Skip to content

Privacy Policy

1. Introduction 

This Privacy Policy applies to Iron Capital Asset Management Co Pty Ltd (‘ICAM’, ‘we’, ‘us’ and ‘our’) and any of its associates and subsidiaries in connection with its financial services business. ICAM operates an investment management business and acts as the investment manager for the Iron Capital Trust. The trustee of the Iron Capital Trust is The Trust Company (Australia) Limited. We recognise that your privacy is important to you, and we are committed to protecting your privacy and handling your personal information in an open and transparent way.

 

2. What does this Privacy Policy cover?

This Privacy Policy explains how we collect, handle, store and protect personal information when:

  • We provide services to you and our clients.
  • You use our website and/or our services.
  • We perform any other activities that form part of the operation of our business.

3. What laws apply to us?

When handling personal information we will comply with the Australian Privacy Principles (‘APPs’) contained in the Privacy Act 1988 (Cth) (‘Privacy Act’) and other applicable legislation (such as Australian State and Territory health privacy legislation), as well as the Spam Act 2003 (Cth) (‘Spam Act’) and the Do Not Call Register Act 2006 (Cth).

The APPs are legally binding principles that are designed to ensure that individuals’ personal information is protected throughout the information lifecycle, i.e. from the time the information is collected through to its destruction. The APPs also give individuals the right to access their personal information, and have it corrected if it is incorrect.

Additional information about privacy is available on the website of the Office of the Australian Information Commissioner at www.oaic.gov.au.

 

4. Personal information we collect
4.1 What is personal information?

‘Personal information’ is information from which your identity is reasonably apparent, e.g., your name and contact details. This information may include information or an opinion about you, whether true or not.

4.2 What is sensitive information?

‘Sensitive information’ is personal information that includes information relating to your racial or ethnic origin, political persuasion, memberships in trade or professional associations or trade unions, sexual preferences, criminal record, or health.

Generally, we do not collect or hold sensitive information and will only collect sensitive information about you with your consent.

4.3 Types of personal information

Generally, we only collect personal information that is reasonably necessary for, or directly related to, one of more of the functions and activities of our business. For example, we may request that you provide your personal information when you invest in the Iron Capital Trust (or another ICAM investment offer) or undertake a transaction in relation to your investment (e.g., request a transfer of your interest in the Iron Capital Trust or update banking details). We may also request that you provide your personal information when you interact with us, e.g., via our website or social media channels.

There may be other occasions when we collect personal information about you or from other sources, such as from our related entities, a publicly maintained record or from an information services provider. We may also share personal information about you with our related entities.

The types of personal information we may collect include, but are not limited to:

  • Contact details, such as your name, residential or postal address, email address, telephone numbers (including mobile, home and/or work).
  • Date of birth and gender.
  • Details about your spouse, children and other family members.
  • Details about shareholders, beneficiaries and beneficial owners related to you or your entities.
  • Identification details and documents, such as driver’s licence, passport, utilities bill, trust deed.
  • Bank account details.
  • Tax file number.
  • Occupation, work and employment details.
  • Financial information, such as details of your assets, liabilities, income and expenses.
  • Any other relevant information that you give to us (or we collect) in connection with any service or product provided by us.
  • Details of your interactions with us, including complaints.

We do not collect or hold information relating to your racial or ethnic origins, religious affiliation or political opinions.

We may collect personal information about you from suppliers, contractors and third-party service providers that we engage to help us operate our business.

We may also collect personal information about you when you use our website or when you attend an ICAM event, or an event sponsored by ICAM. For example, if you sign up to receive communications about services or products provided by us.

 

5. Collection and use of personal information

5.1 How we collect personal information

We collect your personal information in a number of ways, which can broadly be categorised as set out below.

5.1.1 Information that comes directly from you

Generally, we will collect your personal information directly from you, e.g., when you invest in the Iron Capital Trust (or another ICAM investment offer), when you have a face-to-face meeting with us, call us or communicate with us via email, post, social media channels, surveys or our website.

We will collect the personal information when you apply to invest in the Iron Capital Trust (or another ICAM investment offer) or via our customer onboarding process. Personal information will also be collected when you use our services and submit forms / requests (such as ‘Change of Details’, ‘Transfer Requests’ etc).

You are not required to provide your personal information to us; however, it may restrict the function of some parts of our website or the services we are able to provide (e.g., you may not be able to invest in the investment offer).

5.1.2 Information from third parties

We may receive personal information about you from third parties, for example:

  • Third parties may be engaged to analyse traffic on our website, our social media channels, registry providers etc, which may involve the use of cookies.
  • Where a third party provides security-related or identity verification services.
  • Publicly available registers (such as company searches or ABN registers), social media platforms (such as Facebook and Instagram), websites and other sources.

In some circumstances, we may collect personal information about an individual from a third party (e.g., an employment reference from another person, to comply with our obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) and the associated regulations (‘AML CTF Laws’) or to comply with the FATCA/CRS requirements).

5.1.3 Information from your use of our website

Personal information will be collected when you perform any action on, or interact with, any part of our website, including:

  • Clickstream data, which is a record of how you navigate or click through our website.
  • Information obtained through the use of cookies, web beacons and similar storage technologies. Please refer to the section of this privacy policy entitled “Cookies” for further information, including information on how you can disable these technologies.

Whenever you lodge a support query using our “Help” or “Contact us” features on our website, then we collect your name and email address, in order to be able to reply to you and provide the support or advice requested.

5.1.4 Excluded activities

We do not use address-harvesting software to collect personal information.

5.2 Providing personal information about someone else

If you provide us with someone else’s personal information, you should only do so if you have their authority or consent to provide us with their personal information. You should also take reasonable steps to inform them of the matters set out in this Privacy Policy. By providing someone else’s personal information, you warrant to us that you are authorised to provide us with that information.

5.3 Your own risk

While we take reasonable steps to maintain secure and safe internet connections, the supply of personal information over the internet is at your own risk.

If you follow a link on our website to another website, the owner of that website may have its own privacy policy that will apply to its use of your personal information processed on that website. We suggest you review that website’s privacy policy before you provide access to your personal information.

5.4 Holding personal information

We will keep and use your personal information:

  • Until we no longer have a valid reason for keeping it.
  • Until you request us to stop using it.
  • For as long as required by law e.g., we keep invoice information for seven years to fulfil our tax obligations.

We will also take reasonable steps to destroy your personal information or put it beyond use (e.g., de-identify the personal information so it cannot be used to identify you) once we no longer require it for the purposes for which it was collected or for any secondary purpose permitted under the APPs.

5.5 Purpose for collecting, holding, using and disclosing personal information

We may collect, use, hold/store and disclose your personal information for a range of purposes, including the following:

  • Operate and manage our business.
  • Manage our relationship with you and respond to queries.
  • Provide services, such as investment management services.
  • Provide information to you about our services and products, including marketing material.
  • Review your eligibility to create or continue to use a user account with us.
  • Assess applications to invest in financial products.
  • Assess and process your applications to invest in the Iron Capital Trust (or another ICAM investment offer), including (without limitation) transfers, deposits, payments, generating reports and record keeping.
  • Provide you with access to (and to use) our website and our services.
  • Ascertain and verify your identity, including your authority to act on behalf of another person (if applicable), including:
  • Check your identity against databases maintained by Government agencies and other databases (e.g., the Document Verification Service maintained and provided by the Commonwealth of Australia);
  • Identify, prevent and/or investigate any actual or suspected suspicious activity, such as fraud, unlawful activity or threats to our systems.
  • Compliance with our legal and regulatory obligations, including (but not limited to) in relation to the AML CTF Laws and taxation laws (such as FATCA and CRS obligations), including notification, access and reporting obligations imposed on us by an applicable Government agency, law enforcement agency or regulatory authority.
  • Communicate and correspond with you, including:Details of new financial products, investment offers and services, such as marketing material and promotional messages.
  • Perform market research, such as customer surveys.
  • Updates regarding the Iron Capital Trust (or such other ICAM investment offer).
  • Responding to feedback and information requests relating to our services.
  • Advise you when we are experiencing technical difficulties.
  • Alert you of new features or developments to our website or services.
  • Provide you with notification and access to financial products and investment offer updates, tax statements and financial statements.
  • Administrative messages, reminders, notices, updates, security alerts, and other information relevant to your use of our services.
  • Communicate with our third-party service providers, suppliers and other users of our website and/or services.
  • Track access to our website and our services, including for business analysis purposes, to monitor customer activity and to help detect and prevent any fraudulent or malicious activity.
  • Analyse and report on usage of our website and our services.
  • Training, development and recruitment purposes (including matters relating to the employment of our personnel) and providing internal services or benefits to our staff.
  • Process and respond to your applications, instructions, requests and queries and deal with any complaints or conflicts of interest.
  • Administrative purposes, including processing applications, transfers, redemptions, distributions and payment transactions.
  • Resolve any disputes that we may have with you (or any of our clients).
  • Protect and/or enforce our legal rights and interests, including defending any claim.
  • Investigate, manage and prevent actual, potential or suspected improper conduct such as fraud or other illegal activities.
  • Assist in law enforcement purposes, investigations by police or other government or regulatory authorities and to meet reporting obligations and requirements imposed by law or agreed to with government or regulatory authorities in any jurisdiction.
  • Monitor and protect our brands.
  • Gather and aggregate information for statistical, prudential, actuarial, data analytics and research purposes, including market research and data matching.
  • Manage and improve our databases and website, including performing internal statistical analysis of our databases and website.
  • Any actual or potential business sale, disposition, merger, joint venture, alliance, acquisition or referral arrangement.
  • For any purpose related to the above.

We may also collect, use, hold/store and disclose your information for other purposes where the law allows or requires us.

If you do not provide us with the personal information that we request/require, we may not be able to provide you with the services or products you have requested or fulfil the purpose for which such information was requested or collected, including providing you with the services or products we were engaged to perform or provide.

5.6 Direct marketing

We may send you direct marketing communications and information about our financial products, investment offers and services. You may also receive direct marketing communications and information from businesses that we have a relationship with. This may take the form of emails, SMS, mail, social media posts/notifications or other forms of communication, in accordance with the Spam Act and the Privacy Act.

If you do not wish to receive marketing information, you may at any time decline to receive such information by contacting us using the details listed below.

If the direct marketing is by email you may also use the unsubscribe function. We will not charge you for giving effect to your request and will take all reasonable steps to meet your request within a reasonable timeframe.

5.7 Disclosure of personal information

We may disclose personal information for the purposes described in this Privacy Policy to:

  • Our related entities and businesses that we have a relationship with.
  • Third party suppliers and service providers in connection with providing our services, including custodians, administration and registry providers, credit reporting bodies, credit providers, valuers, printing and postal services, call centres, insurers, recovery firms, debt collectors, accountants and lawyers.
  • Anybody who represents you, such as financial advisers, lawyers, guardians, persons holding power of attorney and accountants.
  • Claims related providers, such as assessors and investigators who help us with claims.
  • Financial institutions involved in our business, e.g., to obtain finance for our business / financial product or to process a claim for mistaken payment.
  • Identity verification service providers, including document issuers, official record holders, service providers, government or regulatory bodies, credit agencies or other information holders and repositories (including via third party systems).
  • Service providers and suppliers who provide goods and/or services to us (including identity checks), and any other partners who help us market and sell our services, e.g., to manage customer relations, send out newsletters and/or to process payments.
  • Businesses that supports us, including hosting or maintaining any underlying software, IT system or data centre that we use to provide and operate our website and/or services.
  • Companies, agencies or individuals that maintain databases against which your identity may be verified, which may include (but is not limited to) the Commonwealth of Australia Document Verification Service.
  • Legal and accounting firms, auditors, insurers, health-care providers, consultants and other advisers for the purpose of administering our offers and financial products.
  • Specific third parties authorised by you to receive information held by us (e.g., your authorised signatories / representatives, lawyer, accountant or financial adviser).
  • Potential purchasers/organisations involved in the proposed sale of our business (or part of our business) for the purpose of due diligence, corporate re-organisation and transfer of all or part of the assets of our business.
  • Government agencies, regulatory bodies, law enforcement agencies and other persons who can require us to supply personal information.
  • Social media sites on which we have a presence, to the extent that you interact with us via a social media site.
  • Anyone who assists us to identify, prevent or investigate suspicious matters, fraud, unlawful activity, misconduct or threats to our systems.
  • Third parties to anonymise and aggregate statistical information.
  • Third parties in relation to due diligence requests and/or transfer personal information in the case of a sale, merger, consolidation, liquidation, reorganisation or acquisition of our business.
  • Other third parties from time to time with your implied or express consent or as required or authorised by law.
  • At no time will sell or transfer your personal information to third parties for the purpose of allowing them to send marketing material (unrelated to the Iron Capital Trust, ICAM’s investment offers or our services) to you without your consent.
  • Where we provide your personal information to a third party, the third party may collect, use, hold/store and disclose your personal information in accordance with their own privacy policy and terms of use. A third party’s privacy policy and terms of use, the legal protections afforded to you by them, and the third party’s ability to collect, use, hold/store and disclose your personal information may be different to that set out in this Privacy Policy and, if the third party is located outside Australia, are likely to be governed by the laws of a jurisdiction other than Australia. Where reasonable and practical, we recommend that you carefully read and familiarise yourself with the privacy policy and terms of use of any third party with whom we are required to share your personal information. You should contact other third parties directly for copies of their privacy policies.
  • We may share non-personal, de-identified and aggregated information with third parties for several purposes, including data analytics, research, submissions, thought leadership and promotional purposes.

 

6. Storage and security

6.1 Storage of personal information

ICAM is located in Australia, so your personal information may be transferred and/or stored there. The personal information we hold about you may be held by us in electronic form on our secure servers and may also be held in paper form.

We may use cloud based storage to store the personal information that we hold. The cloud based storage and servers may be located outside Australia.

In the event that your personal information is held in an overseas country the information will not be protected by the APPs. By providing personal information, you consent to your information being disclosed and held in this manner.

We may utilise the services of third party processors (or sub-processors, as applicable) in various overseas countries who may access your personal information. Consequently, we may transfer personal information to persons or entities located in an overseas country. Whilst we take reasonable steps to make sure the overseas recipient will not breach the APPs personal information that is held in an overseas country may not be protected by the APPs. By providing personal information, you consent to your information being disclosed and held in this manner.

In addition, we may use file sharing and storage service providers (such as SharePoint, Dropbox and Google Drive), cloud based data processing and email software providers (such as Microsoft Outlook or Gmail) and marketing software providers (such as Mail Chimp) in the operation of our business which may use, access or contain personal information we hold about you.

6.2 Destruction of personal information

When all our legal obligations to retain your personal information have expired, or we no longer need your information for a purpose permitted under law, we may take such steps as are reasonable to destroy or de-identify the information.

6.3 Using our website and cookies

We may collect personal information about you when you use and access our website and through emails, e.g., through the use of ‘cookies’ which is a small text file that is placed on your computer or internet-enabled device whenever you visit our website.

While we do not use browsing information to identify you personally, we may record certain information about your use of our website, such as which pages you visit, duration on each page, the time and date of your visit and the internet protocol address assigned to your computer.

6.4 How we keep your information safe

We may hold/store your personal information in either electronic or hard copy form. We take reasonable steps to protect your information from misuse, interference and loss, as well as unauthorised access, modification or disclosure and we use a number of physical, administrative, personnel and technical measures to protect your personal information, e.g., passwords, firewalls, intrusion detection and virus scanning tools; and building security measures.

Despite this, we cannot provide any assurance or guarantee regarding the security of your personal information or the transmission of information you communicate to us online (including by email). We also cannot guarantee that the information you supply will not be intercepted while being transmitted over the internet (including by email). Accordingly, any personal information or other information which you transmit to us online or by email is transmitted at your own risk.

 

7. Privacy on our website
7.1 Automatic collection of personal information

Cookies and other technologies may be used by us on our website and through email to automatically collect certain types of information. The collection of this information allows us to customise your online experience, market products and services to you, improve the performance, usability and effectiveness of our online presence and to measure the effectiveness of our marketing activities.

If you use our website and provide information about your preferences, then we may use your information to personalise your user experience. If you use our website using a third-party account, we may collect any information you have permitted the third-party service to share, such as your name and email address, which will be dependent on the privacy settings that have been set with the third-party service provider and their privacy policy.

7.2 IP addresses

An IP address is a number assigned to your computer whenever you access the internet. It is not linked to personally identifiable information. We may use IP addresses to analyse trends, administer the website, track user’s movement, and gather broad demographic information.

7.3 Cookies

A ‘cookie’ is a small text file that is placed on your computer or internet-enabled device by our web server whenever you visit our website. This allows our website to remember your computer or device and serves a number of other purposes.

The use of cookies is an industry standard, and many major browsers are initially set up to accept them. You can reset your browser settings to either refuse to accept all cookies or to notify you when you have received a cookie. You may also delete cookies from your device at any time. However, if you refuse to accept cookies, you may not be able to access or use all of the features available on our website.

Cookies by themselves do not tell us your email address or otherwise identify you personally. In our analytical reports, we may obtain other identifiers including IP addresses, but this is for the purpose of identifying the number of unique visitors to our website and geographic origin of visitor trends, and not to identify individual visitors.

7.4 Web analytics

We may use web analytic tools to collect information about use of our website and our services, with the goal of improving our service offerings. These web analytic tools collect information such as how often users visit our website and use our services, what pages they visit when they do so, and what other sites they used prior to coming to the site.

7.5 Location-based tools

We may collect and use the geographical location of your computer or mobile device. This location data is collected for the purpose of providing you with information regarding services which we believe may be of interest to you based on your geographic location, and to improve our location-based products and services (if applicable).

7.6 Social media features

Our website may host blogs, forums, crowd-sourcing and other applications or services (collectively “social media features”). The purpose of social media features is to facilitate the sharing of knowledge and content. Any personal information that you provide on any ICAM social media feature may be shared with other users of that social media feature (unless otherwise stated at the point of collection), over whom we may have limited or no control.

7.7 Links

Our website may contain links to websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites, and have no control over or rights in those linked websites. The privacy policies that apply to those other websites may differ substantially from our Privacy Policy, so we encourage you to read them before using those websites. Unless expressly stated otherwise, we do not endorse, approve or recommend the company, product or service provided on or associated with any external link.

7.8 Your choice

You have several choices regarding your use of our website. In general, you are not required to provide personal information when you visit our website. However, if you apply to receive information about our services, events, newsletters and updates, wish to acquire products or services or apply for a job, provision of certain personal information will generally be required.

 

8. Children

We understand the importance of protecting children’s privacy, especially in an online environment. Our website is not intentionally designed for or directed at children under the age of 18. It is our policy to never knowingly collect or maintain information about anyone under the age of 18, except as part of a specific engagement to provide services or products that necessitates such personal information being collected, e.g., to comply with our legal obligations (such as collection of beneficiary details and verification of identity performed in compliance with the AML CTF Laws).

 

9. Accessing and correcting your personal information

You can request access to the personal information we hold about you by contacting us using the information below, subject to some limited exceptions permitted or required by law. Sometimes, we may not be able to provide you with access to all your information and, where this is the case, we will endeavour to explain why. We may also need to verify your identity when you request access to your information.

We will not provide you with access to information which would reveal any confidential formulae or the detail of any in-house evaluative decision-making process but may instead provide you with the result of the formulae or process or an explanation of that result (if applicable).

If you think any personal information we hold about you is inaccurate, incomplete or misleading, please contact us and we will take reasonable steps to ensure that our records are corrected in accordance with the requirements of the Privacy Act.

 

10. Notifiable Data Breaches

The Privacy Act includes a Notifiable Data Breaches (‘NDB’) scheme which requires us to notify you and the Office of the Australian Information Commissioner (‘OAIC’) of certain data breaches and recommend steps you can take to limit the impacts of a breach (e.g., a password change).

The NDB scheme requires us to notify affected individuals about a data breach that is likely to result in serious harm to those affected individuals. There are exceptions where notification is not required, e.g., where we have already taken appropriate remedial action that removes the risk of serious harm to any individuals.

If we believe there has been a data breach that impacts your personal information and creates a likely risk of serious harm, we will notify you and the OAIC as soon as practicable and keep in close contact with you about the nature of the breach, the steps we are taking and what you can do to reduce the impacts to your privacy. If you believe that any personal information we hold about you has been impacted by a data breach, then please contact us.

 

11. Making a complaint

If you think we have breached the Privacy Act or Spam Act, or you wish to make a complaint about the way we collect, use, hold/store and/or disclose your personal, you can contact us using the details set out below. Please include your name, email address and/or telephone number and clearly describe your complaint. We will acknowledge your complaint and respond to you regarding your complaint within a reasonable period. If you think that we have failed to resolve the complaint satisfactorily, we will provide you with information about the further steps you can take.

If you are not satisfied with how we have dealt with your complaint you can contact the Office of the Australian Information Commissioner using any of the following details:

Post: Office of the Australian Information Commissioner
GPO Box 5288
Sydney NSW 2001

E: enquiries@oaic.gov.au

T: 1300 363 992

www.oaic.gov.au

 

12. More information

We are required to comply with the Privacy Act, which contains the APPs. A summary of the Australia Privacy Principles, a copy of the Privacy Act and additional information about privacy is available on the website of the Office of the Australian Information Commissioner at www.oaic.gov.au.

 

13. Changes to this Privacy Policy

We may modify or amend this Privacy Policy from time to time. Before providing us with personal information, please review our current Privacy Policy.

To let you know when we make changes to this Privacy Policy, we will amend the revision date at the bottom of this page. The new modified or amended Privacy Policy will apply from that revision date. Therefore, we encourage you to periodically review this Privacy Policy to be informed about how we are protecting your information.

This Privacy Policy supersedes and replaces all previous privacy policies issued by us that you may have received or accessed, including those contained in or referred to in any correspondence, telephone call or document.

 

14. Our contact details

For further information about our Privacy Policy or practices, or to access or correct your information, or make a complaint, please contact us using the details set out below:

Iron Capital Asset Management Co Pty Ltd
Attention: Privacy Officer

Post: Level 12, 50 Berry Street
North Sydney, NSW 2060
Australia

E: icam@ironcapital.com.au

www.ironcapitalam.com.au

Office Locations

Australia
Iron Capital Asset Management
Level 12, 50 Berry Street, North Sydney, NSW 2060

Email: krishna@ironcapital.com.au

 

United Kingdom
Iron Capital Asset Management
10 Finsbury Square, London, EC2A 1AF
Phone: +44 20 3000 4567
Email: ben@ironcapital.com