Privacy Policy

last updated : 20 March 2024
A1.1 Introduction

This Policy outlines how we manage personal information and safeguard the privacy of our clients.

A1.2 References

This Policy has also been developed with reference to:

  • The Privacy Act 1988 (Cth) (PrivacyAct);
  • The Australian Privacy Principles (APPs), contained within the Privacy Act; and
  • The Australian Privacy Principles Guidelines (July 2019).

A1.3 What personal information is collected?

We only collect personal information that is reasonably necessary for us to provide our clients with financial services and to administer them.  The kind of personal information we collect and hold will depend upon the type of services requested by our clients and may include:

  • information given by our clients or their advisers or service providers when they request a service from us. This information may include an individual’s name, date of birth, address, contact details and relevant identification documents;
  • communications between us and our clients’ financial, legal or other adviser, including their broker or other agent;
  • transactional information about the use of a service;
  • in some cases, sensitive information obtained with an individual’s consent or otherwise where required or permitted by law (e.g. in relation to anti-money laundering laws);
  • information such as an individual’s name, address and date of birth where an investor or borrower has listed that individual as a beneficial owner or other related party in connection with the investment or loan;
  • information regarding website interactions with us (eg the sections or features of our website that an individual has visited or used). This information will be anonymous unless an individual is logged into our site.

A1.4 How is personal information collected?

We collect personal information in a number of ways including:

  • directly from individuals and clients (including via financial, legal, or other advisers, or broker or other agents connected to a client), such as when completing an application form
  • from an investor or borrower where they have nominated a certain individual as a beneficial owner or other related person in connection with the investment or loan;
  • from publicly or commercially available sources for the purpose of complying with customer due diligence obligations under relevant legislation (e.g. anti-money laundering laws

A1.5 What if certain information is not provided?

If we are provided with an incomplete application, we may not be able to provide any services until the application is complete.

If a client chooses not to disclose their Tax File Number (TFN), TFN exemption or Australian Business Number (ABN), we may have to deduct tax at the highest marginal rate (plus the Medicare levy) from distributions or income payments.

If an individual chooses not to disclose their account details or correctly answer verification questions, we may not be able to provide services requested.

A1.6 How do we use and disclose personal information?

We may collect, use and disclose an individual’s personal information for the primary purpose of providing the services requested by our clients, as well as for related purposes such as:

  • to verify an individual’s identity or transactions which our client may enter into with us (including the identities of third parties connected with a client’s application for products and services, such as beneficial owners, where applicable);
  • to process applications for our services;
  • to administer and manage the provision of our services;
  • to respond to queries, complaints or to provide general customer services;
  • to provide our client, their asset consultant, custodian, administrator or legalor other adviser details of their investments;
  • to provide offers of other services and to improve and personalise our products and services;
  • to comply with laws and regulatory requirements, including anti-money laundering, financial services and taxation laws, or complying with any request made by a governmental authority in connection with legal proceedings or the prevention or detection of fraud and crime;
  • to comply with our risk management policies and procedures;
  • to conduct service and market research;
  • to train our staff; or

We may disclose personal information to;

  • our client’s asset consultants or other adviser;
  • professional service firms that provide services to us, such as, legal, audit or data/ information services;
  • electronic identity verification service providers, in order for identity information (about an individual or related persons connected with a client’s investment/product to be verified against relevant government and other databases, for the purpose of complying with anti-money laundering laws); and
  • otherwise in accordance with this policy and the APPs.

A1.7 Overseas disclosures

We may disclose personal information collected in Australia to recipients in foreign countries, but only do so where we have disclosed to users of our website the location of those recipients; and in circumstances where the overseas recipient is subject to a law, or binding scheme, that has the effect of protecting the information in a way that, overall, is at least substantially similar to the way the APPs protect the information, and mechanisms can be accessed by the individual to enforce that protection of the law or binding scheme; or in circumstances where we enter into an enforceable contractual arrangement with the overseas recipient that requires the recipient to handle the personal information in accordance with the APPs (other than APP1).  In some cases, we may utilise 'Cloud' storage solutions for data storage purposes, and the relevant servers may be located overseas.

A1.8 Use of service providers

We may contract out some of our administrative and support functions such as mailing, settlement services, unit registry services, document and data storage, background checking or identity verification to external service providers from time to time. Only information necessary for the service provider to carry out their function will be provided and will be subject to confidentiality clauses in the relevant services agreement.

A1.9 Keeping us up-to-date

Personal information such as contact details may change from time-to-time and we ask that our clients and individuals keep us informed of any changes by notifying us.

Where information has been previously provided about another person related to a client’s investment/product (such as a beneficial owner),and the information is no longer current, the client must provide up-to-date information.

Changes to some details, such as a change of name, may require additional documentation to verify the change. Additionally, some changes may be required to be made on a specific form.

A1.10 Storage and security of information

We store personal information in a combination of computer storage facilities, paper-based files and other records.  These are held on our premises and systems as well as offsite using 'Cloud' service providers for data storage and management purposes, which may be located overseas. We maintain effective control of the information under contractual arrangements.

We will take reasonable steps to protect personal information from loss, interference or misuse, and unauthorised access, modification or disclosure, and that any service provider we rely on takes similar steps.

Where personal information is no longer required to be retained, we will take such steps as are reasonable in the circumstances to de-identify the information or put it beyond use.

A1.11 Openness

This document sets out our policy on the management of personal information and is made freely available on our website, or in hardcopy if requested.

A1.12 Access and correction

Generally, we provide individuals with access to their personal information that we hold, unless a particular exception applies, such as where:

  • it would be unlawful to provide the information
  • providing access would be likely to prejudice an investigation of possible unlawful activity;
  • the information is relevant to legal proceedings and would not be accessible in the normal discovery process;
  • giving access would have an unreasonable impact on the privacy of other individuals;
  • it would pose a serious and imminent threat to the life or health of any individual; or
  • the request is frivolous or vexatious.

If a request for access would divulge a commercially sensitive decision-making process, then we may provide an explanation rather than direct access to the information.

If we become aware that the personal information we hold about an individual is inaccurate, incomplete, misleading or irrelevant, then we will take reasonable steps to amend it.  If we receive a request from an individual to correct their information, then we will seek to correct it within 30 days.  If we disagree with an individual about the accuracy, completeness or currency of our records, then they have the right to request that we note their disagreement on those records.

A1.13 Identifiers

We do not use any government-issued identifiers (such as TFNs, Medicare numbers and Drivers Licence numbers) for use as our own identifier for individuals.  Instead, we create our own unique identifiers such as investor numbers and account numbers are used to identify individuals.

A1.14 Anonymity and pseudonymity

Given legal requirements on financial institutions to identify their customers, in most situations we cannot allow transactions on the basis of anonymity (including the use of a pseudonym).  Access to our public website, may be done anonymously, or in the case of general enquiries, using a pseudonym. However, we may not be able to respond to queries unless we are provided with certain information.

A1.15 Digital Marketing

We will not use personal information for direct marketing purposes unless:

  • we have obtained consent, or the individual would reasonably expect us to use their personal information for direct marketing purposes; and
  • we have provided the individual with a simple means to 'opt-out' from receiving direct marketing; and
  • we have not received such a request from the individual.

We will not use any sensitive information for direct marketing purposes.

A1.16 Use of our website

A1.16.1 Website analytics

Our web analytics providers use "cookies" and in some cases "clear gifs/web beacons" to collect information.

A1.16.2 Cookies

Cookies are pieces of information that are transferred to a computer when a person visit a website so that sites can record usage and, in some cases, provide tailored content or targeted advertising.  Most web browsers are set to accept cookies, or they can be rejected.  However, if all cookies are rejected, some parts of the website may be inaccessible.

A1.16.3 Clear gifs

Clear gifs (also known as web beacons) are used in combination with cookies to help us understand how visitors interact with our website.  A clear gif is typically a transparent graphic image (usually 1 pixel x 1 pixel) that is placed on a site. The use of a clear gif allows us to measure the actions of the visitor opening the page that contains the cleargif.

A1.17 Contacting us

The Compliance Officer may be contacted regarding any questions in relation to this Policy:

Nick Reeves

contact@bluesana.com.au

A1.18 Complaints about privacy

Clients may raise any concerns about any breach or potential breach of their privacy, by contacting the Compliance Officer and we will make every effort to resolve the complaint internally.

To make a complaint:

  • Write to the Compliance Officer at contact@bluesana.com.au
  • We will attempt to respond within 30 days from receipt of a request

The complaint may also be taken to the Office of the Australian Information Commissioner (OAIC)

For more information on how to lodge a complaint with the OAIC, please contact the OAIC hotline service on 1300 363 992 or email enquiries@oaic.gov.au

A1.19 Changes to our Privacy Policy

We may make changes to this policy from time to time for any reason and we will update our website in a timely manner.

A1.20 Training & Awareness

The Compliance Officer is responsible for ensuring that all Staff are aware of the requirements in this Policy.

A1.21 Non-compliance

Instances of non-compliance with this Policy must be reported under our Incidents & Breaches Policy & Process.  Intentional non-compliance is considered serious and may result in disciplinary action including dismissal.

A1.22 Reporting

The Compliance Officer must report to the Board periodically on any privacy complaints under this policy as well as any instances of non-compliance.

contact@bluesana.com.au
BlueSana Pty LtdAustralia Square
Level 43 - 264/278 George St
Sydney NSW 2000
support@bluesana.com.au
BlueSana Pvt Ltd123 Elm Street
Wattle Grove, NSW 2000
Australia

BlueSana is a Corporate Authorised Representative (CAR No 1308973) of Avenir Capital Pty Ltd (ACN 150 790 355).  
Avenir holds an Australian Financial Services Licence (AFSL 405469)
©2023 BlueSana Pty Ltd., All rights reserved.Platform User AgreementPrivacy policy
©2024 BlueSana Pty Ltd., All rights reserved.
Terms of usePrivacy policy