PRIVACY POLICY

Version Control

1 THE PPA ENTITY YOU DEAL WITH IS THE CONTROLLER

The entity responsible for your personal information (the controller) will be the member of the PPA group that originally collects information from or about you.

Privacy and Data Protection is managed by the General Manager Finance (GMF) in our Brisbane office. You can contact the GMF by emailing clare@pastoralpartners.com.au.

2 OUR LEGAL BASES FOR PROCESSING YOUR INFORMATION

The legal bases on which we process personal information differ depending on the circumstances:

• Performance of a contract – some processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract. This includes delivering the services you have requested.
• Legal obligation – some processing is necessary for compliance with legal obligations that we are subject to. These include know-your-customer checks to prevent money laundering and fraudulent activities.
• Legitimate interests – some processing is necessary to meet our legitimate interests, including managing risk and improving our products and services.
• Consent – in certain jurisdictions and/or in exceptional circumstances, we may rely on your consent to process personal information where this is required by law, including (depending on the jurisdiction) to collect information about you from third parties.

These legal bases are explained in more detail in section 5.

3 WHAT PERSONAL INFORMATION WE COLLECT

We will only collect personal information from or about you in a lawful manner and where the information is reasonably necessary for one or more of our functions or activities. We will not collect any sensitive personal information (also referred to as “special categories of personal data”) about you. We will usually collect personal information about you directly from you. However, in limited circumstances, and (where required by law) with your consent, we may collect personal information about you from other sources, including:

• any third party authorised by you to provide information to us;
• your employer or a company of which you are an officer;
• publicly available sources of information, including public databases or the Internet;
• third party service providers and agents; and
• affiliates in our Group that hold information about you.

We may collect the following personal information about you:

• your personal identifiers, such as name, address, age, contact details and date of birth;
• information relating to your profession, including job title, employer, and work contact details;
• information that is required or authorised by law that applies to us or our operations including, but not limited to: the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth);
• your opinions about our products, services and/or staff;
• personal information included in any enquiries you make using any online or offline means to contact us

Our services, our premises and our websites are not intended for those 18 years old or younger without express parental
permission. We do not knowingly collect the personal information of anyone under the age of 18.

If you provide us with any third party’s personal information (e.g. personal information regarding your clients, employees, or
family members), you represent that, by sending such personal information to us for the relevant purposes, you have obtained
the relevant third party’s consent for such provision.

4 CONSEQUENCES OF NOT PROVIDING INFORMATION

In most cases, the provision of your personal information is not mandatory. However, in some circumstances – such as where we are required by law to collect certain information – if you do not provide us with some or all of the information that we ask for (or if the personal information you provide to us is not complete, accurate, true and/or correct), we may not be able to provide certain services to you or a client with whom you are associated.

5 OUR PURPOSES FOR PROCESSING YOUR INFORMATION

The purposes for which we process personal information may include:

• delivering the services clients request from us, including administering service contracts, communicating with you about contracts or services, and responding to queries (legal basis – performance of a contract);
• marketing and relationship development, including communicating with you about other services or topics we think you or your employer may be interested in, and inviting you to events (legal basis – legitimate interests);
• providing financial services to wholesale clients, including:
  • advising in relation to financial products (ACCUs), in particular derivatives contracts (legal basis – performance of a contract); and
  • dealing in financial products (ACCUs) by structuring, issuing, negotiating and settling derivatives contracts (legal basis – performance of a contract);
• managing the security and control of information and communication systems, including our websites and our offices (legal basis – legitimate interests);
• managing access to, and the security of, our premises (legal basis – legitimate interests);
• health and safety risks in relation to our employees and those attending our premises (legal basis – legitimate interests);
• complying with our obligations to detect, investigate, report and seek to prevent fraud and anti-money laundering in accordance with applicable anti-money laundering and counter-terrorism financing laws and regulations (legal basis – legal obligation);
• preventing fraud and identity theft, and keeping our clients and employees safe (legal basis – legitimate interests);
• improving our products and services, including our websites (legal basis – legitimate interests);
• carrying out any activity in connection with legal proceedings, crime or fraud prevention, detection or prosecution or any insurance claim (legal basis – legitimate interests); and
• complying with regulatory and legal obligations (legal basis – legal obligation).

6 WHEN WE DISCLOSE YOUR INFORMATION

We do not sell, trade, or rent personal information to others. However, we may need to disclose your personal information to third parties in order to meet the purposes outlined in section 5, including to:

• other entities within our Group, where necessary to provide services to our clients, to manage our contractual relationships or to manage our business;
• contractors and third-party service providers, who will process the information on our behalf for one of the purposes outlined in section 5;
• professional advisors, including accountants, auditors, lawyers, insurance advisors and advisors in connection with the administration, processing and servicing of client transactions;
• our insurers;
• other persons where required or provided for by applicable laws;
• government agencies, law enforcement agencies or regulators as authorised or required by applicable law, and to comply with requests of law enforcement, regulatory and other governmental agencies including tax institutions;
• anyone authorised by you to receive, use or access your personal information; and
• a potential or actual third-party purchaser of our business or assets, if in the future we sell or transfer some or all of our business or assets.

7 HOW WE STORE AND PROTECT YOUR INFORMATION

We keep personal information only for as long as is reasonably necessary for the purpose for which it was collected, to comply with any applicable legal requirements, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings. Usually, this will be the duration of the services plus 7 years, depending on the type of personal information in question. After information has been determined to no longer be required, personal information is either destroyed or de-identified.

We store personal information in both electronic and hard copy formats. We ensure that personal information is safe by implementing physical, electronic and procedural safeguards (including up-to-date security software), to prevent unauthorised access, use, modification, disclosure or other misuse. We take all reasonable steps to ensure that our contractors and third-party service providers protect personal information in the same way and at least to the same standard as we do, including by imposing contractual obligations to implement measures to maintain the security, confidentiality, and integrity of personal information

8 YOUR PRIVACY RIGHTS

Depending on the laws in your state of residence, you may have certain privacy rights which are granted to you by data protection laws, including the right to know what information we hold about you and the right to correct it. In some jurisdictions, you may also be able to ask us to erase your information or stop using it in a particular way or to exercise any of the additional rights described below. If you have questions about which rights apply, or to exercise any of these rights, please email our GMF at clare@pastoralpartners.com.au.

Please note, before processing your rights request, we may ask you for additional information to confirm your identity. We will not usually charge you for exercising your privacy rights, though we may impose a reasonable charge if we believe that a request is manifestly unfounded or excessive and if we are permitted by law to do so.

Further information about the rights you may be able to exercise is set out below.

Right to access

You can ask us to confirm whether or not we are processing your personal information and, if we are, you can ask us for a copy of your information. If we need to refuse all or part of your request, we will tell you why.

Right to correct

You can ask us to correct personal information about you that you think is wrong. If we do not agree, you can ask us to attach a statement of correction to the information.

Right to erase

You may have the right to request that we erase your personal information if:

• it is no longer needed for the purposes for which it was collected; or
• you have withdrawn your consent for the processing of the information (where the processing was based on consent); or
• we have accepted your objection to processing, and we have no other lawful basis to retain it; or
• it has been processed unlawfully; or
• necessary to comply with a legal obligation to which we are subject.

Right to restrict processing or sharing of your personal data

You may have the right to opt out of certain processing or sharing of your personal information with third parties, including if:

• the applicable law permits you to opt out of such processing or sharing; or
• the accuracy of the personal information is contested, to allow us to verify its accuracy; or
• the processing is unlawful, but you do not want it to be erased; or
• it is no longer needed for the purposes for which it was collected, but you still need it to establish, exercise or defend legal claims; or
• you have objected to processing, and we are still considering that objection.

Right to object

Where we are processing your personal information based on our legitimate interests, including where this involves automated decision-making, you may have the right to object to this.

Right to withdraw consent

If you have given us your consent for the processing of your personal information, you generally have the right to withdraw your consent at any time. Note that this will not affect the lawfulness of any processing of your personal information that we have carried out based on the consent before its withdrawal.

9 MAKING A COMPLAINT ABOUT PRIVACY

If you have any concerns or questions about the way we have processed your personal information, please email our GMF at clare@pastoralpartners.com.au.

We will try our best to resolve your concerns in accordance with our internal complaints resolution process. However, if you are not satisfied with the outcome of your complaint, or if you do not wish to make a complaint to us, you have the right to make a complaint to your local data protection authority:

AUSTRALIA

Office of the Australian Information Commissioner – https://www.oaic.gov.au/privacy/privacy-complaints/lodge-a-privacycomplaint-with-us

POLICY CONTROL INFORMATION