Last updated 22 May 2023
This policy applies to information collected by Openmarkets Group Ltd and its related bodies corporate (“OMG” “we”). It outlines how we collect and use personal information that we hold about you in accordance with the Privacy Act 1988 (Cth) (“Privacy Act”) and the Australian Privacy Principles (“APPs”).
You're welcome to read below or download the pdf here.
Our commitment to you
At OMG we have set ourselves a high benchmark - to be the best possible technology solution provider for Australia's financial community. We believe in transparency and trust, and as a result, we have created and published this policy to best explain what data we collect, why, and how we use and handle your data.
Security and privacy is at the cornerstone of everything we do. When we do ask to use your data, we do so to best understand how you use our services so that we can provide a better product in the form of a better user experience.
Collection of personal information
We only collect personal information that is reasonably necessary for us to provide services. If you do not provide the information that we ask for, we may not be able to provide the products or services you have requested. We may collect information such as your name, address, phone number, email address, tax file number, bank account details, other information that may be required for identification purposes, information about your investments and transactions and other information related to the services we provide.
We treat the security and protection of your personal information very seriously and is at the core of how we build features and services.
We will collect your personal information directly from you or from your financial adviser or stockbroker when you apply to open an account with OMG including through your financial adviser or stockbroker. We may also collect your personal information as we provide services to you or your financial adviser or stockbroker. By using OMG’s services you consent to OMG collecting your information from your financial adviser or stockbroker or other person or entity who provides services to you. We may also collect information directly from you, such as when you provide the information by phone, email or in an application form or when you deal with us as a key contact or employee of a client or counterparty of OMG.
Use and disclosure of your personal information
OMG may use your personal information for the primary purpose of providing financial services as contemplated by the Openmarkets Financial Services Guide, as well as for related purposes such as:
- to verify your identity or transactions which you may enter into with us;
- to administer and manage the provision of our products and services;
- to provide you with offers of other OMG products or services;
- to comply with laws and regulatory requirements including complying with any request made by a governmental authority or regulator, including in connection with legal proceedings or the prevention or detection of fraud and crime;
- to comply with OMG's risk management policies and procedures;
- conducting due diligence as part of a pre-employment screening or acceptance of your account with OMG; or
- another purpose that relates to the primary purpose.
We may also collate, extract, copy, process or otherwise use the data from the Services in order to aggregate such data and anonymise it so as to remove any customer personal data (“Anonymised Data”). The Anonymised Data may be used by OMG for delivering or improving the Services (including for commercial benefit) or for other business purposes, and it may be shared with members of OMG and/or made available to third parties as part of the services (or otherwise), provided always that any use of the Anonymised Data by OMG, and any distribution of such Anonymised Data outside of OMG, is in accordance with applicable law.
For the purposes we have described, we may disclose your personal information:
- to our suppliers (including service and content providers), contract and service providers, your financial adviser or stockbroker, professional advisers, dealers and agents;
- to government agencies or individuals responsible for the investigation and resolution of disputes or complaints covering your use of our services and facilities including for example ASIC, AUSTRAC or the OAIC;
- other parties involved in the administration of your investments including (but not limited to) stock exchanges, product issuers, investment registries or mailing houses;
- anyone to whom our assets or business (or any part of it) is transferred (or offered to be transferred, subject to confidentiality provisions);
- other entities in the wider OMG group; or
- where you have otherwise consented or as otherwise required or authorised by law.
We may use suppliers to process your personal information from time to time (for example, Google Analytics).
Access and correction and updating personal information
Generally, we will provide you with access to your personal information that we hold within a reasonable time of your request unless an exception applies under the Privacy Act. If we refuse access, we will advise you in writing of our reasons for doing so and the mechanisms available for you to make a complaint. In some cases, we may charge you a reasonable administrative fee to provide you with access to this information.
If you believe the personal information that OMG holds is inaccurate, incomplete or out-of-date, we will take reasonable steps to correct your information within a reasonable period. If we have previously disclosed your personal information to another entity, you may ask that we notify the other entity of the correction. If we refuse correction, we will advise you in writing of our reasons for doing so and the mechanisms available for you to make a complaint.
You should keep us informed of any changes to your information by notifying us in writing (which may be through your financial adviser or stockbroker). We may also ask you to review, confirm and advise of us changes to your personal information.
Storage and security of information
OMG stores personal information in a combination of computer storage facilities, paper-based files and other records. We will take reasonable steps to protect personal information from loss, misuse, unauthorised access, modification or disclosure.
We protect our systems and your account from unauthorised access. If after a period of time (generally, 7 years) we are no longer required to hold your personal information, we may delete or destroy it.
Overseas disclosure of personal information
We may transfer personal information to related bodies corporate, unaffiliated service providers or other persons to whom we disclose personal information as described herein in locations beyond Australia (including, but not limited to, the United States, India, Vietnam, Singapore, the Philippines, and the United Kingdom) in the course of storing that information and when using or disclosing it for one of the purposes referred to above.
Prior to transferring personal information to an overseas recipient, OMG will take reasonable steps to ensure that your information is treated securely and the means of transfer provides adequate safeguards, and that the recipient does not breach the APPs in relation to that information.
Please be aware that overseas recipients and third parties may be from countries whose laws provide various levels of protection for personal data which are not always equivalent to the level of protection that may be provided under the Privacy Act and APPs.
This may mean for information sent overseas you do not have the protections of or any redress under the Privacy Act or in the foreign jurisdiction for any breach. The overseas recipient may not be subject to privacy obligations equivalent those under the Privacy Act and could be compelled by foreign law to make disclosure of the information.
Additional rights for EEA residents
The European Union (EU) and the United Kingdom (UK) have local data protection laws, such as the EU General Data Protection Regulation (GDPR) and United Kingdom General Data Protection Regulation (UK GDPR), which give more rights to individuals located in the European Economic Area (EEA) and the UK and more obligations to organisations holding their personal information.
In this section as it relates to individuals located in the EEA, “personal information” means any information relating to an identified or identifiable natural person.
The table below outlines your rights as an EEA resident and data subject:
The right to be informed how personal information is processed
You have the right to be informed how your personal information is collected and used. If we require your consent to process your personal information you can withdraw consent at any time. If you withdraw consent, we may not be able to provide certain products or services to you. The right to withdraw only applies when the lawful basis of processing is consent.
The right of access to personal information
You can access your personal information that we hold by emailing: firstname.lastname@example.org
The right to rectification
You have the right to question any personal information we have about you that is inaccurate or incomplete. If you do, we will take reasonable steps to check the accuracy and correct it.
The right to erasure
You have the right to ask us to delete your personal information if there is no need for us to keep it verbally or in writing. There may be legal or other reasons why we need to keep your personal information and if so, we will tell you what these are.
The right to restrict processing
You have the right to ask us to restrict our use of your personal information in some circumstances. In this situation we would not use or share your personal information while it is restricted.
The right to data portability
In some circumstances you have the right to request we provide you with a copy of the personal information you have provided to us in a format that can be easily reused.
The right to object
In some circumstances you have the right to object to us processing your personal information.
Rights in relation to automated decision making and profiling
We may use systems to make automated decisions based on personal information we have collected from you or obtained from other sources. You can request that we not make decisions based on automated score alone or can object to an automated decision.
The right to lodge a complaint with a supervisory authority.
You have the right to complain to the regulator if you are not happy with the outcome of a complaint. The UK data protection authority is:
Information Commissioner’s Office
Wycliffe House, Wilmslow
Cheshire SK9 5AF UK
For other European jurisdictions please refer to the European Commission website for details of the relevant data protection authorities.
Website and Cookies
When you come to OMG websites, we may collect certain information such as browser type, operating system, website visited immediately before coming to our site, etc. This information is used in an aggregated manner to analyse how people use our site, such that we can improve our service.
Our websites may from time to time have links to other websites not owned or controlled by us. These links are meant for your convenience only. Links to third party websites do not constitute sponsorship or endorsement or approval of these websites. Please be aware that OMG is not responsible for the privacy practises of other such websites. We encourage our users to be aware, when they leave our website, to read the privacy statements of each and every website that collects personal identifiable information.
Contacting us and complaints
If you wish to contact us for any purpose regarding this policy including making a complaint about the way we have handled your personal information (including if you think we have breached the Privacy Act) you may do so to our Compliance Manager in writing, to the email address set out at the end of this policy.
When you contact us, include your email address, name, address and telephone number and clearly describe your complaint. Our Compliance Manager will investigate the complaint and respond to you promptly.
If you consider that we have failed to resolve the complaint satisfactorily, and you are an individual located in Australia, you can complain to the Office of the Australian Information Commissioner (OAIC) or the Australian Financial Complaints Authority (AFCA).
How to contact our Compliance Manager:
How to contact AFCA:
GPO Box 3, Melbourne VIC 3001
1800 931 678
How to contact OAIC:
GPO Box 5218, Sydney NSW 2001
1300 363 992
Changes to this policy
This policy is subject to change from time to time as OMG considers necessary. We will publish material changes by making them available to you on our website.