This privacy statement is made on behalf of ACY Capital Australia Limited (VFSC 012868). All references to “ACY Group”, “we”, “us” or “our” in this policy are references to ACY Capital Australia Limited.
ACY Group is committed to protecting your privacy and to compliance with the Vanuatu Privacy Principles contained in the Privacy Act 1988 (Cth). If you have any questions relating to this privacy statement or your privacy rights, please contact us.
This Privacy Statement sets out the policy of ACY Group for handling and protecting your personal information. We are committed to ensuring the privacy of your information and recognise that you, as a customer, are concerned about your privacy and about the confidentiality and security of information that ACY Group may hold about you.
This Policy is designed to inform customers of –
- What information we collect and the purposes for which we collect it;
- Use and disclosure of information collected;
- Security of your personal information;
- Gaining access to information we hold about you;
- What to do if you believe the information, we hold about you is inaccurate;
- Complaints in relation to privacy; and
- How to contact us.
- Personal Information
Personal information is information or an opinion about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion. ACY Group will also collect any personal information necessary for the purposes of complying with the Anti-Money Laundering and Counter- Terrorism Financing Act 2006.
- Open and Transparent Management of Personal Information
ACY Group seeks to ensure that personal information we hold about an individual is managed in an open and transparent manner. We have implemented procedures to ensure compliance with the Vanuatu Privacy Principles and any applicable codes, and to deal with any complaints relating to our compliance therewith.
- Collection of Personal Information
This policy details how ACY Group adheres to the Vanuatu Privacy Principles regarding the collection of solicited personal information. ACY Group predominantly collects personal information directly from individuals, although information may sometimes be provided by a client’s professional adviser on their behalf and with their consent. ACY Group only collects personal information which is reasonably necessary for the provision of our services, and only by lawful and fair means. Information is generally sought through our account application forms, in which the purpose is articulated. Accordingly, we will always ensure you are apprised of our purpose in collecting information, and your right to gain access to such information. If you do not provide the information requested, we may be unable to provide you with our services.
Please note that generally we will only use the personal information (e.g. postal address, e-mail address, telephone numbers, facsimile number, date of birth, bank account details, details related to the provision of verification and identification documentation) we collect for the main purposes disclosed at the time of collection such as to provide financial services.
Where possible we will collect the information directly from you via our application form. We may also collect information about you from our web site, but this information will only identify who you are if you provide us with your details (e.g. if you e-mail your contact details to us). When you visit our web site our web server collects the following types of information for statistical purposes:
- your Internet service provider’s address;
- the number of users who visit the web site;
- the date and time of each visit;
- the pages accessed and the documents downloaded;
- the type of browser used.
No attempt is made to identify individual users from this information.
The ACY Group website may contain links to the websites of third parties. If you access those third-party websites they may collect information about you. ACY Group does not collect information about you from third parties. You will need to contact them to ascertain their privacy standards.
A cookie is a small text file placed on your computer hard drive by a web page server. Cookies may be accessed later by our web server. Cookies store information about your use of our web site. Cookies also allow us to provide you with more personalised service when using our web site.
Determine whether you have previously used the ACY Group website;
Identify the pages you have accessed; and
Facilitate the administration of the site and for security purposes.
Most web browsers are set to accept cookies, but you may configure your browser not to accept cookies. If you set your browser to reject cookies you may not be able to make full use of the ACY Group website.
- Email Address
If you provide us with your e-mail address during a visit to our web site, it will only be used for the purpose for which you provided it to us. It will not be added to a mailing list without your consent unless the mailing list is related to the purpose for which you provided your e-mail address to us. We may use your e-mail address, for example, to provide you with information about a particular service or respond to a message you have sent to us.
If you subscribe to one of our services and provide your e-mail address to us so that we may communicate with you through e-mail, we may also use your e-mail address to advise you of upgrades and changes to those services.
- Unsolicited personal information
Where we receive personal information about an individual which is unsolicited by us and not required for the provision of our services, we will destroy the information (provided it is lawful and reasonable for us to do so).
- Notification of the collection of personal information
When we obtain personal information about you, we ensure that you have our contact details and that you are aware of the collection of information and our purposes for doing so. As per above, we are unable to provide certain services if the requested information is not provided. We do not disclose your information to third parties, unless they are related entities or services providers, in which case they are required to conform to our procedures.
- Use and disclosure of personal information
ACY Group collects and holds personal information about an individual for the purpose of providing financial services. We collect this information with your consent as per our application form or other documentation, for the primary purpose disclosed to you at the time of collection.
However, in some cases, ACY Group will use or disclose personal information for secondary purposes (any purpose other than a primary purpose). Personal information obtained to provide financial services may be applied to secondary purposes if the secondary purpose is related to the primary purpose of collection and the person concerned would reasonably expect the personal information to be used or disclosed for such secondary purpose.
In some cases, we may ask you to expressly and additionally consent to any collection, use or disclosure of your personal information. Your consent will usually be required in writing, but we may accept verbal consent in certain circumstances. We may also disclose your personal information where it is required or authorised by law.
We may use your personal information to:
process your application;
review your circumstances to prepare a Statement of Advice and MDA Investment program;
respond to any specific requests you may make of us;
notify you of any products that may be of interest to you;
audit and monitor the services we provide to you;
update your personal files; and
enable us to meet our obligations under law, for example, the Anti-Money Laundering and Counter Terrorism Financing Act 2006 (Cth) and Vanuatu taxation laws.
We may disclose your personal information to:
our agents, contractors or third-party service providers to enable them to provide administrative and other support services to us; and
where the disclosure is required by law, for example to government agencies and regulatory bodies as part of our statutory obligations, or for law enforcement purposes.
- Direct Marketing
ACY Group will only use personal information obtained for the provision of financial services, for the secondary purpose of direct marketing where:
ACY Group collected the personal information from the individual;
and The individual would reasonably expect ACY Group to use or disclose the information for the purpose of direct marketing;
ACY Group provides a simple means through which an individual can request to not receive marketing communications; and
The individual has NOT requested such communications cease.
Often the law requires us to advise you of certain changes to products/ services or regulations. You will continue to receive this information from us even if you choose not to receive direct marketing information from us. We will not disclose your information to any outside parties for the purpose of allowing them to directly market to you.
- Cross border disclosure/Sensitive information/Use of government identifiers/Anonymity & Pseudonymity
ACY Group does not, for the purposes of the Privacy Act, transfer personal information overseas nor does it collect sensitive information. Wherever lawful and practicable, individuals may deal anonymously with ACY Group but given the nature of our services, it is unlikely that this will be a viable option. ACY Group does not use official identifiers (e.g. tax file numbers) to identify individuals. An individual’s name is not an identifier for the purposes of the Privacy Act and hence may be used to identify individuals.
- Quality of personal information
ACY Group takes all reasonable steps to ensure the personal information held about individuals is accurate, up-to-date and complete. We verify personal information at the point of collection.
ACY Group encourage you to help us by telling us immediately if you change your contact details (such as your phone number, street address or email address) or if any of your details need to be corrected or updated. A person wishing to update their personal information may contact our staff or the Privacy Officer on the contact details shown within this document.
- Access to personal information
Where a person requests access to their personal information, our policy is, subject to certain conditions (as outlined below) to permit access. ACY Group will correct personal information where that information is found to be inaccurate, incomplete or out of date. We will not charge you a fee for your access request but may charge you the reasonable cost of processing your request.
If a person wishes to access their personal information or correct it, they should contact the Privacy Officer, and we will seek to provide such information within a reasonable period, and in the manner so requested (where reasonable to do so).
ACY Group may not always be able to give you access to all the personal information we hold about you. If this is the case, we will provide a written explanation of the reasons for our refusal, together with details of our complaints process for if you wish to challenge the decision.
We may not be able to give you access to information in the following circumstances:
Where we reasonably believe this may pose a serious threat to the life, health of safety of any individual or to public health/safety;
Which would unreasonably impact the privacy of another individual;
Where such request is reasonably considered to be frivolous or vexatious;
Which relates to existing or anticipated legal proceedings which would otherwise not be accessible in the discovery process relating to such proceedings;
Which would reveal our intentions and thereby prejudice our negotiations with you;
Which would be unlawful;
Which is prohibited by law or a court/tribunal order;
Which relates to suspected unlawful activity or serious misconduct, where access would likely prejudice the taking of appropriate action in relation thereto;
Where enforcement activities conducted by or on behalf of an enforcement body may be prejudiced;
Where access would reveal details regarding a commercially sensitive decision making process.
- Correction of personal information
Where ACY Group believes information, we hold about an individual is inaccurate, out-of-date, incomplete, irrelevant or misleading, OR an individual requests us to correct information held about them, ACY Group will take all reasonable steps to correct such information in a reasonable time frame. No fees are payable for such requests. If you request us to similarly advise a relevant third party of such correction, we will facilitate that notification unless impracticable or unlawful for us to do so.
If ACY Group intends to refuse to comply with your correction request, we will notify you in writing of our reasons for such refusal, and the complaints process you may avail if you wish to challenge that decision. You may also request that we associate the personal information we hold with a statement regarding your view of its inaccuracy.
- Security of personal information
We take reasonable steps and precautions to keep personal information secure from loss, misuse, and interference, and from unauthorised access, modification or disclosure.
If you use the Internet to communicate with us, you should be aware that there are inherent risks in transmitting information over the Internet. ACY Group does not have control over information while in transit over the Internet and we cannot guarantee its security.
Where information is no longer required to be held or retained by ACY Group for any purpose or legal obligation, we will take all reasonable steps to destroy or de-identify the information accordingly.
- Notifiable Data Breaches Scheme
We will report ‘eligible data breaches’ to the affected individual(s) and the Vanuatu Information Commissioner in relation to the (including suspected) unauthorised access or disclosure of personal information held, which is likely to result in serious harm to the relevant individual(s), and where we have been unable to prevent the likely risk of serious harm with remedial action.
We will formulate a data breach response plan, to limit any negative consequences of such a breach. An effective response involves a process to contain, assess, notify and review.
- Privacy Complaints
If you have a complaint relating to our compliance with privacy laws or our treatment of your personal information, please contact our Privacy Officer on [+678 24404] or by email to [[email protected]]. We will investigate your complaint and endeavor to resolve the issue to your satisfaction. If you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with the Office of the Vanuatu Financial Services Commission by telephoning +678 22247 or visiting their website at www.vfsc.vu. Any personal information that we no longer require is destroyed. An exception to this may be where records are retained to comply with legal requirements.
Upon using this web site and our services, you consent to our use and collating of your information as it appears within this policy. Although this is not our immediate intention, periodically, we may utilise this customer information for any unforeseen uses that have not been disclosed within this current privacy notice. If at any time our information practices change in the future, we will amend our policy on this Web site. Should you have any immediate concerns about how your information is used, you should check our Web site sporadically to ensure you are up to date with our current policy.
- EU General Data Protection Regulation
In accordance with the new data protection requirements in the European Union General Data Protection Regulation (EU GDPR) which apply from 25 May 2018, we provide the following additional measures which we have adopted in relation to all EU clients and third parties:
1. We will limit the processing, collection and retention of data to the extent legally possible and practically viable.
2. We will not request or collect data that is not required for the purpose of providing our services or meeting our legal obligations.
3. We will delete your information and acknowledge your right of erasure or to be forgotten, as soon as we are legally able and subject to our other legal and regulatory obligations regarding record- keeping.
4. You may advise us at any time that you withdraw any consent previously given to us and require us to stop processing your data.
5. You may object to any decision based on automated processing, and you may request a manual review.
6. You have the right to request a transfer of your personal information, which will be provided in a machine-readable electronic format.
7. Where we intend to process/utilise your personal data beyond the disclosed legitimate purpose for which it was collected, we will obtain a clear and explicit consent from you (which can be withdrawn at any time).
8. We will maintain a Personal Data Breach Register and notify the relevant regulator in a timely manner as required.
9. We ensure that organisational and technical mechanisms are utilised to protect personal data when we are designing new systems and processes.
10. We will conduct Data Protection Impact Assessments when initiating a new project/change/product which involves significant changes to the processing of personal information.
11. We ensure our representatives are regularly trained regarding our obligations and their responsibilities under applicable privacy/data protection regulations.