Privacy Policy

PURPOSE OF PRIVACY POLICY

The purpose of the Privacy Policy is to outline how My Online Adviser Pty Ltd (My Online Adviser) and its
officers, advisers, agents and employees collect, use and retain personal and sensitive information. My
Online Adviser obtains and retains that personal and sensitive information in accordance with the
Australian Privacy Principles (APPs). The APPs were introduced by the Privacy Amendment (Enhancing
Privacy Protection) Act 2012 (Cth) (Privacy Amendment Act). The Privacy Amendment Act introduced
significant changes to the Privacy Act 1988 (Cth) (Privacy Act). The Privacy Amendment Act includes new,
harmonised, privacy principles that regulate the handling of personal information by businesses. This
Policy provides guidance on how to meet the privacy obligations imposed by the APPs, the Privacy
Amendment Act and the Privacy Act.

DEFINITION OF PRIVACY POLICY

Personal information means information individual who is reasonably identifiable:
Whether the information or opinion is true or not; and
Whether the information or opinion is recorded in a material formor not.
What constitutes personal information will vary, depending on whether an individual can be identified
or is reasonably identifiable in the particular circumstances.
However, common examples of personal information may include an individual’s name, signature,
address, telephone number, date of birth, medical records, bank account details, employment details
and commentary or opinion about a person.
This Policy applies to all officers, advisers, agents, employees, clients and shareholders of MY Online
Adviser. The Privacy Amendment Act states that the APPs apply to individuals, body corporates,
partnerships, unincorporated associations or trusts unless they are a small business operator. A small
business operator is defined as a business with an annual turnover of $3,000,000 or less for a financial
year, unless an exemption applies. The APPs and the Privacy Act extend to an act done, or practice
engaged in that has an Australian link. An organisation has an Australian link where it is:
an Australian citizen or a person whose continued presence in Australia is not subject to a legal
time limitation;

DEFINITION OF PRIVACY POLICY cont.

a partnership formed, or a trust created in Australia or an external
Territory; a body corporate incorporated in Australia or an external
Territory; or
an unincorporated association that has its central management and control in Australia or an
external territory.
Where an organisation does not fall within one of the above categories it will still have an Australian
link where:
it carries on business in Australia or an external Territory; and
the personal information was collected or held by the organisation or small business
operator in Australia or an external Territory, either before or at the time of the act or
practice.
We recognise that privacy is important. My Online Adviser includes any subsidiary companies. We are
bound by, and committed to supporting, the APPs set out in the Privacy Amendment Act. The
information set out below is largely a summary of the obligations under the APPs. For clarity, for the
purposes of the Privacy Act,
or an opinion about an identified individual, or an

WHO DOES THIS POLICY APPLY TO?

This Policy applies to all officers, advisers, agents, employees, clients and shareholders of My Online
Adviser. The Privacy Amendment Act states that the APPs apply to individuals, body corporates,
partnerships, unincorporated associations or trusts unless they are a small business operator. A small
business operator is defined as a business with an annual turnover of $3,000,000 or less for a financial
year, unless an exemption applies. The APPs and the Privacy Act extend to an act done, or practice
engaged in that has an Australian link. An organisation has an Australian link where it is:
an Australian citizen or a person whose continued presence in Australia is not subject to a legal time
limitation;
a partnership formed, or a trust created in Australia or an external Territory;
a body corporate incorporated in Australia or an external Territory; or
an unincorporated association that has its central management and control in Australia or an external
territory.
Where an organisation does not fall within one of the above categories it will still have an Australian link
where:
it carries on business in Australia or an external Territory; and
the personal information was collected or held by the organisation or small business operator in Australia
or an external Territory, either before or at the time of the act or practice.
OUR COMMITMENT
We recognise that privacy is important. My Online Adviser includes any subsidiary companies. We are
bound by, and committed to supporting, the APPs set out in the Privacy Amendment Act. The information
set out below is largely a summary of the obligations under the APPs. For clarity, for the purposes of the
Privacy Act,

APP 1: OPEN AND TRANSPARENT
MANAGEMENT OF PERSONAL
INFORMATION

The object of APP 1 is ‘to ensure that APP entities manage personal information in an open and
transparent way’. APP 1 imposes three separate obligations, to:
take reasonable steps to implement practices, procedures and systems that will ensure the entity
complies with the APPs and any binding registered APP code, and is able to deal with related
inquiries and complaints;
have a clearly expressed and up-to-date APP Privacy Policy about how the entity manages
personal information; and
take reasonable steps to make its APP Privacy Policy available free of charge in an appropriate form
and, where requested, in a particular form.
In accordance withthe aboverequirements,it is the policyof My Online Adviser that:
take reasonable steps to implement practices, procedures and systems that will ensure the entity
complies with the APPs and any binding registered APP code, and is able to deal with related
inquiries and complaints;
have a clearly expressed and up-to-date APP Privacy Policy about how the entity manages
personal information; and
take reasonable steps to make its APP Privacy Policy available free of charge in an appropriate form
and, where requested, in a particular form.
In accordancewiththe above requirements, it isthe policyof My Online Adviser that:
all persons to whom this policy applies are required to inform themselves of their obligations under
the APPs;
My Online Adviser will make available training as and when required to ensure persons to whom
this policy applies are aware of their obligations under the APPs;
all clients of My Online Adviser, its advisers and agents are entitled to access their private
information upon request;
any complaints by clients in relation to the handling of their private information should be
referred immediately to the Privacy Officer – Professional Standards;
howMy Online Adviser manages private information will be set outin this policy;
this policy will be freely available on any website operated by companies within My Online Adviser.
Further, advisers and agents to whom this policy applies should also include a link to the policy on
any website operated by them; and on request, clients are to have free access to this policy in any
form requested, so long as it is practical to do so.

APP 1: OPEN AND TRANSPARENT
MANAGEMENT OF PERSONAL
INFORMATION CONT.

My Online Adviser, its advisers and agents may collect and hold personal information such as a
person’s name, address, date of birth, income, tax file number (TFN) and such other information that
may be required from time to time in order to provide services to clients. This is collected directly
from its clients and personal information is held by either companies within My Online Adviser or its
advisers and agents. Any personal information held by My Online Adviser may be held in a number of
ways, for example:
hardcopy;
soft copy;or
offsiteon electronicservers.
Any personal information collected by My Online Adviser is solely for the purpose of providing services
to its clients and is not disclosed unless the disclosure is required in the performance of those services
(for example, a financial adviser disclosing a client’s information to a financial institution in order to
place an investment on behalf of that client).
Any client may seek access to their personal information by contacting the appropriate company
within My Online Adviser, or by contacting an adviser or agent of My Online Adviser directly. If a
correction is required to that personal information the client may make that amendment by
notifying the appropriate company within My Online Adviser, or by contacting an adviser or agent of
My Online Adviser directly. If a client considers that a breach of the APPs has occurred they can
direct their complaint to the Privacy Officer – Professional Standards.
The relevant contact details are: Privacy Officer – Professional
Standards C/- My Online Adviser Pty Ltd
m. PO Box 1715, Sunshine Plaza, QLD, 4558
e ryan@myonlineadviser.com
If a client is not satisfied with the outcome of their complaint they may lodge a complaint with the
Office of the Australian Information Commissioner (OAIC). Further information is available from the
OAIC’s website at www.oaic.gov.au.

APP 1: OPEN AND TRANSPARENT
MANAGEMENT OF PERSONAL
INFORMATION CONT

My Online Adviser will only disclose personal information of its clients to overseas recipients where
such disclosure is required to give effect to the instructions of a client (for example, where a client
receiving financial advice wishes to invest in overseas equities or to provide services to our clients, for
example, paraplanning services). It is not practical to list all countries to which this information may be
disclosed due to the variety of overseas financial services available to clients. My Online Adviser may
only disclose personal information to its related entities where the disclosure is relevant to the
provision of services to the client.
A copy of the My Online Adviser Privacy Policy is available free of charge upon request in either soft or
hard copy form. A copy of the My Online Adviser Privacy Policy is also available on the My Online Adviser
website: www.myonlineadviser.com

APP 2: ANONYMITY AND
PSEUDONYMITY

APP 2 provides that individuals must have the option of dealing anonymously or by pseudonym.
However, those options are not required where:
the entity is required or authorised by law or a court or tribunal order to deal with
identifiable individuals; or
it is impracticable for the entity to deal with individuals who have not identified themselves.
As the companies within My Online Adviser largely deal with clients in financial services, it is unlikely
that it would be practical for services to be provided to those clients without them having identified
themselves. Further, in most situations companies within My Online Adviser will be required under the
terms of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act) to
appropriately identify clients.
In instances where My Online Adviser has reason to believe that a person with whom they are dealing is
not whom they claim to be, a suspicious matter report may be required to be lodged with AUSTRAC.

APP 3: COLLECTION OF SOLICITED
PERSONAL INFORMATION

APP 3 outlines when you may collect solicited personal information. My Online Adviser is required to
only collect personal information that is reasonably necessary for one or more of its functions. As
outlined in clause 5.0 above, it is anticipated that personal information will be required to be collected
due to the financial services provided by My Online Adviser or companies related to it. Information
such as name, date of birth, address, income, TFN and other personal information will often be
required for services such as:
Financial advice;
Mortgage broking;
insurance;
financial product management; and
othermiscellaneousfinancialservices.

APP 3: COLLECTION OF SOLICITED
PERSONAL INFORMATION cont.

Where personal information is required to be obtained from clients in order for them to be provided
services from companies related to My Online Adviser, those clients must consent to the collection of
their personal information.
Personal information must only be collected by lawful and fair means. My Online Adviser must collect
personal information about an individual only from the individual, unless it is unreasonable or
impractical to do so.
Under APP 3 My Online Adviser must have the client’s consent to the collection of their
personal information.
Sensitive information should be treated with a higher level of protection than personal information.
My Online Adviser must not collect sensitive information about an individual unless the individual
consents to the collection of information and the information is necessary for the performance of a
particular function or service.
For example, the HIV status of a person and/or their sexual preference may be required to be collected
and in this case consent must be obtained from the client as this may be directly relevant to the
recommendation of insurance advice. The product provider’s insurance application generally includes a
declaration that covers consent of sensitive and personal information.
Sensitive information (according to the Privacy Act) includes but is not limited to:
Racial or ethnic origin;
Political opinions;
Membership of a political association;
Religious beliefs or affiliations;
Philosophical beliefs;
Membership of a professional or trade association;
Membership of a trade union;
Sexual orientation or practices; or
Criminal record.

APP 4: DEALING WITH UNSOLICITED
PERSONAL INFORMATION.

APP 4 outlines the steps that must be taken if unsolicited personal information is received. This means
that information has been received where an APP entity took no active steps to collect the information.
If My Online Adviser or its advisers and agents collects any unsolicited personal information it should
promptly assess whether that information could have been obtained in accordance with APP 3. If the
information could not have been obtained under APP 3 (for example, a client provides extra
information that would not normally be required without being prompted to do so) then steps must be
taken to destroy or de-identify the information as soon as practicable, if it is lawful and reasonable to
do so. If the information could have been collected in accordance with clause 6.0 then it should be dealt
with in accordance with APPs 5 – 13. Please see below for details.

APP 5: NOTIFICATION OF THE
COLLECTION OF PERSONAL
INFORMATION

If personal information about an individual is collected then reasonable steps must be taken to notify
the individual, or otherwise ensure that the individual is aware of certain matters.
theidentity and contact details of who collected the information;
thefact and circumstancesof collection;
whether the collection is required or authorised by law;
thepurposes of collection;
theconsequencesif personal information is not collected;
theusual disclosures of personal information of the kind collected by the entity;
information about the privacy policy and information on how they can access the personal
information and seek a correction (if required); and
whether it is likely that personal information will be disclosed to overseas recipients,
and if practicable, the countries where they are located.

APP 6: USE OR DISCLOSURE OF
PERSONAL INFORMATION

If information has been collected for a primary purpose, the entity must not use or disclose the
information for another purpose unless: the person consents to the use or disclosure of the
information; or one of the exceptions below applies: An exception applies in relation to the use or
disclosure of personal information about an individual if:
the client would reasonably expect My Online Adviser to use or disclose the information for
the secondary purpose and the secondary purpose is:
i.if the information is sensitive information—directly related to the primary purpose; or
ii.ifthe information is not sensitive information—related to the primary purpose of collection; or
the use or disclosure of the information is required or authorised by or under an Australian law
or a court/tribunal order; or
a permitted general situation 1 exists in relation to the use or disclosure of the information by My
Online Adviser; or
a permitted health situation 2 exists in relation to the use or disclosure of the information by the
entity; or
My Online Adviser reasonably believes that the secondary use or disclosure of the information is
reasonably necessary for one or more enforcement related activities conducted by, or on behalf
of, an enforcement body such as ASIC.
If My Online Adviser or its advisers and agents seek to disclose personal information, for any other
reason than the primary reason it was collected, then they must first contact the Professional
Standards department to have such disclosure authorised.
If My Online Adviser uses or discloses information under the above listed exceptions, then it must
make a written note of the use or disclosure.
In the event that My Online Adviser (e.g. an adviser) collects personal information and provides it
to a related body corporate (e.g. outsourced paraplanning service); then the paraplanning service’s
primary purpose for collecting information will be treated as the same primary purpose as the
adviser.

APP 7: DIRECT MARKETING

If personal information about an individual is held, that information must not be disclosed for the
purpose of direct marketing. There are exceptions where My Online Adviser and its members may use
personal information for direct marketing (other than sensitive information) when:
the individual would reasonably expect My Online Adviser to use or disclose the information for
that purpose;
My Online Adviser and its members provides a simple means by which the individual may request to
opt-out of receiving direct marketing communications from the organisation; and the individual has
not made an opt-out request in the past.
My Online Adviser may use personal information for the purposes of direct marketing where an
individual may not have reasonably expected the use of that information; however the individual must
provide consent. My Online Adviser and its members will ensure that any direct marketing
communications include a prominent statement that the individual may make a request to opt-out of
receiving direct.
E: A permitted general situation is a defined under section 16A of the Privacy Act Cth 1988
F: A permitted general health situation is defined under section 16B of the Privacy Act Cth 1988
Marketing communications or My Online Adviser will draw the individual’s attention to the fact that
they may make a request to opt-out of receiving direct marketing communications. My Online Adviser
may disclose sensitive information about an individual for the purposes of direct marketing if the
individual has consented to the use or disclosure of the information for that purpose. An individual may
request not to receive direct marketing communications from My Online Adviser
Any client of My Online Adviser or its advisers and agents may opt-out of receiving any direct
marketing materials by contacting:
Privacy Officer – Professional Standards C/- My Online Adviser
Pty Ltd
m. PO Box 1715, Sunshine Plaza, QLD, 4558
E: ryan@myonlineadviser.com
Where My Online Adviser, (e.g. an adviser) uses or discloses personal information about an individual,
for the purposes of direct marketing or for the purpose of facilitating direct marketing by another
organisation (e.g. a mailing house). The individual may make a request not to use or disclose their
personal information, (for the purpose of direct marketing communications) from either the adviser or
the mailing house, depending on who provided that information.

APP 7: DIRECT MARKETING cont.

Based on the above scenario an individual may make a request to the adviser to provide its source of
the information within a reasonable period, unless it is impracticable or unreasonable to do so. In
addition, where an individual makes a request to not receive direct marketing communications, My
Online Adviser must not charge the individual for the making of or giving effect to the request to opt out and must carry out this request within a reasonable period of time. This Privacy Principle does not
apply to the extent that any of the following apply:
theDo Not Call Register Act 2006
theSpam Act 2003
any other Act of the Commonwealth, or a Norfolk Island enactment, prescribed by the regulations

APP 8: CROSS-BORDER DISCLOSURE OF
PERSONAL INFORMATION

There are obligations under the APPs to ensure that personal information is not transferred to
another country. It is the policy of My Online Adviser that no personal information should be
transferred outside of Australia without the client’s prior approval. My Online Adviser may engage
third party service providers to assist in the provision of products or services.
Some services may require disclosure of personal information to service providers outside Australia
including the Philippines. The purpose of such disclosure is to facilitate the provision of services
including the preparation of financial advice documents for My Online Adviser and Professional
Investment Services, or other relevant CAF Group entities.

APP 8: CROSS-BORDER
DISCLOSURE OF PERSONAL
INFORMATION cont.

There are obligations under the APPs to ensure that personal information is not transferred to another
country. It is the policy of My Online Adviser that no personal information should be transferred
outside of Australia without the client’s prior approval.
My Online Adviser may engage third party service providers to assist in the provision of products
or services. Some services may require disclosure of personal information to service providers
outside Australia including the Philippines.
The purpose of such disclosure is to facilitate the provision of services including the preparation of
financial advice documents for My Online Adviser and Professional Investment Services, or other
relevant CAF Group entities. Some My Online Adviser advisers may elect to enter into their own
outsourcing arrangements to countries other than the Philippines.
If so, the advisers concerned will disclose these arrangements separately to their clients and take
reasonable steps to ensure that the overseas recipient (service provider) does not breach the APP,
unless the overseas recipient is subject to substantially similar laws to the APP which protect the
information.
Information can be provided to an overseas recipient if My Online Adviser expressly informs the
individual and the individual consents to that disclosure.
My Online Adviser will provide information to an overseas recipient if the disclosure is
required or authorised under Australian law or if a permitted general situation exists.

APP 9: ADOPTING, USE OR
DISCLOSURE OF GOVERNMENT RELATED
IDENTIFIERS

My Online Adviser and its members must not adopt a government related identifier, such as a tax
file number, as its own. Practically, this means that My Online Adviser could not for example, use a
tax file number as a client reference for filing purposes. Further, unless permitted My Online
Adviser must not disclose a government related identifier to a third party.

APP 10: QUALITY OF PERSONAL
INFORMATION

As part of the obligations under the APPs, My Online Adviser should take steps to ensure that all
personal data collected is accurate, up to date and complete. Therefore, My Online Adviser or its
advisers and agents should seek to regularly update the personal information of its clients.

APP 11: SECURITY OF PERSONAL
INFORMATION

My Online Adviser and its members should take reasonable steps to ensure the security of all client
personal information. What these reasonable steps will be will vary depending on the situation.
However, some practical steps that may be applicable are:
Personal information stored on a computer or hard drive that is password protected and not
available on a public network.
Personal information stored in hard copy that is kept in a lockable cabinet.

APP 11: SECURITY OF PERSONAL
INFORMATION cont.

Further, if personal information has been obtained, it should be destroyed or de-identified once it is no
longer required. Please note that there are certain obligations imposed that require client information
to be retained for a certain period of time. You should contact Professional Standards if you have any
queries as to how long personal information should be retained. My Online Adviser should take
reasonable steps to prevent misuse, interference, loss, unauthorised access, unauthorised modification
or disclosure of personal information.

APP 12: ACCESS TO AND CORRECTION
OF PERSONAL INFORMATION

If My Online Adviser, or its advisers and agents hold personal information about an individual, then on
request by the individual they must give access to that information. There are exceptions to the above
rule, such as whether disclosing that information would post a serious threat to the individual or if
giving access would be unlawful. However, My Online Adviser is not required to give an individual
access to the personal information if:
it reasonably believes that giving access would pose a serious threat to the life, health or safety of
any individual, or to public health or public safety;
access would have an unreasonable impact on the privacy of other
individuals; the request for access is frivolous or vexatious;
the information relates to existing or anticipated legal proceedings between the entity and the
individual and would not be accessible by the process of discovery in those proceedings;
giving access would reveal the intentions of the entity in relation to negotiations with the
individual in
such a way to prejudice those negotiations;
giving access would be unlawful;
denying access is required or authorised by Australian law or a court;

APP 12: ACCESS TO AND
CORRECTION OF PERSONAL
INFORMATION cont.

there is reason to suspect that unlawful activity or misconduct has been engaged in and giving
access would prejudice taking appropriate action;
giving access would prejudice enforcement activities by an enforcement body; or
giving access would reveal evaluative information generated within the entity in connection
with a commercially sensitive information process.
If My Online Adviser or its members receives a request to access personal information, My Online
Adviser must respond to that request within a reasonable timeframe. An access charge may be applied
to personal information however it must not be excessive and must not apply to the making of the
request. If access to personal information is refused then the individual must be informed in writing
that sets out why access was refused and how an individual is able to lodge a complaint about the
refusal.

APP 13: CORRECTION OF PERSONAL
INFORMATION

If personal information is held and either:
It is apparent that the information is inaccurate, out of date, incomplete, irrelevant or
misleading; or The individual requests the entity to correct the information;
Any request to correct information should be dealt with within a reasonable period after the request
was made. My Online Adviser and its members should also take reasonable steps to ensure that any
personal information held by third parties (provided by My Online Adviser) is also corrected. If a
request to correct personal information is refused then the individual must be informed in writing
that sets out why it was refused and how an individual is able to lodge a complaint about the refusal.
If My Online Adviser receives a request to correct personal information, My Online Adviser must
respond to that request within a reasonable timeframe.

APP 14: CLIENT CONSENT

You warrant that you understand:
• You have been informed that no members of the National Australia Bank group of companies are
responsible for the actions of a Third Party;
• You have been informed that no members of the National Australia Bank group of companies are
liable for any loss incurred as a result of a Third Party’s misuse of information it receives from us;
and
• We will obtain and keep a record of your consent to share the information contained in MLC data
feeds with the Third Party/ies nominated by you.
Your TFN is confidential, and MLC is authorised to collect and disclose your TFN under the
Superannuation Industry (Supervision) Act 1993 and Privacy Act 1988. MLC may use your TFN only for
lawful purposes, such as paying out money, identifying or combining superannuation benefits. These
purposes may change in the future as a result of changes to the law. Your TFN may be disclosed to the
trustee of another Fund or RSA provider if you choose to transfer your funds, unless you request in
writing for it not to be disclosed. You do not have to provide your TFN, and it’s not an offence if you
don’t, however MLC may reject your application or return any contributions or rollovers if your TFN is not
provided.
Terms and Conditions for Super Search For Members:
1. In using this electronic super search facility, I consent as follows:
(a) to the Trustee using my personal details, including my tax file number, to search from time to time
for any lost, unclaimed, inactive or active super I may have with other funds or the ATO through an
ATO search or through ATO authorised search facilities, as permitted under the Superannuation
Industry (Supervision) Act 1993 (Cth) and Regulations; and
(b) to the Trustee contacting me to seek my consent to rollover or transfer to my MLC account any
super I may have with other funds that it identifies.
2. The consent in paragraph 1 above continues until I opt out of this electronic rollover facility.
3. I acknowledge that the Trustee cannot guarantee that all of my super accounts will be found.

PRIVACY COMPLAINTS.

If individuals wish to complain about any breach or potential breach of this Privacy Policy
or the Australian Privacy Principles, our Professional Standards team can be contacted
through:
Privacy Officer – Professional Standards C/- My
Online Adviser Pty Ltd
m. PO Box 1715, Sunshine Plaza, QLD, 4558
e. ryan@myonlineadviser.com
The complaint will be acknowledged immediately or as soon as practicable and
investigated and responded to within 45 days, unless an extension is required. It is our
intention to use our best endeavours to resolve any complaint to an individual’s
satisfaction; however, if they are unhappy with our response, they are entitled to contact
the Office of the Australian Information Commissioner who may investigate the complaint
further.