As holders of an Australian Financial Services (AFS) Licence MyPlanner™ is committed to an open and transparent culture of corporate compliance.
MyPlanner™ consists of:
|Licence Number||Type of Licence||Company|
|345905||Australian Financial Services Licence||MyPlanner Australia Pty Ltd|
|425542||Australian Financial Services Licence||MyPlanner Professional Services Pty Ltd|
For the purposes of this policy, these companies will be known hereon as MyPlanner.
Who does this Policy apply to?
This Policy applies to all officers, advisers, agents, employees, clients and shareholders of MyPlanner.
The Privacy Amendment Act states that the APPs apply to individuals, body corporates, partnerships, unincorporated associations or trusts unless they are a small business operator. A small business operator is defined as a business with an annual turnover of $3,000,000 or less for a financial year, unless an exemption applies. The MyPlanner acknowledges that some advisers and agents may operate businesses that would come within the small business exemption, however as advisers or agents of companies within MyPlanner they may still be obliged to comply with the APPs. If in doubt, advisers or agents should contact the Professional Standards department.
The APPs and the Privacy Act extend to an act done, or practice engaged in that has an Australian link. An organisation has an Australian link where it is:
a) an Australian citizen or a person whose continued presence in Australia is not subject to a legal time limitation;
b) a partnership formed, or a trust created in Australia or an external Territory;
c) a body corporate incorporated in Australia or an external Territory; or
d) an unincorporated association that has its central management and control in Australia or an external territory.
Where an organisation does not fall within one of the above categories it will still have an Australian link where:
a) it carries on business in Australia or an external Territory; and
b) the personal information was collected or held by the organisation or small business operator in Australia or an external Territory, either before or at the time of the act or practice.
Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
a) whether the information or opinion is true or not; and
b) whether the information or opinion is recorded in a material form or not.
What constitutes personal information will vary, depending on whether an individual can be identified or is reasonably identifiable in the particular circumstances.
However, common examples of personal information may include an individual’s name, signature, address, telephone number, date of birth, medical records, bank account details, employment details and commentary or opinion about a person.
We recognise that privacy is important. The MyPlanner includes all subsidiary companies.
We are bound by, and committed to supporting, the APPs set out in the Privacy Amendment Act. The information set out below is largely a summary of the obligations under the APPs.
For clarity, for the purposes of the Privacy Act, the obligations imposed upon MyPlanner will also be applicable to its advisers and agents.
APP1 – OPEN AND TRANSPARENT MANAGEMENT OF PERSONAL INFORMATION
The object of APP 1 is ‘to ensure that APP entities manage personal information in an open and transparent way’.
APP 1 imposes three separate obligations, to:
a) take reasonable steps to implement practices, procedures and systems that will ensure the entity complies with the APPs and any binding registered APP code, and is able to deal with related inquiries and complaints;
In accordance with the above requirements, it is the policy of MyPlanner that:
a) all persons to whom this Policy applies are required to inform themselves of their obligations under the APPs;
b) MyPlanner will make available training as and when required to ensure persons to whom this Policy applies are aware of their obligations under the APPs;
c) all clients of MyPlanner, its advisers and agents are entitled to access their private information upon request;
d) any complaints by clients in relation to the handling of their private information should be referred immediately to the Privacy Officer – Professional Standards;
e) how MyPlanner manages private information will be set out in this Policy;
f) this Policy will be freely available on any website operated by companies within MyPlanner. Further, advisers and agents to whom this Policy applies should also include a link to the policy on any website operated by them; and
g) on request, clients are to have free access to this Policy in any form requested, so long as it is practical to do so.
The MyPlanner, its advisers and agents may collect and hold personal information such as a person’s name, address, date of birth, income, tax file number (TFN) and such other information that may be required from time to time in order to provide services to clients. This is collected directly from its clients and personal information is held within MyPlanner or its advisers and agents.
Any personal information held by MyPlanner may be held in a number of ways, for example:
• hard copy;
• soft copy; or
• offsite on electronic servers
Any personal information collected by MyPlanner is solely for the purpose of providing services to its clients and is not disclosed unless the disclosure is required in the performance of those services (for example, a financial adviser disclosing a client’s information to a financial institution in order to place an investment on behalf of that client).
Any client may seek access to their personal information by contacting the appropriate company within MyPlanner, or by contacting an adviser or agent of MyPlanner directly. If a correction is required to that personal information the client may make that amendment by notifying the appropriate company within MyPlanner, or by contacting an adviser or agent of MyPlanner directly.
If a client considers that a breach of the APPs has occurred, they can direct their complaint to the Privacy Officer – Professional Standards.
The relevant contact details are:
Privacy Officer – Professional Standards C/- MyPlanner
Level 3, 26 Marine Parade
SOUTHPORT QLD 4215
P: 07 5560 2300
If a client is not satisfied with the outcome of their complaint they may lodge a complaint with the Office of the Australian Information Commissioner (OAIC). Further information is available from the OAIC’s website at www.oaic.gov.au.
MyPlanner will only disclose personal information of its clients to overseas recipients where such disclosure is required to give effect to the instructions of a client (for example, where a client receiving financial advice wishes to invest in overseas equities or to provide services to our clients, for example, paraplanning services). It is not practical to list all countries to which this information may be disclosed due to the variety of overseas financial services available to clients.
MyPlanner may only disclose personal information to its related entities where the disclosure is relevant to the provision of services to the client.
APP2 – ANOMYMITY AND PSEUDONYMITY
APP 2 provides that individuals must have the option of dealing anonymously or by pseudonym. However, those options are not required where:
• the entity is required or authorised by law or a court or tribunal order to deal with identifiable individuals; or
• it is impracticable for the entity to deal with individuals who have not identified themselves.
As the companies within MyPlanner largely deal with clients in financial services, it is unlikely that it would be practical for services to be provided to those clients without them having identified themselves.
Further, in most situations MyPlanner will be required under the terms of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act) to appropriately identify clients.
In instances where a member of MyPlanner has reason to believe that a person with whom they are dealing is not whom they claim to be, a suspicious matter report may be required to be lodged with AUSTRAC.
APP 3 – COLLECTION OF SOLICITED PERSONAL INFORMATION
APP 3 outlines when you may collect solicited personal information.
The MyPlanner is required to only collect personal information that is reasonably necessary for one or more of its functions. As outlined in clause 5.0 above, it is anticipated that personal information will be required to be collected due to the financial services provided by companies within MyPlanner. Information such as name, date of birth, address, income, TFN and other personal information will often be required for services such as:
• financial advice;
• financial product management; and
• other miscellaneous financial services.
Where personal information is required to be obtained from clients in order for them to be provided services from MyPlanner, those clients must consent to the collection of their personal information.
Personal information must only be collected by lawful and fair means. MyPlanner must collect personal information about an individual only from the individual, unless it is unreasonable or impractical to do so.
Under APP 3 MyPlanner must have the client’s consent to the collection of their personal information.
Sensitive information should be treated with a higher level of protection than personal information. MyPlanner must not collect sensitive information about an individual unless the individual consents to the collection of information and the information is necessary for the performance of a particular function or service.
For example, the HIV status of a person and/or their sexual preference may be required to be collected and in this case consent must be obtained from the client as this may be directly relevant to the recommendation of insurance advice. The product provider’s insurance application generally includes a declaration that covers consent of sensitive and personal information.
Sensitive information (according to the Privacy Act) includes but is not limited to:
• racial or ethnic origin;
• political opinions;
• membership of a political association;
• religious beliefs or affiliations;
• philosophical beliefs;
• membership of a professional or trade association;
• membership of a trade union;
• sexual orientation or practices; or
• criminal record.
APP 4 – DEALING WITH UNSOLICITED PERSONAL INFORMATION
APP 4 outlines the steps that must be taken if unsolicited personal information is received. This means that information has been received where an APP entity took no active steps to collect the information.
If a member of MyPlanner or its advisers and agents collects any unsolicited personal information it should promptly assess whether that information could have been obtained in accordance with APP 3. If the information could not have been obtained under APP 3 (for example, a client provides extra information that would not normally be required without being prompted to do so) then steps must be taken to destroy or de- identify the information as soon as practicable, if it is lawful and reasonable to do so.
If the information could have been collected in accordance with clause 6.0 then it should be dealt with in accordance with APPs 5 – 13. Please see below for details.
APP 5 – NOTIFICATION OF THE COLLECTION OF PERSONAL INFORMATION
If personal information about an individual is collected then reasonable steps must be taken to notify the individual, or otherwise ensure that the individual is aware of certain matters. These matters include:
• the identity and contact details of who collected the information;
• the fact and circumstances of collection;
• whether the collection is required or authorised by law;
• the purposes of collection;
• the consequences if personal information is not collected;
• the usual disclosures of personal information of the kind collected by the entity;
• whether it is likely that personal information will be disclosed to overseas recipients, and if practicable, the countries where they are located.
If a member of MyPlanner or its advisers and agents collects personal information they are obliged under this Policy to provide the above information.
APP 6 – USE OR DISCLOSURE OF PERSONAL INFORMATION
If personal information has been collected for a primary purpose, the entity must not use or disclose the information for another purpose unless:
• the person consents to the use or disclosure of the information; or
• one of the exceptions below applies:
An exception applies in relation to the use or disclosure of personal information about an individual if:
a) the client would reasonably expect MyPlanner to use or disclose the information for the secondary purpose and the secondary purpose is:
i. if the information is sensitive information—directly related to the primary purpose; or
ii. if the information is not sensitive information—related to the primary purpose of collection; or
b) the use or disclosure of the information is required or authorised by or under an Australian law or a court/tribunal order; or
c) a permitted general situation1 exists in relation to the use or disclosure of the information by MyPlanner; or
d) a permitted health situation2 exists in relation to the use or disclosure of the information by the entity; or
e) MyPlanner reasonably believes that the secondary use or disclosure of the information is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body such as ASIC.
If a member of MyPlanner or its advisers and agents seeks to disclose personal information, for any other reason than the primary reason it was collected, then they must first contact the Professional Standards department to have such disclosure authorised.
If MyPlanner uses or discloses information under the above listed exceptions, then it must make a written note of the use or disclosure.
In the event a member of MyPlanner (e.g. an adviser) collects personal information and provides it to a related body corporate (e.g. outsourced paraplanning service); then the paraplanning service’s primary purpose for collecting information will be treated as the same primary purpose as the adviser.
APP 7 – DIRECT MARKETING
If personal information about an individual is held, that information must not be disclosed for the purpose of direct marketing.
There are exceptions where MyPlanner and its members may use personal information for direct marketing (other than sensitive information) when:
• a member of MyPlanner collected the information from the individual;
• the individual would reasonably expect a member of MyPlanner to use or disclose the information for that purpose;
• MyPlanner and its members provides a simple means by which the individual may request to opt-out of receiving direct marketing communications from the organisation; and
• the individual has not made an opt-out request in the past.
A member of MyPlanner may use personal information for the purposes of direct marketing where an individual may not have reasonably expected the use of that information, however the individual must provide consent.
The MyPlanner and its members will ensure that any direct marketing communications include a prominent statement that the individual may make a request to opt-out of receiving direct marketing communications or MyPlanner will draw the individual’s attention to the fact that they may make a request to opt-out of receiving direct marketing communications.
The MyPlanner may disclose sensitive information about an individual for the purposes of direct marketing if the individual has consented to the use or disclosure of the information for that purpose.
Any direct marketing proposal should first be approved by Professional Standards.
An individual may request not to receive direct marketing communications from MyPlanner.
Any client of MyPlanner or its advisers and agents may opt out of receiving any direct marketing materials by contacting Professional Standards C/- MyPlanner at:
Level 3, 26 Marine Parade
SOUTHPORT QLD 4215
P: 07 5560 2300
Where a member of MyPlanner, (e.g. an adviser) uses or discloses personal information about an individual, for the purposes of direct marketing or for the purpose of facilitating direct marketing by another organisation (e.g. a mailing house). The individual may make a request not to use or disclose their personal information, (for the purpose of direct marketing communications) from either the adviser or the mailing house, depending on who provided that information.
Based on the above scenario an individual may make a request to the adviser to provide its source of the information within a reasonable period, unless it is impracticable or unreasonable to do so.
In addition, where an individual makes a request to not receive direct marketing communications, any other member of MyPlanner must not charge the individual for the making of or giving effect to the request to opt-out and must carry out this request within a reasonable period of time.
This Privacy Principle does not apply to the extent that any of the following apply:
• the Do Not Call Register Act 2006
• the Spam Act 2003
• any other Act of the Commonwealth, or a Norfolk Island enactment, prescribed by the regulations.
APP 8 – CROSS-BORDER DISCLOSURE OF PERSONAL INFORMATION
There are obligations under the APPs to ensure that personal information is not transferred to another country. It is the policy of MyPlanner that no personal information should be transferred outside of Australia without the client’s prior approval.
MyPlanner members may engage third party service providers to assist in the provision of products or services.
Some services may require disclosure of personal information to service providers outside Australia including the Philippines. The purpose of such disclosure is to facilitate the provision of services including the preparation of financial advice for MyPlanner members.
Some MyPlanner advisers may elect to enter into their own outsourcing arrangements to countries other than the Philippines. If so, the advisers concerned will disclose these arrangements separately to their clients and take reasonable steps to ensure that the overseas recipient (service provider) does not breach the APP, unless the overseas recipient is subject to substantially similar laws to the APP which protect the information. Information can be provided to an overseas recipient if a member of MyPlanner expressly informs the individual and the individual consents to that disclosure.
MyPlanner will provide information to an overseas recipient if the disclosure is required or authorised under Australian law or if a permitted general situation exists.
APP 9 – ADOPTION, USE OR DISCLOSURE OF GOVERNMENT RELATED IDENTIFIERS
The MyPlanner and its members must not adopt a government related identifier, such as a tax file number, as its own. Practically, this means that MyPlanner member could not for example, use a tax file number as a client reference for filing purposes.
Further, unless permitted a member of MyPlanner must not disclose a government related identifier to a third party.
APP 10 – QUALITY OF PERSONAL INFORMATION
As part of the obligations under the APPs, all members of MyPlanner should take steps to ensure that all personal data collected is accurate, up to date and complete. Therefore, MyPlanner or its advisers and agents should seek to regularly update the personal information of its clients.
APP 11 – SECURITY OF PERSONAL INFORMATION
The MyPlanner and its members should take reasonable steps to ensure the security of all client personal information. What these reasonable steps will be will vary depending on the situation. However, some practical steps that may be applicable are:
• Personal information stored on a computer or hard drive that is password protected and not available on a public network.
• Personal information stored in hard copy that is kept in a lockable cabinet.
Further, if personal information has been obtained, it should be destroyed or de-identified once it is no longer required. Please note that there are certain obligations imposed that require client information to be retained for a certain period of time. You should contact Professional Standards if you have any queries as to how long personal information should be retained.
The MyPlanner should take reasonable steps to prevent misuse, interference, loss, unauthorised access, unauthorised modification or disclosure of personal information.
APP 12 – ACCESS TO, AND CORRECTION OF, PERSONAL INFORMATION
If a member of MyPlanner, or its advisers and agents holds personal information about an individual, then on request by the individual they must give access to that information.
There are exceptions to the above rule, such as whether disclosing that information would post a serious threat to the individual or if giving access would be unlawful. However, MyPlanner is not required to give an individual access to the personal information if:
• it reasonably believes that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety;
• access would have an unreasonable impact on the privacy of other individuals;
• the request for access is frivolous or vexatious;
• the information relates to existing or anticipated legal proceedings between the entity and the individual and would not be accessible by the process of discovery in those proceedings;
• giving access would reveal the intentions of the entity in relation to negotiations with the individual in such a way to prejudice those negotiations;
• giving access would be unlawful;
• denying access is required or authorised by Australian law or a court;
• there is reason to suspect that unlawful activity or misconduct has been engaged in and giving access would prejudice taking appropriate action;
• giving access would prejudice enforcement activities by an enforcement body; or
• giving access would reveal evaluative information generated within the entity in connection with a commercially sensitive information process.
If MyPlanner or its members receives a request to access personal information, MyPlanner must respond to that request within a reasonable timeframe.
An access charge may be applied to personal information however it must not be excessive and must not apply to the making of the request.
If access to personal information is refused, then the individual must be informed in writing that sets out why access was refused and how an individual is able to lodge a complaint about the refusal.
APP 13 – CORRECTION OF PERSONAL INFORMATION
If personal information is held and either:
1. It is apparent that the information is inaccurate, out of date, incomplete, irrelevant or misleading; or
2. The individual requests the entity to correct the information;
then steps must be taken to ensure that the information is accurate, up to date, complete, relevant and not misleading.
Any request to correct information should be dealt with within a reasonable period after the request was made.
MyPlanner and its members should also take reasonable steps to ensure that any personal information held by third parties (provided by MyPlanner) is also corrected.
If a request to correct personal information is refused, then the individual must be informed in writing that sets out why it was refused and how an individual is able to lodge a complaint about the refusal.
If MyPlanner receives a request to correct personal information, MyPlanner must respond to that request within a reasonable timeframe.
NON-COMPLIANCE WITH THIS POLICY
Non-compliance with this Policy may result in disciplinary action and could include the termination of a relationship with MyPlanner if the breach is considered serious.
If you are uncertain about how this Policy applies to a particular circumstance, or you have any questions about the Policy, speak with your manager or a member of the Professional Standards team.
FOR MORE INFORMATION
If you would like more information on this Policy, please contact the Professional Standards team by email at firstname.lastname@example.org or by calling 07 5560 2300.
This Policy will be reviewed by MyPlanner Audit, Risk and Compliance Committee at least annually or as changing circumstances warrant.