Why do we collect, hold, use and disclose personal information?
We collect, hold, use and disclose personal information for the following purposes:
- to provide professional services;
- to provide technology services and solutions;
- to respond to requests or queries;
- to maintain contact with our clients and other contacts;
- to keep our clients and other contacts informed of our services and industry developments;
- to notify of seminars and other events;
- to verify your identity;
- for administrative purposes, including processing payment transactions;
- for recruitment purposes;
- for purposes relating to the employment of our personnel, providing internal services or benefits to our partners and staff and for matters relating to the partnership;
- when engaging service providers, contractors or suppliers relating to the operation of our business;
- to manage any conflict of interest or independence (including auditor independence) obligations or situations;
- to meet any regulatory obligations; or
- for any other business related purposes.
Unless otherwise provided by law, we will not collect, hold, use or disclose sensitive information without your consent.
If you would like to access any of our services on an anonymous basis or by using a pseudonym, please tell us. However, we will require you to identify yourself if:
- we are required by law to deal with individuals who have identified themselves; or
- it is impracticable for us to deal with you if you do not identify yourself or elect to use a pseudonym.
Please be aware that your request to be anonymous or to use a pseudonym may affect our ability to provide you with the requested goods and/or services.
What kind of personal information do we collect and use?
The nature and extent of personal information that we collect varies depending on your particular interaction with us and the nature of our functions and activities.
Personal information that we commonly collect, hold, use and disclose could include:
- names, job titles, contact and address details
- information in identification documents (for example, passport, driver’s licence)
- tax file numbers and other government-issued identification numbers
- date of birth and gender
- bank account details, shareholdings and details of investments
- details of superannuation and insurance arrangements
- educational qualifications, employment history, salary and referee reports
- visa or work permit status
- your Internet Protocol (IP) address
- payment details and
- personal information about your spouse and dependants
It may be necessary in some circumstances for R&M to collect sensitive information about you to provide specific services or for recruiting purposes. Examples of the types of sensitive information that may be collected in such circumstances include professional memberships, ethnic origin, criminal record and health information.
How do we collect and hold personal information?
Generally, we collect your personal information from you directly (for example, when we deal with you in person or over the phone, when you send us correspondence (including via email), when you complete a questionnaire, form or survey, or when you use our website or our social media).
Sometimes it may be necessary for us to collect your personal information from a third party. For example, we may collect your personal information from your employer where they are our client, from your personal representative, a R&M related entity or a publicly available record.
Prior consent will be sought from you prior to obtaining information from external sources such as direct feeds of financial information from banks or similar institutions as part of services provided to a client.
We may also collect personal information about you from your use of our websites and information you provide to us through contact mailboxes or through the registration process on our websites.
If you feel that the information that we are requesting, either on our forms or in our discussions with you, is not information that you wish to provide, please feel free to raise this with us.
In some situations we may also obtain personal information about you from a third party source. If we collect information about you in this way, we will take reasonable steps to contact you and ensure that you are aware of the purposes for which we are collecting your personal information and the organisations to which we may disclose your information, subject to any exceptions under the Privacy Act.
We hold personal information in hard copy and electronic formats. We have implemented generally accepted standards of technology and operational security in order to protect personally identifiable information from loss, misuse, alteration or destruction. We also have document retention policies and processes in place in line with varying legislative and regulatory requirements.
In some cases, we engage third parties cloud service providers for the use of their software programs or to host electronic data (including data in relation to the services we provide) on our behalf.
Our internet service provider may record details of visits to our site and when visiting our site your visit may be logged and the following information may be collected:
- your server address, domain name and browser type;
- the date and time of your visit to the site;
- the pages accessed and the documents downloaded;
- the previous website visited;
- your operating system; and
- the links you followed from other sites to get to our site.
The information listed above will only be used by us internally for statistical and research purposes.
When do we use and disclose your personal information?
We will only use and disclose your personal information:
- if we get your consent; or
- your referees;
- your former employers;
- credit agencies;
- our professional advisors, including our auditors and lawyers; government or regulatory bodies or agencies, as part of an engagement or otherwise, (for example, the Australian Taxation Office).
- our Related Entities and Related Bodies Corporate (as those terms are defined in the Corporations Act 2001 (Cth)); and
- our contractors and suppliers.
We will only use or disclose your personal information for the purposes of direct marketing if:
- we collected the information from you;
- it is reasonable in the circumstances to expect that we would use or disclose the information for direct marketing purposes;
- we provide you with a simple means to ‘opt-out’ of direct marketing communications from us; and
- you have not elected to ‘opt-out’ from receiving such direct marketing communications from us.
Do we send information overseas?
It is unlikely that we will disclose personal information to overseas recipients.
If we disclose personal information to overseas recipients, we will take reasonable steps to ensure that such recipients do not breach the Privacy Act and the APPs unless:
- we believe that the overseas recipient is subject to a law that has the same effect of protecting personal information in a way that, overall, is at least substantially similar to the way in which the Privacy Act and the APPs protect personal information and there are mechanisms available for you to access to take action to enforce that protection of law; or
- we obtain your express consent to the disclosure of personal information to overseas recipients.
Access to and correction of your personal information
You have a right to access your personal information.
We are not obliged to allow access to your personal information if:
- we reasonably believe that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety;
- giving access would have an unreasonable impact on the privacy of other individuals;
- the request for access is frivolous or vexatious;
- the information relates to existing or anticipated legal proceedings between you and us and would not ordinarily be accessible by the discovery process in such proceedings;
- giving access would reveal our intentions in relation to negotiations with you in a way that would prejudice those negotiations;
- giving access would be unlawful;
- denying access is required or authorised by or under an Australian law or a court/tribunal order;
- we have reason to suspect that unlawful activity, or misconduct of a serious nature relating to our functions or activities has been, is being or may be engaged in and giving access would be likely to prejudice the taking of appropriate action in relation to the matter;
- giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
- giving access would reveal internal evaluative information in connection with a commercially sensitive decision-making process.
We will also take reasonable steps to correct personal information to ensure that, having regard to the purpose for which it is held, it is accurate, up-to-date, complete, relevant and not misleading if:
- we are satisfied the information is inaccurate, out-of-date, incomplete, irrelevant or misleading, having regard to a purpose for which it is held; or
- you request us to correct the information.
If you make a request for access to or correction of personal information, we will:
- respond to your request within a reasonable period; and
- if reasonable and practicable, give access to or correct the information in the manner requested.
If we refuse to give access to the personal information because of an exception or in the manner requested by you, we will give you a written notice that sets out at a minimum:
- our reasons for the refusal (to the extent it is reasonable to do so); and
- the mechanisms available to complain about the refusal.
If we refuse a request to correct personal information, we will:
- give you a written notice setting out the reasons for the refusal and how you may make a complaint; and
- take reasonable steps to associate a statement with personal information it refuses to correct
We reserve the right to charge you reasonable expenses for providing access or making a correction to personal information, for example, a fee for photocopying any information requested by you.
Integrity of your personal information
We will take reasonable steps to:
- ensure that the personal information that we collect is accurate, up to date and complete;
- ensure that the personal information we hold, use or disclose is, with regard to the relevant purpose, accurate, up to date, complete and relevant; and
- secure your personal information.
We will take reasonable steps to protect personal information from:
- misuse, interference and loss; and
- unauthorised access, modification or disclosure.
We will take reasonable steps to destroy or de-identify personal information that we hold if we no longer need the information for the primary purpose for which the information was collected and we are not otherwise required by law to retain the information.
If you would like to make a complaint about the way we collect, use, disclose, store or administer your personal information, or otherwise consider there may be a breach of the Privacy Act or the APPs, you can contact the Privacy Officer as set out in the ‘How to contact us’ section.
All complaints will be treated seriously and dealt with promptly.
You may also make a complaint directly to the Office of the Australian Information Commissioner (OAIC) online, by mail, fax or email. Please visit the OAIC website at https://www.oaic.gov.au/privacy/making-a-privacy-compaint for more information.
How to contact us
If you would like more information on privacy or have any questions in relation to this policy please contact our Privacy Officer.
Roberts & Morrow
137 Beardy Street
Armidale NSW 2350
Policy Approved – May 2017