Privacy Policy

Aviva Investors Privacy Policy outlines how the information we capture and store about individuals is handled responsibly and in accordance with the National Privacy Principles set out in the Privacy Act 1988 (Cth) ("Privacy Act").

Aviva Investors will:

  • only collect information that is necessary
  • be lawful, fair and not intrusive in the way we collect information
  • take reasonable steps to ensure that the individual is informed of who we are and how we use the information
  • collect the information directly from the individual (where practical)
  • take reasonable steps to ensure that the individual is informed if we have collected the information from a third party
  • only disclose information where it is consistent with the individuals expectations or is required in the public interest
  • take reasonable steps to ensure that information is accurate, complete and up to date
  • keep the information secure
  • make our Privacy Policy available to anyone who asks for it
  • be open about what kinds of information we hold
  • take all reasonable steps to correct any information that we establish is incorrect
  • not use identifiers that government agencies have assigned
  • take steps to ensure privacy if we supply personal information to third parties
  • only obtain highly sensitive information about an individual with that individual's consent, or if the collection is required by law.


Scope
This Policy does not apply to our treatment of employee records. Employee records are exempt from the operation of the Privacy Act if the organisation is, or has been, an employer of the individual in question and the act or practice is directly related to:

  • a current or former employment relationship between the employer and the individual; and
  • an employee record held by the organisation and relating to the individual.
  • This exemption does not cover contractors, sub contractors or prospective employees.


Objectives

  • To protect personal information about individuals from misuse.
  • To ensure Aviva Investors is not exposed to legal proceedings for any breach of privacy laws.
  • To be a responsible corporate citizen.


Definitions
Aviva Investors: also referred to as 'we', 'us' and Aviva Investors Australia Limited.


Investors: Individuals and staff.


Collection: An organisation collects personal information if it gathers, acquires or obtains information from any source, by any means, in circumstances where the individual is identified or is identifiable. It includes information:

  • that an organisation comes across by accident or has not asked for but nevertheless keeps
  • that an organisation receives directly from the individual
  • about an individual that an organisation receives from somebody else.


Consent: Free or informed agreement with what is being done or proposed; can be express or implied.


Disclosure: Making information available to others outside the organisation, including publication through any medium.


Sensitive information: Information about an individuals racial or ethnic origin, political opinions, membership of a political association, religious beliefs, philosophical beliefs, membership of professional or trade associations, membership of a trade union, sexual preferences or practices, criminal record or health information.


Personal information: Information or an opinion (including information or an opinion forming part of a database) whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.


Primary purpose: The dominant or fundamental reason for information being collected in a particular transaction.


Secondary purpose: Any purpose apart from the primary purpose.


Necessary: If an organisation cannot, in practice, effectively pursue a function or activity without collecting personal information, then that personal information would be regarded as necessary for that function or activity. Necessary should not be interpreted as a reason for collecting information on the off chance that it may be useful for a function or activity in the future.


Related purpose: Related purposes must have some connection to, and arise in the context of, the primary purpose of collection. This is a wider category than 'directly related purposes'.


Directly related purpose: A directly related purpose is one that has a strong connection with the primary purpose of collection. It is closely associated with the original purpose, even if it is not strictly necessary to achieve that purpose.


Key Privacy Policies
We are committed to protecting the privacy of all personal information we obtain. Our aim is to safeguard the security and privacy of individual’s personal information.


Collection of personal information
We will only collect personal information that is necessary for one or more of our functions or activities. When collecting this personal information, we will do so only by lawful and fair means and not in an unreasonably intrusive way. We may collect information about you from an application form or verbally if you call our Investor Services team or speak directly with our staff. We will only collect sensitive information about you with your consent.

When personal information is provided to us, we must inform the relevant person:

  • as to how the personal information will be used
  • as to whom the personal information may be passed
  • that he or she is able to gain access to that personal information.

Where it is reasonable and practicable to do so, we will only collect personal information from you directly and not from third parties. In many circumstances, however, this will not be practicable. If we collect personal information about you from a third party, we will take reasonable steps to ensure that you receive the information outlined above. This may involve us contacting you directly, or a third party informing you on our behalf.


Personal information we may hold
If you are our client, personal information that we may hold about you includes:

  • your name, age and contact details
  • account details such as investment option used and amounts transferred into and from your account
  • tax file number.

Personal information that we may hold about individuals who are not our clients includes but is not limited to:

  • information provided to us in job application forms and resumes, such as the applicant's name, age, contact details and employment history, and information recorded by us during the recruitment process
  • information provided to us about contractors and sub contractors, either by themselves or their employer, and information recorded by us during the course of their relationship with Aviva Investors
  • the names and contact details of advisers and other individuals who have a business relationship with Aviva Investors, and information recorded by us in order to establish and maintain that relationship.


Purpose and use of personal information
When dealing with clients, the main reason we collect personal information is to enable us to provide clients with the financial products and services that they have asked us to provide. By maintaining their relationship with us, members consent to any personal information we collect about them being used and disclosed in the following manner:

  • for our internal operations including accounting, risk management, record keeping, archiving, systems development and testing, staff training and compliance monitoring
  • to help us develop, establish and administer arrangements with other organisations in relation to the administration and use of the products and services that members have asked us to provide
  • to help us develop, identify and inform clients of enhancements to the products and services that they have asked us to provide (but not on the basis of any sensitive information we may hold)
  • for research in relation to financial products and services
  • where relevant, to enable a clients financial adviser and their staff to provide them with advice and ongoing service. The term 'financial adviser' means a member's current financial adviser (or any other selected financial adviser) or where their financial adviser transfers their register to another adviser, that adviser
  • in order to ensure that we comply with legislative and regulatory requirements, or for preventing or investigating crime or fraud.

We may also use and disclose personal information for the following additional purposes:

  • to help us develop, identify and inform you of other Aviva Investors financial products and services that may interest you (but not on the basis of any health or other sensitive information we may hold about you);
  • to help us develop, establish and administer arrangements with other organisations in relation to the administration and use of such other products and services; and
  • for marketing of our financial products and services

If a member does not wish to consent to their personal information being used for these additional purposes, they can write to us at: GPO Box 2007S, Melbourne, Victoria 3001.

We may disclose your personal information to other financial institutions and any person who carries out functions for us or to other organisations with whom we may have arrangements for

  • the purpose of promoting or marketing our respective financial products and services, including the following (who will be bound by appropriate confidentiality obligations):
  • a member's bank or other financial institutions, for any direct debits or credits
  • entities we use for mailing regular statements and reports, newsletters and other correspondence
  • other entities we may use for outsourcing the administration of the financial products and/or services we provide to members
  • auditors, consultants, legal or accounting firms, reinsurers and financial services industry bodies
  • regulatory bodies, government authorities and law enforcement bodies
  • third parties for the purpose of following up outstanding information in relation to a member's application
  • where relevant, a member's executor, administrator, trustee, guardian or attorney
  • other parties to whom we are authorised or required by law to disclose personal information.

If members do not provide the personal information we request, or do not consent to its use and disclosure as described above, this may affect our ability to provide the financial products and services we have been asked to provide.

Information we collect about individuals who are not clients will generally have very limited uses and disclosures. In these circumstances, our primary purpose for collecting information about you will depend on your relationship to us. Typically, these purposes include:

  • the facilitation of business relationships, such as those formed with advisers and their staff; and
  • recruitment.

We will only use or disclose your personal information for the primary purpose of collection or for a secondary purpose. In the case of advisers and their staff, personal information may be used and disclosed for the same primary and secondary purposes applying to personal information about our clients, to the extent they are relevant to advisers and their staff.

We usually will only disclose information about contractors, sub-contractors and prospective employees for these purposes to:

  • other organisations to whom we outsource one or more of our functions or activities
  • regulatory bodies, government authorities and law enforcement bodies as required.


Access to your personal information
Members may request access to their personal information that we, or an outsourced service provider, hold in relation to them. They can request access to their personal information by:

  • writing directly to us at GPO Box 2007S, Melbourne, Victoria, 3001 (Attention: Privacy Officer); or
  • calling our Investor Services team on 1800 671 849.

Where it is established that personal information in relation to the individual is not accurate, complete or up to- date, we will take all steps necessary to correct the personal information so that it is accurate, complete and up-to-date. We may charge you a fee for obtaining access to your personal information.


Data quality
We will take reasonable steps to make sure that personal information we collect, use or disclose is accurate, complete and up-to-date. It is the individual’s responsibility to advise us of any changes to their personal details to ensure we can keep our records accurate and up-to-date.


Data security
We employ appropriate technical security measures to protect your personal information and ensure that it is not accessed by unauthorised persons. Our security procedures also provide that we may request proof of identification before we will release personal information to you. We undergo periodic reviews of our security procedures to ensure that systems are secure and protected.

We have information technology policies and procedures covering the following matters:

  • physicalsecurity
  • computer and network security
  • secure communications
  • security in contracting out activities or functions
  • frequency of system reviews
  • destroying and de-identifying information

We have a responsibility to protect personal information. Consequently, only those persons who need to know are to be provided access to personal information. We must provide adequate protection for the personal information we hold, to stop unauthorised access and use of personal information.


Website
We make every reasonable effort to safeguard the privacy of all personal information provided to us. This statement provides information about our privacy practices for our website. You should periodically revisit this statement as it may change from time to time as we continue to develop the website.

If you visit our website to read, browse or download information, our systems will record your server address, the date and time of your visit, the pages viewed and any downloads made.

The information collected may be used to determine the use patterns of the website including the popularity of different pages. This information may be used by us to improve our website. The information may also be used for planning, product development, marketing and research purposes.


Outsourcing and contractual arrangements
All contractual arrangements with third parties impose appropriate privacy and confidentiality obligations on those third parties to ensure that personal information that we hold is kept secure and that we do not breach our obligations under the Privacy Act and this policy.


Enquiries / complaint resolution
You may contact us if you have any enquiries or complaints regarding the handling of your personal information. We have procedures in place to handle complaints received. Replies to most enquiries can be made over the phone or by return phone call within a short period of time.

Enquiries can generally be made by contacting our Investor Services team on 1800 671 849. Enquiries will generally be answered within 24 hours.

If you wish to make a complaint, you can do so by contacting our Investor Services team via telephone on 1800 671 849, email investorservices.au@avivainvestors.com or written letter (Aviva Investors Australia Limited,GPO Box 2007s, Melbourne, Victoria, 3001 Attention: Privacy Officer).

We will review the complaint and aim to resolve it within 45 days of receipt. Should a complaint not be resolved within the specified 45 days, or you are not satisfied with the resolution, you have the option of referring the complaint to the external complaints resolution scheme, the Financial Ombudsman Service (FOS). FOS can be contacted via telephone on 1300 78 08 08.


Privacy Training and Education
We have provided privacy training to ensure that all relevant staff are suitably trained about our obligations under the Privacy Act and our Privacy Policy.


Privacy Audit
The Privacy Officer may conduct privacy audits on a periodic basis to ensure compliance with the National Privacy Principles. Independent review of the Privacy framework will be provided by Internal Audit.


Compliance
All employees must comply with this Privacy Policy. Breaches will be treated seriously. Any proposed deviations from this Privacy Policy must be reviewed and approved by the Compliance Manager. This privacy policy may change from time to time.


Date: September 2008