When you trust us with your personal information, you expect us to protect it and keep it safe.
We take this responsibility seriously and we are bound by the Privacy Act 1988 (Cth) (‘Privacy Act’). We will protect your personal information in accordance with the Australian Privacy Principles. These principles govern how we can collect, use, hold and disclose your personal information, as well as ensuring the quality and security of your personal information.
If you would like more information about how we protect your privacy, please contact us.
About this policy
What is personal information?
Personal information includes any information or opinion, about an identified individual or an individual who can be reasonably identified from their information. Some examples of personal information may include your:
- Mailing or residential address details;
- Contact details such as telephone numbers, email address, social media platform user name;
- Government issued identifiers such as Tax File Number, Medicare number or Driver’s License number;
- bank account and credit card details;
- Audio recording; and
- Sensitive information such as information relating to your health, racial or ethnic origin.
The information that we seek to collect about you will depend on the products or services that we provide. If you do not allow us to collect all of the information we request, we may not be able assist you in providing the products, services or advice you have requested. Where you provide limited information, we will make you aware of any limitations or risks of such providing.
What kinds of personal information do we collect and hold?
When you apply for our products or services, we may ask for identification information. This could include your name, address, contact details and date of birth, family, health, financial situation, tax residency status, income, expenditure, assets and liabilities. We may also ask you for information that identifies you or your residency status such as a driver’s licence, passport and tax file number where we are authorised to collect it and if you choose to supply it.
If you apply for insurance, we may collect information about what is being insured, the beneficiaries along with your health and financial situation, depending on the type of insurance.
Throughout the life of your product or service, we may collect and hold additional personal information about you. This could include transaction information or making a record of queries or complaints you make and, if you make an insurance claim, collecting additional information to assess the claim.
The collection of sensitive information is restricted by the Privacy Act. This includes information about your religion, racial or ethnic origin, political opinions, criminal record and sexual orientation. It also includes health information and biometric information.
Generally, we only collect this sort of information if it is necessary to provide you with a specific product or service and you have consented to that collection. For example, we may collect health information about you to process a claim under an insurance policy or collect voice biometric information to verify your identity or authorise transactions.
Why do we collect, hold, use and disclose personal information?
The main reason we collect, use, hold and disclose personal information is to provide you with products and services. This includes:
- Checking whether you are eligible for the product or service
- Verifying your identity for security purposes
- Assisting you where online applications are not completed
- Providing the product or service • Managing and improving the product or service, such as invoicing or client surveys.
- Assisting you with your questions and requests
We may also use your information to comply with legislative or regulatory requirements in any jurisdiction, prevent fraud, crime or other activity that may cause harm in relation to our products or services.
How do we collect personal information?
We collect most personal information directly from you. For example, we will collect your personal information when you apply for or use a product and/or service, or when you talk to us in person or on the phone.
We also collect information from you electronically. For instance, when you visit our website or if you send us electronic correspondence (see “Do we collect personal information electronically?”).
Sometimes we collect personal information about you from other people or organisations. This may happen without your direct involvement. For instance, we may collect personal information about you from:
- Publicly available sources of information, such as public registers
- Your representatives (including your legal advisor, accountant, mortgage broker, executor, administrator, guardian, trustee, or attorney)
- Your employer
- Other organisations, who jointly with us, provide products or services to you
- Commercial information service providers, such as companies that provide fraud prevention reports
- Insurers, re-insurers and health care providers.
What laws require or authorise us to collect personal information?
We are required or authorised to collect:
- Certain identification information about you as outlined in the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) and Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No. 1)
- Your Tax File Number, if you choose to provide it as specified in the Income Tax Assessment Act 1936 (Cth)
- Certain information in relation to your application if you have applied for insurance as required by the Insurance Contracts Act 1984 (Cth).
How do we hold personal information?
Your personal information will be stored electronically in secure data centres which are owned by Sprout Financial Pty Ltd or by external service providers bound by the Australian Privacy Principles. Some information we hold about you will be stored in paper files. We use a range of physical and electronic security measures to protect the security of the personal information we hold. For example:
- Access to information systems is controlled through identity and access management
- Employees are bound by internal information security policies and are required to keep information secure
- All employees are required to complete training about information security
- We regularly monitor and review our compliance with internal policies and industry best practice.
Please be aware that the transmission of data over the Internet is never guaranteed to be completely secure. It is possible that third parties outside of our control may be able to access or intercept transmissions or private communications without our permission or knowledge. Therefore, we cannot ensure or warrant the security of any information transmitted between us.
We take reasonable steps to destroy or de-identify your personal information when it is no longer needed for any purpose permitted under the Privacy Act. This requirement does not apply if we are required or authorised by law to keep it.
Who do we disclose your personal information to, and why?
We may share your personal information within the Sprout Financial Pty Ltd (Sprout Financial Group). We may also provide personal information about our clients to organisations outside the Sprout Financial’s group of associated entities. To protect personal information, we ensure our service providers comply with the Privacy Act. We only authorise our service providers to use or disclose your personal information for the specific role we ask them to perform.
Generally, we disclose personal information to organisations that help us with our business. These may include:
- Our agents, contractors and external service providers (for example, mailing houses and technology service providers)
- Paraplanning service providers or temporary staff to handle workloads during peak periods
- Insurers, re-insurers and health care providers
- Payment systems operators (for example, merchants receiving card payments)
- Other organisations, who jointly with us, provide products or services to you
- Financial services organisations, including banks, lenders, superannuation funds, stockbrokers, custodians, fund managers and portfolio service providers
- Debt collectors
- Our representatives (including legal advisors, compliance advisors or auditors)
- Your representatives (including your legal advisor, accountant, mortgage broker, property valuer, guarantors, (including prospective) family members, agents, executor, administrator, guardian, trustee, or attorney).
- Any government and regulatory bodies required by law, to prevent fraud or other misconduct
- IT service providers
- External dispute resolution schemes
- Regulatory bodies, government agencies and law enforcement bodies in any jurisdiction.
- A potential purchaser/organisation involved in the proposed sale of our business for the purpose of due diligence, corporate re-organisation and transfer or all or part of the assets of our business, , which may include the assets of personal information.
- We may also disclose your personal information to others outside Sprout Financials’ associated entities where:
- We are required or authorised by law or where we have a public duty to do so
- You may have expressly consented to the disclosure or the consent may be reasonably inferred from the circumstances
- We are otherwise permitted to disclose the information under the Privacy Act.
Although in certain circumstances we are required to collect government identifiers such as your tax file number, Medicare number or pension card number, we do not use or disclose this information other than when required, authorised by law or unless you have voluntarily consented to disclose this information to any third party to complete services on your behalf.
Do we disclose personal information overseas?
We may store your information in cloud or other types of networked or electronic systems. As electronic or networked systems can be accessed from various countries via an internet connection, it’s not always practicable to know in which country your information may be held.
We may use outsourced providers who may disclose your personal information to recipients located outside Australia who are part of their corporate group or as part of their operations when they deliver their services to us. We only enter agreements with outsourced providers whose are have an Australian presence and who can agree to appropriate contractual controls to ensure their compliance with Australian Privacy Act law.
- Microsoft OneDrive (Cloud File Storage and Business Applications)
- Drop Box (Cloud File Storage)
- Zoom (Video Conferencing)
- Virtual Business Partners
Overseas organisations may be required to disclose information we share with them under a foreign law.
In the course of doing business with you, we may disclose some of your personal information to overseas recipients. However, we will only do so where:
- It is necessary to complete the transaction you have entered into; or
- We believe on reasonable grounds that the overseas recipient is required to deal with your personal information by enforceable laws which are similar to the requirements under the APPs; or
- It is otherwise permitted by law.
Do we use or disclose personal information for marketing?
We may use your personal information to offer you products and services we believe may interest you. We may send you direct marketing communications such as offers, updates, events, articles or newsletters. We will always give you the option of electing not to receive any of these communications in the future by notifying us or unsubscribing at any time.
Do we collect personal information electronically?
We will collect information from you electronically, for instance through internet browsing, mobile or tablet applications.
Each time you visit our website, we collect information about your use of the website, which may include the following:
- The date and time of visits
- Which pages are viewed
- How users navigate through the site and interact with pages (including fields completed in forms and applications completed)
- Location information about users
- Information about the device used to visit our website
- IP addresses.
We use technology called cookies when you visit our site. Cookies are small pieces of information stored on your hard drive or in memory. They can record information about your visit to the site, allowing it to remember you the next time you visit and provide a more meaningful experience.
One of the reasons for using cookies is to offer you increased security. The cookies we send to your computer cannot read your hard drive, obtain any information from your browser or command your computer to perform any action. They are designed so that they cannot be sent or retrieved by any another website.
We won’t ask you to supply personal information publicly over Facebook, Twitter, or any other social media platforms that we use. Sometimes we may invite you to send your details to us via private messaging, for example, to answer a question. You may also be invited to share your personal information through secure channels to participate in other activities, such as competitions.
Accuracy, access to and correction of personal information
We will make every effort to ensure that the personal information we collect is accurate and complete. However, we are reliant on you informing us if your personal details change.
You can request access to the personal information we hold about you. You can also ask for corrections to be made. To do so, please contact us.
There is no fee payable for updating or correcting your personal information. Should you request access to your personal information, a reasonable cost may be charged. This charge covers such things as locating the information and supplying it to you.
There are some circumstances in which we are not required to give you access to your personal information. If we refuse to give, you access to or to correct your personal information we will give you a notice explaining our reasons, except where it would be unreasonable to do so.
If we refuse your request to correct your personal information, you also have the right to request that a statement be associated with your personal information noting that you disagree with its accuracy.
If we refuse your request to access or correct your personal information, we will also provide you with information on how you can complain about the refusal.
How long do we keep your personal information?
We will keep your personal information for as long as you continue to be client of Sprout Financial and their associated entities.
We also generally retain your personal information for at least seven years after you stop being a client in order to comply with our legal obligations, for example demonstrating our compliance with relevant financial service laws and responding to any questions or complaints may have you.
European Union General Data Protection Regulation (GDPR)
If you are a resident of or a business ‘established’ in a country that is a member of the European Union Economic Area (the EU and Norway, Lichtenstein and Iceland), you are entitled to additional protections provided by the GDPR, other than the protections already afforded to you under the Privacy Act.
In certain circumstances, this may include, but is not limited to, the right to:
- have your personal information erased
- access your personal information in an electronic and portable format
- restrict, object or withdraw your consent to the processing of your personal information
If you require more information about your eligibility to and or these rights, please let us know.
Resolving your privacy concerns and complaints – your rights
If you are concerned about how your personal information is being handled or if you have a complaint about a breach of the Australian Privacy Principles, please contact us.
We are committed to resolving complaints within a fair and reasonable timeframe. Wherever possible, complaints will be resolved promptly at first point of contacts. Where this is not possible, we aim to resolve complaints within five business days.
If your complaint exceeds five business days, we will contact you with a status report and expected
If you are unhappy with our response, there are other bodies you can go to including the Australian Financial Complaints Authority and the Office of the Australian Information Commissioner.
Australian Financial Complaints Authority
The Australian Complaints Authority (AFCA) provides fair and independent financial services complaint resolution that is free to consumers.
ACFA can be contacted at:
Email: [email protected]
Phone: 1800 931 678 (free call)
In writing to: Australian Financial Complaints Authority, GPO Box 3, Melbourne VIC 3001
Office of the Australian Information Commissioner
Under the Privacy Act you may complain to the Office of the Australian Information Commissioner about the way we handle your personal information.
The Commissioner can be contacted at:
GPO Box 5218
Sydney NSW 2001
Phone: 1300 363 992
Email: [email protected] www.oaic.gov.au
Our Privacy Officer can also be contacted in relation concerned by writing to:
Attention: Privacy Officer
11/207 Buckley St
Essendon VIC 3040
You can also call or visit our offices in person:
Phone: (03) 9870 6544
In-person: 11/207 Buckley St, Essendon VIC 3040
Links to other sites
Providing us information about your family members
By asking us to assist with your financial needs, you consent to the collection and use of your personal information you have provided us with for the purposes described in this policy.
Meaning of words
We, us or our means:
Sprout Financial Pty Ltd | ABN 22 616 589 792| Australian Financial Services Licence no 495546.
Guidance Financial Services Pty Ltd | ABN 60 468 730 209 | Corporate Authorised Representative ASIC no 327058
Mercury Wealth Management Pty Ltd | ABN 67 142 357 177 | Corporate Authorised Representative ASIC no 389575