Privacy Policy

1. Privacy Policy

Version 1.1

Dated: 20 December 2024

1.1. About this policy

The Privacy Act 1988 requires entities bound by the Australian Privacy Principles to have a privacy policy. This privacy policy outlines the personal information handling practices of Core Private Pty Ltd (Core Private). This policy is written in simple language. The specific legal obligations of Core Private when collecting and handling your personal information are outlined in the Privacy Act 1988 and in particular in the Australian Privacy Principles found in that Act. We will update this privacy policy when our information handling practices change. Updates will be publicised on our website, email signatures and through our email lists. Alternatively you can request a copy of the Privacy Policy on demand by emailing trevor@corepw.com.au

1.2. Purpose

The Policy explains our policies and practices with respect to the collection and management of personal information we collect from you.

The Privacy Act requires us to handle your personal information in accordance with a set of principles, known as the Australian Privacy Principles (APPs). Those Principles and our approach to those Principles are set out below.

1.3. Scope

The Policy applies to Core Private and all of its related companies together referred to in this Policy as us.

2. Collection

2.1. What information do we collect from you?

We collect, hold, use and disclose personal information to carry out functions or activities under the Australian Information Commissioner Act 2010 (AIC Act), the Privacy Act 1988 (Privacy Act) and the Freedom of Information Act 1982 (FOI Act).These functions and activities include:

  • you seek advice from us with regard to your financial planning needs;

  • you request us to assist you with performing administration activities on your behalf;

  • you enquire about or seek a quotation for a product or service offered by us or our referral partners;

  • you apply for or purchase a product or service offered by a Core Private business and or our participating providers;

  • you contact us by telephone, via mail, email or online;

  • you visit our website (including when you request a quote);

  • we supply any other products or services to you;

  • we deal with a third party on your behalf; or

  • you enter into any trade promotions, competitions, specials or other offers with Core Private or its direct partners.

2.2. Collection of your personal information

At all times we try to only collect the information we need for the particular function or activity we are carrying out. The main way we collect personal information about you is when you give it to us, either directly or through third party information collection software. This information generally comprises the following:

  • name

  • address

  • date of birth

  • gender

  • marital status

  • occupation

  • bank account details

  • contact details (including telephone, facsimile, social media pages and email)

  • financial information.

  • tax file number (TFN)

  • tax returns

  • insurance policies and

  • identification documents such as passport of drivers licence, medicare cards et

Depending on the product or service offered by Core Private we may collect the following:

  • the number and ages of your dependents

  • the length of time at your current address

  • your employer’s name and contact details

  • the length of your employment

  • proof of earnings

  • your place of birth and citizenships

  • Your tax residency or past tax residency

  • if you have changed employer in the last few years, details of your previous employment.

  • Details of companies, trusts, self-managed superannuation funds, partnerships or private ancillary funds that you control

  • Director Identification Number

  • Details of aged care arrangements of any dependents in aged care or reasonably likely to move into aged care

  • details of your dependents, as defined at section 10 of the Superannuation Industry (Supervision) Act 1993, for the purposes of paying benefits in the event of your death.

  • Estate planning documents such as Wills, Power of Attorney, Enduring Guardianship, Advanced Care Directives, Letter of Wishes, Binding Death Nominations, Deed for Mutual Wills, Deed of Family Arrangement, Loan Agreements, Superannuation Reversionary Beneficiary Nominations, Special Disability Trusts, Binding Financial Agreements and Insurance Policy Beneficiary Designations

We are also required to ask for certain information by law. Wherever there is a legal requirement for us to ask for information about you, we will inform you of the obligation and the consequences of not giving us the requested information. For example, in addition to obtaining personal information from you, whenever you acquire a new product or service from us, we will need to obtain certain documentary evidence from you as to your identity or the identity of your related entities. Such evidence may include items such as a certified copy of your driver’s licence, passport, birth certificate or trust deeds.

We also may be required to collect a significant amount of information on entities that you control eg trusts, self managed superannuation funds, companies, partnerships and private ancillary funds etc. We will collect information that is requested for AML/CTF compliance for ourselves and for financial product providers in relation to your entities, this includes information such as:

  • Identity documents of directors, beneficial owners, shareholders and settlors

  • Trust Deeds and amendments

  • minutes

  • company constitutions,

  • tax file numbers etc.

  • You may also be invested in private companies or private investment syndicates such as unit trusts and we will be provided with these financial reports, even if the other investors are not our clients.

  • Sometimes we collect a few personal details unlikely to be known to other people to help us identify you over the telephone. We may monitor and record telephone calls for training and security purposes.

2.3. Collection from a third party

We sometimes collect personal information from a third party or from a publicly available source, but only if:

  • The individual has consented to such collection or would reasonably expect us to collect their personal information in this way, or

  • It is necessary for a specific purpose that is authorised under law.

These third parties or publicly available sources may include:

  • Product issuers

  • A financial planner, stockbroker or adviser;

  • An employer or employer’s adviser for corporate members;

  • A doctor, health professional;

  • An accountant or tax agent;

  • A lawyer

  • Real estate agent

  • A mortgage broker or credit representative

  • A Power of Attorney appointed by you

  • Representatives in a foreign jurisdiction that are appointed by you

  • A bookkeeper

  • Trustees;

  • Partners;

  • Company directors and officers;

  • Customer’s agents;

  • Person’s dealing with us on a one off basis;

  • Officers of cooperatives and associations; or

  • ASIC, the Australian Government or an Australian Government Agency

  • Any other party with which we have an arrangement for the promotion and sale of products offered or distributed by us.

2.4. Collecting sensitive information

There are also specific circumstances in which we will ask for your sensitive information, for example if we are assisting you with estate planning services or providing you with an appropriate referral for insurance. This may include information such as:

  • health and medical information (for example, medical checks or consultation reports);

  • lifestyle and pastime information;

  • information regarding your physical attributes, capacity and activity; and

  • information that is publicly available on your social media accounts;

  • details of your dependents, as defined at section 10 of the Superannuation Industry (Supervision) Act 1993, for the purposes of paying benefits in the event of your death.

Sensitive information will be used and disclosed only for the purpose for which it was provided (or a directly related secondary purpose), unless you agree otherwise or an exemption in the Privacy Act applies.

If the personal information we request is not provided by you, we may not be able to provide you with the benefit of our services, or meet your needs appropriately.

2.5. What if you don’t give us the information we request?

You are not required to give us the information that we request. However, if you do not give us the information that we ask for, or the information you give is not complete or accurate, this may:

  • prevent or limit the quality of advice we provide to you

  • prevent or delay the processing of an application

  • prevent us from contacting you

  • impact on the taxation treatment of your account.

For example, we are required to ask for your TFN when you invest in a product. If you choose not to give us your TFN, you may be subject to higher tax charges or withholding tax.

2.6. Anonymity

Where possible, we will allow you to interact with us anonymously or using a pseudonym. However, for most of our functions and activities we usually need your name and contact information and enough information about the particular matter to enable us to fairly and efficiently handle your inquiry, request, complaint or application, or to act on your report.

2.7. Collecting through our websites

Core Private has its own public website — https://www.corepw.com.au/

Where our websites allow you to make comments or give feedback we collect your email address and sometimes other contact details. We may use your email address to respond to your feedback. We store this personal information on servers located in various international locations as advised by Wordpress, and Squarespace

2.8. Analytic, session & cookie tools

We use a range of tools provided by third parties, including Google, Bing and our web hosting company, to collect or view website traffic information. These sites have their own privacy policies. We also use cookies and session tools to improve your experience when accessing our websites.

The information collected by these tools may include the IP address of the device you are using and information about sites that IP address has come from, the pages accessed on our site and the next site visited. We use the information to maintain, secure and improve our websites and to enhance your experience when using them. In relation to Google Analytics you can opt out of the collection of this information using the Google Analytics Optout Browser Addon.

2.9. Social Networking Services

We use social networking services such as Twitter, Facebook and LinkedIn to communicate with the public about our work. When you communicate with us using these services we may collect your personal information, but we only use it to help us to communicate with you and the public. The social networking service will also handle your personal information for its own purposes. These sites have their own privacy policies.

2.10. Email lists

We collect your email and, if you provide it, other contact details when you subscribe to our email lists. We only use this information for the purpose of sending you regular updates on the activities of Core Private, and to administer the lists. The email marketing service will also handle your personal information for its own purposes. These sites have their own privacy policies.

2.11. Marketing Opt Out

If you do not want to receive ongoing information from us or from some of our service providers, you need to tell us. We will assume that you have provided us with your marketing consent unless you tell us otherwise.

You can opt out of receiving our marketing information at any time. To do so, you will need to speak with your Core Private adviser and request to be removed from our marketing program.

3. Disclosure of Information – Who do we give information to?

3.1. Disclosure to service providers

Core Private uses a number of service providers to whom we disclose personal information. The types of external organisations to which we often disclose your personal information include:

  • providers that host our website servers, manage our IT or manage our human resources information

  • any organisations involved in providing, managing or administering investment products or services such as actuaries, custodians, external dispute resolution services, insurers, Investor Directed Portfolio Service providers, banks, investment managers or mail houses

  • your employer (relates only to employer sponsored superannuation arrangements)

  • any fund (administrator or trustee) to which your benefit is to be transferred or rolled over

  • your personal representative, or any other person who may be entitled to receive your death benefit, or any person contacted to assist us to process that benefit such as your executors

  • any financial institution who holds an account for you,

  • any professional advisers appointed by Core Private.

  • businesses that may have referred you to us (for example your lawyer) and where you have authorised us to disclose information to them

  • third parties you have appointed and who you have authorised us to provide information to

  • third parties we have referred you to and who you have authorised us to provide information to

  • Software provides we use to provide you services which include Microsoft, Docusign, Xeppo, Zoom, netwealth, OneRegistry, Automic, Apex, Boardroom, FE Analytics, Lonsec, Adobe, iFactFind, GoToConnect, Xero, Fin365, RetireMap, Xplan, Wordpress, Squarespace, Stripe, Dropbox, MSCI, Loom and Clockify. These services may also handle your personal information for their own purposes. Each of these sites have their own privacy policies.

Like other financial services companies, there are also situations where we may also disclose your personal information where it is:

  • required by law (such as to the Australian Taxation Office)

  • authorised by law (such as where we are obliged to disclose information in the public interest or to protect our interests)

  • necessary in discharging obligations (such as to foreign governments for the purposes of foreign taxation)

  • required to assist in law enforcement (such as to a police force). We will also disclose your information if you give your consent.

 We will also use personal information about you or your related entities to confirm your identity with the Australian Government. Your identity details will be submitted to the Australian Governments Document Verification Service (“DVS”). The DVS is a national online system that allows organisations to compare an individuals identifying information with a government record.

3.2. Disclosure of sensitive information

We only disclose your sensitive information for the purposes for which you gave it to us or for directly related purposes you would reasonably expect or if you agree.

We do not sell, trade, or rent your personal information to others. We will disclose your information to fund managers, external compliance auditors, legal professionals, accountants, lawyers, mortgage brokers, bookeepers and other relevant service providers where it is required to do so in order to provide our professional services to you.

We may also need to provide your information to contractors who supply services to us, e.g. to handle mailings on our behalf, external data storage providers, external paraplanners and administrative services, or to other companies in the event of a corporate sale, merger, reorganisation, dissolution or similar event. We will take all reasonable steps to ensure that they protect your information in the same way that we do.

We may provide your information to others if we are required to do so by law or under some other unusual circumstances, such as a potential Data Breach Notification, which the Privacy Act permits.

3.3. Disclosure of personal information overseas

Generally when carrying out our core business activities in providing our products and services, we do not disclose customer information to overseas countries and when we do so we take reasonable steps to ensure that the overseas entity protects that information against unauthorised access or loss, such as entering into a contract with the organisation providing that service. The types of organisations to whom we may need to disclose customer information, include, but are not limited to those providing quality assurance, administration, paraplanning, data entry, IT development, IT systems configuration and processing. Currently Core Private is likely to disclose customer information to the following countries:

  • India

  • We will not send personal information to recipients outside of Australia unless:

  • We have taken reasonable steps to ensure that the recipient does not breach the Act or the APPs;

  • the recipient is subject to an information privacy scheme similar to the Privacy Act; or

  • If you consent to your personal information being disclosed to an overseas recipient, and the recipient breaches the APPs, we will not be accountable for that breach under the Privacy Act, and you will not be able to seek redress under the Privacy Act.

 Web traffic information is disclosed to Google Analytics when you visit our websites. Google stores information across multiple countries. For further information see Google Data Centres and Google Locations. When you communicate with us through a social network service such as Facebook, Linkedin or Twitter, the social network provider and its partners may collect and hold your personal information overseas.

3.4. Quality of personal information

To ensure that the personal information we collect is accurate, up to date and complete we:

  • record information in a consistent format

  • where necessary, confirm the accuracy of information we collect from a third party or a public source

  • promptly add updated or new personal information to existing records

  • regularly audit our contact lists to check their accuracy.

We also review the quality of personal information before we use or disclose it.


4. Storage and security of personal information

We take steps to protect the security of the personal information we hold from both internal and external threats by:

  • Storing your personal information is stored on highly secure cloud servers with strict password access.

  • Employing people and third parties who handle your personal information that have the training, knowledge, skills and commitment to protect it from unauthorised access or misuse,

  • Using two-factor authentication and third-party password encryption managers,

  • regularly assessing the risk of misuse, interference, loss, and unauthorised access, modification or disclosure that information,

  • taking measures to address those risks, for example, we keep a record (audit trail) of when someone has added, changed or deleted personal information held in our electronic databases and regularly check that staff only access those records when they need to,

  • conducting regular internal and external audits to assess whether we have adequately complied with or implemented these measures,

  • engaging third party IT services to provide security and monitoring services,

  • maintaining hardware to protect information such as firewalls,

  • regularly backup personal information

5. Accessing and correcting your personal information

Under the Privacy Act (Australian Privacy Principles 12 and 13) you have the right to ask for access to personal information that we hold about you, and ask that we correct that personal information.

You can ask for access or correction by contacting us and we must respond within 30 days. If you ask, we must give you access to your personal information, and take reasonable steps to correct it if we consider it is incorrect, unless there is a law that allows or requires us not to.

We will ask you to verify your identity before we give you access to your information or correct it, and we will try to make the process as simple as possible. If we refuse to give you access to, or correct, your personal information, we must notify you in writing setting out the reasons.

If we make a correction and we have disclosed the incorrect information to others, you can ask us to tell them about the correction. We must do so unless there is a valid reason not to. If we refuse to correct your personal information, you can ask us to associate with it (for example, attach or link) a statement that you believe the information is incorrect and why.

6. Complaints

6.1. How to make a privacy complaint

Please contact our Privacy Officer using the details provided below if you have any concerns or complaints about the manner in which we have collected or handled your personal information. We will investigate your complaint and respond to you in writing within 30 days.

If you consider your privacy concerns have not been resolved satisfactorily by us, or you wish to obtain more information on privacy requirements, you can contact the Australian Information Commissioner on:

6.2. How to contact us

Complaints and Feedback You can contact us by: