Korff Wealth Pty Ltd (“Korff Wealth”), is an authorised representative of Interprac Financial Planning Pty Ltd (AFSL 246638) and Vow Financial Pty Ltd (CL 390261).

PRIVACY POLICY FOR INTERPRAC GROUP ENTITIES

1.1 What is the InterPrac Group

For the purpose of this Privacy Policy the InterPrac Group (InterPrac) consists of the following Companies and their agents, officers, employees and credit/financial planning advisers.

• Interprac Ltd operates as the holding company and provides administration and staffing services to entities of the group.

• InterPrac Financial Planning Pty Ltd who hold an AFSL no 246638 and provide Financial Planning advice to retail and wholesale clients.

• InterPrac Finance Services Pty Ltd who hold an ACL no 388051 and provide Credit Advice to retail and wholesale clients.

• InterPrac Securities Pty Ltd are a Corporate Authorised Representative No 338629 of InterPrac Pty Ltd and provide Financial Planning advice to retail and wholesale clients.

• InterPrac General Insurance Pty Ltd who are a Corporate Authorized Representative of PSC Connect Pty Ltd AFSL 344 648 and who provide General Insurance advice to Retail and Wholesale clients.

• NTAA Corporate who provide Deeds & Documents for retail clients of NTAA members.

• SMSF Engine Pty Ltd who provide outsourced SMSF administration services to Accountants and Financial Planning clients.

The above entities may be wholly or jointly owned or operated by InterPrac Ltd however for the purpose of this Privacy Policy the entities their officers, agents, employees, contractors and representatives will be bound under these arrangements.

1.2 Responsibility

This procedure is reviewed every year by National Compliance Manager. In addition, if there is a major compliance breach in this area, the National Compliance Manager shall review the relevant procedure, or engage an external compliance consultant to review the procedure.

InterPrac acknowledges the importance of having an effective and efficient Privacy Policy in accordance with the Australian Privacy Principles (APP’s). The Privacy Amendment act introduced significant changes to the Privacy Act 1988 (Cth) (Privacy Act). This Policy provides guidance on how InterPrac its entities, officers, advisers, agents and employees who collect, use and retain personal and sensitive information will comply with the APP’s.

1.3 Overview

InterPrac intends that this policy will apply to all entities of the group and the Privacy Amendment Act states that the APP’s apply to individuals, body corporates, partnerships, unincorporated associations or trusts unless they are a small business operator. A small business operator is defined as a business with an annual turnover of $3,000,000 or less for a financial year unless an exemption applies. Notwithstanding that some advisers may operate a business that would come under the small business exemption, as advisers or agents of InterPrac they will still be obliged to comply with the APPs.

This Policy replaces the previous Privacy Policy and is with effect from 10th of August 2018.

1.4 Definition

Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:

• Whether the information or opinion is true or not; and

• Whether the information or opinion is recorded in a material form or not.

1.5 APP1 – Open and transparent management of personal information.

APP 1 requires organisations to have ongoing practices and policies in place to ensure that they manage personal information in an open and transparent way.

APP 1 introduces more prescriptive requirements for privacy policies than the existing requirements in NPP 5.1. An organisation must have an APP privacy policy that contains specified information, including the kinds of personal information it collects, how an individual may complain about a breach of the APPs, and whether the organisation is likely to disclose information to overseas recipients. An organisation needs to take reasonable steps to make its APP privacy policy available free of charge and in an appropriate form.

APP 1 also introduces a positive obligation for organisations to implement practices, procedures and systems that will ensure compliance with the APPs and any registered APP codes.

In accordance with the above requirements, it is the policy of InterPrac that: All persons to whom this policy applies are required to inform themselves of their obligations under the APPs.

InterPrac will provide training as and when required to ensure persons to whom this policy applies are aware of their obligations under the APPs.

All clients of InterPrac are entitled to access their private information upon request. Any complaints in regard to the handling of private information shall be referred to the Privacy Officer (National Compliance Manager).

How InterPrac manages private information will be set out in this policy.

This policy shall be made available on websites operated by InterPrac and its related companies agents and representatives.

On request, clients are to have free access to this policy in any form requested, so long as it is practical to do so.

Members of the InterPrac group may collect and hold personal information such as a person’s name, address, date of birth, income, tax file number (TFN) and such other information that may be required from time to time in order to provide services to clients. This is collected directly from its clients and personal information is held by either companies within the InterPrac group or its advisers and agents.

Any personal information collected by InterPrac is solely for the purpose of providing services to clients and meeting licencing obligations and is not to be used for any other purpose without consent. Any client may seek access to their personal information by contacting the appropriate entity of the InterPrac Group. If a correction is required to that personal information the client may make that amendment by notifying the appropriate entity within the InterPrac Group. If a client is not satisfied with the outcome of their complaint they may lodge a complaint with the Office of the Australian Information Commissioner (OAIC). Further information is available on the OAIC’s website at www.oaic.gov.au.

InterPrac will only disclose personal information of its clients to overseas recipients where such disclosure is required to give effect to the instructions of a client. It is not practical to list all countries to which this applies due to the variety of international financial services available to clients.

1.6 APP2 – Anonymity and Pseudonymity

APP 2 sets out a new requirement that an organisation provide individuals with the option of dealing with it using a pseudonym. This obligation is in addition to the existing requirement that organisations provide individuals with the option of dealing with them anonymously.

Both requirements are subject to certain limited exceptions, including where it is impracticable for the organisation to deal with an individual who has not identified themselves, or where the law or a court/tribunal order requires or authorises the organisation to deal with individuals who have identified themselves.

As InterPrac and its entities deal primarily with clients in financial services, it is unlikely that it would be practical for services to be provided to those clients without them having identified themselves. Further, in most situations companies within the InterPrac group will be required under theterms of the Anti-Money Laundering and Counter-terrorism Financing Act 2006 (Cth) (AML/CTF Act) to appropriately identify clients.

1.7 APP3 – Collection of solicited personal information

APP 3 outlines when and how an organisation may collect personal and sensitive information that it solicits from an individual or another entity.

An organisation must not collect personal information (other than sensitive information) unless the information is reasonably necessary for one or more of the organisation’s functions or activities.

APP 3 clarifies that, unless an exception applies, sensitive information must only be collected with an individual’s consent if the collection is also reasonably necessary for one or more of the organisation’s functions or activities.

An organisation must only collect personal information from the individual, unless it is unreasonable or impracticable to do so.

InterPrac is required to collect only information that is reasonably necessary for one or more of its functions. To meet legislative requirements it is envisaged that InterPrac will be required to collect the information needed to comply and store that information including Tax File No’s and personal medical information.

Where personal information is required to be obtained from clients in order for them to be provided services from entities within InterPrac, those entities must consent to the collection of their personal information.

InterPrac entities may be provided with personal information collected from clients of nonrelated entities for the purpose of providing the services offered by InterPrac entities. The information collected from 3rd parties is collected and used only for the purpose of the specific service and is not disclosed or used for any other purpose.

A collection notice statement relating to this will be required on the websites of the entities recorded.

1.8 APP4 – Dealing with unsolicited personal information

APP 4 creates new obligations in relation to the receipt of personal information which is not solicited.

Where an organisation receives unsolicited personal information, it must determine whether it would have been permitted to collect the information under APP 3. If so, APPs 5 to 13 will apply to that information.

If the information could not have been collected under APP 3, and the information is not contained in a Commonwealth record, the organisation must destroy or de-identify that information as soon as practicable, but only if it is lawful and reasonable to do so. InterPrac entities in receipt of information detailed above should review whether that information could have been necessary or obtained under APP3 and if not then take action to destroy or de-identify that information if it is lawful and reasonable to do so. (for example documents of a personal nature (photos letters emails) accidently included in other information provided).

1.9 APP5 – Notification of the collection of personal information

APP 5 specifies certain matters about which an organisation must generally make an individual aware, at the time, or as soon as practicable after, the organisation collects their personal information.

In addition to the matters listed in NPP 1.3, APP 5 requires organisations to notify individuals about the access, correction and complaints processes in their APP privacy policies, and also the location of any likely overseas recipients of individuals’ information.

In the event that entities of InterPrac utilise 3rd parties to collect information then they are obliged under this policy to provide the above information.

SMSF Engine Pty Ltd utilises off-shore locations to process information and the off shore entities have been required to sign agreements agreeing to operate under the APP’s and the InterPrac privacy policy.

A collection notification statement as outlined in 1.7 above will be included on the NTAA Corporate and SMSF Engine Pty Ltd website pages.

1.10 APP6 – Use and disclosure of personal information

APP 6 outlines the circumstances in which an organisation may use or disclose the personal information that it holds about an individual.

APP 6 generally reflects the NPP 2 use and disclosure obligations. In addition, APP 6 introduces a limited number of new exceptions to the general requirement that an organisation only uses or discloses personal information for the purpose for which the information was collected.

These exceptions include where the use or disclosure is reasonably necessary:

• to assist in locating a missing person

• to establish, exercise or defend a legal or equitable claim, or

• for the purposes of a confidential alternative dispute resolution.

Entities of InterPrac if approached for the disclosure of personal information outside its normal business practices (including those above) then approval should be sought from the Privacy Officer.

1.11 APP7 – Direct marketing

The use and disclosure of personal information for direct marketing is now addressed in a discrete privacy principle (rather than as an exception in NPP 2).

Generally, organisations may only use or disclose personal information for direct marketing purposes where the individual has either consented to their personal information being used for direct marketing, or has a reasonable expectation that their personal information will be used for this purpose, and conditions relating to opt-out mechanisms are met.

APP 7.5 permits contracted service providers for Commonwealth contracts to use or disclose personal information for the purpose of direct marketing if certain conditions are met. Entities of InterPrac must have direct marketing approved by the licensee and for the purposes of this policy any marketing material that is explicitly provided for clients, e.g monthly magazines should provide those clients with the easy ability to opt-out.

Clients of InterPrac can elect to opt-out of receiving direct marketing materials by contacting their adviser or to the Privacy Officer at InterPrac.

1.12 APP8 – Cross-Border disclosure of personal information

APP 8 and a new s 16C introduce an accountability approach to organisations’ cross-border disclosures of personal information.

Before an organisation discloses personal information to an overseas recipient, the organisation must take reasonable steps to ensure that the overseas recipient does not breach the APPs (other than APP 1) in relation to that information. In some circumstances an act done, or a practice engaged in, by the overseas recipient that would breach the APPs, is taken to be a breach of the APPs by the organisation. There are a number of exceptions to these requirements.

Other than in the circumstances outlined in APP1 or financial products and services approved by InterPrac, entities of InterPrac shall seek approval from the Privacy Officer prior to establishing arrangements that would see personal information transferred out of Australia without the clients’ prior approval. (e.g utilising an overseas based accounting organisation to provide work).

1.13 APP9 – Adoption, use or disclosure of government related identifiers

APP 9 prohibits an organisation from adopting, using or disclosing a government related identifier unless an exception applies. APP 9 generally retains the same exceptions as NPP 7, with some additions and amendments.

InterPrac entities shall not use for example a tax file number as a client reference for filing purposes.

1.14 APP10 – Quality of Personal Information

Under APP 10, an organisation must take reasonable steps to ensure the personal information it collects is accurate, up-to-date and complete (as required by NPP 3).

In relation to use and disclosure, the quality requirements differ from NPP 3. For uses and disclosures, the personal information must be relevant, as well as, accurate, up-to-date and complete, having regard to the purpose of the use or disclosure.

InterPrac entities are required to update information held on a regular basis and should not rely on out of date information.

1.15 APP11 – Security of personal information

APP 11 requires an organisation to take reasonable steps to protect the personal information it holds from interference, in addition to misuse and loss, and unauthorised access, modification and disclosure (as required by NPP 4.1).

All InterPrac entities must take reasonable steps to ensure that data is securely stored including password protection on computer files and confidential destruction of paper records.

APP 11 requires InterPrac entities to take reasonable steps to destroy or de-identify personal information if the organisation no longer needs it for any authorised purpose. Under APP 11 there are two exceptions to this requirement:

• the personal information is contained in a Commonwealth record, or

• the organisation is required by or under an Australian law or a court/tribunal order to retain the information.

1.16 APP12 – Access to personal information

The APPs separate the access and correction requirements into two separate principles. Like NPP 6, APP 12 requires an organisation to give an individual access to the personal information that it holds about that individual, unless an exception applies. The exceptions are substantially similar to the exceptions in NPP 6.

There is a new requirement for organisations to respond to requests for access within a reasonable period. In addition, organisations must give access in the manner requested by the individual if it is reasonable to do so. If an organisation decides not to give an individual access, it must generally provide written reasons for the refusal and the mechanisms available to complain about the refusal.

If an organisation charges an individual for giving access to the individual’s personal information, the charge must not be excessive, and must not apply to the making of the request.

1.17 APP13 – Correction of personal information

APP 13 introduces some new obligations in relation to for correcting personal information, which differ from those in NPP 6. The APPs remove the NPP 6 requirement for an individual to establish that their personal information is inaccurate, incomplete or is not up-to-date and should be corrected.

APP 13 now requires an organisation to take reasonable steps to correct personal information to ensure that, having regard to a purpose for which it is held, it is accurate, up-to-date, complete, relevant and not misleading, if either:

• the organisation is satisfied that it needs to be corrected, or

• an individual requests that their personal information be corrected.

Organisations generally need to notify other APP entities that have been provided with the personal information of any correction, if that notification is requested by the individual. APP 13 contains similar provisions to NPP 6 in relation to associating a statement with the personal information if the organisation refuses to correct the information and the individual requests a statement to be associated.

An organisation must also respond to a correction request or a request to associate a statement by the individual within a reasonable period after the request is made, and must not charge the individual for making the request, for correcting the personal information, or for associating the statement with the personal information.

When refusing an individual’s correction request, an organisation must generally provide the individual with written reasons for the refusal and notify them of available complaint mechanisms.

1.18 Privacy Complaints

If a client believes that a breach of the APPs has occurred they can direct their complaint to the Privacy Officer.

The relevant contact details are:

Privacy Officer InterPrac Pty Ltd Level 8, 525 Flinders Street Melbourne, VIC, 3000 Tel 1800 700 666 Email privacy@interprac.com.au

If a client is not satisfied with the outcome of their complaint they may lodge a complaint with the Office of the Australian Information Commissioner (OAIC). Further information is available on the OAIC’s website at www.oaic.gov.au.

1.19 Non – compliance with this policy

Non-compliance with this Policy may result in disciplinary action including the termination of a relationship with InterPrac if the breach is considered serious.

If you are uncertain about this policy then contact the Privacy Officer on 1800 700 666.

PRIVACY POLICY FOR VOW FINANCIAL PTY LTD AND AUTHORISED ENTITIES

Last updated: 23 November 2017

Who are we?

‘We’, ‘us’ and ‘our’ refer to Vow Financial Pty Ltd (ABN 66 138 789 161, Australian Credit Licence 390261) and our related businesses, authorised representatives and credit representatives.

Our commitment to protect your privacy

We understand how important it is to protect your personal information. This document sets out our privacy policy commitment in respect of personal information we hold about you and what we do with that information.

We recognise that any personal information we collect about you will only be used for the purposes we have collected it, or as allowed under the relevant law. It is important to us that you are confident that any personal information we hold about you will be treated in a way which ensures protection of your personal information.

Our commitment in respect of personal information is to abide by the Australian Privacy Principles for the protection of personal information, as set out in the Privacy Act 1988 and any other relevant law.

Personal information

When we refer to personal information we mean information from which your identity is reasonably apparent. This information may include information or an opinion about you. The personal information we hold about you may also include credit information.

This privacy policy relates to an application (‘the application’) you make to a mortgage manager for a loan (‘your loan’) or in which you offered to guarantee the applicant’s loan obligations or your loan or a guarantee of the loan. It includes consents from you to disclose certain information to other organisations described below. Your loan may be consumer credit or commercial credit.

The kinds of personal information we may collect about you include your name, date of birth, address, account details, occupation, and any other information we may need to identify you.

Credit information or Credit eligibility information is information which is used to assess your eligibility to be provided with finance and may include any finance that you may have outstanding, your repayment history in respect of those loans, and any defaults. Usually, credit information is exchanged between credit and finance providers and credit reporting bodies.

Registration information is the information you provide in the course of registering for or acquiring a service, for example, to create an account, become a subscriber or enter a competition. Registration information may include name, email address, address details, gender and date of birth. It includes additional information which you provide in the course of that relationship.

If you are applying for finance we may also collect the ages and number of your dependents and cohabitants, the length of time at your current address, your employment details and proof of earnings and expenses.

Why we collect your personal information

We collect personal information to provide you with the services that you have requested, manage our relationship with you, for the purposes of assessing your application for finance and managing of that finance. We may also collect your personal information for the purposes of direct marketing and managing our relationship with you. From time to time we may offer you other products and services.

To enable us to maintain a successful business relationship with you, we may disclose your personal information to other organisations that provide products or services used or marketed by us. We may also disclose your personal information to any other organisation that may have or is considering having an interest in your finance, or in our business.

How do we collect your personal information?

Where reasonable and practical we will collect your personal information directly from you. We may also collect your personal information from credit and authorised representatives of our licence(s) and other people such as accountants and lawyers. Information will also be collected from the application and from the records we maintain about the products or services you receive from us. Sometimes a Lenders Mortgage Insurance (‘LMI’) (‘Insurer’) may also collect further personal information about you during the course of the LMI cover provided to the lender for your loan. The terms of this notice and the LMI insurer’s Privacy Policy will apply to the collection, use and disclosure of that information.

How information is collected from other sources

Sometimes we will collect information about you from other sources as the Privacy Act 1988 permits. We will do this only if it’s reasonably necessary to do so, for example, where:

  • we obtain information (including commercial credit information concerning your credit worthiness or history, consumer information and collection of overdue payments information) from a credit reporting body for any purpose described below;
  • we obtain information about your loan or a guarantee of the loan from another organisation described above;
  • we can’t get hold of you and we rely on publicly available information to update your contact details;
  • we check property, you offer as security, through public registers or our service providers; or
  • we exchange information with your legal or financial advisers or other representatives.

When the law authorises or requires collection of information

There are laws that affect organisations that may require us to collect personal information about you. For example, we may require information about you to verify your identity under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/ CTF Act).

How your information may be used

We may use information about you for purposes including:

  • considering whether you are eligible for a loan or any related service you requested;
  • processing the application and providing you with a loan or related service;
  • administering your loan or any related service, for example, to answer requests or deal with complaints;
  • confirming your identity;
  • telling you about other products or services it or its related companies make available and that may be of interest to you, unless you tell us not to;
  • allowing it to run its business efficiently and to perform administrative and operational tasks;
  • preventing or investigating any fraud or crime or any suspected fraud or crime;
  • as required by law, regulation or codes binding it; and
  • any purpose to which you have consented.

You can let us know at any time if you no longer wish to receive direct marketing offers from us. We will process your request as soon as practicable.

We may also use credit information about you to:

  • enable an insurer to assess the risk of providing insurance to the lender or to address the lender’s arrangements with the insurer;
  • assess whether to accept a guarantor or the risk of a guarantor being unable to meet their obligations;
  • consider hardship requests; and
  • assess whether to securitise loans and to arrange securitising loans the lender makes.

An LMI insurer may use information about you:

  • to decide whether to insure a lender under an LMI policy;
  • to assess the risk of you or a guarantor defaulting on your obligations to a lender;
  • to administer and vary the insurance cover including for securitisation and hardship applications;
  • to verify information that the LMI insurer collects about you;
  • to deal with claims and recovery of proceeds including, among other things, to enforce a loan or a guarantee in place of a lender if the LMI insurer pays out an insurance claim on your loan or the loan you guarantee;
  • to conduct risk assessment and management involving credit scoring, portfolio analysis, reporting and fraud prevention;
  • to comply with legislative and regulatory requirements including requirements under the Privacy Act 1988 and Insurance Contracts Act 1984 as amended from time to time;
  • for a mortgage insurance purpose relating to you; and
  • for any other purpose under the insurance policy the LMI insurer issues to the lender relating to your loan.

The title insurer or its related entities may use information about you:

  • to assess the risk of providing title insurance to the lender;
  • for the subsequent administration or variation of the title insurance policy;
  • for risk assessment, reporting, fraud prevention, enforcement and claim recovery activities;
  • to discharge your existing mortgage over the security property and register your new mortgage over the security property where a refinance is taking place;
  • to deal with claims and to enforce a loan or a guarantee in place of a lender if the title insurer pays out an insurance claim on your loan or the loan you guarantee;
  • for a title insurance purpose relating to you;
  • to comply with legislative and regulatory requirements; and
  • for any other purpose under the contract between a lender and the title insurer.

Do we disclose your personal information?

We may disclose your personal information:

  • to prospective funders/ lenders or other intermediaries in relation to your finance requirements;
  • to the mortgage manager (‘mortgage manager’), which is listed within the Schedule of Related Parties;
  • to the loan servicer (‘loan servicer’), that considers the application or administers your loan for the lender and listed within the Schedule of Related Parties;
  • to the LMI insurer (‘Insurers’) that considers a lender’s request for LMI cover relating to the application or that gives LMI cover to the lender for your loan, and listed within the Schedule of Related Parties;
  • to the title insurer (‘Insurers’), that considers a lender’s request for title insurance cover relating to the application or that gives title insurance cover to the lender for your loan, and its related entity as listed within the Schedule of Related Parties;
  • to other related and unrelated organisations that are involved in managing or administering your finance such as third party suppliers, printing and postal services, call centers;
  • to associated businesses that may want to market products to you;
  • to companies that provide information and infrastructure systems to us;
  • to anybody who represents you, such as finance brokers, financial planners, lawyers and accountants;
  • to anyone, where you have provided us with consent;
  • where we are required to do so by law, such as under the AML/ CTF Act;
  • to investors, agents or advisers, or any entity that has an interest in our business;
  • credit reporting bodies;
  • organisations that are involved in debt collecting or in purchasing debts;
  • organisations, like fraud reporting agencies, that may identify, investigate and/or prevent fraud, suspected fraud, crimes, suspected crimes, or other serious misconduct;
  • organisations involved in surveying or registering a security property or which otherwise have an interest in a security property;
  • government or regulatory bodies as required or authorised by law. In some instances, these bodies may share the information with relevant foreign authorities;
  • rating agencies to the extent necessary to allow the rating agency to rate particular investments;
  • organisations involved in securitising your loan, including re-insurers and underwriters, loan servicers, trust managers, trustees and security trustees;
  • guarantors and prospective guarantors of your loan;
  • the borrowers or the prospective borrowers of the loan you guarantee;
  • payment system operators to allow us to investigate or correct payments on your loan;
  • to your employer, referees or identity verification services; and/ or
  • to provide you with targeted advertising based on your online activities.

Prior to disclosing any of your personal information to another person or organisation, we will take all reasonable steps to satisfy ourselves that:

  • the person or organisation has a commitment to protecting your personal information at least equal to our commitment, or
  • you have consented to us in making the disclosure.

We may use cloud storage to store the personal information we hold about you. We may store information about you in other types of networked or electronic storage. The cloud storage and the IT servers may be located outside Australia.

We may disclose information about you to overseas entities including related entities and service providers located in the Asia-Pacific, European Union, India or the United States of America (‘USA’).

QBE may disclose information about you to related companies situated in the Philippines. Genworth may disclose information about you to related companies situated in the USA, Canada or the United Kingdom.

The title insurer or its related entities may disclose information about you to related companies situated in the USA, Malaysia or India.

Overseas organisations may be required to disclose information shared with them under a foreign law. In those instances, the organisation, described above, that disclosed the information to the overseas organisation will not be responsible for that disclosure.

We will only share any credit information about you with a credit reporting body if that body has a business operation in Australia and are unlikely to share credit eligibility information with organisations that do not have business operations in Australia.

You may obtain more information about these entities by contacting us.

Direct marketing

From time to time we may use your personal information to provide you with current information about finance, offers you may find of interest, changes to our organisation, or new products or services being offered by us or any company with whom we are associated.

If you do not wish to receive marketing information, you may at any time decline to receive such information by telephoning us on 1800 927 927 or by writing to us at privacy@ybr.com.au. If the direct marketing is by email you may also use the unsubscribe function. We will not charge you for giving effect to your request and will take all reasonable steps to meet your request at the earliest possible opportunity.

Updating your personal information

It is important to us that the personal information we hold about you is accurate and up to date. During the course of our relationship with you we may ask you to inform us if any of your personal information has changed.

If you wish to make any changes to your personal information, you may contact us. We will generally rely on you to ensure the information we hold about you is accurate or complete.

Access and correction to your personal information

We will provide you with access to the personal information we hold about you. You may request access to any of the personal information we hold about you at any time.

We may charge a fee for our costs of retrieving and supplying the information to you.

Depending on the type of request that you make we may respond to your request immediately, otherwise we usually respond to you within seven days of receiving your request. We may need to contact other entities to properly investigate your request.

There may be situations where we are not required to provide you with access to your personal information, for example, if the information relates to existing or anticipated legal proceedings, or if your request is vexatious.

An explanation will be provided to you if we deny you access to the personal information we hold about you.

If any of the personal information we hold about you is incorrect, inaccurate or out of date you may request that we correct the information. If appropriate we will correct the personal information at the time of the request otherwise, we will provide an initial response to you within seven days of receiving your request. Where reasonable, and after our investigation, we will provide you with details about whether we have corrected the personal information within 30 days. We may need to consult with other entities as part of our investigation.

If we refuse to correct personal information we will provide you with our reasons for not correcting the information.

Using government identifiers

If we collect government identifiers, such as your tax file number, we do not use or disclose this information other than required by law. We will never use a government identifier in order to identify you.

Business without identifying you

In most circumstances it will be necessary for us to identify you in order to successfully do business with you, however, where it is lawful and practicable to do so, we will offer you the opportunity of doing business with us without having to provide us with personal information, for example, if you make general inquiries about interest rates or current promotional offers.

If you don’t provide your information to us, it may not be possible:

  • to provide you with the product or service you want. For example, if information is not disclosed to an insurer, it may not be able to process a lender’s request for insurance. In that case, the lender may not be able to assess this application;
  • to manage or administer the loan the lender makes to you;
  • verify your identity or protect against fraud; or
  • to let you know about other products or services that might be suitable for your financial needs.

Sensitive information

We will only collect sensitive information about you with your consent. Sensitive information is personal information that includes information relating to your racial or ethnic origin, political persuasion, memberships in trade or professional associations or trade unions, sexual preferences, criminal record, or health.

How safe and secure is your personal information that we hold?

We will take reasonable steps to protect your personal information by storing it in a secure environment. We may store your personal information in paper and electronic form. We will also take reasonable steps to protect any personal information from misuse, loss and unauthorised access, modification or disclosure.

Using online services

When you access and interact with our services, we may collect certain information about those visits. For example, in order to permit your connection to our services, our servers receive and record information about your computer, device, and browser, including potentially your IP address, browser type, and other software or hardware information.

If you access our services from a mobile or other device, we may collect a unique device identifier assigned to that device, geolocation data, or other transactional information from that device.

Cookies and other tracking technologies (such as browser cookies and local storage) are comprised of small bits of data or code that often include a de-identified or anonymous unique identifier. Websites, apps and other services send this data to your browser when you first request a web page and then store the data on your computer so that such websites, apps and other services can access information when you make subsequent requests for pages from that service. These technologies may also be used to collect and store information such as pages you have visited, content you have viewed, search queries you have run and advertisements you have viewed in relation to your usage of our services and other websites you have visited.

Third parties that support our services such as allowing you to share content may also use these technologies to collect similar information. We do not control these third-party technologies and their use is governed by the privacy policies of those third parties.

Most browsers are initially set to accept cookies, but you can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether.

For more information, consult the “Settings” or “Help” section of your browser. Please note that by blocking any or all cookies you may not have access to certain features or content available on certain sites.

Information disclosure for merger or sale of assets

If we sell all or part of our business or makes a sale or transfer of our assets or are otherwise involved in a merger or transfer of all or a material part of our business, we may transfer or disclose your information to the party(ies)involved in the transaction as part of that transaction and as part of any due diligence processes which take place in contemplation of a potential transaction.

Complaints

If you are dissatisfied with how we have dealt with your personal information, or you have a complaint about our compliance with the Privacy Act 1988, you may contact our Complaints Manager on complaints@ybr.com.au.

We will acknowledge your complaint within seven days. We will provide you with a decision on your complaint within 45 days.

If you are dissatisfied with the response of our Complaints Manager you may make a complaint to the Privacy Commissioner who can be contacted via the Office of the Australian Information Commissioner website (www.oaic.gov.au) or on 1300 363 992.

Further information

You may request further information about the way we manage your personal information by contacting us.

Change in our privacy policy

We are constantly reviewing all of our policies and attempt to keep up to date with market expectations. Technology is constantly changing, as is the law and market place practices.

As a consequence we may change this privacy policy from time to time or as the need arises.

You may request this privacy policy in an alternative form. This Privacy Policy came into existence on 23 November 2017.