Privacy Policy
Purpose of the Policy
True Oak Investments Pty Ltd (True Oak, we, us, our) is committed to protecting the privacy of personal information obtained through our operation as a professional services firm. We adhere to the Australian Privacy Principles (APPs) established by the Privacy Act 1988 (Cth).
True Oak provides an AFS Licensee for hire service, which allows Australian businesses to operate using the financial services authorisations under the True Oak AFS Licence. True Oak also provide a Trustee for Hire service to Australian businesses seeking an appropriate structure to raise funds from wholesale investors. In situations where our CAR clients and Trustee Services clients offer individuals access to financial services or products, which require them to collect, use and retain personal information, the personal information of these individuals is protected under the CAR or Trustee Services client’s own Privacy Policy.
The 13 APPs apply to personal information, that is, information or an opinion (whether true or not) relating to an identified individual, or which can be used to reasonably identify that individual. Please note that information about companies is not personal information. However, the APPs do apply to an individual who is carrying on a business as a sole trader. Nevertheless, True Oak seeks to ensure that as an organisation, it complies with the APPs to the extent relevant and appropriate.
Collection of Personal Information
We may collect personal information in a variety of ways, including via in person and electronic communication, when our website is accessed, via our mailing list, via our LinkedIn page, and via event registrations.
In limited circumstances, we may collect or receive personal information from third parties, including legal advisers, service providers (i.e. administrator, custodian, and/or an outgoing trustee or AFS Licensee) and identification verification services. If we do, we will, whenever reasonably possible, make you aware that we have done this and why, and we will protect this information as set out in this Policy.
It is very unlikely that we will collect sensitive information. We will only collect sensitive information if it’s required to provide a service and where we are permitted or required by law to do so. Sensitive information will only be used for the purpose for which it was provided.
In the event we collect personal information in circumstances where we have not requested or solicited that information (known as unsolicited information), and it is determined by us (in our absolute discretion) that the personal information is not required, we will destroy the information or ensure that the information is de-identified.
If you choose not to provide any personal information that we request, we might not be able to provide you with information about, or access to, the services we offer.
Security of Personal Information
We are committed to ensuring that the personal information provided to us is secure. To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure personal information and protect it from misuse, interference, loss, and unauthorised access, modification, or disclosure.
All personal information is stored electronically on secure systems provided by cloud service providers. Access to these systems is restricted and controlled via passwords, encryption, and firewalls in line with Australian information security standards. We do not store personal information in hardcopy form.
Access to personal information is limited to those individuals or entities who require the information to perform a specific task or function.
Personal information is only retained for as long as necessary to fulfil the purpose/s for which it was collected unless we are required to retain the information for a certain time period under an Australian law or court or tribunal order. Once no longer required, we take such steps as are reasonable in the circumstances to destroy or permanently de-identify personal information.
Please note, the transmission and exchange of information electronically is carried out at your own risk. Although we take measures to safeguard against the unauthorised disclosure of information transmitted electronically, we cannot guarantee the security of any information that you transmit to us, or receive from us, electronically.
Use of Personal Information
Personal information is generally used to perform administrative and operational functions associated with providing access to our services and to comply with our legal obligations.
We may also use personal information to generate awareness about new and additional services and opportunities we make available to clients from time to time, and to improve our products and services by gaining a better understanding of our clients’ needs. If at any time you do not wish to receive any direct marketing communications, you may ask us not to send those to you.
Disclosure of Personal Information
Personal information may be disclosed to our employees, officers, sub-contractors, service providers, insurers, and professional advisers insofar as is reasonably necessary for us to be able to provide our services.
We may from time to time need to disclose personal information to comply with a legal requirement, such as a law, regulation, court order, subpoena, or warrant, during a legal proceeding, or in response to a law enforcement agency request.
We do not sell, rent, or trade personal information to or with third parties for marketing purposes.
It is unlikely that personal information will be disclosed to overseas recipients. Our data storage facilities and other IT infrastructure is retained within Australia.
If there is a change of control in our business, or a sale or transfer of business assets, we reserve the right to transfer, to the extent permissible at law, our client databases, together with any personal information and non-personal information contained in those databases. This information may be disclosed to a potential purchaser under an agreement to maintain confidentiality. We would seek to only disclose information in good faith and where required by any of the above circumstances.
By providing us with personal information, consent to the terms of this Privacy Policy and the types of disclosure covered by this Policy is implied. Where we disclose personal information to third parties, we will take reasonable steps to ensure that the recipient will handle the personal information in a manner consistent with the APPs.
Access to Personal Information
Information about the personal information that we hold may be requested in accordance with the relevant provisions of the Privacy Act 1988 (Cth).
Please email us at hello@trueoakinvestments.com.au to request a copy of the personal information which we hold about you, or to request an update to the personal information that we hold about you if you believe some or all of the information may be inaccurate, out of date, incomplete, irrelevant, or misleading.
We reserve our right to refuse a request for access to, or correction or deletion of, personal information if, for example, we consider the request to be frivolous or vexatious, or if we are legally entitled to do so. If we refuse a request, we will endeavour to give our reasons in writing and information about how to make a complaint about the refusal.
Contacting Us about Personal Information
We must be certain of the identity of the person contacting us before we can discuss specific account details. This ensures that we can protect personal information by only giving it to the person who is belongs to, or someone who can prove that they are lawfully authorised to act on that person’s behalf.
General enquiries that do not involve discussing personal information, can be dealt with without requiring the identification of the enquirer.
Website
On visiting our website, we may collect certain information such as browser type, operating system, website visited immediately before coming to our site, etc. This information is used in an aggregated manner to analyse how people use our site, so that we can improve our service.
We may from time to time use cookies on our website. Cookies are very small files which a website uses to identify a person coming back to the site and to store details about a person’s use of the site. Cookies are not malicious programs that access or damage a computer. Most web browsers automatically accept cookies however cookies can be rejected by changing the browser settings.
Our website may from time to time use cookies to analyse website traffic and help us provide a better website visitor experience. In addition, cookies may be used to serve relevant ads to website visitors through third party services such as Google Adwords. These ads may appear on our website or other websites you visit.
Our website may from time to time have links to other websites not owned or controlled by us. These links are meant for your convenience only. Links to third party websites do not constitute sponsorship, or endorsement, or approval of these websites. We are not responsible for the privacy practices of other such websites. We encourage our users to be aware, when they leave our website, to read the privacy statements of each website that collects personal identifiable information.
Social Networking Platforms
Whilst we may use social networking platforms, such as LinkedIn, for communications, we will never request for personal information to be supplied publicly over these platforms.
Any personal information contributed to the publicly accessible sections of social media applications can be read, collected, and used by other users of the application. We have little or no control over these other users and cannot guarantee that any information that is contributed to any social media applications will be handled in accordance with our privacy standards.
Data Breaches
We are required by the Privacy Act 1988 (Cth) to notify the individual/s impacted, and the Office of the Australian Information Commissioner (OAIC), in the event of an eligible data breach occurring. For example, if a database containing personal information is hacked or personal information is mistakenly provided to the wrong person, and we have not been able to prevent the likelihood of serious harm to because of the breach.
Our notification will be sent as soon as practicable and will contain a description of the data breach, the kinds of information concerned, the steps we have or will take to rectify the data breach and recommendations about the steps that the impacted individual/s should take in response to the data breach.
Complaints about Privacy
Complaints about our privacy practices can be sent via email to hello@trueoakinvestments.com.au.
We’ll acknowledge the complaint within one business day of its receipt and aim to resolve the complaint within five business days.
If we’re unable to resolve the complaint within five business days, we’ll consider and provide a response to the complaint with 30 calendar days of its receipt.
Dissatisfaction with our response, or the failure to receive a response within the required timeframe, may be reasons why the complaint can be referred to the Australian Financial Complaints Authority (AFCA), an independent dispute resolution service established by the Government.
AFCA's contact details are:
Australian Financial Complaints Authority
GPO Box 3 MELBOURNE VIC 3001
Phone: 1800 931 678
Email: info@afca.org.au
Website: www.afca.org.au
Time limits may apply; please consult the AFCA website for more information. Complainants are encouraged to pursue internal dispute resolution before making a complaint to AFCA.
More Information about Privacy Rights
For more information, please contact the Office of the Australian Information Commissioner (OAIC).
Attention: Director of Compliance (Investigations)
GPO Box 5218 Sydney NSW 2001
Phone: 1300 363 992
Email: enquiries@oaic.gov.au
Changes to Our Policy
By using our website, or engaging us to provide you with services, you acknowledge and agree that you give the consents given by you in this Policy and have been informed of all the matters in this Policy.
We may revise or update this Policy at any time, in our sole discretion, by posting it on our website. The current version at the time personal information is collected or used is the version that will apply. Please check back from time to time to review our Privacy Policy.