Print this page Privacy Policy

The purpose of this policy is to set out MAP Fund Management Ltd’s approach to the handling of personal information about members or any other individuals about whom MAP may retain information.

Government legislation on privacy (Privacy Amendment (Private Sector) Act 2000) sets out 10 National Privacy Principles (NPPs) that define minimum standards on how a private organisation must handle personal information. MAP supports and adopts these principles.
MAP is also considered to be a reporting entity for the purposes of the Anti-Money Laundering and Counter-Terrorism Act (AML/CTF Act) which has implications within the Privacy Act.

Each of the NPPs together with MAP policy is set out below.

Privacy Officer

MAP’s Chief Financial Officer (CFO) is MAP’s nominated Privacy Officer. Privacy issues, complaints or contentious requests for private information should be referred to the CFO. MAP’s AML Officer is MAP’s Office Manager, and this position is responsible for reporting to AUSTRAC.

Staff Issues

All MAP staff are required, as a condition of employment, to sign a confidentiality agreement.

Privacy Disclosure

Where individuals supply MAP with personal information, MAP will advise them of the following privacy statement:

Privacy Policy - The information you are providing in this form is subject to the Privacy Amendment (Private Sector) Act 2000. The Act sets out principles for dealing with personal information which includes standards for collection, accuracy and use of information and for disclosure required by the Australian Tax Office as well as your right to access your personal information which we hold. MAP has developed polices for complying with this legislation which you may view on request. MAP is also a reporting entity under the AML/CTF Act.

Staff Training

Existing and new staff should be made aware of MAP’s policies on privacy of personal information through appropriate training.

NPP1 - Collection

An organisation must only collect personal information:

  • necessary for its function or activities;
  • fairly, lawfully and not in an unreasonably intrusive way;
  • wherever reasonable and practicable, directly from the relevant individual;
  • if reasonable steps are taken to notify the individual of:
  • the identity of the organisation and how to contact it;
    the fact that the individual may gain access to the information collected;
    the purposes for which the information is collected;
    the organisation, or the types of organisations, to which the organisation usually discloses the information;
    any law that requires the information to be collected; and
    the main consequences for the individual if the information is not provided.

Under the AML/CTF requirements, MAP must collect information related to the ‘Know Your Customer’ requirements for the particular transaction being undertaken.

As part of its compliance program, MAP will conduct regular “privacy audits”. The results of these audits are to be presented to the FARM committee for appropriate action.

MAP only collects personal information under the following conditions:

· MAP is identified as the collecting organisation and MAP contact details are disclosed;
· the individual is made aware of his/her right to gain access to the information collected;
· the purposes for which the information is collected is clear;
· the individual is informed of information which may be disclosed to another organisation, except for the provisions of the AML/CTF Act which prevent this;
· the individual is informed of any law that requires the information to be collected; and
· the individual is informed of the main consequences for the individual if the information is not provided.

All MAP information collection forms are designed to comply with these conditions.

NPP2 - Use and disclosure 

An organisation must only use or disclose personal information:

  • in ways that the individual would expect;
  • in ways that the individual has consented to; 
  • for direct marketing where:
    the information is not sensitive (for example, information about political beliefs, sexual preferences and health information);
    it is impractical to seek the individual’s consent beforehand;
    no charge will be made for a request not to receive direct marketing communications;
    the individual has not made a request to the organisation not to receive direct marketing communications;
    the organisation gives the individual the express opportunity not to receive direct marketing communications; and
  •  in ways that are required by the public interest (for example, law enforcement and public health and safety). 

At all times, personal information is treated as confidential and any sensitive information is treated as highly confidential.

MAP will disclose member information to persons or organisations other than the member in the following circumstances only:

  • MAP Australian Equity Fund income information and super contribution information forwarded to the ATO as required by law.
  • Information is disclosed to member’s accountants, financial advisers, insurers etc where member authority has been received.
  • Information is provided to AUSTRAC as required under the AML/CTF Act.

We will only collect, maintain and use Personal Information if it is necessary for us to adequately provide to you the services which have been requested by you. These services may include preparation and further review of financial advice and processing of transactions.

MAP will only use personal information for direct marketing under the following conditions:

  • the information is not sensitive ;
  • it is impractical to seek the individual’s consent beforehand;
  • no charge will be made for a request not to receive direct marketing communications;
  • the individual has not made such a request;
  • MAP gives the individual the express opportunity not to receive direct marketing communications

We may disclose your personal information to external contractors such as auditors and paraplanners. It is a condition of our agreement with each of our external contractors that they adopt and adhere to appropriate privacy principles. 

NPP3-Data Quality

An organisation must take reasonable steps to ensure the personal information it collects, uses or discloses is accurate, complete and up to date.

Individuals on whom MAP holds information are made aware of that information through regular communications.

Virtually all of the data held on members is communicated to them on regular statements. Standard wording on the back of all statements invites members to contact us regarding any inaccuracies. The newsletter mailing list is constantly updated based on calls requesting that a non-member be deleted, calls about changed addresses or return to sender mail.

Where MAP staff are made aware of incorrect information by an individual, they are responsible for arranging for correction of the information after appropriate checks on accuracy.

NPP4 – Data Security 

An organisation must take reasonable steps to:

  • ensure the personal information it holds is kept secure and protected from misuse, and unauthorised access, modification or disclosure; and
  • destroy, or permanently de-identify, personal information which is no longer required. 

Electronic data is stored on MAP’s file server which is password protected and installed in a locked cabinet. In some cases, data is stored on third party computer systems. In such cases, MAP obtains appropriate assurances from the owners of those systems regarding data security and confidentiality.

Paper records on members are stored in a filing room within MAP’s office that is locked nightly. Office doors of the managing director (MD), CFO and financial planners are lockable. Financial planners doors are locked nightly and the MD and CFO’s offices are locked as appropriate.

Except where required for client appointments, client data is not to be removed from the office in either paper or electronic form. Copies of client data should be stored on laptop and desktop computers only on rare occasions for temporary purposes. They should be copied back to the file server and deleted from the laptop. Except where files are being currently worked on, client files are to be stored in the filing room. MAP also provides physical security for its computers, network and voice systems.

Staff are only to look at papers and materials relating to clients when it is necessary to carry out their job.

In the event that a person ceases to be a client of MAP, any personal information that we hold will be maintained for a period of at least 7 years in order to comply with legislative and professional requirements. When personal information is no longer needed, MAP will ensure that the information is securely destroyed, or it will be de-identified.

NPP5 - Openness 

An organisation must have a policy outlining its information handling practices and make this available upon request.

MAP’s policy is that:

  • All client information is confidential.
  • All client information (copies of correspondence, diary notes of telephone calls, etc) which is filed in paper files are stored in a filing room which is locked nightly.
  • All client phone calls are logged on MAP’s computerised member database.
  • Client information is not released except in circumstances as set out in this policy.

NPP6 - Access and correction 

An organisation must, subject to certain restrictions, provide individuals with access to personal information held about them upon request, and take reasonable steps to correct that information if it is shown that it is inaccurate, incomplete, or out of date.

MAP policy is that individuals on whom it holds information are entitled to access any personal information held. The Privacy Act specifies certain exemptions. Information that is inaccurate, incomplete or out of date will be corrected where appropriate. In the event that clients become aware, or believe, that any personal information that MAP holds about them is inaccurate, incomplete or out of date, they may contact MAP to seek correction.

If an individual is denied access to certain information by MAP, as a reporting entity under the AML/CTF requirements, MAP needs to explain why it is doing so.

NPP7 - Identifiers 

An organisation must not use, or disclose, identifiers that government agencies have assigned to individuals, such as tax file numbers, except in limited circumstances.

The only personal government identifiers held by MAP are Tax File Numbers (TFNs). Privacy requirements in relation to TFNs existed prior to the introduction of the Privacy Act and MAP already complied with these. TFNs are held within the member database and on client files, but access to them is limited to staff members designated as members of the admin section. MAP has a statutory obligation to hold TFNs for:

  • super fund members for surcharge reporting to ATO.
  • AEF members for distribution reporting to ATO.

TFNs will not be released externally by MAP except where authorised by the individual in writing or required by law.

NPP8 - Anonymity 

An organisation must wherever it is lawful and practicable, give individuals the option of not identifying themselves.

It is not practical for MAP to do business with individuals who are unwilling to identify themselves.

NPP9 - Transborder dataflow 

An organisation must only transfer personal information to a recipient in a foreign country, if:

  • the recipient is subject to a law, binding scheme or contract substantially similar to the NPPs;
  • the individual has consented to the transfer;
  • the transfer is necessary for the performance of a contract between the individual and the organisation;
  • the transfer is necessary for the conclusion, or performance, of a contract in the interest of the individual;
  • the transfer is for the benefit of the individual, whose consent is impracticable to obtain, but likely to be given; or
  • the organisation has taken reasonable steps to ensure that the information transferred will not be used inconsistently with the NPPs. 

MAP is very rarely involved in international dataflow where a member transfers funds to/from an overseas fund manager. In such cases, the transaction always complies with NPP 2 (individual has consented to transfer).

There are no other instances where MAP transfers personal information internationally.

NPP10 - Sensitive information 

An organisation must not collect information, or an opinion, about an individual’s:

  • racial or ethnic origin;
  • political opinions;
  • religious, or philosophical beliefs;
  • political, or religious affiliations;
  • membership of a trade union, or professional association;
  • sexual preferences, or practices;
  • criminal record;
  • · health;
    unless:
    · the individual has consented;
    · the collection is required by law, or for other public interest purposes (such as law enforcement and public health and safety); or other specified circumstances apply 

MAP will not collect sensitive information, or an opinion, about an individual unless

  • the individual has consented;
  • the collection is required by law, or for other public interest purposes.

Where sensitive information is collected, MAP will store this information securely to guard against improper use or disclosure.

Privacy Complaints

Complaints and Complaints Resolution

MAP has in place a complaints handling process with both internal and external resolution components. These procedures are designed to meet the Australian Standard (AS ISO 10002) guidelines on complaint handling. When a complaint is received, clients are first taken through our internal resolution procedures, and only if then it is not resolved, is the external resolution process required.

External Complaints Resolution Procedures

Clients are referred to Privacy Commissioner when a complaint is not resolved within the prescribed timeframe or to the client's satisfaction.