1. The privacy of your personal information is important to us
The privacy of your personal information is important to us, and we understand that how we collect, use and protect your personal information is important to you.
2. Who does this policy apply to?
who we collect personal information from;
the types of personal information collected and held by us;
how this personal information is collected and held;
the purposes for which your personal information is collected, held, used and disclosed;
how you can gain access to your personal information and seek its correction if required;
how you may complain or inquire about our collection, handling, use or disclosure of your personal information and how that complaint or inquiry will be handled; and
that we will not disclose your personal information to any overseas recipients.
4. Who do we collect personal information from?
In the course of providing our services as a Staple we may collect personal information from investors, financial planners, media, research houses, stockbrokers and potential investors. We also collect personal information from employees, potential employees and work experience people.
5. What types of personal information do we collect?
In the course of providing services, the information we collect may include:
Personal Information including names, addresses, email addresses and other contact details; dates of birth; financial information, age and employment status.
Sensitive Information including details of your professional memberships.
The Staple may collect sensitive information from investors in order to comply with the Anti-Money Laundering and Counter-Terrorism Financing laws (AML/CTF). This sensitive information may include government identifiers such as your TFN.
In respect of employees, potential employees and work experience people we also collect personal resumes, third party references, bank details, superannuation details, tax file numbers and emergency contact details. We also conduct criminal checks and bankruptcy searches on individuals who commence employment. These searches are held on our employee files.
6. How do we collect and hold your personal information?
How we collect personal information will largely be dependent upon whose information we are collecting. If it is reasonable and practical to do so, we collect personal information directly from you.
We may collect information about you when you:
invest in the Staple;
request information about the Staple;
telephone, email or write to us;
have a face to face meeting with us;
attend our presentations to investors, potential investors and financial planners;
attend conferences where we are presenting;
subscribe to receive investment information through our website;
apply for work experience with us;
apply for employment with us; or
accept an offer of employment.
We may collect personal information from other organisations and people (e.g. third party stock brokers, and from share registries including Computershare Investor Services Pty Limited who provide share registry, investor communication and voting services for us, or independent sources, however, we will only do so where it is not reasonable and practical to collect the information from you directly.
7. Gathering and combining personal information
Improvements in technology enable organisations to collect and use personal information to get a more integrated view of investors, and to allow them to provide better products and services to investors.
8. Unsolicited Information
Sometimes we may be provided with your personal information without having sought it through our normal means of collection. We refer to this as “unsolicited information”. Where we collect unsolicited information we will only hold, use and or disclose that information if we could otherwise do so had we collected it by normal means. If that unsolicited information could not have been collected by normal means then we will destroy, permanently delete or de-identify the information as appropriate.
9. How do we use your personal information?
We use personal information that is reasonably necessary for one or more of our functions as a Staple (the primary purpose) or for a related secondary purpose that would be reasonably expected by you, or to which you have consented.
Our uses of personal information include but are not limited to:
establishing your identity;
managing your investment and our relationship with you;
providing you with updates in relation to your investment and other investments;
engaging with investors (including calls to investors, emails and ad hoc surveys);
conducting and improving our business, and improving the investor experience;
complying with our legal obligations, and assisting government and law enforcement agencies and/or regulators;
identifying other products and services that we think may be of interest to you;
communicating with you about the products and services that we offer; and/or
in the case of employees, paying your wages and employee entitlements.
We may also need to collect personal and sensitive information in order to comply with our legal obligations, such as the Anti-Money Laundering and Counter-Terrorism Financing laws, under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth).
10. Direct Marketing
We will not disclose your personal information to any third party marketing company.
11. Sensitive Information
12. Storage and security of your personal information
We store personal information in a variety of formats including on databases, in hard copy files and on personal devices, including laptop computers.
We save personal information on our Customer Relationship Management (CRM) system and on a Cloud Server.
The security of your personal information is of paramount importance to us and we take all reasonable steps to protect the personal information we hold about you from misuse, loss, unauthorised access, modification or disclosure.
These steps include:
restricting access to personal information on our databases to a ‘need to know’ basis with different levels of security being allocated to staff based on their roles, responsibilities and security profile.
ensuring all staff are aware that they are not to reveal or share personal passwords.
training and reminding our staff of their obligations with regard to your personal information, and the requirements of the Privacy Act 1998 (Cth) and the Australian Privacy Principles.
ensuring where sensitive information is stored in hard copy files that these files are stored in lockable filing cabinets in lockable rooms. Access to these records is restricted to staff on a need to know basis.
implementing physical security measures at our premises to prevent break-ins.
implementing security systems, policies and procedures designed to protect personal information storage on our computer networks.
implementing human resources policies and procedures, such as email and internet usage and confidentiality and document security policies, designed to ensure that staff follow correct protocols when handling personal information.
undertaking due diligence with respect to third party service providers who may have access to personal information, including cloud service providers, to ensure as far as practicable that they are compliant with the Australian Privacy Principles or a similar privacy regime.
Personal information we hold that is no longer needed, or required to be retained by any other laws, is destroyed in a secure manner, deleted or de-identified as appropriate.
Our website may contain links to other websites. We do not share your personal information with those websites and we are not responsible for their privacy practices. Please check their privacy policies.
13. When we disclose your personal information
We only use personal information for the purposes for which it was given to us, or for purposes which are directly related to one or more of our services, as a Staple.
It may be necessary for us to disclose your personal information to certain third parties in order to assist us with one or more of our functions or activities, or where permitted or required by law. Third parties may include:
organisations providing share registry services under an arrangement with us;
those to who we outsource certain functions, for example information technology support;
auditors and insurers;
government and law enforcement agencies and regulators; and
entities established to help identify illegal activities and prevent fraud.
We may disclose your personal information from time to time, only if one or more of the following apply:
you have consented;
you would reasonably expect us to use or disclose your personal information in this way;
we are authorised or required to do so by law;
disclosure will lessen or prevent a serious threat to the life, health or safety of an individual or to public safety;
where another permitted general situation applies (as defined in Section 16A of the Privacy Act 1988 (Cth)); or
disclosure is reasonably necessary for a law enforcement related activity.
14. We do not disclose your personal information to overseas recipients
We use information storage systems located within Australia, and do not send to, or store personal information with overseas organisations, nor do we disclose personal information about an individual to overseas organisations.
15. How we ensure the quality of your personal information
We take all reasonable steps to ensure the personal information we hold, use and disclose is accurate, complete and up-to-date. These steps include ensuring that the personal information is accurate, complete and up-to-date at the time of collection, and when using or disclosing the personal information.
On an ongoing basis we maintain and update personal information when we are advised by you or when we become aware through other means that your personal information has changed.
Please contact us if any of the details you have provided to us change. You should also contact us if you believe that the personal information we have about you is not accurate, complete or up-to-date.
16. How to gain access to your personal information we hold
You may request access to the personal information we hold about you, or request that we change and/or update the personal information we hold, by contacting us.
Upon request, we will give you access to the personal information held about you, unless specific limitations apply (e.g. if the request is frivolous or vexatious, or providing access would be unlawful).
We will respond to a request for access to personal information within a reasonable period after the request is made, and give access to the personal information in the manner requested by you, if it is reasonable and practicable to do so.
If we do not agree to provide you with access, or to amend your personal information as requested, you will be notified accordingly. Where appropriate we will provide you with the reason/s for our decision, and the mechanisms available to complain about the refusal. If the rejection relates to a request to change your personal information you may make a statement about the requested change and we will attach this to your record.
17. Privacy Complaints
We will respond to your complaint within a reasonable time (usually no longer than 30 days), and we may seek further information from you in order to provide you with a full and complete response.
Your complaint may also be taken to the Office of the Australian Information Commissioner. You may contact the Australian Information Commissioner by calling them on 1300 363 992, contacting them online at www.oaic.gov.au, or by writing to the Office of the Australian Information Commissioner at GPO Box 5218 Sydney NSW 2001.
18. How to Contact Us
Calling +61 (0)407 236 866; or
Writing to us at Suite 401, 25 Lime Street Sydney NSW 2000
If practical, you can contact us anonymously (i.e. without identifying yourself) or by using a pseudonym. However, if you choose not to identify yourself, we may not be able to give you the information or provide the assistance you might otherwise receive if it is not practical to do so.
19. Changes to our privacy and information handling practices