1.1
We , us and our means
Flor-Hanly & Associates Pty Ltd ACN 137 744 355 and its
officers, employees and agents.
1.2
In the course of
doing business in Australia, there are circumstances where we collect personal
information (including credit information). This privacy policy has been
developed to ensure that such information is handled appropriately.
1.3
We are committed to complying with
the Privacy Act 1988 (Cth) (Privacy Act) and the Anti-Money Laundering
and Counter-Terrorism Finance 2006 Act (AML/CTF
Act)
in relation to all personal information we collect. Our commitment is
demonstrated in this policy. The Privacy Act incorporates the Australian
Privacy Principles (APPs). The APPs set out the way in which personal
information must be treated.
1.4
This privacy policy also
incorporates our policy on managing credit information (see section 9).
1.5
By providing your details, you
consent to us collecting, holding, using and disclosing your personal
information in accordance with this policy.
1.6
If you do not provide the information requested
by us, we are not able to provide you with our services or otherwise engage
with you.
Who does the privacy policy apply to?
1.7
This policy applies to any person
for whom we currently hold, or may in the future collect, personal information.
Broadly, we collect personal information from our current and prospective
clients, other individuals that contact us with enquiries, current and
prospective contractors, consultants and agents and prospective employees.
1.8
This policy does not apply to acts
and practices in relation to employee records of our current or former
employees, as these are exempt from the Privacy Act.
What information does the privacy policy apply to?
1.9
This policy applies to personal
information. In broad terms, 'personal information' is information or opinions
relating to a particular individual who can be identified.
1.10
Information is not personal
information where the information cannot be linked to an identifiable
individual.
Retention and destruction of personal information
1.11
Subject to our professional
obligations, we will take reasonable steps to destroy or permanently
de-identify personal information if that information is no longer needed for
the purposes for which we are authorised to use it, including our obligations
under the AML/CTF Act and Rules.
Personal information
(a)
sensitive
information (see paragraph 2.2);
(b)
contact
information, including full name, residential address, contact details and
emergency contact details;
(c)
financial
and credit information;
(d)
date
and place of birth;
(e)
employment
arrangements and history;
(f)
tax
returns and tax file numbers;
(g)
insurance
information;
(h)
banking
details;
(i)
details
of any enquiries you make;
(j)
government
related identifiers;
(k)
photo
ID and unique identifier, such as a passport or driver s licence number, and
(l)
any
other personal information required to provide services to you or otherwise
engage you to assist us to provide our services.
Sensitive information
(a)
health
information;
(b)
racial
or ethnic origin;
(c)
criminal
records, and
(d)
biometric
information.
2.3
For the purpose of AML/CTF customer due diligence, we
may collect the following types of sensitive or higher-risk information about
clients, beneficial owners or agents:
(a)
adverse
media information,
(b)
membership
of professional or trade associations; and
(c)
membership
of any political associations.
2.4
We will not collect sensitive
information without the consent of the individual to whom the information relates unless
permitted under the Privacy Act.
Web-generated information
2.5
Our website (https://www.florhanly.com.au/) may
also automatically collect hardware and software information about your
computer or device, including:
(a)
your IP address;
(b)
your browser type;
(c)
the types of devices you are using to access our
website;
(d)
the language and operating system of the device
being used;
(e)
domain names, access times and referring website
addresses; and
(f)
page clicks, time spent and other automatically
collected meta-data.
2.6
Our website may also collect usage information
from users. Broadly, this information may relate to how you use and navigate
the website, including:
(a)
information about pages, content or
advertisements you have browsed or clicked on;
(b)
any content, information or material you
disclose to us;
(c)
the location from which you have come to the
site and the pages you have visited; and
(d)
information about the features you have used on
our website.
3
How and when do we collect personal information?
3.1
We usually collect personal
information directly from the individual concerned,
for example, via emails, telephone calls, online forms, engagements agreements,
physical or virtual meetings and questionnaires.
3.2
We may also collect personal
information from third parties such as:
(a)
government bodies (such as regulatory
authorities, relevant departments etc);
(b)
through referrals from individuals or other
entities;
(c)
third-party identity verification services, including
Content Snare (Comply Cube) and Ignition;
(d)
banks and financial institutions;
(e)
registers of companies, trusts, government
databases (such as ASIC or ABR) and other paid search providers;
(f)
your current and previous employers;
(g)
our employees, contractors and agents;
(h)
through marketing and business development
events; and
(i)
your representatives and advisers.
(a)
physically, in paper files stored securely at
our premises; and/or
(b)
electronically in computer systems,
applications, databases and cloud servers, either operated by us or our
third-party service providers.
4.2
We implement and maintain
processes and security measures to protect personal information which we hold
from misuse, interference or loss and from unauthorised access, modification or
disclosure. Some of these processes and systems include:
(a)
using secure servers to store personal
information;
(b)
using
unique usernames, passwords and other protections on systems that can access
personal information;
(c)
holding
certain sensitive documents securely;
(d)
arranging
for our employees to complete training about information security;
(e)
maintaining
a data breach policy; and
(f)
monitoring
and reviewing our policies.
5
Why do we collect, hold, use or disclose personal
information?
(a)
in the case of a current or prospective client, to
provide our services and comply with our professional obligations;
(b)
in the case of other individuals that contact us
(including users of our website), to assist us to respond to your enquiries or
complaints;
(c)
in the case of a current contractor, consultant
or agent, to assist us in providing our services; and
(d)
in the case of a prospective contractor,
consultant, agent or employee, to assess your suitability for employment or
engagement.
5.2
We may also collect, hold, use and disclose
personal information for secondary purposes that are within your reasonable
expectations and that are related to the primary purpose of collection.
5.3
We also collect your personal information to comply
with the AML/CTF Act. This includes to:
(a)
establish
and verify identification of clients/agents/beneficial owners before providing
certain services to you or the person you are acting on behalf of;
(b)
comply with initial and ongoing Customer Due
Diligence requirements;
(c)
comply
with ongoing monitoring and enhanced due diligence where required;
(d)
assess
and manage potential money laundering, terrorism financing,
proliferation financing risks or related compliance risks associated
with the provision of our services;
(e)
make
reports required by law under the AML/CTF Act, and
(f)
meet
record keeping obligations under the AML/CTF Act.
5.4
From time to time, we may disclose personal
information to third parties such as:
(a)
government bodies (such as regulatory
authorities, relevant departments, etc);
(c)
our contractors, consultants, employees, agents
and service providers;
(d)
law enforcement agencies;
(e)
parties considering the acquisition of the whole
or a part of our business; and
(f)
other third parties with whom we have a
commercial relationship.
5.5
We may also share your personal
information with AUSTRAC to meet our legal and regulatory obligations under the
AML/CTF Act or the AML/CTF Rules.
5.6
We will only disclose personal
information to third parties if:
(a)
we are required or authorised by law to do so;
(b)
we have received express consent to the
disclosure, or consent may be reasonably inferred from the circumstances; or
(c)
we are otherwise permitted to disclose the
information under the Privacy Act.
6.1
We
may use personal information for the purposes of developing, using and training
AI tools within our business. Confidential client data will not be used
to train public models unless expressly agreed and legally permitted.
6.2
We
may use AI software to:
(a)
perform
identity verification checks;
(b)
analyse data and prepare reports;
(c)
automate
administrative tasks, and
(d)
record
and summarise meetings, with the appropriate
notification/consent.
6.3
We
may use the following types of personal information when using AI software:
(a)
identification
information, including, your:
(i)
name;
(ii)
address;
(iii)
email
address;
(iv)
telephone
numbers;
(v)
date of
birth;
(vi)
occupation;
(vii)
current
or former employers;
(b)
your
personal circumstances;
(c)
entities
you are involved in or associated with;
(d)
other
information that we consider necessary for the provision of our products and
services and the operation of our business;
(e)
financial
information;
(f)
photographs,
film and/or recordings or any other digital representation;
(g)
relationship
information;
(h)
family
information; and
(i)
employment
information for an employee whether previous, current and prospective.
7
Direct marketing
7.1
We may
use your personal information to send you marketing communications, including
emails, SMS, newsletters, event invitations or other material relating to our
products or services. You have the right to opt out of receiving these
communications at any time.
7.2
You
may opt-out of receiving direct marketing
communications from us by:
(a)
clicking
the unsubscribe link at the bottom of any of our direct marketing
communications;
(b)
replying
STOP to any marketing text message we send, or
(c)
by
contacting our Privacy Officer at comply@florhanly.com.au or calling us on (07) 4963
4800.
7.3
Once
you request to opt-out of direct marketing, we will
process your request as soon as practicable, usually within 30 days.
7.4
Please
note that even if you opt out of marketing, we may still send you essential,
non-marketing administrative and transactional messages regarding our services,
including important information regarding legislative and regulatory changes
that may affect you.
8
Will we disclose personal information outside Australia?
8.2
In some cases, we may indirectly disclose
personal information overseas through disclosures to our service providers that
have data servers located overseas. For example, we disclose personal
information to service providers that are located, or otherwise have data
servers located, in the
Philippines, India and the USA.
What kinds of credit information may we collect?
(a)
your identification information;
(b)
information about any credit that has been
provided to you;
(c)
your repayment history and any defaults or
overdue payments;
(d)
if terms and conditions of your credit
arrangements are varied;
(e)
if any court proceedings are initiated against
you in relation to your credit activities;
(f)
information about any bankruptcy or debt
agreements involving you;
(g)
any publicly available information about your
credit worthiness; and
(h)
any other information about your credit history
and activities.
How and when do we collect credit information?
9.2
In most cases, we will only collect credit
information if it is relevant to provide our services.
9.3
We may collect credit information either
directly from you or from:
(a)
third parties including parties to whom we
provide services that you are involved with;
(b)
government bodies (such as the Australian
Taxation Office);
(c)
banks and other credit providers;
(d)
other individuals and entities via referrals;
and
(e)
your suppliers and creditors.
9.4
We do not collect and hold credit information
from credit reporting bodies unless it is incidentally collected in providing our
services to you.
How do we store and hold the credit information?
9.5
We store and hold credit information in the same
manner as outlined in section 4
of this policy.
Why do we collect the credit information?
How can I access my credit information, correct
errors or make a complaint?
9.8
You can seek access to and request a correction
to your credit information or complain about a breach of your privacy in the same
manner as set out in section 10
of this policy.
10.1
It is important
that the information we hold about you is up-to-date. If
you believe that any information we hold about you is
incorrect, please contact us so we can make the necessary change(s).
10.2
If the personal information and or credit
information we hold is not accurate, complete and up-to-date,
we will take reasonable steps to correct it, where it is appropriate to do so.
Access to information and correcting personal
information
10.3
You may request access to the personal
information held by us or ask us for your personal information to be corrected
by using the contact details in this section.
10.6
We may deny access to personal information if:
(a)
the request is unreasonable;
(b)
providing access would have an unreasonable
impact on the privacy of another person;
(c)
providing access would pose a serious and
imminent threat to the life or health of any person;
(d)
providing access would compromise our
professional obligations; or
(e)
there are other legal grounds to deny the
request.
10.7
We may charge a fee for reasonable costs
incurred in responding to an access request. The fee (if any) will be disclosed
prior to it being levied.
Complaints
10.8
If you wish to complain about an interference
with your privacy, then you must follow the following process:
(a)
The complaint should firstly be made to us in
writing, using the contact details in this section. We will have a reasonable
time to respond to the complaint.
(b)
If the privacy issue cannot be resolved, you may
take your complaint to the Office of the Australian Information Commissioner https://www.oaic.gov.au/privacy/privacy-complaints.
Who to contact
10.9
A person may make a complaint or request
to access or correct personal information about them held by us. Such a request
should be made in writing to the following address:
Address to: The
Privacy Officer, Flor-Hanly
Postal address: PO
Box 3456 Mackay North QLD 4740
Telephone number: (07) 4963 4800
Email address: comply@florhanly.com.au
11
Changes to the policy
11.1
We may update, modify or remove
this policy at any time without prior notice. Any changes to the privacy policy
will be published on our website.
11.2
This policy is effective 1 July 2026. If you
have any comments on the policy, please contact the privacy officer with the
contact details in section 10
of this policy.
Connect with us whatever way you like!
Facebook
LinkedIn
Email