At Planwise Paraplanning, we highly value your trust and confidence in us and want to assure you that your and your client’s personal information is kept completely confidential by us. As a Certified Partnership Paraplanning firm, we adhere to the highest level of professional ethical responsibility and obligations to protect the confidentiality of all your information.
We collect information about you and your client once you have agreed to use our services and subsequently when you provide information to us to allow us to undertake the required work.
In order to meet your needs in the course of Statement of Advice preparation and Financial Planning, we collect various types of personal information about you and your client from the following sources: Information that we receive from you or over the telephone, when you send us information via email, upload on software or on our website in preparing statement of advice or in providing other services to you.
We do not contact your end clients directly or indirectly:
Clients name, address, birth date,
Tax File Number (TFN),
Employment details, personal health and insurance information
Financial information – such as Income, expenses and investment sources and amounts, other tax and financial attributes about clients.
Sharing Personal Information
PlanWise Paraplanning will approach third party institutions, on your behalf, to obtain information relating to your client’s financial arrangements; provided you have obtained the necessary authority from the client concerned, and you have given us express permission to do so. PlanWise Paraplanning shall not involve any other third party in the processing of the Data without the consent of the Data Controller. If consent is given a further processing agreement will be required with the Third Party.
Where you provide us with the personal data of another person ("Third Party Personal Data" – i.e. the financial details of your clients to allow the preparation of reports) you confirm that they consent to the processing of their personal data and that you have informed them of our identity and the purposes for which their personal data will be processed.
Information we receive from you, or send to you, at your request if you contact us online. We will retain the information you provide us to deliver email messages to you. We may retain the content of your email messages, your email address, and our subsequent response to you.
Storage and Data Security
1. Data Protection and Confidentiality:
The security of your client’s personal information is important to us and we always endeavour to keep information safe using encrypted PCs and up-to-date antivirus software.
We use technical and organisational measures to safeguard your client’s personal data. All the data that we collect and store on a cloud-based server is encrypted.
2. Data Security:
We have taken the necessary measures to ensure our data integrity is not compromised. Our secure delivery centre is equipped with the latest technology, infrastructure and dedicated technical staff to ensure our working environment has complete reliability and security for our client’s data.
3. Physical access
Biometric scanners and access cards are required to enter our offices. Only authorised personnel are allowed to enter the office. Staff are required to keep personal belongings including bags, books or mobile devices in secure lockers outside the main processing centre.
4. Non- Physical Controls
Internet activity is heavily controlled with websites required to be added to a “whitelist” before they can be accessed. Staff cannot access personal emails from the office and work emails cannot send data outside the office. Our intranet, internal portals, software and sites have IP Authentication in place so that no one can access these records outside our office premises.
All data related to work save on our Cloud-based server and stored data on the PC is disabled. CD Rom and other drives (USB) have been removed. Access to physical/removable drives (external hard drives) has been disabled. Printers and scanners are also not available within the office premise.
5. Software and System Security
Access to our internal software is password protected with strength measurement. Passwords are also required to be updated on a regular basis. All terminals include screen snapshots and are regularly audited to ensure staff are following security guidelines.
6. Use of Firewall & Antivirus
All our terminals and servers are installed with firewalls, antivirus software, intrusion detection software and prevention systems to minimise any exploits or attacks. Our security software is kept updated at all times and when required. All PC’s within our organisation have an auto-lock feature to ensure PC’s are not kept unlocked.
7. Cloud computing
Cloud Computing is a computing service that involves a galaxy of computers/servers which stores, forwards, process and transmits the data into a computer and which may further be processed in another and retained in another system by sharing resources such as software storage services in a cloud that may be connected through internet despite being separated by vast geographical distance. It is similar to LAN but has a wide coverage which enables users to access systems using a web browser irrespective of their physical location.
We use security measures to safeguard your and your client's personal data. All the data that we collect and store on a cloud-based server is encrypted. To comply with global privacy regulations, we ensure that our cloud service provider implements technical and administrative controls to protect your data.
Disclosure of personal information
We hold your and your client's data under Legitimate interest and will be held for as long as you remain a client of PlanWise and require us to continue within the original client terms of engagement.
All the data that we collect and store on a cloud-based server is encrypted. The external Data Processors we use are:
Azure - we take advantage of multi-layered security provided by Microsoft across physical datacentres, infrastructure and operations in Azure.
Onedrive / Sharepoint – we use Microsoft OneDrive and Sharepoint to securely share files and documents that may contain client data, in accordance with our agreed service.
PlanWise will only share your and your client’s personal data where data protection law allows it, with adequate protection and where appropriate will have contracts in place to protect the security and confidentiality of your data for the following purposes:
To provide you with the information, products and services that you have requested from us.
To meet a legal or regulatory obligation.
To email in accordance with your communication preferences
Retention of personal information
We will retain your client’s personal information for as long as necessary to provide the services you have requested, or for other essential purposes such as performance of a contract, complying with our legal obligations, resolving disputes, and enforcing our policies
Reporting of Data breach
If there is a data breach that is likely to result in serious harm, we will take the following action:
Contain the information leak and asses the actual damage caused by the breach.
Prepare a statement detailing the breach
Immediately after providing the statement, notify each individual to whom the information relates to, or who are at risk.
If this is not possible, then we will:
Publish a copy of the statement on the website, and
Take reasonable steps to publicise the contents of the statement.
Review and change our systems and processes to ensure they are further secured against future breaches
1. Right to access and /or have your information provided to you
Under data protection legislation, you have the right to request access to information held about you. Where you have provided your consent to the collection and processing of your personal data. We hold a person’s data under Legitimate Interest and the data will be held for as long as you remain a client and require us to provide services, as set out in the Client Agreement.
You can gain access to the personal information that we hold. This is subject to exceptions allowed by law such as where providing you with access would have an unreasonable impact on the privacy of others. If we deny a request for access, we will provide you with the reasons for this decision. To request access please contact us (see “Contacting Us and Privacy Issues” below).
2. Right to opt out:
We respect your privacy considerations and hence provide an option to you, to not provide the data or information sought to be collected. Further, you can also withdraw your consent which was earlier given to Planwise, and the same must be communicated to us at email@example.com. You may withdraw that consent at any time. This will not affect the lawfulness of data processing based on consent before it is withdrawn.
3. Delete personal information
You can ask us to erase or delete all or some of the information about you and the client. We securely delete electronic files from our Cloud-based server and system/software.
Keeping /updating Information
We endeavour to take reasonable steps to ensure that the personal information that we collect, and use is accurate, complete and up-to-date. If you believe that any of the personal information that we hold is not accurate, complete or up-to-date please contact us (see “Contacting Us and Privacy Issues” below) and provide us with evidence that it is not accurate, complete and up-to-date.
If we agree that the personal information requires correcting, we will take reasonable steps to do so. If we do not correct your client’s personal information, we will provide you with the reasons for not correcting it. If you request that we associate with the information a statement claiming that the information is not accurate, complete and up-to-date we will take reasonable steps to comply with this request.
You can obtain further information on request about the way in which we manage the personal information that we hold, or you can raise any privacy issues if any at firstname.lastname@example.org.
Changes to this Policy
Please note that this Policy may change from time to time. We will not reduce your rights under this Policy without your explicit consent. We will post any Policy changes on this page and, if the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of Policy changes). We will also keep prior versions of this Policy in an archive for your review.