“We”, “us” and “our” refer to Kearney Group, which consists of:
These entities are collectively referred to as “Kearney Group Financial Services” or “Kearney Group”. Kearney Group operates from Suite 137, 425 Smith Street, Fitzroy, VIC 3065.
We take client privacy, confidentiality and data security very seriously and have thereby developed a firm-wide Privacy Policy (“this Policy”) which applies to all of our employees, in every capacity.
This Policy sets out our commitment in respect of personal and credit information we hold about you and how that information is used. It aims to ensure that we comply with the Privacy Act (Cth) 1998 (“Privacy Act“), the Australian Privacy Principles (“APPs”) and all other relevant legislation which collectively outlines the rights and responsibilities of private sector organisations in the collection, holding, use, correction, disclosure and transfer of personal and credit information.
This Policy explains how we manage your personal and credit information, however, we may provide more detail on how we manage your personal and credit information at the time we collect it, at the outset of an engagement or from time to time, during the course of our service relationship.
Personal information includes any information or opinion about an identified individual or an individual who can be reasonably identified from their information. The information or opinion will still be personal information whether it is true or not and regardless of whether we have kept a record of it.
The information that we seek to collect about you will depend on the products or services that we provide. If you do not allow us to collect all of the information we request, we may not be able to deliver all of those services effectively.
What kinds of personal information do we collect and hold?
When you apply for our products or services we may ask for identification information. This could include your name, address, contact details and date of birth among other things. We may also collect your tax file number or other government identifiers if we are authorised to collect them and if you choose to supply them. If you apply for insurance, we may collect information about what is being insured, the beneficiaries, and your health and financial situation, depending on the type of insurance.
Throughout the life of your product or service, we may collect and hold additional personal information about you. This could include transaction information or making a record of queries or complaints you make and, if you make an insurance claim, collecting additional information to assist in assessment of the claim.
The collection of sensitive information is restricted by the Privacy Act. This includes information about your religion, racial or ethnic origin, political opinions, criminal record, and sexual orientation. It also includes health information and biometric information.
Generally, we only collect this sort of information if it is necessary to provide you with a specific product or service and you have consented to that collection. For example, we may collect some health information about you to process an application for an insurance policy.
For what purposes do we collect, hold, use and disclose personal information?
The main reason we collect, use, hold and disclose personal information is to provide you with products and services. This includes:
We may also use your information to comply with legislative or regulatory requirements in any jurisdiction, prevent fraud, crime or other activity that may cause harm in relation to our products or services and to help us run our business. We may also use your information to tell you about products or services we think may interest you.
If we collect government identifiers we will never use them in order to identify you.
How do we collect your personal information?
We collect most personal information directly from you. For example, we collect personal information from you when you apply for or use a product or service or talk to us in person or on the phone.
We also collect information from you electronically. For instance, when you visit our website or if you send us electronic correspondence (see “Electronic collection of personal information”).
While we will always endeavour to collect personal information directly from you where reasonable and practical, sometimes we collect personal information about you from other people or organisations. This may happen without your direct involvement. For instance, we may collect personal information about you from:
Laws requiring or authorising us to collect personal information
We are required or authorised to collect:
How do we hold personal information?
Much of the information we hold about you will be stored electronically in secure data centres which are located in Australia and the United States of America (“U.S.”) and owned by either us or external service providers. Some information we hold about you will be stored in paper files. We use a range of physical and electronic security measures to protect the security of the personal information we hold. For example:
We take reasonable steps to destroy or permanently de-identify any personal information after it can no longer be used.
Who do we disclose your personal information to, and why?
We may provide personal information about our clients to organisations outside Kearney Group. Prior to disclosing any of your personal information to another person or organisation, we take all reasonable steps to ensure that the third party has a commitment to protecting your personal information at least equal to our commitment, or that you have expressly consented to us making the disclosure.
Additionally, to protect personal information, we enter into contracts with our service providers that require them to comply with the Privacy Act. These contracts oblige them to only use the personal information we disclose to them for the specific role we ask them to perform.
Generally, we disclose personal information to organisations that help us with our business. These may include:
We may also disclose your personal information to others outside of Kearney Group where:
Transborder disclosure of personal information
We may disclose your personal information to a recipient which is located outside Australia. Often times this occurs as a result of using cloud software where servers are located outside Australia. This includes our service providers which are likely to be located in the U.S., New Zealand or other countries and any financial institution which you hold an account with overseas where you have given us permission to make enquiries on your behalf.
What if you don’t provide us with your personal information?
We will provide individuals with the option of not identifying themselves, or of using a pseudonym, when dealing with us if it is lawful and practicable to do so. A pseudonym is a name or other descriptor that is different to an individual’s actual name.
For example, you can access our website and make general phone queries without having to identify yourself.
In some cases, however, if you don’t provide us with your personal information when requested, we may not be able to provide you with the product or service that you are seeking.
Why we collect credit-related personal information
We collect, hold, use and disclose credit-related personal information for the purposes permitted by the Privacy Act and the Privacy (Credit Reporting) Code 2014 (“CR Code”) and so as to provide our services to you including, but not limited to:
What information do we collect for credit purposes?
The credit-related personal information that we may collect and hold includes:
How do we use personal information collected for credit purposes?
Where you have consented to it, we will use your personal information to better inform ourselves as to your credit position and, in undertaking our services to you, we may provide personal information about you that we have collected to:
Which credit reporting bodies do we deal with?
We may deal with the following credit reporting bodies:
Equifax
Equifax organises, assimilates and analyses data on more than 820 million consumers and more than 91 million businesses worldwide.
www.equifax.com.au
Illion
illion is the leading independent provider of trusted data and analytics products and services in Australasia, with the company’s consumer and commercial credit bureaus.
www.illion.com.au
Experian Australia Pty Ltd
Level 6, 549 St Kilda Road,
Melbourne, Victoria 3004
Phone: +61 3 8699 0100
www.experian.com.au
You can ask these credit reporting bodies not to use the information disclosed for the purpose of pre-screening of direct marketing by a credit provider.
If you think you have been a victim of fraud, you can request the above credit reporting bodies not to disclose credit reporting information about you.
We will use your personal information to offer you products and services we believe may interest you, but we will not do so if you tell us not to. We may offer you products and services by various means, including by mail, telephone, email, SMS or other electronic means, such as through social media or targeted advertising through our websites.
We may also disclose your personal information to companies outside Kearney Group who assist us to market our products and services to you.
Where you have consented to receiving marketing communications from us, your consent will remain current until you advise us otherwise. However, you can opt out at any time, by:
We will collect information from you electronically, for instance through internet browsing, mobile or tablet applications.
Each time you visit our website, we collect information about your use of the website, which may include the following:
We use technology called cookies when you visit our site. Cookies are small pieces of information stored on your hard drive or in memory. They can record information about your visit to the site, allowing it to remember you the next time you visit and provide a more meaningful experience.
One of the reasons for using cookies is to offer you increased security. The cookies we send to your computer cannot read your hard drive, obtain any information from your browser or command your computer to perform any action. They are designed so that they cannot be sent to another site, or be retrieved by any non-Kearney Group site.
We won’t ask you to supply personal information publicly over Facebook, Twitter, or any other social media platform that we use. Sometimes we may invite you to send your details to us via private messaging, for example, to answer a question. You may also be invited to share your personal information through secure channels to participate in other activities, such as competitions.
At any time you can request access to the personal information we hold about you. You can also ask for corrections to be made. To do so, please contact us (details at the end of this Policy).
You can also apply to access personal information about you that a CRB holds by contacting the relevant CRB using the contact information set out above.
There is no fee for requesting that your personal information is corrected or for us to make corrections. In processing your request for access to your personal information, a reasonable cost may be charged. This charge covers such things as locating the information and supplying it to you.
There are some circumstances in which we are not required to give you access to your personal information.
If we refuse to give you access to or to correct your personal information we will give you a notice explaining our reasons except where it would be unreasonable to do so.
If we refuse your request to correct your personal information, you also have the right to request that a statement be associated with your personal information noting that you disagree with its accuracy.
If we refuse your request to access or correct your personal information, we will also provide you with information on how you can complain about the refusal.
General
Kearney Group is committed to keeping your personal information secure and confidential. All reasonable precautions will be taken to protect personal information from loss, misuse, unauthorised access or alteration. We take reasonable steps to:
You can help us keep your information up to date by letting us know about any changes to your details, such as your address, email address or phone number.
You acknowledge that the security of online transactions you conduct using the website cannot be guaranteed. To the fullest extent permitted at law, Kearney Group does not accept responsibility for misuse of, loss of, or unauthorised access to, your personal information where the security of that information is not within Kearney Group’s control.
Within Kearney Group, access to personal information is restricted to personnel on a need to know basis. Kearney Group has directed its staff that personal information must be dealt with in accordance with this Policy and kept secure from unauthorised access or disclosure. We educate our staff about their duty to protect your privacy and provide training regarding this Policy.
Security
The steps we take to secure the personal information we hold include website protection measures (such as firewalls and anti-virus software), security restrictions on access to our computer systems (such as login and password protection), controlled access to our corporate premises, policies on document storage and security, personnel security (including restricting access to personal information on our systems to staff who need that access to carry out their duties), staff training and workplace policies.
Website security
While we strive to protect the personal information and privacy of users of our website, we cannot guarantee the security of any information that you disclose online and you disclose that information at your own risk. If you are concerned about sending your information over the internet, you can contact us by telephone or post (details at this end of this Policy).
If you are a registered user of our website and/or our client portal, you can also help to protect the privacy of your personal information by maintaining the confidentiality of your username and password and by ensuring that you log out of the website when you have finished using it. In addition, if you become aware of any security breach, please let us know as soon as possible.
IP Address
An IP (internet protocol) address is a number that is automatically assigned to your computer by your internet service provider when you log on. Your IP address is not linked to your personal information but we do preserve the right to use IP addresses to identify individuals who may threaten our site, services or clients. IP addresses may also be used to help diagnose problems with our website and to gather broad demographic information.
Third party websites
Links to third party websites that are not operated or controlled by us are provided for your convenience. We are not responsible for the privacy or security practices of those websites, which are not covered by this Policy. Third party websites should have their own privacy and security policies, which we encourage you to read before supplying any personal information to them.
Data breaches
If there is any breach of your personal information, Kearney Group will deal with such breach and notify you in accordance with its obligations under the Privacy Act.
There is an exemption in the Privacy Act regarding information relating to current or former employees. The Privacy Act does not apply to an act done or practice engaged in by Kearney Group in relation to:
This exemption does not apply to applicants who are unsuccessful in securing a role with us. In those cases, we will take all the necessary steps to ensure proper collection, use, storage, disclosure of and access to information in accordance with the Privacy Act and other applicable laws.
If you are concerned about how your personal information is being handled or if you have a complaint about a potential breach of the Privacy Act or the APPs, please first contact Kearney Group’s Privacy Compliance Officer.
Complaints should be directed to our Privacy Compliance Officer in writing (details below).
We will acknowledge your complaint within 24 hours or 1 business day.
If we are unable to resolve your complaint at the first point of contact, we will work with you to better understand your concerns and investigate your complaint.
If we complete our investigation within 5 business days, we will contact you and advise you of our findings. If you are satisfied with our response we will consider the complaint resolved.
If your concerns require us to undertake complex investigations, we will attempt to resolve the complaint within 30 days and will provide you with a written response of the outcome of our investigations.
If we are likely not to complete our investigations within 30 days, we will provide you with a written notification of the delay.
If you are not satisfied with our response or the manner in which we dealt with the complaint, there are other bodies with which you can escalate your concerns.
The Australian Financial Complaints Authority (AFCA) can consider most privacy complaints involving providers of financial services.
AFCA can be contacted at:
Australian Financial Complaints Authority Limited
GPO Box 3
Melbourne VIC 3001
Phone: 1800 931 678
www.afca.org.au
Under the Privacy Act you may complain to the Office of the Australian Information Commissioner about the way we handle your personal information.
The Commissioner can be contacted at:
The Commissioner
GPO Box 5218
Sydney NSW 2001
Phone: 1300 363 992
Email: [email protected]
www.oaic.gov.au
Please send feedback, comments, complaints or requests for further clarification of this Policy to:
Privacy Compliance Officer
PO Box 3347
Burnley North VIC 3121
Phone: +61 3 9428 8822
General Information
For general information or queries about Kearney Group:
Suite 137, 425 Smith Street
Fitzroy VIC 3065
Phone: +61 3 9428 8822
We may amend this Policy from time to time. The current version will be posted on our website and a copy may be obtained by contacting our Privacy Compliance Officer (details above).