S3 Consortium Pty Ltd (S3, ‘we’, ‘us’, ‘our’)
ACN: 135 239 968 AFSL Corporate Authorised Representative No: 433913
Our Commitment to Privacy
together, ‘the Websites’.
We know that providing personal information is an act of trust. We value and take your trust very seriously. Unless you give us explicit consent to act otherwise, the following policy will govern how S3 handles your personal information and safeguards your privacy. S3 is committed to ensuring the protection of your personal information and giving you options regarding who can use your personal information and how it can be used.
Collection of Information
S3 is required, under various legislation and codes of practice, to collect certain information about you in order to provide our range of services. These include, but are not limited to, the Corporations Act 2001 (Cth), Income Tax Assessment Act 1997 (Cth) as well as certain regulations issued by the Australian Securities and Investments Commission (ASIC). In addition, our ability to provide you with comprehensive and quality services is reliant on us obtaining certain information about you. The staff and representatives of S3 may request personal and sensitive information (as those terms are defined in the Privacy Act 1988 (Cth)) from you, which will generally comprise, but not be limited to, the following type of information:
- Personal details e.g. name, address, contact details (phone, email), date of birth, marital status, dependents, employment details.
- Financial details e.g. assets, liabilities, income, expenses.
- Business details including ABNs.
- Details of all investments, superannuation, investor numbers, credit card and bank account details.
- Taxation information including your tax file number.
If you do not provide us with the information required, we may elect to terminate our relationship with you, if we believe it will jeopardise our ability to provide you with a complete, accurate and comprehensive service.
When you visit the Websites, we may collect certain information, which may include information that you voluntarily disclose and information that is automatically collected such as:
- Information collected when you register for our newsletter, including identifying information such as your name, mobile phone number, email address and location;
- personalisation preferences or requests for information you select as you use the Websites, for example the kinds of alerts you would like to receive and the method of delivery;
- any messages or comments you submit to S3 via the Websites or social media, including identifying information such as your name, email address and telephone number, for example any emails collected through the “Contact Us” page;
- information submitted to online facilities such as search tools; and
- tracking information we collect as you use the Websites including which areas of the site you visit, your IP address, browser, and information about your computer’s operating system, application version, language settings, and pages that have been shown to you.
- If you are using a mobile device, we may also collect data that identifies your mobile device, device-specific settings and characteristics, and latitude/longitude details. We may also calculate and process data related to the type of apps installed on a mobile device, such as the name of the app, app description and the category it belongs to.
It is unlikely that any one piece of this information alone will be able to tell us who you are, but it can still be considered “personal” information and in conjunction with other information we hold about you may identify you.
You may browse some information-only areas of the Website without providing any information, however, we may not be able to provide the full range of services through the Website if you do not provide the information outlined above.
Use and Disclosure of Information
Any personal information about you collected by S3 will be used for the following purposes:
- To comply with our legal obligations and assist government and law enforcement agencies or regulators.
- To provide the services you may have engaged S3 to provide.
- To contact you, for example, to respond to your queries or complaints, or if we need to tell you something important.
- To market services which may be supplied by S3, unless you inform us not to do so. We note that your information will be automatically uploaded to our email marketing applications.
- To provide a better website experience with content that is more relevant to your interests.
Where appropriate, we will confirm your express consent before collecting such information.
If you do not provide us with your personal information, we may not be able to provide you with our services, communicate with you or respond to your enquiries.
From time to time we are required to disclose information to other organisations to comply with the laws and regulations governing our provision of services. The organisations we may be required to disclose information include, but are not limited to:
- S3 and its Associated Entities.
- Government departments e.g. Australian Taxation Office (ATO), ASIC and Centrelink as required by law.
- Any other external party which we are compelled at law to make disclosures to.
- External parties for business acquisitions or in the event of the sale of the business.
- Any other external party as authorised by you from time to time.
External parties for business acquisitions or in the event of the sale of the business we will not use or disclose information collected about you other than for a purpose made known to you unless the disclosure:
- Is required by law (e.g. by the ATO, or ASIC);
- Is authorised by law (e.g. to protect our interests or where we are ordered by a Court to do so);
- You have consented to our disclosing the information to you; or
- The assets and operations of the business are transferred to another party.
S3 undertakes not to sell, rent or trade your personal information with the exception that we may provide your contact details to third party suppliers who we believe have services to market to you which will be of interest to you. In such a case, we will provide them with only the information necessary to enable the marketing of services to you (for example your name, location and email address). You will always be given the opportunity to opt out of any such communications.
We may use the personal information collected from you for the purpose of providing you with direct marketing material such as articles that may be of interest to you, however you may request not to receive such information by contacting us at [email protected].
Other than as set out in this document, we will not otherwise disclose your information to other parties without your express consent.
Storage and Security
We use a number of mechanisms to protect the security and integrity of your information. Unfortunately, no data transmission over the internet can be guaranteed as completely secure. So while we strive to protect such information, we cannot ensure or warrant the security of any information you transmit to us and you do so at your own risk.
S3 recognises how important the privacy of your personal information is to you. We will therefore, at all times, seek to ensure that the personal information collected and held by us is protected from misuse, loss, unauthorised access, modification or disclosure. Your information is generally held in your personal file. Information may also be held in a computer database. All paper files are stored in secure areas. Computer-based information is protected through the use of access passwords.
S3 will not adopt as our own any identifiers that you may provide to us such as Tax File Numbers or other similar identifiers.
Transfer of Information Overseas
Please note also that S3 may use overseas facilities to process or back up its information including cloud-based applications and servers located outside of Australia. As a result, we may transfer your information to our overseas facilities for storage. However, this does not change any of our commitments to safeguard your privacy. We strive to ensure that any transmission of information cross border relies on secure servers in nations that have privacy and data protection laws substantially similar to those in Australia in accordance with our commitments to safeguard your privacy. However, there is an inherent risk in the use of the internet and cloud-based applications and accordingly we cannot guarantee that your information will not be transmitted to, or intercepted by, parties located in nations that do not enforce such systems.
Transmission of information overseas may also be required either when information is sent directly to you (and you are residing overseas), or to obtain further information from international organisations to aid services provided. Again, to the extent possible, the information will only be transferred to another country where S3 reasonably believes the other country has privacy laws substantially similar to those in Australia.
If you are located in a country that does not have privacy and data protection laws substantially similar to Australia, then we cannot make any warranty or guarantee in relation to the protection of any information transmitted to or from you.
Notifiable Data Breach Scheme
We may be required to make mandatory disclosures of any data breach we experience in accordance with the Notifiable Data Breach Scheme (Australia) established by the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth). If we are required to make a mandatory disclosure under the data breach act and that data breach relates to your information, we will notify you of the same as soon as practicable in the manner required by the Scheme.
Access Your Information
You may at any time, request access to your personal information and we will provide you with access to that information either by providing you with copies of the information requested, allowing you to inspect the information requested or providing you with an accurate summary of the information held. We may, prior to providing access in accordance with this policy, require you to provide evidence of your identity to our satisfaction. To the extent reasonably possible, we will provide that information in a form that is able to be accessed and understood by you.
In the event we refuse you access to your personal information, we will provide you with an explanation for that refusal. We will endeavour to respond to any request for access within 14 days depending on the complexity of the information and/or the request and may charge fees for the request of a significant amount of information to be copied or accessed. If you make a general request for a large amount of information, we may ask you to narrow your request to the specific information you are requiring access to if it is reasonable for us to do so. We are not required to provide you with any information that you already have access to or a copy of.
You may also ask us in writing to erase any information that we hold about you. On receipt of such request, provided that same is not required to be retained by us:
- to deliver services to you;
- to comply with any laws or other regulations applicable to our business operations including file retention requirements; or
- to exercise or defend legal claims;
then we will use reasonable endeavours to comply with your request and confirm compliance to you as soon as practicable. Prior to making any such deletions, we may require you to identify yourself to our satisfaction. If we are unable to delete any information or otherwise refuse to do so, we will provide you with a written explanation as to our reasons.
Quality of the Personal Information
S3 is committed to ensuring that your personal information that we hold is accurate, complete and up to date. To assist us with this, please contact us if any of the details you have provided change. Furthermore, if you believe that the information we have about you is not accurate, complete or up to date, please contact us by emailing us at [email protected] and we will take all reasonable steps to correct the information. If you wish to have your personal information deleted, please let us know in the same manner as referred to above and we will take all reasonable steps to delete it unless we need to keep it for legal reasons.
General Data Protection Regulation 2016/679 (“GDPR”)
If you are an individual resident of an EU member state, then the GDPR applies to our collection, storage and use of your information. In addition to the general provisions set out in this document, the provisions in this section will apply to you and to the extent of any conflict with the general provisions, the provisions in this section will prevail.
- As we are incorporated in Australia, you acknowledge and expressly agree that all of your information will be transmitted outside of the EU and in particular to Australia for processing purposes.
- We may be required to disclose your information to any governmental body, supervisory authority or regulator in the EU as required by the GDPR from time to time. We may also be required to make mandatory disclosures of any data breaches relating to your information in accordance with the GDPR.
- If you request a copy of any information held about you, then to the extent reasonably possible (and provided the general provisions of this document relating to such a request are met) then in accordance with the GDPR we will endeavour to provide such information in a structured, commonly used, machine-readable and interoperable format that enables data portability.
- Any right you have to access, erasure and portability of your information under the GDPR is restricted in the manner set out in Article 23 of the GDPR.
- In relation to any direct marketing activities undertaken by us or third party providers in accordance with this document, you are entitled to object to such direct marketing activities.
- You are entitled to object to any profiling of you that is undertaken by us, or automatically by machines, as a result of the collection and processing of your information.
- We will, where reasonably practicable, encrypt your information. However, you acknowledge and agree that it is unreasonable and inappropriate for us to use pseudonyms for data processing in our ordinary course of business and in the delivery of services to you.
What to do if you have a problem or question
The Websites may use Google Analytics/AdWords and third-party remarketing cookies to serve advertisements, through third-party vendors including Google, to previous visitors to our Websites on sites across the Internet. For example, we might display advertisements to previous visitors who viewed certain pages on our Websites, or who haven’t completed an action on our Websites, such as submitting a contact form to make an inquiry.
This website also participates in the Twitter Conversion Tracking Program for purposes of serving ads targeted to users’ interests. You may opt out of Twitter interest-based advertising through an applicable opt-out mechanism described here: https://support.twitter.com/articles/20170405 (or any successor URL). Our participation in the Conversion Tracking Program is subject to Twitter’s Policies for Conversion Tracking and Tailored Audiences, at https://support.twitter.com/articles/20171365 (or any successor URL).
We will not ‘spam’ you
During the process of subscribing and registering for these updates, you will be required to give us certain personal information such as your name, address, email address, etc. and your preferences regarding the updates sent to you from our Websites.
We will not send you ‘spam’ (promotional information) without first asking you whether you wish to have promotional information sent to you. All emails sent by S3 will include a suitable method for unsubscribing. Please allow 3 days for this request to be processed.
Our use of Session Recording
S3 at times uses session recording software to capture information regarding how visitors to our Websites are interacting with our web pages. This allows us to evaluate and, if necessary or beneficial, modify our Websites to improve the functions and make it easier and more valuable for visitors to use.
The information collected may include custom data that varies but typically includes information about visitors’ activities on the Websites, such as how visitors navigate around a web page and the most commonly clicked links on a specific web page.
Your complaint will be responded to within 14 days. It is our intention to use our best endeavours to resolve any complaint to your satisfaction, however, if you are unhappy with our response, you are entitled to contact the Office of the Privacy Commissioner who may investigate your complaint further.