Heffron is an independent SMSF specialist firm that helps trustees, financial advisers and accountants use SMSFs effectively as a retirement saving structure. For 20 years we have been at the forefront of providing SMSF solutions and today we are one of Australia’s largest independent SMSF service providers.
We are bound by the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth) (Privacy Act) and we understand the importance of, and are committed to, protecting your personal information.
We will collect and hold your personal information in a fair and lawful manner, and not in an intrusive way. Where it is reasonably practical to do so, we will collect your personal information directly from you. We may collect personal information through some of the following means:
- from any person nominated by you, including solicitors, accountants and financial planners;
- in the course of administering or providing any of our services, including when you provide us with information verbally, or complete and submit written forms;
- when you subscribe to our email service, or access and use our Website, social media or mobile applications;
- when you communicate with us via telephone, email or facsimile, or otherwise correspond with us (whether in writing or electronically);
- in the course of administering, performing or managing contracts with our service providers or other third parties;
- when you provide us with information in response to direct marketing or customer satisfaction and market research surveys and questionnaires;
- from credit reporting bodies;
- when you apply for employment with us; and
- as otherwise required to manage our business.
However, in some cases, we may also collect personal information from publicly available sources and third parties, such as suppliers, recruitment agencies, referees, credit agencies, banks, contractors and our business partners.
If we collect personal information from a third party we will, where appropriate, request that the third party inform you that we are holding such information, how we will use and disclose it, and that you may contact us to gain access to, correct and update the information.
You have no obligation to provide any personal information requested by us. However, if you choose to withhold personal information, we may not be able to provide you with certain parts of our products or services.
The types of personal information we may collect and hold about you will depend on a range of circumstances, including who you are and which of our services and products you are looking to access or use. In particular, we note that this personal information may often be collected and held as a result of information relating to your SMSF which contains details which identify you or from which your identity is reasonably identifiable.
Generally, the personal information we collect (including as a result of us collecting information about your SMSF) can include, but is not limited to:
- your name, date and place of birth, age, gender, postcode and other demographic information;
- your tax file number;
- information about employer contributions to your Super Fund;
- your contact details, such as your work and personal email, postal addresses and phone numbers;
- information to verify your identify, such as your driver's licence number or passport details;
- billing and financial information (such as your banking or payment information, credit card number, cardholder name and expiration date);
- information relating to your creditworthiness (including the credit information described in section 4 below);
- if you are applying for employment with us, employment information, such as job application information and the results of criminal history checks;
- any information which is publicly available, including on a third party social media service; and
- any other information you provide us from time to time, including your preferences or opinions relating to our products and services, and information relating to surveys, competitions, enquiries or complaints.
In addition, when you access or use our Website, we may collect non-identifiable information about your hardware, software and activities, which can include your IP address, browser type, domain names, pages you accessed and the dates and times you accessed them, how long you spent on those pages and our Website, and referring website addresses (including through the use of 'cookies' as described in section 7 below).
If you do not provide us with the personal information, we request from you, we may not be able to supply the products or services you have requested, or we may be restricted in the way we supply those products or services. Failure to provide the information may result in us having to decline to provide products or services you have requested.
We collect and use personal information about you primarily to supply you with the products and services you order from us and our related companies. We do not sell, rent or lease your personal information to third parties, whether our Partners or otherwise, for marketing purposes.
As a general rule, we only process personal information for purposes that would be considered relevant and reasonable in the circumstances.
In particular, we may collect, hold, use and disclose personal information:
- to offer and provide you with our products and services, or request feedback about products and services you have received;
- to manage and administer those products and services;
- for direct marketing purposes, including to prepare and provide marketing information about our products and services and those of our related companies and other organisations in accordance with the Privacy Act and section 6 below;
- to conduct business planning and research into our customers, including analysing general statistical information regarding the use of our Website;
- in the case of credit information, to assess your creditworthiness for the purposes of an application by you for commercial credit;
- to communicate with you;
- to comply with our legal and regulatory obligations;
- for any purpose disclosed to you and to which you have consented;
- for any purpose that you would otherwise reasonably expect; and
- otherwise to appropriately manage and conduct our business, including performing administrative functions such as billing, accounts and records management.
We may disclose your personal information to any person nominated by you, including solicitors, accountants and financial planners.
We may also disclose personal information to our related companies, agents and organisations or to third parties such as our contractors, suppliers, partners, service providers (including organisations that provide us with technical and support services), or our professional advisors, auditors or consultants, where permitted by the Privacy Act. We may also disclose personal information to entities seeking to acquire all or part of our business, or other entities with your consent. If we disclose information to a third party, we generally require that the third party protect that information to the same extent that we do.
From time to time, where permitted by the Privacy Act, we may collect, hold, use and disclose certain credit and credit eligibility information about you, including:
- your name, current and previous addresses, driver's licence number, date of birth and employer;
- the fact that you have applied to us for one of our products or services and any credit limit on your account;
- your repayment history, including the amount of any payments due to us which are overdue for at least sixty days, and when steps have been taken by us to recover those overdue payments;
- where an overdue payment has been previously reported, advice that the payment is no longer overdue;
- default information, including cheques or credit card payments which have been dishonoured;
- court judgements or bankruptcy orders made against you;
- if, in our opinion, you have committed a serious credit infringement;
- when we cease to provide products or services to you; and
- other credit information that we are able to derive from the above information.
In particular, this credit information may be collected from, or disclosed to, credit reporting bodies. You authorise us to disclose such information to credit reporting bodies to assist them with assessing your creditworthiness for the purposes of us considering an application by you for commercial credit. You also authorise us to collect and use information from credit reporting bodies for the same purpose. We reserve the right to refuse or cancel the supply of products or services on the basis of a credit assessment of you.
If you believe you have been, or are likely to be, a victim of fraud you have the right to request that a credit reporting body not use or disclose your credit information. You can also request that a credit reporting body not use your credit information for the purposes of pre-screening or direct marketing by a credit provider.
We may disclose personal information between our related bodies corporate, where permitted under the Privacy Act. We may also disclose your personal information to external providers located in Australia, India and Sri Lanka to support our data processing activities. However, it is important to note that all personal information provided to us will be hosted on servers located in Australia.
For the avoidance of doubt, in the event that an overseas recipient breaches the APPs, that entity will not be bound by, and you will not be able seek redress under, the Privacy Act.
Like most businesses, marketing is important to our continued success. We believe we have a unique range of products and services that we provide to customers at a high standard. We therefore like to stay in touch with customers and let them know about new opportunities.
From time to time we may contact you with information about new products, services and promotions either from us, or from third parties which may be of interest to you. In these situations, your personally identifiable information is not transferred to the third party. We will not disclose your personal information to third parties for marketing purposes without your consent. When you sign up to one of our products or services you immediately gain access to our monthly newsletter Heffron Highlights as well as any relevant communication as part of the service you signed up for.
Through our email mailing platform we are also able to track if, and when, you open emails from us and your interactions with the content of our emails.
You can opt-out of receiving such marketing communications at any time, by following the opt-out instructions included in such communications. If you opt-out of receiving marketing communications, but subsequently interact with us in a manner which indicates your agreement to once again receive marketing communications, then we may do so until you opt-out again. Please note that if you opt out of marketing communications, you may still see some promotional materials within our products themselves, and will still receive communications from us that are a necessary part of providing or receiving our products and services, and those of our related bodies corporate and Partners, that you choose to use.
Our Website may use 'cookies' as part of its interaction with your internet browser. A 'cookie' is a small text file placed on your computer for a pre-defined period of time by our website server for later retrieval. Cookies are frequently used on websites and you can choose if and how a cookie will be accepted by configuring your preferences and options in your browser. Cookies do not alter the operation of your computer or mobile device in any way.
We use Google Analytics to collect anonymous information and data whenever you access and navigate through our websites. The types of anonymous information we collect include demographic data, the type of device you use, what section of our website you accessed and the specific page you accessed. We collect this information for operational maintenance and statistical purposes to assist us in improving our websites. When you access our websites, your browser automatically sends certain information to Google which is included in our analytical reports. For more information on how Google Analytics operates, see “How Google uses data when you use our partners' sites or apps” (located at www.google.com/policies/privacy/partners/).
We may hold personal information as either secure physical records, electronically on our intranet system, in cloud storage or on third party servers. We implement all infrastructure within Australian borders and adhere to all Australian data sovereignty laws.
There are inherent risks in transmitting information across the internet. Unfortunately, no data transmission over the internet can be guaranteed to be 100% secure. However we strive to protect personal information by maintaining appropriate physical, procedural and technical security for our offices and information storage facilities so as to prevent any loss, misuse, interference, unauthorised access, disclosure, or modification of personal information, including when we dispose of personal information.
We further protect personal information by restricting access to personal information to only those who need access to the personal information to do their job. Physical, electronic and managerial procedures have been employed to safeguard the security and integrity of your personal information.
You are responsible for ensuring that any user name and password that are issued to you are protected at all times from unauthorised access by third parties.
We have implemented a privacy breach notification protocol available on our website, as updated and amended by us from time to time, and you must comply with the applicable terms of the protocol.
You may request access to personal information we hold about you. On the rare occasions when we refuse access, we will provide you with a written notice stating our reasons for refusing access. We may seek to recover reasonable costs incurred for providing you with access to any of the personal information about you held by us.
You may also request that information about you be corrected if you do not think that it is accurate. We are not obliged to correct any of your personal information if we do not agree that it requires correction and we may refuse to do so. If we refuse a correction request, we will provide you with a written notice stating our reasons for refusing.
Requests to access or correct personal information should be made in writing to our Privacy Offer at email@example.com. We will respond to all requests to access or correct personal information within a reasonable time.
If you are dissatisfied with the handling of your complaint, you may contact the Office of the Australian Information Commissioner at GPO Box 5218, Sydney NSW 2001, on 1300 363 992 or via email at firstname.lastname@example.org.
This document was last updated on 1 January 2020.