Privacy Policy

CFG Advice Pty Ltd AFSL #501857

Version 3.3

We understand that the privacy of your information is important to you, and we respect the confidentiality of the information that you provide to us. Protecting your information is an important part of maintaining trust between us and our clients and by handling information in a secure manner we build strong business relationships.

This document provides information and details about how we manage the personal information that we collect, hold, use and disclose about individuals.

The Privacy Policy applies to the Licensee and our representatives. We are bound by the Privacy Act 1988, and we manage and protect your personal information in accordance with the Australian Privacy Principles.

Why we collect and use personal information

We collect, hold, use and disclose personal information so we can provide you with financial products, advice and services relevant to your needs. We may also collect, use and disclose your information for related purposes such as:

  • Complying with our legal obligations, such as verifying your identity
  • Assisting with your questions and complaints
  • Arranging for services to be provided by third parties
  • Internal operations, such as record keeping, data analytics, auditing or training
  • Promotion of other products and services that may be of interest to you

Please contact us should you wish not to receive direct marketing.

We collect, use, hold and sometimes disclose personal information about financial advisers, and other people who we do business with (including employees) to administer and manage our business operations. This information is afforded the same standard of care as that of our clients.

What personal information we collect

We ask you for personal information that is necessary to assist us in providing relevant products and services to you. The information we collect could include (but is not limited to) your name, date of birth, contact details, financial information, employment details, residency and citizenship status. We may also collect the personal information of your family members where it is relevant to the advice or service being provided.

We may also collect sensitive information about your medical history, health and lifestyle to provide you with financial advice about life insurance products.

The only circumstances in which we would collect, use or disclose your government related identifiers is where we are required or authorised by law to do so. For example, we may be required to disclose your Tax File Number (TFN) to the Australian Taxation Office, a superannuation or retirement income product provider.

We are also required to destroy or permanently de-identify TFNs when they are no longer necessary for this purpose. Drivers licence numbers and passport numbers may also be collected when we are required to verify your identity.

By law, we are required to comply with record keeping obligations such as keeping records for at least seven years after advice has been provided to you, and Customer Identification Procedure records for the duration of your relationship with your adviser or broker, and for an additional seven years after you stop receiving any designated services.

In most instances, we collect personal information directly from you when you:

  • complete a financial product or credit product application form,
  • complete an identification form,
  • complete data collection documentation,
  • interact with an online interactive tool, such as a budget planner,
  • provide documentation to us, or
  • when you communicate with us in person, over the telephone, email, internet or by using other electronic devices.

Situations where we collect personal information from other people and organisations may include (but are not limited to):

  • a financial adviser,
  • a mortgage broker or other credit representative,
  • other professionals who act on your behalf, such as a lawyer or accountant,
  • health professionals,
  • other organisations, who jointly with us, provide products or services to you, and
  • social media and publicly available sites.

It’s your choice whether to provide your personal information. You have the right to not to provide personal information, including about your identity. However, in this case, your adviser will warn you about the possible consequences and how this may impact on the quality of the advice provided. Your adviser may also decline to provide advice if they feel they have insufficient information to proceed. In some instances, we will decline to provide services or advice if we feel we have insufficient information for the scope of the service or advice requested.

If you wish to remain anonymous or to use a pseudonym when dealing with us, we may only be able to provide you with limited information or services. In many cases it will not be possible for us to assist you with your specific needs.

Accessing and correcting personal information

You, or someone that you nominate, can request access to personal information we hold about you. We will deal with requests for access to your personal information as soon as possible and aim to respond within 30 days. The time we require will depend on the type of information requested and whether it is in physical or electronic format. There may be a cost involved with locating, copying or sending you the information you request. The cost will be discussed and agreed with you at the time.

There may be circumstances where we refuse to provide you with the information you request, for example when the information is commercially sensitive. In these situations, we will inform you and provide an explanation as to why.

We take reasonable steps to ensure that your personal information is accurate, up to date and complete and relevant. We will update your personal information if you contact us. In most cases, you can update your personal information over the phone, by contacting your adviser.

Who we share personal information with

We may disclose your information to a third party where you have given your consent or where you would reasonably expect us to disclose your information to that third party.

From time to time we may share your personal information with other entities both within and outside of the Licensee. This will vary according to the product or service involved, but could include:

  • any person acting on your behalf, including your financial adviser, solicitor, accountant, executor, administrator, trustee, guardian or attorney
  • financial product and service providers, including financial planning software providers and paraplanners
  • for corporate superannuation members, your employer or your employer's financial adviser
  • other organisations within the Licensee including related bodies corporate and advice firms we have authorised,
  • medical practitioners and health service providers, such as pathology services
  • companies involved in the payments system including financial institutions, merchants and payment organisations
  • organisations who assist us with certain business functions, such as auditors, compliance consultants, direct marketing, debt recovery and information and communication technology support
  • our solicitors, our insurers, courts, tribunals and dispute resolution organisations
  • other organisations who provide us with products and services so that they may provide their products and services to you or contact you on our behalf, and/or
  • anyone to whom we, or our service providers, are required or authorised by law to disclose your personal information to (for example, law enforcement agencies, Australian and international government and regulatory authorities).

We may also disclose the personal information we hold about our financial advisers to professional organisations, companies and consultants that we work with.

Disclosure of personal information overseas

We may disclose your personal information to service providers who operate outside Australia including the Philippines. The most common example of when we share your personal information overseas is when we work with overseas service providers who prepare financial advice documents. When we send your personal information to overseas recipients, we make sure appropriate data handling and security arrangements are in place

Your adviser may have their own outsourcing arrangements to countries other than those detailed above. If so, your adviser will disclose these arrangements separately to you. All reasonable steps will be taken to ensure that offshore service providers comply with the Privacy Act.

How we protect personal information

We strive to ensure that the personal information that you provide to us is stored safely and securely. We take precautions to protect the personal information we hold about you from misuse, interference and loss, and from unauthorised access, modification or disclosure.

We have a range of practices and policies in place to protect personal information we hold, including:

  • educating our staff and representatives about how to protect your personal information and updating them about cybersecurity developments, threats and scams,
  • secure passwords in accordance with stringent password management policies
  • use of Multi-Factor Authentication (MFA)
  • using secure client portals and/or password protection
  • strict confidentiality arrangements restricting third parties’ use or disclose of personal information for any unauthorised purposes,
  • data and cyber security assessments of third-party providers and systems
  • employing firewalls, intrusion prevention systems web/email filtering and antivirus/antimalware tools
  • a Cybersecurity Policy, Cyber Incident Response Plan, Data Breach Response Plan

We require our representatives to protect your personal information by adhering to a range of cybersecurity measures.

Where personal information is no longer required, we take steps to de-identify or destroy the information in a secure manner.

Using our website

Some personal information may be collected whilst navigating through and interacting with the content of our websites. The electronic methods of collection we use include cookies, log files and web beacons. The information we collect by these electronic means is generally not stored for long – they are temporary records – and can include device-specific data or log data such as your IP address, device screen size, device type, browser information, referring domain, pages visited, the date and time website pages were visited, and geographic location (country only).

Cookies record information about your visit to our websites and it is used to improve your website experience, to serve you with relevant information and to manage your access to certain parts of our websites. You can choose if and how a cookie will be accepted by changing your browser settings; but please be aware that this may affect your access to some parts of our websites.

Web beacons help us better manage content on our websites by allowing us to understand usage patterns, fix issues, and improve the products and services offered to you on our websites. Log files contain information about the devices and browsers used to access our websites and help us to diagnose problems, analyse trends, administer the site or mobile application.

Complaints about privacy

If you have any privacy related questions or would like further information on our privacy and information handling practices or are concerned about how your personal information has been collected, used or disclosed and you wish to make a complaint, please contact us.

Mail PO Box 534, FLINDERS LANE VIC 8009

Phone 03 9097 6000

Email info@cranagegroup.com.au

Website www.cranagegroup.com.au

We will acknowledge receipt of a complaint within 1 business day, however, where this is not possible, acknowledgement will be made as soon as practicable. We will then investigate the complaint and respond to you within 30 days. Some complex matters may require an extension to thoroughly investigate the complaint and bring it to resolution. If additional time is required, we will advise you in writing.

If you are not fully satisfied with our response, you can contact an external body. In cases of privacy related complaints, this is generally the Office of the Australian Information Commissioner (OAIC).

The contact details for OAIC are:

Mail GPO box 5218 Sydney NSW 2001

Phone 1300 363 992

Email enquiries@oaic.gov.au

Online www.oaic.gov.au

You may also direct privacy complaints related to financial advice to the Australian Financial Complaints Authority (AFCA). The contact details for AFCA are:

Mail GPO Box 3, Melbourne, VIC 3001

Phone 1800 931 678 (free call)

Email info@afca.org.au

Online www.afca.org.au

About this Policy

Version 3.3 became effective on 18 June 2024. We may amend or update our Privacy Policy as required by law or as our business processes or technology changes.