Privacy Policy

1. Purpose and scope

This Privacy Policy explains how Atlas Wealth Group Pty Ltd collects, holds, uses and discloses personal information, and how you can access and correct your personal information or make a privacy complaint. 

This Policy applies to personal information we collect through our websites, online forms, email, phone, video meetings, events and in the course of providing our financial planning, tax and mortgage services. 

This is the Atlas Wealth Group’s main privacy policy. It is not limited to website use. 

2. Laws and standards we follow

We are committed to handling personal information in accordance with applicable privacy and marketing laws, including: 

• Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). 

• Notifiable Data Breaches (NDB) scheme (Australia). 

• Spam Act 2003 (Cth) (direct marketing by electronic means). 

• DIFC Data Protection Law (where relevant to our DIFC operations and data processing). 

For most individuals dealing with our Australian entities and websites, Australian privacy law applies. The DIFC Data Protection Law applies where Atlas Wealth Management (DIFC) Limited processes personal data in or from the Dubai International Financial Centre (DIFC). 

Atlas Wealth Group Pty Ltd holds an Australian Financial Services Licence (AFSL). We maintain governance and risk management systems that support compliance, including information security and privacy controls. 

Atlas Tax Pty Ltd is a registered tax agent under the Tax Agent Services Act 2009. We are subject to statutory confidentiality obligations regarding taxpayer information and must not disclose client information except where permitted by law. 

3. Who we are

Atlas Wealth Group is a group of separate legal entities. Each entity is responsible for the personal information it holds and uses. In some circumstances, personal information may be shared within the group where permitted and necessary (for example, to respond to your enquiry or deliver a coordinated service). 

Atlas Wealth Group Pty Ltd is the primary entity responsible for personal information collected through our Australian websites and is the central contact point for enquiries about this Policy. 

For DIFC purposes, Atlas Wealth Management (DIFC) Limited is the controller (data controller) under the DIFC Data Protection Law for personal data processed in connection with its DIFC regulated activities. 

Entities in the Atlas Wealth Group include: 

• Atlas Wealth Group Pty Ltd (ABN 66 673 690 929) – AFSL 557000. 

• Atlas Wealth Management Pty Ltd (ABN 98 152 187 098). 

• Atlas Wealth Management (DIFC) Limited – Licensed by the Dubai International Financial Centre (DIFC) (License No. 3354) and regulated by the Dubai Financial Services Authority (DFSA) (Licence No. F005228). 

• Atlas Tax Pty Ltd (ABN 36 664 334 409) – Australian Tax Agent 26 202 536. 

• Atlas Mortgages Pty Ltd (ABN 93 646 699 863). Atlas Mortgages provides credit assistance as an authorised credit representative of Mortgage Specialists Pty Ltd (Australian Credit Licence 387025) trading as Hfinance, and through its mortgage aggregator arrangements (Specialist Finance Group) (as applicable to our mortgage services). 

4. Definitions

• We, us and our means the relevant Atlas Wealth Group entity as the context requires. 

• Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable. 

• Personal data is used in this Policy to describe information regulated under the DIFC Data Protection Law (where applicable). 

• Sensitive information includes information such as health information and other categories protected under the Privacy Act. We only collect sensitive information where reasonably necessary and where permitted by law (including with your consent where required). 

• Credit-related information includes credit information and credit eligibility information regulated under Part IIIA of the Privacy Act (relevant to our mortgage services). 

• Tax File Number (TFN) information is handled in accordance with the Privacy (Tax File Number) Rule 2015. 

5. What personal information we collect

The types of personal information we may collect depend on how you interact with us and the services you use. This may include: 

• Identity and contact information (for example, name, date of birth, address, phone number, email). 

• Identification documents and verification information (for example, driver licence, passport, visa or proof of address) where required. 

• Employment and income information (for example, payslips, employment details). 

• Financial information (for example, assets, liabilities, bank details, investment and superannuation information). 

• Financial advice information (for example, your objectives, risk profile, insurance needs and other information relevant to preparing and reviewing advice). 

• Taxation information (for example, TFN, income, deductions, residency and visa information, ATO correspondence). 

• Mortgage and credit-related information (for example, loan details, property information, documents supporting a credit application, and credit reports where applicable). 

• Online identifiers and technical information (for example, IP address, browser or device information, cookie identifiers) when you use our websites. 

• Records of communications (for example, emails, call notes and meeting notes and, where we record calls or meetings, recordings where you have been notified). 

• We only collect personal information that is reasonably necessary for our functions and activities or as otherwise required or authorised by law. 

6. How we collect personal information

We collect personal information in a range of ways, including: 

• Directly from you (for example, when you complete a form, email or call us, or provide documents). 

• From third parties with your consent or as permitted by law (for example, your accountant, your employer, your spouse or other representatives, banks and product providers). 

• From public sources (for example, publicly available registers). 

• From regulators and government agencies where relevant (for example, the Australian Taxation Office). 

• For mortgage services, from credit reporting bodies and lenders where relevant (see Section 15). 

Where lawful and practicable, you may deal with us anonymously or using a pseudonym (for example, for general website enquiries). However, for our regulated services (including financial advice, tax and mortgage services) and for identity verification, we need to identify you. 

We use a combination of systems and tools to deliver services and communicate with you. Depending on the entity and the service, this may include practice management, tax lodgement and client engagement platforms used by professional accounting and advisory firms (for example Xero and Content Snare), ATO portal support tools (for example ATOMate), document storage (for example Microsoft 365 OneDrive/SharePoint), e-signature and communications platforms, and customer relationship management (CRM) systems. 

We may use automated tools or software to assist with processing information, document management or workflow automation. These tools operate under our supervision and do not replace professional judgement. 

In providing taxation services we may receive information from government agencies, financial institutions, superannuation funds, employers and other third parties (including pre-fill information supplied by the Australian Taxation Office). 

If you do not provide the personal information we request, we may not be able to provide you with a product or service, or respond to your enquiry. 

If we receive personal information that we did not request (unsolicited personal information), we will determine whether we could have collected it under the Privacy Act. If we could not have collected it, we will destroy or de-identify it as soon as practicable, where lawful and reasonable to do so. 

When we collect personal information from you, we will provide a collection notice at or before collection where required. This will include information about whether collection is required or authorised by law, the main purposes of collection, the usual disclosures (including overseas disclosures where relevant), and how to access this Policy and make a complaint. 

In some cases, you may provide us with personal information about other individuals (for example your spouse, dependants, directors, trustees or beneficiaries). By providing this information you confirm that you have authority to provide it to us and that the individual has been informed of this Privacy Policy where required. 

Where appropriate, secure client portals or encrypted transmission methods may be used for exchanging sensitive information and documents. 

7. Cookies and website tracking

Our websites may use cookies and similar technologies to operate the website, improve performance, analyse usage and support marketing. Some cookies are necessary for the website to function. Other cookies may be optional. 

Some cookies may be set by third-party services that support our website analytics or marketing (where used). These third parties may collect information about your device and how you use our websites, and may be located outside Australia. See Section 11 for information about overseas disclosures. 

Where a cookie banner or preference tool is available, you can use it to manage optional cookies. You can also adjust your browser settings to disable cookies, however doing so may affect website functionality. 

8. External links

Our website may contain links to third-party websites or services. We do not control those third-party sites and are not responsible for their content or privacy practices. You should review the privacy policies of those third parties before providing them with personal information. 

9. Why we collect, hold,useand disclose personal information 

We collect, hold, use and disclose personal information to: 

• Provide and manage our services (including financial advice, tax services and mortgage broking). 

• Respond to enquiries and communicate with you. 

• Verify identity and protect against fraud and security risks. 

• Comply with legal and regulatory obligations (including record-keeping, audit, reporting and professional standards). 

• Manage and improve our services, including internal administration, quality assurance, training, risk management and compliance. 

• Provide marketing information about our services where permitted (see Section 13). 

Some personal information is collected because it is required or authorised by Australian laws and regulatory requirements relevant to our services, including financial services laws and ASIC requirements (for example, obligations that apply to AFS licensees), taxation laws and ATO requirements, and credit laws (including the National Consumer Credit Protection Act 2009 (Cth)). 

Where the DIFC Data Protection Law applies, we process personal data on lawful bases including performance of a contract (or to take steps at your request before entering a contract), compliance with legal obligations (including DFSA requirements), our legitimate interests (for example, operating our business and maintaining network and information security), and consent where required. Where we rely on consent, you may withdraw your consent at any time (subject to any legal or regulatory retention obligations). 

We may collect and verify identity information to comply with anti-money laundering and counter-terrorism financing laws and other regulatory obligations that apply to financial services and mortgage activities, including obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth). 

10. Who we maydisclosepersonal information to 

We may disclose personal information to: 

• Other entities within Atlas Wealth Group, where permitted and required to deliver services or respond to your enquiry. 

• Service providers who support our operations (for example, IT providers, cloud hosting, cybersecurity providers, document and records management, secure client information collection, e-signature, communications platforms and professional advisers). 

• Professional advisers and counterparties involved in your matter (for example, accountants, auditors, lawyers, insurers, real estate agents, conveyancers, and referrers where applicable). 

• Product and service providers (for example, superannuation funds, investment platforms, insurers, banks and lenders) where needed to provide services to you. 

• Regulators, law enforcement and government agencies where required or authorised by law (for example, the Australian Taxation Office). 

• A purchaser or potential purchaser of our business or assets (including advisers and due diligence providers) where a sale, merger or restructure is being considered. 

• We may exchange information with the Australian Taxation Office through secure tax agent systems and portals where required to provide tax services, comply with taxation laws, or act on your behalf as your authorised tax agent. 

We take reasonable steps to ensure that third parties who handle personal information on our behalf are subject to appropriate confidentiality, privacy and security obligations. 

11. Overseas disclosures and international transfers

Some of our service providers, systems, contractors or support resources may be located overseas, or may access personal information from overseas (for example, cloud hosting and support services, and website analytics or marketing providers where used). 

Likely destinations include: 

• United Arab Emirates (Dubai, DIFC). 

• Ireland. 

• Nepal. 

• Philippines. 

• United States of America. 

• Switzerland. 

Some overseas personnel may provide administrative, technical or operational support to our Australian businesses and may access personal information only where required to perform those services. 

These providers are subject to contractual confidentiality and data protection obligations designed to ensure personal information is handled in accordance with Australian privacy law. 

Where we disclose personal information to overseas recipients, we take reasonable steps to ensure the disclosure is handled consistently with the APPs (including by using contractual protections, due diligence and security controls), unless an exception under the Privacy Act applies. 

For mortgage services, overseas access or disclosures may also occur through our credit licence and aggregator arrangements (see Appendix 1). 

When the DIFC Data Protection Law applies, we transfer personal data outside the DIFC only where permitted under the DIFC Data Protection Law and Regulations, including where an adequacy determination exists or where appropriate safeguards are in place (for example, the DIFC Standard Contractual Clauses). You can contact us to obtain information about these safeguards. You can also contact the DIFC Commissioner of Data Protection using the details in Section 19. 

12. How we store and protect personal information

 Personal information may be stored in secure cloud environments, electronically and, in some cases, hard copy form. 

We take reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. Depending on the information and the system, these steps may include: 

• Access controls (including limiting access where practical). 

• Multi-factor authentication (where available and appropriate). 

• Encryption in transit and, where appropriate, at rest. 

• Logging and monitoring. 

• Secure configurations, patching, backups and malware protection. 

• Secure destruction or de-identification when information is no longer required (subject to any legal retention requirements). 

We retain personal information for as long as required for our functions and activities, and to meet legal and regulatory obligations. When personal information is no longer required, we take reasonable steps to destroy or de-identify it, unless we are required or authorised by law to retain it. 

Where we provide taxation services, records may be retained for at least 5 to 7 years in order to comply with taxation laws, professional standards and regulatory obligations. 

Staff and contractors are subject to confidentiality obligations and receive training regarding privacy, cybersecurity and appropriate handling of personal information. 

We may also use security monitoring tools to detect, prevent and respond to potential cyber security threats. 

13. Direct marketing

We may use your personal information to provide you with information about our services, events, market updates and other content that we believe may be of interest to you. We may do this by email, SMS, phone or other channels permitted by law. 

You can opt out of marketing communications at any time by using the unsubscribe function in the message or by contacting us at [email protected] or +61 7 5571 2602. 

If you opt out, we may still contact you about service-related matters (for example, responding to your enquiry or providing information you have requested). 

14. Accessing and correcting your personal information

You can request access to the personal information we hold about you and request that we correct it if you believe it is inaccurate, out of date, incomplete, irrelevant or misleading. 

To make a request, contact us using the details in Section 19. We may need to verify your identity before providing access or making a correction. 

We will respond to requests within a reasonable timeframe and in accordance with applicable laws. 

In some circumstances, we may refuse access or correction where required or authorised by law. If we refuse your request, we will provide reasons where lawful and explain how you can make a complaint. 

15. Credit-related information for mortgage services

If you engage Atlas Mortgages, we may collect and handle credit-related personal information to provide credit assistance. This may include information about your financial situation and, where relevant, information obtained from credit reporting bodies and lenders. 

We may use and disclose credit-related information for purposes including: 

• Assessing and assisting with your credit application. 

• Submitting applications to lenders. 

• Verifying your identity and information. 

• Meeting responsible lending and best interests obligations. 

• Managing complaints and disputes. 

We may obtain consumer credit reports from a credit reporting body (CRB) where relevant. For Atlas Mortgages, the CRB used may include Equifax. 

For mortgage services, additional privacy disclosures and consents may be provided to you in our Credit Guide and associated privacy consent documentation. See Appendix 1 for the credit licensee privacy disclosure statement. 

Credit-related information is regulated under Part IIIA of the Privacy Act and the Privacy (Credit Reporting) Code in force from time to time. In addition to the access and correction rights in Section 14, you may have additional rights in relation to credit reporting information held by CRBs, including the right to request that a CRB does not use your credit reporting information for the purpose of pre-screening direct marketing by credit providers, and the right to request a credit ban if you believe, on reasonable grounds, that you have been, or are likely to be, a victim of fraud. For these requests, contact the relevant CRB. We can provide you with CRB contact details on request. 

 

 

16. Government identifiers and Tax File Numbers

We do not use government-related identifiers (such as Medicare numbers or passport numbers) as our own identifiers, except where permitted by law. 

We may collect and use TFN information when providing tax services. We handle TFN information in accordance with the Privacy (Tax File Number) Rule 2015. TFN information is used only for authorised purposes (for example, to deal with the ATO and complete tax-related services) and is subject to additional safeguards. 

17. Your rights under DIFC Data Protection Law

This section applies where the DIFC Data Protection Law governs our processing of your personal data (for example, where you engage Atlas Wealth Management (DIFC) Limited). 

Where the DIFC Data Protection Law applies, you may have additional rights in relation to your personal data, including the right to access, correct, erase, restrict or object to certain processing and the right to data portability (subject to exceptions under DIFC law). 

To exercise these rights, contact us using the details in Section 19. 

Right to erasure (right to be forgotten) under DIFC law 

You have the right to request the deletion of your personal data under the DIFC Data Protection Law 2020. However, please note that as a DFSA-regulated firm, we are legally required to retain certain records for specified periods (for example, client identification and KYC data for at least six years under DFSA Rulebooks). Where such obligations apply, we cannot delete your information until the applicable retention period has expired. In these cases, your data will be securely retained, access will be restricted to authorised compliance personnel only, and it will be permanently deleted once the statutory retention period ends. 

Data portability under DIFC law 

If you have provided personal data to us and the processing is based on your consent or performance of a contract, you may request that we provide your personal data in a structured, commonly used and machine-readable format, and you may request that we transmit that data directly to another controller where technically feasible. We will respond within one month where required under DIFC law, unless an extension applies. 

18. Data breaches

If we suspect a data breach, we will investigate and assess promptly and, where the Australian NDB scheme applies, complete our assessment within 30 days. If an eligible data breach is confirmed, we will notify affected individuals and the OAIC as soon as practicable. 

For DIFC matters, we will notify the DIFC Commissioner of Data Protection as soon as practicable where required and notify affected individuals where there is a high risk to them. We document incidents in our breach register and follow our Data Breach Response Plan. 

19. Privacy complaints and contact details

If you have a question, concern or complaint about how we handle personal information, contact our Privacy Officer: 

Australian Privacy Officer 

• Postal: PO Box 607, Surfers Paradise QLD 4217 

• Email: [email protected] 

• Phone: +61 7 5571 2602 

Dubai Privacy Officer (DIFC privacy contact) 

• Postal: PO Box 507928, Dubai, UAE 

• Email: [email protected] 

• Phone: +971 (0) 4 584 4301 

We will acknowledge your complaint and aim to resolve it within 30 days. If we need more time, we will tell you why and keep you updated. 

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner. 

Office of the Australian Information Commissioner 

• GPO Box 5288, Sydney NSW 2001 

• Online enquiry: OAIC website enquiry form 

• Tel: 1300 363 992 

• Website: www.oaic.gov.au 

If you are not satisfied with our response and the DIFC Data Protection Law applies, you may contact the Commissioner of Data Protection: 

The Commissioner of Data Protection 

• Dubai International Financial Centre Authority 

• Level 14, The Gate P.O. Box 74777, Dubai, UAE 

• Email: [email protected] 

• Tel: +971 4 362 2222 

• Website: www.difc.com 

•  

20. Changes to this Policy

We may update this Privacy Policy from time to time. The current version will be published on our website. 

Appendix 1: Mortgage services privacy disclosure statement 

This Appendix applies to mortgage broking services provided by Atlas Mortgages Pty Ltd (ABN 93 646 699 863) as an authorised credit representative of Mortgage Specialists Pty Ltd ABN 76 605 599 997 T/As Hfinance, Australian Credit Licence 387025. 

Credit representatives (mortgage services) include: 

• ASIC Corporate Credit Representative – 488667 (Hfinance Pty Ltd). 

• ASIC Credit Rep Number – Jeremy Harper 463430. 

• ASIC Credit Rep Number – Kirstie Penton 507763. 

Privacy disclosure statement 

In handling your personal information, Mortgage Specialists Pty Ltd ABN 76 605 599 997 T/As Hfinance, Australian Credit Licence 387025, 325 Churchill Ave, Subiaco WA 6008, Australia, 08 9286 6888 and our Authorised Credit Representatives are committed to complying with the Privacy Act 1988 and the Australian Privacy Principles. 

How and why we collect your personal information 

We collect personal information from you when you apply for or use our products and services. In particular, we collect it so we can provide you with the products and services you require. 

Providing your personal information to other organisations 

In providing products and services to you it may be necessary for us to retain your personal information and provide it to other organisations with which we conduct business. We may exchange the information with the following types of entities, some of which may be located overseas: 

• Organisations which provide finance or other products to you or to whom an application has been made. 

• Finance consultants, accountants and auditors, conveyancers and legal advisers, insurers, printers, and mailing services. 

• Any associates, related entities, contractors and our mortgage aggregator (Specialist Finance Group). 

• Any industry body, tribunal, court or otherwise in connection with any complaint regarding our services. 

• Any person where we are required by law to do so. 

• Your referees, such as your employer, to verify the information you have provided. 

• Any person considering acquiring an interest in our business or assets. 

• Any organisation providing online verification of your identity. 

Overseas recipients (mortgage services) 

Some recipients may be located overseas. As set out in credit licensee documentation, this may include Bangladesh, India, Ireland, Malaysia, the Philippines, and the United Kingdom. 

Your rights 

You may gain access to the personal information that we hold about you by contacting us. You can also contact us to obtain a copy of the privacy policy of Mortgage Specialists Pty Ltd and a copy of this Privacy Policy. You can request a copy of the Mortgage Specialists Pty Ltd privacy policy using the contact details set out above. You can also request a copy of the privacy policy of any credit reporting body that may access your personal information. 

Appendix 2: Mortgage services complaints and dispute resolution 

This Appendix applies to complaints about mortgage broking services. It is separate from privacy complaints, which are handled under Section 19. 

You can lodge a complaint verbally or in writing. If you lodge the complaint by email or mail, please include as much information as you can and explain the details of your complaint as clearly as you can. 

Internal dispute resolution (IDR) 

Step 1: Please contact Jeremy Harper in the first instance as many disputes can be resolved relatively quickly. You can contact Jeremy Harper on (02) 8528 0462 or [email protected]. Your mortgage broker will have 5 days in which to try and resolve the dispute. 

Step 2: If you are not satisfied with the outcome or the way your complaint has been handled, you can escalate the complaint to the Internal Complaints Officer who will endeavour to resolve your complaint: 

• Complaints Officer: Mark Norman 

• Specialist Finance Group 

• Email: [email protected] 

• Address: 325 Churchill Ave, Subiaco WA 6008, Australia 

• Phone: 08 9286 6888 

In some instances, your broker may also be fulfilling the role of the Complaints Officer. This will not affect the capacity to have your complaint dealt with appropriately. 

Once the dispute is escalated, we will provide you with a written response no later than 30 calendar days after receiving the complaint. For certain complaints involving financial difficulty, the maximum timeframe is 21 calendar days. If a longer timeframe is permitted under ASIC Regulatory Guide 271, we will tell you. 

External dispute resolution (EDR) 

If you are still not satisfied with the outcome of your complaint, you can refer the matter to the Australian Financial Complaints Authority (AFCA): 

• AFCA member reference: 57628 

• Australian Financial Complaints Authority (AFCA) 

• Mail: GPO Box 3, Melbourne VIC 3001 

• Phone: 1800 931 678 

• Email: [email protected]