This privacy statement is made on behalf of Capital Dynamics (Australia) Limited ACN 129846260 AFSL 326283 (“CDAL”). CDAL is committed to protecting your privacy and to compliance with the Australian Privacy Principles contained in the Privacy Act 1988 (Cth). If you have any questions relating to this privacy statement or your privacy rights please contact us.
This Privacy Statement sets out the policy of CDAL for management of personal information. We are committed to ensuring the privacy of your information and recognise that you, as a customer, are concerned about your privacy and about the confidentiality and security of information that CDAL may hold about you.
This Policy is designed to inform customers of –
Personal information is information or an opinion about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion. CDAL will also collect any personal information necessary for the purposes of complying with the Anti-Money Laundering and Counter-Terrorism Financing Act 2006.
The information we collect from you will depend on what services we provide to you and may include the following:
CDAL seeks to ensure that personal information we hold about an individual is managed in an open and transparent manner. We have implemented procedures to ensure compliance with the Australian Privacy Principles and any applicable codes, and to deal with any complaints relating to our compliance therewith.
This policy details how CDAL adheres to the Australian Privacy Principles regarding the collection of solicited personal information. CDAL only collects personal information directly from individuals, which is reasonably necessary for the provision of our services, and only by lawful and fair means. Information is generally sought through our application forms, in which the purpose is articulated. Accordingly, we will always ensure you are apprised of our purpose in collecting information, and your right to gain access to such information. If you do not provide the information requested, we may be unable to provide you with our services.
Please note that generally we will only use the personal information (e.g. postal address, e-mail address, telephone numbers, facsimile number, date of birth, bank account details, TFN, details related to the provision of verification and identification documentation) we collect for the main purposes disclosed at the time of collection such as to provide financial services.
Where possible we will collect the information directly from you via our
We may also collect information about you from our web site but this information will only identify who you are if you provide us with your details (eg. if you e-mail your contact details to us). When you visit our web site our web server collects the following types of information for statistical purposes:
No attempt is made to identify individual users from this information.
The CDAL web site contains links to the web sites of third parties. If you access those third party web sites they may collect information about you. CDAL does not collect information about you from the third parties. You will need to contact them to ascertain their privacy standards.
A cookie is a small text file placed on your computer hard drive by a web page server. Cookies may be accessed later by our web server. Cookies store information about your use of our web site. Cookies also allow us to provide you with more personalised service when using our web site.
Most web browsers are set to accept cookies but you may configure your browser not to accept cookies. If you set your browser to reject cookies you may not be able to make full use of the CDAL web site.
If you provide us with your e-mail address during a visit to our web site it will only be used for the purpose for which you provided it to us. It will not be added to a mailing list without your consent unless the mailing list is related to the purpose for which you provided your e-mail address to us. We may use your e-mail address, for example, to provide you with information about a particular service or respond to a message you have sent to us.
If you subscribe to one of our services and provide your e-mail address to us so that we may communicate with you through e-mail, we may also use your e-mail address to advise you of upgrades and changes to those services.
Where we receive personal information about an individual which is unsolicited by us and not required for the provision of our services, we will destroy the information (provided it is lawful and reasonable for us to do so).
When we obtain personal information about you, we ensure that you have our contact details and that you are aware of the collection of information and our purposes for doing so. As per above, we are unable to provide certain services if the requested information is not provided. We do not disclose your information to third parties, unless they are related entities or services providers, in which case they are required to conform to our procedures.
CDAL collects and holds personal information about an individual for the purpose of providing financial services. We collect this information with your consent as per our application form or other documentation, for the primary purpose disclosed to you at the time of collection.
However, in some cases CDAL will use or disclose personal information for secondary purposes (any purpose other than a primary purpose). Personal information obtained to provide financial services may be applied to secondary purposes if the secondary purpose is related to the primary purpose of collection and the person concerned would reasonably expect the personal information to be used or disclosed for such secondary purpose.
In some cases we may ask you to consent to any collection, use or disclosure of your personal information. Your consent will usually be required in writing but we may accept verbal consent in certain circumstances. We may also disclose your personal information where it is required or authorised by law.
We may use your personal information to:
We may disclose your personal information to:
CDAL may use third party service providers to maintain some of our data systems and provide auxiliary services. We require any party that has access to personal information to conform to our privacy standards.
CDAL will only use personal information obtained for the provision of financial services, for the secondary purpose of direct marketing where:
Often the law requires us to advise you of certain changes to products/ services or regulations. You will continue to receive this information from us even if you choose not to receive direct marketing information from us. We will not disclose your information to any outside parties for the purpose of allowing them to directly market to you.
CDAL does not, for the purposes of the Privacy Act, collect sensitive information. Wherever lawful and practicable, individuals may deal anonymously with CDAL but given the nature of our services, it is unlikely that this will be a viable option. CDAL does not use official identifiers (e.g. tax file numbers) to identify individuals. An individual’s name or Australian Business Number is not an identifier for the purposes of the Privacy Act and hence may be used to identify individuals.
CDAL may on occasion transfer personal information to its parent company overseas, and ensures that entity remains bound by these requirements.
CDAL takes all reasonable steps to ensure the personal information held about individuals is accurate, up-to-date and complete. We verify personal information at the point of collection. The accuracy of records is also maintained by regular mail-out of statements.
CDAL encourage you to help us by telling us immediately if you change your contact details (such as your phone number, street address or email address) or if any of your details need to be corrected or updated. A person wishing to update their personal information may contact our staff or the Privacy Officer on the contact details shown within this document.
Where a person requests access to their personal information, our policy is, subject to certain conditions (as outlined below) to permit access. CDAL will correct personal information where that information is found to be inaccurate, incomplete or out of date. We will not charge you a fee for your access request but may charge you the reasonable cost of processing your request.
If a person wishes to access their personal information or correct it, they should contact the Privacy Officer, and we will seek to provide such information within a reasonable period of time, and in the manner so requested (where reasonable to do so).
CDAL may not always be able to give you access to all the personal information we hold about you. If this is the case, we will provide a written explanation of the reasons for our refusal, together with details of our complaints process for if you wish to challenge the decision.
We may not be able to give you access to information in the following circumstances:
a. Where we reasonably believe this may pose a serious threat to the life, health of safety of any individual or to public health/safety;
b. Which would unreasonably impact the privacy of another individual;
c. Where such request is reasonably considered to be frivolous or vexatious;
d. Which relates to existing or anticipated legal proceedings which would otherwise not be accessible in the discovery process relating to such proceedings;
e. Which would reveal our intentions and thereby prejudice our negotiations with you;
f. Which would be unlawful;
g. Which is prohibited by law or a court/tribunal order;
h. Which relates to suspected unlawful activity or serious misconduct, where access would likely prejudice the taking of appropriate action in relation thereto;
i. Where enforcement activities conducted by or on behalf of an enforcement body may be prejudiced; or
j. Where access would reveal details regarding a commercially sensitive decision-making process.
Where CDAL believes information we hold about an individual is inaccurate, out-of-date, incomplete, irrelevant or misleading, OR an individual requests us to correct information held about them, CDAL will take all reasonable steps to correct such information in a reasonable time frame. No fees are payable for such requests. If you request us to similarly advise a relevant third party of such correction, we will facilitate that notification unless impracticable or unlawful for us to do so.
If CDAL intends to refuse to comply with your correction request, we will notify you in writing of our reasons for such refusal, and the complaints process you may avail if you wish to challenge that decision. You may also request that we associate the personal information we hold with a statement regarding your view of its inaccuracy.
We take reasonable steps and precautions to keep personal information secure from loss, misuse, and interference, and from unauthorised access, modification or disclosure
If you use the Internet to communicate with us, you should be aware that there are inherent risks in transmitting information over the Internet. CDAL does not have control over information while in transit over the Internet and we cannot guarantee its security.
Where information is no longer required to be held or retained by CDAL for any purpose or legal obligation, we will take all reasonable steps to destroy or de-identify the information accordingly.
We will report ‘eligible data breaches’ to the affected individual(s) and the Australian Information Commissioner in relation to the (including suspected) unauthorised access or disclosure of personal information held, which is likely to result in serious harm to the relevant individual(s), and where we have been unable to prevent the likely risk of serious harm with remedial action.
We will formulate a data breach response plan, to limit any negative consequences of such a breach. An effective response involves a process to contain, assess, notify and review.
In accordance with the new data protection requirements in the European Union General Data Protection Regulation (EU GDPR) which apply from 25 May 2018, we provide the following additional measures which we have adopted in relation to all EU clients and third parties:
1. We will limit the processing, collection and retention of data to the extent legally possible and practically viable.
2. We will not request or collect data that is not required for the purpose of providing our services or meeting our legal obligations.
3. We will delete your information, and acknowledge your right of erasure or to be forgotten, as soon as we are legally able and subject to our other legal and regulatory obligations regarding record-keeping.
4. You may advise us at any time that you withdraw any consent previously given to us, and require us to stop processing your data.
5. You may object to any decision based on automated processing, and you may request a manual review.
6. You have the right to request a transfer of your personal information, which will be provided in a machine-readable electronic format.
7. Where we intend to process/utilise your personal data beyond the disclosed legitimate purpose for which it was collected, we will obtain a clear and explicit consent from you (which can be withdrawn at any time).
8. We will maintain a Personal Data Breach Register, and notify the relevant regulator in a timely manner as required.
9. We ensure that organisational and technical mechanisms are utilised to protect personal data when we are designing new systems and processes.
10. We will conduct Data Protection Impact Assessments when initiating a new project/change/product which involves significant changes to the processing of personal information.
11. We ensure our representatives are regularly trained regarding our obligations and their responsibilities under applicable privacy/data protection regulations.
If you have a complaint relating to our compliance with privacy laws or our treatment of your personal information, please contact our Privacy Officer at the contact details above. We will investigate your complaint and endeavour to resolve the issue to your satisfaction. If you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with the Office of the Australian Information Commissioner by telephoning 1300 363 992 or visiting their website at www.oaic.gov.au