What is Personal Information?
Personal Information is information or an opinion that identifies an individual.
Examples of Personal Information we collect include names, addresses, email addresses, phone and facsimile numbers. This Personal Information is obtained in many ways including correspondence, by telephone and facsimile, by email, via our website and from third parties.
Why does Yieldbroker collect Personal Information?
As a market operator, Yieldbroker has certain statutory obligations imposed on it under the Corporations Act. We collect your Personal Information for the primary purpose of providing our services to you and for providing information to our clients. We may also use your Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure.
What is Sensitive Information?
Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.
Sensitive information will be used by us only:
- For the primary purpose for which it was obtained;
- For a secondary purpose that is directly related to the primary purpose;
- With your consent; or where required or authorised by law.
How does Yieldbroker collect Personal Information?
The type of Personal Information Yieldbroker collects may include names, addresses, contact details, occupations and any other information required to meet contractual obligations and statutory obligations as a market operator.
Personal Information is collected in a variety of ways, including by way of personal contact such as business activities and events, as well as mail, telephone, email and internet.
We may collect Personal Information about:
- Candidates for employment;
- Potential new Participants;
- Third parties seeking services; and
- Other people who come into contact in the ordinary course of business.
How does Yieldbroker use and disclose Personal Information?
Yieldbroker may use or disclose Personal Information for the following purposes:
- To enable it to discharge its statutory obligations;
- To enable it to discharge its contractual obligations when providing services to third parties;
- To enable the resolution of a concern or complaint; and
- To provide services.
Yieldbroker will use your Personal Information for the purpose for which you have provided it. We will not disclose your Personal Information to third parties, unless you consent or in other circumstances where such disclosure is required or authorised by law.
Does Yieldbroker transfer Personal Information overseas?
Yieldbroker does not generally transfer personal information to overseas parties unless required by law or enforcement activity or unless working with international service providers.
How does Yieldbroker secure your Personal Information?
Your Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorized access, modification or disclosure.
Yieldbroker has implemented a number of security measures to protect Personal Information, which includes:
- The protection of IT systems according to criticality and requirements for confidentiality, integrity and availability;
- The establishment of security controls of IT systems, including system access to information and resources necessary for its legitimate purpose;
- Regular monitoring and testing programs established to ensure ongoing effectiveness of IT security measures.
How to access your Personal Information?
Australian Privacy Principle 12 and 13 provides you with the right to access the Personal Information we hold about you and to update and/or correct it, subject to certain exceptions.
Where a request for access is made, Yieldbroker will review the request and respond within a reasonable period after the request is made. Where Yieldbroker cannot give access to Personal Information, including in the manner requested by you, Yieldbroker will provide you with a written notice that sets out:
- The reasons for the refusal except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so; and
- The mechanisms available to complain about the refusal; and
- Any other matter prescribed by the regulations.
Where a request for a correction is made, Yieldbroker will take reasonable steps to correct the Personal Information to ensure that the information is accurate, up to date, complete and relevant.
If you wish to access or seek a correction to your Personal Information, please make out your request to us in writing at the contact details provided below.
Eligible Data Breaches
Commencing February 2018, the Privacy Act includes a Notifiable Data Breaches (“NDB”) scheme which requires entities to notify individuals and the OAIC about ‘eligible data breaches’. An eligible data breach occurs when the following criteria are met:
- There is unauthorised access to or disclosure of personal information held by an entity (or information is lost in circumstances where unauthorised access or disclosure is likely to occur).
- This is likely to result in serious harm to any of the individuals to whom the information relates.
- The entity has been unable to prevent the likely risk of serious harm with remedial action.
A data breach occurs when personal information that Yieldbroker holds is subject to unauthorised access or disclosure or is lost.
Examples of data breaches include:
- Loss or theft of physical devices (such as laptops and storage devices) or paper records that contain personal information
- Unauthorised access to personal information by an employee
- Inadvertent disclosure of personal information due to ‘human error’, for example an email sent to the wrong person
- Disclosure of an individual’s personal information to a scammer, as a result of inadequate identity verification procedures.
Examples of harm include:
- Identity theft causing financial loss or emotional and psychological harm
- Physical harm or intimidation
If Yieldbroker believes there has been a data breach that impacts your personal information and creates a likely risk of serious harm, Yieldbroker will notify you and the OAIC as soon as practicable and keep in close contact with you about the nature of the breach, the steps we are taking and what you can do to reduce the impacts to your privacy.
All complaints are recorded and investigated by Yieldbroker, and will be handled fairly, consistently and promptly. This includes prompt action to rectify system or control weaknesses that are highlighted by the complaint.
Staff responsible for dealing with complaints will also be independent of the subjects of the complaints.
Under the Privacy Act you may complain to the Office of the Australian Information Commissioner (OAIC) about the way we handle your personal information. Please note the OAIC requires any complaint must first be made to the respondent organisation. The law also allows 30 days for the respondent organisation to deal with the complaint before a person may make a complaint to the OAIC.
The Commissioner can be contacted at:
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Phone: 1300 363 992
Yieldbroker Help Desk
Yieldbroker Pty Limited
Level 6, 14 Martin Place
Sydney, NSW 2000
Telephone and fax:
Tel: +61 2 9994 2890
Fax: +61 2 9994 2895