How we handle your personal information
1. Your privacy is important to us
We know that how we collect, use, exchange and protect your information is important to you, and we value your trust. That’s why protecting your information and being clear about what we do with it is a vital part of our relationship with you.
Please note that during the course of our relationship with you, we may tell you more about how we handle your information. This could be when you complete an application form, or receive terms and conditions or a product disclosure document. When you receive this further information, please consider it carefully. Please also visit our website regularly as we update this policy from time to time.
2. About CFSGAM
Colonial First State Global Asset Management (CFSGAM) known as First State Investments (FSI) outside of Australia, is the wholly owned asset management division of the Commonwealth Bank of Australia (CBA).
This Website is owned, maintained, operated and communicated by CFSGAM IP Holdings Pty Limited ACN 625 765 399 (“CIHPL”). CIHPL’s registered office is at Ground Floor, Tower 1, 201 Sussex Street, Sydney, NSW 2000, Australia. CIHPL is part of Colonial First State Global Asset Management.
For more information about CFSGAM, including its relationship with CBA, please see the About us section or the Bank’s Annual Report available on its website.
3. Information we collect Information we collect from you
We collect information about you and your interactions with us, for example when you request or use our products or services, phone us or visit any of our websites. When you use our website we may collect information using Cookies. For more information please refer to the Terms and conditions.
The information we collect from you may include your identity and contact details, and other personal details such as financial information. Where applicable, we also collect information about individuals, for example directors, officers and key management personnel.
Information we collect from others
We collect information about you from others, such as service providers, agents, advisers and brokers.
We may collect information about you that is publicly available, for example from public registers or made available by third parties.
The Privacy Act also protects your sensitive information. If we need to obtain this type of information, we will ask for your consent, except where otherwise permitted by law.
4. How do we use your information?
We collect, use and exchange your information so that we can:
- establish your identity and assess applications for products and services
- price and design our products and services
- administer our products and services
- manage our relationship with you
- manage our risks and help identify and investigate illegal activity, such as fraud
- contact you, for example if we suspect fraud on your account or need to tell you something important
- conduct and improve our businesses and improve the customer experience
- comply with our legal obligations and assist government and law enforcement agencies or regulators
- identify and tell you about other products or services that we think may be of interest to you.
We may also collect, use and exchange your information in other ways where permitted by law.
If you don’t want to receive direct marketing, you can tell us by using any of the methods set out in section 10.
Gathering and combining data to get insights Improvements in technology enable organisations like ours to collect and use information to get a more integrated view of customers and provide better products and services.
We may combine customer information it has with information available from a wide variety of external sources (for example census or public data). Our Group1 members are able to analyse the data in order to gain useful insights which can be used for any of the purposes mentioned earlier in this section 4.
In addition, Group members may provide data insights or related reports to others, for example to help them understand their customers better. These are based on aggregated information and do not contain any information that identifies you.
5. Who do we exchange your information with?
We exchange your information with other members of the Group, so that the Group may adopt an integrated approach to its customers. Group members may use this information for any of the purposes mentioned in section 4.
We may exchange your information with third parties where this is permitted by law or for any of the purposes mentioned in section 4.
Third parties include:
- service providers, for example custodians, brokers, unit registry services or correspondent banks
- those to whom we outsource certain functions, for example, direct marketing, statement production, information technology support
- brokers, agents and advisers and persons acting on your behalf, for example a custodian or asset consultant
- other financial institutions, for example so that we can process a claim for mistaken payment
- government and law enforcement agencies or regulators; and
- entities established to help identify illegal activities and prevent fraud
Sending information overseas
From time to time we may send your information overseas, including to overseas Group members and to service providers or other third parties who operate or hold data outside of your country.
Where we do this, we make sure that appropriate data handling and security arrangements are in place. Please note that Australian law may not apply to some of these entities.
We may also send information overseas to complete a particular transaction, such as an International Money Transfer, or where this is required by laws and regulations.
For more information about which countries your information may be sent to is provided at section 9 of this policy.
1 Group is a reference to Commonwealth Bank of Australia group of companies.
6. Keeping your information secure
We keep your records on our premises and systems or offsite using trusted third parties. Our security safeguards include:
We train and remind our staff of their obligations with regard to your information.
Taking precautions with overseas transfers and third parties
When we send information overseas or use third parties that handle or store data, we ensure that appropriate data handling and security arrangements are in place.
We have firewalls, intrusion detection systems and virus scanning tools to protect against unauthorised persons and viruses accessing our systems.
When we send your electronic data outside the Group we use dedicated secure networks or encryption.
We limit access by requiring use of passwords and/or smartcards.
We have protection in our buildings against unauthorised access such as alarms, cameras and guards.
Destroying data when no longer required
Where practical, we keep information only for as long as required (for example, to meet legal requirements or our internal needs).
Can I get access to my information?
7. Accessing, updating and correcting your information
You can ask for access to your information by calling us, going online or contacting your relationship manager.
Is there a fee?
There is no fee charged for accessing your information.
How long does it take to gain access to my information?
We try to make your information available within 30 days of your request. Before we give you the information, we’ll need to confirm you are appropriately authorised to access the information, which may include an identity verification process.
Can you deny or limit my request for access?
In certain circumstances we’re allowed to deny your request, or limit the access we provide. For example we might not provide you access to commercially sensitive information. Whatever the outcome, we’ll contact you explaining our decision.
Updating your basic information
It’s important that we have your correct details, such as your current address and telephone number. You can check or update your information by contacting your relationship manager.
Can I correct my information?
You can ask us to correct any inaccurate information we hold or have provided to others by contacting us. If the information that is corrected is information we have provided to others, you can ask us to notify them of the correction. We don’t charge a fee for these requests.
If we’re able to correct your information, we’ll inform you when the process is complete.
What if we disagree that the information should be corrected?
If we disagree with you that information should be corrected, we’ll let you know in writing our reasons. You can ask us to include a statement with the relevant information, indicating your view that the information is inaccurate, misleading, incomplete, irrelevant or out-of-date.
We will take reasonable steps to comply with such a request.
We’re here to help:
8. Making a privacy complaint
We accept that sometimes we can get things wrong.
If you have a concern about your privacy, you have a right to make a complaint and we’ll do everything we can to put matters right.
How do I make a complaint?
To lodge a complaint, please get in touch with us using your point of contact or local office from the Contact us page on this website. We’ll review your situation and try to resolve it straight away.
How do we handle a complaint?
We acknowledge every complaint we receive and provide our name and contact details of the investigating officer. We keep you updated on the progress we’re making towards fixing the problem.
Usually, it takes only a few days to resolve a complaint. However, if we’re unable to provide a final response within 7 business days we’ll contact you to explain why and discuss a timeframe to resolve the complaint.
If you’re not satisfied with our handling of your matter, you can refer your complaint for external dispute resolution. We suggest you do this only once you’ve first followed our internal complaint processes set out above.
If your complaint is about the way we handle your personal information, you may contact the Office of the Australian Information Commissioner by calling them at 1300 363 992, online at www.oaic.gov.au or writing to the Office of the Australian Information Commissioner, GPO Box 5218 Sydney NSW 2001.
9. When we send your information overseas
Generally, we use systems and service teams located in Australia, however some of our services are located in our related offices globally.
From time to time we may send your information to recipients overseas, including our offices, to service providers or other third parties who operate or hold data outside Australia. We may also send information overseas to complete a particular transaction, or where this is required by laws and regulations.
Where your information is sent overseas, it may be sent to one of the following countries:
- Hong Kong
- Ireland (Republic of)
- New Zealand
- United Kingdom
- United States
10. How to contact us or find out more
Commonwealth Bank website for Group privacy policies and information on how we manage your information within the organisation: www.commbank.com.au
For privacy related queries, access or correction requests, or complaints, please contact your relationship manager in the first instance.
For more information about the Australian Privacy Principles and the Privacy Act
www.oaic.gov.au (Office of the Australian Information Commissioner)
Issue Date: 16 May 2018 Colonial First State Global Asset Management