General Data Protection Regulation (GDPR) Notice
Identity and contact details of data controller
This GDPR Notice (the Notice) applies to the collection and processing of your personal information by or on behalf of Hanrick Curran and its related entities (the Hanrick Curran Group) if you are an individual in a country that is a member of the European Economic Area (EEA) and we offer or provide goods or services to you.
The Hanrick Curran Group includes Providence HR Pty Ltd, Assure Super, Hanrick Curran Pty Ltd, Hanrick Curran Superannuation Pty Ltd, Hanrick Curran Audit Pty Ltd, Hanrick Curran Administration Pty Ltd, Hanrick Curran Group Pty Ltd, Hanrick Curran Corporate Finance Pty Ltd, Hanrick Curran Holdings Pty Ltd, Hanrick Curran Financial Services Pty Ltd, Hanrick Curran Wealth Strategy Pty Ltd and Hanrick Curran Hoiberg Pty Ltd.
In this Notice, we, us and our means each member of the Hanrick Curran Group.
The member of the Hanrick Curran Group that you contract with is the data controller for the purposes of processing your personal information.
We have a Privacy Officer who will also be appointed as a Data Protection Officer if we have a legal obligation to do so. The Privacy Officer's contact details can be found at the end of this Notice.
Categories of people about whom we collect personal information
We may collect personal information about:
- clients, business associates and potential clients and their personnel;
- individuals in the course of acting for clients;
- suppliers and their employees;
- our employees, partners, contractors, former employees, former partners, former contractors or prospective employees, contractors or partners; and
- other people who come into contact with a member of the Hanrick Curran Group.
Categories of personal information collected
In general, the personal information we may collect and hold includes name, date of birth, contact details (including email addresses, mailing address and phone number), occupation, company name, personal preferences, payment details, employment history, education and qualifications, testimonials and feedback, and other information which assists us in conducting our business, providing and marketing our services and meeting our legal obligations. In some cases we may also collect and process sensitive information, such as information about political opinions or trade union membership.
Personal information collected from other sources
Sometimes we collect information about you from sources other than you. We may collect information about you that is publicly available or made available by third parties (including, but not limited to: online search tools, publicly available registers, or from our clients, suppliers and service providers and their websites).
We may do this where:
- we cannot contact you and need to update your contact details; and
- we need information about individuals from third parties to help us provide our services to clients.
We may use or disclose information about you in order to combine the information that we hold with information collected from or held by external sources. We do this in order to enable us to provide our services.
Purposes of data processing
In connection with our legitimate interests in carrying on our business
We may use and process your information for our legitimate interests (where we have considered these are not overridden by your rights and which you have the right to object to as explained below) in:
- identifying opportunities to improve our service to you;
- conducting market research to serve you better by understanding your preferences to ensure we send you appropriate promotions and campaigns;
- assisting in arrangements with other organisations in relation to a product or service we make available to you;
- allowing us to run our business and perform administrative and operational tasks (such as training staff, risk management; developing and marketing products and services, undertaking planning, research and statistical analysis; and systems development and testing); and
- verifying identity, preventing or investigating any fraud or crime, or any suspected fraud or crime
Where processing is necessary for the performance of a contract
We may use and process your personal information in connection with a contract to which you are a party (for example, verification of identity checks).
Under a legal obligation
We may also use and process your personal information where we are authorised or required by applicable laws, regulations or codes that bind us, in particular as an accounting and consulting services firm.
With your consent
Where required, we will only use your personal information for the purpose for which you have given your valid or explicit consent, which we will ensure we have obtained before we process your information.
Some information you provide us in connection with your instructions to us for providing or administering a product or service we provide you, may be more sensitive and therefore falls within a special category of personal information, such as information about political opinions or trade union membership. We will collect and process this information only with your explicit consent.
For direct marketing
We may communicate with you (through the preferred communication channel(s) you have selected, which may include by email, telephone, SMS, iM, mail, or any other electronic means including via social networking forums) to, amongst other things, tell you about products, services, event and offers that may be of interest to you.
If you have provided your consent to receive direct marketing, you can withdraw it at any time without detriment, we will process your request as soon as practicable.
If you no longer wish to receive direct marketing communications you can email our Privacy Officer (details below).
Recipients of the personal information
We may share your information with other organisations consistent with the purposes for which we use and process your information as described above. This includes with the entities described below.
Sharing with the Hanrick Curran Group
We may share your personal information with other Hanrick Curran Group members. This could depend on the product or service you have applied for and the Hanrick Curran Group member you are dealing with. Where appropriate we integrate the information we hold across the Hanrick Curran Group to provide us with a complete understanding of you and your needs in connection with the product or services we are providing you.
Sharing at your request
At your request, we will share your personal information with your representative or any person acting on your behalf (for example, financial advisers, lawyers, settlement agents, executors, administrators, trustees, guardians, brokers or auditors).
Sharing with third parties
We may disclose your personal information to third parties outside of the Hanrick Curran Group. For instance:
- to entities who assist us in providing our services (including hosting and data storage providers and debt collectors);
- in confidence, to our advisers and insurers;
- in confidence, to third parties to improve our services and obtain feedback; and
- where the use or disclosure is authorised or required by or under an Australian law or court/tribunal order.
Transferring your information overseas
We may send and process your personal information to Hanrick Curran Group members in Australia. We may also need to share some of the information we collect about you from the EEA with organisations both inside and outside Australia, and sometimes we may need to ask you before this happens.
We may store your information in cloud or other types of networked or electronic storage. As electronic or networked storage can be accessed from various countries via an internet connection, it is not always practicable to know in which country your information may be accessed or held.
If we or our service providers transfer any of your personal information we collect from you outside the EEA on onwards to a third country from Australia, we will ensure that it is protected and transferred in a manner consistent with legal requirements applicable to the information. We will do this by one of the following approaches:
- where the country has been approved by the European Commission as having adequate protections for personal information;
- where a valid Privacy Shield certification exists (in the case of a data transfer to a Privacy Shield certified US recipient -https://www.privacyshield.gov/welcome; or
- by adopting appropriate EC approved standard contractual clauses (see https://ec.europa.eu/info/law/law-topic/data-protection_en); or
- obtaining your explicit and informed consent to the proposed transfer
If you wish to know whether or not the country to which the overseas disclosure is intended to be made has been deemed adequate by the European Commission, please refer to this link:
Overseas organisations may be required to disclose information we share with them under an applicable foreign law.
What happens when we no longer need your information?
We will only keep your information for as long as we require it for our purposes. We are required to keep some of your information for certain periods of time under applicable law. When we no longer require your information, we will ensure that your information is destroyed or de-identified.
In relation to the provision of financial and business advisory services, we are required to keep your information for at least 5 years and as any as 10 years or otherwise as required for our business operations or by applicable laws.
We may need to retain certain personal information after we cease providing you with products or services to enforce our terms, for fraud prevention, for audit or insurance purposes, to identify, issue or resolve legal claims and/or for proper record keeping
We may also retain a record of any stated objection by you to receiving marketing for the purpose of ensuring we can continue to respect your wishes and not contact you further.
How to access or correct your information
Subject to applicable laws, you have the right to access your personal information and to receive a copy of that information. You have the right to request the correction (rectification) of personal information if you think there is something wrong with the information we hold about you.
You can ask us to access or correct your personal information that we hold by writing to our Privacy Officer (see contact details below).
We may need to verify your identity to respond to your request. We will respond to any request within a reasonable period permitted under applicable privacy laws and will generally give access or make a correction unless an exemption applies to certain information.
We will give you access to your information in the form you want it where it’s reasonable and practical. We may charge you a small fee under certain circumstances to cover our costs when giving you access but we will always confirm this with you first.
Your personal information rights
- You have in certain circumstances the right to request that the personal information that we collect from you is erased without undue delay.
- You have the right to request that further processing of your personal information is restricted in certain circumstances, including while we investigate your concerns with this information or if we are processing for direct marketing purposes (we may be legally entitled to refused that request).
- You have in certain some circumstances, the right to request that the further processing of your information is restricted or to object to its processing and the right to data portability (to receive and have transferred the information you provided).
- You can let us know at any time if you no longer wish to receive direct marketing offers from us . We will process your request as soon as practicable. Where you have subscribed to something specific (like to hear from one of our sponsored organisations) then these subscriptions will be managed separately.
- You may also withdraw your consent to the further processing of your personal information (but we may be able to continue processing without your consent if there is another legitimate reason to do so). The withdrawal of your consent will not affect the processing of your information that you had consented to.
- You can lodge a complaint with the relevant European data protection authority if you think that any of your rights have been infringed by us.
If we refuse any request you make in relation to your personal information rights, we will write to you to explain why and how you can make a complaint about our decision.
How do you make a privacy query or complaint?
If you have any questions about privacy-related issues or wish to make a complaint about how we handle your personal information, we want to hear from you. please contact Susan Harding-Smith (Privacy Officer) on the details below:
307 Queen Street
BRISBANE QLD 4000
GPO Box 2268
BRISBANE QLD 4001
Phone: 07 3218 3900
Fax: 07 3218 3901
You have the right to make a complaint to the relevant data protection authority (for example in the place you reside or where you believe we breached your rights).
Need more help?