PRIVACY AND INFORMATION SECURITY POLICY

FORTRESS FINANCIAL PTY LTD Trading as FORTRESS FAMILY OFFICE ACN 124 206 999

This policy explains how Fortress Financial Pty Ltd ACN 124 206 999 (Fortress Family Office) maintains confidentiality and privacy for its clients. This policy is divided into two parts:

Part A is our privacy policy. It explains how Fortress Family Office or its representatives may collect, use, hold and disclose personal information, how clients may access and update personal information, and procedures for dealing with complaints about privacy.
Part B relates specifically to the tax (financial) advisory services provided by Fortress Family Office or its representatives. It explains the limited circumstances in which Fortress Family Office may disclose information in relation to the affairs of a client to third parties, in connection with the provision of tax agent services.

PART A – PRIVACY POLICY

At Fortress Family Office, we respect your privacy and we are committed to protecting your personal information in accordance with our legal obligations.

WHAT IS PERSONAL INFORMATION

The Privacy Act 1988 (Cth) (the Act) contains Australian Privacy Principles (the APPs). The APPs apply to the use of personal information.

Personal information is information or an opinion (whether true or not) that identifies or may allow others to identify you, for example your name, residential address, email address, and financial information.

Sensitive information is a particular type of personal information. Examples of sensitive information include health information, information about a criminal record and membership of a professional body.

WHAT KIND OF PERSONAL INFORMATION DO WE COLLECT AND HOLD

We will generally collect personal information which is reasonably necessary to enable us to provide you with the services you engage us to provide. Typically, this may include the following information:

Your name, age and gender;
Your address and other contact details;
Your employment details and history;
Information about the advice you seek and other advice that may be reasonably relevant;
Details of your objectives, financial position and needs;
Your tax file number;
Information relating to any liabilities, obligations or entitlements you or any related entity have or may have under a taxation law; and
Other relevant information about your personal circumstances.

OBTAINING CONSENT TO THE COLLECTION OF PERSONAL INFORMATION

Generally, we will obtain your consent to the collection, use and disclosure of your personal information as soon as reasonably practicable after you contact us or when you engage us to provide a service.

If you provide us with your personal information in any manner other than as described in this privacy policy, you agree that we may use it on the terms set out in this privacy policy. You may alter or withdraw your consent at any time by notifying us in writing that you wish to do so, however we may not be able to provide you with the tax agency or financial service you seek if you do so alter or withdraw your consent.

We will seek your consent before we collect sensitive information about you, unless the information is reasonably necessary for us to carry out our role or the collection is otherwise authorized or required by law.

If you provide us with personal information about other persons, you must provide them with a copy of this privacy policy and obtain their consent to our use of their information in accordance with our privacy policy before you disclose the information to us.

COLLECTING AND HOLDING YOUR PERSONAL INFORMATION

Unless impracticable or unreasonable to do so, we will collect information directly from you. You may provide information to us in person, by telephone, by email, by fax or by mail. Communications by telephone and in conference may be recorded (whether or not we provide a specific alert). Where practical and legally permissible to do so, you may choose to provide information to us anonymously or by using a pseudonym.

We may also collect your personal information from third parties such as your employer, insurer, credit organisation, financial institution, legal adviser or medical professional. In such circumstances, we will take reasonable steps to let you know we have obtained your personal information, unless it is obvious from the circumstances that you know or would reasonably expect us to have the information.

We may hold your personal information in hard copy form or as electronic data in our software or systems. Personal information will also be held in cloud computing systems by arrangement with third party cloud service provider(s), or similar types of electronic storage.

We will take reasonable steps to ensure that your personal information is stored securely and kept confidential, in accordance with our obligations under the APPs.

If you would like us to update or correct your personal information, please notify us in writing. We will either take reasonable steps to correct the information as requested or notify you that we do not intend to do so, together with the reasons for our decision.

We may also make changes to your personal information from time to time if we feel that it is inaccurate, out of date, incomplete, irrelevant or misleading.

If you do not provide the information we request, or if the information which you provide is incomplete or inaccurate, we may not be able to provide you with the financial services you seek.

When we no longer need your personal information, then provided that we are not legally bound to retain the information, we will destroy records containing the information by reasonably secure means or de-identify your personal information.

PURPOSES FOR WHICH WE MAY COLLECT, HOLD, USE AND DISCLOSE YOUR PERSONAL INFORMATION

We may generally use and disclose your personal information for the primary purpose for which it was collected, for any related secondary purpose for which you would reasonably expect us to use or disclose the information, as permitted by this privacy policy or as permitted or required by law.

The primary purpose for which we may collect, hold, use and disclose your personal information is to provide you with financial services you engage us to provide. Typically, information is collected and used for the purpose of identifying your relevant circumstances (including your objectives, financial situation and needs), investigating financial products which may achieve your objectives, providing you with advice about financial products, implementing recommendations you accept, and dealing in financial products on your behalf.

Examples of secondary related purposes for which you agree that we may disclose your personal information include:

disclosure of the provision of financial services to you, such as to superannuation fund trustees, financial institutions, insurance providers, stock brokers, stock exchanges, product issuers and technical teams;
disclosure to your professional advisers if and when required;
disclosure to our authorised representatives, contractors or other persons as required to provide services to you; and
disclosure or transfer of information to any third-party data services supplier that we engage from time to time to manage, process or store information electronically (such as cloud computing service providers).

From time to time, we may have a duty to make disclosure. If we are under a duty to make disclosure, we are permitted to disclose your personal information in order to satisfy our duty, whether or not you give us permission to do so. A duty to make disclosure may arise expressly or impliedly. Merely by way of example we may be required to disclose your personal information:

to an insurer where required by a contract of insurance;
to a regulator, government agency or enforcement body;
by a subpoena or other compulsory process of a court, tribunal or authorised body.

UNSOLICITED INFORMATION

If we receive personal information about you which we did not request, we will assess the information to decide if it is reasonably necessary for our functions or activities. If we decide that it is, we will use it in accordance with this privacy policy. Otherwise, we will destroy or de-identify the information, provided that it is lawful and reasonable to do so.

USE OR DISCLOSURE OF YOUR PERSONAL INFORMATION FOR DIRECT MARKETING

We may use or disclose personal information which you provide directly to us for the purpose of providing you with marketing material and information of interest, unless you tell us that you do not wish to receive such communications.

We may only use personal information which we not have received directly from you for the purpose of direct marketing if you have consented to our use for such purpose or if it is impracticable for you to provide that consent. We will not, however, use sensitive information about you for the purpose of direct marketing without first obtaining your consent to do so.

You may request not to receive direct marketing communications from us at any time by advising us in writing at our address as set out below.

ACCESS TO YOUR PERSONAL INFORMATION

You may request access to your personal information at any time by providing us with a written request. We will respond to your request within a reasonable time after we receive it, and we will give you access to your information in the manner requested by you, if it is reasonable and practicable to do so. We may impose a reasonable charge for providing you with such access.

In certain circumstances we may refuse to give you access to your personal information, for example where such access would have an unreasonable impact on the privacy of others, would be unlawful, or if we reasonably believe that giving access may pose a serious threat to the life, health or safety of another person or to public health or safety. If we refuse to give you access we will notify you in writing of out our reasons for the refusal, (unless, depending on the grounds for the refusal, it would be unreasonable to provide our reasons).

DISCLOSURE TO OVERSEAS RECIPIENTS

We may disclose your personal information to persons outside of Australia (overseas recipients), including:

product providers, stock exchanges and listing houses, for the purposes of making foreign investments in accordance with your financial plan;
third party contractors, including our authorised representatives abroad, whom we engage from time to time to seek assistance in providing you with financial service, including para-planning services to you; and
third party data services providers whom we engage from time to time to manage, process or store information electronically at locations outside of Australia.

The countries in which overseas recipients of your personal information are located are United Kingdom, South Africa, Canada, New Zealand, Hong Kong, South Korea, Malaysia and Singapore.

We will use our reasonable endeavours to limit the disclosure of your personal information to third party recipients that value your privacy and the protection of your personal information. However, by engaging us to provide financial services and providing us with your consent to collect, use, disclose and hold your personal information in accordance with this privacy policy, you agree and acknowledge that:

we are not required to take reasonable steps to ensure that overseas recipients of your personal information do not breach the APPs in relation to the handling of your personal information;
overseas recipients of your personal information are subject to foreign laws that could compel the disclosure of personal information to a third party, such as an overseas authority; and
we are not liable to you for any breach of any Australian privacy law by overseas recipients of your personal information.

You may refuse to consent to a particular disclosure of your personal information to an overseas recipient described in this privacy policy. Unless you notify us of such refusal, however, you agree that you consent to the disclosure of your personal information outside of Australia on the basis described above.

There are some exceptions to this, such as disclosure for the purposes of handling or defending a complaint, claim or dispute.

DATA BREACHES

If a data breach occurs, we will seek to contain the breach and take remedial action, where possible. Where required by the Privacy Act, we will provide notice of the breach to affected individuals and to the Office of the Australian Information Commissioner.

CHANGES TO OUR PRIVACY POLICY

We may make changes to and update our privacy policy from time to time. We will let you know of any changes by posting a notification on our website at www.fortressfamilyoffice.com.au. Any information collected after an amended privacy policy has been posted on the site will be subject to that amended privacy policy. Please refer to our website regularly to view the most up to date version of our privacy policy.

COMPLAINTS AND CONTACT DETAILS

If you have any questions about this privacy policy, please direct them to:

Fortress Family Office

Level 26, 1 Bligh Street, Sydney NSW 2000

Phone: (02) 8016 9304

Email: admin@fortressfamilyoffice.com.au

If you wish to make a complaint about a breach of the Act, the APPs or this privacy policy, please address your complaint to The Complaints Manager and post or email it to Fortress Family Office at the address specified above. We will respond to you as soon as reasonably practicable, usually within 30 days.

If you have not received a response within 30 days or feel that the response is not satisfactory, you may contact the Office of the Australian Information Commissioner:

Australian Information Commissioner

GPO Box 5218

SYDNEY NSW 2001

Phone: 1300 363 992

Email: enquiries@oaic.gov.au

Online: www.oaic.gov.au

PART B – INFORMATION SECURITY POLICY

This ‘Part B – Information Security Policy’ only applies in relation to the supply of tax agent services.

The Tax Agent Services Act 2009 (Cth) contains a Code of Professional Conduct (the Code). The Code states that unless we have a legal duty to do so, we must not disclose any information relating to a client’s affairs to a third party without our client’s permission.

THE INFORMATION TO WHICH THIS POLICY APPLIES

This policy concerns information that relates to the affairs of clients who engage us to supply any financial services. Information that relates to the affairs of those clients may be collected or obtained from the client or from other sources, and may also relate to the affairs of others, such as persons and entities related to the client. The information to which this policy applies is called “client information”.

PERMISSION TO DISCLOSE TO THIRD PARTIES

By engaging us to supply any tax agent service and providing us with your consent to collect, use and disclose information in accordance with this Information Security Policy, you agree and acknowledge that we are permitted to:

collect and use client information for the purpose of supplying any tax agent service for which we are engaged and for any related secondary purpose for which you would reasonably expect us to disclose client information; and
disclose client information to any third party in accordance with this Information Security Policy.

You may alter or withdraw your consent at any time by notifying us in writing that you wish to do so, however we may not be able to supply you with a tax agent service for which we are engaged, if you alter or withdraw your consent.

Irrespective of your permission, we may make disclosure where we have a legal duty to do so.

PURPOSES OF DISCLOSURE

We are permitted generally to collect, use and disclose client information for the purpose of supplying any financial services for which we are engaged and for any related secondary purpose for which you would reasonably expect us to disclose client information (“Permitted Purposes”).

TO WHOM DISCLOSURE MAY BE MADE

We are permitted to disclose client information for the Permitted Purposes to one or more of the following third parties:

the Australian Taxation Office;
our officers, employees, representatives and authorised representatives;
officers, employees and representatives of the client;
persons (including entities) related to the client and their officers, employees and representatives;
professional advisers to the client;
superannuation fund trustees, financial institutions, insurance providers, stock brokers, stock exchanges, product issuers and technical teams;
third party data services providers whom we engage from time to time to manage, process or store information electronically (including client information).

We are also permitted to disclose to third parties (such as your employer, insurer, credit organisation, financial institution or professional services provider), that we are providing financial services to you, for the Permitted Purposes including the collection of client information that is relevant to any financial services for which we are engaged.

We may also seek specific permission to make a particular disclosure to a specific third party or parties, from time to time.

We will use our reasonable endeavours to limit the disclosure of client information to third parties that respect the confidentiality of client information.

DUTY TO MAKE DISCLOSURE

to an insurer where required by a contract of insurance;
to a regulator, government agency or enforcement body;
by a subpoena or other compulsory process of a court, tribunal or authorised body.