Heffron SMSF Solutions (we, us, our) is a group companies that provide specialist services relating to the establishment and administration of Self-Managed Superannuation Funds (SMSFs) and associated educational services, and includes the following companies:
- Heffron Compliance Services Pty Limited
- Heffron Taxation Services Pty Limited
- Montaigne Group Pty Ltd
- Montaigne Group (Hunter Pty Ltd)
We are bound by the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth) (Privacy Act) and we understand the importance of, and are committed to, protecting your personal information.
1. How we collect your personal information
We will collect and hold your personal information in a fair and lawful manner, and not in an intrusive way. Where it is reasonably practical to do so, we will collect your personal information directly from you. We may collect personal information through some of the following means:
- from any person nominated by you, including solicitors, accountants and financial planners;
- in the course of administering or providing any of our services, including when you provide us with information verbally, or complete and submit written forms;
- when you subscribe to our email service, or access and use our Website, social media or mobile applications;
- when you communicate with us via telephone, email or facsimile, or otherwise correspond with us (whether in writing or electronically);
- in the course of administering, performing or managing contracts with our service providers or other third parties;
- when you provide us with information in response to direct marketing or customer satisfaction and market research surveys and questionnaires;
- from credit reporting bodies;
- when you apply for employment with us; and
- as otherwise required to manage our business.
However, in some cases, we may also collect personal information from publically available sources and third parties, such as suppliers, recruitment agencies, referees, credit agencies, banks, contractors and our business partners.
If we collect personal information from a third party we will, where appropriate, request that the third party inform you that we are holding such information, how we will use and disclose it, and that you may contact us to gain access to, correct and update the information
2. Types of personal information we collect
The types of personal information we may collect and hold about you will depend on a range of circumstances, including who you are and which of our services and products you are looking to access or use. In particular, we note that this personal information may often be collected and held as a result of information relating to your SMSF which contains details which identify you or from which your identity is reasonably identifiable.
Generally, the personal information we collect (including as a result of us collecting information about your SMSF) can include, but is not limited to:
- your name, date and place of birth, age, gender, postcode and other demographic information;
- your tax file number;
- information about employer contributions to your Super Fund;
- your contact details, such as your work and personal email, postal addresses and phone numbers;
- information to verify your identify, such as your driver's licence number or passport details;
- billing and financial information (such as your banking or payment information, credit card number, cardholder name and expiration date);
- information relating to your creditworthiness (including the credit information described in section 4 below);
- if you are applying for employment with us, employment information, such as job application information and the results of criminal history checks;
- any information which is publicly available, including on a third party social media service; and
- any other information you provide us from time to time, including your preferences or opinions relating to our products and services, and information relating to surveys, competitions, enquiries or complaints.
In addition, when you access or use our Website, we may collect non-identifiable information about your hardware, software and activities, which can include your IP address, browser type, domain names, pages you accessed and the dates and times you accessed them, how long you spent on those pages and our Website, and referring website addresses (including through the use of 'cookies' as described in section 7 below).
If you do not provide us with the personal information we request from you, we may not be able to supply the products or services you have requested, or we may be restricted in the way we supply those products or services. Failure to provide the information may result in us having to decline to provide products or services you have requested.
3. Our purposes for handling your personal information
We collect and use personal information about you primarily to supply you with the products and services you order from us and our related companies. We do not sell, rent or lease your personal information to third parties.
As a general rule, we only process personal information for purposes that would be considered relevant and reasonable in the circumstances.
In particular, we may collect, hold, use and disclose personal information:
- to offer and provide you with our products and services, or request feedback about products and services you have received;
- to manage and administer those products and services;
- for direct marketing purposes, including to prepare and provide marketing information about our products and services and those of our related companies and other organisations in accordance with the Privacy Act and section 6 below;
- to conduct business planning and research into our customers, including analysing general statistical information regarding the use of our Website;
- in the case of credit information, to assess your creditworthiness for the purposes of an application by you for commercial credit;
- to communicate with you;
- to comply with our legal and regulatory obligations;
- for any purpose disclosed to you and to which you have consented;
- for any purpose that you would otherwise reasonably expect; and
- otherwise to appropriately manage and conduct our business, including performing administrative functions such as billing, accounts and records management.
We may disclose your personal information to any person nominated by you, including solicitors, accountants and financial planners.
We may also disclose personal information to our related companies, agents and organisations or to third parties such as our contractors, suppliers, partners, service providers (including organisations that provide us with technical and support services), or our professional advisors, auditors or consultants, where permitted by the Privacy Act. We may also disclose personal information to entities seeking to acquire all or part of our business, or other entities with your consent. If we disclose information to a third party, we generally require that the third party protect that information to the same extent that we do.
4. Credit reporting
From time to time, where permitted by the Privacy Act, we may collect, hold, use and disclose certain credit and credit eligibility information about you, including:
- your name, current and previous addresses, driver's licence number, date of birth and employer;
- the fact that you have applied to us for one of our products or services and any credit limit on your account;
- your repayment history, including the amount of any payments due to us which are overdue for at least sixty days, and when steps have been taken by us to recover those overdue payments;
- where an overdue payment has been previously reported, advice that the payment is no longer overdue;
- default information, including cheques or credit card payments which have been dishonoured;
- court judgments or bankruptcy orders made against you;
- if, in our opinion, you have committed a serious credit infringement;
- when we cease to provide products or services to you; and
- other credit information that we are able to derive from the above information.
In particular, this credit information may be collected from, or disclosed to, credit reporting bodies. You authorise us to disclose such information to credit reporting bodies to assist them with assessing your creditworthiness for the purposes of us considering an application by you for commercial credit. You also authorise us to collect and use information from credit reporting bodies for the same purpose. We reserve the right to refuse or cancel the supply of products or services on the basis of a credit assessment of you.
If you believe you have been, or are likely to be, a victim of fraud you have the right to request that a credit reporting body not use or disclose your credit information. You can also request that a credit reporting body not use your credit information for the purposes of pre-screening or direct marketing by a credit provider.
5. Overseas transfers of personal information
We may disclose personal information between our related bodies corporate, where permitted under the Privacy Act. We may also disclose your personal information to external providers located in Australia, India and Sri Lanka to support our data processing activities. However, it is important to note that all personal information provided to us will be hosted on servers located in Australia.
6. Direct Marketing
Like most businesses, marketing is important to our continued success. We believe we have a unique range of products and services that we provide to customers at a high standard. We therefore like to stay in touch with customers and let them know about new opportunities.
From time to time we may contact you with information about new products, services and promotions either from us, or from third parties which may be of interest to you. In these situations your personally identifiable information is not transferred to the third party. We will not disclose your personal information to third parties for marketing purposes without your consent.
8. Protection of personal information
We may hold personal information as either secure physical records, electronically on our intranet system, in cloud storage or on third party servers. We implement all infrastructure within Australian borders and adhere to all Australian data sovereignty laws.
We maintain appropriate physical, procedural and technical security for our offices and information storage facilities so as to prevent any loss, misuse, interference, unauthorised access, disclosure, or modification of personal information, including when we dispose of personal information.
We further protect personal information by restricting access to personal information to only those who need access to the personal information to do their job. Physical, electronic and managerial procedures have been employed to safeguard the security and integrity of your personal information.
9. Accessing and correcting your personal information
You may request access to personal information we hold about you. On the rare occasions when we refuse access, we will provide you with a written notice stating our reasons for refusing access. We may seek to recover reasonable costs incurred for providing you with access to any of the personal information about you held by us.
You may also request that information about you be corrected if you do not think that it is accurate. We are not obliged to correct any of your personal information if we do not agree that it requires correction and we may refuse to do so. If we refuse a correction request, we will provide you with a written notice stating our reasons for refusing.
Requests to access or correct personal information should be made in writing to our Privacy Offer at firstname.lastname@example.org. We will respond to all requests to access or correct personal information within a reasonable time.
10. Resolving personal information concerns
If you are dissatisfied with the handling of your complaint, you may contact the Office of the Australian Information Commissioner at GPO Box 5218, Sydney NSW 2001, on 1300 363 992 or via email at email@example.com.