Overview

We provide money management and budgeting tools to financial professionals and their clients using web based software and mobile applications.

Whether you are an individual or a financial professional, we are committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) and, where applicable, the Competition and Consumer (Consumer Data Right) Rules 2020. This policy describes how we currently collect, handle, use and disclose personal information. It also deals with how you can complain about a breach of the privacy laws, how you can access the personal information we hold about you and how to have that information corrected.

The personal information we collect and hold

When you visit our website or use our mobile application, we only collect personal information about you that you provide to us, or which you explicitly consent to allow us to collect under the Consumer Data Right. We may collect anonymous web or mobile data and this is explained in more detail below.

Individuals can only register for our services directly with us (even if you received an invitation to register from a financial professional). When you register, we ask you for your first and last name and email address.

You do not have to give us your real first and last name; you can choose to remain anonymous by giving us a pseudonym (you will remain anonymous unless of course identity information such as your name is in your email address or is in your financial information). We explain this further below.

When financial professionals register for our services we also ask for your business name, phone number, business address, ABN or ACN and AFS Licence number.

We collect and hold information about users of our services in the following ways:

• To link their financial accounts to our service, individuals need to either upload their financial account statements or provide account access information (such as an account number and password). We collect and hold information in the individual’s financial accounts such as account balances, transaction information or asset information in a bank, credit, loan, mortgage, or investment (including superannuation) account. We will only collect and hold individuals’ personal information if it is contained in these accounts (e.g. if an individual is reasonably identifiable because their name is in a transaction record);
• To access client data using the Consumer Data Right, we must collect and hold certain personal and business information to verify your status as a Trusted Adviser in accordance with the Competition and Consumer (Consumer Data Right) Rules 2020.
• Users of our property value estimate service must provide us with the address of their property;
• Credit card information of individuals or financial professionals who wish to pay for our services by credit card (such as the name on the card); and
• When individuals enter account access information into our software, your account is linked to our service but we do not hold your account access information. It is encrypted and stored in an encrypted form by the service provider. We explain this more below;
• To better personalise our service, we may ask individuals for their name and age, but individuals do not have to provide their real name and age.

We do not need to collect sensitive information about you and we will not do so unless we are required to do so by law or unless you provide consent. Sensitive information includes information about your race or ethnicity, political opinions, religious beliefs, criminal record, sexual information, health or biometric information. We will not collect your tax file number.

We will not destroy or de-identify any personal information that is provided to us until a valid request to delete or cancel your account is received.

How we collect your personal information

Generally, we collect your personal information by the following means:

• Directly from you. Individuals and financial professionals may provide us with their personal information in a number of ways including:
  • When registering for any of the services we provide (e.g. if a user gives us their name or if their email address contains their name);
  • When using our services (e.g. when an individual uploads financial account information or links financial accounts to our service). Although we do not intend to collect personal information from an individual’s financial accounts, it is possible that in some circumstances, financial account information may contain personal information;
  • When you contact us, participate in our research program or enter promotions;
• From financial professionals and third parties who use our services and refer you to us.

Anonymity

When individuals register for our services, you do not have to give us your real name. You do have to give us a valid email address in order to register for our services. Provided you are not reasonably identifiable from your email address (or any other information we collect), you can remain anonymous.

Financial professionals are not required to give us a real name, however you have to give us your company name and ABN or ACN, and email address and AFSL number to register for our services, so you cannot remain wholly anonymous. In addition, in order to access and view client data via Consumer Data Right, certain personal and business information is required verify your status as a Trusted Adviser in accordance with the Competition and Consumer (Consumer Data Right) Rules 2020.

The purposes for which we collect, hold and use and disclose your personal information

The main purposes for which we collect, hold, use and disclose your personal information are:

• To provide you with information about our products or services;
• To consider your request for our products or services;
• To provide you with access to our products or services;
• To provide information to people who an individual has authorised to receive that information (e.g. your financial professional);
• Our arrangements with other organisations (such as our trusted business partners) to promote or provide their products or services;
• To perform administrative and operational tasks (including maintaining your contact details, personalising our services to you, for staff training, to improve and develop our services and conduct research); and
• As required by relevant laws, regulations, codes and external payment systems.

We also use your information to manage your ongoing requirements and our relationship with you. We will generally communicate with you electronically, unless you tell us that you do not wish to receive electronic communications.

From time to time we and our business partners may use your email address to send you offers, updates, events, articles, newsletters or other information about services that may be of interest to you. We will always give you the option to unsubscribe at any time by notifying us that you wish to do so.

Who we may disclose your personal information to

Other than the following, we do not sell, license or redistribute your personal information to others. We may disclose your personal information to:

• Our related bodies corporate;
• People an individual has authorised to receive that information (such as a financial professional);
• Your financial services professional’s authorising licensee;
• Agents and contractors who supply services to us (e.g. companies that send emails, external data storage providers and marketing firms);
• Our business partners for the purpose of promoting or using their products or services (and their outsourced service providers);
• Our outsourced service providers (e.g., the businesses that provide our financial account data aggregation technology);
• Participants in the payments system to process your payments (including payment organisations and merchants);
• Other companies in the event of a corporate sale, merger, reorganisation, dissolution or similar event; and
• Others if we are required to do so by law or under other circumstances permitted by the Privacy Act 1988 (Cth) or the Competition and Consumer (Consumer Data Right) Rules 2020.

Individual users receive daily activity information about their financial accounts (this includes the date, description of transactions, amounts and balances). You can restrict other people from receiving or viewing this information at any time by visiting the Moneysoft settings page.

Aggregated information

Aggregated information only contains anonymised personal account information or data; i.e. it does not contain information that could be used to identify an individual. Examples of aggregated information might include the number of people who use our services and the type of accounts and number of accounts in use with our services.

We may use, sell, license, redistribute and disclose non-sensitive, non-personal, aggregated information obtained in relation to our services to third parties such as other users of the service who want to compare their information to the community of users, advertisers and researchers.

Overseas disclosure

Individual account access information is encrypted and stored in an encrypted form by our service providers to high security standards.

Some of our outsourced service providers are headquartered overseas. We may use the following providers:

• Yodlee Inc, located in the United States at 3600 Bridge Parkway, Suite 200, Redwood City, CA 94065 California. Yodlee has offices in Australia, the United Kingdom and India. With respect to the handling of data collected under the Consumer Data Right, Yodlee's Consumer Data Right Policy can be viewed through the Moneysoft Technology.

We do not intentionally disclose personal information to an overseas service provider, but it may happen if personal information is in an individual’s name and email address they use to subscribe to our service, or in an account name or transaction records or account access information.

In the future we may use other service providers that are located outside of Australia. We will update our Privacy Policy if we do so. If they are not regulated by laws which protect your information in a way that is similar to the Privacy Act, we will seek your consent before disclosing your information to them.

How we hold and protect personal information

We strive to maintain the relevance, reliability, accuracy, completeness and currency of the personal information we hold and to protect its privacy and security. We keep personal information only for as long as is reasonably necessary for the purpose for which it was collected or to comply with any applicable legal reporting or document retention requirements.

We hold the personal information we collect in physical and electronic records. We maintain physical, electronic and procedural safeguards to guard it.

Our database is physically protected at a secure, third party site and is monitored by security personnel twenty-four hours a day. Only authorised personnel can access the data centre, and they must submit to multiple forms of identification. We only use storage providers in Australia who are regulated by the Privacy Act.

Individuals’ account access information is stored by our service providers to high standards of security. No third-party can use our service to move money in or out of individuals’ financial accounts.

How long we keep information for

Individuals and financial professionals can delete their personal information at any time. Individuals can disconnect the link between their accounts and our services or no longer share their account information with their financial professional.

If an Individual chooses to cancel their subscription, or a professional or personal subscription expires for any reason, all personal and financial account information relating to the affected Moneysoft user accounts will be deleted within 90 days or less. Once information is deleted, this action cannot be reversed, as the information is erased.

We may keep some usage information or metadata that does not contain personal information. More information about this is given above.

Notifiable Data Breaches

Moneysoft complies with the requirements of the Privacy Amendment (Notifiable Data Breaches) Act 2017 and the Competition and Consumer (Consumer Data Right) Rules 2020. In accordance with the Act and the Rules, where Moneysoft is aware of any instance of a data breach, we shall immediately take steps to contain and remediate the data breach as well as undertake a reasonable and expeditious assessment to determine if the data breach is likely to result in serious harm to any individual affected.

Where the assessment presents reasonable grounds to believe an eligible data breach has occurred, Moneysoft will promptly notify individuals at likely risk of serious harm. The Commissioner shall also be notified as soon as practicable through a statement about the eligible data breach.

The notification to affected individuals and the Commissioner shall include the following information:

• The identity and contact details of the organisation
• A description of the data breach
• The kinds of information concerned
• Recommendations about the steps individuals should take in response to the data breach

A full review will be conducted to evaluate the cause of the data breach, the success of Moneysoft’s response and to identify and implement improvements to prevent or minimise the risk of future data breaches.

Web and mobile data

We use technology to collect anonymous information about the use of our website and mobile app, for example when you browse our website, our service provider logs your server address, the date and time of your visit, the pages and links accessed and the type of browser used. It does not identify you personally and we only use this information for statistical purposes, to improve the content and functionality of our website, to better understand our clients and markets and to improve our services.

We use “cookies” to collect this anonymous data. Cookies are small pieces of information which are sent to your browser and stored on your computer’s hard drive. Sometimes they identify users where the website requires information to be retained from one page to the next. This is purely to increase the functionality of the site. Cookies by themselves cannot be used to discover the identity of the user. Cookies do not damage your computer and you can set your browser to notify you when you receive a cookie so that you can decide if you want to accept it, they allow the website to recognise your computer when you return in the future.

Services offered by third parties

If you provide your information to third parties (such as by registering for services offered by a third party), then our Privacy Policy will not apply to how that third party manages your personal information. You should read that third party’s privacy policy.

Consumer Data Right (Open Banking)

In Australia, Moneysoft provides access to Consumer Data Right data as a Representative of Yodlee Inc under the Competition and Consumer (Consumer Data Right) Rules 2020. Where applicable, Yodlee's Consumer Data Right Policy can be viewed and read through the Moneysoft Technology.

Access and correction

If you can show that that the personal information we hold about you is not complete and up to date, we will take reasonable steps to ensure it is accurate, complete and up to date.

If you wish to access or correct your personal information please write to:

The Privacy Manager
Moneysoft Pty Limited
Level 12, 680 George Street
Sydney NSW 2000

Alternatively, please email us at support@moneysoft.com.au or phone us on 1300 850 878 (in Australia).

We do not charge for receiving a request for access to personal information or for complying with a correction request.

Complaints

If you have any concerns about whether we have complied with the Privacy Act, the Australian Privacy Principles, the Competition and Consumer (Consumer Data Right) Rules, or this Privacy Policy, please write to our Privacy Manager at the details given above or phone us on 1300 850 878 (in Australia).

We will try to work with you to fix the matter and will try to make a decision within 30 days of when a complaint is made.

If you are not satisfied with the steps taken by us to resolve the complaint, or with the result of our investigation, you may refer your complaint to the Office of the Australian Information Commissioner who can be contacted by phone at 1300 363 992, by email at enquiries@oaic.gov.au, by post at GPO Box 5218, Sydney NSW 2001 or you can go to www.oaic.gov.au.

Who we are

We are Moneysoft Pty Limited ABN 86 152 058 627.

By ‘you’, we mean any visitor to our website or user of our mobile application, a financial professional or an individual who may register for our services and use our services.

Updating our Privacy Policy

We may update this Privacy Policy at any time by publishing it on our website.

Tell us what you think

We welcome your questions and comments about privacy. If you have any concerns or complaints, please contact the Privacy Manager at the contact details given above.