Registry Direct is bound by the Privacy Act 1988 (Cth) (‘Privacy Act’) and will protect your personal information in accordance with the Australian Privacy Principles. These principles govern how we can collect, use, hold and disclose your personal information, as well as ensuring the quality and security of your personal information.
Registry Direct’s commitment
Registry Direct is committed to maintaining the privacy of individuals whose personal information we collect in accordance with the Australian Privacy Principles (APPs), as well as other applicable laws and regulations affecting your personal information, including the Corporations Act 2001 (Cth) and ASX Settlement Operating Rules.
Personal information we collect
Registry Direct collects personal information about security holders, subscribers and each of their delegates which may include:
- Names, contact and residential and mailing address details;
- Phone numbers, mobile numbers and email addresses;
- Information in identification documents (for example, passport, driver’s licence);
- Tax file numbers and other government-issued identification numbers;
- Date of birth and gender;
- Bank account details, shareholdings and details of investments;
- Personal information about your spouse and dependants; and
- IP address (when you use our website).
How personal information is collected
We may collect your personal information about you through the following sources:
- In written form i.e. shareholder forms and/or written letters, emails sent by you or your representatives (for example: your advisers, accountant, broker etc);
- Electronically i.e. by accessing our website by you or your representatives (for example: your advisers, accountant, broker etc);
- The issuer i.e. from the issuer of your security holding; and
- An securities exchange.
When you visit a website hosted by Registry Direct we may set a ‘cookie’ on your machine (this is a small piece of system information stored on your hard drive) so when you next visit our site it links to your personal information that is stored on our system. If you do not wish us to use a cookie you can set your browser so it will not accept them.
We will take steps to ensure that personal information we hold is accurate, complete and up-to-date. If you think that we hold information about you that is incorrect in any way, please update that information via our website or contact us.
Why Registry Direct collects information
Registry Direct collects personal information about you so that Registry Direct can facilitate the efficient provision of the registry services. For example:
- Pay your dividends directly into a bank account provided by you;
- Send holding confirmations directly to you by the email provided by you;
- Provide important information about your security holding to your email or send important information to your mailing/registered address maintained by Registry Direct;
- To inform you of the products and services offered by the issuers of your securities and services offered by Registry Direct;
- To perform other registry functions such as system development, staff training, surveys and research;
- To prevent or investigate any fraud or crime (or suspected fraud or crime); and
- As required by law (for example, ATO reporting).
Disclosure of your information
Personal information is only disclosed in the course of providing our services. For example, personal information may be accessed by, or disclosed to, the party on whose behalf we are acting as registry, mail houses, doctors, legal advisers, insurers, regulators and courts. In some situations the law may require the provision of information to an individual’s spouse or former spouse.
Like many businesses, Registry Direct and our outsource partners may use other providers to help maximise the quality and efficiency of our services and our business operations. This means that individuals and organisations outside of Registry Direct and our outsource partners, such as mail houses, will sometimes have access to personal information held by us and may use it on our behalf. These providers are required to adhere to strict privacy guidelines and not to keep this information or use it for any unauthorised purposes. Registry Direct accepts no responsibility for any breach of privacy by third parties.
We will only disclose your personal information to a third party to provide you with a service that you requested or the services offered by the issuer of securities.
Under the Corporations Act 2001 (Cth) certain information about you as security holder must be included in the public register of the entity in which you hold securities and therefore this information will be disclosed and is in the public domain.
Cross-border disclosure of personal information
We have partnered with several trusted partners to provide digital services including marketing and communication services that may be performed overseas and as a result your personal information may be disclosed to a recipient in a foreign country.
We have taken all reasonable measures to ensure that these partners and providers do not breach the obligations under the Privacy Act. The partners and providers limit their access to your personal information to the extent necessary to do their job.
Some of these partners may have data centres in other locations outside of Australia. For example, personal information that we have collected directly from you, your personnel or from other representatives of your company are stored on servers overseas. By providing your personal information to us, you consent to the transfer of that information to our third-party partners who are located outside of Australia for that purpose.
Registry Direct may from time to time use your personal information for the purpose of marketing its products and services offered by us or by the issuer of your securities. We may send you marketing material through post, email and SMS. If you have indicated a communication preference i.e. email only, we will endeavour to use the preferred form of communication when practical.
If you would like to update your communication preferences or opt-out of receiving marketing material from us or for any of your security holdings maintained by us, please contact us.
Access & correction to information collected
Individuals will have access to their personal information collected via our website or directly from us and are able to notify us of any corrections which need to be made. However, there are exemptions as specified in the APPs where access may be denied. If your security holding is broker sponsored, you need to contact that broker to update your registered name or address.
We will only grant access by an individual to personal information where the individual has given appropriate identification verification, which may be required in writing and subject to the terms and conditions of the use of the services of Registry Direct. We reserve the right to impose charges for providing such access to information.
Security and storage of information
Where we store your information as a part of our services or to enable us to provide the services, we have developed security measures and implemented global standard operating procedures that cover the handling and storage of your information. These procedures are in turn localised to effectively ensure Australian standards are adhered to. Internally we have developed a set of standards to ensure our policies and procedures meet or exceed industry and government legislative requirements.
In some cases you may be using services that involve digital storage of your information, whether it is in the form of cloud storage, or as a result of us carrying out scanning services. In these cases we use the following measures:
- Firewalls and access logging tools that protect against unauthorised access to your data and our network.
- Secure work environments and workflow systems that prevent unauthorised access and copying of your personal information.
- Secure server and closed network environments.
- Encryption of data.
- Virus scanning tools.
- Ongoing security reviews.
- Personal information collected by Registry Direct may be accessed by our officers, employees, agents and delegates.
Personal information is stored in secure electronic databases and where applicable, on paper documents. Any information on paper documents is stored for a period of time determined by law or as agreed with the issuer of your security holding.
We take all reasonable measures to protect personal information that we hold from unauthorised access, modification or disclosure. We will, where practicable, destroy or permanently de-identify personal information that is no longer needed.
The digital landscape is constantly changing, so while these measures have been successful to date, the nature of the medium means that they cannot be relied upon to always be effective. We will keep striving to maintain the security of your digital personal information.
Visiting our website
When visiting this website, a record of your visit is logged and information is automatically recorded for statistical purposes to enable us to improve this site and our services. This information may identify you personally and Registry Direct may track information about individuals and their visits.
Links to other websites
How you can help protect your privacy
You can help protect your privacy by:
- Contacting us immediately when you change/update your contact details, such as your mailing/postal or registered address. If your security holding is broker sponsored, you need to contact that broker to update your registered name or address;
- Keeping your Security holder Reference Number (SRN) and/or Holder Identification Number confidential; and
- Keeping your login credentials such as username and password confidential.
The length of time we keep your personal data depends on what it is and whether we have an ongoing business need to retain it (for example, to provide you with a service you’ve requested or to comply with applicable legal, tax or accounting requirements).
We’ll retain your personal data for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our data retention policies and practices. Following that period, we’ll make sure it’s deleted or anonymised.
It’s your personal data and you have certain rights relating to it. When it comes to marketing communications, you can ask us not to send you these at any time – just follow the unsubscribe instructions contained in the marketing communication, or contact us.
You also have rights to:
- know what personal data we hold about you, and to make sure it’s correct and up to date;
- request a copy of your personal data, or ask us to restrict processing your personal data or delete it; and
- object to our continued processing of your personal data.
You can exercise these rights at any time by contacting us.
If you’re not happy with how we are processing your personal data, please let us know by getting in touch. We will review and investigate your complaint, and try to get back to you within a reasonable time frame. You can also complain to your local data protection authority. They will be able to advise you how to submit a complaint.
How to contact us
The Privacy Officer
PO Box 18366
Melbourne VIC 8003