Heffron is an independent SMSF specialist firm that helps trustees, financial advisers and accountants use SMSFs effectively as a retirement saving structure. For 20 years we have been at the forefront of providing SMSF solutions and today we are one of Australia’s largest independent SMSF service providers.

We are bound by the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth) (Privacy Act) and we understand the importance of, and are committed to, protecting your personal information.

This Privacy Policy explains how we manage your personal information (that is, information or an opinion about you, whether true or not, which identifies you or from which your identity is reasonably identifiable), including our obligations and your rights in respect of our dealings with your personal information.

Please take a moment to read our Privacy Policy carefully, as it describes the way in which we collect and handle your personal information. References in this Privacy Policy to “we”, “us” and “our” are to members of the “Heffron Group”, meaning Heffron Consulting Pty Limited and its related body corporates (as that term is defined in the Corporations Act 2001 (Cth)). This Privacy Policy applies to our products and services offered and to our website at (the Website).

We refer throughout our Privacy Policy to ‘personal information’ which means information that identifies you as an individual or from which you can reasonably be identified. An individual’s name, address and telephone numbers are all examples of ‘personal information’.

1. How we collect your personal information

We will collect and hold your personal information in a fair and lawful manner, and not in an intrusive way. Where it is reasonably practical to do so, we will collect your personal information directly from you. We may collect personal information through some of the following means:

  • from any person nominated by you, including solicitors, accountants and financial planners;
  • in the course of administering or providing any of our services, including when you provide us with information verbally, or complete and submit written forms;
  • when you subscribe to our email service, or access and use our Website, social media or mobile applications;
  • when you communicate with us via telephone, email or facsimile, or otherwise correspond with us (whether in writing or electronically);
  • in the course of administering, performing or managing contracts with our service providers or other third parties;
  • when you provide us with information in response to direct marketing or customer satisfaction and market research surveys and questionnaires;
  • from credit reporting bodies;
  • when you apply for employment with us; and
  • as otherwise required to manage our business.

However, in some cases, we may also collect personal information from publicly available sources and third parties, such as suppliers, recruitment agencies, referees, credit agencies, banks, contractors and our business partners.

If we collect personal information from a third party we will, where appropriate, request that the third party inform you that we are holding such information, how we will use and disclose it, and that you may contact us to gain access to, correct and update the information.

You have no obligation to provide any personal information requested by us. However, if you choose to withhold personal information, we may not be able to provide you with certain parts of our products or services.

2. Types of personal information we collect

The types of personal information we may collect and hold about you will depend on a range of circumstances, including who you are and which of our services and products you are looking to access or use. In particular, we note that this personal information may often be collected and held as a result of information relating to your SMSF which contains details which identify you or from which your identity is reasonably identifiable.

Generally, the personal information we collect (including as a result of us collecting information about your SMSF) can include, but is not limited to:

  • your name, date and place of birth, age, gender, postcode and other demographic information;
  • your tax file number;
  • information about employer contributions to your Super Fund;
  • your contact details, such as your work and personal email, postal addresses and phone numbers;
  • information to verify your identify, such as your driver's licence number or passport details;
  • billing and financial information (such as your banking or payment information, credit card number, cardholder name and expiration date);
  • information relating to your creditworthiness (including the credit information described in section 4 below);
  • if you are applying for employment with us, employment information, such as job application information and the results of criminal history checks;
  • any information which is publicly available, including on a third party social media service; and
  • any other information you provide us from time to time, including your preferences or opinions relating to our products and services, and information relating to surveys, competitions, enquiries or complaints.

In addition, when you access or use our Website, we may collect non-identifiable information about your hardware, software and activities, which can include your IP address, browser type, domain names, pages you accessed and the dates and times you accessed them, how long you spent on those pages and our Website, and referring website addresses (including through the use of 'cookies' as described in section 7 below).

If you do not provide us with the personal information, we request from you, we may not be able to supply the products or services you have requested, or we may be restricted in the way we supply those products or services. Failure to provide the information may result in us having to decline to provide products or services you have requested.

3. Our purposes for handling your personal information

We collect and use personal information about you primarily to supply you with the products and services you order from us and our related companies. We do not sell, rent or lease your personal information to third parties, whether our Partners or otherwise, for marketing purposes.

As a general rule, we only process personal information for purposes that would be considered relevant and reasonable in the circumstances.

In particular, we may collect, hold, use and disclose personal information:

  • to offer and provide you with our products and services, or request feedback about products and services you have received;
  • to manage and administer those products and services;
  • for direct marketing purposes, including to prepare and provide marketing information about our products and services and those of our related companies and other organisations in accordance with the Privacy Act and section 6 below;
  • to conduct business planning and research into our customers, including analysing general statistical information regarding the use of our Website;
  • in the case of credit information, to assess your creditworthiness for the purposes of an application by you for commercial credit;
  • to communicate with you;
  • to comply with our legal and regulatory obligations;
  • for any purpose disclosed to you and to which you have consented;
  • for any purpose that you would otherwise reasonably expect; and
  • otherwise to appropriately manage and conduct our business, including performing administrative functions such as billing, accounts and records management.

We may disclose your personal information to any person nominated by you, including solicitors, accountants and financial planners.

We may also disclose personal information to our related companies, agents and organisations or to third parties such as our contractors, suppliers, partners, service providers (including organisations that provide us with technical and support services), or our professional advisors, auditors or consultants, where permitted by the Privacy Act. We may also disclose personal information to entities seeking to acquire all or part of our business, or other entities with your consent. If we disclose information to a third party, we generally require that the third party protect that information to the same extent that we do.

4. Credit reporting

From time to time, where permitted by the Privacy Act, we may collect, hold, use and disclose certain credit and credit eligibility information about you, including:

  • your name, current and previous addresses, driver's licence number, date of birth and employer;
  • the fact that you have applied to us for one of our products or services and any credit limit on your account;
  • your repayment history, including the amount of any payments due to us which are overdue for at least sixty days, and when steps have been taken by us to recover those overdue payments;
  • where an overdue payment has been previously reported, advice that the payment is no longer overdue;
  • default information, including cheques or credit card payments which have been dishonoured;
  • court judgements or bankruptcy orders made against you;
  • if, in our opinion, you have committed a serious credit infringement;
  • when we cease to provide products or services to you; and
  • other credit information that we are able to derive from the above information.

In particular, this credit information may be collected from, or disclosed to, credit reporting bodies. You authorise us to disclose such information to credit reporting bodies to assist them with assessing your creditworthiness for the purposes of us considering an application by you for commercial credit. You also authorise us to collect and use information from credit reporting bodies for the same purpose. We reserve the right to refuse or cancel the supply of products or services on the basis of a credit assessment of you.

If you believe you have been, or are likely to be, a victim of fraud you have the right to request that a credit reporting body not use or disclose your credit information. You can also request that a credit reporting body not use your credit information for the purposes of pre-screening or direct marketing by a credit provider.

5. Overseas transfers of personal information

We may disclose personal information between our related bodies corporate, where permitted under the Privacy Act. We may also disclose your personal information to external providers located in Australia, India and Sri Lanka to support our data processing activities. However, it is important to note that all personal information provided to us will be hosted on servers located in Australia.

As at the date of this Privacy Policy, we are not likely to disclose personal information to other overseas recipients unless you direct us to send your information to a particular overseas recipient. By providing your personal information to us, you consent to us disclosing your personal information to any such overseas recipients for purposes necessary or useful in the course of operating our business and agree that APP 8.1 will not apply to such disclosures. 

For the avoidance of doubt, in the event that an overseas recipient breaches the APPs, that entity will not be bound by, and you will not be able seek redress under, the Privacy Act.

6. Direct Marketing

Like most businesses, marketing is important to our continued success. We believe we have a unique range of products and services that we provide to customers at a high standard. We therefore like to stay in touch with customers and let them know about new opportunities.

From time to time we may contact you with information about new products, services and promotions either from us, or from third parties which may be of interest to you. In these situations, your personally identifiable information is not transferred to the third party. We will not disclose your personal information to third parties for marketing purposes without your consent. When you sign up to one of our products or services you immediately gain access to our monthly newsletter Heffron Highlights as well as any relevant communication as part of the service you signed up for. 

Through our email mailing platform we are also able to track if, and when, you open emails from us and your interactions with the content of our emails.

You can opt-out of receiving such marketing communications at any time, by following the opt-out instructions included in such communications. If you opt-out of receiving marketing communications, but subsequently interact with us in a manner which indicates your agreement to once again receive marketing communications, then we may do so until you opt-out again. Please note that if you opt out of marketing communications, you may still see some promotional materials within our products themselves, and will still receive communications from us that are a necessary part of providing or receiving our products and services, and those of our related bodies corporate and Partners, that you choose to use.

7. Website Cookies and analytics

We may also collect personal information to assist in the delivery of products and services through the use of cookies and website analytics.

Our Website may use 'cookies' as part of its interaction with your internet browser. A 'cookie' is a small text file placed on your computer for a pre-defined period of time by our website server for later retrieval. Cookies are frequently used on websites and you can choose if and how a cookie will be accepted by configuring your preferences and options in your browser. Cookies do not alter the operation of your computer or mobile device in any way. 

We use cookies to identify specific machines and website interactions in order to collect aggregate information on how visitors are experiencing the Website. This information will help to better adapt the Website to suit our customers' requirements. While cookies allow a computer to be identified, they do not permit any reference to a specific individual.

We use Google Analytics to collect anonymous information and data whenever you access and navigate through our websites. The types of anonymous information we collect include demographic data, the type of device you use, what section of our website you accessed and the specific page you accessed. We collect this information for operational maintenance and statistical purposes to assist us in improving our websites. When you access our websites, your browser automatically sends certain information to Google which is included in our analytical reports. For more information on how Google Analytics operates, see “How Google uses data when you use our partners' sites or apps” (located at

8. Protection of personal information

We may hold personal information as either secure physical records, electronically on our intranet system, in cloud storage or on third party servers. We implement all infrastructure within Australian borders and adhere to all Australian data sovereignty laws.

There are inherent risks in transmitting information across the internet. Unfortunately, no data transmission over the internet can be guaranteed to be 100% secure. However we strive to protect personal information by maintaining appropriate physical, procedural and technical security for our offices and information storage facilities so as to prevent any loss, misuse, interference, unauthorised access, disclosure, or modification of personal information, including when we dispose of personal information.

We further protect personal information by restricting access to personal information to only those who need access to the personal information to do their job. Physical, electronic and managerial procedures have been employed to safeguard the security and integrity of your personal information.

You are responsible for ensuring that any user name and password that are issued to you are protected at all times from unauthorised access by third parties.

9. Privacy Breach Notification Protocol

We have implemented a privacy breach notification protocol available on our website, as updated and amended by us from time to time, and you must comply with the applicable terms of the protocol.

10. Accessing and correcting your personal information

You may request access to personal information we hold about you. On the rare occasions when we refuse access, we will provide you with a written notice stating our reasons for refusing access. We may seek to recover reasonable costs incurred for providing you with access to any of the personal information about you held by us.

You may also request that information about you be corrected if you do not think that it is accurate. We are not obliged to correct any of your personal information if we do not agree that it requires correction and we may refuse to do so. If we refuse a correction request, we will provide you with a written notice stating our reasons for refusing.

Requests to access or correct personal information should be made in writing to our Privacy Offer at We will respond to all requests to access or correct personal information within a reasonable time.

11. Resolving personal information concerns

If you have any questions, concerns or complaints about this Privacy Policy, or how we handle your personal information (including under the APPs or other binding codes), please contact our Privacy Officer at Heffron, PO Box 200, MAITLAND NSW 2320, or via email at We take all complaints seriously and will respond to your complaint within a reasonable period.

If you are dissatisfied with the handling of your complaint, you may contact the Office of the Australian Information Commissioner at GPO Box 5218, Sydney NSW 2001, on 1300 363 992 or via email at

12. Changes

We may revise our Privacy Policy from time to time by providing a revised version on our website. Our revised Privacy Policy will take effect from the time it is posted on our website. Please periodically check our Privacy Policy to ensure you are aware of any recent updates.

This document was last updated on 1 January 2020.

Download Privacy Policy