Version: February 2014
The Privacy Act 1988 and the Privacy Amendment (Enhancing Privacy Protection) Act 2012.
The Privacy Act 1988 (Cth) sets out a number of core requirements about how organisations collect and deal with personal information.
The Privacy Amendment (Enhancing Privacy Protection Act 2012 (Cth) amends thePrivacy Act 1998 (Cth), replacing the National Privacy Principals and Information Privacy Principles with the Australian Privacy Principles (“APPs”).
The APPs explain how an organisation should use, keep, secure and disclose personal information and also gives an individual a right to know what information an organisation holds about them and how to inspect and/or correct that information if the information held is incorrect.
What kind of personal information does Whitefield collect and hold?
Whitefield only collects information that is necessary to allow us to adequately maintain your securityholding(s) and provide other services in relation to your holding(s). We generally collect information such as names, phone numbers, address, email address, date of birth, banking details, taxation details (including Tax File Number) and any other information relevant to your securityholding(s).
If we are provided with any personal information that we have not requested (unsolicited personal information), we will delete, destroy or de-identify such information as soon as practical after receiving it unless required or permitted by law.
We may be required by Australian law or court/tribunal order to collect personal information about you, including (but not limited to) information required by the following;
· Anti-Money Laundering and Counter Terrorism Financing Act 2006 and Anti-Money
laundering and Counter-Terrorism Financing Rules Instrument 2007 (“AML/CTF Laws”)
· Income Tax Assessment Act 1997/Tax Administration Act 1953
The personal information required to be collected may for example include: names, address, country of residence, date of birth, business name (if any), directorships (if any) and any other information deemed relevant to the applicable Australian law or court/tribunal order.
You do not have to provide us with your personal information but if you do not provide us with the personal information that we require we may not be able to adequately maintain your securityholding or provide other services to you and/or our service providers or related parties on your behalf.
How does Whitefield collect personal information?
There are various ways that your personal information can be collected by us directly. This includes via telephone, facsimile, email, or hardcopy forms.
We also collect your personal information indirectly from our, service providers such as our share registry provider, related parties or anyperson authorised by you to provide your personal information in order to fulfil our duties/responsibilities.
What is the purpose of Whitefield collecting and using personal information?
Whitefield only collects, holds and uses personal information for the purpose for which it was requested, any related purpose (whether directly or indirectly related) or as permitted or required by law. In most circumstances the purpose for personal information will be obvious at the time of collection.
Such purposes may include:
· establishing, maintaining and administering your account via our service providers.
· processing authorised payments to and from you.
· details of corporate actions and providing corporate communications
· any other purposes identified at the time of collecting personal information from you.
Does Whitefield disclose personal information?
Personal information provided to Whitefield may be disclosed as required to our, service providers or related parties for the purpose for which the information was provided.
Personal information may also be disclosed to persons inspecting securities registers, bidders for your securities in the context of take-overs and to other entities for the purposes of legislative compliance and reporting such as:
· Australian Tax Office (ATO)
· Australian Securities and Investment Commission (ASIC)
· Australian Stock Exchange (ASX)
We may also disclose personal information if legally required to do so, or if you have given your express content.
We do not generally disclose personal information to overseas recipients unless legally required to do so. If we are legally required to disclose personal information to an overseas recipient we cannot accept liability for any breach of the Australian privacy laws by these overseas recipients. Accordingly, you consent to such disclosure.
How does Whitefield protect personal information?
Whitefield utilises a range of procedures to protect personal information in order to prevent misuse, interference and loss from unauthorised access, alteration and disclosure.
These procedures include:
· security procedures associated with access to our business premises.
· security procedures within our offices.
· IT security procedures including password protection, firewalls, intrusion detection, site
monitoring, and backups.
· mandatory confidentiality guidelines for all staff within the business.
Whilst we have procedures in place data protection measures are never completely secure and we cannot guarantee the security of your personal information.
Some of our service providers provide internet based services secured by a username and password. If you utilise such services, you should take care to protect you username and password to prevent unauthorised access to your personal information. If you believe that your security has been breached you should immediately contact the provider of the internet based service.
How can you access your personal information held by Whitefield?
Personal information Whitefield holds about you can be accessed subject to a small number of legal restrictions. Where such restrictions exist on our ability to provide you with access we will advise you of those reasons at the time of your request.
If you wish to access your personal information, you should contact our Compliance Manager using the contact details in the Contact Us section.
We do not charge for accessing personal information, however, we may charge for reasonable costs incurred if an extended amount of time is required to collate and prepare the material for you; and if you wish to have photocopies of your files provided to you. We will provide an estimate of costs to you following your request.
How can you correct and update your information?
We take reasonable steps to ensure that the personal information we hold about you is accurate, compete and up-to-date. However, we also rely on you to provide us with any changes to your personal information to ensure that the personal information we hold is still accurate, complete and up-to-date.
A number of forms to update your personal information are available on our website, from our share registry provider or via our share registry’s online facilities. If your securityholding is broker sponsored you will need to contact your sponsoring broker to update your registered name and/or address.
Please update your personal information as soon as there are any changes to the personal information we hold or if you believe that the personal information we hold may be inaccurate, incomplete or out-of-date in order.
You can also contact us directly using the details in the Contact Us section if you believe the information we hold is inaccurate, incomplete or out-of-date in order that we can assist in making the relevant amendments.
What do you need to do if you have a complaint?
In order to fully investigate your complaint you will need to provide us with sufficient details regarding the complaint along with supporting evidence.
Your complaint will be referred to the Compliance Officer who will investigate the issue and determine any action required to resolve your complaint. We will contact you if we require any further information from you and will inform you in writing of the outcome of the investigation.
If you are not satisfied with the determination, you can contact us to discuss your concerns or alternatively, complain to the Australian Privacy Commissioner via www.oaic.gov.au.
The Compliance Officer
GPO Box 473
SYDNEY NSW 2001
Phone: (02) 8215 7900
Fax: (02) 8215 7901