Purpose of this policy

The purpose of this policy is to outline DomaCom Group’s policy in relation to the collection, storage, use, disclosure and other management of personal information.

Overview

The DomaCom Group (“DomaCom”), which includes DomaCom Limited (ACN 604 384 885), DomaCom Australia Limited (ACN 153 951 770), DomaCom Platform Services Pty Ltd (ACN 606 755 319) and DomaCom Singapore Private Limited (CRN 201433302G) is required to comply with the Australian Privacy Principles (APP) set out in the Privacy Act 1988 (Cth) (Privacy Act) and has developed a privacy policy, which details DomaCom Group’s management of personal information that it collects from individuals.

Rights to Privacy

DomaCom understands the importance of protecting individuals’ rights to privacy. We have prepared this statement to help you understand how we manage personal information and how we aim to protect the privacy of your personal information. In handling personal information, DomaCom is subject to the Privacy Act and complies with the Australian Privacy Principles in the Privacy Act. This policy describes the way DomaCom collects, uses, discloses and otherwise manages your personal information and your rights in relation to our management of your personal information. This policy may be updated from time to time.

What kinds of personal information does DomaCom collect?

For the purposes of the Privacy Act, personal information is information or an opinion, whether true or not and whether recorded in a material form or not, about an individual whose identity is apparent or can reasonably be ascertained, from the information or opinion.

Generally, DomaCom will collect personal information, such as your name and contact details including home address and e-mail address and any other information, necessary to provide our fund management and other services to you or to provide you with information about DomaCom and/or our products and services. The specific kinds of personal information we collect will depend on our dealings with you. For example, where you invest in a fund or other product of DomaCom , we may collect information such as your name, residential and business address, date of birth, contact details (such as email and phone numbers), income details, asset and liabilities information, tax details (whether in Australia or overseas) and financial statements, employment details and details regarding your financial or accounting advisors, as well as information regarding your investment in the fund or product and other dealings with DomaCom. Where you attend seminars, briefings or other events conducted by DomaCom or sign up for newsletters or other similar information services of DomaCom, we may collect information such as your name, contact details (such as email and phone numbers) and details regarding any funds, products or services you have expressed an interest in.

DomaCom will not generally collect or hold sensitive information about you unless DomaCom Group is required to do so by law. Sensitive information includes information about your race, political or religious beliefs, sexual preferences, criminal convictions, membership of professional or trade associations or unions or health information.

Collection of personal information

DomaCom collects personal information in a range of circumstances including where you apply to invest in a fund or other product of DomaCom, request information regarding DomaCom or its products or services, attend seminars or other events conducted by DomaCom, sign up for newsletters or other similar information services of DomaCom or otherwise engage with DomaCom Group. Where you are an investor in a fund or other product of DomaCom, DomaCom will collect personal information from you to process and establish that investment and also in the course of administering that investment.

Generally, DomaCom collects your personal information directly from you, for example when you complete an application form, provide information to us at seminars and other events or when you submit information to us via our website.

DomaCom’s website uses cookies to provide you with a better navigational experience based on your visits and activity. Cookies are small text files that are stored inside your web browser which identify you to a webpage during your session. No personal information is contained in the cookie. Cookies are also used to provide information to the owner of the site. If you are uncomfortable with the use of cookies, you can manage and control them through your browser, including removing or deleting cookies from your browser history.

There may also be occasions when DomaCom will collect your personal information from a third party. For example, DomaCom may collect your personal information from a publicly maintained record, a third-party broker, a person authorised by you (such as your accountant or financial advisor) or our agents or service providers (such as registry service providers).
In the event that DomaCom collects your personal information from a third party, we will take reasonable steps to inform you of certain matters, such as DomaCom’s identity and contact details.

Why does DomaCom need personal information?

DomaCom Group collects, holds, uses and discloses personal information for the purposes of operating its fund’s management business and providing its fund management and related services, including to:
• provide you with information regarding the funds and other products or services of DomaCom;
• process your application for investments in the funds or other products or services of DomaCom;
• establish your investment in a fund or other product or service of DomaCom; and
• administer your investment in a fund or other product or service of DomaCom.

Where you invest in a listed fund or other listed product of DomaCom, DomaCom will collect, hold, use and disclose your personal information to comply with its legal obligations under the listing rules or other relevant laws applying to that listed fund or other listed product.

DomaCom may also collect, hold, use and disclose personal information to undertake identification and verification processes in accordance with the Anti-Money Laundering and Counter-Terrorism Financing Act or any other relevant laws.

For certain investors, DomaCom may also be required to collect and disclose certain personal information to the Australian Taxation Office in order to comply with the Foreign Account Tax Compliance Act (FATCA) or Common Reporting Standard (CRS).

A failure to provide your personal information may affect DomaCom’s ability to provide our range of products and services to you and may result in DomaCom not being able to process your application for investment in our funds or other products or otherwise provide services to you.

Direct marketing

In addition to the purposes set out above, DomaCom may collect, use and disclose your personal information to inform you of products, services or offers of DomaCom which may be of interest to you. Where you are an investor in a fund or other product of DomaCom, this may include providing you with direct marketing information regarding the other funds or products of DomaCom.

DomaCom may contact and communicate with you for the purpose of direct marketing via the telephone, post, facsimile, email or SMS.
If you do not want to receive this information or do not want DomaCom to use or disclose your personal information for direct marketing purposes, you can opt out via DomaCom’s unsubscribe link in our marketing emails or by contacting our Privacy Officer or by letting us know that you wish to opt out of receiving this information and/or DomaCom using or disclosing your personal information for direct marketing purposes.

Sharing information with other organisations

DomaCom may disclose your personal information to third parties for the purposes detailed in paragraphs 3.4 and 3.5 above.

The types of organisations to which DomaCom may disclose the personal information DomaCom holds about you include:
• your adviser and dealer group;
• the other entities within DomaCom or other related companies of DomaCom (such as subsidiaries or holding companies of Group entities);
• any third-party service provider DomaCom may engage to provide custody, registry, administration, technology, auditing, mailing, printing or other services;
• Government authorities (which may from time to time include overseas governing bodies and regulators) when and to the extent required by law; and
• DomaCom’s professional advisers (including legal and accounting firms, auditors, consultants and other advisers). Such disclosure will only be done on a confidential basis.

DomaCom does not currently disclose personal information to recipients located overseas or have established plans to do so. If DomaCom is likely to disclose personal information to recipients located overseas, DomaCom will update this privacy policy regarding the likely disclosures (including, if it is practical to do so, the countries in which such overseas recipients are likely to be located).

Security of your personal information

DomaCom may hold personal information in both hard copy and electronic forms.

DomaCom will take all reasonable steps to ensure that the personal information it holds is protected against misuse, loss, unauthorised access, modification or disclosure. Personal information is held on secured servers or in storage located in controlled, access restricted environments. DomaCom’s employees (including senior management) are aware of their obligations and the importance of good information handling and security obligations. They are required to maintain the confidentiality of any personal information held by DomaCom.

Personal information may also, in certain circumstances, be held on behalf of DomaCom in hard copy or electronic forms by DomaCom’s service providers (such as offsite document storage providers or electronic data storage providers). DomaCom enters into agreements with such service providers which impose confidentiality and privacy obligations on the service provider.
DomaCom will also take reasonable steps to destroy or permanently de-identify personal information if it is no longer needed for the purposes stated under this policy.

Data breach notification

From 22 February 2018, in accordance with the Privacy Act, DomaCom will report certain data breaches (known as Notifiable Data Breaches) to both individuals affected by the breach and the Office of the Australian Information Commissioner (OAIC) as well any applicable international bodies where required. A data breach is when personal information held by an entity is lost or subjected to unauthorised access, modification, disclosure, or other misuse or interference. Some data breaches are notifiable under the Privacy Act.

A notifiable data breach may occur where personal information held by an agency or organisation is lost or subjected to unauthorised access or unauthorised disclosure.

To be a notifiable data breach, the data breach must, depending on the circumstances, be one that may or is likely to result in serious harm to an individual whose personal information was part of the data breach. Whether the harm is serious harm to an individual depends upon a variety of circumstances but may include serious physical, psychological, emotional, economic, financial and reputational harm.

DomaCom has procedures in place to ensure that any identified or suspected data breaches are dealt with promptly, appropriately and escalated accordingly.

Can you access the personal information DomaCom holds about you?

DomaCom will take steps reasonable in the circumstances to ensure that the personal information DomaCom collects, holds, uses and discloses is accurate, complete, up-to-date, relevant and not misleading.

You have the right to request access to the personal information DomaCom collects and holds about you. You also have the right to request correction of the personal information DomaCom collects and holds about you.

You have a right under the Act to request corrections to any personal information that DomaCom holds about you if you think that information is inaccurate, out-of-date, incomplete, irrelevant or misleading.

When DomaCom receives such a request it will take all reasonable steps in the circumstances to ensure that, having regard to the purpose for which it is held, the information is accurate, up-to-date, complete, relevant and not misleading.

If DomaCom is unable to or determines that it should not, make the correction you request it will inform you of this in writing, giving reasons for its decision and advising you about how you can complain about that decision.

If DomaCom refuses or is unable to correct the personal information for any reason it will, if you request, take reasonable steps to associate with the information a statement from you noting that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading in such a way as to make that statement apparent to users of the information.
If at any time you would like to request access to or correction of the personal information about you DomaCom collects and holds you can contact our Privacy Officer using any of the below contact details:

Contact

DomaCom has appointed a Privacy Officer to assist you with any inquiries, complaints or feedback you may have. Please contact our Privacy Officer at:

Privacy Officer
DomaCom Limited
Level 6, 99 Queen Street,
MELBOURNE 3000
Phone: +61 3 9452 0230
E-mail: privacy@domacom.com.au

DomaCom will seek to respond to requests for access to or correction of personal information within 30 days of the date of the request.

If DomaCom refuses any request for access to or correction of personal information held by DomaCom Group, written reasons for that refusal will be provided by DomaCom.

Privacy Complaints

Please direct all privacy complaints to our Privacy Officer in the first instance. Privacy complaints will normally need to be made in writing.
A privacy complaint relates to any concern or dispute that you have with our privacy practices as it relates to your personal information.

This could include matters such as:
(a) if you believe DomaCom has breached the APP’s, a binding registered APP code or any other relevant obligations under the Privacy Act with respect to your personal information;
(b) how your personal information is collected;
(c) how your personal information is stored;
(d) how your personal information is used or disclosed; or
(e) how access to your personal information is provided.

At all times, privacy complaints will:
(a) be treated seriously;
(b) be dealt with promptly;
(c) be dealt with in a confidential manner; and
(d) not affect your existing obligations to the commercial arrangements that exist between DomaCom and you.
The Privacy Officer will commence an investigation into your complaint and will respond to the complaint within a reasonable period of time. You will be informed of the outcome of your complaint following the completion of the investigation. In the event you are dissatisfied with the outcome of your complaint, you may refer the complaint to the Office of the Australian Information Commissioner.

Questions and concerns

If any individual including DomaCom Staff has questions or concerns from time to time about the subject matter or requirements of this policy, that person should contact the DomaCom Group Privacy Officer in the first instance using the contact details set out in paragraph 4 of this policy.

Review of policy

This policy will be reviewed at least annually (or more regularly if there are changes to the legal or regulatory framework which applies to this policy) to ensure it is renewed and updated appropriately. DomaCom will notify any changes by posting an updated version of the policy on DomaCom website at http://www.domacom.com.au

Legal and regulatory framework

DomaCom collection, storage, use, disclosure and other management of personal information is subject to relevant legislation, including the Privacy Act.
Amongst other things, the Privacy Act sets out 13 Australian Privacy Principles, which are binding principles that DomaCom is required to comply with in relation to DomaCom’s collection, storage, use, disclosure and other management of personal information.

The Office of the Australian Information Commissioner is the statutory agency responsible for a number of functions in relation to the Privacy Act, including conducting investigations handling complaints and reviewing notifiable data breaches in relation to the Privacy Act and the Australian Privacy Principles.

Definitions

In this policy, unless the context otherwise requires:
APP means the Australian Privacy Principles as set out in the Privacy Act 1988 (Cth).
Corporations Act means the Corporations Act 2001 (Cth).
DomaCom Entity means any member of the DomaCom Group and any of the DomaCom Funds.
DomaCom Fund means any managed investment scheme managed by DomaCom or any other member of the DomaCom Group.
DomaCom Group means DomaCom Limited and any of its controlled or related entities.
Privacy Act means the Privacy Act 1988 (Cth).
Privacy Officer means the DomaCom Group staff member appointed from time to time to assist with overseeing privacy compliance within DomaCom Group.

Updated:  13 August 2018