Scope of Policy
This Policy has been formulated to ensure that Gardior complies with its legal requirements in relation to privacy. Gardior is required to comply with the requirements of the Privacy Act 1988 (the “Privacy Act”). The Privacy Act provides for a legislative framework governing the management of personal information held by Gardior in conducting its business operations. Specifically, Gardior is required to comply with the Australian Privacy Principles (APPs).
This Policy has been reviewed taking into account the Office of the Australian Information Commissioner (OAIC) guidelines released in late 2013 so far as they apply to Gardior and the Gardior Group.
Responsibility for this policy
The Gardior Board (the “Board”) has ultimate responsibility for this Policy.
The Board delegates to the Company Secretary the formulation of processes and procedures to ensure Gardior’s operations accord with this Policy.
Gardior has engaged an external Compliance Consultant that monitors ongoing compliance with this Policy and reports directly to the Gardior Risk, Audit and Compliance Committee when a breach of this Policy has occurred.
Purpose of this policy
This Policy sets out the Board of Gardior’s policy on the management of personal information about individuals, including the collection, use, disclosure and security of personal information.
The Policy also describes the process to access and correct information that Gardior holds and how to make enquiries or complaints about how Gardior manages the personal information it has collected.
Personal information that we hold and how and why we collect it
Personal information includes information about an individual such as:
- name or address;
- bank account details and credit card information;
- photos; and
- information about the individual’s opinions and what they do and don’t like.
Gardior collects minimal personal information as Gardior’s investors are incorporated organisations, rather than natural persons. The information collected about such entities may not be subject to the same privacy requirements as personal information.
Gardior collects personal information about representatives of investors or service providers of its investors as required in the normal course of business. In addition, we may collect personal information regarding Gardior Directors and other individuals employed within the Gardior Group.
Collection of personal information by service providers
Gardior has outsourced the performance of the Company Secretarial and Administration functions for the Gardior Funds to Independent Fund Administrators & Advisers Pty Ltd (IFAA) (ABN 28 081 966 243) and its associated entities. This includes investment administration and accounting services contracted to Independent Professional Services Pty Ltd (ABN 67 126 760 638). Gardior also outsources the Investment Management services for the Gardior Funds to various external investment managers.
All outsourced providers to Gardior undertake to keep personal information confidential and not to use it for any purposes other than those outlined in this Policy.
Personal information is collected by IFAA in performing Company Secretarial and Administration services on behalf of Gardior. IFAA collects, uses, discloses and holds onto this information on behalf of Gardior. IFAA staff involved in the collection of information on behalf of Gardior do so in accordance with the Privacy Policies of IFAA and Gardior as well as privacy procedures in place at IFAA to ensure compliance with the Privacy Act.
Process of collection
Information may be collected directly from the investor entity, from application forms or directly from an individual. The types of personal information that Gardior collects about an individual may include, but not be limited to:
- date of birth;
- name of employer and employer’s address;
- telephone and fax number; and
- email address.
Gardior will only collect personal information if it is fair and lawful to do so. When we collect information from a person or organisation it is usually done because we are required to under Corporations Law.
We will not collect information in an unreasonably intrusive manner.
From time to time we may receive unsolicited information from investor representatives. If this occurs we will:
- consider if we can collect it;
- destroy or de-identify the information if we cannot collect it; and
- if we can collect it, ensure we manage the information in the same way we managed solicited personal information in accordance with this Policy.
Right to anonymity
Providers of information have the right to anonymity or the use of a pseudonym when dealing with us. However, when this occurs, it means we may not be able to disclose any information to that person regarding Gardior that is of a confidential nature i.e. not publically available.
Access to personal information
Access to personal information is limited to authorised employees of the Gardior Group and its services providers who require access to this information for the administration of investments. The information may be disclosed to regulatory agencies to ensure compliance with legal and other regulatory requirements.
Personal information and how we disclose it
Disclosure of personal information
Gardior will only use and disclose the personal information we hold for the following purposes (primary purposes):
- Performing any function in relation to the administration of Gardior Funds or the Gardior Group, or any other service or function required to manage and operate the Gardior Funds on behalf of our investors, by Gardior or its service providers.
- Providing advice to the Gardior Board.
- Considering an application made to Gardior.
- Managing Gardior’s rights and obligation in relation to external parties.
- Developing and identifying products the entity may be interested in.
- Arranging for the provision of products and services to the entity.
We may also use or disclose your information for the following purposes (secondary purposes):
- Regulator reporting e.g. ATO, ASIC where required by legislation.
- Provide information to the courts in relation to a complaint.
- To assist Gardior in complying with legal and regulatory requirements.
- To assist with administering Gardior, information may be passed on to third parties, who assist Gardior in complying with legal and regulatory requirements.
All of the organisations to which the personal information may be disclosed require appropriate Privacy Policies and systems that adhere to Australian privacy law.
Gardior does not disclose information about you to other organisations for marketing purposes.
If Gardior use or disclose your personal information for enforcement related activities, we will make a written record of this.
Disclosure to overseas recipients
Gardior may disclose your personal information to an overseas recipient, where doing so is required to perform any function in relation to the administration of Gardior Funds or the Gardior Group, or any other service or function required to manage and operate the Gardior Funds on behalf of our investors, by Gardior or its service providers. Such functions could include opening or maintaining bank accounts with banks based overseas or creating or administering foreign domiciled entities within the Gardior Group.
Gardior will only do this if we reasonably believe the receiving entity will not breach the privacy requirements contained in Australian privacy law.
Government related identifiers
Where Gardior has requested provision of government related identifiers such as tax file numbers in the process of business operations, we will only disclose a government related identifier to a third party in the following circumstances:
- when required by legislation.
- when required by a court order.
- for enforcement related activities.
- in order to facilitate an investment transaction for which the government related identifier was obtained.
- in circumstances where provision of such information is necessary for the day to day administration of Gardior, Gardior Funds or the Gardior Group, and the provider of the government related identifier would reasonably expect such information to be disclosed in the circumstances.
Data Integrity (Quality)
Quality of information
Gardior will take reasonable steps to ensure that the information that we hold about you is accurate, complete and up to date. We will do this by:
- sending to investors a request to update personal information we have collected as regularly as required based on business needs;
- promptly responding to any requests received from properly authorised investor representatives to update the information we hold; and
- updating our information based on documentation or correspondence received from investor representatives in the normal course of business.
Gardior will take reasonable steps to ensure that the information that we hold about you is secure and is protected from misuse, interference and loss, or from unauthorised access, modification or disclosure.
We will do this by ensuring that:
- our IT systems have adequate restrictions to ensure that only staff involved in the provision of services to Gardior, Gardior Funds and the Gardior Group are able to access the personal information we collect;
- our IT systems have proper processes for the storage and back up of data; and
- staff involved in the provision of services to Gardior have received appropriate training on the management of sensitive information.
If Gardior have determined that we no longer need the personal information we have collected about individuals, we will take appropriate steps to destroy the information or ensure it is de-identified.
Access to and Correction of information
Access to information
Individuals are entitled to access information Gardior holds about them. If an individual wishes to know what information Gardior holds about them, they can contact Gardior in writing, or by phone.
Requests for information can sometimes be answered over the telephone, or a copy of the information can be sent by post.
Individuals cannot access information about any other individual for whom we have collected personal information unless that individual has given written approval to do so.
Under certain circumstances Gardior may not be able to fully disclose what information is held about an individual to that individual. These circumstances could include when:
- provision of the information would have an unreasonable impact on the privacy of other individuals;
- the information relates to legal proceedings with the individual;
- the information would reveal commercially sensitive information; or
- Gardior is prevented by law from disclosing the information.
If you request access, we must respond to your request within a reasonable period after you make the request. We must give you access in the manner you requested, except where it is unreasonable or impracticable to do so.
If we refuse access we must give you written reasons that set out:
- the reasons for the refusal except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so; and
- the mechanisms available to complain about the refusal; and
- any other matters prescribed by the regulations.
We will not charge a fee for making a request or accessing information held.
Correction of information
Gardior seeks to ensure that personal information collected remains accurate, complete and up-to-date.
We may correct the information we have collected if we believe it is inaccurate, out of date, incomplete, irrelevant or misleading. We will do so by ensuring internal processes are adequate to maintain data quality and contact is made with the individual concerned where practical.
If we correct information that we hold that we have also given to a third party (under approved means) we will also request that entity to correct the information.
In certain circumstances, we may refuse to correct the information we hold. Were this to occur we would provide written reasons that set out:
- The reasons for the refusal except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so; and
- The mechanisms available to complain about the refusal; and
- Any other matters prescribed by the regulations.
If we refuse to correct the information, the party from whom the information was collected has the right to ask us to associate with the information a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading. Gardior must take such steps as are reasonable in the circumstances to associate the statement in such a way that will make the statement apparent to users of the information.
We must respond to the request to correct the information within a reasonable period and we will not charge a fee for the making of the request, correcting the personal information or for associating the statement with the personal information.
Gardior is prohibited from using or disclosing personal information for the purposes of direct marketing.
However, we are allowed to use or disclose personal information for direct marketing where the person providing the information:
- has given their consent;
- would reasonably expect us to use or disclose the information for that purpose and we provide a means of opting out and the person has not requested to opt out; or
- would reasonably expect us to use or disclose the information for that purpose and either consented or it is impracticable to obtain consent and we provide opt out and prominently advise that the person can make such a request.
We will not use sensitive information that we hold about individuals for the purposes of direct marketing. If we do, we will only do this if you have consented to the use or disclosure of the information.
Individuals may request at any time to not receive direct marketing communications from us using any means. If such a request is made, we will not charge a fee for the making of or given effect to your request.
Complaints handling process
Complaints about a breach of privacy
Privacy breaches are taken seriously by Gardior. If any individual has a complaint about a possible breach of their privacy, the individual should first contact the Gardior Company Secretary.
Contact details for the Company Secretary are:
Address: Level 1 / 410 Ann St, Brisbane.
Telephone: 07 3238 1207
Fax: 07 3238 1277
Contact email: Charmaine@gardior.com.au
If the complaint is not resolved, individuals can complain to the Australian Privacy Commissioner, telephone 1300 363 992 or visit www.privacy.gov.au
Complaints about handling of personal information
If an individual wants to make a complaint about the handling of their personal information they may write to the Company Secretary using the above contact details.
A response will be provided within 30 days.
If the individual is not satisfied with how we have handled the complaint or if we have not provided a response within 30 days of receiving your written correspondence, the individual may write to the Australian Privacy Commissioner. A complaint to the Australian Privacy Commissioner can be made by:
- telephone 1300 363 992
- visiting www.privacy.gov.au
Version Control: 2017-01