What personal information do we collect?
- Personal details such as your name, gender, address, date of birth, telephone number, email address.
- Copies of documents you provide to prove your age or identity. For example, government issued ID, passport, driver’s licence, birth certificate and utility bill.
- Copies of documents you provide to prove your source of funds. For example, your bank statement or payslip.
- Information we collect about you when you use our Services or contact our team
- Details of the transactions you carry out when using our Services.
- Details of the identity of your beneficial owners (if applicable).
- In relation to our websites, we will log your Internet protocol (IP) address so that it recognised next time you visit.
We will update the information we hold about you when you provide it to us during our communications with you.
However, whenever possible, you should advise us if information we hold about you needs updating or is no longer accurate.
When do we collect personal information about you?
- When you visit any of our websites.
- When you make an enquiry about our Services.
- When you enter into a competition or take up a promotional offer.
- When you have given a third-party permission (e.g. a Referring Partner) to share with us your personal information.
- When you report a problem, make a query or issue a complaint about our Services.
- During correspondence with Rochford employees (or persons acting on our behalf) over telephone, email, post or in person.
How do we use your personal information?
We may process your personal information for the following purposes, depending on how you interact with us.
- To complete the delivery of our services. Without your personal information, we would not be able to provide you with our risk management services or advise you.
- As part of our onboarding process, we will send you an engagement letter and our terms and conditions of engagement.
- At the beginning of the relationship and throughout, Rochford may call or email you to discuss your needs and the provision of our services to you.
To respond to your queries and complaints
Without your personal information, we would not be able to effectively respond and handle your queries or complaints. We may keep a record of our correspondence to demonstrate how we communicated with you throughout. We will do this on the basis of our legitimate interests and our legal obligations.
To comply with our legal and regulatory obligations:
To analyse, test and improve our systems and databases:
We may use your personal information to ensure that our systems are tested thoroughly. This ensures that the systems we maintain can cope with comparable volumes of information, that a wide range of realistic scenarios are covered, and that the test will reflect all the possible combinations that occur in the real environment. In addition, to ensure that personal information is not compromised, we carry out various risk assessments, and have implemented safeguards to ensure data security.
To develop new and improved products and services, including conducting market research and product analysis:
For training and quality purposes:
We are continually reviewing the quality of the services we provide in order to improve your experience with Rochford.
To keep you informed about relevant products, special offers and market news:
For new and existing customers, we will keep you informed about relevant products, special offers and market news up until you tell us otherwise (i.e. until you opt-out). You are free to opt out of receiving marketing communications from us at any time by one of the options set out in the “Managing your marketing preferences” section of this Policy.
Telephone & Email Recording
Telephone calls made and received by Rochford may be recorded and internally monitored for the purposes of:
- Ensuring that Rochford complies with its regulatory and legal obligations;
- Evidencing your use of our Services;
- Investigating complaints;
- Gathering evidence in disputes; and
- Improving Rochford’s Services (training and quality control).
Rochford may also maintain a record of all emails sent by Rochford for the same purposes.
Who do we share your personal information with?
We may share your personal information with the following entities for the purposes described in this Policy:
- Rochford’s sister companies, parent companies and affiliates.
- Third party services providers, this includes:
- Agencies who provide credit referencing, identity & verification checks, adverse media checks, sanctions screening, PEP checks and fraud prevention services.
- Auditors and professional advisers such as lawyers and consultants.
- Banks and financial services providers who facilitate our market transactions.
- Companies who host, support and maintain our website, databases, archives and other business systems.
- Companies who provide off-site hard copy information management facilities.
- Companies who provide Rochford with its customer relationship management application.
- Companies who perform functions on our behalf in the areas of IT development, IT support, back office, compliance and finance.
- Companies that provide our email archiving and backup system.
- Companies that provide our recording systems and tracking analysis software.
- Companies that carry out our direct marketing and research survey emails and texts.
- Companies who assist with providing our two-factor authentication security process.
- Companies that enable Rochford to collect customer reviews of its Services.
- Companies that provide Rochford with its appointment scheduling software.
- Public Authorities & Regulatory Bodies
- This will only be in response to lawful requests made from public authorities, regulatory bodies and law enforcement in order to meet national security, public interest and/or our legal and regulatory obligations.
- Referring Partners
- If you have been referred to Rochford by a third party who you and Rochford both have a separate direct relationship with (e.g. an independent financial adviser, lawyer or other consultant), we may provide such third party with your personal information relating to you (name and email address or phone number) in which they are interested in by virtue of Rochford’s agreement with them (e.g. for commission purposes and tracking success of referrals) and where your interests and privacy rights do not override those interests.
- Other third parties
With your consent only, we may pass your data to a third party for their direct marketing purposes.
In the event we sell divisions of our business, we may disclose your personal information to prospective purchasers and their advisers so they can evaluate the relevant business.
Please note our websites may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and we do not accept any responsibility for them. Please check these policies before you submit any personal information to these websites.
Sharing your personal information outside of Australia
The personal information that we collect from you may be transferred to, and stored at, destinations both in and outside Australia.
Where processed outside of Australia, we will take appropriate steps to ensure your personal information still receives a level of protection that is consistent with the Australian data protection standards.
How do we protect your personal information
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
Whether we interact with you via phone, mail, email, over the internet, or via another electronic medium, we endeavour to safeguard the privacy of your information. We may hold your personal information in a combination of secure computer storage facilities, cloud-based systems and in hard-copy. Irrespective of the medium, we will take such steps as reasonably necessary to ensure that your personal information is protected from misuse, unauthorised access, loss interference, modification or disclosure.
These measures include:
- Staff data protection training
- Building security infrastructure
- Secure handling and storage of your information
- System security in all of our websites and platforms, including virus scanning tools, encryption, authentication measures and intrusion detection.
How long will we keep your personal information
In accordance with our legal and regulatory obligations (for example, the AML/CTF Act 2006 and the AML/CTF Rules 2007), we will retain your personal information for a period of seven (7) years from the end of your relationship with us.
At the end of the retention period, your personal information will either be anonymised (so that it can be used in a non-identifiable way for statistical analysis, business planning), made inaccessible or unintelligible (for system integrity purposes) or deleted completely. However, we may retain your information beyond this retention period if we have a legitimate business interest to do so (or we can rely on another lawful purpose).
Unsolicited personal information
If you provide us with personal information that we have not requested, then we will only keep so much of that information as necessary for us to hold, in connection with the products and services we provide to you.
However, where we are entitled or otherwise required to retain this surplus unsolicited personal information, then we will hold that information in the same manner (and subject the same security and protection measures) as the balance of your personal information.
Your data protection rights
Right to Access: You have a right to receive a copy of the personal information we hold about you. Please not that you will have to verify your identity and request before further action is taken. As a part of this process, government identification may be required.
In accordance with the Australian Privacy Principles, we will respond to your requests for access in within 30 days, and in the manner of your choosing, if practicable.
We will not charge you for requesting access to your personal information.
Right to Transfer: Where reasonably requested, you have a right to receive information that you have provided us in a format of your choosing, and/or request that we transmit it to a third party.
Right to Erasure: You have a right to request that we erase your personal information. However, we may not always be able to comply with your request of erasure for specific legal and regulatory reasons which will be notified to you, if applicable, at the time of your request.
Right to Lodge a Complaint: You have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC) or/and Rochford. Further details can be found under the “Contact” section of this Policy.
Right to Correction: Where your personal information is inaccurate, out-of-date or incomplete, you have the right to request an amendment to it. We will not charge you for making a request to correct your personal information.
Right to Withdraw Consent: Where you have given us your consent to process your personal information, you have the right to change your mind at any time and withdraw that consent.
Should you wish to exercise any of these rights, please get in touch with us by using the details in the “Contact Us” section below. Please not we will ask you to verify your identity before proceeding with any request you make.
Managing your marketing preferences
You may update or stop directing marketing communications from us by:
Clicking the ‘unsubscribe’ or ‘opt-out’ link in the marketing communications that we send you; or emailing firstname.lastname@example.org
We will then stop any further emails, text messages or other marketing communications from us.
Please note that you may continue to receive communication for a short period after changing your preferences while our systems are fully updated.
You may direct any questions or complaints about the use or disclosure of your personal to us at:
Data Protection Officer
Post: Level 3, 379 Kent Street, Sydney, NSW 2000
We value your feedback on our data protection processes and aim to resolve any and all complaints to your full satisfaction. We agree to ensure open lines of communication regarding your complaints, and that all complaints will be given an impartial internal review.
If you feel that your personal information has not been handled correctly, or you are unhappy with our responses to your requests regarding the use and disclosure of your personal information, you have the right to lodge a complaint with the Office of the Australian Information Commissioner www.oaic.gov.au or on 1300 363 992.
For other non-data protection related matters, please contact your usual customer services point of contact at Rochford.
We reserve the right to amend this Policy from time to time without notice in order to be consistent with Australian Privacy Principles. Where we do make significant changes to this Policy, we will take appropriate steps to bring those changes to your attention.
Effective Date: 13th September 2021
Last Updated: 13th September 2021