Heffron SMSF Solutions (we, us, our) is a group companies that provide specialist services relating to the establishment and administration of Self-Managed Superannuation Funds (SMSFs) and associated educational services, and includes the following companies:
We are bound by the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth) (Privacy Act) and we understand the importance of, and are committed to, protecting your personal information.
1. How we collect your personal information
We will collect and hold your personal information in a fair and lawful manner, and not in an intrusive way. Where it is reasonably practical to do so, we will collect your personal information directly from you. We may collect personal information through some of the following means:
However, in some cases, we may also collect personal information from publicly available sources and third parties, such as suppliers, recruitment agencies, referees, credit agencies, banks, contractors and our business partners.
If we collect personal information from a third party we will, where appropriate, request that the third party inform you that we are holding such information, how we will use and disclose it, and that you may contact us to gain access to, correct and update the information
2. Types of personal information we collect
The types of personal information we may collect and hold about you will depend on a range of circumstances, including who you are and which of our services and products you are looking to access or use. In particular, we note that this personal information may often be collected and held as a result of information relating to your SMSF which contains details which identify you or from which your identity is reasonably identifiable.
Generally, the personal information we collect (including as a result of us collecting information about your SMSF) can include, but is not limited to:
In addition, when you access or use our Website, we may collect non-identifiable information about your hardware, software and activities, which can include your IP address, browser type, domain names, pages you accessed and the dates and times you accessed them, how long you spent on those pages and our Website, and referring website addresses (including through the use of 'cookies' as described in section 7 below).
If you do not provide us with the personal information we request from you, we may not be able to supply the products or services you have requested, or we may be restricted in the way we supply those products or services. Failure to provide the information may result in us having to decline to provide products or services you have requested.
3. Our purposes for handling your personal information
We collect and use personal information about you primarily to supply you with the products and services you order from us and our related companies. We do not sell, rent or lease your personal information to third parties.
As a general rule, we only process personal information for purposes that would be considered relevant and reasonable in the circumstances.
In particular, we may collect, hold, use and disclose personal information:
We may disclose your personal information to any person nominated by you, including solicitors, accountants and financial planners.
We may also disclose personal information to our related companies, agents and organisations or to third parties such as our contractors, suppliers, partners, service providers (including organisations that provide us with technical and support services), or our professional advisors, auditors or consultants, where permitted by the Privacy Act. We may also disclose personal information to entities seeking to acquire all or part of our business, or other entities with your consent. If we disclose information to a third party, we generally require that the third party protect that information to the same extent that we do.
4. Credit reporting
From time to time, where permitted by the Privacy Act, we may collect, hold, use and disclose certain credit and credit eligibility information about you, including:
In particular, this credit information may be collected from, or disclosed to, credit reporting bodies. You authorise us to disclose such information to credit reporting bodies to assist them with assessing your creditworthiness for the purposes of us considering an application by you for commercial credit. You also authorise us to collect and use information from credit reporting bodies for the same purpose. We reserve the right to refuse or cancel the supply of products or services on the basis of a credit assessment of you.
If you believe you have been, or are likely to be, a victim of fraud you have the right to request that a credit reporting body not use or disclose your credit information. You can also request that a credit reporting body not use your credit information for the purposes of pre-screening or direct marketing by a credit provider.
5. Overseas transfers of personal information
We may disclose personal information between our related bodies corporate, where permitted under the Privacy Act. We may also disclose your personal information to external providers located in Australia, India and Sri Lanka to support our data processing activities. However, it is important to note that all personal information provided to us will be hosted on servers located in Australia.
6. Direct Marketing
Like most businesses, marketing is important to our continued success. We believe we have a unique range of products and services that we provide to customers at a high standard. We therefore like to stay in touch with customers and let them know about new opportunities.
From time to time we may contact you with information about new products, services and promotions either from us, or from third parties which may be of interest to you. In these situations your personally identifiable information is not transferred to the third party. We will not disclose your personal information to third parties for marketing purposes without your consent.
8. Protection of personal information
We may hold personal information as either secure physical records, electronically on our intranet system, in cloud storage or on third party servers. We implement all infrastructure within Australian borders and adhere to all Australian data sovereignty laws.
We maintain appropriate physical, procedural and technical security for our offices and information storage facilities so as to prevent any loss, misuse, interference, unauthorised access, disclosure, or modification of personal information, including when we dispose of personal information.
We further protect personal information by restricting access to personal information to only those who need access to the personal information to do their job. Physical, electronic and managerial procedures have been employed to safeguard the security and integrity of your personal information.
9. Accessing and correcting your personal information
You may request access to personal information we hold about you. On the rare occasions when we refuse access, we will provide you with a written notice stating our reasons for refusing access. We may seek to recover reasonable costs incurred for providing you with access to any of the personal information about you held by us.
You may also request that information about you be corrected if you do not think that it is accurate. We are not obliged to correct any of your personal information if we do not agree that it requires correction and we may refuse to do so. If we refuse a correction request, we will provide you with a written notice stating our reasons for refusing.
Requests to access or correct personal information should be made in writing to our Privacy Offer at email@example.com. We will respond to all requests to access or correct personal information within a reasonable time.
10. Resolving personal information concerns
If you are dissatisfied with the handling of your complaint, you may contact the Office of the Australian Information Commissioner at GPO Box 5218, Sydney NSW 2001, on 1300 363 992 or via email at firstname.lastname@example.org.