Privacy Policy

At iAdvice Technology Pty Ltd (iAdvice, we, us, our), we recognise that the privacy and security of your personal information is fundamental to the trust you place in us. We are a boutique, privately owned financial advice practice, and we are committed to handling your personal information openly, transparently and in accordance with the Privacy Act 1988 (Cth) (the Privacy Act), the 13 Australian Privacy Principles (APPs), and all related obligations that apply to us as an Australian Financial Services (AFS) licensee.

Australia's privacy framework continues to evolve, including through the Privacy and Other Legislation Amendment Act 2024 (Cth), which has strengthened individuals' rights, enforcement powers and obligations on entities such as iAdvice. This Privacy Policy reflects our commitment to meeting those obligations as they take effect.

This Privacy Policy explains the kinds of personal information we collect and hold, how and why we collect it, how we use, disclose, secure and retain it, and how you can access, correct or complain about the personal information we hold about you. We require all of our staff, contractors and authorised representatives to comply with this Privacy Policy.

A summary of the APPs is available from the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au, or by contacting our Privacy Officer using the details in section 19.

This Privacy Policy applies to iAdvice Technology Pty Ltd and to each of its authorised representatives and advisers operating under AFS Licence No. 526700. It applies to personal information we collect from clients, prospective clients, and other individuals we deal with in the course of providing financial advice and related services.

iAdvice is not a registered tax agent. Where your circumstances involve taxation matters, we may work alongside your accountant or registered tax agent, and any personal information shared for that purpose is handled in accordance with this policy.

Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether or not the information is true and whether or not it is recorded in a material form. Examples include your name, address, date of birth, contact details, email address and financial details.

Sensitive information is a special category of personal information that attracts a higher level of protection. It includes information about your health, genetic information, biometric information (and biometric templates), racial or ethnic origin, political opinions, religious beliefs or affiliations, philosophical beliefs, sexual orientation or practices, criminal record, and membership of a professional or trade association, trade union or political association. We will generally only collect sensitive information about you with your consent, unless we are otherwise required or authorised by or under law to collect it.

Where it is lawful and practicable, you have the option of dealing with us anonymously or by using a pseudonym — for example, when making a general enquiry. However, as a provider of financial services we are subject to client identification and verification obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) and other laws. If you choose not to identify yourself in connection with the financial services we provide, we will generally not be able to assist you in those circumstances.

As a provider of personal financial advice, we are subject to legislative and regulatory requirements that require us to obtain and hold detailed information that identifies you and describes your circumstances. The categories of personal information we may collect and hold include:

• Identity and contact information — full name, date of birth, residential and postal address, telephone numbers, email address, and government-issued identity document details;
• Financial information — income, expenditure, assets and liabilities (actual and potential), bank account details, investment holdings, superannuation balances and insurance cover;
• Tax information — tax file numbers and PAYG / income details (see section 7);
• Employment details and employment history;
• Your financial needs, goals and objectives, and your investment preferences and tolerance for risk;
• Family and personal circumstances and social security / Centrelink eligibility information;
• Health information — only where it is relevant to a financial product or strategy, such as personal insurance; and
• Records of our dealings with you, including advice provided, file notes, and correspondence.

We collect the personal information described above to comply with our obligations under, among others, the Corporations Act 2001 (Cth), the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), the Taxation Administration Act 1953 (Cth), the Australian Securities and Investments Commission Act 2001 (Cth), the Superannuation Guarantee (Administration) Act 1992 (Cth) and the Superannuation (Unclaimed Money and Lost Members) Act 1999 (Cth).

If you do not provide the information we request, we may be unable to provide you with financial services, or the advice we provide may be incomplete or inappropriate to your circumstances, which may expose you to higher risk.

We generally collect personal information directly from you — through face-to-face or online meetings, telephone calls, email, our website, and client engagement or fact-find forms. Additional or updated information may be collected through any of these methods over the course of our relationship.

Collection notices (APP 5)

At or before the time we collect your personal information, we will take reasonable steps to notify you of the matters required by APP 5, including the purposes of collection, the consequences if information is not provided, the parties to whom we usually disclose information, and how to access this Privacy Policy. These collection notices supplement this policy.

Collection from third parties

We may also receive personal information about you from third parties such as your accountant, solicitor, family members, referral partners, product providers and government agencies. Where we collect information from a third party, we will, where reasonable and practicable, ensure you are aware of the matters set out in our collection notices.

Unsolicited information (APP 4)

If we receive personal information that we did not solicit and we determine that we could not have collected it under APP 3, and the information is not contained in a Commonwealth record, we will destroy or de-identify that information as soon as practicable, provided it is lawful and reasonable to do so.

If you provide us with personal information about another person (for example, a spouse, dependant or beneficiary), please ensure you have that person's consent and make them aware of this Privacy Policy.

Tax file numbers (TFNs)

We are authorised to collect TFNs under applicable taxation, superannuation and personal assistance laws, including the Income Tax Assessment Act 1936 (Cth). The collection, use and disclosure of TFNs is regulated by those laws, the Privacy (Tax File Number) Rule 2015 and the APPs. We only collect, use and disclose your TFN for purposes authorised by law, such as reporting to the Australian Taxation Office or giving effect to your instructions. It is not an offence to decline to provide your TFN, although this may have consequences such as tax being withheld at a higher rate.

Medicare and other government identifiers

We will only request Medicare details or other government-related identifiers where they are reasonably necessary for a purpose described in this policy or where required by a government authority, and we will not adopt a government identifier as our own identifier for you.

We use and disclose your personal information for the primary purpose for which it was collected — namely, providing you with financial advice and related services. This includes preparing and reviewing your financial plan and Statement of Advice, making and reviewing product and investment recommendations, implementing and administering your strategy, managing risk, and meeting our regulatory, compliance and record-keeping obligations.

We will only use or disclose your personal information for a secondary purpose where: you would reasonably expect us to and the purpose is related (or, for sensitive information, directly related) to the primary purpose; you have consented; or the use or disclosure is required or authorised by or under an Australian law, a court or tribunal order, or an APP exception (including circumstances involving serious threats to life, health or safety, or certain enforcement-related activities).

In the course of providing our services, we may disclose your personal information to:

• Product and platform providers, including superannuation fund trustees, investment platforms, custodians, insurers and reinsurers, and product issuers, to give effect to our advice and your instructions;
• Our authorised representatives and advisers, who will be your point of contact and who are bound by this Privacy Policy;
• Third-party service providers engaged by us, including IT, cloud hosting, software, administration, paraplanning, mail-house and professional service providers, under arrangements that require them to protect your information;
• Your other professional advisers, such as your accountant, registered tax agent or solicitor, where you have authorised us to do so;
• Regulators and government authorities, including the Australian Securities and Investments Commission (ASIC), the OAIC, the Australian Transaction Reports and Analysis Centre (AUSTRAC) and the Australian Taxation Office (ATO);
• The Australian Financial Complaints Authority (AFCA) and other external dispute resolution bodies, where relevant to a complaint;
• Our professional or industry bodies, including the Financial Advice Association Australia (FAAA), which may inspect certain records to monitor compliance with professional standards; and
• A purchaser or potential purchaser in connection with a sale of our business (see below).

Direct marketing (APP 7)

We may use your personal information to contact you with information about our products, services, special offers, events and updates that may be of interest to you, by email, mail or telephone. We will not use sensitive information for direct marketing without your consent. You can opt out at any time using the unsubscribe facility in our communications or by contacting our Privacy Officer, and we will action your request within a reasonable period (generally within 30 days).

Sale of business

In the event of a sale or proposed sale of our business, we may disclose personal information to a prospective purchaser for the purpose of due diligence, on a confidential basis and on terms requiring the information to be protected and used only for that purpose. If a sale proceeds, we will take reasonable steps to notify you.

Some of the third-party service providers we rely on — in particular cloud hosting, data storage and software providers — may store or process personal information on servers located outside Australia. As at the date of this policy, the overseas locations to which your personal information may be disclosed or in which it may be stored are primarily the United States and the European Union / European Economic Area, and may include other locations in which our service providers operate from time to time.

Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure the recipient handles your information in a way that is consistent with the APPs, including through contractual data-protection and security commitments. A current list of the overseas locations to which we disclose personal information can be obtained from our Privacy Officer.

We use technology — including data tools and, increasingly, artificial-intelligence-assisted tools — to help us gather information, prepare documents and support our analysis. We do not make decisions that have a legal or similarly significant effect on you using wholly or substantially automated processes. A qualified human adviser reviews and is responsible for all advice and recommendations before they are provided to you.

We are preparing for the automated-decision-making transparency requirements being introduced under the Privacy Act (APP 1.7–1.9), which apply from 10 December 2026. Where we adopt any computer program that makes, or substantially assists in making, a decision that could reasonably be expected to significantly affect your rights or interests, we will update this Privacy Policy to describe the kinds of personal information used, the types of decisions involved, and how you can seek human review.

We take reasonable technical and organisational steps to protect your personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. These measures include:

• Technical controls — encryption of personal information in transit and at rest, multi-factor authentication, role-based access controls limiting access to those who need it, secure cloud storage, network protection, timely patching and vulnerability management, and secured backups;
• Organisational controls — privacy and security training for our people, confidentiality obligations, a documented incident-response capability, data-governance practices, and due diligence over the third-party providers we engage; and
• Physical controls — secured premises and secure handling and storage of any physical records.

While we take these steps, no method of transmission or storage is completely secure. We continually review and improve our security practices to keep pace with emerging threats and our obligations as an AFS licensee.

We retain personal information for as long as it is needed for the purposes described in this policy and to meet our legal and regulatory obligations. In particular, as an AFS licensee we are generally required to retain records of personal advice provided to retail clients for a minimum of seven years.

When personal information is no longer required for any purpose for which it may be used or disclosed, and we are not required by law or a court or tribunal order to retain it, we will take reasonable steps to destroy it or to de-identify it.

Anti-money laundering records

In handling information collected to verify your identity, we apply data-minimisation practices consistent with our obligations under the AML/CTF regime — including the updated record-keeping requirements applying from 31 March 2026 — and we limit the retention of identity-verification material to what is reasonably necessary and permitted.

We are subject to the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act. We maintain processes to identify, contain, assess and respond to data-security incidents.

If we suspect an eligible data breach has occurred — broadly, unauthorised access to or disclosure of personal information (or loss of information where unauthorised access or disclosure is likely) that is likely to result in serious harm — we will carry out a reasonable and expeditious assessment, generally within 30 days of becoming aware of the relevant circumstances. Where we are required to do so, we will notify the affected individuals and the OAIC in accordance with the NDB scheme, and we will coordinate with any other notification obligations that apply to us.

You may request access to the personal information we hold about you at any time by contacting your adviser or our Privacy Officer. Subject to the exceptions permitted by the Privacy Act, we will give you access by providing copies, allowing inspection, or providing an accurate summary. We will respond to access requests within a reasonable period (we aim to do so within 30 days).

We may decline to provide access in limited circumstances permitted by law, including where:

• giving access would pose a serious threat to the life, health or safety of any individual, or to public health or safety;
• giving access would have an unreasonable impact on the privacy of others;
• the request is frivolous or vexatious;
• the information relates to existing or anticipated legal proceedings and would not be accessible by discovery in those proceedings;
• giving access would reveal our intentions in negotiations with you in a way that would prejudice them;
• giving access would be unlawful, or denying access is required or authorised by law; or
• giving access would prejudice enforcement-related activities, or be likely to prejudice certain operations conducted by or on behalf of an enforcement body.

If we refuse access, we will give you written reasons (except where it would be unreasonable to do so) and information about how to complain. We may recover reasonable costs of providing access, but not for the making of the request itself.

Correction

We take reasonable steps to ensure the personal information we hold is accurate, up to date, complete and relevant. If you believe any information we hold is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us and we will take reasonable steps to correct it within a reasonable period. If we decline to make a correction, we will give you reasons and you may ask us to attach a statement noting that you disagree.

Our website may use cookies and similar technologies that allow us to recognise your browser and understand usage patterns so we can measure interest and improve our site. Cookies do not, by themselves, identify you. Most browsers allow you to be notified of, and to decline, cookies. Our website may also contain links to third-party websites whose privacy practices are governed by their own policies, not this one.

If you believe we have mishandled your personal information or breached your privacy, please contact our Privacy Officer (section 19). We take complaints seriously: we will acknowledge your complaint, investigate it, and respond to you, ordinarily within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the OAIC at www.oaic.gov.au, by calling 1300 363 992, or by emailing enquiries@oaic.gov.au. For complaints relating to the financial services or advice we provide, you may also contact the Australian Financial Complaints Authority (AFCA), our external dispute resolution scheme, at www.afca.org.au, by calling 1800 931 678, or by emailing info@afca.org.au.

We review this Privacy Policy at least annually, and whenever our practices, systems or the law change. We will publish the current version on our website at iadvice.net.au/privacy.html, and we encourage you to check it from time to time. The reforms commencing in December 2026 will prompt a further update to this policy.

Further information about privacy in Australia is available from the OAIC at www.oaic.gov.au.

If you have any questions about this Privacy Policy, or wish to access or correct your information or make a complaint, please contact our Privacy Officer: