Privacy Policy
Privacy Statement
Laguna Bay Group Pty Ltd (and all its subsidiaries including LBPC Services Pty Ltd ABN 56 168 904 916, AFS licence: 461135, and its authorised representatives) (the Company, we, our, us) is committed to treating any personal information it collects in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth). Individuals have statutory rights to bring action for serious invasions of privacy under Australian law. The Company is committed to upholding these rights by ensuring that its collection and use of information does not intrude on privacy or misuse private information
This Privacy Statement sets out how your personal information is collected and handled by the Company. The Company has a more detailed Privacy Policy which it will provide a copy of if requested.
Kinds of personal information the Company collects and holds
The Company will only collect personal information which is reasonably necessary for it to issue interests in its financial products and operate its financial services business. Such information may include:
- personal and contact details – this may include your name, address, email address, phone number, and date of birth);
- Australian and foreign government identifiers and identity documents – this may include government identity documents and identifiers such as tax identification number and country of tax residency, passport and driver licence details to verify your identity;
- educational qualifications, employment history, salary and referee reports;
- sensitive information related to your criminal history only where it is relevant to our regulatory and/or legal obligations; and
- publicly available information such as from online forums, websites, or other social media or from public registers (for example, those kept by the Australian Securities and Investments Commission).
It is our policy to never knowingly collect or hold information about any person under the age of 13.
Can an individual remain anonymous when dealing with the Company?
Given the nature of the Company’s financial products and services, other than providing general publicly available information, it is not practical for the Company to deal with individuals who wish to remain anonymous or would prefer to identify themselves only by way of pseudonym.
How the Company collects and holds personal information
When collecting, using or disclosing personal information, the Company will take such steps as are reasonable in the circumstances to ensure that the information is accurate, up-to-date and complete.
The Company will only collect personal information in a lawful and fair manner. Wherever possible, personal information will be collected directly from the individual, unless it is unreasonable or impractical to do so. It is not expected that the Company will collect sensitive information (e.g. health information), but if it is collected, it will only be done where the individual consents to the collection of that information.
If the Company receives unsolicited personal information it will, within a reasonable period of time, assess whether it would otherwise have been entitled to collect the information in accordance with its Privacy Policy. If the personal information could have been collected by the Company, it will ensure that its Privacy Policy is complied with in respect of that information and it will notify the individual:
(a) that the unsolicited personal information has been collected;
(b) of the circumstances of that collection; and
(c) provide access to a copy of its Privacy Policy.
If the personal information could not have been collected by the Company, it will destroy the information or ensure that the information is de-identified.
At or before the time or, if that is not practicable, as soon as practicable after, the Company collects personal information about an individual, the Company will ensure the individual is aware:
(a) of the Company’s identity and its contact details;
(b) that the collection of personal information is permitted by the Company under the Corporations Act 2001 and the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 and/or a particular court/tribunal order;
(c) of the purpose for which the Company collects the personal information;
(d) of the main consequences (if any) for the individual if all or some of the personal information is not collected;
(e) of any other entity (or type of entity) to which the Company generally discloses the personal information it collects;
(f) that the Company’s Privacy Policy contains information about how the individual may:
(i) access and seek correction of the personal information about the individual that the Company holds; and
(ii) complain about a breach of the APPs and how the Company will deal with such a complaint; and
(g) of whether the Company is likely to disclose the personal information to overseas recipients.
Unless permitted by law, the Company will not adopt a government related identifier (e.g. a tax file number) of an individual as its own identifier and it will only disclose such identifiers for the purposes of verifying the identity of the individual, or as permitted by law or as is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
The Company will ensure that in relation to any personal information it holds that it will take technical and organisational security measures to protect the personal information, which include, physical controls (for example, security passes to enter our offices and storage of physical records in lockable cabinets), technological controls (for example, restriction of access, firewalls, and the use of encryption, passwords, multi-factor authentication and digital certificates) and organisational controls (for example staff training on cyber security and the handling of personal information).
We aim to keep personal information only for as long as we need it – for example for business or legal reasons. When we no longer need information, we take reasonable steps to destroy or de-identify it.
Why the Company collects, holds, uses and discloses personal information
The Company collects, holds, uses and discloses personal information for the purposes of issuing its securities and operating its financial services business. This includes administering its registry of members (via an external service provider), providing financial services and communicating with Unitholders and other relevant parties.
Where the Company collects an individual’s personal information for a particular purpose (i.e. the primary purpose), it will not use that information for another purpose (i.e. a secondary purpose) unless the individual has consented to the use or disclosure of that information or:
(a) it would be reasonably expected that the information would be disclosed for a secondary purpose which is related to the primary purpose (and in relation to sensitive information for a secondary purpose which is directly related to the primary purpose); or
(b) the use or disclosure of the information is legally required, specifically authorised by the APPs or reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
The Company will record in writing circumstances where it uses or discloses personal information for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
Personal information collected by one entity within the Company group may be used by another entity within the group provided that the personal information is held, used and disclosed for the same primary purpose.
How the Company may Share your Personal Information
The Company may share your personal information with other parties including:
(a) your referees;
(b) personnel within the Company and Company group and our professional advisors, e.g. auditors, lawyers and consultants;
(c) our agents, third party contractors and suppliers that assist us with providing our business products and services;
(d) the Australian Taxation Office or other government authorities or agencies as required by law; and
(e) other parties when you ask us to do so or when you consent to that disclosure.
The Company will never disclose personal information with the intention to cause harm or harassment. Malicious release of personal information (‘doxxing’) is prohibited and may attract criminal penalties.
If the Company uses or discloses personal information for direct marketing purposes, it will include a simple and free means of ‘opting-out’ of receiving future direct marketing material and it will ensure that it respects such requests, within a reasonable period of time and notifies any other organisation it is using to facilitate the direct marketing. If the Company has not collected the personal information directly from the individual, the ‘opt-out’ statement will be prominent. The Company will not use sensitive information for direct marketing purposes.
If the Company uses personal information provided by a source other than the individual for direct marketing purposes, the individual may request the Company to provide details of the source of the information. The Company will provide this information free of charge and within a reasonable period of time.
If the Company uses the personal information for direct marketing purposes, it will ensure that it complies with the requirements of the Do Not Call Register Act 2006, the Spam Act 2003 and the Corporations Act 2001.
Where the Company uses automated systems to make decisions that may have a significant impact on individuals, we will provide information on the logic involved, the significance, and possible consequences. Individuals will be informed of their right to request human review.
How an individual may access and seek correction of personal information held by the Company
Generally, the Company will provide an individual with access to their personal information in a manner they request and within a reasonable period of time after the request is made. An individual can request the Company to correct any personal information it holds about that individual.
To apply for access or to request a correction to personal information, contact the Privacy Officer by:
| Writing to: | Privacy Officer, PO Box 2007, New Farm QLD 4005 | |
| Visiting: | Level 1, 69 Robertson Street, Fortitude Valley QLD 4006 | |
| Calling: | +61 7 3062 2514 | |
| Emailing: | [email protected] |
There are no charges for an individual requesting access to personal information. However, the Company may charge a fee to provide access, provided that such fee is not excessive.
As set out in the APPs, some exceptions apply. If the Company relies on one of the exceptions or is unable to provide the personal information in the manner requested by the individual, it will take such steps (if any) as are reasonable in the circumstances to give access in a way that meets the needs of both the Company and the individual and it will provide a written notice setting out:
(a) the reasons for the refusal except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so; and
(b) the mechanisms available to complain about the refusal; and
(c) any other relevant matter.
Having regard to the purpose for which the personal information is held, if the Company is satisfied that the information is inaccurate, out of date, incomplete, irrelevant or misleading or a request is received from an individual, the Company will take such steps as are necessary to correct that information. This will be done free of charge within a reasonable period after the request has been made. If the Company has provided that information to a third party, the individual may request the Company to notify that third party of that correction.
If the Company refuses to correct an individual’s personal information it will provide a written notice to the individual setting out:
(a) the reasons for the refusal except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so; and
(b) the mechanisms available to complain about the refusal; and
(c) any other relevant matter.
If the Company refuses to correct an individual’s personal information and the individual requests the Company to associate a statement that the information is inaccurate, out of date, incomplete, irrelevant or misleading with that information, the Company must take such steps as are reasonable in the circumstances to associate the statement in such a way that will make the statement apparent to users of the information. This will be done free of charge within a reasonable period after the request has been made.
Obligations in the event of a data breach
The Company is required to undertake the following for a data breach:
(a) Contain it and take appropriate remedial action (e.g. changing passwords, blocking access or remotely erasing data from a lost device).
(b) If there are grounds to suspect an ‘eligible’ data breach has occurred, undertake a reasonable and expeditious assessment (within 30 days).
(c) If it is found that an ‘eligible’ data breach has occurred, affected individuals and the Office of the Australian Information Commissioner will be notified promptly.
(d) ‘Eligible’ data breaches occur when:
(i) there is an unauthorised access to, disclosure of, or loss of personal information;
(ii) ‘serious harm’ to one or more individuals is a likely result (this is an object ‘reasonable person’ test); and
(iii) the likely risk of ‘serious harm’ has not been prevented with remedial action.
(e) ‘Serious harm’ can be psychological, emotional, physical, reputational, or other forms of harm.
How an individual can complain about a breach of the APPs and how the complaint will be dealt with
An individual may complain to the Company about a breach of the APPs by the Company by contacting the Privacy Officer by:
| Writing to: | Privacy Officer, PO Box 2007, New Farm QLD 4005 | |
| Visiting: | Level 1, 69 Robertson Street, Fortitude Valley QLD 4006 | |
| Calling: | +61 7 3062 2514 | |
| Emailing: | [email protected] |
The complaint will be handled in an appropriate, timely and courteous manner.
The Office of the Australian Information Commissioner has powers to issue compliance and infringement notices related to privacy breaches. Individuals may also seek redress through the courts for serious invasions of privacy.
Is the Company likely to disclose personal information to overseas recipients?
The Company may disclose personal information about you to an overseas recipient in the course of providing our services. Before doing so, the Company will:
(a) take reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to your information, including by implementing contractual safeguards or other legally enforceable arrangements that provide comparable privacy protections;
(b) confirm whether the recipient is located in a country that has been included on any “adequacy” or “whitelist” of jurisdictions published or endorsed by the Office of the Australian Information Commissioner (OAIC), in which case disclosure may proceed under that recognised framework; and
(c) where no such framework applies:
(i) ensure that appropriate risk assessments and technical and organisational measures are in place to protect your personal information; and
(ii) obtain your informed consent before disclosure, unless otherwise permitted or required by law.
The Company will not disclose personal information to an overseas recipient if there are reasonable grounds to believe that the recipient will handle the information in a manner inconsistent with the APPs.
