Privacy Policy
Introduction
Gold Bullion Australia (GBA) and its associated entities adhere to the Australian Privacy Principles (APPs) and are bound by the Commonwealth Privacy Act 1988 (“the Privacy Act”) and the Privacy Amendment (Notification of Data Breaches) Act 2017.
This document sets out our policy on the management of personal information which we have about individuals. The purpose of this Privacy Policy is to outline how we collect, use, disclose and retain personal and sensitive information. It also sets out how you can make a complaint and how you can access the personal information we hold about you.
To help facilitate transactions, provide services and supply relevant general information we need to understand who you are. We therefore need to collect personal information about you. We are also required to collect certain personal information about you to meet our obligations under the Anti-Money Laundering and Counter Terrorism Act (2006) and Anti-Money Laundering and Counter Terrorism Rules (2006).
This Privacy Policy applies to all persons making use of our website or one of our products or services. Use of our website is conditional on your acceptance of the terms of this privacy policy.
This Privacy Policy is reviewed annually, unless cause to review it earlier arises. We will endeavour to notify you of any changes to this Privacy Policy, but you should check this Privacy Policy regularly so that you are aware of any variations made.
What is personal information?
Section 6(1) of the Privacy Act defines personal information as:
Information or an opinion about an identified individual, or an individual who is reasonably identifiable:
(a) Whether the information or opinion is true or not; and
(b) Whether the information or opinion is recorded in a material form or not.
For the purposes of this policy, personal information may include:
- Your name
- Date of birth
- Contact number
- Residential or postal address
- Email address
- Other forms of identification, i.e. driver’s license, passport
- Purchase records
- Financial and transactional information
- Correspondence, or
- Other information that you may provide.
Collection of personal information
Why we collect personal information
We collect, hold, use and disclose personal information on individuals for purposes required or permitted by law and which are reasonably necessary for our business activities. Those purposes include:
- Meeting our legal and regulatory obligations (including verifying and confirming your identity under the Anti-Money Laundering and Counter-Terrorism Financing Act (2006);
- To maintain and grow our customer base and market our products and services (GBA comply with the Spam Act 2003 and best practice guide in relation to the contents of its commercial electronic messages);
- The purpose for which the personal information was initially collected (i.e. the facilitating of transactions, provision of services and creation of accounts);
- A secondary purpose related to the initial purpose of collection if that other purpose would be within the individual’s reasonable expectations (or the individual’s consent is obtained first); and
- To deal with complaints.
We collect, hold, use and disclose personal information so that we can manage and administer the services which we provide. To provide our services in the most cost effective and efficient way we may decide to utilize the services of third parties. For example, we may provide your personal information to a vetted external organization to verify your identity. External organizations utilized by GBA may have their own privacy policies in place.
Dealing with unsolicited personal information
If we receive unsolicited personal information, we will within a reasonable period after receiving the information, determine whether we could have collected the information under Australian Privacy Principles (APPs). If the information was not obtained in line with AAPs, we will take steps to destroy and de-identify the information if it is lawful and reasonable to do so as outlined under APPs.
How we collect personal information
We collect personal information about individuals through a variety of channels, including but not limited to:
- In person
- By email
- By phone
- Through written correspondence
- Online by use of tracking software (and the use of cookies)
- Through our website (e.g. Customer logins and registrations, online purchases and subscriptions to updates and newsletters)
- Product and service offerings
Notifying you of the collection of personal information
We will endeavour to notify you at or before the time we collect your personal information, or if that is not practicable, as soon as practicable after. We will take reasonable steps to ensure you are aware of:
a) Who we are and our details;
b) How we collect your personal information and where from;
c) Whether collection of your personal information is required or authorized by or under an Australian Law;
d) The purposes for which we collect your personal information;
e) The main consequences (if any) if we do not collect all or some of the personal information;
f) Any other person or body to whom we would disclose the personal information held by us about you and how you may seek correction of such information;
g) How you may complain about a breach of the Australian Privacy Principles; and
h) Whether we are likely to disclose the personal information to overseas recipients (and if so, where).
We may collect personal information from third parties in some instances. For example, we may use third party providers to analyse use of our website (including the use of cookies) or search public registries and social media for certain information which is publicly available.
How we hold personal information
We take all reasonable steps to ensure that an individual’s personal information held by us is protected from misuse, interference, or loss and from unauthorized access, modification, or disclosure. We do this by having physical, electronic and procedural safeguards which protect the personal information we hold. For example, personal information is stored in a secured office premises or in secure archiving facilities. Logins and passwords are required to access our electronic databases, our staff are required to maintain the confidentiality of personal information and access to personal information is restricted to persons who require the information to perform their duties. Where practical, we only keep personal information for as long as is required to meet out legal obligations or internal needs. Any personal information held by us may be held in a number of ways including via hard copy, soft copy or offsite on electronic servers.
Anonymity
You may wish to deal with us anonymously. However, this is likely to limit the services we provide to you. Our primary business relates to the provision of a designated service (buying, selling and storage of bullion) which in some instances would require individuals to provide personal information. We are also required under the Anti-Money Laundering and Counter-Terrorism Financing Act (2006) and the Anti-Money Laundering and Counter-Terrorism Financing Rules (2006) to conduct customer due diligence and appropriately identify customers and scrutinize transaction.
If you don’t provide us with the information we request
You can elect not to provide us with personal information should we request it. Not providing us with requested information may limit the services we provide to you, and in some cases, we may decline to do business with you. We may also report that you have declined to provide requested information to the regulator should the circumstances trigger a reporting obligation.
We collect, hold, use and disclose personal information so that we can manage and administer the services which we provide or as directed by law. If we collect personal information for a specific purpose (e.g. to provide services to you), we will not use or disclose the information for another purpose unless you consent to the use or disclosure of the information or an exception in the APPs applies.
Direct Marketing
We may use and disclose your personal information to keep you informed about a range of products and services that we think may be of interest to you as allowed under the Privacy Laws. If you do not want your personal information used for these direct marketing purposes or no longer wish to receive direct marketing materials from us, you can opt-out at any time by contacting us at:
Email: [email protected]
or
Mail: Gold Bullion Australia
C/O Compliance Manager
1 Avalon Parade, MIAMI QLD 4220
Disclosure of information overseas
We may disclose your personal information to related entities or third party service providers who are located overseas. Unless you provide your consent or an exception under Privacy Law applies, we can only disclose your personal information to an overseas third party in certain circumstances. We have taken reasonable steps to ensure that any overseas third party we send your personal information to does not breach the Australian Privacy Principles or that the overseas recipient is bound by a similar stringent privacy protection regime.
Security and access to your personal information
Information accuracy
We take reasonable steps to ensure that all personal data collected is accurate, up to date and complete. You can ask us to correct any inaccurate information we hold or have provided to others by contacting us using the details in this policy. If the information that is corrected is information we have provided to others, you can ask us to notify them of the correction.
Security of personal information
We take care to protect the security of your personal information. We may hold your personal information in a combination of secure computer storage facilities, paper-based files and other formats. We take reasonable steps to protect personal information from misuse, loss, unauthorized access, modification, or improper disclosure. These measures include instructing our staff who handle personal information to respect the confidentiality of customer information and the privacy of individuals. Please note, we are required by law to retain your personal information for a specific amount of time. We will generally destroy or de-identify personal information if it is no longer required.
Access to and correction of personal information
If we receive a request to access personal information, we aim to respond to that request in a reasonable timeframe. In general, we will not impose an access charge unless the request to access and correct personal information is excessively onerous.
We will need to verify the individual’s identity before giving access. We will usually provide the requested personal information within 30 days of receiving the request.
If we refuse access to personal information, we will provide you with reasons as to why access was refused in writing and provide you with information on how to lodge a complaint about the refusal. Such circumstances may include:
- Access would create a serious threat to safety;
- Providing access will have an unreasonable impact on the privacy of other individuals;
- Denying access is required or authorized by law;
- The request is frivolous;
- Legal proceedings are underway;
- Access would reveal a commercially sensitive decision-making process.
Data Breach
A data breach occurs when personal information held by us is lost or subjected to unauthorized access, modification, disclosure, or other misuse or interference. Examples of data breach are when a device containing the personal information of customers is lost or stolen, or when a database containing personal information is hacked or if we mistakenly provide personal information to the wrong person.
Under the Privacy Amendment (Notifiable Data Breaches) Act 2017, we have an obligation to assess within 30 days whether a data breach amounts to an ‘eligible data breach’ if we become aware that there are reasonable grounds to suspect that a data breach may have occurred.
If we form the view that the data breach would likely result in serious harm to any of the individuals to whom the information relates despite any remedial action taken by us, then the data breach will constitute an ‘eligible data breach’. If an eligible data breach occurs, we have an obligation to notify you and the Office of the Australian Information Commissioner (OAIC) of the details of the eligible data breach.
Complaints
If an individual considers that we have failed to comply with the Privacy Act 1988 or the Australian Privacy Principles, they should contact us through the details listed in the ‘contact us’ section of this document. We will then review your complaint and attempt to resolve your concerns as quickly as possible. In the unlikely event that we are unable to resolve a complaint, you can escalate your complaint to the Office of the Australian Information Commissioner (OAIC).
The contact details for the OAIC are:
Telephone: 1300 363 992 (from within Australia)
+61 2 9942 4099 (from outside Australia)
Facsimile: (02) 6123 5145
Website: https://www.oaic.gov.au/
Mail: The Office of the Australian Information Commissioner
GPO Box 5288 SYDNEY NSW 2001
Contact us
You may wish to contact us for the following:
- To find out what personal information we hold about you;
- To update or correct the personal information we hold about you;
- To opt-out of receiving direct marketing material;
- To make a privacy related complaint.
Should you wish to do so, please contact us on the details below:
Email: [email protected]
Telephone: 1300 754 602
Mail: Gold Bullion Australia
C/O Compliance Manager
1 Avalon Parade, MIAMI QLD 4200