Privacy Statement

Privacy Statement

Protecting our clients’ privacy is very important to us. The Privacy Act 1988 (Cth) requires that we handle your personal information in accordance with a set of national principles, known as the Australian Privacy Principles (APPs), which regulate the collection, use, correction, disclosure and transfer of personal information about individuals by organisations in the private sector. This Policy outlines our approach to the APPs and our policies and practices for managing your personal information.

Roles, Responsibilities and Policy Governance

The Provenance Financial Services Pty Ltd Board is ultimately responsible for overseeing this Policy. The Privacy Officer is responsible for managing the business impacts of privacy laws within Provenance Financial Services Pty Ltd and for updating this Policy as needed.

This Policy is reviewed and updated at least annually or earlier where required. The most current version is available on our website or by contacting us directly.

Further Information and Feedback

You can contact our Privacy Officer by:

• Phone: 1300 781 396
• Email: [email protected]
• Mail: Privacy Officer Provenance Advice Pty Ltd L10, 320 Adelaide Street Brisbane QLD 4000

Members of our Group

The Provenance Group includes:

• Provenance Financial Services Pty Ltd ABN 62 664 153 075 (AFSL No. 545056), which provides financial planning advice to retail and wholesale clients, and
• Our Corporate Authorised Representatives and Authorised Representatives.

Under the Privacy Act, members of the group that collect personal information may disclose it to other members of the group where relevant and appropriate. The list of Authorised Representatives may change over time and is available at www.ASIC.gov.au.

General Obligations

What information do we collect?

We collect and hold personal information for purposes such as:

• Providing advice, products and services to you,
• Managing and administering your accounts,
• Verifying your identity, and
• Informing you about other products or services.

Personal information may include:

• Contact details: name, address, phone, email
• Personal details: date of birth, financial objectives, health and medical history
• Employment and income information
• Estate planning and dependent details
• Residency and Tax File Number (TFN)

This information may be collected through forms, direct communication, or third parties such as your accountant or solicitor.

What if you do not give us the information we request?

While you are not obligated to provide information, not doing so may:

• Prevent us from providing you with financial advice or services
• Delay applications or claims
• Impact your eligibility for insurance or tax benefits

Prevent us from contacting you or complying with legislation such as the Corporations Act 2001 or FASEA obligations.

Use of Information

We use your personal information for the purpose it was collected and related purposes, including:

• Providing financial advice and service
• Establishing and managing your superannuation and investment accounts
• Assisting with Centrelink or aged care planning
• Insurance applications and claims
• Performance reporting and client communications

We will not use your government-issued identifiers as our own but may retain them on file with your consent.

Disclosure

We may share your personal information with:

• Your adviser or appointed professional representatives
• Organisations that manage or support the delivery of our services (e.g., software providers, insurers, fund managers)
• Auditors, compliance consultants, and dispute resolution bodies
• Government agencies such as ASIC or the ATO where legally required
• Entities involved in business transfers (e.g., if we sell or acquire a client base)

We take care to ensure that any recipient upholds confidentiality and privacy standards as required under the APPs.

Will your information be disclosed overseas?

While unlikely, we may use third-party service providers or outsourcing arrangements that involve offshore data storage or processing. In such cases, we ensure reasonable steps are taken to protect your personal information consistent with Australian privacy law.

Access and Correction

You may request access to your personal information or request corrections if you believe the data is:

• Inaccurate
• Incomplete
• Outdated
• Irrelevant or misleading

We may charge a fee to cover administration costs. In some instances, access may be denied, but we will inform you of the reason. If we deny a correction request, we will provide a written explanation.

Please contact your adviser or the Privacy Officer to make such requests.

Protecting Your Information

We implement physical, electronic, and administrative safeguards, including:

• Role-based access control
• Secure file storage and cloud systems
• Staff training in privacy obligations
• Regular data backup and cyber audits

If you use our secure websites, you are responsible for maintaining the confidentiality of your login credentials.

Use of Internet and Cookies

Our website may use cookies and analytics to personalise content and monitor activity. You can adjust cookie preferences in your browser settings. Declining cookies may limit website functionality.

If you contact us by email, we may retain your message and contact details for future reference.

Data Retention

We retain certain records for legally mandated periods. When no longer required, personal information is securely destroyed or de-identified.

European Union General Data Protection Regulation (GDPR)

If you are a resident of the EU, Norway, Iceland or Lichtenstein, you have additional rights including to:

• Have your personal data erased
• Access your personal data in a portable format

Object to or restrict processing under certain conditions.

Complaints and Breaches

If you believe we have breached the APPs or mishandled your personal information, you may:

1. Lodge a complaint with our Privacy Officer (response expected within 30 days)
2. If unresolved, escalate to the Office of the Australian Information Commissioner (OAIC) via oaic.gov.au

If you are a resident of the EU, you may contact your local regulator for GDPR concerns.

We are also committed to complying with the Notifiable Data Breaches (NDB) Scheme. If a data breach occurs that is likely to result in serious harm, we will notify you and the OAIC.