What is privacy?
The word ‘privacy’ means different things to different people. The type of privacy covered by Australia’s Privacy Act and its privacy regulator, the Office of the Australian Information Commissioner (OAIC), is the protection of people’s personal information.
Our policy is directed towards the protection of people’s personal information.
Personal information is information that identifies you or could identify a person.
The protection of your personal information privacy is different to other related concepts such as:
- secrecy or
- freedom of information.
If you are in doubt, contact us or the OAIC.
The Australian Privacy Principles (APPs) are the base line privacy standards which many private sector organisations need to comply with in relation to personal information they hold. There are 13 APP that regulate how private sector organisations manage personal information. They cover the collection, use and disclosure, and secure management of personal information. They also allow individuals to access that information and have it corrected if it is wrong.
A copy of the Australian Privacy Principles is available at https://www.oaic.gov.au/privacy-law/privacy-act/australian-privacy-principles.
There is also a summary of the APPs below.
Why we collect
Winston Capital Partners may hold personal information about people, principally because they are a client or they give Winston Capital Partners information for example through its web site.
Broadly, we collect, hold, use and disclose your personal information for purposes related to the provision of services to clients and others.
Broadly, we use personal information to administer client accounts and provide other services but also for related purposes, for example to:
- make the use of our web site easier
- contact investors regarding services from us or our affiliates
investors can opt out of these communications
- comply with legal obligations and
- conduct research.
We also use personal information for other reasons such as:
- monitoring, evaluating and improving products and services
- statistical, actuarial, prudential or research and
- to provide you information about other services and products.
If you do not provide us with contact details and other information we ask for, we (or others) may not be able to have or keep you as a client or provide services to you.
How we collect
There are several ways we collect personal and other information but we aim to ensure they are lawful and fair means:
- when you become a client,
- when you otherwise tell us,
for example, when you contact us to update or change your details or volunteer your details
- through our website
like many websites, ours collects some limited information from users.
Our clients as well as those who help us and them provide products and services to you can also collect personal information and pass it on to us.
People who assist you may collect personal information and pass it onto us.
What we collect
Personal information collected can include the following:
- name, gender and date of birth
- contact details
- bank account details
- TFNs and ABNs
- employment information
in relation to investments made via a superannuation fund,
- details of your investors and beneficiaries
- details of the source and use of money you invest
- use details for our website
- information contemplated by laws and regulator, settlement system or exchange policies and requests and
- any other information that we consider necessary or desirable.
Disclosure of personal information
We will seek to ensure that your personal information is not used or disclosed for any purpose other than:
- the primary purpose for which it was collected
or a purpose that is related to the primary purpose for which it was collected or a related secondary purpose,
- where you have consented to the use or disclosure, or
- in other circumstances where the Australian Privacy Principles authorise the use or disclosure such as when it is required by or authorised under law.
We will not disclose personal information we hold about you unless:
- this policy allows,
- you otherwise agree,
- we consider someone needs the information
typically because they are a regulator, settlement system or exchange or your adviser or to assist us – for example the administrator of one of our investment products you have invested in, or
- laws or regulator, settlement system or exchange policy requires, or a regulator, settlement system or exchange requests and
- to administer your investment.
Those we disclose personal information to include:
- our clients and those that assist them
- regulators, settlement system or exchanges
such as AUSTRAC, the ASIC, the OAIC, APRA and ASX,
- your financial or other adviser,
- those we have no reason to doubt are acting on your behalf,
- companies with our group, and
- those who help us provide products and services to you
for example, distributors, superannuation fund trustees, insurance brokers, insurance companies, fund managers, custodians, fund administrators, mailing houses and auditors.
What about security?
We are committed to ensuring that personal information is kept secure. We take reasonable steps to ensure that the personal information that we hold is protected from misuse and loss and from unauthorised access, modification and disclosure.
We have a number of physical access and technology policies and procedures in place designed to provide a robust security environment.
No personal data is stored on our web site.
We will communicate with investors by email from time to time. On our website, investors are advised that email can be insecure.
We may store personal information in the cloud. This involves some risks, and on our website, investors are advised that we are not responsible for those providers or data use or loss by them.
A note about the internet
The internet is not a secure environment and we cannot guarantee the security of information we exchange electronically. This is the nature of the Internet.
It is possible however that your personal information will be moved by those who help us provide products and services to you to a place where Australian laws do not apply, and different standards may apply there.
Records may be stored in the cloud, in Australia or overseas (as is the nature of storage such as this), by us as well as those who help us provide products and services to you. We will tell you what cloud providers are used if you ask, and direct you to their information policies on personal information.
It is not practicable to tell you the countries where that information is likely to be located.
The internet does not however always result in a secure information environment and although we take steps we consider reasonable to protect your information, we cannot absolutely guarantee its security.
We may use “cookies” to obtain information with regards to web site activity (such as the type of browser used, the number of pages viewed, time of the site and navigation patterns), and to help you use this site when you visit again. This information on its own does not identify an individual but it does provide us with statistics that can help us with design of the web site. You can configure your browser to accept or reject cookies. If you reject all cookies you may not be able to use some or all of our web site.
Links to other web sites
This web site may contain links to other web sites for your convenience. We are not responsible for the information handling and privacy policies and practices of other linked web sites.
We may monitor or record telephone calls for training, record or security purposes. If we do so, we will tell you at the time.
Access to personal information
In most circumstances, you have the right to access any personal information we collect and hold about you, and to have it corrected if it is wrong.
This is subject to exceptions allowed by law such as where giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety or where providing you with access would have an unreasonable impact upon the privacy of others.
If we deny your request or access we will provide you with the reasons for this decision.
To request access please contact us and we will respond within a reasonable period after the request is made.
Correcting personal information
We endeavour to take reasonable steps to ensure that the personal information that we collect, use or disclose is accurate, up to date, complete, relevant and not misleading.
If you believe that any of the personal information that we hold about you is not accurate, complete, up-to-date or is misleading please contact us.
If we agree that the personal information requires correcting we will take reasonable steps to do so.
If we do not correct your personal information we will provide you with the reasons for not doing so. If you request that we associate with the information a statement claiming that the information is not accurate, complete and up-to-date we will take reasonable steps to comply with this request.
We may take and may act (or not act as relevant) on any advice, information and documents which we have no reason to doubt as to authenticity, accuracy or genuineness.
Changes to handling and privacy practices
There are 13 APP that regulate how private sector organisations manage personal information.
They cover the collection, use and disclosure, and secure management of personal information.
They also allow individuals to access that information and have it corrected if it is wrong.
Australian Privacy Principle 1
Open and transparent management of personal information
The object of this principle is to ensure that we manage personal information in an open and transparent way, enabling us to comply with the Australian Privacy Principles and deal with inquiries or complaints from individuals about our compliance with the Australian Privacy Principles on our website.
Australian Privacy Principle 2
Anonymity and pseudonymity
When we collect personal information it is because we are required under Australian law or a court/tribunal order to deal with individuals who identify themselves. It follows that when dealing with us, individuals do not have the option of not identifying themselves.
Australian Privacy Principle 3
Collection of solicited personal information
The object of this principle is to ensure we only collect information reasonably necessary for one or more of our functions. We must not collect sensitive information without the individual’s consent, and collection of personal information must occur only by lawful and fair means.
Australian Privacy Principle 4
Dealing with unsolicited personal information
If we receive unsolicited personal information, we must determine whether it could lawfully have been obtained under APP 3. If not, we must, as soon as is practicable, destroy the information or ensure that it is de-identified.
Australian Privacy Principle 5
Notification of the collection of personal information
This principle ensures that individuals are aware of the collection of personal information, at or before the time of collection. They must be alerted as to the purposes for which we require the information, the consequences if the information is not collected, others we may disclose this information to, and the guidelines in our policy regarding access and complaints.
Australian Privacy Principle 6
Use or disclosure of personal information
We must not disclose or use any personal information with consent from the individual, or under a reasonable expectation that the information will be used for a secondary purpose. In each case, we must take reasonable steps to ensure the information is de-identified.
Australian Privacy Principle 7
Personal information must not be used for the purpose of marketing, except where there is a reasonable expectation for it to be used as such, or if the individual has given us permission.
Australian Privacy Principle 8
Cross, border disclosure of personal information
The object of this principle is to ensure that before we disclose any personal information to an overseas recipient, we must take reasonable steps to ensure the overseas recipient does not breach the APPs in relation to the information.
Australian Privacy Principle 9
Adoption, use or disclosure of government related identifiers
We must not adopt a government related identifier of an individual as our own identifier the individual, unless authorised.
Australian Privacy Principle 10
Quality of personal information
We must take reasonable steps to ensure that the personal information we collect and use or disclose, is accurate, up to date, complete and relevant.
Australian Privacy Principle 11
Security of personal information
This principle ensures we take reasonable and appropriate steps to protect any personal information from misuse, interference, loss, or unidentified access. It also ensures that we take reasonable steps to destroy or de-identify any information no longer needed.
Australian Privacy Principle 12
Access to personal information
If we hold personal information about an individual we must, upon request, give the individual access to the information. Exceptions to access will occur if we reasonably believe the information will be used unlawfully, or there is a conflict of interest.
Australian Privacy Principle 13
Correction of personal information
If we are confident that personal information we hold is inaccurate, out of date, incomplete, irrelevant or misleading, we must take necessary and reasonable steps to correct that information.
Questions and complaints
You can obtain further information about the way in which we manage personal information that we hold, or you can raise any privacy issues with us (including any concerns you may have about breaches of the Australian Privacy Principles), by contacting us in writing:
Winston Capital Partners
3 Spring Street
Sydney, NSW, 2000
Tel: +61 401 716 043