PRIVACY POLICY

This document contains the Privacy Policy of Vincents (ABN 69 984 359 704) (“Vincents”) and our related entities.

Our related entities include VCA Services Pty Ltd, Vincents Lending Solutions Unit Trust, the VCA Finance Unit Trust and Vincents Audit Services Pty Ltd and their related entities and operating entities.

In this policy, the expressions “we”, “us” and “our” references to Vincents and related entities. The term “you” and “your” refers to the website user, reader of this document and customers of Vincents.

Vincents has created this Privacy Policy to govern the ways in which we collect, use, maintain, secure and disclose your personal information.

Your privacy is important to us, and we are committed to being open and transparent about how we manage personal information that is collected through our website or directly from you in accordance with the Australian Privacy Principles as contained within the Privacy Act 1988 (Cth) and with all relevant legislation (which may be amended from time to time).

This Privacy Policy will be reviewed from time to time and updated to reflect changes in accordance with new laws and technology, and changes to Vincents’ operations. We strongly recommend that you review this policy on a regular basis to ensure that you are aware of any amendments to this Privacy Policy. Any information that we hold, use and disclose will be governed by the most current version of the Privacy Policy.

By submitting your personal information to us, or utilising our services, you acknowledge and consent to us utilising your personal information in accordance with this Privacy Policy.

This Privacy Policy is intended to enhance the transparency of Vincents’ operations, notify you of your rights and our obligations and provide you with information regarding:

1. The kinds of personal information which we will collect and hold;
2. How we will collect, hold, use and disclose that personal information;
3. The purpose for which we collect, hold, use and disclose personal information;
4. How you may access personal information that is held by us and seek correction of such information;
5. How you may complain about a breach of the Australian Privacy Principles or any registered code that binds us, and how we will deal with such a complaint:
   1. Whether we are likely to disclose personal information to overseas recipients;
   2. If we are likely to disclose personal information to overseas recipients, the countries in which such recipients are likely to be located.

ACKNOWLEDGEMENT AND WARRANTY

We acknowledge that we must take reasonable steps when handling personal information to the extent as provided for by the Privacy Act 1988 (Cth).

We will endeavour to utilise this Privacy Policy on each occasion that we deal with your personal information. However, we cannot warrant that loss, misuse or alteration of information will never occur though we will take all reasonable steps to prevent those things from occurring.

We have taken reasonable steps to endeavour to comply with the Privacy Act 1988 (Cth) with some of those examples being:

1. The implementation of this Privacy Policy;
2. Staff training and education;
3. The utilisation of checklists to ensure that the Australian Privacy Principles are complied with;
4. Clear and transparent procedures regarding the handling of complaints and disclosure of information.

COLLECTION

It is our usual practice to collect personal information directly from you or your authorised representative(s) such as a solicitor, another accountant, broker or other nominated individual.

Personal information means information or an opinion (including information or an opinion forming part of a database) whether true or not, and whether or not recorded in the material form about an individual whose identity is apparent or can reasonably be ascertained from that information or opinion as provided for under the Privacy Act 1988 (Cth).

Depending on the nature of our engagement with you, some examples of personal information that we may collect include:

1. Your name;
2. Your address;
3. Your contact details including phone number, address and email addresses;
4. Your date of birth;
5. Your driver’s licence;
6. Your job title;
7. Your tax file number declaration and documentation;
8. Identification status (such as work permit, passport details and the like);
9. Financial information including banking and taxation information;
10. Payment details;
11. Superannuation arrangements;
12. Educational qualifications, salary, employment history and references.

Sometimes due to the nature of an engagement, we will collect sensitive information.  We only collect sensitive information if it is reasonably necessary for one or more of our functions or activities, and we have the individual’s consent. Vincents places the utmost importance on the protection of sensitive information.

We will not disclose sensitive information unless:

• The disclosure is required under Australian law;
• A permitted general situation or health situation exists; or
• It is reasonably believed that the use or disclosure of such information is necessary for an enforcement related activity conducted by or on behalf of an enforcement body.

IDENTIFICATION AND NON-IDENTIFICATION

You may choose to interact with us using a pseudonym and/or not identifying yourself.

However, in circumstances where we are required to do so or are authorised by law, we will ask for your identification and request your personal information.

It may be impractical for us to interact with you without some form of identification and therefore we will request identification details from you at the beginning of each transaction.

If you do not consent to the collection of your personal information in accordance with this Privacy Policy, we may be unable to effectively and efficiently respond to a request, answer a query or provide the services as requested.

HOW WE WILL COLLECT AND HOLD YOUR PERSONAL INFORMATION

We will only collect and hold personal information by lawful and fair means.

We may collect personal information in a range of different manners, including:

1. Over the telephone;
2. When you complete documents for us in relation to engagement or services being provided by us;
3. When you send us correspondence;
4. When you visit and interact with us through our website;
5. When you provide information for the purposes of services we provide;
6. When you have contact with us in person (such as general networking or via attendance at events or meetings).

In collecting your personal information, we use different types of technology, including tracking technologies such as cookies and the like.

In some circumstances we may collect and hold personal information that has been collected from a third party or publicly available source (including social media platforms) which will likely occur in circumstances where:

1. You have consented to this collection;
2. You reasonably expect us to collect your personal information in this matter, and it is necessary for us to collect this information for a specific purpose,
3. We will take steps to hold personal information in a manner which is secure and protected from unauthorised access.

The purpose for which we collect and hold personal information

We will  collect and hold personal information which is relevant to the operation of our services for which you engage us for, as well as for general marketing purposes.

Our purpose for collecting and holding personal information about you is so that it may be used directly for our functions or activities.

Some examples (though not exhaustive) of ways in which we may use your personal information for the functions or activities that we perform include:

1. Providing our suite of services including but not limited to assurance and risk advisory, business advisory, economics and data analytics, financial advisory, forensic services, taxation advisory, restructuring and recovering, corporate advisory, and lending solutions;
2. Reviewing existing credit terms;
3. Assessing credit reports and credit worthiness;
4. Assessing credit guarantees (current and prospective);
5. Collecting overdue payments;
6. Internal management purposes;
7. Administering accounts;
8. Facilitating service reviews and surveys;
9. Education and networking events;
10. Business development and marketing purposes;
11. Sales and billing;
12. Insurance purposes;
13. Training and recruitment;
14. Compliance with legal requirements;
15. To keep our records up to date;
16. Measuring the effectiveness and usage of our website;
17. Contacting you in relation to comments, complaints, enquiries, or service opportunities;
18. Internal record keeping.

We may also disclose the personal information collected to other entities within our network for the purposes of marketing and the provision of additional  services.

We will only use your personal information for the purposes for which it was collected, for related purposes, in order to comply with the law, or for another purpose only with your consent.

You have the right to withdraw your consent at any time, but it may affect the services that may be rendered by us. This may also impact on our ability to provide you with further services or opportunities.

THE PURPOSE FOR WHICH WE COLLECT AND HOLD PERSONAL INFORMATION

We will endeavour to only use and disclose personal information for the primary purposes discussed above in relation to our functions and activities.

Additionally, we may also use and disclose personal information for other purposes, including direct marketing.

Unless one or more of the below scenarios has occurred, we will take necessary steps to prevent personal information from being given to government agencies or other organisations:

1. You have provided your consent;
2. You would reasonably expect that your information would be so disclosed in the services that we are providing;
3. We have informed you that your personal information will also be provided to a third party;
4. We are required by law to provide your personal information to a government agency or other organisation;
5. The disclosure of the information will prevent a serious threat to somebody’s health or life;
6. The disclosure of the information is reasonably necessary for the enforcement of criminal law at the request of the relevant authorities and in line with the Privacy Act 1988 (Cth).

We may also disclose your personal information to our related entities for the purposes of direct marketing and cross marketing should the circumstances arise.

We are not liable for how a third party chooses to utilise your personal information if the personal information has been disclosed in accordance with this Privacy Policy.

DISCLOSURE TO OVERSEAS RECIPIENT

There may be a requirement for us during the provision of our services to share and/or disclose your personal information with recipients that are located outside of Australia.

We may store your personal information on secure servers that are located outside of our firm’s premises and may be located on servers outside of Australia such as the Republic of Sinagapore and the United States of America in order to provide a fast and secure connection with our firm’s team overseas. We confirm that your information has been securely encrypted to industry leading levels and the disclosure is necessary for our functions and activities.

DIRECT MARKETING

We will take steps not to disclose personal information for direct marketing purposes unless you have consented to that disclosure or, alternatively, that disclosure is reasonably expected in the manner in which you have interacted with us.

We may collect, hold, use and disclose your personal information to provide you with information and offers about our products and services (including by way of direct mail, telephone, email, SMS, and online advertising and marketing) or to request your feedback for research purposes. These being permitted activities in accordance with the Spam Act 2003 (Cth) and Privacy Act 1988 (Cth)

You always have the right to opt out of receiving direct marketing. We will provide you with an opt out option with respect to direct marketing should you wish to be excluded from direct marketing. If you do not elect to opt out for receiving direct marketing material from us, you consent to us using personal information provided to us for direct marketing purposes.

You may at any time withdraw your consent to receive direct marketing material from us by opting out or by following the “unsubscribe” link provided in our electronic communications or by contacting our firm’s marketing manager as identified within our website.

We may also from time to time, if we have received your consent, provide your personal information to a third party for the purpose of direct marketing. We are not liable if a third party chooses to utilise your personal information if the personal information has been disclosed in accordance with this Privacy Policy.

GOVERNMENT RELATED IDENTIFIERS

We will endeavour not to utilise government related identifiers unless it is necessary for us to verify your identity or for the purposes of our activities or functions.

DISCLOSURE TO CRBS

We may disclose your personal information to a Credit Reporting Bureau (“CRB”) in accordance with the permitted disclosures provided for under the Privacy Act 1988 (Cth).

We may disclose your information to a CRB including the following below:

1. Equifax;
2. Ilion;

A copy of the credit reporting policy for those CRBs listed above will be available on their website. We are not liable if a third party chooses to use your personal information if the  personal information has been disclosed in accordance with this Privacy Policy.

HOW IS YOUR PERSONAL INFORMATION KEPT SECURE?

We have in place appropriate technological and operational security processes that are designed to protect your personal information from loss, misuse, alteration or destruction.

Only the authorised employees, contractors of our entities and permitted third parties will have access to any data that you provide, and that access is limited by need and the services for which you have engaged us in.

Each employee or contractor that has access to your personal information is obliged to maintain its confidentiality.

Electronic information is stored on a secure server that is protected in controlled facilities, and documents and papers are stored safely and securely for as long as they are required and authorised to be kept in accordance with law. When your electronic and hard copy information is no longer required it is destroyed.

Although we take industry leading steps to protect your personal information, we cannot guarantee that your personal and identifiable information will not become accessible to unauthorised persons acting nefariously or otherwise. We confirm that we will not be held responsible for events arising from unauthorised access to your personal information.

ACCESS AND CORRECTION TO PERSONAL INFORMATION

You may ask us at any time to provide you with a list of the personal information we hold about you and for copies of that information and we will endeavour to provide you with that information as required under the Privacy Act 1988 (Cth).

If you believe for any reason that we are holding incorrect or incomplete information or data about you, you may ask us to correct it. We will consider if the information requires amendment. We will not update your information unless we are able to independently identify your identity through your name, date of birth and email address.  The intentional provision of false information to this office will be handled with the utmost seriousness, up to and including the referral of the matter to the relevant regulatory bodies/authorities.

NOTIFIABLE DATA BREACHES

A notifiable data breach pursuant to the Privacy Act 1988 (Cth) is an event where access to your personal information has been gained and there is a risk of serious harm, or it is expected that there is a serious risk to you.

In the event of the notifiable data breach, we will notify you. Examples of this include:

1. Loss or theft of physical devices;
2. Unauthorised access to personal information by an employee;
3. Inadvertent disclosure of personal information.

The disclosure of that notifiable data breach will be made to you in circumstances where the notifiable data breach reaches the mandatory disclosure requirement as provided for under the Privacy Act 1988 (Cth).

In the event of a potential notifiable breach, we will abide by the recommendations provided for by the Office of the Australian Information Commissioner which are to:

1. Contain the breach;
2. Assess the width and depth of the breach;
3. Notify the relevant authorities and affected clients and parties; and
4. Review the breach and ensure further measures are enforced.

CONTACT DETAILS

In the event that you wish to discuss with us our obligations and the disclosure of your personal information in relation to the Privacy Act 1988 (Cth) you may contact us or lodge a complaint by the below means:

Privacy Enquiries and Complaints

Vincents

Level 34, Santos Place

32 Turbot Street

Brisbane QLD 4000

privacy@vincents.com.au

In receiving any communication, we will need to authenticate your identity to ensure the relevant person is requesting the information.

If you are not satisfied with the outcome of your complaint, you may also make a complaint to the Australian Information Commissioner with their details being:

Office of the Australian Information Commissioner

GPO Box 5218

Sydney NSW 2001

enquiries@oaic.gov.au

amendment to this privacy policy

This Privacy Policy is subject to amendment at any time without notice. Information received prior to amendment will remain subject to the policy applicable before the amendment. If you do not agree to the Privacy Policy at any time, please do not continue to utilise our website. If you do continue to utilise our website, you are deemed to have accepted the terms of this Privacy Policy.