Carey Group (CG) is committed to protecting the privacy of your personal information. Carey Group is bound by the Privacy Act 1988 (Cth) (‘Privacy Act’) and will protect your personal information in accordance with the Australian Privacy Principles (‘APP’). These principles govern how we can collect, use, hold and disclose your personal information, as well as ensuring the quality and security of your personal information.
Collection of your information
What we collect and what we use it for
We collect and store personal information from customers, clients, prospective clients, contractors, employees, job applicants and other individuals.
Personal information includes any information or opinion, about an identified individual or an individual who can be reasonably identified from their information. The information or opinion will still be personal information whether it is true or not and regardless of whether we have kept a record of it.
The kinds of information we collect and store will depend on what products and services you request from us. The personal information we request may include any or all of the following:
- personal details such as name, address, contact details, date of birth, marital status, dependents, employment details;
- information to verify an individual’s identity such as driver’s licence, birth certificate or passport details;
- taxation information such as Tax File Number;
- financial details, such as assets, liabilities, incomes and expenses;
- investment details, such as bank accounts, share documents showing SRN/HIN and superannuation;
- insurance policy details, including private health insurance;
- estate planning details, including wills, executors, beneficiaries and powers of attorney;
- health information including current health condition, smoker status, medical history and expenses;
- professional/trade memberships, political memberships and ethnic origins;
- reference checks and other employment insights;
- information regarding dealings with us in relation to products and services, queries or complaints;
- responses to surveys or feedback provided;
- device information such as computer and connection information, website statistics, IP addresses and standard web log information;
- any other personal information required to facilitate dealings with us.
Where we collect sensitive information, we will only do so with your consent and where the information is reasonably necessary for us to perform one or more of our functions or activities. Sensitive information includes, but is not limited to racial or ethnic origin, political opinions, religious beliefs, criminal record, membership of a trade union, sexual orientation, health information or genetic information.
We will collect, use, hold and disclose personal information for a number of purposes including:
- provision of products and services;
- provision of accounting, taxation and financial planning services;
- provision of tax planning services to help legally minimise, defer and plan tax payment;
- assistance with regulatory requirements, such as Queensland Building and Construction Commission Authority reviews;
- completion of documentation and application forms required by Government agencies such as Centrelink;
- to understand your needs and provide agreed services to assist in meeting your requirements, goals and objectives, such as:
- strategic and business planning;
- business and fund set up;
- financial statement preparation for audit, ASIC or financing purposes;
- Providing assistance with the coordination of other providers or experts such as solicitors, financial advisers, etcetera;
- complying with relevant laws, regulations and other legal obligations;
- to verify your identity;
- for recruitment and employment purposes;
- to maintain contact with our clients and other contacts and keep them informed of services we offer, industry developments, seminars and other events.
How we collect
We will only collect personal information by lawful and fair means. We collect most personal information directly from you. For example, we will collect your personal information via face-to-face interviews, over the telephone, email or by completion of client information forms. This can be done electronically – for instance, when you visit our website, app and social media platforms or if you send us electronic correspondence (see “Electronic collection of personal information”).
We also collect personal information from other areas of our business including sharing information amongst our related bodies corporate or from other third party organisations. This may happen without your direct involvement – for instance, we may collect personal information about you from:
- publicly available sources of information, such as public registers
- your representatives (including your legal adviser, mortgage broker, executor, administrator, guardian or trustee)
- your employer
- other organisations, who jointly with us, provide products or services to you
- insurers, re-insurers and health care providers
- third parties who provide screening checks, references, insights and other employment information in relation to prospective employees and consultants.
Sometimes we collect personal information from a third party or a publicly available source, but only if you have consented to such collection or would reasonably expect us to collect your personal information in this way.
Electronic collection of personal information
We will collect information from you electronically, for instance through technology used to support communications between you and Carey Group, internet browsing, mobile or tablet applications.
Each time you visit our website, we collect information about your use of the website, which may include the following:
- The date and time of visits;
- Which pages are viewed;
- How users navigate through the site and interact with pages (including fields completed in forms and applications completed);
- Location information about users;
- Information about the device used to visit our website; and
- IP addresses.
We use technology called cookies when you visit our site. Cookies are small pieces of information stored on your hard drive or in memory. They can record information about your visit to the site, allowing it to remember you the next time you visit and provide a more meaningful experience.
One of the reasons for using cookies is to offer you increased security. The cookies we send to your computer cannot read your hard drive, obtain any information from your browser or command your computer to perform any action. They are designed so that they cannot be sent to another site, or be retrieved by any non Carey Group site.
We won’t ask you to supply personal information publicly over Facebook or any other social media platform that we use. Sometimes we may invite you to send your details to us via private messaging, for example, to answer a question. You may also be invited to share your personal information through secure channels to participate in other activities, such as competitions.
We understand the importance of protecting children’s privacy. Our website is not designed or intentionally targeted at children 13 years of age or younger. It is not our intention to knowingly collect or store information about any person under the age of 13, except where required to provide services that necessitates the collection of such personal information, for example as required by law.
Third party sites
Our website may from time to time have links to other websites not owned or controlled by us. These links are meant for your convenience only. Links to third party websites do not constitute sponsorship or endorsement or approval of these websites. Please be aware that Carey Group is not responsible for the privacy practices of other such websites. We encourage our users to be aware, when they leave our website, to read the privacy statements of each and every website that collects personal information.
How do we hold personal information
Much of the information we hold about you will be stored electronically in secure data centres which are located in Carey Group’s premises and owned by either Carey Group or external service providers. Some information we hold about you will be stored in paper files. We use a range of physical and electronic security measures to protect the security of the personal information we hold. For example:
- access to information systems is controlled through identity and access management, such as password protection;
- all information stored on our online data server is encrypted;
- our website is protected by a firewall;
- our offices are securely locked after hours;
- employees are bound by internal information security policies and are required to keep information secure;
- all employees are required to complete training about information security; and
- we regularly monitor and review our compliance with internal policies and industry best practice.
We take reasonable steps to destroy or permanently de-identify any personal information after it can no longer be used.
Unsolicited personal information
Where we receive unsolicited personal information, we will determine within a reasonable period whether the information could have been collected under Australian Privacy Principle 3. If the information could not have been collected under APP 3, we will destroy or de-identify the information as soon as practicable, if it is lawful and reasonable to do so. Where the information is contained in a Commonwealth record, there is no requirement for it to be destroyed or de-identified.
Notification of the collection of personal information
At or before the time we collect information about you, or if that is not practicable, as soon as practicable after the collection occurs, we will take reasonable steps to ensure you are aware of:
- who we are and our contact details;
- how we collect your personal information and whom from;
- whether the collection of your personal information is required or authorised by law;
- the purposes for which we collect your personal information;
- the consequences (if any) if we do not collect some or all of the personal information;
- any other third party to which we may disclose the personal information that we have collected;
- whether we are likely to disclose the personal information to overseas recipients, and if practicable, countries where they are located.
Use and disclosure
We will use and disclose the personal information collected by us for the following purposes:
- the purposes for which it was provided or secondary related purposes in circumstances where you would reasonably expect such use or disclosure; or
- where you have consented to such disclosure; or
- where we are required or authorised by law or where we have a public duty to do so.
We may provide personal information about our clients to organisations outside Carey Group. To protect personal information, we enter into contracts with our service providers that require them to comply with the Privacy Act. These contracts oblige them to only use the personal information we disclose to them for the specific role we ask them to perform.
Generally, we disclose personal information to organisations that help us with our business. These may include:
- our employees, and related bodies corporate;
- our agents, contractors and external service providers (for example technology service providers);
- insurers, re-insurers and health care providers;
- payment system operators (for example, merchants receiving card payments);
- other organisations, who jointly with us, provide products or services to you;
- financial services organisations, including banks;
- our legal advisers or auditors;
- your representatives (including your legal adviser, mortgage broker, executor or administrator);
- HR advisors and recruitment agencies, including third parties to provide candidate and employee checks, references and insights;
- social media and digital platforms;
- IT service providers;
- regulatory bodies, government agencies and law enforcement bodies in any jurisdiction;
- other companies in the event of a corporate sale, merger, transfer, reorganisation, dissolution, or similar event.
If you chose not to provide your information
If clients do not provide us with the personal information requested, we may be unable to provide the services required. If personal information requested is not provided, we may elect not to perform the service for the client.
We may use personal information collected from you for the purpose of providing you with direct marketing material such as newsletters or offers for products and services we believe may interest you. We may offer you products and services through various means, including mail, telephone, email, SMS or other electronic means such as social media. If you do not wish to receive such information you can request not to receive it, by contacting us via any of the methods below.
Disclosure of information overseas
We may disclose your personal information to a recipient which is located outside Australia including our service providers or other third parties. Where we do this, we will take reasonable steps to ensure appropriate data handling and security arrangements are in place. We will advise you of the countries where your data may be stored.
Countries in which overseas recipients are likely to be located are United States, Germany and Ireland.
We will not use Commonwealth government identifiers, such as Tax File Numbers, Medicare numbers or Centrelink reference numbers to identify our clients. We will only use or disclose identifiers in the circumstances permitted by the Privacy Act.
Security of personal information
We take care to protect the security of your personal information and take reasonable steps to prevent the misuse or improper disclosure of personal information. We have implemented internal policies that include employee conduct in handling personal information and privacy of individuals.
Where other organisations provide support services, we require them to take reasonable steps to safeguard the privacy of information provided to them.
Please note, we are required by law to retain your personal information for a specific amount of time. Where personal information collected is no longer required, we may retain it in a secure manner for record keeping purposes, destroy or permanently de-identify the personal information.
Accessing and correcting your information
We are committed to ensuring that the information we hold about you is accurate, complete and up to date. Please contact us if you believe that the information we have about you is not correct.
You can request access to the personal information we hold about you or enquire about what we do with it. You can also ask us to update or change information we hold about you at any time. All requests for access to your information should be addressed to the Privacy Officer.
There is no fee for requesting that your personal information is corrected by us. In processing your request for access to personal information, a reasonable cost may be charged. This charge covers activities such as locating the information and supplying it to you.
There are some circumstances in which we are not required to give you access to your personal information.
If we refuse to give you access to or to correct your personal information we will provide you with written reasons for this decision. If we refuse your request to correct your personal information, you have the right to request that a written statement be included with your personal information noting that you disagree with its accuracy.
If we refuse your request to access or correct your personal information, we will also provide you with information on how you can complain about the refusal.
A data breach occurs when personal information that we hold is accessed or disclosed without authorisation or is lost. Examples of a data breach are when a laptop or storage device containing personal information is lost or stolen, where a database has been ‘hacked’ to obtain personal information, or if personal information is mistakenly provided to the wrong person.
Under the Privacy Amendment (Notifiable Data Breaches) Act 2017, if we become aware that there are reasonable grounds to suspect a data breach may have occurred, we have an obligation to complete an assessment within 30 days to determine whether a data breach amounts to an ‘eligible data breach’.
Carey Group has implemented a Data Breach Response Plan to deal with actual or potential data breaches including the notification process when notifying affected individuals.
If you are concerned about how your personal information is being handled, or if you have a complaint, please contact the Privacy Officer at the address listed above.
When making a complaint, please provide details of the complaint and outline the questions that you want answered and what resolution you expect.
We will acknowledge your complaint as soon as we can after receipt and will let you know if we need any further information from you to resolve your complaint
We aim to resolve complaints as quickly as possible. Our standard is to resolve complaints within ten business days, but some complaints take longer. If your complaint is taking longer, we will let you know what is happening and a date by which you can reasonably expect a response.
If you are unhappy with our response, you can refer your complaint to:
The Office of the Australian Information Commissioner
The Office of the Australian Information Commissioner can be contacted at:
GPO Box 5218
Sydney NSW 2001
Phone: 1300 363 992
You can contact us by:
- Calling 07 4760 5900
- Emailing email@example.com
- Visiting careygroup.com.au
- Writing to us at PO Box 2105, Townsville Q 4810
Our Privacy Officer can also be contacted in relation to privacy concerns by writing to Privacy Officer, Carey Group, PO Box 2105, Townsville Q 4810