1. Introduction

The OneVue Group (‘OneVue‘, ‘us‘, and ‘we‘) is committed to protecting the privacy of all personal information collected and in compliance with the Australian Privacy Principles in the Privacy Act (Cth) (‘Privacy Act‘) as amended.

This Privacy Policy does not apply to personal information collected by OneVue that is exempted under the Privacy Act, for example employee records. OneVue may amend this Policy as necessary to reflect current privacy practices.

If you provide us with personal information about another person, you should do so only if you have their authority or consent to provide us with their personal information.

Further you represent to us that you are authorised to do so and agree to inform that person who we are, that the information provided will be used and disclosed for the relevant purposes set out in this Policy and that they can access the information we hold about them.

This Privacy Policy sets out how OneVue handles personal information and explains:

  • what personal information we collect
  • how we collect personal information
  • what laws requires us to collect personal information
  • how do we hold your personal information
  • the purposes for which we collect personal information
  • how we store and protect your personal information
  • who we disclose it to
  • how you can access and or correct any personal information
  • how you can make a privacy related complaint.

2. What Personal Information do we collect?

Personal information includes any information or an opinion about an identified individual or an individual who can be reasonably identified from their information whether the information or opinion is true or not and whether the information or opinion is recorded in material form or not and regardless of whether we have kept a record of it.

The information that we seek to collect about you (‘clients‘, ‘investors` and `employees`) will depend on the products or services that we provide.

Special provisions apply to the collection of personal information which is sensitive information. Sensitive information is restricted by the Privacy Act and includes information about religion, racial or ethnic origin, political opinions, criminal record, and sexual orientation, health and biometric information.

Generally, we only collect this sort of information if it is necessary to provide you and/or your clients with a specific product or service and you have consented to that collection. For example, we may collect health information about you to process a claim under an insurance policy.

If you do not allow us to collect the information we require, we may not be able to deliver all of those products or services effectively.

3. How do we collect personal information?

Generally, we collect personal information directly from you. For example, we will collect your personal information when you apply for or use a product or service or talk to us in person or on the telephone.

We may also collect information from you electronically. For example, when you visit our website or whenever you apply for or access our product and services electronically.

We may record telephone conversations and where this occurs, it will be disclosed prior to connecting and you will be given an opportunity to decline and refuse such recording.

We also collect personal information about you from other people or organizations. For example, we may collect personal information about you from:

  • other OneVue Group companies
  • publicly available sources of information
  • your representatives including your legal adviser, financial adviser, executor, administrator, guardian, trustee, or attorney
  • your employer
  • other organisations, who jointly with us, provide products and services to you
  • insurers, re-insurers and health care providers.

4. Laws that require Us to collect and provide personal information

We are required and authorised to collect and disclose personal information by certain Laws including:

  • certain identification information about you by the Anti-Money Laundering and Counter Terrorism Financing Act 2006 (Cth) and Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007
  • your tax file number, if you choose to provide it, by the Income Tax Assessment Act 1936 (Cth)
  • certain information in relation to your application if you have applied for insurance as required by the Insurance Contracts Act 1984 (Cth)
  • The Family Law Act 1975 (Cth) enables certain persons to request information about your financial interest in superannuation and financial products. The request must be made in a form prescribed by law
  • The Australian Securities and Investment Commission
  • The United States Internal Revenue Service
  • Other financial services institutions to detect, investigate or prevent actual or potential fraud in connection with the products or services we provide.

5. How do we hold personal information

OneVue holds your personal information in hard copy and electronic formats. We take security measures to protect your personal information we hold, including physical (for example, security passes to enter our offices) electronic security (for example restriction of access, firewalls, passwords and digital certificates) security measures.

We take reasonable steps to ensure that your personal information that we collect, use and disclose is accurate, complete and up to date, by reviewing personal information provided as part of the application process against certified documentation to make sure it meets requirements before processing. OneVue advises that you keep your information up to date and we provide mechanisms for you to do so.

We take reasonable steps to protect your personal information that we hold from misuse and loss and from unauthorised access, modification or disclosure by using security procedures and available technology.

Account information is password and security question protected and instructions are verified before they are processed.

Personal information is stored on both onsite servers located in secured server rooms and in our data centres located in New South Wales and Victoria. Data from onsite servers is backed up both to the data centre at least daily.

6. EU Data Protection

The General Data Protection Regulation (GDPR) came into effect from 25 May 2018. It was established to protect the privacy and processing of personal information for European Union (EU) residents.

GDPR applies to our collection, use, disclosure and processing of your personal information if:

  • have an establishment in the EU (regardless of whether they process personal data in the EU), or
  • do not have an establishment in the EU, but offer goods and services or monitor the behaviour of individuals in the EU.

Whilst OneVue Group does not currently conduct business outside Australia GDPR may hold us accountable for how we process EU users` personal data. Personal information and the types that we collect have been explained in sections 2 and 3.

We use our personal information to fulfil our contractual obligations where GDPR may apply.

The GDPR has the concepts of a Data Controller and a Data Processor. In some circumstances OneVue may need to comply with requirements for a Data Controller and or a Data Processor.

7. Disclosure of information

We may outsource our services to other organisations.

Personal information may be collected by, transferred to or handled by:

  • related bodies corporate
  • financial institutions, where necessary, to allow us to establish accounts or other banking facilities on behalf of clients or investors
  • professional advisers including; auditors, accountants and lawyers, within normal business practices
  • your nominated financial adviser unless you us otherwise instruct in writing; Custodians; Insurers
  • your employer
  • investment managers
  • registry and platform providers
  • trustees of other superannuation funds where your superannuation is transferred to or from another fund
  • government bodies and law enforcement agencies including, the Australian Taxation Office, AUSTRAC, ASIC and Australian Prudential Regulation Authority
  • our legal and other professional advisers
  • where required or authorised by law
  • any third party required to provide services to OneVue.

If other organisations provide support services to OneVue, they are required to appropriately safeguard the privacy of the personal information provided to them.

Where personal information collected is no longer needed for any purpose that is permitted by the Privacy Act, OneVue will delete, securely destroy or permanently de-identify the personal information.

8. Disclosing personal information overseas

Some entities, third party contractors, and service providers we share information with, may be located or have operations in foreign countries. The personal information we collected may be disclosed to a recipient in a foreign country. OneVue outsources some back office administrative services and Anti-Money Laundering and Counter-Terrorism Financing screening services to providers who operate in foreign countries. The countries in which such overseas recipients are likely to be located are the United Kingdom, Canada, Singapore, The Netherlands and India.

We take reasonable steps to ensure the overseas recipients comply with this Policy by implementing contractual arrangements with overseas service providers to ensure your personal information is appropriately safeguarded and to ensure that these overseas service providers comply with the Australian Privacy Principles.

9. Use of Commonwealth Government identifiers

OneVue does not use Commonwealth Government Identifiers (Identifiers) as its own identifier of individuals. We will only use or disclose Identifiers in the circumstances permitted by the Privacy Act.

10. Purpose of collection

OneVue will not collect personal information from you unless that information is reasonably necessary for or directly related to one or more of OneVue products and services.

OneVue will only collect your personal information from an individual or a third party where it is reasonably necessary to provide OneVue’s products or services. OneVue collects personal information for the following purposes (primary purposes), including:

  • processing applications and other transactions for products and services offered by OneVue and our clients
  • providing information and communications to account holders, necessary for the operation of products and services offered by OneVue and our clients, or to comply with Corporations Act requirements
  • to record and maintain investor details necessary for providing the unit registry services offered by OneVue and our clients
  • establishing accounts or other banking facilities on an individual’s behalf with third party financial institutions and administering an individual’s accounts or other banking facilities
  • communicating with clients and investors
  • conducting our internal business operations, including meeting any relevant regulatory or legal requirements.

If OneVue uses or discloses your personal information for a purpose (secondary purpose) other than a primary purpose, to the extent required by the Privacy Amendment Act, OneVue will ensure that:

  • you have consented to the use or disclosure of your personal information for the secondary purpose
  • you would reasonably expect OneVue to use or disclose your information for the secondary purpose and the secondary purpose is related to the primary purpose of collection, and in such a way that you would reasonably expect OneVue to use or disclose information in that way.

11. Accessing your personal information

You can request access to the personal information we hold about you. You can also ask for corrections to be made.

We do not charge a fee for correcting your personal information. A reasonable fee may be charged for processing your request for access to your personal information. The charge covers our costs for locating the information and supplying it to you.

There are some circumstances in which we are not required to give you access to personal information. If we refuse to give you access to or to correct your personal information, we will explain our reasons.

12. Complaints

If you wish to make a complaint about OneVue handling of your personal information, you can contact the OneVue Group Privacy Officer at:

OneVue Group Privacy Officer
Level 5, 10 Spring Street
Sydney NSW 2000

We will aim to resolve your complaint as quickly as possible. We will let you know if we need any further information.

Whilst we strive to resolve complaints within five business days some complaints may take longer. If your complaint is taking longer, we will let you know and provide you with a date by which you can reasonably expect a response.

Escalation of your complaint

If you feel that your complaint has not been satisfactorily addressed in the first instance by our Privacy Officer, you may seek assistance from: Office of the Australian Information Commissioner.

Under the Privacy Act, you may complain to the Office of the Australian Information Commissioner on how we handle your personal information and can be contacted at:

The Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Phone: 1300 363 992
oaic.gov.au

Or

Until 30 October 2018 to:

Financial Ombudsman Service
GPO Box 3
Melbourne VIC 3001
Phone: 1300 780 808
fos.org.au

From 1 November 2018 to:

Australian Financial Complaints Authority
GPO Box 3
Melbourne VIC 3001
Phone: 1800 931 678
info@afca.org.au