Privacy policy

May 2024

1 Overview

Protecting your privacy is very important to us. To ensure our compliance with the Privacy Act and as part of our commitment to ensuring the safety of your private and confidential information, we have established and implemented this Policy. This Policy outlines the way we handle the personal information we collect about individuals, including our clients, potential clients, employment applicants and shareholders.

1.1 Introduction

As required by the Privacy Act, we handle your personal information in accordance with a set of national principles, known as the Australian Privacy Principles (APPs), which regulate the collection, use, correction, disclosure and transfer of personal information about individuals by organisations like us in the private sector.

1.2 Policy statement

This Policy explains our practices with respect to the collection, use and management of your personal information and our approach to complying with the APPs.

1.3 Scope and application

This Policy applies to Insignia Financial Ltd and its Australian subsidiaries and related bodies corporate, which include APRA Regulated Entities, Responsible Entities, Australian Financial Services Licensees and all Australian business divisions (collectively referred to as “the Insignia Financial Group” in this Policy). Where an entity specifically adopts this Policy (for example an ASIC or APRA-regulated entity), references to Insignia Financial are taken to be a reference to that entity.

This Policy applies to the Insignia Financial Group’s business activities carried on in Australia. In the event of any inconsistencies between the Policy requirements and the Insignia Financial Group’s statutory duties under Australian law, the latter shall prevail.

Definitions used in this Policy are set out in section 6.

2 General obligations

2.1 Collection

2.1.1 What information do we collect?

When we request your personal information, we will take reasonable steps to explain why we need it and how it will be used and disclosed. We will collect and hold your personal information for the purposes of:

providing financial advice, products and services to you
managing and administering your products and services
verifying your identity as required by law
letting you know about our other products and services
managing the relationship with current or prospective employees
communicating as necessary with our clients and shareholders.

The type of information collected from you includes information that is necessary to operate your account or for us to provide advice or other services to you. We may ask you to provide personal information such as your:

name
e-mail address
gender
residential and/or postal address
date of birth
telephone number
occupation
bank account details
financial details
employer
tax file number (TFN)
goals, preferences and interests.

We may also collect personal information from you regarding your family situation, your partner, dependants, beneficiaries, and children, if it is considered necessary to provide you services, such as financial planning advice which considers your family needs or estate planning requirements, or where making a death benefit nomination on your superannuation fund. If you provide us with personal information about another person, we expect and assume that you have that person’s permission to provide this information to us and that you have made them aware that their personal information will be handled in accordance with this Policy.

This information is primarily collected directly from you, from application forms or other forms you have completed, from your use of our online facilities, or through ongoing communications with you. In some cases, we may collect your personal information from persons you have authorised to communicate with us on your behalf, for example, your accountant, lawyer or financial adviser. We may also collect your personal information from other third parties where authorised or required by law, for example, your employer may provide us with your details when you sign up for their superannuation plan.

There are circumstances in which we will ask for your consent to collect certain information such as:

Health Information, for example, from you when you apply for insurance or from medical practitioners and other relevant professionals when you make a claim for insurance, or early access to superannuation on the grounds of permanent incapacity
income information, for example, when you apply for additional insurance protection or salary continuance insurance
details about your personal finances (including your receipt of social security benefits) to assess your eligibility for the early release of your super funds on grounds of severe financial hardship
details of your dependants, as defined in section 10 of the Superannuation Industry (Supervision) Act 1993 (Cth), to pay benefits in the event of your death.

We will inform you if we are legally required to request information about you, and the consequences of not providing that information. For example, in addition to the personal information we will obtain from you whenever you acquire a new product or service from us, we will require documents evidencing your identity. Such evidence may include a certified copy of your driver’s licence, passport or birth certificate. If you do not provide identity documentation, we may not be able to action your request.

To verify your identity for Know Your Customer (KYC) purposes, we may also solicit personal information about you from reliable identity verification service providers.

We will solicit personal information about you where you have knowingly provided that information to us, we believe you have authorised a third party to provide that information to us, or we are obligated or authorised by law to obtain such information. Third parties that we may need to collect information from include your financial adviser, product issuer, employer, accountant, solicitor or a Government body (e.g., the ATO). We may also collect information from other sources (such as public records) if we believe the personal information we hold is incomplete or outdated.

In order to identify opportunities to improve our products and services and to enhance your customer experience with us, we may collect data from trusted third parties. Prior to engaging with a third party, we conduct appropriate due diligence to satisfy ourselves that the third party has sufficient security measures to protect your personal information, and that relevant contractual arrangements are in place which, at a minimum, require the third party to handle personal information in strict accordance with our requirements under Australian privacy law.

2.1.2 What if you do not give us the information we request?

You are not obligated to give us the information that we request. However, if you do not give us the information that we ask for, or the information you give is incomplete or inaccurate, this may:

prevent or delay the processing of your application or claim
affect your eligibility for specified insurance cover
preclude us from providing you financial advice
prevent us from contacting you about your products or services
limit the methods through which you can manage your account
impact what transactions can be made on your account, how contributions are treated or what payments can be made to you
make it more difficult to manage your account
result in the transfer of your account to the ATO or ASIC as unclaimed monies if we become unable to contact you
impact the taxation treatment of your account.

For example, we are required to ask for your TFN when you become a member of one of our superannuation products. If you choose to not give us your TFN, you may be subject to higher withholding taxes on your superannuation, we may not be able to locate different accounts in your name, and we will not be able to accept personal contributions.

We will endeavour to advise you of the specific consequences of not providing complete and accurate information at the time of collection.

2.2 Use of information

2.2.1 How do we use the information that we collect?

We use your personal information for the purpose for which it has been obtained, and for related purposes. For example, we collect your personal information so that we are able to:

provide financial advice to you, as an advice client or as a member of a superannuation fund
establish and manage your investments and accounts
implement your investment instructions
establish and maintain insurance protection
process contributions, transfer monies or pay benefits
provide reporting on your account
verify your identity as required by law
prevent, detect and investigate a suspected fraud or crime
address any queries or concerns you may have
manage the relationship with current, former and prospective employees
improve the operation of our business and enhance the delivery of our products and services.

We may also use your personal information to keep you up to date on other products and services that we think may be of interest to you. You can opt out of receiving direct marketing information from us at any time by contacting the customer service team, whose contact details are set out in section 4.

We may use aggregated data to assist us to communicate more meaningfully with the public, including through our websites or social networking services (e.g., LinkedIn, Facebook or X). Aggregated data may be derived from your personal information, but it does not directly reveal your identity. When you choose to communicate with us using social networking services, those services may collect your personal information for their own purposes and handle it in accordance with their own privacy policies.

2.3 Disclosure

2.3.1 Who do we give your information to?

For the purpose of providing the services you have requested (or an authorised related purpose), we may provide your information to other companies within the Insignia Financial Group or external parties. Where personal information is disclosed, we take reasonable steps to ensure information is held, used and disclosed in accordance with the APPs.

The types of external organisations to which we may disclose your personal information include:

organisations involved in providing, managing or administering our products or services such as actuaries, custodians, external dispute resolution services, insurers, investment managers, product issuers, alliance partners or mail houses
your financial adviser or other parties appointed by you
regulators or Government agencies, such as the ATO
your employer (only if you have an employer sponsored superannuation arrangement)
funds (administrators or trustees) to which your benefit is to be transferred or rolled over
medical practitioners and other relevant professionals, where you have applied for insurance cover or made a claim
your personal representative, or other persons who may be entitled to receive your death benefit, or a person contacted to assist us to process that benefit
financial institutions that hold accounts for you
professional advisers appointed by us
third party services, to enable us to deliver better products and services to you
businesses that have referred you to us.

We require the service providers we engage with to agree that they will only use the personal information we disclose to them for the specific role we ask them to perform and in accordance with Australian privacy law. The contractual arrangements we put in place set out the terms we expect our service providers to comply with, including maintaining appropriate security measures and data handling practices to protect your personal information. During the course of any service provider arrangement, we will request information to satisfy ourselves that the service provider is complying with the terms of our agreement.

We may exchange your personal information with other organisations we have a partnership or strategic alliance with to deliver certain products (e.g., the ANZ Smart Choice Super and Pension product). Any such arrangement will be noted in the relevant product disclosure documentation.

Like other financial services companies, there are situations where we may also disclose your personal information where it is:

required by law (such as to the Australian Taxation Office or pursuant to a court order)
authorised by law (such as where we are obliged to disclose information in the public interest or to protect our interests)
necessary to discharge obligations (such as for enforcement activities of regulatory bodies or to foreign governments for the purposes of foreign taxation)
required to assist in law enforcement (such as to a police force).

We may also disclose your information if you give your consent.

2.3.2 Will my information be disclosed overseas?

Whether your information will be disclosed overseas depends on which of our products or services you use – for more information, please see APPENDIX A.

For many of our products and services, it is unlikely that we will disclose your personal information overseas. However, to manage some of our products and services, we may use third-party service providers or offshore outsourcing services to provide some services to you.

For example, for some of our products, we have engaged a trusted administration processing centre located in India that performs technology, operational and customer service functions. We remain contractually responsible for the activities of this overseas processing centre and we have taken reasonable steps to ensure your personal information is safe and handled in strict compliance with Australian privacy law. These measures include ensuring that the provider is certified under ISO 27001 (the international standard for security management). In addition, restrictions and workplace privileged rights are implemented to prevent storage of data offshore and other actions such as printing.

Any overseas disclosure does not affect our commitment to safeguarding your personal information and we will take reasonable steps to ensure any overseas recipient complies with the APPs.

Some financial advisers or business advisers in the Insignia Financial Group have their own arrangements with overseas service providers and those arrangements will be disclosed separately by the adviser to their clients.

2.4 Access and correction of information

2.4.1 Can I access my information and what if it is incorrect?

You may request access to the personal information we hold about you. We may charge a reasonable fee to cover our costs.

There may be circumstances where we are unable to give you access to the information that you have requested. If this is the case, we will inform you and explain the reasons why.

We will take reasonable steps to ensure that the personal information we collect, hold, use or disclose is accurate, complete, up to date, relevant and not misleading. To keep your information current, we may use trusted third party information or personal information that is held by another entity within the Insignia Financial Group. If your personal information has changed or if you otherwise become aware that the information we hold about you is incorrect, please contact us to update your details.

You have a right to ask us to correct any information we hold about you if you believe it is inaccurate, incomplete, out of date, irrelevant or is misleading. If we do not agree with the corrections you have supplied and refuse to correct the personal information, we will give you a written notice to that effect.

If you wish to access or correct your personal information, you may contact our customer service team or our Privacy Officer. Contact details are set out in section 4.

2.5 Protection of personal and sensitive information that we hold

2.5.1 How do we protect the security of your information?

We have security systems, practices and procedures in place designed to protect your personal information from misuse, interference, loss and from unauthorised access, modification or disclosure, We use a number of procedural, physical and technical safeguards, including access controls, two-factor authentication, encryption, firewalls, intrusion prevention systems and ongoing monitoring. We provide all employees with mandatory and regular training on data security and privacy.

We may use cloud storage or third-party servers to store the personal information we hold about you. These services are subject to initial and ongoing audits in line with industry best practices and legislative requirements.

If you use the secure adviser or client sections of our websites, we will verify your identity by your username and password. Once verified, you will have access to secured content. You are responsible for maintaining the secrecy of your login details.

2.5.2 Online tools

Our websites and mobile device applications provide you with some interactive tools designed to help you make informed choices with respect to certain financial and other decisions. These tools include calculators to help you better understand your financial situation, tools that collect information to assist you to engage with our financial advice process or fact sheets that provide you information about our products. We may collect personal information you enter when you use these online tools and any personal information collected will be handled in accordance with this Policy.

Where these tools collect your personal information, we will implement reasonable protections such as encrypting data and securing your information behind a login. It is important that you do not share your login details for any tools provided to you, and you should adhere to safe online practices such as having unique passwords and using secure internet connections when accessing these tools.

2.5.3 Risks of using the internet

You should note that there are inherent security risks in transmitting information through the internet. You should assess these potential risks when deciding whether to use our online services. If you do not wish to transmit information through our website, there are other ways in which you can provide this information to us. You can, for example, contact our customer service team, whose contact details are set out in section 4.

2.5.4 Cookies

A “cookie” is a small text file that may be placed on a computer by a web server. Our websites may use cookies, Google Analytics and/or other analytics tools which may enable us to identify you, your browser or other information about you while you are using our site. These cookies may be permanently stored on a computer or are temporary session cookies. They are used for a variety of purposes, including security and personalisation of services. They are frequently used on websites and you can choose if, and how, a cookie will be accepted by configuring your preferences and options in your browser.

All browsers allow you to be notified when you receive a cookie and you may elect to either accept it or not. If you wish not to accept a cookie, this may impact the effectiveness of the website. Your internet service provider or other IT service provider should be able to assist you with setting your preferences.

2.6 Retention of your personal information

We are required by law to retain certain records of information for varying lengths of time and, in certain circumstances, permanently. Where your personal information is not required to be retained under law and is no longer required for the purpose for which it was collected, we will take reasonable steps to irrevocably destroy or de-identify it.

Like other financial services organisations, we are required to retain certain records including:

your superannuation records for ten years after you cease to be a member of our fund
documents and records related to personal advice you have received for seven years
identification, verification and Know Your Customer (KYC) documents for seven years from the end of your relationship with us
certain tax records for a period of up to seven years
records related to complaints or disputes for seven years
records documenting marketing activities for seven years.

3 Overseas Residents

If you reside in a country other than Australia, there may be laws in your jurisdiction which provide additional rights or entitlements in relation to your personal information. For example, if you reside in a country that is a member of the European Economic Area (the EU and Norway, Lichtenstein and Iceland), in addition to the protection you receive under the Privacy Act, you are entitled to other protections provided by the European Union General Data Protection Regulation (GDPR), including, in certain circumstances, the right to:

have your personal information erased
access your personal information in an electronic and portable format
restrict or object to the processing of your personal information.

4 Roles and Responsibilities

The Insignia Financial Ltd Board is ultimately responsible for overseeing this Policy.

The Privacy Officer is responsible for updating this Policy and for managing the business impacts of privacy laws across the Insignia Financial Group.

4.1 Contacting the Privacy Officer or our customer service team

You can contact the Privacy Officer by:

mail:

Privacy Officer
Insignia Financial Group
GPO Box 264
Melbourne VIC 3001

or by email: Privacy.Officer@insigniafinancial.com.au

You can contact the customer service team by telephoning 1800 913 118

4.2 Complaints and breaches

If you believe that we have breached the APPs by mishandling your information, you may lodge a written complaint addressed to the Privacy Officer, whose contact details are set out in section 4.

The Privacy Officer will respond to your complaint within 30 days of its receipt.

In the event that the Privacy Officer is unable to resolve your complaint, you may lodge a Privacy Complaint with the Australian Information Commissioner. For more information, please visit the Australian Information Commissioner’s website.

If you reside outside Australia and have a complaint about your privacy, you may contact the Privacy Officer or you may contact the local privacy regulator in your area.

We are committed to helping you have control of your personal information and so it is our practice to take reasonable steps to notify you if we are aware that we have breached your privacy.

In accordance with the Notifiable Data Breaches Scheme, if your personal information is involved in a data breach that is likely to result in serious harm to you, we will notify you and the Office of the Australian Information Commissioner.

5 Policy governance

5.1 Review and approval

Unless required earlier (e.g., to address legislative or operational changes), this Policy is reviewed and updated annually by the Privacy Officer, and it will be submitted to the Insignia Financial Ltd Board for approval at least triennially.

Material amendments to this Policy must be approved by the Insignia Financial Ltd Board. Non-material amendments to this Policy may be approved by the Chief Executive Officer. Amendments to Appendix A to this Policy may be approved by the Policy Owner or the Chief Risk Officer.

The most current version of the Policy can be obtained from our website at www.insigniafinancial.com.au/privacy.

5.2 Policy owner

Questions about this policy should be directed to the Privacy Officer or to our customer service team. Refer to section 4 of this Policy for contact details.

6 Definitions

Australian law	an Act of the Commonwealth or of a State or Territory or regulations, or any other instrument, made under such an Act.
Australian Privacy Principles or APPs	the Australian Privacy Principles set out in Schedule 1 of the Privacy Act.
Breach	an act or practice which is contrary to or inconsistent with the Privacy Act, including any of the APPs.
Client	an individual to whom we provide advice, products or services and includes our customers, members and investors.
Collect	to collect personal information, usually for inclusion in a record.
Consent	express consent or implied consent.
GDPR	the General Data Protection Regulation (EU) 2016/679.
Health information	personal information about the health of an individual, an individual’s expressed wishes about the future provision of health services to the individual, or a health service to be provided to an individual.
Holds	possession or control of a record that contains personal information.
Individual	a natural person.
Know Your Customer or KYC	the process of verifying a customer’s identity (as required by the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth)) by using reliable and independent documents and information.
Notifiable Data Breaches Scheme	the scheme under Part IIIC of the Privacy Act which requires that, in the event personal information is involved in a data breach that is likely to result in serious harm, we must notify each affected individual and the Australian Information Commissioner.
Overseas recipient	a person who receives personal information who is not in Australia or an external Territory, not us or a subsidiary or associate of us, and not the individual to whom the personal information relates.
Personal information	information or an opinion about an identified individual, or an individual who is reasonably identifiable: (a) whether the information or opinion is true or not; and (b) whether the information or opinion is recorded in a material form or not.
Policy	this Privacy Policy.
Privacy Act	the Privacy Act 1988 (Cth).
Privacy Officer	the Insignia Financial Group privacy officer, responsible for managing the business impacts of privacy laws and policies across the Insignia Financial Group. Refer to section 4 of this Policy for contact details.
Reasonable Steps	the actions or efforts we undertake to comply with the Privacy Act and the APPs, which must be objectively reasonable in the circumstances.
Sensitive information	personal information about an individual’s: racial or ethnic origin political, philosophical or religious beliefs or opinions memberships or affiliations sexual orientation or practices criminal record health or genetic information biometric information.
Solicit	to request personal information, or anything that includes personal information, from someone other than the individual.
Tax file number or TFN	a tax file number as defined in Part VA of the Income Tax Assessment Act 1936 (Cth).
Use	to handle, manage, or undertake an activity with personal information in our effective control.

APPENDIX A – Overseas Disclosures

Product/Service (current as at 30 May 2024)	Overseas countries in which personal information is likely to be disclosed
Altrinsic Global Equities Trust	N/A
Antares managed funds	N/A
ANZ Smart Choice Super for employers and their employees	India
ANZ Smart Choice for QBE Management Services Pty Ltd and their employees	India
ANZ Smart Choice Super and Pension	India
Expand Extra Super and Pension	N/A
Expand Extra Investment	N/A
Expand Essential Super and Pension	N/A
Expand Essential Investment	N/A
Fairview Equity Partners Emerging Companies Fund	N/A
Foundation Diversified Funds	N/A
Grow Wrap Super and Pension Service	Philippines, China, India, New Zealand, the United Kingdom, the European Union, the United States, Malaysia, Japan, Hong Kong, Bulgaria, South Africa.
Grow Wrap Investment Service	Philippines, China, India, New Zealand, the United Kingdom, the European Union, the United States, Malaysia, Japan, Hong Kong, Bulgaria, South Africa.
Intermede Global Equities Fund	N/A
IOOF Cash Management Trust	N/A
IOOF Employer Super	N/A
IOOF Pension	N/A
IOOF Personal Super	N/A
Managed Portfolio Service	N/A
Mars Australia Retirement Plan	N/A
MLC Global Private Equity Fund	N/A
MLC Horizon funds	N/A
MLC Insurance (Super)	N/A
MLC MasterKey Business Super (including MLC MasterKey Personal Super)	N/A
MLC MasterKey Investment Service Fundamentals	N/A
MLC MasterKey Super & Pension Fundamentals	N/A
MLC MultiMix Trusts	N/A
MLC MultiSeries Trusts	N/A
MLC Reinsurance Investment Fund	N/A
OneAnswer Frontier Investment Portfolio	India
OneAnswer Frontier Super and Pension	India
OneCare Super	China, India, New Zealand, the United Kingdom, the European Union, the United States, Malaysia, Japan, Hong Kong, Bulgaria, South Africa.
Plum Super and Pension (all divisions and employer plans)	N/A
Rhythm Super and Pension	N/A
Rhythm Investment	N/A
Specialist Funds	N/A
Shadforth Portfolio Service Super and Pension	N/A
Shadforth Portfolio Service Investment	N/A
Strategic Funds	N/A
Voyage Superannuation Master Trust	China, India, New Zealand, the United Kingdom, the European Union, the United States, Malaysia, Japan, Hong Kong, Bulgaria, South Africa.
Voyage Investment Service	China, India, New Zealand, the United Kingdom, the European Union, the United States, Malaysia, Japan, Hong Kong, Bulgaria, South Africa.

Employee Screening services	India, Philippines, Malaysia

Impersonation warning