Privacy Policy

Pepperstone Group Limited


Company: Pepperstone Group Limited

ACN: 147 055 703

AFSL: 414530

Date Updated: February 2023



Risk Warning: trading leveraged products like Margin FX and CFDs puts your capital at risk


Section A – Introduction

1. Introduction

1.1 Protecting your privacy and keeping your personal information confidential is very important to us. This Privacy Policy (“Policy”) sets out how we collect and manage your personal and sensitive information, in compliance with the Privacy Act 1988 (Cth) (“Privacy Act”) and the Australian Privacy Principles (“APPs”).

1.2 In this Policy, we use the terms “we” “us” “our” or “Pepperstone” to refer to Pepperstone Group Limited and its related companies.

1.3 Personal information is any information or opinion about you that is capable (or reasonably capable) of identifying you, whether the information or opinion is true or not, and regardless of whether the information is recorded in a material form.

1.4 Sensitive information includes things like your racial or ethnic origin, political opinions or membership of political associations, religious or philosophical beliefs, membership of a professional or trade association or trade union, sexual orientation or criminal record. Your health, genetic and biometric information and biometric templates are also sensitive information. Sensitive information is also personal information for the purposes of the Privacy Act.

1.5 We collect personal and/or sensitive information to provide you with the products and services that you ask for, as well as information about products and services offered by us or third parties.

1.6 We may use your personal and/or sensitive information to administer our products and services, for prudential and risk management purposes and, unless you tell us otherwise, to provide you with related marketing information. We also use the information we hold to help detect and prevent illegal activity. We cooperate with police and other enforcement bodies as required by law.

1.7 We disclose relevant personal information to external organisations that help us provide services. These organisations are bound by confidentiality arrangements. They may include overseas organisations.

1.8 You can seek access to the personal information we hold about you. If the information we hold about you is inaccurate, incomplete, or outdated, please let us know so that we can correct it. If we deny access to your personal information, we’ll let you know the reason why. For example, we may give an explanation of a commercially sensitive decision, or give you access to the information through a mutually agreed intermediary, rather than provide you with direct access to evaluative information connected with the decision.

Section B – Collection of personal information

2. Why we collect your personal information

2.1 We only collect personal information when it’s reasonably necessary for us to do business with you.

2.2 We use your personal information to:

(a) verify your identity;

(b) provide you with the products and services that you’ve asked for;

(c) help us monitor, evaluate and develop our products and services;

(d) enable secure access to our client area;

(e) unless you tell us otherwise, keep you informed about our products and services and those of our relevant business and initiative partners, and tailor this information to your needs and interests;

(f) respond to any feedback, queries or complaints;

(g) provide you with technical support;

(h) participate in any third party acquisition or potential acquisition of an interest in us or our assets;

(i) comply with our legal obligations under the applicable laws; and

(j) take measures to detect and prevent fraud, crime or other activity which may cause harm to our business or our products and services.

3. Information we may collect

3.1 The personal information we collect about you generally includes the following:

(a) name;

(b) date of birth;

(c) postal or email address; or

(d) phone numbers, including home, mobile and work;

(e) fax number;

(f) information relating to an individual’s source of wealth;

(g) occupation;

(h) credit card details;

(i) bank account details, including institution name, branch, account name, bank identifier, and account number or IBAN;

(j) information relating to your trading experience;

(k) identification documentation, as required under the Anti-Money Laundering and Counter Terrorism Financing Act 2006 (“AML/CTF Act”), including:

(i) passport;

(ii) driver’s licence;

(iii) national identity card;

(iv) utility bills;

(v) trust deed;

(l) a Veda Check or other credit or bankruptcy check; and/or

(m) other information we consider necessary to our functions and activities.

3.2 We’re required by law to identify you if you’re opening a new account or adding a new signatory to an existing account. The AML/CTF Act requires us to sight and record details of certain documents (i.e. photographic and non photographic documents).

3.3 Where necessary, we also collect information on the following individuals:

(a) trustees;

(b) partners;

(c) company directors and officers;

(d) officers of co-operatives and associations;

(e) client’s agents;

(f) beneficial owners of the client; and

(g) persons dealing with us on a “one-off” basis.

3.4 We may take steps to verify the information we collect. For example, a birth certificate provided as identification may be verified with records held by the Registry of Births, Deaths and Marriages to protect against impersonation, or we may verify with an employer that employment and remuneration information provided in a credit application is accurate.

4. How we collect personal information

4.1 We may either collect personal information about you directly from you or from sources other than you when permitted under the AML/CTF Act. “Sources other than you” may include your agents, family members, friends, related entities, affiliates or divisions.

4.2 We may also collect information from you electronically, for instance, when you visit our website.

5. Incomplete or inaccurate information

5.1 If you provide us with incomplete or inaccurate information, we may not be able to provide you with the products or services that you ask for.

6. Consent

6.1 In most cases, we’ll obtain your consent to use and disclose your personal information for our intended purposes either before or at the time that we collect it.

6.2 If you don’t give us your consent or withdraw your consent, we may not be able to provide you with the products or services you ask for.

7. Withdrawing consent

7.1 You can withdraw your consent at any time. To withdraw your consent, please email support@pepperstone.com in the first instance.

8. Sensitive information

8.1 We’ll only collect sensitive information about you if we have your consent, or if we’re required or authorised by law.

9. Aggregated Data

9.1 Aggregated data is general data about groups of people which doesn’t identify anyone personally, for example the number of people in a particular industry that engage in forex trading. We use aggregated data to:

(a) help us to understand how you use our products and services and improve your experience with us; and

(b) customise the way that we communicate with you about our products and services so that we can interact with you more effectively.

9.2 We may share aggregated data with our business or industry partners.

10. Anonymity and pseudonymity

10.1 In certain situations we may be able to give you the option of using a pseudonym or remain anonymous when you deal with us. We’re only able to provide you with this option when it’s practical for us to do so, and if we’re not required by law to identify you.

11. Dealing with unsolicited personal information

11.1 If we receive personal information about you that we haven’t ask for, we’ll only retain it if we determine that:

(a) the information received is reasonably necessary for us to do business with you; and

(b) you’ve either consented to the information being collected, or it wasn’t practical or reasonable for us to obtain your consent in the circumstances.

11.2 If these conditions aren’t met, we will destroy or de-identify the information.

11.3 If the unsolicited information we receive about you is sensitive information, we’ll get your consent to retain it, regardless of what the circumstances are.

Section C – Integrity of Your personal information

12. Quality of personal information

12.1 We ensure that the personal information we collect and handle is accurate, up to date, complete and relevant.

12.2 Please contact us if any of the details you have provided to us change or if you believe that the information we have about you isn’t accurate or up to date.

12.3 We may also take steps to update the personal information we hold, for example, an address, by collecting personal information from publicly available sources such as telephone directories or electoral rolls.

13. Security of personal information

13.1 We’re committed to protecting the personal information we hold about you from misuse, unauthorised access and disclosure.

13.2 We’ve implemented a range of practices and policies to provide a robust security environment. We ensure the on-going adequacy of these measures by regularly reviewing them.

13.3 Our security measures include:

(a) educating our employees about their obligations when they collect and handle personal information;

(b) requiring our employees to use passwords when accessing our systems;

(c) encrypting data sent from your computer to our systems during internet transactions and client access codes transmitted across networks;

(d) employing firewalls, intrusion detection systems and virus scanning tools to protect against unauthorised persons and viruses from entering our systems;

(e) using dedicated secure networks or encryption when we transmit electronic data for purposes of outsourcing;

(f) practising a clean desk policy for all premises and providing secure storage for physical records; and

(g) employing physical and electronic security measures such as swipe cards, alarms, cameras and guards (as required) to protect against unauthorised access to buildings.

13.4 Where we identify that we no longer need certain personal information, we ensure that it’s effectively and securely destroyed. For example, we may shred paper records or use other means such as degaussing (de-magnetism of a device) and deletion in the case of electronic equipment and records.

Section D – Use or disclosure of personal information

14. Who we disclose personal information to

14.1 We may share your information with our related entities and third parties that we outsource functions to or partner with, in certain limited situations where it’s necessary for us to provide our products and services or perform associated business activities.

14.2 These entities and third parties include:

(a) brokers and agents who refer your business to us;

(b) our third party business partners or joint initiative providers;

(c) auditors we appoint to ensure the integrity of our operations;

(d) any person acting on your behalf, including your financial adviser, solicitor, settlement agent, accountant, executor, administrator, trustee, guardian or attorney;

(e) your employment referee (to confirm details about you);

(f) if required or authorised to do so, regulatory bodies and government agencies;

(g) credit reporting agencies;

(h) other financial institutions and organisations that you seek credit from them (at their request, so that they may assess whether to offer you credit); and

(i) other organisations who assist us to provide products and services by performing functions such as client contact, banking, payments, data processing, debt recovery, marketing and advertising, data analysis, business intelligence, website and technology services. They may also provide products and services that integrate with or complement our products and services.

14.3 We take our obligations to protect your information extremely seriously and make every effort to deal only with parties who share and demonstrate the same attitude. Each of the third parties that we contract with is carefully selected and is only authorised to use your personal information in a secure way, that's necessary for them to perform their services to us.

15. Disclosure required by law

15.1 We’ll also disclose your personal information if we’re required by law or permitted to do so under the Privacy Act.

Section E – Direct marketing

16. Direct marketing

16.1 Unless you’ve asked us not to, we may use your personal information to let you know about new or improved products and services and special offers that may be of interest to you.

16.2 If you don’t want us to use your personal information for marketing purposes, please:

(a) call us on 1300 033 375;

(b) write to us at support@pepperstone.com; or

(c) post a letter to the attention of the Head of Compliance at: Level 16, Tower One, 727 Collins Street, Melbourne, VIC 3008, Australia.

Section F – Cookies

17. What is a cookie

17.1 A cookie is a small file which asks permission to be placed on your computer’s hard drive. If your computer settings allow cookies, then the file is added and the cookie helps analyse web traffic or lets the site owner know when you visit a particular site.

18. Why we use cookies

18.1 Cookies help us provide you with a better website by enabling us to monitor the pages that you find useful and tailor our website to your needs, likes and dislikes by gathering and remembering information about your preferences.

18.2 We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration. This is statistical data about your browsing actions and patterns, and doesn’t identify you or anyone else as an individual.

18.3 We may disclose the data we collect through cookies to our related companies.

19. How to block cookies

19.1 Most web browsers allow you to adjust settings to erase cookies, disallow cookies, or receive a warning before a cookie is set. Please note that some parts of our websites may not function fully if you disallow cookies.

Section G – Cross border disclosure of personal information

20. Disclosing personal information to cross border recipients

20.1 Some of our related companies and third parties that we share information with may be located outside of Australia. These entities may be located in the United Kingdom, Cyprus, Germany, the UAE, Kenya, the Bahamas, Chile, the United States, Thailand, China, and other countries. We’ll only disclose your personal information to an offshore recipient once we have taken reasonable contractual and practical steps to ensure that:

(a) the overseas recipient doesn’t breach the APPs; or

(b) you’ll be able to take action to enforce the protection of a law or binding scheme that has the effect of protecting the information in a way that’s at least substantially similar to the way in which the APPs protect the information; or

(c) you’ve consented to the disclosure after we expressly tell you that there’s no guarantee that the overseas recipient won’t breach the APPs; or

(d) the disclosure of the information is required or authorised by or under an Australian law or a court/tribunal order; or

(e) a permitted general situation (other than the situation referred to in item 4 or 5 of the table in subsection 16A(1) of the Privacy Act) exists in relation to the disclosure of the information.

Section H – Adoption, use or disclosure of government identifiers

21. Adoption of government related identifiers

21.1 We won’t adopt a government related identifier (such as your Medicare or driver’s license number) as our own identifier unless required or authorised to do so under an Australian law, regulation or court/tribunal order.

22. Use or disclosure of government related identifiers

22.1 Before using or disclosing a government related identifier, we’ll ensure that such use or disclosure is:

(a) reasonably necessary for us to verify your identity for the purposes of doing business with you; or

(b) reasonably necessary for us to fulfil our obligations to a government agency or a State or Territory authority; or

(c) required by or authorised under an Australian law, regulation or a court/tribunal order; or

(d) within a permitted general situation (other than the situation referred to in item 4 or 5 of the table in subsection 16A(1) of the Privacy Act; or

(e) reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.

Section I – Access to, correction and erasure of personal information

23. Access, correction and erasure

23.1 If you’ve provided us with personal information, you have the right to request to access or correct it.

23.2 You may also at any time contact us to request erasure of your personal data. Please note that for legal reasons we might not always be able to comply with these requests. We’ll let you know if this is the case when you make your request. Please write to:

Head of Compliance

Pepperstone Group Limited

compliance.au@pepperstone.com

23.3 Requests for access to or correct limited amounts of personal information, such as checking to see what address or telephone number we have recorded, can generally be handled over the phone.

23.4 We’ll respond to your request as soon as we’re able to. In some cases we may ask you to pay an administrative fee to cover costs associated with your request. We’ll confirm the cost with you and confirm that you want to proceed before actioning your request.

23.5 We’ll endeavour to comply with your request within 30 days of hearing from you. To help us respond, please include as much detail as possible about the information that you want to access or correct and, if relevant, how you’d like to access the information.

23.6 We’ll always confirm your identity before providing you with access to your personal information.

24. Exceptions and refusal to give access, correct or erasure

24.1 In some circumstances we might have to deny your request for access correction, or erasure, or limit the access we provide. In either of these situations, we’ll let you know the reasons for our decision in writing. If you disagree with our decision, you can make a complaint following the process set out in section J of this Policy.

25. Access to a credit report about you

25.1 You have the right to ask for a copy of any credit report we have obtained about you from a credit-reporting agency. However, the best means of obtaining an up-to-date copy is to get in touch with the credit-reporting agency directly, as we may not have retained a copy after we have used it, in accordance with Part IIIA of the Privacy Act.

25.2 You have a right to have any inaccuracies corrected or, if there’s any dispute about accuracy, to have a note added to your credit reporting agency file explaining your position.

25.3 If we decline your credit application wholly or partly because of adverse information on your credit report, the Privacy Act requires us to let you know and tell you how you can go about getting a copy of your credit report.

25.4 The major credit-reporting agency in Australia is Veda Advantage Business Information Services Limited. It’s likely that you’ll need to contact this agency to access an up-to-date copy of your credit report and any correction of information on your file.

25.5 Veda Advantage Business Information Services Limited has established a specific public access division to handle these matters: Public Access Division, Veda Advantage Business Information Services Limited, PO Box 964, North Sydney NSW 2059.

Section J – Contact us and complaints

26. Contact

26.1 If you have any questions or would like further information about our privacy and information handling practices, please contact us using one of the following channels:

(a) Email: support@pepperstone.com; or

(b) Phone: 1300 033 375; or

(c) Post: Level 5, 530 Collins Street, Melbourne, VIC, 3000 – for the attention of the Head of Compliance.

27. Making a complaint

27.1 We offer a free internal complaint resolution scheme to all of our clients. If you have a privacy complaint, please contact us using the details above to discuss your concerns.

27.2 To assist us in helping you, please gather all supporting information and any documents relating to your complaint and provide it to us for assessment. We’ll try to resolve your complaint as quickly as possible, and in any event within 30 days of hearing from you. If your complaint takes longer to resolve, we’ll keep you informed of our progress.

27.3 If you’re not satisfied with our handling or resolution of your complaint, there are other bodies you can contact.

27.4 The Financial Ombudsman Service Australia (“FOS”) can consider most privacy complaints involving providers of financial services. FOS can be contacted at:

(a) Postal address: GPO Box 3, Melbourne Victoria 3001

(b) Phone: 1300 780 808

(c) Website: www.fos.org.au

27.5 Under the Privacy Act you may complain to the Office of the Australian Information Commissioner about the way we handle your personal information. The Commissioner can be contacted at:

(a) Postal address: GPO Box 5218, Sydney New South Wales 2001

(b) Phone: 1300 363 992

(c) Email: enquiries@oaic.gov.au

(d) Website: www.oaic.gov.au



Issued by Pepperstone Group Limited

February 2023