Introduction

Selfwealth Ltd (Selfwealth, we, us or our) recognise and appreciate the importance of protecting your privacy and securing your personal information. In implementing this policy Selfwealth are bound by the 13 Australian Privacy Principles and the Privacy Act 1988. This includes the Office of the Australia Information Commissioner Notifiable Data Breach (OAIC NDB). Selfwealth will, from time to time, review and update this Policy in accordance with product and service updates and incorporating regulatory, legislative and technology changes. All Personal Information held by us will be governed by the most recent Privacy Policy, posted on our website at www.selfwealth.com.au

Collection of personal information

“Personal Information” is any information or opinion about a person, from which that person may be identified. Personal identifiable information (PII) can range from standard to sensitive and confidential information, to information that is publicly available. The definition also makes clear that information can be personal information even if it is incorrect. Selfwealth does not store any sensitive PII as defined by the Australia Privacy Principles.

What Personal Information do we collect?

Selfwealth collect Personal Information as required by law to verify your identity (in accordance with the AML/CTF Legislation), to allow us to conduct our business functions and to market our products. Information we may collect includes (but is not limited to):

(a) Your name
(b) Date of birth
(c) Contact details (including phones, personal or work email and postal addresses)
(d) Bank account
(e) Tax File Number (TFN) and,
(f) Holder Identification Number (HIN) details
(g) Credit card number (aka Primary Account Number (PAN)) is only required if members are making credit card payments to Selfwealth for their premium membership subscription. Payments are handled by Payment Processing Provider (eWay) with PANs stored and processed at eWAY. Selfwealth do not store PANs.
(h) Some information associated with the Cardholder (not PAN) is stored with Selfwealth for appropriate authentication and authorisation purposes to enable the link with Payment Processing Provider eWAY.

Personal information may be collected when you:

(a) Register for our products or services;
(b) Visit our website;
(c) Download our app;
(d) Participate in our program;
(e) Request information from us or about us;
(f) Provide feedback;
(g) Complete surveys;
(h) Submit information to us through the website, solution or app; or
(i) Contact us by telephone, facsimile, Live Chat, email post or in person.

Personal information collected via our website, solution or app

We will not collect any personal information about users of our website except when they knowingly provide it or otherwise in the situations described in cause 2 above.

Collecting Information from third parties

We may also collect Personal Information about you via third parties, such as those that facilitate the use or communication of our products, services, program or activities (as the case maybe). However, we will only collect your personal information from third parties if it is not reasonable or practical to collect this information directly from you.

Click Stream Data

When you visit and browse our website, solution or app, our website host and other third parties engaged by us may collect personal information for statistical, reporting and maintenance purposes. Subject to this Privacy Policy, the personal information collected by our website host will not be used to identify you. The information may include:

(a) The number of users visiting our website, solution or app and the number of pages viewed;
(b) The date, time and duration of a visit;
(c) The IP address of your computer; or

(d) Location of the user;
(e) The path taken through our website, solution or app

Our website host uses this information to administer and improve the performance of our website.

How we use the Personal Information

Where we collect Personal information about you, we may use this information for our organisation’s primary functions and services which may include, but is not limited to:

(a) Provide you with information or services you have requested;
(b) Promote and market our Services to you;
(c) Personalise and customise your experiences on our website, solution or app;
(d) Communicate with you;
(e) Provide you with ongoing information about us in which you may be interested;
(f) Conduct research for the purposes of improving our existing services or created new services; and
(g) Give you the opportunity to receive emails and other advertising material.

If we collect and use your personal information for purposes not listed above, we will make it known to you at the time we collect and/or use your personal information.

If you choose not to provide your personal information to us for the purposes set out in this privacy policy, we may not be able to undertake certain activities for you.

Disclosing your Personal Information

Depending on the nature of your engagement with us, we may disclose your personal information to our related entities or Service partners only if needed in order to maintain the Services. This would be in accordance with our legal obligation for authentication and/or authorisation purposes.

We may disclose your personal information to other providers integral in providing online services to you. This may also include support, cooperating with law enforcement authorities in the investigation of suspected criminal violations, or if there has been a breach of this privacy policy. In the event of a complaint involving you, gathering information from you and examining your transmissions and materials on services or any networks would be necessary.

Personal Information is hosted in AWS Australia data centres.

Marketing

We may use your personal information to provide you with promotional material that may benefit you or other services offered by us. If you do not wish to receive such material, we provide you with the ability to unsubscribe from these communications.

You can contact our support team at support@selfwealth.com.au to request for you to be removed from our marketing communication.

Unless otherwise specified in this privacy policy, we will not disclose any of your personal information to any other organisation for marketing purposes unless the disclosure is required by law or is otherwise permitted by the Australian Privacy Principles (APPs).

How do I access my Personal Information?

Subject to some exceptions, you are entitled to access personal information that we hold about you. If you request access to your personal information, we will be required to verify your identity before granting your request. Where your request for personal information would unreasonably impact upon the privacy of others or is not otherwise permitted under the National Privacy Principles, Selfwealth have the right to refuse this request. If we refuse your request to access your personal information, we will provide you with reasons for the refusal.

A request for access can be made by contacting support as specified in section 10 by emailing support@selfwealth.com.au and directing attention to the privacy officer.

Updating, storage and protection of Personal Information

Protection of Information

We at Selfwealth comply with high levels of information security across all domains and we are extremely focused on the strong protection of your confidentiality, integrity, privacy, and availability at a minimum. The services we provide are regularly penetration tested both externally and internally and against all software. Selfwealth Information Security Management System (ISMS) is in place, and we have implemented a large number of security controls across the 8 domains of information security including:

(a) Security and Risk Management;

(b) Asset Security

(c) Security Architecture and Engineering

(d) Communications and Network Security

(e) Identity and Access Management

(f) Security Assessment and Testing

(g) Security Operations;

(h) Software Development Security

We take reasonable steps to ensure the personal information we collect, use or disclose is:

(a) Accurate, completed and up to date;

(b) Protected from misuse and loss;

(c) Protected from unauthorised access, modification or disclosure; and

(a) Deleted if it is no longer required by Law, for our business purpose or functions;
(d) User is allowed to update personal information

Although we have a strong Information security posture, we have adopted a continuous improvement methodology of our ISMS and Selfwealth as a Company overall.

Additional detailed information regarding the safeguarding of personal information can be viewed at: www.selfwealth.com.au/security

Updating your Personal Information

Selfwealth provide the facility to update some of your personal details via your account. However, in some instances we will request the update of your personal details in writing and may also require you to verify your identity. This is to ensure all requests for updates to personal information is received by the account owner and to assist in the protection of your personal information.

If we find that we have no further need for your personal information we may remove it from our systems. We welcome any changes to your details in order to keep our records up to date.

To update your personal information please contact support@selfwealth.com.au.
Storage and Processing of Information

Selfwealth services are hosted with Amazon Web Services (AWS) who are certified with ISO27001, PCI-DSS and many more. We run high availability with high levels of redundancy across multiple data centres using AWS availability zones in Australia only.

Some information is required to be disclosed, stored or processed by our third parties in order to provide services. All service providers that store data go through security due diligence to ensure appropriate levels of security and protection for information based on the sensitivity of the data (aka data classification).

Cookies

We use cookies to recognise your device or browser, and provide you with necessary services and/or features, and for additional purposes such as:

(a) Storing some user preferences

(b) Preventing fraudulent activity (Anti-forgery Token, etc.)

(c) Improving protection and security

(d) Delivering content helping us to analyse the performance of our services

Some cookies are deleted at the end of your browsing session, while others persist between sessions. Essential Selfwealth cookies remain on your device for up to 365 days from either your last visit or the last use of the cookie. These persistent cookies do not store sensitive information and you are within your rights to delete these cookies at any time.

Information collected in our cookies

We automatically collect information such as the following through our cookies:

(a) Connection information such as the IP address

(b) Computer information such as device, application, browser type (and plug in type) and version, operating system, or time zone browser setting

(c) Device location

(d) Credentials and security information for Authentication and Authorisation purposes

(e) URL requests made to, through, and from our site including date/time, possible page response times, errors, and other information.

Third party cookies

Approved third parties who are integrated into our services may also set cookies when you use Selfwealth services. Third parties include, providers of analytics and measurement services, social media networks, potential for advertising and caching purposes. These third parties use cookies in the process of delivering content and to perform services on behalf of Selfwealth.

Concerns regarding your personal information or this privacy policy

If you feel that your privacy has not been respected or that we have conducted ourselves inconsistently with this privacy policy in respect of your personal information, or for any other queries, or communication in relation to this privacy policy, please attention your concerns to our Privacy Officer via:

Email support@selfwealth.com.au and direct attention to the Privacy Officer

Managing your Complaint

If you make a complaint, Selfwealth will confirm receipt of your complaint within 48 hours and will aim to resolve your complaint within 5 working days. However, where this is not possible, we will contact you within this time frame to provide you with an update and an expected time frame for the issue to be resolved.

If you are not satisfied with our final response, or if you have not received a response after 30 days, you may lodge a complaint with The Australian Financial Complaints quoting:

Selfwealth Member Number: 30405

In the following ways;
Online: www.afca.org.au
Email: info@afca.org.au
Phone: 1800 931 678 (free call) 1
Mail: Australian Financial Complaints Authority, GPO Box 3, Melbourne VIC 3001

Time limits may apply to complain to AFCA and so you should act promptly or otherwise consult the AFCA websites to find out if or when the time limit relevant to your circumstances expire.