...

Privacy Policy

Clients & Website Users

Vestabyte Pty Ltd ACN 612 771 490

Vestabyte Pty Ltd ACN 612 771 490 and all its related entities (“Vestabyte”, “we”, “us” or “our”) recognise the importance of protecting personal information. This privacy policy (“Policy”) explains how Vestabyte protects the privacy of individuals and summarises how the company collects, uses and discloses personal information about individuals.

Vestabyte is bound to comply with the Privacy Act 1988 (Cth) (“Privacy Act”) and the Australian Privacy Principles (“APPs”) that regulate the handling of personal information about individuals. Please note, by using or registering with the Vestabyte website or by providing personal information to us, you agree to the terms of this Policy.

1. Management of Personal Information

(a) Information Vestabyte collects

Where it is reasonably necessary to provide our products and services, we will collect personal information from clients, investors, financial planners, website users and other individuals (for example business contacts, suppliers and potential new clients).

The type of personal information that we may collect from you will depend on our relationship with you and the circumstances of collection. Information we collect may include, but is not limited to, the following:

• name, age, date of birth and place of birth;
• residential address, business address, email address, facsimile number and contact telephone numbers;
• financial information (including details of earnings, assets and investments);
• employment information;
• information that is required or authorised by law;
• opinions about our products, services and/or staff;
• bank account details and credit / debit card details; and
• details about website users through the use of cookies.

Vestabyte may collect sensitive information in order to comply with the AntiMoney Laundering and CounterTerrorism Financing Act 2006 (Cth) (AM/CTF Law) provided that the requirements in Section (h) of this Policy are satisfied before the information is collected. This sensitive information may include government identifiers such as your tax file number (TFN). We will only collect a TFN or other government related identifier if it is necessary and relevant for the services we provide, is for a purpose authorised bytax, personal assistance or superannuation law, or is otherwise permitted by the APPs. We may also collect copies of identification documents from you, for example driver licences, birth certificates and/or passports.

(b) Notification of collection of personal information

(a) Information Vestabyte collects

Where it is reasonably necessary to provide our products and services, we will collect personal information from clients, investors, financial planners, website users and other individuals (for example business contacts, suppliers and potential new clients).

(b) Notification of collection of personal information

We will take reasonable steps to notify you if we collect, or have collected, your personal information. Such information may include details about the purposes for which we are collecting information and the types of entities we may share the information with (including, where applicable, whether the information is disclosed to overseas recipients and, if practicable, their location). We will also refer you to the information in this Policy about how you may access and correct the personal information we hold about you, and how you may complain about a breach of the APPs. If personal information is collected from a third party, we will provide you with a statement about the personal information that was collected and the circumstances of its collection.

(c) How Vestabyte collects information

How we collect personal information will largely depend on whose information we are collecting. If it is reasonable and practical to do so, we generally collect personal information directly from you.

We may collect information about you when you:

• engage Vestabyte for the provision of services;
• request information from us or use our services;
• interact or conduct business with us;
• telephone, email or write to us;
• contact us through our website; or
• have a face to face meeting with a representative of Vestabyte.
• As well as collecting information directly from you, there may be occasions when
• Vestabyte collects information from a third party, which will supplement the information held by Vestabyte.

We may collect personal information from:
• entities that are Related Bodies Corporate (as defined in the Corporations Act 2001 (Cth))
(“Corporations Act”) of Vestabyte;
• any third party authorised to be your representative;
• your employer or a company of which you are an officer;
• publicly available sources of information or databases subscribed by Vestabyte (including credit reporting bodies (CRBs)); and
• independent sources.

We will however only collect information from third parties where it is not reasonable and practical to collect the information from you directly. Once your personal information is no longer needed for any of the purposes for which we may use or disclose the information and the information does not need to be retained under an Australian law or court or tribunal order, we will take reasonable steps to destroy or permanently deidentify it.

(d) Gathering and combining personal information

Improvements in technology enable organisations to collect and use personal information to get a more integrated view of investors and to allow them to provide better products and services to investors. We may combine investor information made available from a variety of sources. This enables us to analyse the data in order to gain useful insights, which can be used for the purposes mentioned in Section 1(f) of this Policy.

(e) Unsolicited Information

Sometimes we may be provided with your personal information without having sought it through our normal means of collection. We refer to this as “unsolicited information”.

Where we collect unsolicited information we will only hold, use and or disclose that information if we could otherwise do so had we collected it by means permitted by the APPs and this Policy. If that unsolicited information could not have been collected by a permitted means then we will destroy, permanently delete or deidentify the information as appropriate.

(f) How is personal information used?

Personal information is used by Vestabyte for the purpose of conducting our business and providing products and services requested by you. Our policy is to use personal information for the primary purpose for which it was collected or for a secondary related purpose where you would reasonably expect us to use or disclose the personal information for that secondary purpose. We will only disclose sensitive information for a secondary purpose where the secondary purpose is directly related to the primary purpose.

In general, our uses of personal information include, but are not limited to:

• establishing your identity;
• managing your investment/s and our relationship with you;
• providing you with the products or services you have requested;
• providing you with updates in relation to your investment and other investments;
• communicating with you (including calling and emailing);
• assessing your application for a financial product;
• managing relations with third parties;
• conducting and improving our business to help us manage and enhance our products and services and improve the investor experience;
• human resources, compliance, quality assurance and staff training purposes;
• managing our security and information control systems;
• complying with our legal obligations, and assisting government and law
• enforcement agencies and/or regulators;
• identifying other products and services that we think may be of interest to you; and
• Communicating with you about the products and services that we offer.

We will generally not use or disclose your personal information for any other purpose without your consent unless we are required to do so by law or under some other specific circumstance which the Privacy Act permits.

(g) Direct Marketing

Where permitted under the APPs and other Australian laws, we may from time to time use the personal information you provided to send you:

• offers, updates, events, articles, newsletters or other information about our products and services that we believe will be of interest to you; or
• offers to subscribe to our newsletters, magazines, social media or announcements/updates and promotional offers.

We will only use personal information we collected from someone other than you for direct marketing purposes with your consent (unless it is impracticable to obtain such consent). We similarly will not use or disclose sensitive information for direct marketing purposes unless you have consented to such use or disclosure. You will always have the option of electing not to receive these communications and you can unsubscribe at any time by notifying us that you wish to do so or using the unsubscribe facility set out in the relevant electronic marketing message. If you tell us not to use your personal information for future marketing purposes, we will respect your wishes. We will act and amend our records promptly in response to any unsubscribe request we receive within a reasonable period after the request is made. We do not charge for the making of, or to give effect to, such a request. If you elected to subscribe to any of our publications or for any notifications and later decide that you no longer wish to receive newsletters, magazines, social media, updates or promotional material from us, you may unsubscribe by following the instructions contained in the relevant electronic marketing message.

(h) Sensitive Information

We only collect sensitive information reasonably necessary for one or more of the uses specified in Section 1(f) of this Policy if we have the consent of the individuals to whom the sensitive information relates, or if the collection is necessary to lessen or prevent a serious threat to life, health or safety or where another permitted general situation applies (as defined in Section 16A of the Privacy Act).

(i) Disclosure of information to third parties

We do not sell, trade or rent your personal information to others. Personal information may be disclosed to our employees and agents to enable them to provide services to you. It may be necessary for us to disclose your personal information to certain third parties in order to assist us with one or more of our functions or activities, or where permitted or required by law.

Third parties may include:

entities that are Related Bodies Corporate (as defined in the Corporations Act) to Vestabyte;

• those to whom we outsource certain functions, for example information technology support and our external consultants;
• Criminal Records Bureau (CRB);
• suppliers;
• auditors and insurers;
• contractors and service providers;
• third party lenders and insurers (to assist Vestabyte with providing the products and services requested by you);
• your agents or representatives;
• anyone authorised by you to access your personal information;
• government and law enforcement agencies and regulators; and
• entities established to help identify illegal activities and prevent fraud.
• We may disclose your personal information from time to time, only if one or more of the following apply:
• you have consented;
• you would reasonably expect us to use or disclose your personal information in this way;

• we are authorised or required to do so by law;
• disclosure will lessen or prevent a serious threat to the life, health or safety of an individual or to public safety;
• where another permitted general situation applies (as defined in Section 16A of the Privacy Act); or
• disclosure is reasonably necessary for a law enforcement related activity.

We will only disclose your information to a CRB if it is for the sole purpose of verifying your identity as required by the AML/CTF Act and you provide us with your informed consent prior to, or at the time, the information is collected. Records of the verification request will be made by Vestabyte and the CRB and retained for 7 years from the date of the request and for 7 years after Vestabyte ceases to provide services to you. You can request access to these records.

*In the event Vestabyte is requested to provide additional information to verification agencies, Vestabyte requires expressed consent by all customers where personal information is disclosed to credit reporting bodies for the purposes of verification as per s35A(2)(b) of the AML/CTF Act.

(j) What if your personal information is not provided to us?

If some or all of your personal information is not provided we may not be able to provide certain products or services to you.

(k) Crossborder

disclosure of personal information [Note: Please consider the use of information by third party service providers may also result in the information being sent or stored overseas]

Vestabyte does not intend to send or disclose your personal information to overseas recipients, but may transfer your personal information to a foreign recipient (including when an overseas entity accesses the information in Australia), if: we reasonably believe that:

• the recipient is subject to law, or a binding scheme, that has the effect of protecting your personal information in a way that, overall, is at least substantially similar to the APPs; and
• there are mechanisms that you can access to take action to enforce that protection of the law or binding scheme; or
• the disclosure is required or authorised by or under an Australian law or a court/tribunal order; or
• the transfer is necessary for the performance of a contract with you (from which the information was collected); or
• the transfer is for your benefit (and all other APP requirements are met); or
• you expressly consent to the transfer upon being informed that such consent will waive the protection against crossborder disclosure under the APPs.

Where disclosure is to be made to a known overseas entity, we will take reasonable steps to assess the privacy laws of the country where information will be disclosed to determine whether the overseas recipient is required to comply with privacy laws that are at least as stringent as the APP requirements in relation to information. We may enter into a written contract with the overseas recipient to enable us to enforce protection of the personal information that we provide to the overseas recipient and ensure that the overseas entity does not breach the APPs.

(l) How Vestabyte stores and protects your information

We strive to maintain the relevance, reliability, accuracy, completeness and currency of the personal information we hold and to protect its privacy and security.

Vestabyte will take reasonable steps to protect your personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure. We hold the personal information we collect on secure servers or in physical storage located in controlled environments and protect it by using uptodate industry standard software protection programs and locks. Personal information is only accessible by officers, agents, service providers, contractors and employees of Vestabyte (on a need to know basis), unless it is disclosed to another party in accordance with this Policy. All employees are required to maintain the confidentiality of any personal information they handle. If other parties provide support services to Vestabyte, we require them to implement appropriate safeguards to protect the privacy of the personal information we provide to them. This may include requiring the execution of nondisclosure agreements to ensure the confidentiality of personal information.

2. Who can I contact for further information, to gain access to my personal information or to make a complaint?

(a) Contact Details

You are able to contact Vestabyte and request further information about this Policy, request access to your personal information or make a request that your personal information be corrected and/or updated. You are also able to make a complaint about any aspect of this Policy, and/or any aspect regarding the collection or use of information by Vestabyte, including the following:

• the kind of information collected by Vestabyte;
• the collection process;
• the purpose/s for which information is collected;
• how information is held; or
• use or disclosure of information by Vestabyte.

Vestabyte will take reasonable steps to provide a copy of this Policy to anyone who requests it, free of charge and in the form requested. We do not charge for receiving a request to access or correct personal information, although we may charge a reasonable amount to cover the cost of processing such a request. In this situation, Vestabyte will provide an estimate of how much the service will cost and request an agreement to the cost before proceeding. Further information can be requested, access to information can be requested and complaints can be made using the contact details set out below.

Vestabyte Pty Ltd
ACN: 612 771 490
Address: 569/585 Little Collins Street
Melbourne, VIC 3000 AUSTRALIA
Telephone: +61 3 98117015
Email: info@vestabyte.com

(b) Request for correction of information

If you request that Vestabyte correct your personal information, Vestabyte will take such steps (if any) as are reasonable in the circumstances to correct that information to ensure that, having regarding to the purpose for which it is held, the information is accurate, up to date, complete, relevant and not misleading.

If a correction is made, Vestabyte will take such steps as are reasonable in the circumstances to notify third parties of the correction, unless it is impracticable or unlawful to do so. Vestabyte will respond to a request for correction of personal information within a reasonable period after the request is made. We may refuse access to your information or refuse a request for correction in limited cases, including where there are legal, regulatory or administrative reasons to deny access or giving access would reveal evaluative information generated within Vestabyte in connection with a commercially sensitive decision making process. If Vestabyte refuses to correct the personal information as requested by you, Vestabyte will provide you with a written notice that sets out:

• the reasons for the refusal except to the extent that it would be unreasonable to do so; and
• the mechanisms available to complain about the refusal.
• If Vestabyte refuses to correct the personal information, it will keep with the record an indication that you have requested that the information be corrected.

(c) Complaints

Complaints in relation to this Policy or the collection of personal information will be investigated by Vestabyte within a reasonable period after the complaint is received. If you make a complaint, a response will be provided by Vestabyte to you after the investigation is conducted. If you are not satisfied with the way in which Vestabyte handles an enquiry or complaint, you can refer your complaint to the Office of the Australian Information

Commissioner at:
GPO Box 5218
Sydney NSW 2001
Telephone: 1300 363 992
Facsimile: 02 9284 9666
Email: enquiries@oaic.gov.au
Online privacy complaint form: www.oaic.gov.au

3. Update of Privacy Policy

We may vary this Policy as business requirements or the law changes. We will review this Policy on a regular basis and update the Policy as required. Please check this page for updates periodically.

4. Website

You are always free to contact us with a question or problem related to your interactions with our website. Our standard business practice is to retain any communications from visitors to our website to help us improve our services. We are not responsible for the privacy policies of any third party websites that may be linked to the Vestabyte website.

Our website Terms and Conditions contain the terms and conditions that apply when you use the Vestabyte website and can be found at: Terms

Cookies

We also generate and collect information through website cookies whenever a page is accessed on a Vestabyte website. A cookie is a small data file that may be placed on your computer (usually in the browser software folder) during a visit to our websites. Cookies are necessary to allow the Vestabyte website and your computer to interact effectively and to enhance security. Cookies can record information about your visit. They allow the website to recognise your computer when you return in the future.

Cookies by themselves cannot be used to discover the identity of the user. Cookies do not damage your computer and you can set your browser to notify you when you receive a cookie so that you can decide if you want to accept it. This information assists us to better understand your needs.

The type of information we automatically collect when you visit our website includes the following:

• your computer’s operating system;
• your computer’s browser type and capabilities;
• your computer’s Internet Protocol (IP) address and geolocation;
• the web pages you have visited, including how you were referred to each web page; and
• web page usage statistics, including the time spent on each web page.

If you do not wish to receive any cookies, you should set your browser to refuse cookies. However, doing so may mean you will not be able to use all features of our website. We will not identify your browsing activities, except where we are required to do so by law.