a whole or in particular segments, how you use our services and how we can improve our services.
We may also collect, use and exchange your information for other reasons where the law allows or requires us to do so.
Sensitive information – the collection of sensitive information is restricted by the Privacy Act. This includes such as information about your ethnicity, health, religion or criminal record. If we need this type of information, we will ask for your permission, except where otherwise permitted by law.
4. Sharing of personal information
4.1 Sharing your information with third parties
We share your information with other entities within the Group and we also share your information with third parties.
These third parties may include:
AFS Licensees, their advisers and representatives and other third parties who you may engage to act on your behalf, such as your parent (if you are under 18), guardian or Attorney;
Other financial services organisations, including banks, BPAY, insurance companies, responsible entities of managed investment schemes, superannuation funds, stock brokers, custodians, fund managers and annuity providers (for AFS Licensees and advisers, please note that your personal information may be provided to annuity or other product providers when you register with us, or at a later time, unless you opt out in writing or phone);
Complaint resolution schemes, for example the Australian Financial Complaints Authority;
Agents of our parent company, Netwealth Group Limited, who are authorised to collect shareholding information;
Entities requesting your personal information with a valid court order;
Domestic and foreign regulators, government bodies and law enforcement agencies;
Organisations that help identify illegal activities and prevent fraud;
Organisations that provide online electronic services to verify your personal information, where you have consented to such use;
Organisations that provide employee background screening services;
Our contractors and external service providers, for example, auditors, mail house, marketing providers, printers and technology service providers;
Other people (such as family members) that are linked on your account; and
Third parties engaged by your Nominated Financial Adviser (such as provision of your data to your Nominated Financial Adviser’s client relationship management system).
Where you have registered your interest in a Netwealth product via the website of a third-party product provider, we may share information with that provider including your name, your association with Netwealth, and the amount initially invested into the provider’s managed investment scheme/s.
If you die while you are a Netwealth client, we may share details about your Netwealth account and insurance with your nominated beneficiaries and legal personal representative (generally, your legal personal representative will be the executor of your estate) as appropriate. The information we share may include the names of your nominated beneficiaries, your account balance and any insurance amount payable.
4.2 Sending information overseas
The data centres of some organisations that we share information with may be located overseas, which means your personal information may be stored or accessed in overseas countries, including Canada, Malaysia, New Zealand, United Kingdom, Ireland, Germany, Japan and the United States of America. In addition, we may share some information of some financial advisers and clients with international fund managers to fulfil their obligations where we have an agreement in place and obligation to do so. For further information on applicable privacy and data obligations that may arise from time to time under international privacy, data sharing and other laws (such as the European Union General Data Protection Regulation (GDPR) and the United States Foreign Account Tax Compliance Act (FATCA) and how we satisfy any such applicable obligations, please contact us via one of the means in Section 8 below.
5. Accessing and updating your information
5.1 How you can access your personal information
You can request access to your personal information held by us. In most cases, we will grant you access after receiving sufficient information to verify your identity. Access requests may be made in writing, by email or by telephone using the contact details in the Contact us section below.
We do not charge a fee to you when you request a copy of the personal information held about you and generally will not charge you for the provision of your personal information. However, if the request is likely to take us a longer period of time to produce (i.e. more than 2 hours), we will let you know the charge, so you can choose if you want to go ahead. The fee will be an hourly rate to cover the expense of providing you with the data and you will need to make payment before we start.
Information will generally be provided within 30 days of successful verification of your identity and payment of any charge to provide the information (if applicable).
5.2 Can we refuse to provide you with information?
In some cases, we can refuse to provide you with access to information or provide you with access to only some information. This could occur where the information requested is commercially sensitive, would breach the privacy of another person or where we have another lawful reason to refuse. Where we cannot provide you with information, we will write to you to provide an explanation of our decision.
5.3 Updating your information
We will take reasonable steps to ensure that the personal information we hold is accurate, up to date, complete and relevant. If you believe your personal information requires updating, you can contact us over the phone or complete the update yourself through our online service or a relevant form.
6. Keeping your information secure
6.1 Protecting your information
We may hold your personal information in secure data centres or paper-based files and have implemented a range of physical and electronic security measures to protect your personal information from misuse, unauthorised access and improper disclosure. We also monitor and maintain our security system to ensure that our online services are secure and your personal information is protected appropriately.
To protect privacy, we encourage you to keep passwords and access codes confidential and secure at all times. This means that you should not disclose your password or access codes to others and should contact us immediately if you believe that your password or access codes may have been disclosed to another person or if you would like to change your password.
6.2 Destroying or de-identifying your information
We try to ensure that we only keep personal information only for the period we need it. When we no longer require your personal information we will take reasonable steps to destroy or de-identify the data securely.
We will do whatever possible to securely delete or dispose of any material that is provided to Netwealth and not required for the operation of your account, however there may be circumstances where full deletion/disposal may not be possible such as where data has been automatically saved as a result of the data back-up process.
6.3 Data breach response
In accordance with the Notifiable Data Breaches scheme, established by the Privacy Amendment (Notifiable Data Breaches) Act 2017 , organisations with existing personal information security obligations under the Privacy Act must notify any individuals likely to be at risk of serious harm by a data breach. The Office of the Australian Information Commissioner must also be notified.
If an unforeseen event were to occur and our data, including client personal information was interfered with our accessed by unauthorised persons, we have in place mechanisms to contain the breach and assess the impact. If your personal information were to be accessed or interfered with by unauthorised persons, we would comply with any applicable legal notifications to notify you.
7. Making a privacy complaint
7.1 How to make a complaint
If you are not happy with the way we handle your personal information, please contact us. We take complaints seriously and will try to resolve your concern according to our Complaints Handling and Compensation Policy.
We aim to respond to your complaint as soon as possible and will provide you with a final response to your complaint within 30 days of receiving the complaint. If we cannot respond in this time, we will provide you with reasons why and what we are doing to try to resolve your complaint.
7.2 Other options if you are not satisfied with our response
If you are not satisfied with the response we provided to your complaint, you can approach the following free and independent dispute resolution services.
For privacy-related complaints that also involve broader, non-privacy issues, the Australian Financial Complaints Authority (AFCA) can consider and deals with most complaints from consumers in the financial system, including complaints about superannuation.