1 What personal information do we collect?
(a) When we are contacted or we provide our services, the personal information we collect may include a person’s name, contact numbers, email address, residential or business address, financial details, insurance details, credit card details and other personal data. This may include sensitive information (as that term is used in the Privacy Act).
(b) When our server is accessed, it automatically records information the browser sends when it connects to our website. This information may include:
(i) the accessing party’s Internet Protocol (IP) address, domain name, browser type and language;
(ii) information about usage and online activities (for example, by way of cookies)
including when our website is accessed, other sites accessed from our website, content upload and download and usage of the services available on our website; and
(iii) information provided through use of any downloading facilities on our website
2 How do we collect the personal information?
(a) We collect personal information:
(i) from the individual;
(ii) from you, our clients when we provide services to them. This includes personal information about your customers and clients (Your Clients);
(iii) via a file-sharing arrangement with a client and when a client provides access to their customer relationship management (CRM) and software systems and third party websites to enable us to provide the services;
(iv) when sent to us by email or other communication from third parties;
(v) from publicly available sources of information;
(vi) when we are required to do so by law; and
(vii) from our own records.
(b) We are committed to ensuring the information we have is accurate and up to date. We update personal information when we are advised there has been a change and at other times as necessary.
3 Provision of personal information to us by you and Your Clients
If you provide us with the personal information of another person (including Your Clients):
(a) you must disclose to that person that you are providing personal information (including sensitive information) to us and that the information may be disclosed offshore in accordance with clause 7; and
(b) you represent and we accept it on the basis that you represent that Client and authorised to do so and that the relevant person has consented to the disclosure to us.
4 How we use your personal information?
(a) Generally, we will collect, use and hold personal information to:
(i) provide our services, including services involving Your Clients;
(ii) facilitate our internal business operations, including the fulfillment of any legal requirements;
(iii) advise you of additional services or information which may be of interest;
(iv) provide your contact details to our partners who have agreed to provide you with any services;
(v) analyse our services and customer needs with a view to developing and improving existing and new products and services;
(vi) maintain and update our business infrastructure and systems;
(vii) compile statistical data; and
(viii) promote and advertise our business, products and services.
(b) If we do not collect the personal information we will not be able to provide the services or provide any assistance requested.
(c) If the personal information provided to us is incomplete or inaccurate, we may be unable to provide our services or our services may be adversely affected.
5 Disclosing your information
We can disclose personal information we have about you to third parties in certain circumstances including:
(a) if you or Your Client agree to the disclosure;
(b) to employees, contractors and service providers, who assist us in operating our business and providing our services and those service providers of yours that you require us to work with;
(c) If you or Your Client would reasonably be expected to consent to information of that kind being passed to a third party;
(d) using it for the purposes we collected for which it was (e.g. to provide our services correspond to a query);
(e) where disclosure is required or permitted by law;
(f) to our related entities;
(g) if disclosure will prevent or lessen a serious and imminent threat to someone’s life or health; or
(h) where it is reasonably necessary for the enforcement of the criminal law, a law imposing a pecuniary penalty or for the protection of public revenue.
6 Disclosure of personal information off-shore
(a) We provide services to you and Your Clients under our Client Services Agreement. These services are performed by our related party company incorporated in the Philippines, VBP Back Office Solutions Inc.
(b) The services include:
(i) general administration support;
(ii) updating client databases and client records;
(iii) researching clients existing financial products;
(iv) data entry and typing file notes;
(v) preparation of insurance quotes;
(vi) preparation application and lodgement of insurance, superannuation, investment and other product applications;
(vii) following up and organising where applicable medical reports, medical tests and financial reports to provide to underwriters for new insurance applications; and
(viii) preparation of client review documents, fee disclosure statement disclosure documents.
(c) To provide our services we, including VBP Back Office Solutions Inc., receive personal information from you about Your Clients. This may include sensitive information.
(d) We have security processes in place for the protection of that personal information, including supervising staff, specialist security software, disabling flash-drives, staff training, use of password protection, employee investigation software.
(f) VBP will do all things necessary to ensure that VBP Back Office Solutions Inc., as a recipient of personal information, is subject to and complies with its obligations under the Privacy Act and Australian Privacy Principles, which include in particular, Australian Privacy Principle 8 – cross-border disclosure of personal information.
7 Considerations when you send information to us
(a) While we do all we can to protect your privacy and the privacy of Your Clients, including investing in specialist security software, no data transfer over the Internet is 100% secure.
(b) If you or Your Clients provide personal information to us electronically, there are ways you and Your Clients can help maintain the security of the information. These include:
(i) always close your browser when you have finished your user session;
(ii) do not provide personal information by using a public computer;
(iii) never disclosing your user name and password to another person; and
(iv) not sending information to a VBP employee’s email or other web-based mail account, or any other means of transferring client information other than through file sharing applications (e.g. Dropbox) specifically provided and approved by VBP.
(c) You are responsible for all actions taken using your username, email or password. If at any time you believe your username or password have been compromised, change your password and contact us immediately.
(d) If we suspect that there is a data breach leading to the protection of personal information stored or held by us being compromised, we will implement a data breach response plan, which will include:
(i) notifying you and Your Clients that may be affected by such a breach;
(ii) if necessary, notifying the relevant regulatory authorities of a suspected breach, which may include the Office of the Australian Information
Commissioner (OAIC) and the Australian Federal Police; and
(iii) undertaking appropriate remedial action, depending on the type, amount and nature of the personal information that is at risk. In the implementation and carrying out of the data breach response plan, we will refer to the OAIC’s Data breach notification: a guide to handling personal information security breaches publication. Our Privacy Officer will be primarily responsible for developing and implementing such
response plan and may require the assistance of VBP staff, its agents and external assistance in doing so, depending on the nature, extent and impact of the suspected breach.
8 How your information is stored
(a) We take reasonable steps to securely store personal details and information. This includes electronic and physical security measures.
(b) When the personal information that we collect is no longer required, we destroy or delete it in a secure manner.
9 How you can update, correct, or delete your personal information
(a) You and Your Clients have a right to request access to personal information which we hold about you and Your Clients and to ask us to correct it if you believe it is inaccurate or out of date.
(b) You and Your Clients may request the source of any information we collect from a third party. We will provide this at no cost, unless under the Privacy Act or other law there is a reason for this information being withheld.
(c) You or Your Clients may request access to your personal information or correct any inaccurate or out of date information by contacting our Privacy Officer on firstname.lastname@example.org.
(d) If there is a reason under the Privacy Act or other law for us not to provide you or Your Clients with information, we will give you or Your Clients a written notice of refusal setting out:
(i) the reasons for the refusal except to the extent it would be unreasonable to do so; and
(ii) the mechanisms available to you to complain about the refusal.
(e) you or Your Clients should also contact us immediately if:
(i) someone has gained access to you or Your Client’s personal information;
(ii) we have breached our privacy obligations or your or Your Client’s privacy rights in any way; or
10 Your authority and opting out
(b) We do not use personal information of Your Clients for marketing purposes.
(c) If at any time you no longer wish to receive any additional marketing material from us or do not want your information disclosed for direct marketing purposes, email email@example.com and we will remove your details from our marketing database.
(d) If you close your account or opt out, we will remove or de-identify personal information as soon as reasonably possible. We may, however, retain personal information for as long as is necessary to comply with any applicable law, for the prevention of fraud, for insurance and governance purposes, in our IT back-up, for the collection of any monies owed and to resolve disputes.
11 Limitation of liability
(a) To the extent permissible by law and subject to our obligations under the Privacy Act, we will not be liable to you or to any third party for any loss or damage (including but not limited to consequential loss or loss of profits) or claim arising from our collection, disclosure, management and use of personal information in accordance with this policy.
(b) Where liability is not able to be excluded by law, to the extent allowed by law and without limiting your rights under Australian Consumer Law, our liability to you in any circumstances will be limited to re-performance of any services we have provided to you.
(c) Links on our website or websites we set up for you may take you outside our network. These links are provided in good faith. However, we are not responsible for third party sites and accept no responsibility for the content, accuracy, security or function of third party sites.
(d) We endeavor to ensure that any complaints about privacy breaches will be dealt with quickly, seriously and confidentially. To help us investigate your complaint quickly and efficiently we will ask you or Your Client(s):
(i) put your complaint in writing; and
(ii) provide us with your name and contact details, the nature of the complaint, any information that may assist with the complaint, any copies of any
documentation which supports your complaint and the outcome(s) that you seek.
(e) Our Privacy Officer is able to:
(i) acknowledge receipt of and read your complaint;
(ii) investigate your complaint, having regard to the information you have provided us and any other information which may be available, that could
assist us in investigating your complaint, including requesting further information from you;
(iii) notify you of our findings and any actions we may have taken or propose to take in regards to your complaint;
(iv) if possible, discuss options to resolve the problem or dispute arising; and
(v) provide you with information on how to make a complaint to the OAIC if you are unhappy with the outcome of the investigation.
(f) More information about your rights and our obligations in respect to privacy and information on making a privacy complaint are available from the OAIC by:
(i) website – www.oaic.gov.au;
(ii) mail – GPO Box 5218 Sydney NSW 2001; or
(iii) email – firstname.lastname@example.org.