Privacy Policy

INTRODUCTION

The privacy and security of your personal information is important to us. Maintaining your trust by carefully managing your personal information is fundamental to the way we do business.

We (MGD Wealth and its associated companies) are committed to protecting your privacy. We are bound by the Privacy Act 1988 (Cth) (‘Privacy Act’). The Privacy Act incorporates the Australian Privacy Principles (APPs) that set out the way in which personal information must be handled.

This policy explains how we can collect, use, hold and disclose your personal information, as well as ensuring the quality, integrity and security of your personal information.

 

WHAT IS PERSONAL INFORMATION?

Personal information includes any information or opinion, about an identified individual or an individual who can be reasonably identified from that information.

Some examples of personal information may include:

  • names;
  • mailing or residential address details;
  • contact details such as telephone numbers and email addresses;
  • government issued identifiers such as Tax File Number or Driver’s Licence Number;
  • bank account and credit card details;
  • credit information;
  • sensitive information (see below);

 

Sensitive information

‘Sensitive information’ is a subset of personal information and includes personal information that may have serious ramifications for the individual concerned if used inappropriately.

The sensitive information we usually collect and hold about an individual may include some of the following if it is relevant in providing the accounting or financial service to the individual (such as completing tax returns):

  • health information;
  • racial or ethnic origin;
  • religious affiliation;
  • membership of professional or trade associations;
  • membership of trade unions;

Our collection of sensitive information is restricted to circumstances where we have obtained your express consent and to certain other permitted situations. Generally, we only collect this sort of information if it is reasonably necessary to provide you with a specific product or service and you expressly consent to our collection of it.

 

WHY DO WE COLLECT PERSONAL INFORMATION?

MGD Wealth collects and holds personal information from clients, prospective clients, potential employees and other individuals. We collect and hold this information when it is necessary for business purposes.

The primary purpose for which information is collected varies, depending on the particular service being provided, but it is generally to provide accounting, financial advisory or tax services to you or your business.

In the case of potential employees, the primary purpose the information is collected is to assess the individual’s suitability for employment.

Because of the nature of our business, it is generally not possible for us to deal with individuals on an anonymous basis or through the use of a pseudonym, as we are usually required by law to deal with individuals who have identified themselves. However, sometimes it is possible for individuals not to identify themselves (for example, when anonymous client feedback is sought).

 

HOW DO WE COLLECT PERSONAL INFORMATION?

Our usual approach to collecting personal information is to collect it directly from you.

We may also collect personal information in other ways, including:

  • through referrals from individuals or other entities;
  • from third party service providers and suppliers;
  • from paid search providers; and
  • Government agencies, for example, the Australian Taxation Office or the Australian Securities and Investments Commission

Personal information may also be used or disclosed by us for secondary purposes which are within your reasonable expectations and which are related to the primary purpose of collection.

For example, we may collect and use your personal information:

  • to provide you with updates and alerts that are relevant to you or your business; and
  • to invite you to events.

 

WHO DO WE DISCLOSE YOUR PERSONAL INFORMATION TO?

We may share your personal information across our Wealth Management, Tax Advisory, SMSF Advisory and Risk and Succession Advisory divisions, as required to meet our ongoing service agreement.

We may also disclose your personal information to others outside MGD Wealth, including:

  • third parties as agreed with you, if it is necessary to provide you with the accounting, financial advisory or tax service;
  • our external auditors;
  • to Government agencies, including the Australian Taxation Office and the Australian Securities and Investment Commission.
  • where are otherwise permitted or required to disclose the information under applicable Privacy laws.

 

DO WE COLLECT PERSONAL INFORMATION ELECTRONICALLY?

We may collect information from you electronically, for instance through internet browsing on our websites.

Each time you visit our websites, we may collect information about you, which may include personal information (such personal information will be de-identified) and may include the following:

  • the date and time of visits;
  • the pages viewed and your browsing behavior;
  • how you navigate through the site and interact with pages (including fields completed in forms and applications completed);
  • general location information;
  • information about the device used to visit our website (including your tablet or mobile device)
    • Such as device IDs; and
  • IP addresses. Your IP Address is a number that is automatically assigned to the device that you are using by your Internet Service Provider (ISP).

We collect information using cookies when you use our website. Cookies are small pieces of information stored on your hard drive or in memory. One of the reasons for using cookies is to offer you increased security. They can also record information about your visit to our websites, allowing us to remember you the next time you visit and provide a more meaningful experience.

We may also collect information from third party websites, applications or platforms containing our interactive content or that interface with our own websites.

We may collect personal information about you from social media platforms if you publicly comment, but we will never ask you to supply personal information publicly over any social media platform that we use. Sometimes we may invite you to send your details to us via private messaging, for example, to answer a question about your account.

 

PERSONAL INFORMATION ABOUT THIRD PARTIES

If we receive personal information about you that we do not request directly from you or from another party, we will decide whether we could have collected this information in accordance with the Privacy Policy and the applicable Privacy Laws.

If we decide that we could have collected the information in accordance with this Privacy Policy and applicable Privacy Laws, we will keep the information and handle it in accordance with this Privacy Policy and the applicable Privacy Laws.

If we decide that we could not have collected the personal information in accordance with this Privacy Policy and the applicable Privacy Laws, we will destroy or de-identify the information if it is lawful and reasonable to do so.

 

HOW DO WE HOLD PERSONAL INFORMATION?

Our usual approach to holding personal information includes:

  • physically
  • at our premises (securely); electronically:
    • on secure online servers;
    • on a private cloud; and
    • by a third party data storage provider.

 

We secure the personal information we hold in numerous ways, including:

  • using security cards to access areas that contain personal information;
  • using secure servers to store personal information;
  • storing important documents and physical servers in locked storage rooms;
  • using unique usernames, passwords and other protections (such as firewalls) on systems that can access personal information;
  • using document shredders to destroy personal information; and
  • using secure bins that are removed for shredding in compliance with the Privacy Act 1988.

 

HOW DO WE MANAGE THE PERSONAL INFORMATION WE COLLECT?

We manage the personal information we collect in numerous ways, such as by:

  • implementing security systems for protecting personal information from misuse, interference and loss from unauthorised access, modification or disclosure;
  • providing new staff with induction training on privacy issues;
  • appropriately supervising staff who regularly handle personal information;
  • implementing procedures for avoiding privacy breaches.

Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, for example if you feel that the security of any account you have with us has been compromised, please immediately contact us.

We take reasonable steps to destroy or permanently de-identify personal information after we no longer need to hold or use it for any purpose under this Privacy Policy.

We are also subject to professional obligations which may affect how we deal with personal information.

 

WILL WE DISCLOSE PERSONAL INFORMATION OUTSIDE AUSTRALIA?

In the course of providing services to you, MGD may from time to time enter into contracts with other parties. These parties may be related entities to MGD, or third parties being contactors, agents or service providers with employees and operations here in Australia and overseas. These third parties may include but are not limited to IT and data storage services and accounting services.

In doing so MGD may be requested or required to disclose to, or collect from, those parties your personal information or information in relation to your financial affairs. Any such disclosure or collection of information is handled in the utmost confidence and in strict compliance with MGD’s Privacy Policy.

By submitting your personal information to MGD Wealth, you expressly agree and consent to the disclosure, transfer, storing or processing of your personal information outside of Australia. In providing this consent, you understand and acknowledge that countries outside Australia do not always have the same privacy protection obligations as Australia in relation to personal information. However, we will take all reasonable steps to ensure that your information is used by third parties securely and in accordance with the terms of this privacy policy.

The Privacy Act requires us to take such steps as are reasonable in the circumstances to ensure that any recipients of your personal information outside Australia do not breach the privacy principles contained in the Privacy Act. We acknowledge the importance of protecting personal information and have taken reasonable steps to ensure that your information is used by third parties securely and in accordance with terms of this privacy policy.

 

HOW DO YOU ACCESS AND CORRECT YOUR PERSONAL INFORMATION?

It is important that the information we hold about you is up-to-date. You should contact us if your personal information changes.

You may request access to the personal information held by us or ask us for your personal information to be corrected by using the contact details below.

We will grant you access to your personal information as soon as possible, subject to the request circumstances, and our professional obligations.

In keeping with our commitment to protect the privacy of personal information, we may not disclose personal information to you without proof of identity.

We may deny access to personal information if:

  • the request is unreasonable;
  • providing access would have an unreasonable impact on the privacy of another person;
  • providing access would pose a serious and imminent threat to the life or health of any person;
  • providing access would compromise our professional obligations; or
  • there are other legal grounds to deny the request (such as, it would result in a breach of our professional obligations).

We may charge a fee for reasonable costs incurred in responding to an access request. The fee (if any) will be disclosed prior to it being levied.

If the personal information that we hold is not accurate, complete and up-to-date, we will take reasonable steps to correct it so that it is accurate, complete and up-to-date, where it is appropriate to do so.

 

NOTIFIABLE DATA BREACHES

From February 2018, The Privacy Act includes a new Notifiable Data Breaches (NDB) scheme, which requires us to notify you and the Office of the Australian Information Commissioner (OAIC) of certain data breaches and recommend steps you can take to limit the impacts of a breach (for example, a password change).

The NDB scheme requires us to notify about a data breach that is likely to result in serious harm to affected individuals. There are exceptions where notification is not required. For example, where we have already taken appropriate remedial action that removes the risk of serious harm to any individuals.

If we believe there has been a data breach that impacts your personal information and creates a likely risk of serious harm, we will notify you and the OAIC as soon as practicable and keep in close contact with you about the nature of the breach, the steps we are taking and what you can do to reduce the impacts to your privacy.

If you believe that any personal information we hold about you has been impacted by a data breach, you can contact us using the contact details below.

 

COMPLAINTS

If you wish to complain about any breach or potential breach of this privacy policy or the Australian Privacy Principles, please put your complaint in writing and contact us by either of the methods detailed below.

We will acknowledge your complaint as soon as we can after the receipt of your complaint. We will let you know if we need any further information from you to resolve your complaint.

We aim to resolve complaints as quickly as possible. We strive to resolve complaints within five (5) business days, however some complaints may take longer to resolve. If your complaint is taking longer, we will let you know what is happening and a date by which you can reasonably expect a response.

 

WHO TO CONTACT

The CEO
Postal Address: PO Box 7074, East Brisbane QLD 4169
Email address: advice@mgdwealth.com.au

If you are unhappy with our response, you can complain to the Office of the Australian Information Commissioner (OAIC) who may investigate your complaint further. Please note the OAIC requires any complaint must first be made to the respondent organization. The law also allows 30 days for the respondent organization to deal with the complaint before a person may make a complaint to the OAIC.

The OAIC can be contacted at:

Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Phone: 1300 363 992
Email: enquiries@oaic.gov.au
www.oaic.gov.au

 

CHANGES TO THE PRIVACY POLICY

We may change the way we handle personal information from time to time. If we do so, we will update this Privacy Policy. An up-to-date version of this policy is available at any time at www.mgdwealth.com.au.

This policy was last updated in July 2020.