At Northcape Capital Pty Ltd (Northcape), we take our clients’ privacy seriously. We recognise our clients’ right to privacy and understand that the protection and confidentiality of their personal information is important to them. We maintain all personal information in accordance with the Privacy Act 1988 and the 13 Australian Privacy Principles (APPs) and adhere to the Notifiable data breach (NDB) scheme, laws and requirements.
How do we collect personal information?
Any information that identifies a client is deemed to be “personal information”. We primarily collect this information through our standard forms (for example, Northcape Trust Application Form) or when clients use certain products or services, or through telephone calls, emails, letters or other means.
When a client visits our website, we do not collect personal information about them unless they chose to provide this when lodging an enquiry or request.
We automatically receive and record information on our server logs from clients’ browser including their IP address, Northcape cookie information and the page they requested. This information is collected for trend and statistical purposes to enable us to analyse and enhance our website’s functions and capabilities. Northcape cookies do not identify clients. They simply allow us to track usage patterns so we can measure the level of interest in various areas of our site. Clients, who prefer to not receive cookies, can configure their browser to reject them or to notify them when they are being used.
If a client has general enquiry type questions, they can choose to do this anonymously or use a pseudonym. However, in general, clients will not be able to invest in our products or use our services if they deal with us anonymously or by pseudonym.
What personal information do we collect and hold?
The type of personal information Northcape collects from clients includes – their name, contact details (such as address and telephone number), date of birth, identification documentation, individual investment details, bank account information and other information that is relevant to our services and products we provide. We may be required to collect government-related identifiers, such as a tax file number. The Government’s anti-money laundering laws may also mandate us to collect additional personal information. Inter-governmental agreements regarding international tax information sharing also requires us to collect information about place of birth, residency and citizenship details.
If a client does not provide personal information to us, we may not be able to provide them with the services or information they require.
If we hold personal information about a client and that information is no longer needed by us, we will take reasonable steps to destroy or permanently de-identify the relevant information.
How we use and disclose personal information
Northcape will only use personal information for the purpose it was collected. These purposes include:
We may be required by law to disclose personal information. For instance, we may be required to provide details to:
Note that agreements between the Government of Australia and a foreign country may require relevant information we have provided to the ATO to be shared with the tax authorities of foreign countries.
In order to meet our investors’ needs and provide some investor services, such as administration of accounts and mailing of investor distribution statements, we may need to disclose personal information to Northcape’s external service providers. Disclosure may be made to the following persons for the purpose of account administration:
Northcape takes steps to ensure that these third parties are provided only the information necessary to perform their services and that they keep personal information confidential and use it only for the purposes for which they, and Northcape, are authorised.
In the event that our service providers have operations a foreign jurisdiction and need to disclose personal information to overseas recipients, Northcape ensures that its service providers take reasonable steps to ensure that any overseas recipient complies with the APPs or the recipient is subject to laws that protect the information in a way that is substantially similar to the way in which the APPs protect the information. Countries where we may send personal information include France, Singapore, India and the United States.
Clients may also authorise us to disclose information we hold about them to their financial adviser, administrator, custodian or other person nominated by them. The client’s express consent is required.
We will not sell or rent our clients’ personal information to anyone.
We take appropriate steps to protect the personal information we hold about our clients from misuse, loss, unauthorised access, modification or disclosure.
Northcape’s website account information is password-protected for privacy and security. It uses industry-standard SSL-encryption to protect data transmissions.
We cannot be held responsible for lapses in security caused by third-party access to information as a result of our clients’ failure to keep their personal information private.
We reserve the right to gather more extensive information about any attempted access to our website that raises security issues and, if appropriate, make disclosures to the relevant authorities.
How we manage a data breach
A data breach occurs when personal information held by Northcape is lost or subjected to unauthorised access, modification, use or disclosure or other misuse. Data breaches can affect different types of personal information and give rise to a range of actual or potential harms to individuals, agencies and organisations. Data breaches can be caused or exacerbated by a variety of factors, including human error or cyber attack and Northcape has measures in place to prevent data breaches and a data breach response plan.
In the unlikely event of a data breach which is likely to result in serious harm to one or more individuals and Northcape has not been able to prevent the likely risk of serious harm with remedial action, we will follow the Office of Australian Information Commissioner (OAIC) mandatory breach reporting guidelines and will invoke our data breach response plan to inform all relevant parties.
How to access personal information?
In many circumstances, clients can contact us to request access to personal information we hold about them. Sometimes it is not possible for us to give access in which case we will explain why.
We take all reasonable measures to ensure that the personal information we hold is accurate, complete and up-to-date. However, the accuracy of our clients’ information is largely dependent on what they provide us. If a client thinks their personal information may be inaccurate, incomplete or out of date, they can contact us to request it be updated.
Northcape gives clients the ability to delete their Northcape internet account by contacting Northcape directly.
How to make a complaint?
If client has a question, concern or a complaint regarding the way in which we handle their personal information, or if they would like further information about our privacy information handling practices, they can contact our Client Director using the contact details below.
A complaint should be made to our Client Director in writing. We will endeavour to respond to a complaint within 30 days.
If a client is not satisfied with our response to a complaint, they may lodge a complaint with the Financial Services Ombudsman Service. If the client remains dissatisfied with the outcome of a complaint following its determination by the Financial Ombudsman Service, they may lodge a complaint with the Office of the Australian Information Commissioner.
How to contact us.
To contact Northcape’s Client Director, Katie Orsini
Telephone: +61 2 8234 3629
Fax: +61 2 9279 2483
Office Address: Level 24, 45 Clarence Street, Sydney NSW 2000
Postal Address: GPO Box 3295, Sydney NSW 2001