Effective Date: 21 September, 2019
OUR COMMITMENT TO YOU
Okto Wealth Administration Services Pty Ltd (ACN 635 285 264) (‘Okto Wealth’, ‘we’, ‘us’ or ‘our’)
Should you have any questions about this Policy or our privacy practices, please contact us via -
OktoWealth Administration Services Pty Ltd
East 8 Federal Mills
13-35 Mackey Street
This Policy outlines how we manage your personal information and the steps we take to ensure that we comply with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs). This Policy describes the information we obtain about you directly or indirectly via your use of the Platform and related services (Platform), as well as how we may handle that information, and how we protect that information in accordance with applicable data privacy laws. This Policy applies to all your dealings with OktoWealth Administration Services Pty Ltd.
WHAT IS YOUR PERSONAL INFORMATION?
When used in this Policy, personal information has the same meaning given to it in the Privacy Act. In general terms, it is information that can be used to personally identify you such as your name, address, telephone number, email address, profession or occupation. If the information we collect personally identifies you, or you are reasonably identifiable from it, the information will be considered personal information.
WHAT PERSONAL INFORMATION DO WE COLLECT?
We will need to collect certain personal information from you in order to establish and maintain Adviser and Client information. The personal information we collect from you may include:
- identification information such as your name, date of birth, phone number, residential, postal and email addresses, gender, occupation and tax file number;
- information about your financial circumstances and objectives, including your assets, liabilities, income, expenditure, taxation information, insurance, superannuation and investment preferences, spending activity and financial history;
- financial account information, including your bank account details and credit or debit card numbers that link to the Platform;
- information about transactions that you make from bank accounts, trading accounts or any other accounts linked to the Platform;
- statistical information regarding your use of the Platform including your IP address and the date, time and duration of your use of the Platform; and
- any other information that you choose to provide to us through your use of the Platform or our services.
HOW DO WE COLLECT YOUR PERSONAL INFORMATION?
Where possible we will collect personal information directly from you, however, in certain circumstances it may be necessary to collect information about you from third parties. If we receive information about you from someone else we will take reasonable steps to make you aware of the facts and circumstances of that collection.
We may collect your personal information in a number of ways including:
- when you voluntarily provide it to us, such as when you register to use the Platform, or when you retrieve your login information or request a new password;
- when you contact us directly by email, SMS, webchat, phone, fax, post or via the Platform or where you request that we contact you in one of these ways;
- when you enter, import or upload data into the Platform via your user account;
- when you use the Platform;
- when you sign up for or request that we send you newsletters, alerts or other materials or when you participate in promotions or competitions run by or with the support of OktoWealth;
- from banks and other financial institutions with whom you have accounts. In these circumstances we may use trusted third parties such as Basiq Pty Ltd (https://basiq.io/) to collect this information on our behalf; and
- from our trusted commercial partners and other third parties that we have relationships with.
You may also choose to provide us with access to certain personal information stored by third parties such as social media sites. The information we receive from these sites varies according to the site it is collected from and is controlled by the relevant site. By associating an account managed by a third party with your user account and authorising us to have access to this information, you agree that we may collect, store, use and disclose this information in accordance with this Policy. This consent will be obtained at the time the individual associates a third party account with their OktoWealth user account (for example as part of any account registration process).
You may choose to deal with us on an anonymous basis or using a pseudonym. However, you acknowledge that if you do not provide us with the information we request, or if the information you provide to us is not accurate, our ability to provide the Platform and related services or to otherwise fulfil the purpose for which you have provided your information may be severely limited.
WHAT HAPPENS IF WE RECEIVE UNSOLICITED PERSONAL INFORMATION?
If we receive personal information that we did not take any active steps to collect, we will determine whether we would have been permitted to collect that information as part of providing our services in accordance with the law. We will destroy or de-identify unsolicited personal information that we would not collect as part of providing our services if it is lawful to do so. If the information is of the type that we would ordinarily collect to provide our services, we will manage that information in accordance with this Policy.
WHY DO WE COLLECT YOUR PERSONAL INFORMATION?
We will generally explain at the time we collect your personal information the purposes for which we will use it. We will only use your personal information, for the purpose it was collected, for any related purpose which you would reasonably expect us to use the information for or, with your consent or as required or authorised by law.
We may use your Personal Information:
- to provide you with access to the Platform and other products and services you request;
- to assist with your questions about our services, billing (where relevant), payment methods (where relevant), or use of the Platform;
- to process or collect payments made in connection with the Platform;
- to carry out our obligations to you under our Terms of Service;
- to maintain and develop our relationship with you;
- to evaluate our services and products and to conduct surveys;
- to improve our services via internal research and development;
- to maintain and update our records including our database of contacts;
- for our business purposes, including data analysis, detecting, preventing, and responding to actual or potential fraud, illegal activities, or intellectual property infringement;
- to comply with our legal obligations, respond to legal process or requests for information issued by government authorities or other third parties, or to protect your, our, or other parties’ rights.
We may use your personal information to send you marketing material via email including information about updates to the Platform or other services we offer but will only do so with your permission or where you would reasonably expect us to do so.
If you don’t want to receive emails from us, you can follow the ‘unsubscribe’ instructions that appear at the bottom of all emails we send. Otherwise, you can always contact us at email@example.com to update your contact preferences.
WHEN WILL WE DISCLOSE YOUR INFORMATION TO THIRD PARTIES?
The information we collect from you will be kept strictly confidential and secure at all times. When we do disclose your personal information to third parties it will be, for the purpose it was collected or any related purpose which you would reasonably expect us to disclose the information for or, with your consent or as required or authorised by law.
The purposes that we may disclose your personal information for are:
- to perform our contractual obligations to you, including under our Terms of Service;
- as we are legally required to do so, for example, in response to a subpoena, court order or other legal process;
- if we need to enforce or apply our Terms of Service to which you have agreed (or other terms that have been agreed to apply to our relationship with you);
- if it is necessary to protect the rights and interests, property, or safety of OktoWealth, our clients or others;
- if our agents or contractors who assist us in providing our services require such information, for example in fulfilling requests for information, receiving and sending communications, updating marketing lists, analysing data, providing support services or in other tasks from time to time. Our agents and contractors will only use your information to the extent necessary to perform their functions on our behalf to provide you with our services;
- if all, or most, of the assets of OktoWealth or any single business unit within OktoWealth are merged with or acquired by a third party, or we expand or re-organise our business, in which case your personal information may form part of the transferred or merged assets; or
- for any other purpose authorised by law.
However, we may in certain circumstances use, sell, licence, reproduce, distribute and disclose aggregated, non-personally identifiable information derived through your use of the Platform to third parties for research, marketing and other purposes.
DO WE DISCLOSE YOUR PERSONAL INFORMATION OUTSIDE AUSTRALIA?
Where you are submitting personal information from within Australia, such information may be transferred outside Australia. This ‘outside Australia’ reference pertains to OktoWealth’s associated business located in the United Kingdom. If we transfer your information to third parties outside Australia, we will take steps to ensure that your privacy rights continue to be protected and ensure that these third parties are either covered by data privacy laws substantially similar to those in Australia or the relevant third party adheres to data privacy standards substantially similar to the APPs.
HOW IS YOUR PERSONAL INFORMATION PROTECTED AND HOW LONG IS IT KEPT?
We employ a variety of security technologies and measures designed to protect your information from unauthorised access, use, or disclosure. For example, we use data encryption, firewalls and other security devices for our computer systems and cloud-based services. All of your personal information is stored on secured servers in controlled facilities.
In addition, we have procedures that limit the access our employees and contractors have to your personal information. Only those people with a genuine need to know will have access to such information. We educate our employees about the importance of confidentiality and privacy through standard operating procedures and internal policies on data privacy and corporate integrity.
Your information is kept while we need it to provide the services that you have requested from us and where applicable, for as long as we are required to keep it to comply with relevant statutory requirements. Where we determine that it is no longer necessary to hold your personal information we will securely destroy, delete or permanently de-identify that information to the extent it is reasonably practicable to do so.
If we become aware of unauthorised access to or disclosure of your personal information we will take appropriate steps to rectify the data breach and notify you if required by law as soon as practicable and provide you with a description of the breach, the type of information involved and any recommended actions you can take to protect yourself.
HOW CAN YOU ACCESS YOUR PERSONAL INFORMATION?
If at any time you want to know exactly what personal information we hold about you, you can request access to your record by contacting us at firstname.lastname@example.org. We will need to confirm your identity before allowing you to access your personal information.
In some circumstances, we may refuse to allow you to access your personal information, for example, where:
- access would pose a serious threat to life or health of an individual;
- access would have an unreasonable impact on the privacy of others;
- the request is frivolous or vexatious;
- the information relates to a commercially sensitive decision-making process;
- access would be unlawful;
- access would prejudice enforcement activities relating to criminal activities and other breaches of law;
- access relates to existing or anticipated legal proceedings; or
- denying access is required or authorised by or under law.
In the event that we refuse to provide you with access to your personal information, we will provide you with an explanation for that refusal.
Depending on the complexity of the information and/or the request, we will respond to any request for access within 30 days. You will not be charged a fee for making a request to access your personal information. However, depending on the type of request, a fee may apply and be charged for providing the information to you. The fee covers the cost to us in collating, copying and providing certain information to you.
We will endeavour to provide the requested information as promptly and inexpensively as possible. Following receipt of your request, we will let you know if a fee applies and if so, the amount. Any applicable fee will most likely be required to be paid prior to us providing documents or information to you. Information about how any applicable fee is calculated will be provided following receipt of your request.
WHAT IF YOUR INFORMATION IS INCORRECT?
We take reasonable steps to ensure that the information we collect, use, store or disclose is accurate, complete and up to date. You can correct your personal information by logging into your user account and updating your own information. If you are unable to login into your user account, or cannot correct your information once logged in, then please contact us at email@example.com and we will amend the record for you.
If we become aware that the personal information we hold about you is out of date or inaccurate, we may correct the information ourselves or ask you to review and correct your information. It is important that you help us by keeping your contact details up to date.
We may change this Policy from time to time. We will let you know that the Policy has changed by emailing you at the email address provided by you to us (if any) and also via a notification in the Platform. Your continued use of the Platform following notification of a change to this Policy indicates that you accept those changes. Through this document, we will always let you know the information we collect, how we use it, how we store it and the circumstances under which such information may be disclosed by us.
REQUESTING FURTHER INFORMATION AND MAKING A COMPLAINT
If you think we have breached any of our privacy obligations, or you wish to make a complaint about the way your personal information has been handled, you can contact us by email at firstname.lastname@example.org. So that we can respond to you, please clearly describe your complaint and the outcome you are seeking. Please include your name, email address and/or telephone number for our reply. Our management team will consider your complaint, and an acknowledgement and response to your complaint will be provided to you within a reasonable period of time.
If you think that we have failed to resolve the complaint satisfactorily, you may refer the matter to the Office of the Australian Information Commissioner:
Mail: GPO Box 5218, Sydney, NSW 2001
Phone: 1300 363 992
For more information on your privacy you can visit www.oaic.gov.au