PRIVACY POLICY

AGCROWD PTY LTD
ACN 620 434 988: AFSL 511673
Our Commitment to Privacy

AgCrowd Pty Ltd ACN 620 434 988 (Agcrowd, Us or We) is committed to protecting and securing the privacy and confidentiality of our client’s personal information.

Our Privacy Policy (Policy) explains how AgCrowd uses, collects, stores, protects and discloses personal information that you provide to us when you use this website or mobile application. Our privacy principles embody the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Privacy Act) (amended by the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth)), and to the extent applicable, the EU General Data Protection Regulation (GDPR). Our Policy also explains how an individual may seek to access or correct their personal information or make a privacy complaint. For the purposes of GDPR this policy also explains how we process ‘personal data’.

The privacy of your personal information is of upmost importance to us. Our Policy should be read in conjunction with the Terms & Conditions that apply to the use of our website at www.agcrowd.com.au (Website). By accessing and using our Website, and/or using our services, you consent to the use, collection, disclosure and storage of your personal information in accordance with this Privacy Policy. If you choose not to provide the personal information when we ask for it, you may not be able to fully utilise the Website or our services.

We also comply with the Spam Act 2003 (Cth), which deals with restrictions on sending emails. We do not and will never spam you!

Introduction

The Privacy Act requires that we handle your personal information in accordance with a set of national principles, known as the APPs, which regulate the collection, use, correction, disclosure and transfer of personal information about individuals by organisations like us in the private sector.

We are required under various legislation and codes of practice to collect certain information about you in order to provide our range of services. These include, but are not limited to, Federal legislation such as the Corporations Act, Financial Transactions Reports Act, Anti-Money Laundering and Counter Terrorism Financing Act, Income Tax Assessment Act as well as certain regulations issued by the Australian Securities and Investments Commission (ASIC), our corporate regulator. In addition, our ability to provide you with comprehensive and quality services is reliant on us obtaining certain information about you.

Information we may collect from you

We may collect the following personal information about you when you register to use the Website and our services;

  • Your name, email address, residential address, contact telephone numbers, date of birth and password;
  • Financial information, such as your bank account number;
  • Specific documents to verify your identity and other personal details;
  • Details to qualify you as a “retail client” as that term is defined in the Corporations Act 2001 (Cth);
  • Details regarding your trust or self-managed super fund details and beneficiaries;
  • Details of transactions you carry out through our Website;
  • Your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour;
  • Information about your access and use of our Website, including through the use of Internet cookies, your communications with our Website, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider; and
  • Information obtained from third parties in accordance with this Privacy Policy (such as Facebook or LinkedIn).

We have statutory responsibilities to collect and disclose certain information to comply with regulatory requirements and contractual obligations. For example, under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (Australia) we are obliged to verify the identity of, and run anti-money laundering checks on, persons who use our Website and services. To comply with those responsibilities, we may use third parties to verify your personal information. If those services are not able to verify your identity to our satisfaction, we may request that you send us further identification information.

While you hold an account with us, we may also need to run additional identity checks on you. By using this Website, you agree that we may run these identity checks on you, and that you will not be able to use the Website or our services unless we are able to complete those checks to our satisfaction.

If you do not provide us with the information required, we may elect to terminate our relationship with you, if we believe it will jeopardise our ability to provide you with a complete, accurate and comprehensive service. We will inform you of any legal requirements for us to ask for information about you and the consequences of not giving us that requested information.

We will only solicit personal information about you where you have knowingly provided that information to us, we believe you have authorised a third party to provide that information to us, or we are obligated by law to obtain such information. Third parties that we may need to collect information from include your financial adviser, product issuer, employer, accountant or solicitor. To verify your identity for Know Your Customer (KYC) purposes, we may also solicit personal information about you from reliable identity verification service providers.

How do we use personal information?

We may use personal information for any of the following purposes:

  • To verify any information that you give to us, or information that we collect from third parties and any third party databases;
  • To carry out credit and identity checks;
  • To assess your suitability to register with us and use our services;
  • To provide our services to you;
  • To enable you to access and use our Website and associated applications;
  • For analytics, market research and business development, including to operate and improve our Website and associated applications;
  • To satisfy any obligation arising from any agreement between you and us;
  • To comply with our legal and regulatory obligations or in connection with legal proceedings, crime or fraud prevention, detection or prosecution;
  • To store, access and make information available through the Website;
  • To contact you with information about us, our services and new offers that we think may be of interest to you;
  • To monitor, operate, maintain and improve the Website; and
  • For any other purpose permitted under the Privacy Act 1988 (Cth) (Australia) or that we notify you of at the time personal information is collected.

By using this Website, you are agreeing to authorise any third party to provide your personal information to us for any of the above purposes.

If we disclose your personal information to a credit reporting agency, that agency may hold your information on their credit reporting database and use it for providing credit reporting services and for any other lawful purpose and the agency may disclose your information to their subscribers for the purpose of credit checking or debt collection or for any other lawful purpose.

Disclosure of your information

We may provide your information to other related companies within the AgCrowd network or external parties. Where personal information is disclosed, there are strict controls in place to ensure information is held, used and disclosed in accordance with the APPs.

Prior to disclosing any of your personal information to another person or organisation, we will take all reasonable steps to satisfy ourselves that:

  1. The person or organisation has a commitment to protecting your personal information at least equal to our commitment, or
  2. You have consented to us in making the disclosure.

From time to time we are required to disclose information to other organisations to comply with the laws and regulations governing our provision of services. The organisations we may be required to disclose information include, but are not limited to:

  • third party service providers for the purpose of enabling them to provide their services, including (without limitation) IT service providers, data storage, web-hosting and server providers, and marketing or advertising providers;
  • organisations involved in providing, managing or administering our products or services such as custodians, external dispute resolution services, insurers, investment managers, or mail houses;
  • organisations involved in providing, managing or administering our products or services such as custodians, external dispute resolution services, insurers, investment managers, or mail houses;
  • organisations involved in providing, managing or administering our products or services such as custodians, external dispute resolution services, insurers, investment managers, or mail houses;
  • government departments e.g. The Office of the Australian Information Commissioner (OAIC), Australian Taxation Office (ATO), ASIC and Centrelink as required by law;
  • external service providers and other compliance inspectors for audit purposes;
  • external parties for business acquisitions or in the event of the sale of the business;
  • any other external party which we are compelled at law to make disclosures to; and
  • any other external party as authorised by you from time to time.

We will not use or disclose information collected about you other than for a purpose made known to you unless the disclosure is:

  • required by law (e.g. ATO, Australian Prudential Regulation Authority and ASIC have the power to order us to disclose information about your situation);
  • authorised by law (e.g. to protect our interests or where we have a duty to the public to disclose);
  • necessary to discharge obligations (such as to foreign governments for the purposes of foreign taxation)
  • you have consented to our disclosing the information to you, or;
  • the assets and operations of the business are transferred to another party.

Other than as set out in this document, we will not otherwise disclose your information to other parties without your explicit consent.

Disclosing your personal information overseas

We may use cloud storage to store the personal information we hold about you to help us provide, improve and promote our Website and our services. We may store information about you in other types of networked or electronic storage to parties located, or that store or collect and process that data, outside of Australia including Austria, Australia, Belgium, Bulgaria, Brazil, Canada, Croatia, China, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hong Kong, Hungary, Ireland, India, Italy, Korea, Latvia, Lithuania, Luxembourg, Malta, Netherlands, New Zealand, Poland, Portugal, Romania, Slovakia, Slovenia, Singapore, Spain, Sweden, Taiwan, United States and the United Kingdom.

For example, your personal information may be disclosed overseas because of our use of analytics tools such as Google Analytics or our use of overseas hosting facilities. In this respect, your data is stored through Google Analytics’ data storage, databases and the general Google Analytics application. They store your data on a secure server behind a firewall. Here is a link to the Google Analytics Privacy Policy for your reference https://www.google.com/analytics/terms/us.html.

Our hosting facilities are provided by Amazon Web Services and are currently based in the United States (although servers may from time to time be based in other countries including Japan, Ireland, India, Canada, United Kingdom, Korea, China, France, Singapore, Germany, Brazil, Hong Kong, and Sweeden). See https://aws.amazon.com/security for information on their security practices.

We use GreenID by VixVerify for secure identity verification services. We do not store your personal identification documents on our platform or servers. Here is a link to the GreenID Privacy Policy for your reference http://www.vixverify.com/news-resources-2/#privacy_policy.

We may also disclose any of the personal information we hold:

  • For the purposes for which the information was collected;
  • With your express consent;
  • For any purpose which is permitted under the Privacy Act 1988 (Cth) (Australia);
  • In relation to any proposed purchase or acquisition of our business or assets; or
  • Where required by applicable law or any court, or in response to a request by a law enforcement agency;

In addition we may share non-personal and aggregated information for research or promotional purposes.

Any third parties to whom we disclose or permit access to your personal information in the course of providing services on our behalf, whether in Australia or overseas, will be subject to strict contractual restrictions to ensure that they protect personal information and keep it confidential, consistent with relevant privacy and data protection laws.

We will keep your personal information for as long as necessary to achieve the purposes for which we collected it, and in all cases for such periods as we are required to in order to comply with any relevant legislation and regulations. Where we no longer need to keep your personal information, we will take reasonable steps to destroy or de-identify your personal information.

We will take steps to ensure that your personal information will be afforded the level of protection required of us under and in accordance with this Privacy Policy and applicable data protection laws, and in accordance with current legally recognised data transfer mechanisms. Except as set out in this Privacy Policy, we do not sell or trade personal information to third parties, or allow such third parties to use that personal information.

By providing us with personal information, you consent to the disclosure of your personal information to third parties who reside outside Australia and acknowledge that we are not required to ensure that those third parties comply with Australian privacy laws.

Protection of data and the security of information

All information you provide is stored on secure servers. Only authorised employees, agents and contractors (who have agreed to keep information secure and confidential) have access to this information.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site. Any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. If you have any questions about security, you can contact us at support@agcrowd.com.au

Links to other websites

Our website and mobile application may contain links to other websites. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information that you provide whilst visiting such sites and such sites are not governed by this Privacy Policy. You should exercise caution and look at the privacy policy applicable to the website in question.

Social Media Widgets

Our website includes Social Media Features, such as the Facebook Like button. These Features may collect your IP address, which page you are visiting on our website, and may set a cookie to enable the feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on Our Site. Your interactions with these features are governed by the privacy policy of the company providing it.

Accessing and updating your personal information

You have the right to request access to, correct or make a complaint about any of the personal information we hold about you.

You can update your personal information by logging into your account and changing your personal information at any time. If you are unable to update your personal information for any reason, you can contact us and we will assist you. Provided you have met your obligations under our Terms & Conditions and have successfully answered your security questions, we will provide you with confirmation of the date we hold about you on request.

Notifications and Email Opt-Out

AgCrowd will send you emails, SMS and push notifications covering a variety of topics such as account activation, offer details, allocation notifications and newsletters. Our communications will clearly describe how you can be removed from our mailing lists.

Notifiable Data Breach Scheme

We may be required to make mandatory disclosures of any data breach we experience in accordance with the Notifiable Data Breach Scheme (Australia) established by the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth). If we are required to make a mandatory disclosure under the data breach act and that data breach relates to your information, we will notify you of same as soon as practicable in the manner required by the Scheme and the OAIC.

Concerns or Complaints

You also have in certain circumstances the right to request that the personal information that is collected from you is erased, its further processing is restricted, or to object to its further processing and the right to data portability. You can also ask that personal information provided by you to us is transmitted to another party. You may also withdraw your consent where it has been provided as a condition of our processing your information or object to the further processing of your personal information in certain circumstances.

If you have a complaint about how we have managed your personal information, dealt with a request by you to access or correct your personal information, or if you think that we have breached the Privacy Act, you can make a written complaint to us by sending an e mail addressed to our Privacy Officer and headed “Privacy” to us at support@agcrowd.com.au .

Once we have received your concern or complaint, our Privacy Officer will investigate it and respond to you as soon as we can. Our Privacy Officer aims to do this within 10 working days of receiving your email. If this is not possible, our Privacy Officer will contact you and let you know when we will respond to your concern or complaint. For the purposes of GDPR, our Privacy Officer is also our Data Protection Officer.

At all times we will seek to manage your complaint in accordance with following principles:

  • all complaints will be treated seriously;
  • all complaints will be dealt with promptly;
  • all complaints will be dealt with in a confidential manner; and
  • the privacy complaint will not affect your existing obligations or the commercial arrangements that exist between this us and you.

In the event that the Privacy Officer is unable to resolve your complaint, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

You can lodge a written complaint with the Australian Information Commissioner by:

If you are in the European Union, you can choose to instead lodge a complaint with your local Data Protection Authority (DPA). The list of DPA’s is at http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.

We are committed to helping you have control of your personal information and so it is our practice to take reasonable steps to notify you if we are aware that we have breached your privacy.

Cookies

We may also collect technical information whenever you use our Website. This may include information about the way you arrive at, browse through and interact with our Website. We may collect this type of technical information through the use of cookies and other means. Cookies are small text files stored on your device, to help operate the Website and collect information about online activity. For example, we use cookies to store your preferences and settings, help with sign in, combat fraud and analyse site operations.

General Data Protection Regulation (GDPR) for the European Union (EU)

AgCrowd will comply with the principles of data protection set out in the GDPR for the purpose of fairness, transparency and lawful data collection and use.

We process your personal information as a Processor and/or to the extent that we are a Controller as defined in the GDPR.

We must establish a lawful basis for processing your personal information. The legal basis for which we collect your personal information depends on the data that we collect and how we use it.

We will only collect your personal information with your express consent for a specific purpose and any data collected will be to the extent necessary and not excessive for its purpose. We will keep your data safe and secure.

We will also process your personal information if it is necessary for our legitimate interests, or to fulfil a contractual or legal obligation.

We process your personal information if it is necessary to protect your life or in a medical situation, it is necessary to carry out a public function, a task of public interest or if the function has a clear basis in law.

We do not collect or process any personal information from you that is considered "Sensitive Personal Information" under the GDPR, such as personal information relating to your sexual orientation or ethnic origin unless we have obtained your explicit consent, or if it is being collected subject to and in accordance with the GDPR.

You must not provide us with your personal information if you are under the age of 16 without the consent of your parent or someone who has parental authority for you. We do not knowingly collect or process the personal information of children.

Your rights under the GDPR

If you are an individual residing in the EU, you have certain rights as to how your personal information is obtained and used. AgCrowd complies with your rights under the GDPR as to how your personal information is used and controlled if you are an individual residing in the EU

Except as otherwise provided in the GDPR, you have the following rights:

  1. to be informed how your personal information is being used;
  2. access your personal information (we will provide you with a free copy of it);
  3. to correct your personal information if it is inaccurate or incomplete;
  4. to delete your personal information (also known as "the right to be forgotten");
  5. to restrict processing of your personal information;
  6. to retain and reuse your personal information for your own purposes;
  7. to object to your personal information being used; and
  8. to object against automated decision making and profiling.

Please contact us at any time to exercise your rights under the GDPR at the contact details in this Privacy Policy.

We may ask you to verify your identity before acting on any of your requests.

Hosting and International Data Transfers

Information that we collect may from time to time be stored, processed in or transferred between parties or sites located in countries outside of Australia. These may include but are not limited to Austria, Australia, Belgium, Bulgaria, Brazil, Canada, Croatia, China, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hong Kong, Hungary, Ireland, India, Italy, Korea, Latvia, Lithuania, Luxembourg, Malta, Netherlands, New Zealand, Poland, Portugal, Romania, Slovakia, Slovenia, Singapore, Spain, Sweden, Taiwan, United States and the United Kingdom.

The hosting facilities for our website are situated on Amazon Web Services secure cloud servers which are located at physical sites primarily across the United States of America along with Japan, Ireland, India, Canada, United Kingdom, Korea, China, France, Singapore, Germany, Brazil, Hong Kong, and Sweeden. Our host Amazon Web Services transfer and store data outside of the EU in accordance with EU law by operating in accordance with ‘model clauses’ approved by the EU’s Article 29 Working Party. More information can be found at the following link: http://aws.amazon.com/compliance/eu-data-protection/.

Amendments

We may add to, remove or change the provisions of this Privacy Policy from time to time. All additions and changes will be notified to you by being posted on this page. It is your responsibility to refer to these additions and changes. This privacy policy was last updated on 17 February 2019.