The privacy and security of your personal information is important to us. Maintaining your trust by carefully managing your personal information is fundamental to the way we do business.
We (MGD Wealth and its associated companies) are committed to protecting your privacy. We are bound by the Privacy Act 1988 (Cth) (‘Privacy Act’). The Privacy Act incorporates the Australian Privacy Principles (APPs) that set out the way in which personal information must be handled.
This policy explains how we can collect, use, hold and disclose your personal information, as well as ensuring the quality, integrity and security of your personal information.
Personal information includes any information or opinion, about an identified individual or an individual who can be reasonably identified from that information.
Some examples of personal information may include:
‘Sensitive information’ is a subset of personal information and includes personal information that may have serious ramifications for the individual concerned if used inappropriately.
The sensitive information we usually collect and hold about an individual may include some of the following if it is relevant in providing the accounting or financial service to the individual (such as completing tax returns):
Our collection of sensitive information is restricted to circumstances where we have obtained your express consent and to certain other permitted situations. Generally, we only collect this sort of information if it is reasonably necessary to provide you with a specific product or service and you expressly consent to our collection of it.
MGD Wealth collects and holds personal information from clients, prospective clients, potential employees and other individuals. We collect and hold this information when it is necessary for business purposes.
The primary purpose for which information is collected varies, depending on the particular service being provided, but it is generally to provide accounting, financial advisory or tax services to you or your business.
In the case of potential employees, the primary purpose the information is collected is to assess the individual’s suitability for employment.
Because of the nature of our business, it is generally not possible for us to deal with individuals on an anonymous basis or through the use of a pseudonym, as we are usually required by law to deal with individuals who have identified themselves. However, sometimes it is possible for individuals not to identify themselves (for example, when anonymous client feedback is sought).
Our usual approach to collecting personal information is to collect it directly from you.
We may also collect personal information in other ways, including:
Personal information may also be used or disclosed by us for secondary purposes which are within your reasonable expectations and which are related to the primary purpose of collection.
For example, we may collect and use your personal information:
We may share your personal information across our Wealth Management, Tax Advisory, SMSF Advisory and Risk and Succession Advisory divisions, as required to meet our ongoing service agreement.
We may also disclose your personal information to others outside MGD Wealth, including:
We may collect information from you electronically, for instance through internet browsing on our websites.
Each time you visit our websites, we may collect information about you, which may include personal information (such personal information will be de-identified) and may include the following:
We collect information using cookies when you use our website. Cookies are small pieces of information stored on your hard drive or in memory. One of the reasons for using cookies is to offer you increased security. They can also record information about your visit to our websites, allowing us to remember you the next time you visit and provide a more meaningful experience.
We may also collect information from third party websites, applications or platforms containing our interactive content or that interface with our own websites.
We may collect personal information about you from social media platforms if you publicly comment, but we will never ask you to supply personal information publicly over any social media platform that we use. Sometimes we may invite you to send your details to us via private messaging, for example, to answer a question about your account.
Our usual approach to holding personal information includes:
We secure the personal information we hold in numerous ways, including:
We manage the personal information we collect in numerous ways, such as by:
Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, for example if you feel that the security of any account you have with us has been compromised, please immediately contact us.
We are also subject to professional obligations which may affect how we deal with personal information.
In the course of providing services to you, MGD may from time to time enter into contracts with other parties. These parties may be related entities to MGD, or third parties being contactors, agents or service providers with employees and operations here in Australia and overseas. These third parties may include but are not limited to IT and data storage services and accounting services.
It is important that the information we hold about you is up-to-date. You should contact us if your personal information changes.
You may request access to the personal information held by us or ask us for your personal information to be corrected by using the contact details below.
We will grant you access to your personal information as soon as possible, subject to the request circumstances, and our professional obligations.
In keeping with our commitment to protect the privacy of personal information, we may not disclose personal information to you without proof of identity.
We may deny access to personal information if:
We may charge a fee for reasonable costs incurred in responding to an access request. The fee (if any) will be disclosed prior to it being levied.
If the personal information that we hold is not accurate, complete and up-to-date, we will take reasonable steps to correct it so that it is accurate, complete and up-to-date, where it is appropriate to do so.
From February 2018, The Privacy Act includes a new Notifiable Data Breaches (NDB) scheme, which requires us to notify you and the Office of the Australian Information Commissioner (OAIC) of certain data breaches and recommend steps you can take to limit the impacts of a breach (for example, a password change).
The NDB scheme requires us to notify about a data breach that is likely to result in serious harm to affected individuals. There are exceptions where notification is not required. For example, where we have already taken appropriate remedial action that removes the risk of serious harm to any individuals.
If we believe there has been a data breach that impacts your personal information and creates a likely risk of serious harm, we will notify you and the OAIC as soon as practicable and keep in close contact with you about the nature of the breach, the steps we are taking and what you can do to reduce the impacts to your privacy.
If you believe that any personal information we hold about you has been impacted by a data breach, you can contact us using the contact details below.
We will acknowledge your complaint as soon as we can after the receipt of your complaint. We will let you know if we need any further information from you to resolve your complaint.
We aim to resolve complaints as quickly as possible. We strive to resolve complaints within five (5) business days, however some complaints may take longer to resolve. If your complaint is taking longer, we will let you know what is happening and a date by which you can reasonably expect a response.
Postal Address: PO Box 7074, East Brisbane QLD 4169
Email address: firstname.lastname@example.org
If you are unhappy with our response, you can complain to the Office of the Australian Information Commissioner (OAIC) who may investigate your complaint further. Please note the OAIC requires any complaint must first be made to the respondent organization. The law also allows 30 days for the respondent organization to deal with the complaint before a person may make a complaint to the OAIC.
The OAIC can be contacted at:
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Phone: 1300 363 992
This policy was last updated in July 2020.