PRIVACY POLICY

Mitchell Partners Pty Ltd ABN 37 312 808 205 (in this document referred to as “Mitchell Partners”, “we”, “us” and “our”) is committed to protecting the privacy of the personal information we collect from you and handling your personal information in a responsible manner.

The Privacy Act 1988 (Cth) (“Act”) and the Australian Privacy Principles (“APPs”) govern the manner in which Mitchell Partners handles your personal information.

This Policy explains how we collect, store, use and disclose your personal information, how you can access and seek correction of the information we hold about you and how we otherwise manage your personal information. This Policy also explains how you can make a complaint about any breach of the Act or APPs in relation to your personal information.

This Policy only applies to Mitchell Partners and we make no guarantees about the manner in which third parties handle your personal information. If you exit the Mitchell Partners website or are disclosing your personal information to an entity other than Mitchell Partners, you are no longer protected by this Policy.

Review of this Policy

This Policy will be reviewed and updated on a regular basis. Any updates to this Policy will be posted on our website, www.mitchell.com.au. Alternatively, a copy can be made available to you upon request by contacting us.  Please see the ‘Contact Us’ section of this Policy for our contact information.

COLLECTION OF PERSONAL INFORMATION

What personal information we collect

We collect and hold personal information about you that can identify you and is necessary and relevant to providing you with professional services that you are seeking. The kinds of information we typically collect includes:

  • Contact information such as your name and address, telephone numbers, email address and date of birth;
  • Financial information, including bank account details and credit card details;
  • Business details, including Australian Business Number;
  • Tax file number;
  • Shareholdings;
  • Details of investments; and
  • Other information we may be required by law to collect to perform our services or voluntarily provided by you.

Mitchell Partners’s website collects the following information from users:

  • Your server address;
  • Your top level domain name (for example, .com, .gov, .au etc);
  • The date and time of your visit to the site;
  • The pages you accessed;
  • The type of browser you are using or the type of mobile operating system you are using; and
  • Any other information you voluntarily provide through completing forms on our website.

Except as otherwise permitted by law, we only collect, use and disclose sensitive information about you if you consent to the collection, use and disclosure of the information and if the information is reasonably necessary for the performance of our functions and activities.

If Mitchell Partners receives any personal information which it has not solicited from an individual it will take such steps as are necessary to lawfully destroy or de-identify the information if Mitchell Partners cannot establish that it could otherwise have lawfully obtained the information.

How We Collect Personal Information

Wherever practicable, we will only collect information from you personally, for example when we deal with you in person or over the phone, when you send us details via correspondence or when you subscribe electronically to our publications or when you complete forms we have provided you (either via the website, online surveys, in person or via correspondence).

Sometimes it may be necessary to collect your personal information from a third party. An example of this could be when we collect personal information about you from your authorised or personal representative or from a publicly available record. We may also collect information about you from your use of our websites or through any registration process on our website. If you provide us with someone else’s personal information, you should only do so when you have their permission. You should also take reasonable steps to inform that person of the matters set out in this Policy.

There may, however, be some instances where personal information about you will be collected indirectly because it is unreasonable or impractical to collect personal information directly from you.  We will usually notify you about these instances in advance, or where that is not possible, as soon as reasonably practicable after the information has been collected.

USE, DISCLOSURE & PURPOSE

We collect, hold and disclose your personal information for the following purposes:

  • As a necessary part of providing services to you;
  • To assist you in managing your financial and corporate affairs, including dealing with your bank accounts with your instructions;
  • Organising other services on your behalf from third parties related to our services;
  • To comply with statutory and contractual obligations placed upon us;
  • To inform you of new services and offers (unless as directed otherwise);
  • To determine sections of interest on our website and to optimise your experience with the site;
  • To provide you with the opportunity to meet other people and attend seminars, conferences or other events in your type of business, or other area of expertise or interest;
  • To analyse our services and client needs with a view to improving those services;
  • For engagement of service providers, contractors or suppliers relating to the operation of our business; and
  • In the selection process for employment at Mitchell Partners; and
  • Other purposes related to any of the above.

If you do not want to receive marketing material from us, you can contact us to request your contact details be removed from our marketing list(s). Please see the ‘Contact Us’ section of this Policy for our contact information.

Generally, personal information is submitted through the website is used and disclosed for:

  • The purpose for which it is submitted (primary purpose); any secondary purpose related to the provision of our services;
  • Purposes where it can be reasonably inferred from the circumstances that you consent to your personal information being used (implied consent). For example, if you provide us with your personal information to subscribe to our newsletters, your consent will be implied for us to use and disclose your information to inform you of products and services that we believe may interest you. However, your implied consent for us to do this can be withdrawn at any time by telling us; and
  • Any purpose disclosed in this Privacy Policy, our Disclaimer, on the website or at the time of collection.

CONFIDENTIALITY OF YOUR PERSONAL INFORMATION

Mitchell Partners has a duty to keep your information confidential. Our duty of confidentiality applies except where we have consent to disclose your information, the disclosure is permitted under the Act, APPs or where it is compelled by law.

Mitchell Partners will only use your information for the purposes for which it was collected (“primary purposes”) or a purpose related to the primary purpose, if this use would be reasonably expected by you, or otherwise, with your consent.

Mitchell Partners may disclose your information to necessary third parties, who assist us to provide, manage and administer our services and products. In which case, your information will be dealt with in accordance with that entity’s privacy policy. No personal details are provided to any other individual or organisation, except with your consent.

People we may disclose your information to include:

  • Government and associated bodies for the purpose of statutory reporting on behalf of you or your business;
  • Banks and other financial organisations for the purpose of initiating financing for you; and
  • Other organisations to arrange services on your behalf.

QUALITY, ACCESS TO & CORRECTION OF INFORMATION

You are entitled to have access to and seek correction of any information that we may hold about you. We require that requests for access to or to update or correct your information to be in writing outlining the details of your request. Such requests should be addressed to the Privacy Officer via the details provided in this Policy in the ‘Contact Us’ section.

Mitchell Partners will take appropriate steps to verify your identity (or verify that you act as a legal guardian or authorised agent of the individual concerned) before granting a request to access your information.

We will respond to your request for access to your information within a reasonable time after you make the request and if access is granted, access will be provided within 30 days from your request. Mitchell Partners will, on request, provide you with access to your information or update or correct your information, unless the Act provides an exception to us granting your request, including if:

  • Giving access would be unlawful;
  • We are required or authorised by law or a court/tribunal order to deny access; or
  • Giving access is likely to prejudice one or more enforcement related activities conducted by an enforcement body.

Where your request for access is accepted, we will provide you with access to your information in a manner, as requested by you, providing it is reasonable to do so.

Your request for correction will be dealt with within 30 days, or such longer period as agreed by you. If we deny your request, we will provide you with a written notice detailing reasons for the refusal and the process for making a complaint about the refusal to grant your request.

Upon accepting a request for correction of your information, we will take all steps that are reasonable in the circumstances, having regard to the purpose for which your information is held, to correct your information.

We may charge a fee for providing information depending on the scope of information required and the resources involved. This fee will reflect the actual costs of providing information, depending on the complexity of each individual’s request.

YOUR CONSENT

By supplying, or having previously supplied, your information to us, you are agreeing to any or all of the uses outlined above. Where reasonable, we will also seek your consent verbally or in writing for use of your information for such uses in the interests of openness. Subject to the Act and APPs, should we want to use your personal information for other uses not related to the above, we will seek your consent to do this.

From time to time we may also use your personal information to communicate with you in regard to offers and promotions for our or related services. You are entitled to request that such communications cease at any time and we make provision in our materials for you to advise us of this.

STORAGE OF COLLECTED INFORMATION

We store your personal information in different ways, including in paper and electronic format. The security of your personal information is important to us. We take reasonable measures to ensure that your personal information is stored safely to protect it from misuse, loss, interference, unauthorised access, modification or disclosure. These measures include electronic and physical security measures, such as:

  • imposing confidentiality requirements on our employees;
  • implementing policies in relation to document storage security;
  • Securing our premises with an alarm;
  • implementing security measures to govern access to our systems including:
    • Placing passwords and varying access levels on databases to limit access and protect electronic information;
    • The use of firewalls, encryption, passwords and digital certificates;
    • Using 2 Factor Authentication wherever possible when accessing Office 365 and other online software such as Xero and MYOB;
  • Requiring our staff to be aware of the contents of this Policy and the relevant provisions under the Act and APPs which apply to us.

Personal information will be de-identified or destroyed when it is no longer required such that it cannot be re-identified at a later date.  The de-identification and destruction process will be in accordance with the APPs. Where practical, we keep personal information only for as long as required, for example to meet Australian Taxation Office record keeping or other legal requirements or our internal needs.

If we store your personal information using a cloud storage service, or are required to disclose personal information outside the jurisdiction from which it was collected we are required to take reasonable measures to ensure that your personal information is held, managed and accessed in accordance with the standards that apply in Australia.

Except to the extent that liability cannot be excluded due to the operation of statute, Mitchell Partners excludes all liability (including in negligence) for the consequences of any unauthorised access to, disclosure of, misuse of or loss or corruption of your personal information.  Nothing in this Privacy Policy restricts, excludes or modifies, or purports to restrict, exclude or modify any statutory rights which you may have under any applicable law including the Privacy Act 1988 (Cth) or the Competition and Consumer Act 2010 (Cth).

Website Cookies

If you access our website, we may collect additional information about you in the form of your IP address or domain name.

Our website uses ‘Cookies’. Cookies are small text files placed on your computer when you first visit the site and are used on some parts of our website. Most browsers now recognise when a cookie is offered and permit you to refuse or accept it. If you are not sure whether your browser has this capability, you should check with the software manufacturer, your company’s IT help desk or your Internet service provider. We sometimes use cookies to analyse statistical data such as the date and time that you accessed the site and the internet address of the site that linked you to our site. We do not and are not able to use cookies to gain personal information.

Our website may contain links to other websites. We are not responsible for the privacy practices of linked websites and any linked websites are not subject to our Privacy Policy and related procedures. Before disclosing information on any other website you should examine the terms and conditions and privacy policy of that organisation.

NOTIFIABLE DATA BREACH SCHEME

The Australian Government’s Office of the Australian Information Commissioner (OAIC) is responsible for privacy functions that are conferred by the Privacy Act 1988. The passage of the Privacy Amendment (Notifiable Data Breaches) Act 2017 established the Notifiable Data Breaches (NDB) scheme in Australia. The NDB scheme applies to all agencies and organisations with existing personal information security obligations under the Privacy Act 1988 from 22 February 2018.

The NDB scheme introduced an obligation to notify individuals whose personal information is involved in a data breach that is likely to result in serious harm. This notification must include recommendations about the steps individuals should take in response to the breach. The Australian Information Commissioner (Commissioner) must also be notified of eligible data breaches.

Mitchell Partners has observed the requirements of the NDB scheme by:

  • Documenting a Privacy Program (why, what, how, who, when).
  • Appointing a Privacy Officer.
  • Ensure all Information Collection Forms, such as client on boarding forms, include a link or refer to our Privacy Policy.
  • Ensure all direct marketing communications set out clear ‘’opt out’’ provisions.
  • Review your Privacy Policy to ensure it reflects your approach to managing personal information, including your use of technology to collect or hold personal information.
  • Create a Data Breach Response Plan to document how your will respond to a Notifiable Data Breach.
  • Train our staff on privacy issues.
  • Establish practices, systems and procedures to ensure your organisation’s ongoing compliance with your privacy obligations through a Compliance Program.
  • Establish practices, systems and procedures to ensure that your Privacy Program is being effectively monitored and regularly reviewed.

COMPLAINTS & FEEDBACK

If you have a complaint about a breach of the Privacy Act, Australian Privacy Principles or a privacy code that applies to us, we ask that you contact us in writing using the details set out below in the ‘Contact Us’ section of this Policy.

Upon receipt of a written complaint we take reasonable steps to investigate the complaint and respond to you in accordance with our complaints handling procedures. If you are dissatisfied with our response you may complain directly to the Australian Information Commissioner. If you have a complaint about the privacy of your personal information, we ask that you contact us in writing.

Contact us

If you wish to:

  • Gain access to your information;
  • Make a complaint about a breach of your privacy;
  • Contact us with a query about how your information is collected or used;
  • Contact us regarding any other matter concerning this Policy,

Please contact our Privacy Officer via one of the below methods and they will deal with your request:

In writing

Mitchell Partners

Attention: Privacy Officer

Private Bag No. 6

Surrey Hills VIC 3127

Via Telephone

(03) 9895 9333

Email

admin@mitchell.com.au

More information

For more information about privacy in general, you can visit the Australian Information Commissioner’s website at www.oaic.gov.au

This policy was last updated on 31 May 2019