June 2020
1. About A Higher Branch
A Higher Branch (‘AHB’) is committed to the privacy and security of your personal information. Respectfully managing your personal information is fundamental to the way we do business and we are committed to protecting your privacy.
The Privacy Act 1988 (Cth) (‘Privacy Act’), the Australian Privacy Principles, Privacy Regulation 2013 (‘Regulations’) and registered privacy codes govern the way in which we must manage your personal information (‘Privacy Laws’).
This Privacy Policy sets out how we collect, use, disclose and otherwise manage your personal information.
In this policy, “we”, “us” and “our” means all of AHB’s Australian offices.
2. What is personal information?
Personal information includes any information or opinion, about an identified individual or an individual who can be reasonably identified from that information. The information or opinion will still be personal information whether it is true or not and regardless of whether we have kept a record of it.
Some examples of personal information may include your:
- Name;
- Date of birth;
- Citizenship;
- Mailing or residential address details;
- Contact details such as telephone numbers, email address, social media platform username;
- Occupation and place of work;
- Government issued identifiers such as Tax File Number, Medicare number or Driver’s License number;
- Bank account and credit card details;
- Credit history, credit capacity, ability to be provided with credit or credit worthiness;
- Signature, photograph, video or audio recording; and
- Sensitive information such as information relating to your health, biometric data, criminal history, racial or ethnic origin.
3. Sensitive information
We generally do not collect “sensitive information” as defined under the Privacy Laws and we further restrict collection of such sensitive information to circumstances where we have either obtained your express consent or a permitted general situation exists.
Sensitive information is personal information that includes information relating to your racial or ethnic origin, criminal history, sexual orientation, membership of any trade or professional associations.
4. Why do we need your personal information?
We understand information is more sensitive so we will be clear about why we are collecting it, what we intend to use it for and how we will protect it.
During the provision of our services or products, we collect, hold, use and disclose your or your customer’s personal information provided to us which is necessary to carry out our business functions or activities. These functions and activities may include:
- Providing various products and services relating to our business to you or to your customers on your behalf;
- Transaction information;
- Throughout the life of the products or services that we provide to you or to your customers on your behalf, during this time we may also collect and hold additional personal information about you or your customers;
- Making a record of queries or complaints you or your customers make and collecting additional information to assess the claim;
- Arranging for services to be provided by third parties appointed by us;
- Providing you with information about other services that we offer that may be of interest to you;
- Enhancing our customer service and product options (see the section “Will my personal information be used for direct marketing?”); and
Facilitating our internal business operations, such as record keeping, data analytics, auditing, training and including the fulfilment of any of our legal requirements.
5. Will my personal information be used for direct marketing?
We use and disclose your personal information to keep you informed about the range of financial products and services we offer. You can opt out of receiving direct marketing information from us at any time.
6. What happens if I do not provide information that has been requested?
If you do not allow us to collect all of the personal information we reasonably request, we may not be able to deliver those products or services to you or on your behalf to your customers or be unable to identify you to protect you against fraud.
7. How do we collect personal information?
- When you interact with AHB, you may provide us with personal information that we need to use to provide you with our products and services. We collect most personal information directly from you or your customers whether in person, on the phone or electronically.
- We collect, hold, use and disclose your personal information which is necessary to carry out our business functions or activities. These functions and activities include:
- When you apply for, register your interest in, or enquire about a product or service;
- When we provide a product or service to your customers on your behalf;
- Checking whether you are eligible and providing to you or your customers on your behalf our products or services;
- Helping us develop insights and conduct data analysis to improve the delivery of our products, services, enhancing our customer relationships and to effectively manage risks;
- Understanding your interests and preferences so we can tailor digital content;
- When you or your customers provide us with feedback or make a complaint;
- When you visit our website or use our mobile or tablet applications and we may use technology called “cookies” which can record information about your visit or use of our site and applications;
- When you or your customers talk to us, or do any business with us;
- When you access a social media page operated by us and any information you have disclosed in connection with that social media service (please note that we will never ask you to supply personal information publicly over Facebook, LinkedIn, Twitter or any other social media platform that we use);
- We may also collect information from third party websites, applications or platforms containing our interactive content or that interface with our own websites and applications;
- Or when you talk to us or do business with us.
- From time to time, in order for us to perform the functions and/or activities described above we may collect or share personal information about you with third parties or organisations described below:
- Our related entities and other organisations with whom we have affiliations (if any) to facilitate our and their internal business processes;
- Other organisations, who jointly with us, provide products or services to you or with whom we partner to provide products or services to you;
- Third party service providers, who assist us in operating our business (including but not limited to regional and interstate settlement agents, credit reporting bodies, insurers, re-insurers and technology service providers), and these service providers may not comply or be required to comply with our privacy policy;
- Other available sources of information in government agencies, regulatory bodies, government registries, law enforcement bodies in any jurisdiction, credit reporting bodies and public information in public registers;
- Your representatives (including your legal adviser, mortgage broker, lender, financial adviser, insurer, executor, administrator, guardian, trustee, or attorney);
- Our financial advisers, legal advisers, auditors or organisations involved in a corporate re-organisation or involved in a transfer of all or part of the assets or business of our organisation;
- Organisations involved in the payments systems including financial institutions, merchants and payment organisations;
- We may use or disclose your information to comply with our legislative or regulatory requirements in any jurisdiction and to prevent fraud, criminal or other activity that may cause you, us or others harm including in relation to our products or services;
- As required or authorised under Privacy Laws or other applicable law;
- Where you have given your consent for us to do so and/or where you have given your consent to your product/service provider that we act for; or
- Where we notify you during our dealings and /or we disclose it in our Privacy Policy.
We may also use or disclose your personal information for a secondary purpose where the use or disclosure is required or authorised by or under an Australian law or a court/tribunal order, or if a permitted general situation applies.
8. Person information not requested
If we receive personal information about you that we had not requested directly from you or from another party, we will decide whether we could have collected the information in accordance with this Privacy Policy and applicable Privacy Laws.
If we decide that we could:
- Have collected the information then we will keep the information and handle it in accordance with this Privacy Policy and applicable Privacy Laws; and
- Not have collected the personal information in accordance with this Privacy Policy and applicable Privacy Laws, then we will destroy or de-identify the information if it is lawful and reasonable to do so.
9. De-identifying personal information
We may also de-identify your personal information which we have collected for the purposes described in this Privacy Policy. As a result, this Privacy Policy and Privacy Laws will generally not apply to our use of de-identified information. However, we will continue to safeguard this de-identified information.
10. How do we hold and protect your personal information?
- Much of the information we hold about you will be stored electronically. We store some of your information in secure data centres that are located in Australia. We also store information in data centres of our contracted service providers (including cloud storage providers), and some of these data centres may be located outside of Australia.
- Some information we hold about you will be stored in paper files.
- We use a range of physical, electronic and other security measures to protect the security, confidentiality and integrity of the personal information we hold both in Australia and overseas. For example:
- Access to our information systems is controlled through identity and access management controls;
- Employees and our contracted service providers are bound by internal information security policies and are required to keep information secure;
- All employees are required to complete training about privacy and information security; and
- We regularly monitor and review our compliance with internal policies and industry best practice.
- The security of your personal information is important to us. We take reasonable measures to ensure that your personal information is stored safely to protect it from misuse, loss, unauthorised access, modification or disclosure, including electronic and physical security measures.
- We cannot ensure the security of any information that you transmit to us over the internet and you do so at your own risk. Our website links to external websites and we take no responsibility for the privacy practices or the content of these other sites.
- We will not sell your personal information to other companies or organisations without your prior consent.
11. Can you remain anonymous or use a pseudonym when dealing with us?
Where it is lawful and practical to do so, you may wish to deal with us without providing any personal information, such as by providing a pseudonym or dealing with us anonymously, when you make general enquiries. However, in order to provide some of our services to you, we may need to identify you.
12. Overseas Recipients
Prior to disclosing your personal information to an overseas recipient, unless a permitted general situation applies, we will take all reasonable steps to ensure that:
- The overseas recipient does not breach the Australian Privacy Principles; or
- The overseas recipient is subject to a law, or binding scheme, that has the effect of protecting the information in a way that, overall, is at least substantially similar to the way the Australian Privacy Principles protect the information; or
- You have consented to us making the disclosure.
Acceptance of any of our services via an application in writing, orally or electronic means will be deemed as giving consent to the disclosures detailed herein.
13. Access to and correction of your personal information
You can request, at any time, for us to inform you of the personal information we hold about you. You can also ask for corrections to be made.
There is no fee for requesting that your personal information is corrected or for us to make corrections. In some limited circumstances, there may be a reasonable charge for giving you access to your personal information. This charge covers such things as locating the information and supplying it to you.
We usually respond to you within 30 days of receiving your request.
We may refuse to give you access to the personal information we hold about you if we reasonably believe that giving access would pose a serious threat to the life, health or safety of an individual, or to public health or safety, where giving access would be unlawful, where giving access would have an unreasonable impact on the privacy of other individuals, or if we consider the request to be frivolous or vexatious.
If any of the information we hold about you is inaccurate, out of date, incomplete or irrelevant, please contact us.
If you wish to access or correct any of the personal information we hold about you, please write to us, email us or contact us by telephone using the details listed in Item 1 of the Schedule.
If we refuse to give you access to or to correct your personal information, we will give you a notice explaining our reasons except where it would be unreasonable to do so. If we refuse your request to correct your personal information, you also have the right to request that a statement be associated with your personal information noting that you disagree with its accuracy.
If we refuse your request to access or correct your personal information, we will also provide you with information on how you can complain about the refusal.
14. Notifiable Data Breaches
From February 2018, the Privacy Act includes a new Notifiable Data Breaches (NDB) scheme which requires us to notify you and the Office of the Australian Information Commissioner (OAIC) of certain data breaches and recommend steps you can take to limit the impacts of a breach (for example, a password change).
The NDB scheme requires us to notify about a data breach that is likely to result in serious harm to affected individuals. There are exceptions where notification is not required. For example, where we have already taken appropriate remedial action that removes the risk of serious harm to any individuals.
If we believe there has been a data breach that impacts your personal information and creates a likely risk of serious harm, we will notify you and the OAIC as soon as practicable and keep in close contact with you about the nature of the breach, the steps we are taking and what you can do to reduce the impacts to your privacy.
If you believe that any personal information, we hold about you has been impacted by a data breach, you can contact us using the contact details below.
15. Complaints
A Higher Branch is committed to resolving your privacy complaint as soon as possible and we will endeavour to help resolve any problems or complaints efficiently.
If you have a question or complaint about how your personal information is being handled by us, our affiliates or contracted service providers, please contact us first by using the contact details provided in Item 1 of the Schedule.
We will make a record of your complaint and take steps to correct any deviation from Australian Privacy Principals.
We will acknowledge your complaint within seven days. We will provide you with a decision on your complaint within 30 days.
If you are dissatisfied with our response, you may make a complaint to the Privacy Commissioner. Please note the OAIC requires any complaint must first be made to the respondent organisation. The law also allows 30 days for the respondent organisation to deal with the complaint before a person may make a complaint to the OAIC.
The Commissioner can be contacted at:
Office of Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Phone: 1300 363 992
Email: enquiries@oaic.gov.au
Website: www.oaic.gov.au
16. How we may change this Policy
We may amend or update this Policy at any time. Any changes to our Privacy Policy will be published on our website.