At Finhawk Pty Ltd (“we” or “us”) your privacy is important to us. Since inception, the privacy laws in Australia have governed the way we are able to collect, maintain, use and disclose your personal information. We comply with these laws.

This policy explains how we manage your personal information including:

1. The types of information we hold about you and how we use that information
2. Your privacy rights, together with your general rights and our obligations
3. Our internal policies in relation to how we collect, maintain, use and disclose any of your personal information.

We encourage you to check our web site regularly for any updates to this Privacy Policy.

This Privacy Policy was last updated on 1 April 2022.

Other Privacy Documents

When you see one of our advisers and you apply for a product or service as a result of a recommendation made by them, the application forms will include notices about your privacy and will ask for your consent. These privacy notices will specify in greater detail how any information relating to you may be used or disclosed by that product or service provider.

When you apply for, or use, one of these products or services you are consenting to us collecting, maintaining, using and disclosing personal information about you (provided by you or another person) in accordance with the privacy statements found in those application forms, any agreements you sign and this privacy brochure.

What Type of Information Do We Collect and Hold?

The type of information we ask from you will depend upon the type of product or service requested by you. We may collect and keep a record of your personal information including:

• Name
• Contact details
• Address
• Date of birth
• Employment history
• Income
• Occupation
• Credit card details
• Bank account and credit card details including contributions to be made and dates for periodic payments to be scheduled.

Sensitive information

If you are making a personal insurance application, we may also collect sensitive information about you including:

• information relating to your health, . This information will be required for the insurance company to assess your risk application.
• voice biometric information to verify your identity or authorise transactions.

All information that is captured as part of this process is information that is required for us to demonstrate your identity, evaluate your position and determine suitability of a particular product or service or to include on the application forms for recommended products or services. Should you choose not to provide some, or all of this information, we may not be able to provide you a service and the product and service providers we have recommended may not be able accept your application.

The collection of sensitive information is restricted by the Privacy Act 1988. This includes information about your religion, racial or ethnic origin, political opinions, criminal record, and sexual orientation. It also includes health information and biometric information.

Generally, we only collect this sort of information if it is necessary to provide you with a specific product or service and you have consented to that collection.

We may hold personal information as either secure physical records, electronically on our intranet system, in cloud storage or on the servers of reputable third parties. Access to personal information is only available for authorised staff. 

In particular, our products and services currently utilise data storage provided by Salesforce and Creativemass.  Details of Salesforce’s security measures and systems are set out on Salesforce’s website available at https://www.salesforce.com/au/company/privacy/

Details and terms of Creativemass’ privacy policy are available at www.creativemass.com

How Do We Collect Your Information?

We generally collect personal information directly from you. For example, personal information will be collected through our application process, forms and other interactions with you in the course of providing you with our services, including when you visit our website, call us or send us correspondence.

In certain circumstances it may be necessary to collect information from your accountant, lawyer or bank where it is required to provide a product or service to you. This information will only be collected when you have provided us with your consent to do so.

We will not collect sensitive information about you without your consent unless an exemption in the Australian Privacy Principles (APPs) applies. These exceptions include if the collection is required or authorised by law or necessary to take appropriate action in relation to suspected unlawful activity or serious misconduct.

If the personal information we request is not provided by you, we may not be able to provide you with the benefit of our services or meet your needs appropriately.

How Do We Collect Information from Our Website?

We may collect and hold information about you from our web site when you:

• Access our services from our web site
• Complete on-line information about yourself
• Provide us with your email address.

We may also collect and retain information about on-line visitors to our web site, the services they have been interested in and the types of follow up information they have requested. This information will generally be of a statistical nature and may be used for any of our ongoing web site enhancement activities. You should be aware that cookies may be used to access relevant information on any visitor activity on our web site, but any information sourced in this manner does not identify individuals.

Apart from this statistical information, we do not collect any other information about you from our web site unless you provide this information to us.

How May We Use Your Information?

Generally, we will use your personal information to:

• Help us to formulate our personal advice recommendations so that they are provided in your best interests
• Help us to process the establishment of any products or services we have recommended
• Professionally manage and administer your financial affairs, including meeting any reporting obligations we may have under Australian laws.
• Ensure that our systems and processes are meeting our expectations of professionalism and efficiency
• Ensure our technology is working correctly in supporting our business and delivering on our service promises to you.

If you acquire products or services from financial product providers as a result of our recommendations, these product and service providers may use your personal information to analyse their own offerings and to assess the relevance of their offerings in the marketplace.

Sensitive information will be used only for the purpose for which it was provided (or a directly related secondary purpose), unless you agree otherwise or an exemption in the Privacy Act applies. A directly related secondary purpose is one which is closely associated with the primary purpose, even if it is not strictly necessary to achieve that primary purpose.

Who might we disclose Personal Information To?

We may disclose personal information to:

• a related entity
• an agent, contractor or service provider we engage to carry out our functions and activities, such as our lawyers, accountants, debt collectors or other advisers
• organisations involved in a transfer or sale of all or part of our assets or business
• organisations involved in managing payments, including payment merchants and other financial institutions
• regulatory bodies, government agencies, law enforcement bodies and courts
• financial product issuers
• anyone else to whom you authorise us to disclose it or is required by law.

If we disclose your personal information to service providers that perform business activities for us, they may only use your personal information for the specific purpose for which we supply it. We will ensure that all contractual arrangements with third parties adequately address privacy issues and will make third parties aware of this Policy.

Sensitive information will be disclosed only for the purpose for which it was provided (or a directly related secondary purpose), unless you agree otherwise or an exemption in the Privacy Act applies.

Sending Information Overseas

When collecting your personal information, we will generally notify you of any overseas recipients that we are likely to disclose your personal information too.

In some circumstances, we may need to disclose your personal information to:

• Virtual Business Partners
• Creative Mass
• Salesforce
• 5 ELK

Overseas recipients of your information will only be located in the following countries:

• Philippines
• South Africa
• Japan
• Malaysia

We will not send personal information to recipients outside of Australia unless:

• we have taken all reasonable steps to ensure that the recipient does not breach the Privacy Act or the APP in relation to that information;
• the recipient is subject to an information privacy scheme similar to the Privacy Act; or
• the individual has consented to the disclosure.

If we cannot ensure this, we will not disclose your personal information to an overseas recipient without your consent.

If you consent to your personal information being disclosed to an overseas recipient, we will not be responsible for ensuring that the recipient complies with the APPs.

What Rights Do We Have to Disclose Personal Information?

Generally, we must obtain consent from you before we can disclose any information about you to a third party.

You can provide your consent to us in writing or by telephone, or it may be implied by your conduct. In certain circumstances, the law requires us to disclose certain information about you e.g. the Family Law Act 1995. In these circumstances, we will provide this information when required to do so to comply with Australian law.

Depending on the product or services we provide to you, it may be necessary to disclose your personal information to:

• An external disputes resolution service e.g. the Australian Financial Complaints Authority (AFCA) when an investigation is being held
• Anyone who holds amounts of money on your behalf which is to be transferred to or from us
• Parties who may be interested in acquiring part, or all of, our business
• Where we are required to do so under Australian law
• External service providers e.g. financial institutions you nominate etc
• Organisations undertaking verification services
• Third party service providers retained by us to assist us in our business e.g. external auditors, mail houses and compliance personnel.

Use of Information by an Insurance Company

If we recommend that you purchase an insurance policy the insurance company may use the personal information supplied by you in accordance with their own privacy policy as disclosed in their Product Disclosure Statement.

You may be able to review the relevant insurance company’s privacy policy through the internet home page for that company.

How we Protect the Security of Your Information

We take all reasonable steps to protect your personal information from loss, misuse and unauthorised access.

Your personal information is stored in secure office premises in locked cabinets or in electronic databases requiring password access. In addition, we require that all internal staff maintain the highest levels of client confidentiality at all times.

If we no longer require your personal information, we will either destroy or de-identify that personal information when the law permits.

Changes to Our Privacy Policy

We retain the right to alter our Privacy Policy from time to time including as required by law or as our processes or technology changes. Not all of these alterations require your consent, e.g. changing from paper-based office processes to electronic based office processes, but we will notify you of any Privacy Policy changes that require your consent, before doing so. You can check our website for any updates to this Privacy Policy.

What are Your Rights?

In certain circumstances, you are formally required under Australian law to disclose personal information about yourself e.g. when applying for an insurance contract. Other than these circumstances, you may choose not to disclose your personal information.

However, if you do choose to withhold personal information from us, we may not provide our services to you or we may not be able to fully process application forms nor may we be able to provide you with the most appropriate recommendations.

Where we do collect personal information from you about another individual, e.g. your beneficiary under an insurance contract, we ask that you make this individual aware of this fact and of this Privacy Policy.

Marketing Opt Out

If you do not want to receive ongoing information from us or from some of our service providers, you need to tell us. By agreeing to receive products or services from us, we  assume that you have provided us with your marketing consent unless you tell us otherwise.

You can opt out of receiving our marketing information at any time. To do so, you can reply to any email with ‘unsubscribe’ in the subject line or click the ‘usubscribe’ option at the bottom of the email if applicable.

Access to Your Information

You may request access to the personal information we hold about you at any time via our contact details below. We will endeavour to process your request in a timely manner, usually within 20 business days depending upon the nature of your request. In certain circumstances, some of your personal information may need to be recalled from an archive or from other secure off-site locations, which may cause delay.

We will not charge you for requesting access to your personal information, but we do reserve the right to recover any administrative costs we incur to process your request e.g. photocopying, administrative time etc.

Under certain circumstances, we do not have to provide you with access to your personal information e.g. matters under legal consideration. In these circumstances, we will:

• provide you with reasons why we cannot provide you with this access so that you are clear about our position and any mechanism available to complain about the refusal; and
• take reasonable steps to give access to the information in way that meets your and our needs.

Accurate Information

We take reasonable steps to ensure that your personal information we collect, use or disclose is accurate, up-to-date, complete, relevant and not misleading., However we are dependent upon you notifying us about relevant changes to your personal information.

At any time you can contact us using the details below to request that we update, or correct, the personal information we hold about you. When you do this, we will endeavour to deal with your request in a reasonable time frame. If you believe we have inaccurately recorded information about you, you can request that we make notations in our records relating to this inaccuracy.

We will make the changes to your personal information unless there is sound reason to not make the changes. We will inform you when the changes have been made and ask whether you wish us to inform any third party of the correction. In circumstances where we have refused to correct personal information, we will give you written notice setting out:

• the reasons for refusal;
• any mechanism available to complain about the refusal;
• your right to request a statement to be associated with the personal information; and
• any other matters prescribed by law.

When we correct personal information about you that has previously been disclosed to a third party, upon your request, we will take all reasonable steps to notify that third party of the correction where it is not impracticable or unlawful to do so.

Complaints Resolution

You are entitled to lodge a complaint with us using the details above if you take issue with how we deal with your personal information or if you believe that we have breached the APPs.

We will acknowledge your complaint as soon as we can after receipt of your compliant. We will let you know if we need further information from you to resolve your complaint.

We aim to resolve complaints as quickly as possible. We strive to resolve complaints within five business days however some complaints may take longer to resolve depending on their complexity. If your complaint is taking longer, we will let you know what is happening and a date when you can reasonably expect a response.

Should your issues or concerns remain unresolved or are not resolved to your satisfaction, there are external bodies you can go to.

The Australian Financial Complaints Authority (AFCA) can consider most privacy complaints involving providers of financial services.

AFCA can be contacted at:
The Australian Financial Complaints Authority
GPO Box 3
Melbourne Vic 3001
Phone: 1800 931 678
Email: [email protected]
www.afca.org.au

If you are still unsatisfied with the outcome, a complaint may be lodged with Office of the Australian Information Commissioner about the way we handle your personal information.

The Commissioner can be contacted at:
GPO Box 5218
Sydney NSW 2001
Phone: 1300 363 992
Email: [email protected]
www.oaic.gov.au

---