Our approach to Privacy and Personal Information.
McGrathNicol (which includes McGrathNicol Partnership (ABN 41 945 982 781), McGrathNicol Advisory Partnership (ABN 34 824 776 937), McGrathNicol Transaction Advisory Pty Ltd (ABN 47 456 678 565), ACT Super Management Pty Ltd (ABN 29 073 947 690), McGrathNicol Services Pty Ltd (ABN 99 252 041 004) in Australia or McGrathNicol Limited (Co# 1525474) [NZ]) in New Zealand is committed to protecting the confidentiality of the personal and sensitive information that it collects and holds and to adhering to data security and privacy laws. It considers the protection of personal and sensitive information an ethical business practice.
This policy has been developed to ensure that McGrathNicol, its subsidiaries and its affiliates comply with data security and privacy laws, such as the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth) (Act) (or the Privacy Act 1993 in New Zealand), in its collection, use and disclosure of personal information and sensitive information.
1. To what entities do the APPs apply?
The APPs apply to individuals, corporations, partnerships, unincorporated associations and trusts (APP entity) that:
operate businesses that have an annual turnover in excess of $3 million;
provide a health service to individuals and hold any health information, except in an employee record;
disclose personal information about an individual to anyone else for a benefit, service or advantage;
provide a benefit, service or advantage to collect personal information about an individual from anyone else; or
are a contracted service provider for a Commonwealth contract.
2. What is personal information?
Personal information is information or an opinion, whether true or not, about an identified individual or an individual who is reasonably identifiable. Such information may include, but is not limited to, a person’s name, address, telephone number, personal identification number (such as passport or driver’s licence number), biographical information, investments, computer login names and passwords.
3. What is sensitive information?
Sensitive information is:
Information or an opinion about an individual’s:
race or ethnic origin; or
political opinions; or
membership of a political association; or
religious beliefs or affiliation; or
philosophical beliefs; or
membership of a professional or trade association; or
membership of a trade union; or
sexual orientation or practices; or
that is also personal information;
health information about an individual;
genetic information about an individual that is not otherwise health information; or
biometric information (which is the application of statistical information to biological data) that is to be used for automated biometric verification or identification or biometric templates.
4. Collection of Personal and Sensitive Information
4.1 Personal Information
McGrathNicol is a specialist Advisory and Restructuring firm operating across all industry sectors and business sizes. McGrathNicol only collects personal information that is reasonably necessary for or directly related to one or more of its functions or activities.
McGrathNicol endeavours to collect personal information from an individual, unless it is unreasonable or impractical to do so. It may also collect personal information from publicly available records and third parties, such as clients, customers, employees and contractors. It only uses lawful and fair methods to collect personal and sensitive information and it attempts to do so in a reasonably unobtrusive manner
McGrathNicol, either at the time of the collection, or as soon as practicable afterwards, takes reasonable steps to inform the individual:
McGrathNicol’s contact details;
why McGrathNicol is collecting the personal information, whether it is collected from the individual or a third party;
if the personal information is collected from a third party, the circumstances of that collection;
to whom it might disclose that personal information;
whether McGrathNicol is likely to disclose the personal information to overseas recipients, and if so, the relevant countries; and
access the personal information held by McGrathNicol;
seek its correction;
raise questions or concerns about how McGrathNicol is dealing with the individual’s personal information; and
how McGrathNicol will deal with such a complaint.
4.2 Sensitive Information
McGrathNicol can only collect sensitive information if the individual consents to the collection of the information and the information is reasonably necessary for one or more of McGrathNicol’s functions or activities. The APPs provide some exceptions to this rule in APP 3.4 which include, if:
the information is required or authorised by or under an Australian law or a court/tribunal order; or
a permitted health situation exists as defined by the Act.
Prior to collecting any sensitive information, McGrathNicol must consider, and obtain guidance, as to whether the collection of sensitive information can be permitted by APP 3.4.
APP 2.1 provides that individuals must have the option of not identifying themselves or using a pseudonym when dealing with an APP entity. McGrathNicol does not provide this option as it is impractical for it to deal with individuals who have not identified themselves or who have used a pseudonym (APP 2.2).
McGrathNicol holds records that contain personal information when it has possession or control of that record.
4.3 Prospective Employees and Applicants
McGrathNicol collects personal information when recruiting personnel, such as their name, contact details, qualifications and work history. Generally, McGrathNicol will collect this information directly from such prospective employee or applicant.
McGrathNicol may also collect personal information from third parties in ways which you would expect (for example, from recruitment agencies or referees nominated by any prospective employee or applicant). Before offering a prospective employee or applicant a position, McGrathNicol may collect additional details such as their tax file number and superannuation information and other information necessary to conduct background checks to determine their suitability for certain positions (for example, positions which involve providing financial advice, holding funds on trust or acting as an officer of a corporation).
4.4 Other individuals
McGrathNicol may collect personal information about other individuals who are not clients of McGrathNicol. This includes customers and members of the public who participate in events McGrathNicol is involved with, individual service providers and contractors to McGrathNicol, and other individuals who interact with McGrathNicol on a commercial basis. The kinds of personal information collected by McGrathNicol will depend on the capacity in which a person is dealing with McGrathNicol.
If a person is participating in an event McGrathNicol is managing or delivering, McGrathNicol may take images or audio-visual recordings which identifies that person.
A person can always decline to give McGrathNicol any personal information requested, but that may mean McGrathNicol cannot provide the person with some or all of the services requested.
Other websites that may be accessed through the McGrathNicol website and social media accounts may collect personal information. Also, if a person uses any third-party apps, websites or services to access McGrathNicol’s services, such usage is subject to the relevant third party’s terms and conditions, cookies policy, and privacy notice. For example, if a person interacts with McGrathNicol on social media, such use is subject to the terms and conditions and privacy notices of the relevant social media platform (Facebook, Twitter etc.). The same for any third-party services, like Amazon’s Alexa, as a person’s use of the service is subject to their applicable terms and conditions. The information practices of those third-party websites are not covered by this policy. For privacy information relating to these other third party websites, please consult their privacy policies, as appropriate.
5. Use or Disclosure of Personal Information
McGrathNicol only uses the personal information for the primary purpose for which it was collected or a permitted secondary purpose. These permitted purposes include:
providing its services;
responding to requests;
maintaining contact with its clients and contacts;
managing, administering and improving its services;
keeping clients and contacts informed of its services, industry developments and seminars and events;
seeking information about its services;
engaging service providers, contractors or suppliers;
other business purposes, including marketing.
McGrathNicol provides a simple method for individuals receiving direct marketing communication from it or its agents to request not to receive them.
McGrathNicol will only disclose personal information for the purposes for which it was collected, as required by law and permitted under the APPs to:
third parties, including external service providers that McGrathNicol asks to perform services or to whom information must be disclosed in the course of providing services;
its professional advisers.
6. Cross-border disclosure of Personal Information
Before McGrathNicol discloses personal information to an overseas recipient it must take reasonable steps to ensure the overseas recipient does not breach the APPs (other than APP 1).
McGrathNicol does not have to take reasonable steps to ensure the overseas recipient does not breach the APPs if:
McGrathNicol reasonably believes that the overseas recipient is subject to laws that will have a similar protective effect over the personal information and there are mechanisms available to the individual to enforce that protection; or
McGrathNicol informs the individual that McGrathNicol does not need to take reasonable steps to ensure the overseas recipient does not breach the APPs if the individual consents to the disclosure of the information and the individual provides that consent; or
the disclosure is required by law, a court/tribunal order, the APPs or the Act.
Under section 16C of the Act, McGrathNicol will be deemed to have committed any breach of the APPs by the recipient, if it did not obtain the individual’s consent or does not hold the belief that the recipient is subject to laws that have a similar protective effect and are available to the individual.
7. Quality of Personal Information
McGrathNicol takes reasonable steps to ensure that the personal information it collects is accurate, complete and up-to-date. It also takes reasonable steps to ensure that the personal information it uses or discloses, having regard to the purpose of the use or disclosure, is accurate, complete, up-to-date and relevant.
8. Security of Personal Information
McGrathNicol takes reasonable steps to protect all information that it holds (including personal information) from misuse, interference and loss and from unauthorised access, modification or disclosure.
If a third party is given access to personal or sensitive information, McGrathNicol takes reasonable steps to ensure that the information is held securely and used only for the purpose of providing the relevant service or activity.
Unfortunately, no data transmission over the internet or data storage system can be guaranteed to be 100% secure.
If a person has reason to believe that their interaction with McGrathNicol is no longer secure (for example, if the security of any account a person might have with McGrathNicol has been compromised), please immediately notify McGrathNicol of the problem.
McGrathNicol retains personal information for as long as it needs it for any purpose for which the information may be used or disclosed. McGrathNicol takes reasonable steps to destroy the information or to ensure the information is de-identified when it no longer needs the information, if the information:
is not contained in a Commonwealth record; and
McGrathNicol is not required by law or a court/tribunal order to retain the information.
9. Access to Personal Information
An individual may request access to the personal information of the individual held by McGrathNicol. McGrathNicol must, subject to specified exceptions, give the individual access to the information. Access must be given within a reasonable period after the request is made and in the manner requested by the individual, if it is reasonable and practical to do so. Photo identification (such as a drivers’ licence or passport) must be provided to verify that the person making the request is the person to whom the information relates. McGrathNicol can charge a fee for giving access to the personal information but that fee must not be excessive and must not apply to the making of the request.
McGrathNicol is not required to give the individual access to the personal information in specified exceptions which include if:
the information relates to existing or anticipated legal proceedings between McGrathNicol and the individual and would not be accessible by the process of discovery;
giving access would reveal McGrathNicol’s intentions in relation to negotiations with the individual in such a way as to prejudice the negotiations;
giving access would reveal evaluative information generated within McGrathNicol in connection with a commercially sensitive decision-making process;
McGrathNicol reasonably believes that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety;
giving access would have an unreasonable impact on the privacy of other individuals; or
the request for access is frivolous or vexatious.
If McGrathNicol refuses to give access to the personal information or to give access in the manner requested by the individual, McGrathNicol must take steps as are reasonable in the circumstances, to give access in a way that meets its needs and the needs of the individual. This may include giving access to the information by a mutually agreed intermediary.
If McGrathNicol refuses to give access to the personal information or to give access in the manner requested by the individual, McGrathNicol must give the individual a written notice that sets out:
the reasons for the refusal, except to the extent it would be unreasonable to do so, having regard to the grounds for the refusal; and
the mechanisms available to complain about the refusal; and
any other matter prescribed by the regulations.
10. Correction of Personal Information
If McGrathNicol holds personal information about an individual and:
it is satisfied, having regard to a purpose for which the information is held, the information is inaccurate, out-of-date, incomplete, irrelevant or misleading; or
the individual requests McGrathNicol to correct the information;
it must take such steps as are reasonable to correct the information to ensure that, having regard to the purpose for which it is held, the information is accurate, complete, up-to-date, relevant and not misleading. McGrathNicol must respond to the request within a reasonable period after the request is made and must not charge the individual for the making of the request or for correcting the personal information.
If McGrathNicol corrects personal information that it holds about an individual and that information was previously disclosed by McGrathNicol to another entity, McGrathNicol must take such steps as are reasonable to notify the other entity, if the individual requests McGrathNicol to do so.
If McGrathNicol refuses to correct the personal information as requested by the individual, McGrathNicol must give the individual a written notice that sets out:
the reasons for the refusal except to the extent it would be unreasonable to do so; and
the mechanisms available to complain about the refusal; and
any other matter prescribed by the regulations.
If McGrathNicol refuses to correct the personal information as requested by an individual, the individual may request McGrathNicol to associate with the personal information a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading. McGrathNicol must respond to the request to associate the statement within a reasonable period after the request.
11. Complaints and Contacting Us
The Act gives individuals the right to make a complaint to the Information Commissioner if an individual believes that a private sector organisation covered by the Act has breached an APP. Before making a complaint to the Information Commissioner, an individual should make the complaint to the organisation.
Any complaints about a breach of the APP by McGrathNicol should be made to McGrathNicol’s Privacy Officer who will acknowledge receipt of the complaint within a week and aim to provide a substantive response or resolution (where required and if possible) within one month.
The contact details for McGrathNicol’s Privacy Officer are as follows:
Name: Paul Sweeney
Telephone Number: +61 2 9338 2600
Postal Address: GPO Box 9986, Sydney NSW 2001
12. Changes to this Policy