Privacy Policy
Introduction
CXi Software Pty Ltd (ABN 54 166 188 156) - referred to in this Policy as “us”, “our”, or “we” - is committed to protecting the privacy of all personal (and sensitive) information we collect.
As part of this commitment and as a mechanism to ensure compliance with the Privacy Act 1988 (Cth) (Privacy Act), we have developed and implemented a Privacy Policy (the Policy).
This Policy sets out our practices with respect to the collection and management of personal and sensitive information, and has been developed with regard to the Australian Privacy Principles (established under the Privacy Act) which provides the standards, rights and obligations for the handling, holding, accessing and correction of personal (including sensitive) information.
We may collect personal information on behalf of a third party (Client) who provides you with a financial product or service at your request. If so, you should read this Policy in conjunction with the Privacy Policy of that Client, who may also have an obligation to you in respect of the privacy of your personal information.
What is personal information?
Personal information is defined in law as information or an opinion about an identified individual or an individual who is reasonably identifiable; whether the information or opinion is true or not and whether the information or opinion is recorded in material form or not. Examples include an individual's name, address, tax file number (or other tax registration number), banking details, contact number and email address.
Special provisions apply to the collection of personal information which is sensitive information. Sensitive information includes, for example, information about a person's health, membership of a professional or trade association, further discussed below.
What personal information do we collect?
We will collect information from you to provide you - or to enable our Client to provide you - with services and products. This may be via our hosting financial administration software (Platform). This includes, collecting information when you:
-
Use our website – we will collect information about your preferences, your location, third party websites you visit and your IP address. This includes the use of cookies. For more information on how we manage cookies, please see our information on cookies (located at the bottom of each web page)
-
Use our Platform – we will collect information about your preferences, device(s) used to access the app and usage of app features.
-
Contact us – we, or our Client, may require information to verify who you are, such as your name, address, date of birth, email and other personal information (unless you contact us via phone to make a general inquiry or comment only, in which case you may choose to be anonymous or use a pseudonym although we may require further information to respond to your inquiry or comment).
-
Wish to provide your representatives or clients products and services offered by or available via us (where you are an Australian Financial Services Licensee, adviser or representative) – we will require information to verify who you are, your bank details and other credentials as required by us to assess, record and review matters relevant to our obligations and risks.
-
Open one or more accounts for our Client's products or services, or one or more products or services that we or they administer for a third party issuer – we will require your personal information, along with other information to enable us or the third party issuer, whichever relevant, to offer that product, such as name, date of birth, contact details, identification documents, tax information, residency status, bank account details, occupation status, and any other personal information for us to comply with our obligations and manage risks . If you have a financial, legal or other adviser or representative, broker or agent, we will require their personal information to facilitate communications and relevant authorities.
-
Utilise one or more of our or our Client's optional services/functionality connected with the products or services offered or available via our Platform, such as nominating beneficiaries or requesting particular investment options – we will request details to be able to provide these services, such as the beneficiary details, and specific authorisations around the investment option.
-
Subscribe to receive information or attend events that we provide/host or a third party provides/hosts – we will require some contact information to facilitate your request, such as your name, email address and phone number.
-
Request for us to facilitate any another arrangement involving a third party who provides services in accordance with your request – such as where we provide a link to a third party website and you request that third parties send us your personal information (for example, bank feeds and other data feed arrangements).
-
Seek employment or contracting opportunities with us – we will require personal information from you to identify who you are, your employment history, and sensitive information where required and with your consent, to assess your application. Information about referees may also be requested and if so please ensure you obtain their prior consent before providing us with their personal information. If employed/engaged by us, from time to time we may require attestation of past information provided and/or additional personal information, including sensitive information with your consent, in accordance with policies or procedures or to meet other obligations and manage risks.
-
Sensitive information – the collection of sensitive information is restricted by the Privacy Act. This includes such as information about your ethnicity, health, religion or criminal record. If we need this type of information, we will ask for your permission, except where otherwise permitted by law.
-
Where we are an administrator or Platform provider for a third party issuer, or where you have asked a third party to send us your personal information, you should read the privacy section of the relevant issuer’s disclosure document and the privacy policies of any third parties involved in that arrangement to understand details about how your personal information will be managed and who you should contact in the first instance.
How do we collect and hold personal information?
When we collect personal information directly from you, we take reasonable steps at, or before the time of collection to ensure that the individual is aware of certain key matters, such as:
-
the details of the entity collecting the personal information or on whose behalf we are collecting the personal information;
-
the purposes for which we are collecting the information (including for example where required by law);
-
the organisations (or types of organisations) to which we would normally disclose information of that kind;
-
the main consequences if all or some of the personal information is not collected;
-
the fact that you are able to access the information and how to contact us to either access or correct their personal information;
-
the fact that your may complain about the handling of their personal information if they believe it is has not been done in accordance with the Privacy Act, and how the we - or an entity on whose behalf we collect the information - will deal with the complaint.
We will not collect any personal or sensitive information about you except where you have knowingly provided that information to us or we believe you have authorised a third party to provide that information to us.
We will collect personal information directly from an individual where it is reasonable and practicable to do so. Where we collect information from a third party such as financial advisers, fund manager, or another Australian Financial Services Licensee, we will still take reasonable steps to ensure that an individual is made aware of same key matters as set out above.
You are not required to give us the information that we request, however if you choose not to provide the information we ask for, or the information you give us is not complete or accurate, this may for example, prevent or delay the processing of your application or any other request or it may prevent us from contacting you. It may also (in certain circumstances) impact on the taxation treatment of any financial products you acquire that are issued by an entity on whose behalf we collect your information.
We - or an entity on whose behalf we collect your information - will take reasonable steps to ensure that the personal information that we collect, use and disclose is accurate, complete and up to date, by reviewing personal information provided as part of any application process against certified documentation to make sure it meets requirements before processing. We and our clients advise you to keep your information up to date and provide mechanisms for you to do so.
We take reasonable steps to protect the personal information and sensitive information that we hold from misuse and loss and from unauthorised access, modification or disclosure by using security procedures and the latest technology. Account information is hosted on our Platform and is password and security token protected (multi-factor authentication) and instructions are verified before they are processed.
Your personal information is stored on secured third party servers in Australia and can only be accessed in accordance with our Data Security Policy. Data on servers are backed up to separate secured servers. We have implemented a range of physical and electronic security measures to protect your personal information from misuse, unauthorised access and improper disclosure. We also monitor and maintain our security system to ensure that our online services are secure and your personal information is protected appropriately. All personal information is encrypted in transit and at rest.
We may disclose personal information to the following:
-
internally to our staff and related bodies corporate - but only to the extent that this is necessary to provide you with services or products for which you have applied to acquire;
-
professional advisers nominated by you to receive that personal information;
-
promoters of financial products issued by our clients for which you have applied to acquire;
-
any financial institution which holds an account for you;
-
any organisations or professional advisers involved in providing, managing or administering our products or services such as auditors, accountants, lawyers, custodians, external dispute resolution services, insurers, investment managers or mail houses, within normal business practices;
-
your personal representative, or any other person who may be entitled to receive your estate on death, or any person contacted to assist us to process the transmission of your estate;
-
support services; and
-
where otherwise required or authorised by law
We will also disclose your personal information if you give us your written or explicit consent - which may include electronic means of instruction from you through a secure medium on which you have been previously enrolled.
If other organisations provide support services to us, they are required to appropriately safeguard the privacy of the personal information provided to them.
Where personal information collected is no longer needed for any purpose that is permitted by the Privacy Act, we will delete, securely destroy or permanently de-identify the personal information.
Use of government identifiers
We do not use government identifiers (Identifiers) issued by the Commonwealth of Australia (or any other government) as our own identifier of individuals. We will only use or disclose Identifiers in the circumstances permitted by the Privacy Act.
Purposes of collecting your personal information
We will only collect personal information from you or a third party that is reasonably necessary to provide you - or to enable our Clients to provide you - with services and products (primary purpose). We collect personal information for the following primary purposes, including:
-
processing applications and other transactions for products and services offered by us and our clients;
-
providing information and communications to members and other account holders, necessary
-
for the operation of products and services offered by us and our clients, or to comply with the requirements of the Corporations Act 2001 (Cth);
-
to record and maintain member and investor details necessary for providing the services offered by us and our clients;
-
establishing accounts or other banking facilities on an individual's behalf with third party financial institutions and administering an individual's accounts or other banking facilities;
-
communicating with clients and investors, including for the purposes of direct marketing communications (where permitted by law);
-
conducting our internal business operations, including meeting any relevant regulatory or legal requirements;
-
as agent, collecting information to enable our clients to comply with Anti-Money Laundering and Counter-Terrorism Financing Law; and
-
assessing applications for employment.
We will only collect sensitive information from an individual for the purpose of administering their account.
If we or our Clients use or disclose personal information for direct marketing or a purpose other than the primary purpose (secondary purpose), to the extent required by the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth), we will ensure that:
-
the individual has consented to the use or disclosure of their personal information for the secondary purpose; or
-
the secondary purpose is directly related to the primacy purpose; and
-
the individual would reasonably expect us to use or disclose the information for this secondary purpose.
Individuals can request not to receive direct marketing communications by following the opt-out method provided within the communication.
Personal (and/or sensitive) information may also be disclosed where for example it is required by law, or a permitted general or health situation exists in relation to the use or disclosure.
Sharing your personal information
We share your information with other entities within the Group and we also share your information with third parties.
These third parties may include:
-
Our Clients, where you have applied to acquire a financial product or service from that Client
-
Australian Financial Services Licensees, their advisers and representatives and other third parties who you may engage to act on your behalf, such as your parent (if you are under 18), guardian or Power of Attorney;
-
Other financial services organisations, including banks, insurance companies, superannuation funds, stock brokers, custodians, fund managers and annuity providers - but only to the extent that this is required for the purposes of providing you with that financial product or service that you have applied to acquire;
-
Complaint resolution schemes, for example the Australian Financial Complaints Authority;
-
Entities requesting your personal information with a valid court order;
-
Domestic and foreign regulators, government bodies and law enforcement agencies;
-
Organisations that help identify illegal activities and prevent fraud;
-
Organisations that provide online electronic services to verify your personal information, where you have consented to such use;
-
Organisations that provide employee background screening services;
-
Our contractors and external service providers, for example, auditors, mail house, marketing, printers and technology service providers;
-
Other people (such as family members) that are linked on your account; and
-
Third parties engaged by your Nominated Financial Adviser (such as provision of your data to your Nominated Financial Adviser’s client relationship management system).
Sending your personal information overseas
Some of our third party contractors and service providers may perform certain services overseas. As a result, personal information collected by us may be disclosed to a recipient in a foreign country. Examples of this would be where you provide documents that originate overseas for the purposes of identifying you (passports, overseas driving licences). The countries in which such overseas recipients are likely to be located are the United Kingdom, United States, Canada, France, Singapore, the Netherlands, Switzerland and any country of which you are a citizen or a resident.
We take reasonable steps to ensure these overseas recipients comply with the Australian Privacy Principals by implementing contractual arrangements with overseas service providers to ensure the personal information is appropriately safeguarded and to ensure that these overseas service providers comply with the Australian Privacy Principals.
Accessing your personal information
How you can access your personal information
You can request access to your personal information held by us. In most cases, we will grant you access after receiving sufficient information to verify your identity.
If you have applied to acquire a financial product or service from one of our Clients, you should initially make your request for access to your personal information directly to that entity, in accordance with its published Privacy Policy.
Alternatively, access requests may be made in writing, by email or by telephone using the contact details below:
We do not charge a fee to you when you request a copy of the personal information held about you and generally will not charge you for the provision of your personal information. However, if the request is likely to take us a longer period of time to produce, we will let you know the charge, so you can choose if you want to go ahead. The fee will be an hourly rate to cover the expense of providing you with the data and you will need to make payment before we start.
Information will generally be provided within 30 days of successful verification of your identity and payment of any charge to provide the information (if applicable).
Can we refuse to provide you with information?
In some cases, we can refuse to provide you with access to information or provide you with access to only some information. This could occur where the information requested is commercially sensitive, would breach the privacy of another person or where we have another lawful reason to refuse. Where we cannot provide you with information we will write to you to provide an explanation of our decision.
Updating your information
We and our Clients will take reasonable steps to ensure that the personal information we hold is accurate, up to date, complete and relevant. If you believe your personal information requires updating, you can our Client or us (using the contact details below) or you can complete the update yourself through our Platform, where this has been enabled for your account. You should note that updating your information may be governed by statue or regulation other than the Privacy Act (e.g. changing the name on your Account).
Contact details for accessing or updating your information:
Privacy Officer
CXi Software Pty Ltd
Level 11, 50 Queen Street, Melbourne VIC 3000
Phone: +61 2 9238 2399
Email: privacy@cxisoftware.com.au
Making a privacy complaint
How to make a complaint
If you believe that we or our Client have not dealt with your personal information in accordance with this Policy, our Client's Privacy Policy or the Australian Privacy Principles, you may make a complaint to us or to that Client.
If you have applied to acquire a financial product or service from one of our Clients, you should initially make your complaint directly to that entity, in accordance with its published Privacy Policy.
Alternatively, you can complain directly to us, using the following contact details:
Privacy Officer
CXi Software Pty Ltd
Level 11, 50 Queen Street, Melbourne VIC 3000
Phone: +61 2 9238 2399
Email: privacy@cxisoftware.com.au
We take complaints seriously and will try to resolve your concern according to our Complaints Handling Policy.
We aim to respond to your complaint as soon as possible, and will provide you with a final response to your complaint within 21 days of receiving the complaint. If we cannot respond in this time, we will provide you with reasons why and what we are doing to try to resolve your complaint.
Other options if you are not satisfied with our - or our Client's response
If you are not satisfied with the response we or our Client provided to your complaint, you can raise your concerns with the Office of the Australian Information Commissioner:
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Phone 1300 363 992
www.oaic.gov.au