This policy sets out how and why the Finance Brokers Association of Australia Limited (we, us, or our) collect, use, hold and disclose your personal information (which we call information). This policy does not apply to any information that is not ‘personal information’ as defined in the Privacy Act 1988 (Cth) (Privacy Act), despite us using the term ‘information’ in this policy.
We take all reasonable steps to ensure our practices and procedures relating to our activities comply with the Privacy Act, including complying with this policy.
Why is your information important to us?
Your information is important to us as we may require it in order to perform our “Core Functions”, which include the following:
- Performing the functions and objects under our company constitution or other documents created under that constitution. For example, we may use your personal information to administer our Code of Conduct insofar as it relates to you;
- Conducting events within the financial services industry including for professional development or demonstrating aspects of the industry to our members and the public;
- Collaborating and interacting with participants of the financial services industry such as brokers, aggregators, lenders, borrowers, regulators, government departments, other advocates and the public. This includes liaising (including direct marketing) with the public regarding the financial services industry, our members and issues that members of the public may have with the industry or its participants (whether they be members or non-members);
- Considering applicants for membership, providing services to our members and investigating and resolving complaints and disciplinary matters regarding our members;
- Considering applicants for employment with us and liaising with them in respect of their prospective employment;
- Engaging with service providers or sponsors so that the we can conduct our activities, including those referred to above;
- Any functions or purposes that we may specify to you at the time of requesting the information, as well as any other functions or purposes for which you provide the relevant information; and
- Complying with our responsibilities under legislation, including the Privacy Act.
We may also need your information to perform functions that are incidental to, or are otherwise reasonably necessary for us, in order to perform these Core Functions.
Collecting your information
What information might we collect?
The types of information we may collect will depend upon your dealings with us. Examples of the types of information we collect are set out below.
Information you provide to us directly: we may collect information you provide to us directly. For example, such information may include:
- Contact information: addresses (such as postal or email addresses), phone numbers and details of any social media or networking profiles.
- Identity information: names, education or employment history or information relating to your next of kin, drivers licence, passport or documents that evidence your name and any change of name, particularly if you are one of our current or prospective members.
- Demographic information: dates of birth, ages, nationality, titles or languages.
- Opinion information: your opinions or views on various issues, disciplinary information of current or prospective members (such as complaints against you by the public) or directorship information.
- Business information: professional indemnity, public liability insurance information and information relating to your external dispute resolution provider, particularly if you are one of our current or prospective members.
Sensitive information you provide: We may collect some sensitive information, particularly where you are seeking membership or employment with us or are attending an event that we are hosting. This information may include credit information, criminal history, visa information, dietary information (such as allergies) and credit card information (for the purpose of making payments).
Information from third parties: We may collect information about you from third parties such as the views of your mentors, referees, former employers, aggregators or lenders. We may also collect information that we would usually collect directly from you where it is provided by your employer or a company you represent.
Information we create using your information: We may develop information using your information. For example, where you make a complaint, we may develop a record relating to the complaint which may contain your information.
Information we collect automatically: We may collect information about you automatically when you visit our websites, such as your IP address and device type.
Public information: We may collect information from publicly available sources such as ASIC records, including information like Australian credit licence and/or credit representative numbers.
How do we collect your information?
Information we request
Ordinarily, we may collect information from you through in person conferences, email, telephone, web queries, online application forms, contracts, event registration platforms, employment platforms (such as Seek) and networking platforms (such as LinkedIn and Facebook).
You have the option not to provide any information that we request. Depending upon what information you do not want to provide, then we may not be able to deal with you further on a matter. If you make a complaint about one of our members but refuse to provide your contact information, then we may not be able to process or escalate your complaint. Where you provide us with information on request, we do so on the understanding that you consent to our collection because you have this option to refuse to provide that information.
You may have the option not to identify yourself or identify yourself by a pseudonym. However, this is not generally practical for us as we need to know who you are in order to contact and liaise with you. For example, if you are seeking to attend one of our events, we will need to know who you are so that we can allow you access to the event. If you use a pseudonym, then we will not know that you have paid for the event and are entitled to attend.
Where we collect information about you from someone other than you, this is generally because it would be unreasonable or impracticable for us to do so. For example, it would be impracticable for us to seek the consent of your emergency contact in order to collect their information from you.
Information we do not request
Sometimes you may voluntarily provide us with information that we have not requested. If this happens, we may use and disclose the information in order to determine whether we could have collected the information had we requested it. If we consider that we could not have collected the information, then we may either destroy or de-identify that information as soon as reasonably practical where required by law.
Holding your information
Your information may be stored in hard copy, electronically or both. We do not adopt or use any identifiers that a government agency may have assigned to you. Hard copy information located at our office is stored on a secure floor that cannot be accessed without either the appropriate access key or access being granted from someone inside.
Electronic information may be stored on our computer systems and networks (such as those at our office) and on our customer relationship management platform (which is currently provided by Salesforce), our accounting platform (currently provided by Xero) and our email platform (currently provided by Microsoft). Our digital systems are protected by mechanisms which may include firewalls, audit logs, schedulised password changes, internal access limitation processes and internal monitoring.
Where we store your information, we take reasonable steps to ensure it is protected from misuse, interference, loss or unauthorised access, modification or disclosure. However, we cannot guarantee that this will never occur. If a serious data breach occurs, and we believe your information has been compromised, we will assess the breach as soon as we become aware of it and take all reasonable and necessary steps as prescribed under Australian privacy laws.
We also take reasonable steps to destroy or permanently de-identify information that we no longer need for any purpose where require by law.
Using your information
We may use your information to perform our Core Functions (outlined above) or any activities that are related (or in the case of sensitive information, directly related) to the performance of our Core Functions. We may do these things without your prior consent where the law allows us to do so, including where it is impracticable for us to obtain your consent.
We may provide your information to regulatory authorities where required from time to time. We may also provide your information to third parties such as our professional advisors where they are providing services to us and such information is necessary for them to provide those services.
Do we use your information for direct marketing?
We may use your information to directly market our services, membership matters, events, publications offers to you as well as any changes or notices relating to the industry that we think would be of interest to you. This marketing material may be sent by email, SMS, phone or post. We may also use information collected about you from other individuals for these purposes where it is impracticable to obtain your consent in advance. We will not use any sensitive information for these purposes unless we have your consent. You may ‘opt-out’ or raise any concerns you may have regarding these messages by emailing us at firstname.lastname@example.org.
Disclosing your information
When may we disclose your information?
We may disclose your information to perform our Core Functions or any activities that are related (or in the case of sensitive information, directly related) to the performance of those Core Functions. This may include disclosing information to third-party service providers that we engage such as those that provide our cloud-based computing systems. We may disclose information to a member of our organisation where you make a complaint about that member; we do this because the member needs to know who it is making a complaint about them in order to respond. We may also disclose information to external contractors (e.g. IT Contractors), but only where those contractors are accessing our records generally to help us with any issues we are having.
Are we likely to disclose information to overseas recipients?
We do not intend to disclose information overseas, unless you have provided the information to us for that purpose or where required by law. However, there are some circumstances where we may disclose information overseas such as where we use secure cloud storage services that may have servers located overseas or when you communicate with us through a social network service (e.g. Facebook), the social network provider and its partners may collect and hold your information overseas.
We are currently aware that the services we use may store information in the United States of America, Germany, Japan, United Kingdom, France and Australia. We do not have any reason to believe that these countries would not protect your information in a way that is substantially similar to how we would protect your information.
How can you access and correct your information?
We may periodically review your information to ensure that it is accurate, up-to-date, complete and relevant. Where we have reason to believe that your information may not be accurate, up-to-date, complete or relevant then we may either attempt to contact you to correct the information or deidentify or destroy the information as required by law.
You can request access to any information we hold about you. You can request us to correct or amend any of your information to ensure it remains current and up-to-date. If you wish to do so, then non-members may contact us at the addresses set out in the “Contacting Us” section below. In addition to this, our members may update their information via the member only area of our website.
Where you make a request to access your information, we will do our best to respond within a reasonable period. While we may allow access and provide the means by which you can access your information, we may refuse the request where we are entitled to do so under the Privacy Act or at law. In this event, we will tell you the grounds for this refusal as well as suggested steps which may allow you to access your information in the circumstances of our refusal. You may complain about this refusal by making a complaint as set out below.
Your privacy concerns and making a complaint.
If you have any concerns or are unhappy about how your information is handled, please contact us at:
Telephone: calling (07) 3847 8119
Post: PO Box 177, Coorparoo, Qld, 4151
Upon receipt of your concerns we will designate an individual within our organisation who will liaise with you regarding the complaint and how it can be resolved. We endeavor to provide a response to your complaint within 28 days of receipt.
Contacting the Office of the Australian Information Commissioner.
If you would like more information regarding Australian privacy law, or to make a complaint, refer to the Office of the Australian Information Commissioner who can be contacted at:
GPO Box 5218
Sydney NSW 2001
Phone: 1300 363 992
Changes to this policy
This policy is routinely reviewed to ensure it is accurate, up-to-date and complies with any and all updates under Australian privacy law. The current policy is published on our website or can be obtained by contacting us using the information above.
This policy was last reviewed and updated 31 October 2019.