This Policy is effective from 14 June 2023.
Automic Pty Ltd (ACN 152 260 814) and each of its related bodies corporate (“Automic”, “Automic Group”, “we”, “us” and “our”) are committed to complying with our Privacy obligations¹.
To provide our services effectively, we necessarily collect, record, and utilise Personal Information. We are entrusted by the people we serve to respect and protect that data. We enter contracts and are also subject to laws, that impose strict obligations and potential penalties. Failing to maintain privacy can have harmful impacts for individuals, clients, as well as the Automic Group. Therefore, it is imperative that we handle data professionally, respectfully and in compliance with our obligations.
The purpose of this Policy is to explain what information we collect and why, what we do with the information we hold, and sets out the principles governing how we manage privacy.
This policy applies to:
It covers all Personal Information we collect, including data relating to our clients, prospective clients and their investors, customers, and employees.
Personal Information means information or an opinion that relates to an identified individual, or an individual who is reasonably identifiable, and has the same meaning as given by the Privacy Act³. In this Policy, any references to Personal Information should be taken to include sensitive information unless otherwise specified.
The types of Personal Information collected and the purposes for which they are used may include, but are not limited to, the following:
Examples of what this might include
Identity and contact details
Your name, title, signature, date of birth, gender, citizenship and/or residency details, tax residency details, government issued identifiers (including photographic proof of identity), postal and residential address details, email address, telephone numbers, mobile telephone numbers, social media handles, salary details, work and education history, membership of industry bodies and professional associations, occupation, job title, login credentials to our portals and responses to user defined personal security questions.
To conduct Automic Group’s business operations and communicate with impacted individuals.
To provide individuals with the products and services they have requested or are entitled to receive.
To market Automic Group’s products and services.
To comply with our and/or our clients’ legal obligations.
Financial and payment information
Bank account details, credit/debit card details, tax file number, Holder Identification Number, Security Reference Number, details of relevant investments, wholesale client certificate information including gross and net wealth, source of funds and source of wealth.
To conduct Automic Group’s business operations and provide individuals with the products of services they have requested or are entitled to receive.
To comply with our and/or our clients’ legal obligations, including to protect individuals, Automic and our clients from error or fraud.
Photographic identity documents (E.g. Passport) where an individual’s racial or ethnic origin or religious beliefs is apparent.
Health information such as visual or hearing impairment.
Employment related information.
To aid effective communication.
To conduct Automic Group’s business operations, comply with our and/or our clients’ legal obligations.
We will collect Personal Information directly from the individual and not from third parties unless authorised or required by law. For example, Automic Group may obtain information from an Issuer or a stock exchange in respect of share/unit registry services, or an individual’s employer for the administration of an employee share plan. Where we take over the provision of services from a previous provider, as part of any transition, we ordinarily receive Personal Information necessary for the provision and continuity of services, from our client and/or their previous service provider. In those circumstances, we will record and use the inherited Personal Information without contacting or collecting the information from you.
We only collect sensitive information that is reasonably necessary for our functions and activities, where the individual has consented to the collection unless authorised or required by law.
By providing us with your sensitive information, you consent to the sensitive information specified in this policy being collected, used, and disclosed in accordance with this Policy. You have the right to:
However, in both cases this may have an impact on our ability to provide services or our dealings with you. Automic Group will notify you of the consequences if you do not consent to the collection of any sensitive information.
We outline the purpose of collecting an individual’s Personal Information to them. If an additional purpose arises, we will generally obtain their consent and/or notify them, unless permitted under law or the purpose is related to the primary or secondary purpose already disclosed. In line with modern business practices common to many financial institutions, an individual’s Personal Information may be disclosed to the following organisations:
Who we disclose to
Why/for what purpose
The Fund or Company issuing units, shares, or options in which you have an interest, (including current or former employer in relation to employee share plans) and other relevant product providers
Professional, technical, or expert service providers, such as accountants, auditors, legal, compliance, tax and information security consultants and advisers.
For the purposes of obtaining expert advice and/or assurance to promote and safeguard the integrity and security of information or ensure our compliance with legal obligations.
Contractors or temporary staff to handle workloads during peak periods
To enable communication with individuals, provision of cheque payments and to discharge regulatory requirements.
Information technology service providers
To enable the secure storage of Personal Information; or other information technology purposes such as enhancement to systems or cybersecurity penetration testing, or issue resolution.
Government and regulatory authorities and/or registries as required or authorised by law
To identify, investigate or prevent fraud or other misconduct, to resolve any complaints, to satisfactorily respond to any government or regulatory authority inquiries and otherwise satisfy our legal obligations.
Potential purchasers (including their staff, agents and advisers) involved in the proposed or actual sale of any Automic Group business, for the purpose of due diligence, corporate re-organisation, and transfer of all or part of Automic Group or its assets
To facilitate any actual or prospective sale or other changes (and potential changes) to entities that make up Automic Group or Automic Group service or products and meet our legal obligations in these respects. Disclosure will be made in confidence, and it will be a condition of that disclosure that no Personal Information will be used or disclosed by them.
Our Insurance Brokers, Underwriters, and Insurers
To obtain, or make a claim on, a policy of insurance, where Personal Information is necessary for the underwriting or assessment of any proposal or claim.
We may use cloud storage and IT servers that may be located overseas in countries, such as the United States of America, to store the Personal Information we hold. We will notify individuals of any proposed disclosure of their Personal Information to an overseas entity.
You may request access to any Personal Information that we hold about you. We will need to verify your identity prior to disclosing any Personal Information. We will not charge you for requesting access, however, we may charge a reasonable fee to reimburse the cost of fulfilling any specific request (e.g. historic searches, copying and postage costs).
Unless permitted or required by law, we will not provide any other person access to your Personal Information without express authorisation. We may refuse access to your Personal Information where permitted by law or where providing access would be unlawful, pose a serious threat to the health and safety of any individual, or if there is reason to suspect unlawful activity or misconduct.
When we receive a request for access, we will usually respond to the individual within seven days but, depending on the nature of the request, may require up to 30 days from the receipt of your request to respond and provide you with the Personal Information requested. If you are requesting a large amount of Personal Information, or the request cannot be dealt with immediately, then after we have investigated the request for access, we will advise you what Personal Information we hold and provide details of that Personal Information. If Automic Group does not provide access to the information, we will provide written reasons setting out why we do not believe it is appropriate to provide access.
You can inform us about any inaccuracies in the personal information we hold about you and request us to correct the information. We will not charge you to correct of your Personal Information and will normally respond within 30 days. If we do not correct your Personal Information as requested, we will notify you of the reasons.
Where possible and appropriate, we will provide general information to individuals who choose not to personally identify themselves. However, this may not be practicable where it restricts, prevents, or prohibits our ability to provide services.
We may use your Personal Information to provide personalised direct marketing in relation our services, market updates and other information we consider may be of interest or benefit to you. We notify individuals and obtain consent as required at the time of collecting, or in this policy, for such information to be used by us and any associated businesses for the purposes of direct marketing. We do not sell Personal Information or use sensitive information for the purposes of direct marketing.
You can opt out of receiving our direct marketing communications at any time. We include a statement about how you can opt out in all marketing communications, including an ‘unsubscribe’ function in e-mails. Please note that if you opt-out of direct marketing communications, you may still receive (non-direct marketing) communications that are necessary for the provision of our services, or to discharge our, or our clients’ compliance obligations.
We manage our website (www.automicgroup.com.au), which contains links to third party websites. We are not responsible for the conduct of third-party website owners, and you should review their respective Privacy Policies before using their services.
We record telephone calls made to our general telephone number (+61 2 8072 1400), for training, quality and assurance purposes. Access to these recordings is strictly limited to authorised personnel. Not all telephone lines are recorded. Call recordings are generally retained for three (3) months after the call, but may be shorter (e.g. in periods of high call volumes) or longer (for example, where a complaint or dispute is received before the recording is deleted, it may be retained until the matter is resolved).
We have security measures in place at our offices, which include building access controls and may include Closed Circuit Television (CCTV) recording. We require visitors to our offices to sign-in at reception and we keep a record of visitors for a short period of time. Our visitor records including images captured by CCTV are securely stored and only accessed on a need-to-know basis (e.g. to look into an incident). CCTV recordings are typically automatically overwritten after a short period of time unless an issue is identified that requires investigation (e.g. commission of a criminal offence).
You can contact us via the details provided on the cover page of this Policy. If you are not satisfied with our use of your personal information, our response to any request by you, or if you think that we have breached any relevant privacy law, please write to us at email@example.com or any of our other contact details. We will endeavour to acknowledge a complaint within 24 hours. A decision or any decisive action arising from or in connection with the complaint will usually be reached within 30 days. If you are not satisfied with our handling of your complaint, you have the right to complain to the Office of the Australian Information Commissioner (OAIC). Please visit the OAIC website for more information; https://www.oaic.gov.au/privacy/privacy-complaints.
This policy may be updated from time to time. We will publish approved revisions on our website. Where significant changes are made, we will seek to notify impacted individuals (for example, by email, notice in our portals or via our website). Your acceptance of any such changes may be deemed by your continued use of our services.
¹ This includes compliance requirements that we mandatorily have to comply with (such as the Privacy Act 1988 (Cth)), as well as voluntary commitments that we make (such as contractual promises or company policies), together our ‘privacy obligations’.
² This policy does not apply to Personal information of Our People. For more information on this, please refer to Automic Group’s People & Culture department.
³ Section 6 of the Privacy Act 1988 (Cth), as amended from time to time.