2.1 Whom does this policy apply to?
This policy applies to all officers, advisers, agents, authorised representatives, employees, clients and shareholders of DJA Capital.
The Privacy Amendment Act states that the APPs apply to individuals, body corporates, partnerships, unincorporated associations or trusts unless they are a small business operator. A small business operator is defined as a business with an annual turnover of $3,000,000 or less for a financial year, unless an exemption applies. DJA Capital acknowledges that some advisers and agents may operate businesses that would come within the small business exemption, however as advisers or agents of companies within DJA Capital they may still be obliged to comply with the APPs. If in doubt, advisers or agents should contact the Privacy Officer.
The APPs and the Privacy Act extend to an act done, or practice engaged in that has an Australian link. An organisation has an Australian link where it is:
- Australian citizen or a person whose continued presence in Australia is not subject to a legal time limitation;
- a partnership formed, or a trust created in Australia or an external Territory;
- a body corporate incorporated in Australia or an external Territory; or
- an unincorporated association that has its central management and control in Australia or an external
Where an organisation does not fall within one of the above categories it will still have an Australian link where:
- it carries on business in Australia or an external Territory; and
- the personal information was collected or held by the organisation or small business operator in Australia or an external Territory, either before or at the time of the act or
Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not.
3.0 Our commitment
We recognise that privacy is important.
We are bound by, and committed to supporting, the APPs set out in the Privacy Amendment Act. The information set out below is largely a summary of the obligations under the APPs.
For clarity, for the purposes of the Privacy Act, the obligations imposed upon DJA Capital will also be applicable to its advisers and agents.
4.1 APP 1 – Open and transparent management of personal information
The object of APP 1 is ‘to ensure that APP entities manage personal information in an open and transparent way’.
APP 1 imposes three separate obligations, to:
- Take reasonable steps to implement practices, procedures and systems that will ensure the entity complies with the APPs and any binding registered APP code, and is able to deal with related inquiries and complaints;
In accordance with the above requirements, it is the policy of DJA Capital that:
- all persons to whom this policy applies are required to inform themselves of their obligations under the APPs;
- DJA Capital will make available training as and when required to ensure persons to whom this policy applies are aware of their obligations under the APPs;
- all clients of DJA Capital, its advisers and agents are entitled to access their private
- information upon request;
- any complaints by clients in relation to the handling of their private information should be referred immediately to the Privacy Officer;
- how DJA Capital manages private information will be set out in this policy;
- this policy will be freely available on any website operated by companies within DJA Further, advisers and agents to whom this policy applies should also include a link to the policy on any website operated by them; and
- on request, clients are to have free access to this policy in any form requested, so long as it is practical to do
DJA Capital, its advisers and agents may collect and hold personal information such as a person’s name, address, date of birth, income, tax file number (TFN) and such other information that may be required from time to time in order to provide services to clients. This is collected directly from its clients and personal information is held by either DJA Capital or its advisers and agents.
Any personal information collected by DJA Capital is solely for the purpose of providing services to its clients and is not disclosed unless required in the performance of those services (for example, a financial adviser disclosing a client’s information to a financial institution in order to place an investment on behalf of that client). Any client may seek access to their personal information by contacting the appropriate company within DJA Capital, or by contacting an adviser or agent of DJA Capital directly. If a correction is required to that personal information the client may make that amendment by notifying the appropriate company within DJA Capital, or by contacting an adviser or agent of DJA Capital directly.
If a client considers that a breach of the APPs has occurred they can direct their complaint to the Privacy Officer.
The relevant contact details are: Privacy Officer
P.O. Box 4091
BLACK ROCK VIC 3193
P: (03) 9015 9425
If a client is not satisfied with the outcome of their complaint they may lodge a complaint with the Office of the Australian Information Commissioner (OAIC). Further information is available from the OAIC’s website at www.oaic.gov.au.
DJA Capital will only disclose personal information of its clients to overseas recipients where such disclosure is required to give effect to the instructions of a client (for example, where a client receiving financial advice wishes to invest in overseas equities). It is not practical to list all countries to which this information may be disclosed due to the variety of overseas financial services available to clients.
5.0 APP 2 – Anonymity and pseudonymity
APP 2 provides that individuals must have the option of dealing anonymously or by pseudonym.
However, those options are not required where:
- the entity is required or authorised by law or a court or tribunal order to deal with identifiable individuals; or
- it is impracticable for the entity to deal with individuals who have not identified
As DJA Capital largely deal with clients in financial services, it is unlikely that it would be practical for services to be provided to those clients without them having identified themselves. Further, in most situations DJA Capital will be required under the terms of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act) to appropriately identify clients.
6.0 APP 3 – Collection of solicited personal information
APP 3 outlines when you may collect solicited personal information.
DJA Capital is required to only collect information that is reasonably necessary for one or more of
its functions. As outlined in clause 5.0 above, it is anticipated that personal information will be required to be collected due to the financial services provided by DJA Capital. Information
such as name, date of birth, address, income, TFN and other personal information will often be required for services such as:
- financial advice;
- financial product management; and
- other miscellaneous financial services.
Where personal information is required to be obtained from clients in order for them to be provided services from DJA Capital, those clients must consent to the collection of their personal information.
Under APP 3 DJA Capital must have the client’s consent to the collection of their personal information.
7.0 APP 4 – Dealing with unsolicited personal information
APP 4 outlines the steps that must be taken if unsolicited personal information is received. This means that information has been received where an APP entity took no active steps to collect the information.
If a member of DJA Capital or its advisers and agents collects any unsolicited personal information it should immediately assess whether that information could have been obtained in accordance with APP 3. If the information could not have been obtained under APP 3 (for example, a client provides extra information that would not normally be required without being prompted to do so) then steps must be taken to destroy or de-identify the information as soon as practicable, if it is lawful and reasonable to do so.
If the information could have been collected in accordance with clause 6.0 then it should be dealt with in accordance with APPs 5 – 13. Please see below for details.
8.0 APP 5 – Notification of the collection of personal information
If personal information about an individual is collected then reasonable steps must be taken to notify the individual, or otherwise ensure that the individual is aware of certain matters. These matters include:
- the identity and contact details of who collected the information;
- the fact and circumstances of collection;
- whether the collection is required or authorised by law;
- the purposes of collection;
- the consequences if personal information is not collected;
- the usual disclosures of personal information of the kind collected by the entity;
- whether it is likely that personal information will be disclosed to overseas recipients, and if practicable, the countries where they are
If a member of DJA Capital or its advisers and agents collects personal information they are obliged under this Policy to provide the above information.
9.0 APP 6 – Use or disclosure of personal information
If information has been collected for a primary purpose, the entity must not use or disclose the information for another purpose unless:
- the person consents to the use or disclosure of the information; or
- one of the exceptions allowed
As the exceptions set out in the APPs are relatively complex, they have not been provided within this Policy.
If a member of DJA Capital or its advisers and agents seeks to disclose personal information, for
any other reason than the primary reason it was collected, then they must first contact the Privacy Officer to have such disclosure authorised.
10.0 APP 7 – Direct marketing
If personal information about an individual is held, that information must not be disclosed for the purpose of direct marketing.
Any direct marketing proposal should first be approved by the Privacy Officer.
For the purposes of this Policy, any marketing material made available by a member of DJA Capital that is explicitly provided for clients, eg newsletters, are able to be distributed. If a member of DJA Capital or its advisers and agents do send marketing material to clients, the clients should be able to easily opt out of having that material sent to them. This may be done by contacting us by post, phone or email. Please see below for details.
Similarly, any client of DJA Capital or its advisers and agents may opt out of receiving any direct marketing materials by contacting the Privacy Officer at:
P.O. Box 4091
BLACK ROCK VIC 3193
P: (03) 9015 9425
11.0 APP 8 – Cross-border disclosure of personal information
There are obligations under the APPs to ensure that personal information is not transferred to another country. It is the policy of DJA Capital that no personal information should be transferred outside of Australia without the client’s prior approval, and subject to receiving prior confirmation from the Privacy Officer.
For the purposes of this Policy, if personal client information is required to be transferred overseas in relation to an investment in a financial product, any member of DJA Capital or its advisers and agents are advised that the obligations under the APPs have been met so long as that financial product is one approved by DJA Capital for use.
12.0 APP 9 – Adoption, use or disclosure of government related identifiers
An organisation must not adopt a government related identifier, such as a tax file number, as its own. Practically, this means that you could not for example, use a tax file number as a client reference for filing purposes.
Further, unless permitted you should not disclose a government related identifier to a third party.
13.0 APP 10 – Quality of personal information
As part of the obligations under the APPs, you should take steps to ensure that all personal data collected is accurate, up to date and complete. Therefore, DJA Capital or its advisers and agents
should seek to update the personal information of its clients as often as possible. At a minimum, it is expected that personal information is updated annually wherever possible.
14.1 APP 11 – Security of personal information
Reasonable steps should be taken to ensure the security of all client personal information is kept secure. What these reasonable steps will be will vary depending on the situation. However, some practical steps that may be applicable are:
- Personal information stored on a computer is password protected and not available on a public
- Personal information stored in hard copy is kept in a lockable
Further, if personal information has been obtained, it should be destroyed or de-identified once it is no longer required. Please note that there are certain obligations imposed that require client information to be retained for a certain period of time. You should contact the Privacy Officer if you have any queries as to how long personal information should be retained for.
15.0 APP 12 – Access to, and correction of, personal information
If a member of DJA Capital, or its advisers and agents holds personal information about an individual, then on request by the individual they must give access to that information.
There are exemptions to the above rule, such as if disclosing that information would post a serious threat to the individual or if giving access would be unlawful. Further information as to when access is not required can be obtained from the Privacy Officer.
If a request for information is received, it must be dealt with in a reasonable period of time.
An access charge may be applied to personal information however it must not be excessive and must not apply to the making of the request.
If access to personal information is refused then the individual must be informed in writing that sets out why access was refused and how an individual is able to lodge a complaint about the refusal.
16.1 APP 13 – Correction of personal information
If personal information is held and either:
- It is apparent that the information is inaccurate, out of date, incomplete, irrelevant or misleading; or
- The individual requests the entity to correct the information, then steps must be taken to ensure that the information is accurate, up to date, complete, relevant and not
Any request to correct information should be dealt with within a reasonable period after the request was made.
17.0 Privacy complaints
(email@example.com), phone (03 9015 9425), or in writing (P.O. Box 4091, BLACK ROCK, VIC, 3193). The complaint will be considered within seven days and responded to accordingly. It is our intention to use our best endeavors to resolve any complaint to an individual’s satisfaction; however, if they are unhappy with our response, they are entitled to contact the Office of the Australian Information Commissioner who may investigate the complaint further.
18.0 Non-compliance with this policy
Non-compliance with this Policy may result in disciplinary action and could include the termination of a relationship with DJA Capital if the breach is considered serious.
If you are uncertain about how this Policy applies to a particular circumstance, or you have any questions about the Policy, speak with your manager or our Privacy Officer.
19.0 For more information
If you would like to find more information on this Policy please contact the Privacy Officer by email at firstname.lastname@example.org or by (03) 9015 9425.
This Policy will be reviewed by DJA Capital Privacy Officer at least annually or as changing circumstances warrant.
DJA Capital Pty Ltd ABN: 86140515242
Ph +61 3 9015 9425
P.O. Box 4091, BLACK ROCK, Vic 3193 email@example.com