Denning is bound by the Australian Privacy Principles (the APP) of the Privacy Act 1988 (Cth) of Australia and the New Zealand Information Privacy Principles (IPP, together with the APP, the Principles) under the Privacy Act 2020 of New Zealand and is committed to safeguarding personal information it may hold at any time in respect of any individual, including clients and individuals who are officers of clients, in accordance with the requirements of those Principles. “Personal information” for the purposes of this Policy is information about and which identifies individuals, whether that information is obtained from the relevant individual or a third party.
Collection of personal information
To the extent Denning is bound by the Principles, it will:
- take reasonable steps to ensure that if personal information is used, it is accurate, complete and up-to-date;
- take reasonable steps to protect personal information from misuse, loss or unauthorised access, modification or disclosure;
- provide access to an individual about his/her personal information if Denning still holds it;
- not use any government identifier to identify the individual; and
- only transfer personal information overseas about the individual with his/her consent, or as authorised by the Principles.
Denning will collect personal information which it believes is necessary for it to deliver its services or products, or otherwise for its primary business functions and/or activities. Denning will ordinarily only collect personal information when provided at the time of collection to Denning or when it is provided to Denning with an individual’s authority, and the individual will generally be told (either directly or indirectly) the purposes for which that information is being collected.
The types of personal information Denning generally collects includes names, addresses, telephone numbers, facsimile numbers and email addresses.
Denning does not generally collect sensitive information unless required by applicable laws or with the individual’s consent. Sensitive information includes information about health, religious or political beliefs, membership of trade or professional associations or a criminal record.
Denning will collect personal information directly when it can; for example over the telephone, through electronic means or in person or through the mail.
Denning may also collect personal information about individuals from third parties.
If, at any time, Denning seeks to obtain personal information from a third party, Denning will ask the third party to ensure that they are authorised to provide the information to Denning and to agree to inform the individual who Denning is, the purposes for which Denning collects the information, that Denning may use and disclose the information and that the individual may gain access to it should Denning hold that information. If required by law, Denning will obtain the individual’s consent to collect information from third party sources.
Apart from the necessity to collect information in order to provide a product or service or maintain a business relationship, the purposes for which Denning may generally collect (and use) personal information includes:
- complying with any legislative and regulatory requirements to the extent they apply to Denning (including any requirements of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) to identify certain individuals);
- contacting you regarding investment opportunities or services Denning offers which Denning considers may be of interest to a business (unless asked not to);
- to undertake credit checks of you (if appropriate); and
- performing administrative operations, including accounting, risk management, record keeping, archiving, systems development and systems testing.
Use and disclosure of personal information
Denning obtains from each individual the authorisation to disclose, where necessary, information to Denning’s related companies, affiliates, and any agents or contractors who provide services to Denning in connection with the provision of services sought from Denning. These parties are prohibited from using personal information except for the specific purpose for which it is supplied to them.
Subject to what is permitted by law, the types of third parties to which Denning may disclose personal information include:
- its agents, contractors and external advisers engaged from time to time to carry out, or advise on, functions and activities;
- an individual’s agents and contractors;
- regulatory bodies, government agencies, law enforcement bodies and courts;
- any person or organisation who introduces the individual to Denning;
- its investors and financiers; and
- insurers or prospective insurers and their underwriters.
In some cases, Denning may need to transfer personal information overseas. If Denning believes that the overseas third party is not subject to privacy obligations equivalent to those which apply to Denning or has not agreed to protect the information in a similar way, Denning will seek the individual’s consent to transfer the information, except where the Principles do not require such consent to be obtained. Unless consent is procured from the individual concerned in those circumstances, no personal information will be disclosed to recipients outside of Australia or New Zealand.
Dealing with Denning online
Denning’s system may record an individual’s access to its website, whether directly or via a third party’s website, although Denning will only be able to identify individuals personally if the individual provides his/her details (e.g. email address or a personal log on to access a service).
If an individual provides Denning with an email address while visiting Denning’s website, it will only be used for the purpose for which it is provided. Denning may use email addresses however to respond to a message sent to Denning or to provide information about a particular service offered by Denning.
Access to personal information by individuals
Under certain circumstances, Denning will not tell an individual what personal information Denning holds about the individual. This includes where:
- it would have an unreasonable impact on the privacy of other individuals;
- the information relates to legal proceedings with the individual;
- the information would reveal a commercially sensitive decision-making process; or
- Denning is prevented by law from disclosing the information or providing access would prejudice certain investigations.
Denning may charge a fee in connection with an individual accessing his/her personal information.
Security of personal information
Denning will take all reasonable steps to protect personal information from misuse and loss and to prevent unauthorised access to, and modification and disclosure of, personal information.
If Denning no longer needs information, Denning will destroy or permanently de-identify it.
Denning will not adopt as its own identifier tax file numbers, Medicare numbers, pension numbers or any other government identifier. Denning will take reasonable steps to protect unique identifiers from being misused and will only use and disclose these numbers for the purposes required by law.
Complaints about breaches of privacy
Denning will make every effort to resolve internally any complaint in connection with the privacy of personal information. Clients who would like to complain about a breach of the Principles or this policy or would like to request access to, or correction of, the personal information Denning holds about them are informed to contact the Compliance Officer.
If Denning is affected by a data breach involving personal information that causes serious harm, or is likely to cause serious harm, Denning will notify you and the Australian Privacy Commissioner or New Zealand Office of the Privacy Commissioner (as applicable) of any such data breach.
The Australian Federal Privacy Commissioner or the New Zeland Office of the Privacy Commissioner (as appropriate) may be asked to investigate any complaint that is not dealt with satisfactorily by Denning.