1. Introduction

The OneVue Group (‘OneVue‘, ‘us‘, and ‘we‘) is committed to protecting the privacy of all personal information collected and in compliance with the Australian Privacy Principles in the Privacy Act (Cth) (‘Privacy Act‘) as amended.

This Privacy Policy does not apply to personal information collected by OneVue that is exempted under the Privacy Act, for example employee records. OneVue may amend this Policy as necessary to reflect current privacy practices.

If you provide us with personal information about another person, you should do so only if you have their authority or consent to provide us with their personal information.

Further you represent to us that you are authorised to do so and agree to inform that person who we are, that the information provided will be used and disclosed for the relevant purposes set out in this Policy and that they can access the information we hold about them.

This Privacy Policy sets out how OneVue handles personal information and explains:

  • what personal information we collect
  • how we collect personal information
  • what laws requires us to collect personal information
  • how do we hold your personal information
  • the purposes for which we collect personal information
  • how we store and protect your personal information
  • who we disclose it to
  • how you can access and or correct any personal information
  • how you can make a privacy related complaint.

 

2. What is personal information?

Personal information includes any information or an opinion about an identified individual or an individual who can be reasonably identified from their information whether the information or opinion is true or not and whether the information or opinion is recorded in material form or not and regardless of whether we have kept a record of it.

The information that we seek to collect about you (‘clients‘, ‘investors` and `employees`) will depend on the products or services that we provide.

Special provisions apply to the collection of personal information which is sensitive information. Sensitive information is restricted by the Privacy Act and includes information about religion, racial or ethnic origin, political opinions, criminal record, and sexual orientation, health and biometric information.

Generally, we only collect this sort of information if it is necessary to provide you and/or your clients with a specific product or service and you have consented to that collection. For example, we may collect health information about you to process a claim under an insurance policy.

If you do not allow us to collect the information we require, we may not be able to deliver all of those products or services effectively.

 

3. What personal information do we collect?

We collect personal information in order to provide financial products and services including:

      • superannuation services
      •  trustee services
      • life insurance products
      • investment products
      •  retirement income products
      •  investment products administration
      • registry services
      •  administration services to superannuation trustees
      • self-managed superannuation funds trustee services including administration, taxation and audit
      • financial planning services
      • management of investment listed and unlisted assets such as shares, property fixed interest and cash
      •  investment platform services.

We collect, hold, use and disclose personal information for the purpose of establishment, management and to provide our products and services.

It is generally not practical or possible to remain anonymous or use a pseudonym when dealing with OneVue. We need to use your personal information to provide the OneVue services we provide to you. Throughout the life of your product or service, we may collect and hold additional personal information about you. This could include transaction information or making a record of queries or complaints you make.

The information OneVue collects includes:

  •  Name
  •  Email address
  •  Mailing address and other contact details;
  •  Date of birth
  •  Gender
  •  Information provided to verify your identity (e.g. passport, driver’s licence);
  •  Tax file numbers and other government issued identification numbers;
  •  Bank account details
  • Shareholding details of investments;
  •  Details of superannuation
  • Insurance arrangements;
  •  Educational qualifications
  •  Employment history
  •  Salary;
  • Personal information about your immediate family and dependents.

4. How do we collect personal information?

We also collect personal information about you from other people or organizations. For example, we may collect personal information about you from:

        • other OneVue Group companies
        • publicly available sources of information
        • your representatives including your legal adviser, financial adviser, executor, administrator, guardian, trustee, or attorney
        • your employer
        • other organisations, who jointly with us, provide products and services to you
        • insurers, re-insurers and health care providers.

        5. Privacy on our websites

        Cookies

        Cookies can be small text files placed on your computer when you first visit our websites. Most browsers recognize when a cookie is offered and permit you to refuse or accept it. The purpose of this information is to provide you with a more relevant and effective website experience. You may not be able to access some of our websites if you choose to disable the cookie acceptance on your browser particularly the secure parts of our website.

        Links to third party websites

        We may have links to external third party websites. External websites should contain their own privacy statements and we recommend that you review them when using these websites. These websites are not subject to our privacy policy and procedures.

        6. Laws that require Us to collect and provide personal information

        We are required and authorised to collect and disclose personal information by certain Laws including:

                        • certain identification information about you by the Anti-Money Laundering and Counter Terrorism Financing Act 2006 (Cth) and Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007
                        • your tax file number, if you choose to provide it, by the Income Tax Assessment Act 1936 (Cth)
                        • certain information in relation to your application if you have applied for insurance as required by the Insurance Contracts Act 1984 (Cth)
                        • The Family Law Act 1975 (Cth) enables certain persons to request information about your financial interest in superannuation and financial products. The request must be made in a form prescribed by law
                        • The Australian Securities and Investment Commission
                        • The United States Internal Revenue Service
                        • Other financial services institutions to detect, investigate or prevent actual or potential fraud in connection with the products or services we provide.

                      7. How do we hold personal information

                      OneVue holds your personal information in hard copy and electronic formats. We take security measures to protect your personal information we hold, including physical (for example, security passes to enter our offices) electronic security (for example restriction of access, firewalls, passwords and digital certificates) security measures.

                      We take reasonable steps to ensure that your personal information that we collect, use and disclose is accurate, complete and up to date, by reviewing personal information provided as part of the application process against certified documentation to make sure it meets requirements before processing. OneVue advises that you keep your information up to date and we provide mechanisms for you to do so.

                      We take reasonable steps to protect your personal information that we hold from misuse and loss and from unauthorised access, modification or disclosure by using security procedures and available technology.

                      Account information is password and security question protected and instructions are verified before they are processed.

                      Personal information is stored on both onsite servers located in secured server rooms and in our data centres located in New South Wales and Victoria. Data from onsite servers is backed up both to the data centre at least daily.

                      8. EU Data Protection

                      The General Data Protection Regulation (GDPR) came into effect from 25 May 2018. It was established to protect the privacy and processing of personal information for European Union (EU) residents.

                      GDPR applies to our collection, use, disclosure and processing of your personal information if:

                      • have an establishment in the EU (regardless of whether they process personal data in the EU), or
                      • do not have an establishment in the EU, but offer goods and services or monitor the behaviour of individuals in the EU.

                      Whilst OneVue Group does not currently conduct business outside Australia GDPR may hold us accountable for how we process EU users` personal data. Personal information and the types that we collect have been explained in sections 2 and 3.

                      We use our personal information to fulfill our contractual obligations where GDPR may apply.

                      The GDPR has the concepts of a Data Controller and a Data Processor. In some circumstances OneVue may need to comply with requirements for a Data Controller and or a Data Processor.

                      Data Controllers must:

                      • appoint data protection officers to monitor and advise on compliance with the GDPR and with internal privacy policies and procedures – OneVue has appointed its Head of Cyber Security as its’ Data Protection Officer
                      • undertake a compulsory data protection impact assessment prior to data processing, where a type of processing is likely to result in a high risk for the rights and freedoms of individuals – All new development items include a compulsory data protection impact assessment as part of the Business Requirements gathering process.
                      • advise the relevant supervisory authority of a data breach within 72 hours of identifying the breach unless the breach is unlikely to impact the rights and freedoms of individuals.
                      • Data Processors must:
                      • only process data in accordance with our contractual agreement with our clients who are the data controller
                      • ensure all employees, authorised to process personal information, complete mandatory privacy training, in addition to committing themselves to confidentiality prior to being exposed to any personal information
                      • assist Data Controllers to satisfy their responsibilities in terms of security obligations.

                      9. Disclosure of information

                      We may outsource our services to other organisations.

                      Personal information may be collected by, transferred to or handled by:

                      • related bodies corporate
                      • financial institutions, where necessary, to allow us to establish accounts or other banking facilities on behalf of clients or investors
                      • professional advisers including; auditors, accountants and lawyers, within normal business practices
                      • your nominated financial adviser unless you us otherwise instruct in writing; Custodians; Insurers
                      • your employer
                      • investment managers
                      • registry and platform providers
                      • trustees of other superannuation funds where your superannuation is transferred to or from another fund
                      • government bodies and law enforcement agencies including, the Australian Taxation Office, AUSTRAC, ASIC and Australian Prudential Regulation Authority
                      • our legal and other professional advisers
                      • where required or authorised by law
                      • any third party required to provide services to OneVue.

                      If other organisations provide support services to OneVue, they are required to appropriately safeguard the privacy of the personal information provided to them.

                      Where personal information collected is no longer needed for any purpose that is permitted by the Privacy Act, OneVue will delete, securely destroy or permanently de-identify the personal information.

                      10. Direct Marketing

                      We may use your personal information for the purpose of offering our products and services we believe may interest you. We may offer our products and services by various means including mail, telephone, email, SMS and other available electronic means, including social media. If you do not want to receive marketing material from us you can opt out by contacting us or:

                        • for electronic communication, click on the unsubscribe function
                        • for hard copy communication, you can contact us at enquiries@onevue.com.au
                        • contact our Privacy Officer at Level 5, 10 Spring Street, Sydney NSW

                      11. Disclosing personal information overseas

                      Some entities, third party contractors, and service providers we share information with, may be located or have operations in foreign countries. The personal information we collected may be disclosed to a recipient in a foreign country. OneVue outsources some back office administrative services and Anti-Money Laundering and Counter-Terrorism Financing screening services to providers who operate in foreign countries. The countries in which such overseas recipients are likely to be located are the United Kingdom, Canada, Singapore, The Netherlands and India.

                      We take reasonable steps to ensure the overseas recipients comply with this Policy by implementing contractual arrangements with overseas service providers to ensure your personal information is appropriately safeguarded and to ensure that these overseas service providers comply with the Australian Privacy Principles.

                      12. Use of Commonwealth Government identifiers

                      OneVue does not use Commonwealth Government Identifiers (Identifiers) as its own identifier of individuals. We will only use or disclose Identifiers in the circumstances permitted by the Privacy Act.

                      13. Purpose of collection

                      OneVue will not collect personal information from you unless that information is reasonably necessary for or directly related to one or more of OneVue products and services.

                      OneVue will only collect your personal information from an individual or a third party where it is reasonably necessary to provide OneVue’s products or services. OneVue collects personal information for the following purposes (primary purposes), including:

                      • processing applications and other transactions for products and services offered by OneVue and our clients
                      • providing information and communications to account holders, necessary for the operation of products and services offered by OneVue and our clients, or to comply with Corporations Act requirements
                      • to record and maintain investor details necessary for providing the unit registry services offered by OneVue and our clients
                      • establishing accounts or other banking facilities on an individual’s behalf with third party financial institutions and administering an individual’s accounts or other banking facilities
                      • communicating with clients and investors
                      • conducting our internal business operations, including meeting any relevant regulatory or legal requirements.

                      If OneVue uses or discloses your personal information for a purpose (secondary purpose) other than a primary purpose, to the extent required by the Privacy Amendment Act, OneVue will ensure that:

                        • you have consented to the use or disclosure of your personal information for the secondary purpose
                        • you would reasonably expect OneVue to use or disclose your information for the secondary purpose and the secondary purpose is related to the primary purpose of collection, and in such a way that you would reasonably expect OneVue to use or disclose information in that way.

                        14. Accessing your personal information

                        You can request access to the personal information we hold about you. You can also ask for corrections to be made.

                        We do not charge a fee for correcting your personal information. A reasonable fee may be charged for processing your request for access to your personal information. The charge covers our costs for locating the information and supplying it to you.

                        There are some circumstances in which we are not required to give you access to personal information. If we refuse to give you access to or to correct your personal information, we will explain our reasons.

                        15. Complaints

                        If you wish to make a complaint about OneVue handling of your personal information, you can contact the OneVue Group Privacy Officer at:

                        OneVue Group Privacy Officer
                        Level 5, 10 Spring Street
                        Sydney NSW 2000

                        We will aim to resolve your complaint as quickly as possible. We will let you know if we need any further information.

                        Whilst we strive to resolve complaints within five business days some complaints may take longer. If your complaint is taking longer, we will let you know and provide you with a date by which you can reasonably expect a response.

                        Escalation of your complaint

                        If you feel that your complaint has not been satisfactorily addressed in the first instance by our Privacy Officer, you may seek assistance from: Office of the Australian Information Commissioner.

                        Under the Privacy Act, you may complain to the Office of the Australian Information Commissioner on how we handle your personal information and can be contacted at:

                        The Australian Information Commissioner
                        GPO Box 5218
                        Sydney NSW 2001
                        Phone: 1300 363 992
                        oaic.gov.au

                        Or

                        Until 30 October 2018 to:

                        Financial Ombudsman Service
                        GPO Box 3
                        Melbourne VIC 3001
                        Phone: 1300 780 808
                        fos.org.au

                        From 1 November 2018 to:

                        Australian Financial Complaints Authority
                        GPO Box 3
                        Melbourne VIC 3001
                        Phone: 1800 931 678
                        info@afca.org.au