PADUA is committed to providing quality financial technology services to you and this policy outlines our ongoing obligations in respect of how we manage your Personal Information.
We have adopted the National Privacy Principles (NPPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The NPPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information.
A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Federal Privacy Commissioner at privacy.gov.au.
What is Personal Information and why do we collect it?
Personal Information is information or an opinion that identifies an individual. Examples of Personal Information we collect include: names, business addresses, email addresses, business phone and facsimile numbers.
This Personal Information is obtained in many ways including through our websites https://www.paduafinancialgroup.com.au and https://roma.padua.net.au as well as by telephone and facsimile, by email, from your website and from third parties (for example your Dealer Group/Licensee).
We collect your Personal Information for the primary purpose of providing our services to you. We may also use your Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure. You may unsubscribe from our mailing/marketing lists at any time by contacting us in writing.
When we collect Personal Information we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.
Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.
Sensitive information will be used by us only:
- For the primary purpose for which it was obtained
- For a secondary purpose that is directly related to the primary purpose
- With your consent; or where required or authorised by law.
Where reasonable and practicable to do so, we will collect your Personal Information only from you. However, in some circumstances we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.
Disclosure of Personal Information
Personal Information may be disclosed in a number of circumstances including the following:
- Third parties where you consent to the use or disclosure; and
- Where required or authorised by law.Where required or authorised by law.
Security of Personal Information
Your Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorised access, modification or disclosure.
When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Information. However, most of the Personal Information is or will be stored in client files which will be kept by us for a minimum of 7 years.
Access to your Personal Information
You may access the Personal Information we hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access your Personal Information, please contact us in writing.
PADUA will not charge any fee for your access request, but may charge an administrative fee for providing a copy of your Personal Information.
In order to protect your Personal Information we may require identification from you before releasing the requested information.
Maintaining the Quality of your Personal Information
It is an important to us that your Personal Information is up to date. We will take reasonable steps to make sure that your Personal Information is accurate, complete and up-to-date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.
Collection of Usage Data
PADUA utilise analytics software to collect and analyse application usage data. Our analytics software provider uses browser cookies to collect information about your use of ROMA including your IP address, any non-personal information and the pages, features and functions you use. It may also track how you submit a request through ROMA, how long this takes and how many steps you used. We also collect information on what types of advice you are providing and the strategies, platforms and investments you are recommending. Our analytics software provider will store this information on their servers for the purposes of analysing the data and producing reports for PADUA detailing usage. This assists in improving the quality of our services to you and helping us to measure and understand how our services are used. This data may also be passed onto third parties for marketing purposes. PADUA will share a randomly generated identifier with our analytics software provider for the purposes of identifying you, however, only PADUA will be able to correlate Application Usage and Marketing information with your Personal data.
Responding to data breaches
A data breach occurs when there is a misuse, unauthorised access or disclosure of personal information. In the event of a data breach, PADUA will undertake an analysis and assessment of the breach and will take all necessary steps to prevent future breaches. Each breach will be dealt with on a case-by-case basis, however, we will follow the below framework as a guide:
- Contain the breach and perform a preliminary assessment
- Contain the breach
We will immediately take whatever steps are necessary to contain the breach. This make include disabling compromised accounts, shutting down or restricting access to systems and any other physical/digital methods needed.
- Initiate a preliminary assessment
We will appoint someone to lead the initial assessment. The initial assessment will include drafting a list of what personal information was compromised, identifying the cause of the breach, determining the extent of the breach, the harm to affected individuals and how to further contain the breach.
- Consider who should be notified immediately
We will determine who needs to be made aware of the breach both internally and externally if required. The matter will be escalated internally as appropriate to PADUA’s Privacy Officer.
- Contain the breach
- Evaluate the risks associated with the breach
In assessing the risks the following factors will be considered:
- The type of personal information involved
- The context of the affected information and the breach
- The cause and extent of the breach
- The risk of serious harm to the affected individuals
Once the particular circumstances of the breach have been established, we will determine whether to notify the affected individuals and if so when and how the notification should occur and what information should be included in the notification. We will also consider who else (other than the affected individual/s) should be notified.
- Prevent Future Breaches
The final step in responding to data breaches is to take the time to investigate the cause of the data breach and to consider whether a prevention plan should be put in place to ensure there are no similar types of breaches in the future.
This Policy may change from time to time and is available on our website.
1300 162 892