This Privacy Policy applies to OAS Australia (OAS) and any OAS Australia partnership and includes any entity carrying on business in Australia that is part of the OAS group of entities. At OAS, “we”, “us” and “our”, recognise the importance of your privacy and understand your concerns about the security of the personal information you provide to us. The policy explains how we comply with the Australian Privacy Principles (“APPs”) as contained in the Privacy Act 1988 (Cth) (“Privacy Act”). The APPs detail how personal information may be collected, used, disclosed, stored and destroyed, and how an individual may gain access to, or make complaints about, the personal information held about them.
“Personal information” is information or an opinion about an identified individual, or about an individual who is reasonably identifiable.
“Sensitive information”, a sub-set of personal information, is information or an opinion about an individual’s racial or ethnic origin, political opinions, political association membership, religious beliefs or affiliations, philosophical beliefs, professional or trade association membership, trade union membership, sexual orientation or practices or criminal record, and includes health information and genetic information.
This Privacy Policy details how we manage personal information about you.
What personal information will we collect and hold?
The kinds of personal information we collect from you or about you depend on the transaction you have entered into with us, the services you or your organisation have contracted us to provide, and the services you or your organisation are interested in.
Generally, the types of personal information that we may collect and hold will include individuals’ names, residential addresses, email addresses, phone numbers, banking details, dates of birth, investment details, payroll details, taxation details and other related accounting and financial services information.
How do we collect and hold personal information?
We aim to collect personal information only directly from you, unless it is unreasonable or impracticable to do so. For example, we may collect personal information from you or about you from correspondence that you submit to us, telephone calls and face-to-face meetings with us, emails, hardcopy forms, information you provide us through paper-based and electronic client surveys and from your activity on our website.
In some instances, we may also receive personal information about you from third parties, such as associated businesses and/or federal government departments. You can be anonymous or use a pseudonym when dealing with us, unless:
the use of your true identity is a legal requirement; or
it is impracticable for us to deal with you on such a basis.
On all occasions, your personal information will be collected, held, used and disclosed by us in accordance with this Privacy Policy and the APPs.
Why do we collect, hold, use and disclose personal information?
We collect, hold, use and disclose personal information from you or about you where it is reasonably necessary for us to carry out our business functions and activities. For example, we collect, hold, use and disclose personal information as necessary to provide services to you or your organisation.
We may collect sensitive information from or about you where there is a legal requirement to do so, or where we are otherwise permitted by law. In all other situations, we will specifically seek your express consent.
If we do not collect, hold, use or disclose your personal information, or if you do not provide your consent, then we may not be able to answer your enquiry, complete the transaction you have entered into or provide the services you have engaged us to provide.
We collect, hold, use and disclose your personal information for related purposes that you would reasonably expect, such as our administrative and accounting functions, credit checks, processing your payments, obtaining product registrations and approvals, providing you with information about other services provided by us, market research, client satisfaction surveys, newsletter communications, statistical collation and website traffic analysis.
We may also use your personal information for marketing and promotional activities, and for maintaining your online subscription/s to our newsletters. Where we use your personal information for marketing and promotional communications, you can opt-out at any time by following the unsubscribe link contained within our marketing communications.
We may disclose your personal information to third parties (including government departments and enforcement bodies including ASIC, APRA, AFSA, and the ATO) where required or permitted by law.
From time to time, we may need to disclose your personal information to third party service providers, located both inside and outside Australia (for further information in relation to our overseas disclosure of personal information, please see below). For example, we may disclose your personal information to:
Our professional advisors
Our agents, contractors and external service providers
We may be required to disclose personal information to Law enforcement, Government agencies or regulatory bodies, as part of an engagement, (for example, the Australian Taxation Office).
These entities and third parties may sometimes be located in other countries.
Where we disclose your personal information to third party service providers, we will at all times remain accountable for their handling of that information. This includes taking steps to ensure that those recipients protect that information from unlawful access, modification or disclosure, and from misuse, interference and loss. Your personal information is not disclosed to third parties for the use of allowing them to send marketing material to you. However, we may share non-personal, de-identified or aggregated information with them for research, data analytics or promotional purposes.
How do we store your personal information?
Your personal information is held and stored on paper, by electronic means or both. 'Electronic means include, physical servers located on premises, servers maintained by cloud services providers, laptops, desktop computers, tablets and other mobile devices. We have physical, electronic and procedural safeguards in place for personal information and we take reasonable steps to ensure that your personal information is protected from misuse, interference, loss and unauthorised access, modification and disclosure.
For example, our IT systems feature password protections, firewalls, and intrusion detection and site monitoring functionalities. Data held and stored "in the cloud" is protected by internal and external firewalls, limited access via file passwords, files designated read-only or no access. We also require our IT contractors and other third parties to implement privacy safeguards. Further, our staff members receive regular training on our strict privacy and confidentiality procedures in relation to all personal information stored by us electronically and in printed form.
Where a breach of security gives rise to a 'data breach', being an incident when personal information, in any format, held by an agency or organisation is lost or subjected to unauthorised access, modification, disclosure or other misuse or interference, we will comply with our obligations under the Notifiable Data Breaches Scheme under the Privacy Act.
Destruction and De-identification
We will retain your personal information whilst it is required for our business functions or any other lawful purpose. We use secure methods to destroy or permanently de-identify your personal information when it is no longer needed.
Overseas Disclosure
Our business is affiliated with other businesses located overseas. In the course of doing business with you, we may disclose some of your personal information to overseas recipients. However, we will only do so where:
it is necessary to complete the transaction you have entered into or for us to complete the services we are providing; and
we use our best endeavours to ensure overseas providers comply with our data handling policies and procedures under the APPs; or
it is otherwise required by law.
Currently, we (and our network entities) may disclose personal information to overseas recipients located in India, Philippines and Sri Lanka.
Access to, and Correction of, Personal Information
We have procedures in place for dealing with and responding to requests for access to, and correction of, the personal information held about you.
In most cases, we expect that we will be able to meet your requests. However, if we do not agree to provide you with access, or to correct the information as requested, we will provide you with written reasons regarding our decision.
Should you wish to access your personal information, please contact our Privacy Officer and request a “Personal Information Access Form” (our Privacy Officer’s contact details are set out below).
We do not generally charge for requests to access your personal information. However, we may charge a fee:
If an extended amount of time is required to locate, retrieve, collate and prepare any necessary materials; and
in relation to any costs for the services of any intermediaries required to retrieve the information.
We will advise you of the estimated timeframe and costs (if any) in connection with any request for access to, or the correction of, your personal information.
To assist us to keep our records up-to-date, please notify our Privacy Officer of any changes to your personal information.
Complaints and Concerns
We have systems and procedures in place for dealing with complaints and concerns about our practices in relation to the Privacy Act and the APPs. We will respond to your complaint in accordance with the relevant provisions of the APPs.
If you wish to make a complaint about our handling of personal information, please contact our Privacy Officer. Contact details below. If you lodge a complaint with us, it will be dealt with in accordance with our Internal Dispute Resolution process and we will endeavour to provide a formal response to your complaint within 30 days. If the matter proves to be complex, we will advise you in writing of any necessary extension of time for our response.
If you feel that your complaint is not handled in a satisfactory manner, you may refer your complaint to the Office of the Australian Information Commissioner (the details of which are set out below).
Cookies
At the present time the standard technology known as "cookies" is used on the site. Cookies are small text files placed on the authorised user's hard drive that allow the site to store tokens of information in connection with use of the site by allocation of an identifier to an authorised user while the site is in use. Use of cookies enables OAS Australia to analyse the operation of the site, thus permitting continuous improvement of the service that it provides but cannot retrieve any other data from the hard drive of the authorised user's computer or capture the authorised user's e-mail address. In any event it is not intended to link personal Information to information that may be contained in a cookie to determine or track the identity of any user of the site.
If you are concerned about cookies, most browsers permit individuals to decline cookies. In most cases, a visitor may refuse a cookie and still fully navigate our websites, however other functionality in the site may be impaired. After termination of the visit to our site, you can always delete the cookie from your system if you wish.
Google Analytics
We use Google Analytics to analyse our website usage and create reports for internal use at OAS Australia only.
Google Analytics Cookies
Like many services, Google Analytics uses first-party cookies to track visitor interactions. These cookies are used to store information, such as what time the current visit occurred, whether the visitor has been to the site before, and what site referred the visitor to the web page. Browsers do not share first-party cookies across domains. To find out more about how Google treats personal information, please see; The Google Privacy Policy.
Privacy Officer Contact Details
Level 12, 10 Eagle Street
Brisbane Qld 4000
Phone: 07 3340 3800
Email: privacy@oasaustralia.com.au
Office of the Australian Information Commissioner
GPO Box 2999
Canberra ACT 2601
Phone: 1300 363 992
Fax: 02 9284 9666
Website: www.oaic.gov.au
Privacy Policy Updates
This Privacy Policy is not a static document. We may, from time to time, make changes and updates to this Privacy Policy. The most current and up to date OAS Privacy Policy will always appear on our website.