Privacy Policy

Laguna Bay Group Pty Ltd (and all its subsidiaries including LBPC Services Pty Ltd ABN 56 168 904 916, AFS licence: 461135, and its authorised representatives) (the Company, we, our, us) is committed to respecting the privacy of its Unitholders by ensuring that it manages any personal information it collects or holds in accordance with the Australian Privacy Principles (APPs).

This APP Privacy Policy applied from 12 March 2014 and is available electronically on the Company’s website (www.lagunabay.com.au). The Company will provide a copy of it free of charge and in any form reasonably requested (e.g. electronically or in hard copy).

Kinds of personal information the Company collects and holds

The Company will only collect an individual’s personal information which is reasonably necessary for it to issue interests in its financial products and operate its financial services business. Such information may include an individual’s personal and contact details. Without this information, the Company would not be able to issue its financial products and financial services to its Unitholders.

Can an individual remain anonymous when dealing with the Company?

Given the nature of the Company’s financial products and services, other than providing general publicly available information, it is not practical for the Company to deal with individuals who wish to remain anonymous or would prefer to identify themselves only by way of pseudonym.

How the Company collects and holds personal information

When collecting, using or disclosing personal information, the Company will take such steps as are reasonable in the circumstances to ensure that the information is accurate, up-to-date and complete.

The Company will only collect personal information in a lawful and fair manner. Wherever possible, personal information will be collected directly from the individual, unless it is unreasonable or impractical to do so. It is not expected that the Company will collect sensitive information (e.g. health information), but if it is collected, it will only be done where the individual consents to the collection of that information.

If the Company receives unsolicited personal information it will, within a reasonable period of time, assess whether it would otherwise have been entitled to collect the information in accordance with this APP Privacy Policy. If the personal information could have been collected by the Company, it will ensure that this APP Privacy Policy is complied with in respect of that information and it will notify the individual:

  1. that the unsolicited personal information has been collected;
  2. of the circumstances of that collection; and
  3. provide access to a copy of this APP Privacy Policy.

If the personal information could not have been collected by the Company, it will destroy the information or ensure that the information is de-identified.

At or before the time or, if that is not practicable, as soon as practicable after, the Company collects personal information about an individual, the Company  will ensure the individual is aware:

  1. of the Company’s identity and its contact details;
  2. that the collection of personal information is permitted by the Company under the Corporations Act 2001 and the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 and/or a particular court/tribunal order;
  3. of the purpose for which the Company collects the personal information;
  4. of the main consequences (if any) for the individual if all or some of the personal information is not collected;
  5. of any other entity (or type of entity) to which the Company generally discloses the personal information it collects;
  6. that the Company’s APP Privacy Policy contains information about how the individual may:
    1. access and seek correction of the personal information about the individual that the Company holds; and
    2. complain about a breach of the APPs and how the Company will deal with such a complaint; and
  7. of whether the Company is likely to disclose the personal information to overseas recipients.

Unless permitted by law, the Company will not adopt a government related identifier (e.g. a tax file number) of an individual as its own identifier and it will only disclose such identifiers for the purposes of verifying the identity of the individual, or as permitted by law or as is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.

The Company will ensure that in relation to any personal information it holds that it will take such steps as are reasonable in the circumstances to protect the information from:

  1. misuse, interference and loss; and
  2. unauthorised access, modification or disclosure.

If the Company holds information which it no longer needs (for any purpose for which the information may be used or disclosed) or it is no longer required to keep, it will take such steps as are reasonable in the circumstances to destroy the information or to ensure that the information is de-identified.

The purpose for which the Company collects, holds, uses and discloses personal information

The Company collects, holds, uses and discloses personal information for the purposes of issuing its securities and operating its financial services business. This includes administering its registry of members (via an external service provider), providing appropriate financial services and communicating with Unitholders and other relevant parties.

Where the Company collects an individual’s personal information for a particular purpose (i.e. the primary purpose), it will not use that information for another purpose (i.e. a secondary purpose) unless the individual has consented to the use or disclosure of that information or:

  1. it would be reasonably expected that the information would be disclosed for a secondary purpose which is related to the primary purpose (and in relation to sensitive information for a secondary purpose which is directly related to the primary purpose); or
  2. the use or disclosure of the information is legally required, specifically authorised by the APPs or reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.

The Company will record in writing circumstances where it uses or discloses personal information for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.

Personal information collected by one entity within the Company may be used by another entity within the group provided that the personal information is held, used and disclosed for the same primary purpose.

The Company does not normally disclose personal information about its Unitholders to outside parties, except those contracted to provide services to the Company. These may include the Company’s professional advisers and contracted service providers – e.g. registry, administrator, auditors, lawyers, property managers, custodian and consultants.

With consent, the Company will disclose personal information to a Unitholder’s accountant, financial consultant or other person or organisation they nominate. Personal information may also be disclosed to the Australian Taxation Office or other government authorities or agencies as required by law.

If the Company uses or discloses personal information for direct marketing purposes, it will include a simple and free means of ‘opting-out’ of receiving future direct marketing material and it will ensure that it respects such requests, within a reasonable period of time and notifies any other organisation it is using to facilitate the direct marketing. If the Company has not collected the personal information directly from the individual, the ‘opt-out’ statement will be prominent. The Company will only use sensitive information for direct marketing purposes where the individual has provided consent for it to be used for that purpose.

If the Company uses personal information provided by a source other than the individual for direct marketing purposes, the individual may request the Company to provide details of the source of the information. The Company will provide this information free of charge and within a reasonable period of time.

If the Company uses the personal information for direct marketing purposes, it will ensure that it complies with the requirements of the Do Not Call Register Act 2006, the Spam Act 2003 and the Corporations Act 2001.

How an individual may access and seek correction of personal information held by the Company 

Generally, the Company will provide an individual with access to their personal information in a manner they request and within a reasonable period of time after the request is made. An individual can request the Company to correct any personal information it holds about that individual.

To apply for access or to request a correction to personal information, contact the Privacy Officer by:

Writing to: Privacy Officer, PO Box 2007, New Farm QLD 4005
Visiting: Level 1, 69 Robertson Street, Fortitude Valley QLD 4006
Calling: +61 7 3062 2514
Emailing: [email protected]

There are no charges for an individual requesting access to personal information. However, the Company may charge a fee to provide access, provided that such fee is not excessive.

As set out in the APPs, some exceptions apply. If the Company relies on one of the exceptions or is unable to provide the personal information in the manner requested by the individual, it will take such steps (if any) as are reasonable in the circumstances to give access in a way that meets the needs of both the Company and the individual and it will provide a written notice setting out:

  1. the reasons for the refusal except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so; and
  2. the mechanisms available to complain about the refusal; and
  3. any other relevant matter.

Having regard to the purpose for which the personal information is held, if the Company is satisfied that the information is inaccurate, out of date, incomplete, irrelevant or misleading or a request is received from an individual, the Company will take such steps as are necessary to correct that information. This will be done free of charge within a reasonable period after the request has been made. If the Company has provided that information to a third party, the individual may request the Company to notify that third party of that correction.

If the Company refuses to correct an individual’s personal information it will provide a written notice to the individual setting out:

  1. the reasons for the refusal except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so; and
  2. the mechanisms available to complain about the refusal; and
  3. any other relevant matter.

If the Company refuses to correct an individual’s personal information and the individual requests the Company to associate a statement that the information is inaccurate, out of date, incomplete, irrelevant or misleading with that information, the Company must take such steps as are reasonable in the circumstances to associate the statement in such a way that will make the statement apparent to users of the information. This will be done free of charge within a reasonable period after the request has been made.

Obligations in the event of a data breach

The Company is required to undertake the following for a data breach:

  1. Contain it and take appropriate remedial action (e.g. changing passwords, blocking access or remotely erasing data from a lost device).
  2. If there are grounds to suspect an ‘eligible’ data breach has occurred, undertake a reasonable and expeditious assessment (within 30 days).
  3. If it is found that an ‘eligible’ data breach has occurred, affected individuals and the Office of the Australian Information Commissioner must be notified as soon as practicable.
  4. The notification must include:
    1. the entity’s identity and contact details
    2. a description of the breach
    3. the kind/s of information concerned
    4. recommended steps for individuals
  5. ‘Eligible’ data breaches occur when:
    1. there is an unauthorised access to, disclosure of, or loss of personal information;
    2. ‘serious harm’ to one or more individuals is a likely result (this is an object ‘reasonable person’ test); and
    3. the likely risk of ‘serious harm’ has not been prevented with remedial action.
  6. ‘Serious harm’ can be psychological, emotional, physical, reputational, or other forms of harm.

How an individual can complain about a breach of the APPs and how the complaint will be dealt with

An individual may complain to the Company about a breach of the APPs by the Company by contacting the Privacy Officer by:

Writing to: Privacy Officer, PO Box 2007, New Farm QLD 4005
Visiting: Level 1, 69 Robertson Street, Fortitude Valley QLD 4006
Calling: +61 7 3062 2514
Emailing: [email protected]

The complaint will be handled in an appropriate, timely and courteous manner.

Is the Company likely to disclose personal information to overseas recipients?

No, the Company is not likely to disclose personal information about an individual to an overseas recipient. Information will only be provided to an overseas recipient by Agreement.

If at some future time, the Company chooses to disclose personal information about an individual to an overseas recipient other than in accordance with the above requirements, it will either obtain the individual’s informed consent prior to doing so, will be required to do so by Australian law or prior to doing so will take such steps as are reasonable in the circumstances to ensure that the overseas recipient does not breach the APPs (other than APP 1) in relation to the information.