Privacy Policy

Introduction

This Privacy Policy (“Policy”) applies to Ord Minnett Limited (ACN 002 733 048), Ord Minnett Management Limited (ACN 002 262 240), Ord Minnett Hong Kong Limited (CRN 1792608), and all associated corporate entities related to the Ord Minnett Group (collectively referred to as “Ord Minnett”, “OML”, “we”, “our” or “us”). It outlines how we collect, use, store and disclose personal information in compliance with applicable privacy laws in Australia and Hong Kong. In the course of providing our financial services, we collect and process personal information to meet regulatory obligations and business requirements. Our commitment to privacy ensures that all personal data is managed in accordance with:

  • The Privacy Act 1988 (Cth) (“Privacy Act”) and the Australian Privacy Principles (“APPs”); and
  • The Personal Data (Privacy) Ordinance (CAP. 486) (“PDPO”) of Hong Kong, including its six (6) Data Protection Principles (“DPPs”).

Where there is any inconsistency between the APPs and PDPO, our statutory duties under the applicable law shall prevail.

To the extent that it is necessary to do so, Ord Minnett also complies with the requirements of the EU General Data Protection Regulation (GDPR) as adopted by EU Member States. The APPs and the GDPR Policy share many common requirements.  Where an obligation imposed by the APPs and the GDPR are the same, but the terminology is different, Ord Minnett will comply with the terminology and wording used in the APPs, and this will constitute Ord Minnett’s compliance with the equivalent obligations in the GDPR.

If the GDPR imposes an obligation on Ord Minnett that is not imposed by the APPs, or the GDPR obligation is more onerous than the equivalent obligation in the APPs, Ord Minnett will comply with the GDPR (see the Appendix).

This Policy applies to all employees, clients, and third parties engaging with the Ord Minnett Group across Australia and Hong Kong. It ensures that personal data is collected fairly, used lawfully, and stored securely, in line with our commitment to transparency and accountability. In this Policy, defined terms are included in the Appendix.

Collection of Information

What types of Personal Information do we collect?

We collect personal information that is necessary to provide our products and services to you, to comply with legal and regulatory obligations, and to improve our business operations. Personal Information may include, but is not limited to your:

  • Name;
  • E-mail address;
  • Residential and/or postal address;
  • Date of birth;
  • Employer and employment details;
  • Bank account details;
  • Financial details, including investment history; and
  • Tax File Number (“TFN”) (Australia only)

Additionally, we may collect identification documents, including but not limited to your passport, driver’s license, or national identity card, as required under Know Your Customer (“KYC”) and Anti-Money Laundering (“AML”) regulations applicable in Australia and Hong Kong.

How do we collect your Personal Information?

We collect personal information directly from you when you:

  • Apply for our products and services;
  • Open or maintain an account with us;
  • Complete forms on our website or client portal;
  • Communicate with us via email, phone or other channels;
  • Attend events, seminars or meetings hosted by Ord Minnett; or
  • Apply for a position as an employee, contractor or volunteer.

We may also collect your personal information from third parties or publicly available sources, including:
We will only collect your personal information with your consent, unless an exemption applies under the Privacy Act or PDPO.

  • Financial advisers, brokers or professional service providers;
  • Your employer (for employment-related matters);
  • Credit reporting agencies (where legally permitted);
  • Regulatory bodies, law enforcement agencies, or government databases; or
  • Publicly available sources, including online directories and social media (where applicable and lawful).

What happens if you do not provide Personal Information?

You are not legally required to provide us with your personal information. However, if you choose not to provide certain information, we may be unable to:

  • Process your application or provide you with requested services;
  • Contact you with important updates about your account; or
  • Comply with regulatory or taxation requirements.

Certain services (such as financial advice, investment management, or regulatory compliance services) may require mandatory disclosures, such as TFNs in Australia or identity verification documents in Hong Kong. If you do not provide this information, you may not be able to access these services.

Use of Personal Information

How do we use your Personal Information?

We collect and use your Personal Information to provide financial products and services, manage client relationships, and meet regulatory obligations. Personal information is used for purposes, including but not limited to:

  • Providing financial products, services and investment advice to you;
  • Opening, maintaining and administering your account(s), including communicating with you regarding your account(s);
  • Performing internal functions such as compliance, audit, risk management, system development and security testing;
  • Managing transactions, processing payments, and facilitating financial settlements;
  • Resolving disputes, handling complaints, and responding to inquiries; and
  • Conducting market research to improve our products and services.

We will only use Personal Information for the purpose it was collected, or for a related purpose that is reasonably expected, unless we obtain your consent or are required to by law.

When do we use your Sensitive Information?

Sensitive Information (i.e. health data, background checks) will only be used when:

  • It is required for compliance purposes, such AML/CTF background checks;
  • You have explicitly consented to its use (e.g. dietary requirements for event participation);
  • It is required for the provision of a service to you (e.g. applying for life risk insurance); or
  • It is necessary to establish, exercise or defend legal claims.

Sensitive Information will not be used for marketing purposes without your prior consent.

Disclosure and management of your Personal Information

Who do we disclose your Personal Information to?

We may disclose your Personal Information to third parties in order to be able  to provide services to you, to comply with our legal obligations, or enhance our business operations. Third parties we may disclose your information to may include:

  • Any organisations involved in providing, managing or administering our products or services such as actuaries, custodians, external dispute resolution services, insurers, investment managers, or mail houses.
  • Financial institutions (banks or investment firms) for transaction processing;
  • Regulatory bodies (e.g. ATO, the Australian Securities and Investments Commission, ASX Group, Hong Kong Monetary Authority, Hong Kong Securities and Futures Commission);
  • Law enforcement agencies when required under Australian or Hong Kong Law;
  • Legal and professional advisers (i.e. lawyers, auditors, tax consultants);
  • External IT service providers for system management and security;
  • Underwriters, corporate advisers, and issue managers for financial transactions, including IPOs and secondary capital raisings; and
  • Employers and industry bodies (for employment verification where legally permitted).

We will only disclose personal information where:

  1. It is required or authorised by law (i.e. tax reporting, regulatory compliance);
  2. It is necessary to protect public interests (i.e. fraud prevention); and
  3. You have otherwise provided consent for the disclosure.

All third parties receiving Personal Information are contractually bound to maintain strict confidentiality and comply with privacy organisations.

How do we protect your privacy?

We implement security measures to protect Personal Information from unauthorised access, misuse, or loss. These measures include:

  • Secure storage and encryption of Personal Information;
  • Restricted access to Sensitive Information based on employee roles;
  • Multi-factor authentication for data access and transactions;
  • Regular security audits and compliance checks; and
  • Staff training on data protection and privacy regulations.

If you suspect any unauthorised access to your Personal Information, please contact us immediately.

Will your Personal Information be disclosed overseas?

We may disclose personal information to offshore entities where necessary, including:

  • Global financial institutions and custodians managing international assets;
  • Regulatory authorities in foreign jurisdictions (i.e. tax compliance for cross-border investments); or
  • Ord Minnett Hong Kong Limited for business operations.

In the event personal data is transferred outside Australia or Hong Kong, we will take reasonable steps to ensure:

  • The overseas recipient has adequate privacy safeguards aligned with APPs and PDPO standards;
  • The transfer is necessary for a contractual or legal obligations; and
  • Your explicit consent is obtained if required.

Links to third party websites

Our website may contain links to websites operated by third parties. These sites are not governed by Ord Minnett’s Policy, and thus we are not responsible for their content or data handling practices. We encourage users to review the privacy policies of any external websites before sharing Personal Information.

Accessing and correcting your Personal Information

How you can access your Personal Information?

You have the right to request access to the Personal Information we hold about you. To make a request, you may contact us in writing or through the designated contact points detailed in this Policy.

We may charge a reasonable administrative fee for providing access, where permitted by law. If we are unable to provide access, we will inform you of the reason, these may include legal restrictions or excessive burden.

How can you correct your Personal Information?

We will take reasonable steps to ensure the Personal Information we collect, hold, use or disclose about you is accurate, complete, up to date, relevant and not misleading. If you believe any information we hold is inaccurate, incomplete, out of date, irrelevant or is misleading, you may request a correction.

If we disagree with you correction request, we will:‍

  • Provide a written explanation of our decision; and
  • Allow you to provide a statement that disputes our records.

We may also update your information based on publicly available sources (i.e. telephone directories, business registers etc).

Protection of Personal and Sensitive Information

How do we protect your information?

We have security systems, practices and procedures in place to safeguard your privacy. Your Personal Information is stored on third party servers and is subject to regular audits. The people who handle your Personal Information for us have the training, knowledge, skills and commitment to protect it from unauthorised access or misuse.

Online security and risks

While we take all reasonable precautions to protect your information, internet data transmission carries risks. We recommend you:

  • Keep your passwords confidential;
  • Use antivirus and malware protection on personal devices; and
  • Avoid public Wi-Fi when accessing sensitive data.

If you suspect unauthorised access to the data we hold for you, please report it immediately to our Compliance Manager (contact details available below).

Cookies and tracking technologies

Our websites use cookies to enhance user experience. Please refer to our Cookie Policy if you require further information.

Users can disable cookies in their browser settings however this may affect website functionality.

Data governance and compliance

How long will we retain your Personal Information?

We are required by law to retain certain records of Personal information for varying lengths of time. Depending on the context surrounding the provision of your Personal Information, we may be required to retain records which include your Personal Information from seven (7) years to indefinitely. Where your information is not required to be retained under law, we will take reasonable steps to permanently destroy or de-identify your Personal Information when it is no longer required for the purpose for which it was collected.

Data breaches

In the event of a suspected or confirmed data breach, we will:

  • Investigate and assess the risks (likelihood of harm);
  • Notify affected individuals if required by law; and
  • Report serious breaches to the OAIC (Australia) or PCPD (Hong Kong).We encourage clients to monitor their accounts and report suspicious activities to us promptly.

Compliants and dispute resolution

How to lodge a complaint

If you believe we have mishandled your Personal Information or have not complied with the applicable privacy laws, you may file a complaint with our Compliance Manager. We have an effective complaints handling process in place. If you have a Privacy complaint, please contact us:

By email to: ordscompliance@ords.com.au
By mail to: The Compliance Manager, Ord Minnett Limited, Level 18 Grosvenor Place, 255 George Street, Sydney NSW 2000
By telephone to: (+612) 8216 6300

Please provide all relevant details, including:

  • Your full name and contact information;
  • Any identification or account number/s (if applicable);
  • A description of the issue and why you believe Ord Minnett has mishandled your personal information; and
  • Your preferred resolution for the matter.

On receipt of a complaint, we will provide you with details of our complaints handling process.
If you are dissatisfied with our response to your complaint, you can escalate your complaint to:

Office of the Australian Information Commissioner (Australia)

Privacy Commissioner for Personal Data (Hong Kong):

We encourage you to contact us first so we can address your concerns directly.

How do I contact the compliance manager?

If you have any questions regarding the Ord Minnett Privacy Policy or how your information is treated, please contact:

The Compliance Manager
Ord Minnett Limited
Level 18 Grosvenor Place255 George Street
Sydney NSW 2000
Email: ordscompliance@ords.com.au
Phone: (02) 8216 6300


Appendix: Definitions

In this Policy:

  • 'AFCA’ is the abbreviation for ‘Australian Financial Complaints Authority’. AFCA is an external and independent dispute resolution service.
  • ‘AFSL’ is the abbreviation for ‘Australian Financial Service License’.
  • 'Australian Law’ refers to an Act of the Commonwealth or of a State or Territory or regulations, or any other instrument, made under such an Act.
  • ‘Biometric Data’ includes voice recognition, facial recognition or fingerprint scanning.
  • ‘Collection’ applies broadly, and includes gathering, acquiring or obtaining personal information from any source, including but not limited to (as defined in the APP):
  • Individuals,
  • Other entities, and
  • Publicly available sources.
  • ‘Complaint’ means an expression of dissatisfaction made to or about us; related to our products, services, staff or our handling of a complaint, where a response or resolution is explicitly or implicitly expected or legally required.
  • ‘Consent’ refers to the express or implied consent given.
  • ‘Disclosing Information’ means providing information to persons outside OML.
  • 'Hong Kong Law’ includes the Personal Data (Privacy) Ordinance (“PDPO”) and six (6) Data Protection Principles (“DPPs”).
  • ‘IDR’ is an abbreviation for ‘Internal Dispute Resolution’.
  • ‘OAIC’ is an abbreviation for the ‘Office of the Australian Information Commissioner’.
  • 'Personal Data (Hong Kong)’ means any data relating to an identifiable individual as defined under the PDPO.
  • ‘Personal Information’ means information or an opinion, whether true or not, and whether recorded in a material form or not, about you as an individual, whereby your identity is apparent, or can be reasonably be ascertained, from the information or opinion (in general terms, this includes information or an opinion that personally identifies you either directly or indirectly);
  • ‘Reasonable steps’ means the actions or efforts we undertake to comply with the Privacy Act and the APPs, which must be objectively reasonable in the circumstances.
  • 'Record’ includes a document or an electronic or other device. As defined in s6(1) of the Privacy Act 1988 (Cth) (“Privacy Act”)
  • ‘Sensitive Information’ means the information or an opinion about an individual’s:
  • Racial or ethnic origin;
  • Political opinions;
  • Membership of a professional or trade association;
  • Membership of a trade union;
  • Sexual preference or practices;
  • Criminal record; or
  • Personal health.
  • 'Surveillance Data’ means any information captured through surveillance cameras, where an individual is identifiable.
  • 'TFN’ is the abbreviation for ‘tax file number’ and is defined in Part VA of the Income Tax Assessment Act 1936 (Cth).
  • 'Third Party’ means any party, individual or organisation who is collecting information from someone other than the person to whom it relates.
  • ‘Use’ means to handle, manage, or undertake an activity with personal information in our effective control.
  • ‘Web Browsing Information’ means any information associated with online interactions, including data collect via cookies (unless anonymised).

GDPR
The following are key terms used in the GDPR which are not used in the APPs:

  • “Controller” means the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data. (This is an APP entity under the Privacy Act.)
  • “Data Subject” means an identified or Identifiable Natural Person. (This is an individual under the Privacy Act.)
  • “Identifiable Natural Person” means one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. (This is an individual under the Privacy Act.)
  • “Personal data” means any information relating to a Data Subject. (This is similar to Personal Information under the Privacy Act.)
  • “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptions or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. (There is no single concept in the Privacy Act that is equivalent. The Privacy Act uses concepts of “collection”, “use” and “disclosure”.)
  • “Processor” means a natural or legal person, or other body which processes personal data on behalf of the controller. (There is no direct equivalent concept in the Privacy Act other than references to “third parties” who deal with personal information on behalf of or for an APP entity.)

    About

    HistoryLeadershipGiving BackContact UsCareers

    Insights

    ResearchNews

    Services

    Individuals & FamiliesNon-ProfitsInstitutionsCorporate FinancePrivate CapitalIntermediary Services

    Condensed Mobile Links

    ServiceServiceServiceServiceServiceServiceServiceService

    Want to join us?

    From senior leadership to our graduates, we’re invested in our employees and their careers.  

    Careers

    © 2024 Ord Minnett Limited. All Rights Reserved
    ABN 86 002 733 048 | AFSL 237121
    TermsPrivacyLegalForms