Information Security
How does CFA and its Advisers keep my Personal Information secure and for how long is it kept?
We take all reasonable steps to ensure that your Personal Information is kept secure and is protected from misuse, loss and unauthorised access, modification and disclosure. If we have your Personal Information accessible on the secure member sections of our website, we will ensure that this information is protected.
We retain your Personal Information for as long as we need it to provide the Financial Services you have requested from us and, in some circumstances, to comply with other statutory requirements. For example, under the Corporations Act 2001 (Cth), we are obligated to retain a client’s ‘financial planning file’ for a period of 7 years from the date of our last provision of service. As required under the privacy law, we will take reasonable steps to permanently de-identify or destroy Personal Information that is no longer needed.
Safeguarding the privacy of your information is important to us, whether you interact with us personally, by phone, mail, over the Internet, or other electronic medium. We train our employees, Advisers and their staff who handle Personal Information to respect the confidentiality of client information and the privacy of individuals.
ClearView Group has appointed a Privacy Officer to ensure that the management of Personal Information is in accordance with the Policy and the Privacy Act 1988.
Cross-border Disclosure of Personal Information (overseas recipients)
In the course of providing you with Financial Services, we may engage in the services of organisations based overseas, or organisations based in Australia that utilise services themselves from overseas. Some of the organisations to which we may disclose your Personal Information may be located outside Australia, including New Zealand, Japan, South Africa (XPLAN), USA (DropBox), Serbia, member states of the European Union, India, Vietnam, Malaysia, Singapore, Thailand, Sri Lanka, Cambodia, Hong Kong and the Philippines. Where Personal Information is disclosed to these overseas locations, we expect these organisations to comply with this Policy and any relevant privacy laws and regulations applicable to their jurisdiction.
Dealing with breaches
We consider breaches of your privacy to be very serious. If this happens, we will ensure that appropriate investigation occurs in a timely fashion, and where necessary, apply appropriate consequence management and/or remediation (including dismissal in some cases).
We will be required to notify you and the Office of the Australian Information Commissioner (OAIC) if an ‘eligible data breach’ occurs in relation to your Personal Information that is held by us or another entity with whom we have shared your information. A data breach may occur if your Personal Information is lost or subjected to unauthorised access, modification, disclosure or other misuse or interference, and it is generally notifiable if there is a risk of ‘serious harm’ (for example, financial or reputational harm) to you due to the breach. This obligation extends to breaches that occur within Australia, and overseas.
We will also report any privacy breach as required under any other applicable laws.