Legal

Terms and conditions

Privacy policy

General

This policy ensures compliance with the Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles (APPs), and the European Union (EU) General Data Protection Regulation (GDPR), when handling personal information. Where the Privacy Act, APPs and the GDPR impose equivalent obligations with different terminology, 26 Degrees Global Markets Pty Ltd (26 Degrees) applies the terminology of the APPs, ensuring consistent compliance with both frameworks. In cases where the GDPR imposes obligations not addressed by the APPs or Privacy Act or where GDPR obligations are more stringent, 26 Degrees ensures compliance with the GDPR to uphold its data protection responsibilities.

Consent

By opening an account with 26 Degrees or by utilising the products, services and applications available through 26 Degrees, you have consented to the collection, use and disclosure of your Personal Information in accordance with this privacy policy (Privacy Policy or Policy).

1. Collection of Information

What information does 26 Degrees collect?

When an account is created with 26 Degrees and while providing services, 26 Degrees is required to collect and process certain sensitive and personal information related to the shareholders, directors, and other stakeholders of the legal entity to comply with legal obligations and effectively deliver its services. The information 26 Degrees collects includes, but is not limited to:

• • Personal identification information: first and last name, email address, phone number, date of birth, and a copy of your national identity card, passport, or driving licence.
  • Contact and address verification information: residential address and a copy of a recent utility bill, bank statement, or similar document as proof of address.
  • Financial and tax information: details about your financial status, tax residence, and Tax Identification Number (TIN).
  • Other relevant information: any additional information we deem necessary to fulfill our functions, comply with regulatory requirements, and provide services to you.

“Personal information” refers to any information that allows us to identify an individual, which includes for example the information listed above.

The type of information we will collect from you is limited to the information that is necessary for the operation of your account with us or for 26 Degrees to provide general financial product advice to you.

The information we collect from you is collated from application forms completed by you, the use of 26 Degrees’ online facilities or through ongoing communications.

26 Degrees will not solicit any personal information about you except where you have knowingly provided that information to 26 Degrees or where 26 Degrees believes that you have authorised a third party to provide that information to 26 Degrees.

Third parties that 26 Degrees may need to collect information from include your financial advisers, product issuers, employers, accountants or solicitors.

2.    Use and Purposes of Collection of Information

26 Degrees processes your personal data under one or more lawful bases, these include:

1. 1. To Perform Our Contractual Obligations:
      The processing of your personal information may be necessary to execute agreements, provide our services to you or manage our relationship with you.
   2. Compliance with Legal and Regulatory Requirements:
      We may process your personal information to meet various legal obligations, such as those arising under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), the Common Reporting Standard, and any other applicable laws.
   3. To Pursue Legitimate Interests:
      The processing of your personal information may be necessary for the legitimate business interests of 26 Degrees. Examples include fraud prevention, managing business operations and developing or marketing our products and services.
   4. Based on your Consent:
      You have given consent to the processing of your personal informatoin for one or more specific purposes.

What if you do not give 26 Degrees the information requested?

You are under no obligation to give us the information that we request. However, if you do not give 26 Degrees the information requested, or the information that you provide is incomplete or inaccurate, this may:

• • prevent or delay the processing of your applications;
  • prevent 26 Degrees providing financial services to you;
  • prevent us from contacting you; or
  • impact the taxation treatment of your account.

3.    Disclosure

Who may 26 Degrees share your information with?

• • 26 Degrees may disclose your personal information to external parties. Where personal information is disclosed, there are strict controls in place to ensure information is held, used and disclosed in accordance with the APPs and GDPR. The circumstances where 26 Degrees may disclose your personal information includes:
    • Where required by law.
    • Where requested by ASIC, CySEC or any other regulatory authority having control or jurisdiction over 26 Degrees or our clients.
    • To government bodies and law enforcement agencies where required by law and in response to other legal and regulatory requests.
    • Our related corporate bodies, agents, employees and representatives.
    • To such an extent as reasonably required so as to execute any orders you place with us and for purposes ancillary to the provision of our financial services to you.
    • External service providers and professional advisers that provide services to 26 Degrees.
    • To anyone authorised by you.

Additional scenarios for disclosure
There are other situations permitted in the Privacy Act not listed above where 26 Degrees may also disclose (or in some cases, elect not to disclose) your personal information, with, or without your consent, where it is:

• • For a secondary purpose (that may be reasonably expected by you) to which the information was originally collected, namely:
    • If the information is sensitive information (i.e. information about your   philosophical beliefs, sexual orientation, criminal history etc) – directly related to the primary purpose; or
    • If the information is not sensitive information – related to the primary purpose;
  • A permitted general situation, which relevantly includes (among other things) circumstances where:
    • It may be unreasonable or impracticable to obtain your consent to the collection, use or disclosure and 26 Degrees reasonably believes that the collection, use or disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety;
    • 26 Degrees reasonably believes that the collection, use or disclosure is reasonably necessary to assist any APP entity (i.e. an agency or organization), body or person to locate a person who has been reported as missing; or
    • The collection, use or disclosure is reasonably necessary for the purposes of a confidential alternative dispute resolution process.

4.    Transfer of personal information to third countries

For personal information governed by the GDPR (i.e. personal information that originates from the EU), we may transfer your data outside the European Economic Area (EEA). This may include transfers to countries that do not provide the same level of data protection as the laws in your home country (e.g., within the EEA).

In cases where the transfer is to a country or territory that has not been recognised by the European Commission as offering an adequate level of data protection and where no appropriate safeguards are in place as required under GDPR, you explicitly consent to the transfer of your personal information to such countries or territories. By providing your consent, you acknowledge and accept the potential risks associated with such transfers, including the possibility that your data may not be protected to the same standard as under EU law.

Where possible, we will implement technical measures like encryption, pseudonymization, and secure data storage, along with organizational measures such as employee training, access controls, and incident response protocols to protect your data and ensure compliance with GDPR.

5.    What are your rights?

Your have the following rights to your personal information 26 Degrees hold about you:

• • to be informed about processing of your personal information;
  • to have your personal information corrected if its inaccurate and to have incomplete personal information completed;
  • to object to or restrict processing of your personal information;
  • to have personal information erased;
  • to request access to a copy of your personal information:
  • to move, copy or transfer your personal information;
  • where processing is based solely on your consent, the right to withdraw consent at any time;

You may exercise any of the rights mentioned above by submitting a written request to the Data Protection Officer (DPO) of 26 Degrees using the contact details provided under Section 7.

Upon receiving such a request, 26 Degrees will take action and provide information on the steps taken in response without undue delay and, in any case, within one month. If the request is particularly complex or if multiple requests have been received, this period may be extended by up to two additional months. In such cases, 26 Degrees will notify you within the initial one-month period, explaining the reasons for the delay. Should the request be submitted electronically, 26 Degrees will provide the response electronically where possible, unless you specify otherwise.

How long does 26 Degrees retain client’s personal information?

26 Degrees is required by law to retain certain records of information for varying lengths of time and, in certain circumstances, permanently.

Where your information is not required to be retained under legal or regulatory obligations, 26 Degrees will take reasonable steps to securely destroy or de-identify your clients’ personal information when it is no longer required for the purpose for which it was collected.

In most cases, 26 Degrees will securely destroy or de-identify personal information after a period of seven years following the conclusion of our business relationship with you. However, certain records may need to be retained for a longer period to comply with legal or regulatory requirements, fulfil your service requests, or maintain adequate business records.

6.    Protection of the personal and sensitive information that 26 Degrees holds

How does 26 Degrees protect the security of your personal information?

26 Degrees has security systems, practices and procedures in place to safeguard your privacy.

26 Degrees may use cloud storage or third-party servers to store the personal information 26 Degrees holds about you.

These services are subject to regular audit and the people who handle personal information have the training, knowledge, skills and commitment to protect it from unauthorised access or misuse. Any services utilised that form part of 26 Degrees’ offering of financial services will be monitored and controlled in accordance with the 26 Degrees Outsourcing Policy.

Cookies

A “cookie” is a small text file that may be placed on a computer by a web server. 26 Degrees’ websites may use cookies which may enable 26 Degrees to identify you or your browsers while you are using 26 Degrees’ websites. These cookies may be permanently stored on a computer or are temporary session cookies. The cookies used for a variety of purposes, including security and personalisation of services.

Through these cookies, 26 Degrees collects statistical information about visitors to 26 Degrees’ websites, such as the number of visitors, pages viewed, types of transactions conducted, time online and documents downloaded. This information is used to evaluate and improve the performance of 26 Degrees’ websites.

There are two types of cookies on the 26 Degrees website:

• • • Behavioural and analytical cookies assist 26 Degrees provide our clients with better service. They can tailor site content to our clients’ personal preferences and past behaviour, or remember our clients’ saved settings; and
    • Marketing cookies enable our clients experience more relevant online content and see advertisements which are aligned with our clients’ interests, as indicated by activity on 26 Degrees’

26 Degrees uses marketing cookies to provide advertising that is more relevant to our clients. When browsing through other sites where these cookies are relevant, our clients will be served advertisements which are in line with our clients’ interests based on their activity when using the 26 Degrees websites.

All browsers allow our clients to be notified when our clients receive a cookie and our clients may elect to either accept the cookie or not. If our clients do wish to accept a cookie, this may impact the effectiveness of the website.

7.    Data Protection Officer (“DPO”)

26 Degrees has appointed a DPO who is responsible for matters relating to privacy and data protection. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact the DPO using the details set out below.

Email address:  [email protected]

Postal Address: Sub Base Platypus, SE 203, 120 High St, North Sydney NSW 2060, Australia

Telephone number: +61 2 9083 1333

We will process and reply to your request within thirty (30) days.

8.        Complaints

If you have a complaint, you may email us at (please insert the same email address as the one used under DPO section). Please allow us to process and respond to your complaint within thirty (30) days. Furthermore, in case you are not happy with the quality of services we have provided you with in respect of Personal Data processing, you have the right to lodge a complaint with the relevant supervisory authority.