top of page


Fortnum and its Principal Practices and associated entities, including any Authorised Representatives

(Fortnum Group Members) (collectively, “we” or “us”) take very seriously our obligations under the

Commonwealth Privacy Act (Privacy Act) to protect your personal information. Under the Privacy

Act, we are bound by the Australian Privacy Principles, and in his Privacy Policy, we describe how we

intend to meet our privacy obligations.



The Privacy Act sets out the information that it protects.

Personal information generally means information or an opinion about a person, where the person

is identified or is reasonably identifiable.

Sensitive information means a person’s health information, genetic information, certain biometric

information and biometric templates. It also means certain personal information, being an opinion

about a person’s:

• racial or ethnic origin;

• political opinions;

• membership of a political association;

• religious beliefs or affiliations;

• philosophical beliefs;

• membership of a professional or trade association;

• membership of a trade union;

• sexual orientation or practices; or

• criminal record


Where in this Privacy Policy we refer to personal information, unless the context requires otherwise

that is a reference to both personal information and sensitive information.



Fortnum and Fortnum Group Members only collect and hold personal information that is relevant

to, and reasonably necessary for, the financial and other services we provide to you. In addition, we

only collect sensitive information if you consent, or in specific circumstances set down in the

Australian Privacy Principles.

The kind of information we will be likely to collect, and hold includes your name, address and

contact details, tax file number, personal medical information, your date of birth and details about

your financial circumstances, goals and strategies.



You are not obliged to give us your personal information. However, if you decide not to give us

information needed in order to provide you with services, we may not be able to provide those

services to you.



Fortnum and Fortnum Group Members must collect personal information only by lawful and fair

means. We will usually only collect your personal information directly from you, for example, in

discussion with you or via email. We may collect your personal information from another person if

you consent, if we are required or allowed by law to do so, or if it would be unreasonable or

impracticable for us to have to collect it from you.


For example, it may be necessary to collect personal details from third parties, such as issuers or

operators of financial products or financial services. However, we will endeavour to collect such

information directly from you wherever practicable.


When we collect personal information about you, we will tell you why it is being collected, the

organisations, or the types of organisations, to whom we usually disclose that kind of information,

any law that requires the information to be collected, and the main consequences for you if the

information (or part of the information) is not provided. We will also give you our contact details and

tell you about how you can access the information.


Fortnum uses Salesforce as its cloud-based relationship managed system. Salesforce hosts data

through Amazon Web Services (AWS). The AWS servers are located in Sydney. Salesforce do not own

your data or have access to your data. There are instances where your data is stored within

Salesforce. We have attached a link to the Salesforce Privacy Policy relevant to our instance here:

In addition, Fortnum uses the Microsoft Office 365 operating system. Portions of your data may be

stored through these systems. Microsoft have confirmed that data is stored in part in Australia and

also the United States of America. We have attached a link to the Microsoft Privacy Policy for your



In addition, Fortnum utilises the services of Contractors, who are located in the Philippines and India.

From time to time, we may utilise services of Contractors who are located in other countries.

Your adviser may disclose your personal information to overseas recipients in order to access

services they provide, such as paraplanning and administration. If this is the case, your Adviser or

their Principal Practice will provide you with details, including the relevant countries. If you consent

to this overseas disclosure, it is on the basis that Fortnum has not checked that the overseas

recipient complies with the Privacy Act but rather, this due diligence has been undertaken by the

Principal Practice.



Personal information is collected and held so that Fortnum and your Adviser can provide you with

services you request. This is known as the “primary purpose” for collecting and holding personal



We cannot use or disclose your personal information for any secondary purposes unless certain

circumstances apply. We can use or disclose personal information for a secondary purpose where

you give us your consent to do so, or where:


• the secondary purpose is related to the primary purpose (where the information is

sensitive information, it must be directly related to the primary purpose); and

• you would reasonably expect us to use or disclose the information for the secondary



The types of secondary purposes for which we would ordinarily use or disclose your personal

information include contacting you regarding other services that we believe may be of interest to


We may also use or disclose information where such use or disclosure is permitted by the Australian

Privacy Principles. For example, where reasonably necessary to deal with unlawful activity or serious

threats to life, health or safety.


Some primary and secondary purposes will require disclosure of your personal information to third

parties. Some examples of when this would be required include for the purpose of providing you

with services. The likely recipients would be the issuers or operators of financial products or financial

services and providers of office and related services to us. We will require that any third parties to

whom we disclose personal information will only use that information for the purposes for which we

disclosed it to them and on the basis that they will comply with their privacy obligations.


If your Fortnum Group Member moves to another Australian Financial Services Licensee (AFSL), we

may provide your personal information to the other AFSL to enable your Fortnum Group Member to

continue providing you with services. Similarly, if your Fortnum Group Member sells their business

to another financial adviser or AFSL we may provide your personal information to them to enable

them to provide you with services. In the event of either of these things occurring, Fortnum will

notify you in advance and you will have the ability to opt out of this transition.



Fortnum and your Fortnum Group Member will take reasonable steps:

• to make sure all personal information we collect is accurate, complete and up-to-date at

all times;

• to make sure all personal information we use or disclose is (having regard to the purpose

of the use or disclosure) accurate, complete up-to-date and relevant at all times.

We will also take reasonable steps to protect your personal information from misuse, interference

and loss, and from unauthorised access, modification and disclosure. Once your personal

information is no longer required by us, we will take reasonable steps to destroy or permanently de[1]identify that personal information, except in circumstances where we are required by law to retain




If you think the personal information Fortnum and your Fortnum Group Member hold about you is

not accurate, complete or up-to-date, you should let us know. Also, please let us know any

relevant changes to your personal circumstances as soon as possible.


We will take reasonable steps to correct information where you provide sufficient evidence or we

are otherwise satisfied, having regard for the purpose for which the information is held, that the

information is inaccurate, out-of-date, incomplete, irrelevant or misleading. We will also notify the

correction to other parties to whom we have previously disclosed the information and if such a party

refuses to make a correction, we will notify you of that refusal and how you can make a complaint.

If you require access to personal information we hold about you, please send us an email to We will generally allow access, unless certain exceptions apply under

the Australian Privacy Principles – for example, if we reasonably consider providing access would

pose a serious threat to the life, health or safety of any person, or providing access

would be likely to prejudice action being taken by an enforcement body, or providing access would

be unlawful.


Your request should specify the information to which you require access or which you wish to be

corrected. We will keep a record of your request for and the manner in which it was

dealt with.


We will not charge you for requesting access to, or correction of, your personal information. We

may, however, charge you the costs associated with meeting your request for access, for example

photocopying and postage costs.


We are required to respond to your request for access or correction within a reasonable period, of

receipt of your request.


We will provide you with access in the manner you request, if it is reasonable and practicable to do

so. If we cannot meet your request for access or correction, we will notify you by email and where

reasonable we will give you our reason and take steps to provide you with access. We will also tell

you about how you can complain about our decision.



You can contact us anonymously or by using a pseudonym. However, being unable to identify you

will limit the services your Fortnum Group Member can provide you and there may be specific cases

where we are prevented by law from dealing with you unless we identify you.



Should a data breach occur, we will notify affected individuals and the Office of the Australian

Information Commissioner (OAIC) of the data breaches that are likely to result in serious harm

within 30 days of the breach event.


The factors which might contribute to a reasonable person thinking “serious harm” might have

occurred include:

• The sensitivity of the information;

• Whether the information was encrypted;

• Whether the information was in a secure file;

• How likely it is that the security could be breached; or

• The identity of the person who obtained the information, whether they intend to cause

harm to the affected person and the nature of the harm.



If you would like further information about how we handle your personal information, please send

us an email to


If you wish to make a complaint in relation to privacy, including a breach of the Australian Privacy

Principles, you can let us know by putting your concerns in writing or by calling us. You can contact

us at:

Complaints Officer (Fortnum)

PO Box R1872

Royal Exchange NSW 1225

By email at or by calling (02) 9904 2792.


Fortnum will investigate your complaint and respond to your concerns as quickly as possible and

within 30 days

bottom of page