Privacy Policy

1. Definitions and Interpretation

1.1 In this Policy, unless the context otherwise permits, the following definitions apply:

‍

1.2 In this Policy, unless the context otherwise permits, the following rules of interpretation apply:

• 1.2.1 headings are for convenience only, and do not affect interpretation;
• 1.2.2 a reference to a legislative provision or legislation (including subordinate legislation) is to that provision or legislation as amended, re-enacted or replaced, and includes any subordinate legislation issued under it;
• 1.2.3 words importing a gender include any other gender;
• 1.2.4 the singular includes the plural, and the plural includes the singular; and
• 1.2.5 if a word or phrase is defined, any other grammatical form of that word or phrase has a corresponding meaning.

‍

2. Introduction and Commitment to the Policy

2.1 The Company recognises the importance of privacy for Affected Persons and is committed to protecting any personal information collected from those persons in the Company’s dealings with them.

2.2 The Privacy Act, APP and Registered Privacy Codes govern the way in which the Company must manage the personal information of an Affected Person, and the Company is committed to abiding by those requirements and ensuring its Officers and staff do likewise.

2.3 This Policy has been adopted by the Board.

2.4 Except as otherwise provided for in this document, the Board is responsible for all aspects of this Policy.

2.5 Where there is any doubt as to the requirements contained in this Policy, regard should be given to the principle that the Board will always ensure that the Company conducts its business in a fair, honest, ethical and professional manner in order to ensure the confident and informed participation of all of its stakeholders, which aligns with the regulatory objective of the Australian financial system.

‍

3. Purpose and Application of this Policy

3.1 This Policy relates to each company within the Company and applies to all Responsible Managers, Officers and staff of the Company.

3.2 To remove any doubt, all Responsible Managers, Officers and staff of the Company must adhere to this Policy at all times.

3.3 The purpose of this Policy is to set out how the Company collects, use, disclose and otherwise manage personal information about Affected Persons.

‍

4. Policy Owner and Responsibilities

Policy Owner

4.1 The Policy Owner is the owner of this Policy.

4.2 The Policy Owner also has responsibility under this Policy for:

• 4.2.1 on at least an annual basis (or more frequently as required by the Board), monitoring compliance with this Policy to ensure it remains consistent with the business processes of the Company;
• 4.2.2 recommending any changes to this Policy to the Board; and
• 4.2.3 providing training on this Policy to new staff as part of their induction program, and thereafter on an as required basis to all staff of the Company.

Board

4.3 The Board has responsibility under this Policy for:

• 4.3.1 setting the tone for conduct; and
• 4.3.2 promoting a culture of compliance and transparency.

‍

5. Who Should Know and Understand the Policy?

5.1 The following people should know and understand the contents of this Policy:

• 5.1.1 all Affected Persons;
• 5.1.2 all Officers, Responsible Managers and staff of the Company; and
• 5.1.3 anyone else that the Policy Owner determines should comply with the Policy.

5.2 A copy of this Policy will be made available on the Company’s intranet.

5.3 A condensed form of this Policy, in the form attached in Appendix B, will also be used and imbedded by the Company in any websites it operates online.

‍

6. Risks of Non-Compliance to the Company

The risks to the Company of not complying with this Policy include:

Regulatory Risk

6.1 the risk of a change in regulations and law in the areas the Company operates (including, for example, financial services) that are likely to either increase the costs of operating the Company’s business, reduce the attractiveness of the Company’s services or change the competitive landscape;

Business Risk

6.2 the risk that breaches of obligations may result in poor business outcomes for the Company; and

Reputational Risk

6.3 the potential damage to the Company’s reputation (and likely profitability) because of public reporting of non-compliance with obligations in this Policy.

‍

7. Monitoring Compliance with the Policy

Monitoring Compliance

7.1 Any instances of non-compliance by a person who should know and understand the Policy (in accordance with Clause 5) will be reported to the Policy Owner (and subsequently the Board, as appropriate for the non-compliance).

Consequences of Non-Compliance

7.2 Where an instance of non-compliance occurs because of the actions of an Officer, Responsible Manager or staff member of the Company, the Policy Owner, in conjunction with the Board, will be responsible for determining the appropriate remedial action.

7.3 Intentional or reckless non-compliance with this Policy will not tolerated by the Board and will be dealt with seriously.  

7.4 Depending on the nature and extent of non-compliance, remedial action may include:

• 7.4.1 additional training;
• 7.4.2 additional monitoring or supervision;
• 7.4.3 formal reprimand; and/or
• 7.4.4 termination of employment.

7.5 In determining what remedial action will be appropriate, the Policy Owner, in conjunction with the Board, may have regard to the following matters:

• 7.5.1 the number or frequency of similar previous instances of non-compliance by the relevant person;
• 7.5.2 whether the non-compliance was intentional or reckless;
• 7.5.3 the actual or potential loss to the Company or a client because of the non-compliance;
• 7.5.4 any other relevant facts associated with the non-compliance; and
• 7.5.5 any other relevant issues raised.

‍

8. Applying Discretion to the Policy

8.1 Notwithstanding any requirement contained in this Policy, the Policy Owner may apply, or authorise the application of, reasonable discretion in considering how to apply the requirements of the Policy.  

8.2 When applying discretion in relation to a matter, the Policy Owner will have regard to the level of risk posed by that matter and relevant regulatory objectives.

8.3 Whenever discretion has been exercised in relation to the Policy, it should be recorded and reported to the Board.

‍

9. Applying Discretion to the Policy

9.1 As the Board is committed to ensuring the continued compliance with this Policy, training sessions will be provided to staff of the Company on an as required basis.

9.2 Training attendance will be recorded in a training register and it is the responsibility of the Policy Owner to review whether relevant personnel have attended the training.

9.3 The Policy Owner may provide training on this Policy as part of the induction for new staff during their probation and/or newly appointed Responsible Managers of the Company.

9.4 The Policy Owner may also provide refresher training on the Policy to staff of the Company where a material change is made to the Policy.

‍

10. Collection of Person Information

Types of information collected

10.1 The Company may collect and hold Personal Information about Affected Persons.  

10.2 The kinds of information the Company typically collect include names, addresses, dates of birth, phone numbers, facsimile numbers, email addresses, bank account details, electronic information, and any other information relevant to providing Affected Persons with the services they are, or someone else they know are, seeking.

Method of collection

10.3 Personal Information will generally be collected directly from Affected Persons through the use of any of the Company’s standard forms, over the internet, via email, or through telephone conversations with Affected Persons.

10.4 There may be some instances where Personal Information about an Affected Person is collected indirectly because it is unreasonable or impractical to collect Personal Information directly from an Affected Person.  For example, the Company may also collect Personal Information about an Affected Person from third parties acting on behalf of that Affected Person (including, for instance, financial advisors).

10.5 The Company will use reasonable endeavours to notify Affected Persons about these instances in advance, or where that is not possible, as soon as reasonably practicable after the information has been collected.

Purpose of collection

10.6 The Personal Information that the Company collect and hold about an Affected Person depends on that individual’s interaction with the Company.  Generally, the Company collects, uses and holds the Personal Information of an Affected Person for the purposes of:

• 10.6.1 providing services to the Affected Person or someone else they know;
• 10.6.2 monitoring, auditing and evaluating the Company’s services;
• 10.6.3 providing the Affected Person with marketing information (including newsletters and emails) about other services that the Company, and other organisations that the Company have affiliations with, offer that may be of interest to the Affected Person;
• 10.6.4 facilitating the Company’s business operations;
• 10.6.5 providing the Affected Person with the opportunity to attend the Company’s seminars and events;
• 10.6.6 complying with any legal or regulatory requirements;
• 10.6.7 analysing the Company’s services and customer needs with a view to improving those services; and/or
• 10.6.8 dealing with any complaints or enquiries.

10.7 With the consent of an Affected Person, the Company may also send that individual marketing information via electronic means (including text messages) about other services and investment opportunities that the Company offer that may be of interest to the Affected Person.

‍

11. Collection of Person Information

If the Personal Information an Affected Person provides to the Company is incomplete or inaccurate, the Company may be unable to provide that individual, or someone else they know, with the services that the individual, or the person they know, are seeking.

‍

12. Internet Uses

12.1 If an Affected Person accesses the Company website, the Company may collect additional Personal Information about that individual in the form of their IP address and domain name.

12.2 The Company’s websites use cookies.  The main purpose of cookies is to identify users and to prepare customised web pages for them.  Cookies do not identify an individual personally, but they may link back to a database record about that individual.  

12.3 The Company use cookies to monitor usage of its websites and to create a personal record of when Affected Persons visit the Company’s websites and what pages that individual views so that the Company may serve the Affected Person more effectively.

12.4 The Company’s websites may contain links to other websites. the Company is not responsible for the privacy practices of linked websites and linked websites are not subject to this Policy or the Company’s procedures.

‍

13. Use and Disclosure

13.1 The Company may collect and hold Personal Information about Affected Persons.

13.2 Generally, the Company only use or disclose Personal Information about an Affected Person for the purposes for which it was collected.  However, the Company may disclose Personal Information about an Affected Person to:

• 13.2.1 the Company’s related entities to facilitate the internal business processes of the Company and those related entities;
• 13.2.2 external third-party service providers engaged by the Company who assist the Company in operating its business (including IT service providers who assist in managing the Company servers and networks), and these service providers may not be required to comply with this Policy.  These providers may be based overseas or may use overseas infrastructure to perform services for the Company, including Europe, Asia, Africa and Americas; and/or
• 13.2.3 related entities and other organisations with whom the Company have affiliations so that those organisations may provide the Affected Person with information about services and various promotions.

13.3 In some circumstances, the law may permit or require the Company to use or disclose Personal Information for other purposes (for instance, where you would reasonably expect the Company to and the purpose is related to the purpose of collection).

13.4 Where Personal Information about an Affected Persons is disclosed to an external third-party service provider, the Company will take reasonable steps to ensure that the external third-party service provider treats Personal Information about the Affected Person in accordance with the Privacy Act.

‍

14. Access and Correction

14.1 An Affected Person may request access to Personal Information the Company holds about that individual, by making a written request.  The Company will respond to any request made within a reasonable period.  

14.2 The Company may charge an Affected Person a reasonable fee for processing any request under Clause 14.1(but not for the Affected Person just making a request for access).  

14.3 The Company may refuse a request for access to Personal Information in circumstances prescribed by the Privacy Act.  If the Company refuses to give an Affected Person access, the Company will provide the individual with a written notice that sets out the reasons for the Company’s refusal (unless it would be unreasonable to provide those reasons).

14.4 If upon receiving access to Personal Information, or at any other time, an Affected Person believes the Personal Information the Company holds about the individual is inaccurate, incomplete or out of date, the Affected Person should let the Company know immediately.  The Company will then take reasonable steps to correct the information so that it is accurate, complete and up to date.

14.5 If the Company refuse to correct the Personal Information of an Affected Person, the Company will provide that individual with a written notice that sets out the reasons for the Company’s refusal (unless it would be unreasonable to provide those reasons) and provide the Affected Person with a statement regarding the mechanisms available to the Affected Person to make a complaint.

‍

15. Access and Correction

15.1 The Company stores Personal Information collected from Affected Persons in different ways, including in paper and in electronic form.  

15.2 The Company will take reasonable measures to ensure that the Personal Information of an Affected Person is stored safely to protect it from loss, misuse, unauthorised access, alteration or disclosure, including electronic and physical security measures.

‍

16. Complaints and Feedback

16.1 If an Affected Person wishes to make a complaint about a breach of the Privacy Act, Australian Privacy Principles or a Registered Privacy Code that applies to the Company, the Company can be contacted by the Affected Person and the Company will take reasonable steps to investigate the complaint and respond to the Affected Person.  

16.2 If an Affected Person is not happy with the Company’s response, that individual may complain directly to the OAIC.

‍

17. Review of the Policy

17.1 The Policy Owner will review the contents of this Policy at least annually to ensure it remains current and relevant to the operations of the Company.  

17.2 As part of the review, the Policy Owner will also ensure that any related policies or procedures are reviewed by relevant Officers and/or staff of the Company.  

17.3 The Policy Owner will maintain a schedule of reviews undertaken.  The Policy Owner will report the findings of the reviews to the Board.

‍

18. Review of the Policy

The Policy Owner is responsible for ensuring that the following information in relation to this Policy is retained for a period of at least seven 7 years:

18.1 all approved versions of this Policy (including details of the Board approval);

18.2 any relevant registers which relate to the Policy;

18.3 records evidencing compliance or non-compliance with the Policy;

18.4 details of any reviews undertaken by the Policy Owner;

18.5 evidence of induction and ongoing training; and

18.6 any other documentation relevant to the implementation of and compliance with the Policy.

‍

19. Related Policies

The following the Company policies contain provisions which are directly or indirectly related to the contents of this Policy:

19.1 Code of Conduct; and

19.2 Data Breach Policy and Response Plan.

‍

20. Policy History and Amendments

20.1 This is the 1st version of this Policy and it was approved by the Board for issue on the Effective Date.

20.2 The Company reserves the right to amend, delete, or supplement any policy, practice, or procedure in this Policy at any time.

‍

21. Futher Information

21.1 If you need further information regarding this Policy or any of the Company’s other policies, and how they are implemented, you should contact the Policy Owner.

21.2 Alternatively, for more information about privacy in general, you can visit the website for the OAIC at www.oaic.gov.au.

‍

Appendix A

Legislative and Regulatory References

The following sources of information have been used in developing this Policy:

‍

Appendix B

Online Privacy Policy

W. Wightman Investment Partners Pty Ltd(referred to in this document as ‘we’,‘us’ or ‘our’) recognise that your privacy is very important and we are committed to protecting the personal information we collect from you.  The Privacy Act 1988 (Cth) (Privacy Act),Australian Privacy Principles (outlined in Schedule 1 of the Privacy Act) and privacy codes registered pursuant to section 26U of the Privacy Act govern the way in which we must manage your personal information. This Privacy Policy sets out how we collect, use, disclose and otherwise manage personal information about you including personal information collected through our website.

‍

What is 'personal information'?

'Personal Information' is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information is recorded in a material form or not.

‍

Collection

Types of information collected

We may collect and hold personal information about you, that is, information that can identify you, and is relevant to providing you with the services you are, or someone else you know is, seeking.  The kinds of information we typically collect include name, address, date of birth, phone number, facsimile number, email address, bank account details, electronic information from your use of our website (see further below), and any other information relevant to providing you with the services you are, or someone else you know is, seeking.

Method of collection

Personal information will generally be collected directly from you through the use of any of our standard forms, over the internet, via email, or through a telephone conversation with you.

There may, however, be some instances where personal information about you will be collected indirectly because it is unreasonable or impractical to collect personal information directly from you.  For example, we may also collect personal information about you from third parties acting on your behalf (for instance, financial advisors).

We will usually notify you about these instances in advance, or where that is not possible, as soon as reasonably practicable after the information has been collected.

Purpose of collection

The personal information that we collect and hold about you depends on your interaction with us.  Generally, we collect, use and hold your personal information for the purposes of:

1. providing services to you or someone else you know;
2. monitoring, auditing and evaluating our services;
3. providing you with marketing information (including newsletters and emails) about other services that we, our related entities and other organisations that we have affiliations with, offer that may be of interest to you;
4. facilitating our business operations;
5. providing you with the opportunity to attend our seminars and events;
6. complying with any legal or regulatory requirements;
7. analysing our services and customer needs with a view to improving those services; and/or
8. dealing with any complaints or enquiries.

With your consent, we may also send you marketing information via electronic means (including text messages) about other services and investment opportunities that we offer that may be of interest to you.

‍

Failure to provide information

If the personal information you provide to us is incomplete or inaccurate, we may be unable to provide you, or someone else you know, with the services you, or they, are seeking.

‍

Internet users

If you access our website, we may collect additional personal information about you in the form of your IP address and domain name.

Our website uses cookies.  The main purpose of cookies is to identify users and to prepare customised web pages for them.  Cookies do not identify you personally, but they may link back to a database record about you.  We use cookies to monitor usage of our website and to create a personal record of when you visit our website and what pages you view so that we may serve you more effectively.

Our website may contain links to other websites. We are not responsible for the privacy practices of linked websites and linked websites are not subject to our privacy policies and procedures.

‍

Use and disclosure

Generally, we only use or disclose personal information about you for the purposes for which it was collected (set out above).  However, we may disclose personal information about you to:

1. our related entities to facilitate our and their internal business processes;
2. external third-party service providers engaged by us who assist us in operating our business (including IT service providers who assist in managing our servers and networks), and these service providers may not be required to comply with our Privacy Policy.  These providers may be based overseas or may use overseas infrastructure to perform services for us, including Europe, Asia, Africa and Americas; and/or
3. related entities and other organisations with whom we have affiliations so that those organisations may provide you with information about services and various promotions.

In some circumstances, the law may permit or require us to use or disclose personal information for other purposes (for instance, where you would reasonably expect us to and the purpose is related to the purpose of collection).

Where personal information about you is disclosed to an external third-party service provider, we take reasonable steps to ensure that the external third-party service provider treats personal information about you in accordance with the Privacy Act.

‍

Access and correction

You may request access to personal information we hold about you, by making a written request.  We will respond to your request within a reasonable period.  We may charge you a reasonable fee for processing your request (but not for making a request for access).  We may refuse a request for access to personal information in circumstances prescribed by the Privacy Act.  If we refuse to give you access, we will provide you with a written notice that sets out the reasons for our refusal (unless it would be unreasonable to provide those reasons).

If upon receiving access to your personal information, or at any other time, you believe the personal information we hold about you is inaccurate, incomplete or out of date, please let us know immediately.  We will take reasonable steps to correct the information so that it is accurate, complete and up to date.

If we refuse to correct your personal information, we will provide you with a written notice that sets out the reasons for our refusal (unless it would be unreasonable to provide those reasons) and provide you with a statement regarding the mechanisms available to you to make a complaint.

‍

Security

We are committed to keeping secure the information we collect from you.  We store your personal information about you in different ways, including in paper and in electronic form.  We take reasonable measures to ensure that your personal information is stored safely to protect it from loss, misuse, unauthorised access, alteration or disclosure, including electronic and physical security measures.

‍

Complaints and feedback

If you wish to make a complaint about a breach of the Privacy Act, Australian Privacy Principles or a registered privacy code that applies to us, please contact us using the details below and we will take reasonable steps to investigate the complaint and respond to you.  If you are not happy with our response, you may complain directly to the Office of the Australian Information Commissioner.

If you have any queries or concerns about our Privacy Policy or the way we handle your personal information, please contact us at:

Street Address: 570 Oxford Street, Bondi Junction NSW, 2022

Email Address: info@rethinkcapital.com.au

Telephone: 1300 965 551

‍

More information

For more information about privacy in general, you can visit the website for the Office of the Australian Information Commissioner at www.oaic.gov.au.