Introduction

Heffron is an independent SMSF specialist firm that helps trustees, financial advisers and accountants use SMSFs effectively as a retirement saving structure. For 25 years we have been at the forefront of providing SMSF solutions and today we are one of Australia’s largest independent SMSF service providers.

We are bound by the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth) (Privacy Act) and we understand the importance of, and are committed to, protecting your personal information.

This Privacy Policy explains how we manage your personal information (that is, information or an opinion about you, whether true or not, which identifies you or from which your identity is reasonably identifiable), including our obligations and your rights in respect of our dealings with your personal information.

Please take a moment to read our Privacy Policy carefully, as it describes the way in which we collect, hold, use and disclose your personal information. References in this Privacy Policy to “we”, “us” and “our” are to members of the “Heffron Group”, meaning Heffron Consulting Pty Limited and its related body corporates (as that term is defined in the Corporations Act 2001 (Cth)). This Privacy Policy applies to our products and services offered and to our website at https://www.heffron.com.au/ (the Website).

We refer throughout our Privacy Policy to ‘personal information’ which means information that identifies you as an individual or from which you can reasonably be identified. An individual’s name, address and telephone numbers are all examples of ‘personal information’.

 

1. How we collect and hold your personal information

We will collect and hold your personal information in a fair and lawful manner, and not in an intrusive way. Where it is reasonably practical to do so, we will collect your personal information directly from you. We may collect personal information through some of the following means:

  • from any person nominated by you, including (but not limited to) solicitors, accountants and financial planners;
  • in the course of administering or providing any of our services, including when you provide us with information verbally, or complete and submit written forms;
  • when you subscribe to our email service, or access and use our Website, social media or mobile applications;
  • when you communicate with us via telephone, email or facsimile, or otherwise correspond with us (whether in writing, verbally or electronically);
  • in the course of administering, performing or managing contracts with our service providers or other third parties;
  • when you provide us with information in response to direct marketing or customer satisfaction and market research surveys and questionnaires;
  • from credit reporting bodies;
  • when you apply for employment with us; and
  • as otherwise required to manage our business.

We may also collect personal information from publicly available sources and third parties, such as suppliers, recruitment agencies, referees, credit agencies, banks, contractors and our business partners. 

When personal information that relates to you is provided to us by a third party, we rely on the third party providing us with the information to ensure they have obtained your consent, to enable us to collect and hold your personal information as described in this privacy policy. 

You have no obligation to provide any personal information requested by us. You may also choose to engage with us anonymously or by using a pseudonym. However, these options may not be available in circumstances where Australian law, or a court or tribunal, requires you to disclose your identity, or where it is impracticable for us to proceed without identifying you. If you do choose to engage with us in this manner, we may not be able to provide you with access to certain parts or all of our products or services, and this may result in us having to decline to provide products or services you have requested.

 

2. Types of personal information we collect and hold

The types of personal information we may collect and hold about you will depend on a range of circumstances, including who you are and which of our services and products you are looking to access or use. In particular, we note that this personal information may often be collected and held as a result of information relating to your SMSF which contains details which identify you or from which your identity is reasonably identifiable.

Generally, the personal information we collect (including as a result of us collecting information about your SMSF) can include, but is not limited to:

  • your name, date and place of birth, age, gender, postcode and other demographic information;
  • your tax file number;
  • information about employer contributions to your Super Fund;
  • your contact details, such as your work and personal email, postal addresses and phone numbers;
  • information to verify your identify, such as your driver's licence number or passport details;
  • billing and financial information (such as your banking or payment information, credit card number, cardholder name and expiration date);
  • information relating to your creditworthiness (including the credit information described in section 4 below);
  • if you are applying for employment with us, employment information, such as job application information and the results of criminal history checks;
  • any information which is publicly available, including on a third party social media service; and
  • any other information you provide us from time to time, including your preferences or opinions relating to our products and services, and information relating to surveys, competitions, enquiries or complaints. 

We will only collect and hold sensitive information about you with your consent, or unless required to collect and hold under Australian Law.

In addition, when you access or use our Website, we may collect non-identifiable information about your hardware, software and activities, which can include your IP address, browser type, domain names, pages you accessed and the dates and times you accessed them, how long you spent on those pages and our Website, and referring website addresses (including through the use of 'cookies' as described in section 8 below).

 

3. Our purposes for handling your personal information

We collect, hold, use and disclose personal information about you primarily to supply you with the products and services you order from us and our related companies. 

As a general rule, we only process personal information for purposes that would be considered relevant and reasonable in the circumstances.

In particular, we may collect, hold, use and disclose personal information:

  • to offer and provide you with our products and services, or request feedback about products and services you have received;
  • to manage and administer those products and services;
  • for direct marketing purposes, including to prepare and provide marketing information about our products and services and those of our related companies and other organisations in accordance with the Privacy Act and section 6 below;
  • to conduct business planning and research into our customers, including analysing general statistical information regarding the use of our Website;
  • in the case of credit information, to assess your creditworthiness for the purposes of an application by you for commercial credit;
  • to communicate with you;
  • to comply with our legal and regulatory obligations;
  • for any purpose disclosed to you and to which you have consented;
  • for any purpose that you would otherwise reasonably expect; and
  • otherwise to appropriately manage and conduct our business, including performing administrative functions such as billing, accounts and records management.

We may disclose your personal information to any person nominated by you, including (but not limited to) solicitors, accountants and financial planners.

We may also disclose personal information to our related companies, agents and organisations or to third parties such as our contractors, suppliers, partners, service providers (including organisations that provide us with technical and support services), or our professional advisors, auditors or consultants, where permitted by the Privacy Act. We may also disclose personal information to entities seeking to acquire all or part of our business, or other entities with your consent. If we disclose information to a third party, we generally require that the third party protect that information to the same extent that we do.

 We may be required by law to disclose your personal information if it is reasonably necessary for one or more enforcement-related activities carried out by, or on behalf of, an authorised enforcement body.

 

 

4. Credit reporting

From time to time, where permitted by the Privacy Act, we may collect, hold, use and disclose certain credit and credit eligibility information about you, including:

  • your name, current and previous addresses, driver's licence number, date of birth and employer;
  • the fact that you have applied to us for one of our products or services and any credit limit on your account;
  • your repayment history, including the amount of any payments due to us which are overdue for at least sixty days, and when steps have been taken by us to recover those overdue payments;
  • where an overdue payment has been previously reported, advice that the payment is no longer overdue;
  • default information, including cheques or credit card payments which have been dishonoured;
  • court judgements or bankruptcy orders made against you;
  • if, in our opinion, you have committed a serious credit infringement;
  • when we cease to provide products or services to you; and
  • other credit information that we are able to derive from the above information.

In particular, this credit information may be collected from, or disclosed to, credit reporting bodies. You authorise us to disclose such information to credit reporting bodies to assist them with assessing your creditworthiness for the purposes of us considering an application by you for commercial credit. You also authorise us to collect and use information from credit reporting bodies for the same purpose. We reserve the right to refuse or cancel the supply of products or services on the basis of a credit assessment of you.

If you believe you have been, or are likely to be, a victim of fraud you have the right to request that a credit reporting body not use or disclose your credit information. You can also request that a credit reporting body not use your credit information for the purposes of pre-screening or direct marketing by a credit provider.

 

5. Overseas transfers of personal information

We may disclose personal information between our related bodies corporate, where permitted under the Privacy Act. We may also disclose your personal information to external providers located in (but not limited to) Australia, India and Sri Lanka to support our data processing activities. However, it is important to note that all personal information provided to us will be hosted on servers located in Australia.

By providing your personal information to us, you consent to us disclosing your personal information to any such overseas recipients for purposes necessary or useful in the course of operating our business and agree that APP 8.1 will not apply to such disclosures. 

For the avoidance of doubt, in the event that an overseas recipient breaches the APPs, that entity will not be bound by, and you will not be able seek redress under, the Privacy Act.

 

6. Direct marketing

Like most businesses, marketing is important to our continued success. We believe we have a unique range of products and services that we provide to customers at a high standard. We therefore like to stay in touch with customers and let them know about new opportunities.

We run a number of face-to-face and virtual events and, from time to time, we may engage Partners for these events. When you register for a Heffron event, we will clearly state if a Partner is involved and whether your details may be shared. You will have the option to opt out of Partner communications, if you choose to.

From time to time, we may also contact you with information about new products, services and promotions either from us, or from third parties which may be of interest to you. In these situations, your personally identifiable information is not transferred to the third party. We will not disclose your personal information to third parties for marketing purposes without your consent.

 When you sign up to one of our products and services, you will receive relevant communication as part of the service you signed up for, as well as our monthly newsletter.

Through our email mailing platform we are also able to track if, and when, you open emails from us and your interactions with the content of our emails.

You can opt-out of receiving such direct marketing communications at any time by following the opt-out instructions included in such communications. We will action your request within a reasonable period of time, after the request is made.

If you opt-out of receiving marketing communications, but subsequently interact with us in a manner which indicates your agreement to once again receive marketing communications, then we may do so until you opt-out again. Please note that if you opt out of marketing communications, you may still see some promotional materials within our products themselves, and will still receive communications from us that are a necessary part of providing or receiving our products and services, and those of our related bodies corporate and Partners, that you choose to use.

 

7. Research and development

We may share your personal information with professional bodies and industry associations to facilitate research and development aimed at enhancing our products and services. Such sharing will be conducted in accordance with applicable privacy laws and only when necessary for these purposes.

Personal information shared to professional bodies and industry associations will be anonymised and only information relevant to the research and development will be provided. If we disclose information to a third party, we generally require that the third party protect that information to the same extent that we do.

You can request that your information is not provided as part of this data collection process and there are no adverse consequences of choosing to opt out. To opt out, please contact our Privacy Officer at Heffron, PO Box 200, MAITLAND NSW 2320, or via email at privacy.officer@heffron.com.au.

 

8. Website cookies and analytics

We may also collect personal information to assist in the delivery of products and services through the use of cookies and website analytics.

Our Website may use 'cookies' as part of its interaction with your internet browser. A 'cookie' is a small text file placed on your computer for a pre-defined period of time by our website server for later retrieval. Cookies are frequently used on websites and you can choose if and how a cookie will be accepted by configuring your preferences and options in your browser. Cookies do not alter the operation of your computer or mobile device in any way. 

We use cookies to identify specific machines and website interactions in order to collect aggregate information on how visitors are experiencing the Website. This information will help to better adapt the Website to suit our customers' requirements. While cookies allow a computer to be identified, they do not permit any reference to a specific individual.

We use Google Analytics to collect anonymous information and data whenever you access and navigate through our websites. The types of anonymous information we collect include demographic data, the type of device you use, what section of our website you accessed and the specific page you accessed. We collect this information for operational maintenance and statistical purposes to assist us in improving our websites. When you access our websites, your browser automatically sends certain information to Google which is included in our analytical reports. For more information on how Google Analytics operates, see “How Google uses data when you use our partners' sites or apps” (located at https://policies.google.com/technologies/partner-sites).

 

9. Protection of personal information

We may hold personal information as either secure physical records, electronically on our intranet system, in cloud storage or on third party servers. We implement all infrastructure within Australian borders and adhere to all Australian data sovereignty laws.

There are inherent risks in transmitting information across the internet. Unfortunately, no data transmission over the internet can be guaranteed to be 100% secure. However we strive to protect personal information by maintaining appropriate physical, procedural and technical security for our offices and information storage facilities so as to prevent any loss, misuse, interference, unauthorised access, disclosure, or modification of personal information, including when we dispose of personal information.

We take reasonable steps to destroy or permanently de-identify personal information when it is no longer required for the purposes for which it was collected, or once our services have concluded. Please note that certain legal and regulatory obligations may require the retention of specific personal information for mandatory time periods.

We further protect personal information by restricting access to personal information to only those who need access to the personal information to do their job. Physical, electronic and managerial procedures have been employed to safeguard the security and integrity of your personal information.

You are responsible for ensuring that any user name and password that are issued to you are protected at all times from unauthorised access by third parties.

 

10. Accessing and correcting your personal information

You may request access to personal information we hold about you. On the rare occasions when we refuse access, we will provide you with a written notice stating our reasons for refusing access. We may seek to recover reasonable costs incurred for providing you with access to any of the personal information about you held by us.

You may also request that information about you be corrected if you do not think that it is accurate. We are not obliged to correct any of your personal information if we do not agree that it requires correction and we may refuse to do so. If we refuse a correction request, we will provide you with a written notice stating our reasons for refusing.

Requests to access or correct personal information should be made in writing to our Privacy Offer at privacy.officer@heffron.com.au. We will respond to all requests to access or correct personal information within a reasonable time and in accordance with the requirements of the Privacy Act. 

 

11. Resolving personal information concerns

If you have any questions, concerns or complaints about this Privacy Policy, or how we handle your personal information (including under the APPs or other binding codes), please contact our Privacy Officer at Heffron, PO Box 200, MAITLAND NSW 2320, or via email at privacy.officer@heffron.com.au. We take all complaints seriously and will respond to your complaint within a reasonable period and in accordance with the requirements of the Privacy Act.

If you are dissatisfied with the handling of your complaint, you may contact the Office of the Australian Information Commissioner at GPO Box 5218, Sydney NSW 2001, on 1300 363 992 or via online enquiry form (located here: OAIC Web Form).

 

12. Changes

We may revise our Privacy Policy from time to time by providing a revised version on our website. Our revised Privacy Policy will take effect from the time it is posted on our website. Please periodically check our Privacy Policy to ensure you are aware of any recent updates.

This document was last updated on 20 October 2025.

Download Privacy Policy

© 2025 Heffron Consulting Pty. Ltd. trading as Heffron.  |  ABN 88 084 734 261  |  AFSL 241739  |  All rights reserved.

The information shown on this site is general information only, it does not constitute any recommendation or advice; it has been prepared without taking into account your personal objectives, financial situation or needs and you should consider its appropriateness with regard to these factors before acting on it. Any taxation position described is a general statement and should only be used as a guide. It does not constitute tax advice and is based on the tax and superannuation laws which applied at the time the information was prepared and our interpretation. Your individual situation may differ, the tax and superannuation laws may have changed and you should seek independent up to date professional tax advice. You should also consider obtaining personalised advice from an adviser holding an Australian Financial Services Licence before making any financial decisions in relation to the matters discussed.

×