Our Privacy Policy
Privacy Policy
Privacy Policy
The Flag Group is committed to protecting personal information provided to us by our clients, contractual counterparties, service providers and other persons, in accordance with our legal obligations, including under the Privacy Act 1988 (Cth) (“Act”) and the Australian Privacy Principles (“APP”).
This Privacy Policy outlines how we collect, store, use and disclose personal information.
- 1. What is personal information?
Personal information is information or an opinion about an identified individual or an individual who is reasonably identifiable. Employee records associated with existing or former employee relationships (other than tax file numbers) of private sector employees are outside the scope of the Act.
2. What personal information do we collect?
We collect personal information reasonably required by us to carry on our financial services business. This includes:
- Your name, employer, contact information such as email address, phone number, and other business information in the course of establishing and/or conducting a client, contractual or other business relationship;
- Your name, date of birth, identification documents, contact information, employment and background information where you are seeking employment with the Flag Group. We may collect information from you directly or via a recruitment agency;
- Your identification documents where required by law or regulation;
- Information from public databases or registers such as regulator websites, criminal history databases, and court records, where we are required by regulation to undertake background checks;
- Your name and contact details where you contact us to make an enquiry or provide feedback about our services.
We will not collect sensitive personal information unless required by law.
3. What if you do not provide certain information?
You can choose not to provide us with your personal information. If you do not provide us with the personal information we request, such as identity verification documents, we may not be able to provide your institution with financial products or services or undertake, process transactions requested by our client or respond to your enquiry or query.
4. How we use your personal information?
We use your information for the purpose for which it was collected as well as related purposes. This includes for the following purposes:
- conducting Flag Group’s business activities;
- establishing and conducting a client, contractual, or service relationship with your institution;
- complying with our legal obligations including know-your-client obligations, obligations under Anti-Money Laundering and Counter-Terrorism financing legislation and taxation legislation, and sanctions screening obligations;
- offering and providing financial products and services to your institution and managing our obligations in connection with such products and services;
- if attending our offices in person, to assist us in providing a safe and secure environment for employees and visitors;
- assessing and processing employment applications; and
- responding to enquiries, disputes, or complaints.
5. Disclosure of personal information
We may disclose your personal information:
- to regulatory or governmental agencies such as ASIC, AUSTRAC or the ATO or an enforcement body to comply with our legal or regulatory obligations;
- where required by law or reasonably necessary in connection with legal proceedings or pursuant to a sub poena or other binding directive;
- to our officers, employees, contractors, related bodies corporate, professional advisers and to service providers (such as IT providers, background checkers, legal advisers, and auditors) in connection with the conduct of Flag Group’s business activities to the extent necessary for the service provider to discharge their obligations to us; and
- authorised third parties such as the institution on whose behalf you are acting or are authorised to act, as well as your institution’s custodian, legal or other professional advisers where reasonably necessary or required.
Flag Group has contractual arrangements in place with its professional advisers and service providers to ensure that they comply with privacy laws, and maintain confidentiality and security of such personal information.
We will retain your personal information for so long as we are required to do so by law and pursuant to regulatory record retention requirements.
6. Transborder data flows
We may disclose your personal information to our service providers who may be located in countries outside Australia, such as the United States.
7. Direct Marketing
We do not expect to use your personal information for direct marketing purposes. You may opt-out of receiving any communication from us in relation to our products, services or business by sending us a request -Please see the “Contacting us” information below.
8. Quality of Personal Information
We take all reasonable steps to ensure that your personal information is accurate, complete and up to date. We ask that keep us informed of any changes to your information by notifying us. Please see the “Contacting us” information below if you would like to request an update to the personal information we hold about you.
9. Accessing and Correcting Personal Information
You may request access to personal information we hold about you at any time unless for legal reasons we are unable to do so, and you may request us to correct that information if you believe it is inaccurate, incomplete, out of date or misleading. We will respond to your request within 30 days. If we consider that the information does not need correcting then we will let you know the reasons why, when we respond.
- 10. Security of your Personal Information
We store personal information in a combination of computer storage facilities, paper-based files and other records. For information held in our computer facilities, we record your personal information in secure systems requiring logins and passwords for access. Access is limited to staff who need to access your information for one of the purposes described above. Our staff are required maintain confidentiality of personal information held by us. Some personal information is held electronically by trusted third parties and by data service providers located overseas (such as “Cloud” service providers for data storage and management purposes). We maintain effective control and confidentiality of the information under contractual arrangements.
We take all reasonable steps to protect personal information against misuse or loss, unauthorised access, modification or disclosure and, subject to our regulatory record-retention obligations, will destroy the information as soon as it is no longer needed.
- 11. Notifiable Data Breach
If we become aware of any data breach concerning personal information, we are required under the Act to determine whether any “eligible data breach” (as defined in the Act) has occurred. If we determine that there has been an eligible data breach, then we are required to notify the affected individuals as soon as practicable of the details of the breach and the recommended steps that the relevant individuals should take in response. We may also be required to notify the Office of the Australian Information Commissioner.
- 12.Contact for privacy matters
If you wish to request access to your personal information we hold, or if you have any questions or concerns about your personal information that we hold, you should contact us on 61 2 8934 9900, or write to us at:
The Compliance Officer
Flag Asset Management Pty Ltd
Level 4
285-287 George Street
Sydney
NSW 2000
Email: info@flaggroup.com.au
You may also contact the Office of the Australian Information Commissioner by phone on 1300 363 992; via the OAIC website at oaic.gov.au; or by mail at GPO Box 5288, Sydney NSW 2001.
- 13. Use of our website
We may collect some information from you when you visit our website. Your use of the facilities and services available through the website will determine the amount and type of information that we may collect about you. Some of this information will not be personal information because it will not reveal your identity. We may use third party web analytics providers to collect information on how people use our website and to help us know what our customers find interesting and useful in our website. Our web analytics providers use “cookies” and in some cases “clear gifs/web beacons” to collect information.
The only personal information which we collect about you when you use the website is what you tell us about yourself; for example, by completing an online form such as an application form or by sending us an email. We will record your email address if you send us an email.
Cookies are small text files transferred onto your computer when you visit a website so that sites can record usage and, in some cases, provide you with tailored content or targeted advertising. Most web browsers are set to accept cookies. However, if you do not wish to receive any cookies you may set your web browser to refuse cookies.
Clear gifs (also known as web beacons) are used in combination with cookies to help us understand how visitors interact with our website. A clear gif is typically a transparent graphic image (usually 1 pixel x 1 pixel) that is placed on a site. The use of a clear gif allows us to measure the actions of the visitor opening the page that contains the clear gif.
- 14. Changes to our Privacy Policy
We may make changes to our Privacy Policy from time to time and will publish any updated Privacy Policy on our website.