October 2017. Brookvine Pty Ltd ACN 098 072 390, Australian Financial Services Licence No. 246450
Brookvine Pty Ltd and its subsidiary Brookvine Investment Advisers Pty Ltd (Brookvine) takes very seriously our obligations under the Commonwealth Privacy Act (Privacy Act) to protect your personal information. Under the Privacy Act we are bound by the Australian Privacy Principles.
The Privacy Act sets out the information that it protects. Personal information generally means information or an opinion about a person, where the person is identified or is reasonably identifiable. A person can include a customer, client, staff member or any other person with whom Brookvine has dealings.
Generally, we do not collect sensitive information about you unless required by law or where you consent for us to do so (only where it is relevant to your product or service). Sensitive information includes information relating to: race, political or religious beliefs, sexual preferences, criminal convictions, membership of professional or trade associations or unions and biometric and health information. Sensitive information will seldom be relevant for collection by Brookvine.
Personal information collected and held
Brookvine collects and holds only personal information that is relevant to, and reasonably necessary for the products and services Brookvine provides to our clients:
- Application, administration and servicing of investments
- Maintaining your contact details
- Marketing of relevant products and services we believe will be of interest to you, unless you advise us you do not wish to receive such communications
- To fulfil our legal obligations under taxation, anti-money laundering and counter-terrorism financing laws
In addition, if required, we only collect sensitive information if you consent, or in specific circumstances set down in the Australian Privacy Principles.
Brookvine generally collects personal information such as name, phone numbers, address, email address, banking details, date of birth, country of residence, investment details, payroll details, taxation details (including Tax File Number) and other accounting, audit and financial services related information. If you provide us with personal information that we have not requested (unsolicited personal information) we will, unless otherwise required or permitted by law, delete or destroy it as soon as possible after receiving it.
Consequences of not providing your personal information
You are not obliged to give us your personal information. However if you decide not to give us the personal information we request, we may not be able to provide our services to you.
How your personal information is collected
Brookvine collects personal information only by lawful and fair means. We will usually only collect your personal information directly from you. For example, by interviews with you, applications for investments or by email. We may collect your personal information from another person if you consent, if we are required or allowed by law to do so, or if it would be unreasonable or impracticable for us to have to collect it from you.
When we collect personal information about you, we will tell you why it is being collected, the organisations or the types of organisations to whom we usually disclose that kind of information, any law that requires the information to be collected, and the main consequences for you if the information (or part of the information) is not provided.
How your personal information is used
Personal information is collected and held so that Brookvine can provide you with services you request. This is known as the “primary purpose” for collecting and holding personal information.
We may also use or disclose personal information for a secondary purpose where you give us your consent to do so, or where:
- the secondary purpose is related to the primary purpose (where the information is sensitive information, it must be directly related to the primary purpose); and
- you would reasonably expect us to use or disclose the information for the secondary purpose.
We may also use or disclose information where such use or disclosure is permitted by the Australian Privacy Principles. Such disclosures might generally include:
- the Australian Taxation Office for the purpose of legislative compliance and reporting;
- the Australian Securities and Investments Commission (ASIC), the Australian Stock Exchange (ASX) for the purpose of legislative compliance and reporting;
- third party service providers for the purpose of enabling them to provide a service such as unit registry, payroll, superannuation administration, audit and tax and secure storage and archiving services or manage a product such as trustees and responsible entities and fund managers;
- entities on behalf of which we provide our services to you (including your fund manager, responsible entity, trustee, company for which you work or in which you have shares);
- government bodies, regulators, law enforcement agencies and any other parties where authorised or required by law;
- other entities if you have given your express consent; and
- any other entities identified at the time of collecting your personal information or to which we are legally required to disclose your personal information.
Data quality and protection
Brookvine will take all reasonable steps to ensure that all personal information we hold is as accurate, complete and up-to-date as possible.
We keep personal information in physical and electronic records, at our Australian office and at the location of our service providers, which may include storage on the cloud. In all cases, we will also take all reasonable steps to protect your personal information from misuse, interference and loss, and from unauthorised access, modification and disclosure.
However data protection measures are never completely secure. Thus despite the measures we have put in place, we cannot guarantee the security of your personal information. You must take care to protect your personal information (for example, by protecting any usernames and passwords). You should notify us as soon as possible if you become aware of any security breaches.
Once your personal information is no longer required by us, we will take reasonable steps to destroy or permanently de-identify that personal information, except in circumstances where we are required by law to retain it.
Access and correction
If you think the personal information Brookvine holds about you is not accurate, complete or up-to-date, please contact us. We will keep a record of your request and the manner in which it was dealt with. It is our aim to respond to requests for access or correction within 2 business days of receipt of request.
We will take reasonable steps to correct information where you provide sufficient evidence or we are otherwise satisfied, having regard for the purpose for which the information is held, that the existing information is inaccurate, out-of-date, incomplete, irrelevant or misleading. We will notify the correction to other parties to whom we have previously disclosed the information. If such a party refuses to make a correction we will notify you of that refusal and how you can make a complaint.
If we cannot meet your request for access or correction, we will notify you by email. Where reasonable we will give you our reason and take steps to provide you with access. We will also tell you about how you can complain about our decision.
If you are not satisfied with our determination, you can contact us to discuss your concerns or complain to the Australian Privacy Commissioner via www.oaic.gov.au
You can contact us anonymously or by using a pseudonym. However being unable to identify you will limit the services that Brookvine can provide you. There may be specific cases where we are prevented by law from dealing with you unless we identify you.
Should a data breach occur, Brookvine will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) of the data breaches that are likely to result in serious harm within 30 days of the breach event.
The factors which might contribute to a reasonable person thinking “serious harm” might have occurred include:
- The sensitivity of the information;
- Whether the information was encrypted;
- Whether the information was in a secure file;
- How likely it is that the security could be breached; or
- The identity of the person who obtained the information, whether they intend to cause harm to the affected person and the nature of the harm.
Dealing with Brookvine online
We only identify you if you log into the Data Room, or click on a link in a personalised communication from Brookvine.
Complaints and further information
If you would like further information about how we handle your personal information, please send us an email to firstname.lastname@example.org.
If you wish to make a complaint in relation to privacy, including a breach of the Australian Privacy Principles, please put your concerns in writing to:-
The Chief Operating Officer
Brookvine Pty Ltd
Suite 2 60 Moncur Street
Woollahra NSW 2025 Australia
Brookvine will investigate your complaint and respond to your concerns as quickly as possible and within 45 days.