1. Introduction

Protecting our clients' privacy is very important to us. The Privacy Act 1988 (Cth) (the Privacy Act) and regulations including the thirteen Australian Privacy Principles (APPs) regulates the way in which Lonsec collect, use, disclose, maintain, and provide access to Personal Information.

1.1 Purpose

Lonsec has established this Privacy Policy (Policy) to explain our policy and practices with respect to the collection, use and management of your personal information and our approach to complying with the APPs.

1.2 Scope

This Policy applies to Lonsec Holdings Pty Ltd and its subsidiaries and related body corporates (“Lonsec”, “we” or “us”).


2. Collection of Personal Information

Personal information is defined under the Act as information or an opinion about an identified individual, or an individual who is reasonably identifiable:

  • whether the information or opinion is true or not; and
  • whether the information or opinion is recorded in a material form or not.

Lonsec's main business is to produce research reports, ratings, data, investment consulting and investment related information across the financial services industry. The types of personal information we collect about you will depend on the product or service you receive and/or subscribe from us.

2.1 Sensitive information

Sensitive information is a subset of personal information and is generally given a higher level of protection under the Privacy Act than personal information. It includes an individual's health, genetic and biometric information, and information about an individual's race or ethnicity, political opinions, or associations, religious or philosophical beliefs, sexual orientation, or criminal record. Lonsec does not collect, hold nor deal with sensitive information.

2.2 Types of personal information collected

The personal information we collect about you includes, but is not limited to:

  • Your name, phone number, street address, and/or email address
  • Signature
  • Your date of birth, gender, employment details, financial details, domicile, and citizenship status.
  • Your credit card number or bank account details for the purpose of your subscription payments.
  • If you are acting on behalf of your employer, your job title, employer's name, and contact information.
  • Account credentials such as your user ID and password for our online products.
  • Personal website usage information, including cookies and other information about your computer, device, and browser.
  • When using our MDA service, we also collect the following:
    • your investment preferences;
    • your Tax File Number;
    • your Australian Business Number;
    • your bank account or other financial institution details; and
    • identification documents

2.3 Methods of collecting personal information

Lonsec collects personal information via various methods which include:

  • subscription forms, feedback forms via Lonsec Group affiliated websites
  • contracts
  • via phone
  • fax
  • email
  • publicly available information
  • third parties* such as your employer, business associates, your financial adviser or legal representative in order for us to provide our service(s) and
  • Lonsec's associated body corporates

*Note: Where Lonsec collects your personal information from a third party, it is that third party's responsibility to notify you about the disclosure of your personal information to us and provide you with a copy of our Privacy Policy</i >

We are required to obtain your consent to collect your personal information (i.e., where it has been solicited directly by us).

If you provide us with personal information of another person you should let that person know that their information has been provided to Lonsec and will be handled by us in accordance with this Policy.

2.4 Purpose of collecting personal information

Lonsec will collect, store, use and process personal information to enable us to provide you with:

  • products and services for which you require or subscribe
  • help improve our products and services
  • undertake market research, member data analysis and direct marketing activities
  • keep you up to date on other products and services that may be of interest to you
  • manage and resolve complaints made
  • recruitment purposes
  • report information required by law or regulations
  • improve the operation of our business and enhance the delivery of our products and services
  • perform any other appropriate related functions

2.4.1 Our MDA service offering

When you invest in our managed discretionary account services (MDA), we collect, use and disclose your personal information in order to provide our MDA services to you, including for the following purposes:

  • Your identification details are used to process your application, manage your investment, ensure that you receive your distributions, provide you with information about your investment from time to time, process redemptions and to ensure that we comply with our legal and regulatory obligations.
  • During the time you are an investor in our managed discretionary account service we will hold investment-related information about you including the amount you have invested and your investment preferences.
  • Your Tax File Number and Australian Business Number (where relevant) is collected in order for us to ensure that your investment is taxed correctly.
  • Your identification details are used to provide you with information about any important changes to the managed discretionary account services we offer you, and related services, as well as any changes to Lonsec Group entities in general.

2.4.2 Pseudonym or Anonymous dealing with Lonsec

You cannot deal with Lonsec anonymously unless you specifically request it, it is practicable to do so, and it is not against relevant legislation and regulation.

Generally, Lonsec does not find it practical for you to remain anonymous or have a pseudonym when dealing with us as we usually need to use your personal information to provide specific services and/or products to you.


3. Use and disclosure of personal information

Lonsec will only use and disclose personal information for the purpose it was collected. The main reason for collecting personal information is to enable Lonsec to provide services and/or products to you or your business. Personal information may be used to:

  • assist you to subscribe to our services
  • provide the services you require
  • recruitment purposes
  • keep you up to date on other products and services that may be of interest to you
  • administer and manage those services, including charging, billing, and collecting debts
  • as required by law or regulations, by Courts/Tribunals, or Government or regulatory bodies/authorities

We may also use and disclose personal information for other related purposes which we consider an individual would reasonably expect. These purposes include administration and providing services to you which includes monitoring, auditing, evaluating, modelling data, dealing with complaints, answering queries, and to provide you with a better service.

3.1 Cross border transfer of information

We may disclose personal information to overseas recipients. Lonsec will only disclose your personal information to a recipient overseas in accordance with the Privacy Act. Circumstances in which we will do this include:

  • you have asked us to, or we have your consent to do so;
  • we have outsourced a business activity or function to an overseas provider;
  • the disclosure is required or authorised by or under an Australian law or a court/tribunal order

Lonsec also may share your data with, other third parties in Australia or countries other than your country of residence. As a result, Personal Information that we collect may be transferred to and processed in Australia, or another jurisdiction outside Australia for the purposes described above. The list of overseas jurisdictions may be updated from time to time. The data protection laws in these countries may be different from, and less stringent than, those in Australia. Lonsec takes reasonable steps to ensure that the overseas recipients of our client's data are subject to appropriate contractual obligations to safeguard and protect your Personal Information and comply with applicable privacy obligations.


4. Access to personal information, or to ask for a correction

You can request for access to the personal information we hold about you. This request may be made in writing to the Privacy Officer as detailed in section 6 below. We may charge a reasonable fee to cover our costs.

There may be circumstances where we are unable to give you access to the information that you have requested. If this is the case, we will inform you and explain the reasons why.

Should any of the information we hold about you be inaccurate, incomplete, or out of date, you may request for us to correct this information. If we are unable to correct this information, we will provide you with an explanation on the reason(s) for this.


5. Lodging a complaint

If you have a complaint regarding the handling of your personal information, you may lodge a complaint to the Privacy Officer via the channels below. The Privacy Officer will respond to your complaint within 30 days of its receipt.

Email: lonsecprivacy@lonsec.com.au

Via Mail: Privacy Officer, Lonsec, Level 7/90 Collins Street, Melbourne, VIC 3000 (marked “Confidential”).

If you are not satisfied with the Privacy Officer's response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) through one of the channels below:

Phone: 1300 363 992

Email: enquiries@oaic.gov.au

Mail: GPO Box 5218 Sydney NSW 2001

Online form can be completed at:


In accordance with the Notifiable Data Breaches Scheme, if your personal information is involved in a data breach that is likely to result in serious harm to you, we will notify you and the OAIC.


6. Storage of personal information

Lonsec takes the required steps to protect personal information from misuse, loss, unauthorised access, modification, and disclosure. Lonsec has implemented security measures to protect the personal information that it holds, including requiring use of passwords, user logins, and other security procedures. Internal staff with access to personal information have the skills, and training to prevent the unauthorised use of your personal information. Developments in security and encryption technology are reviewed regularly by Lonsec.

We store personal information collected with selected service providers (including cloud service providers) who may store your information outside Australia.

Lonsec maintains the personal information of candidates who have applied but not been successful in securing a role at Lonsec. Lonsec has contracted with a third-party service provider to maintain these individuals' personal information on a server located in EU.

6.1 Cookies on website

When you access our website, we may collect other information and data about you, which is not personal information. A cookie is a small text file sent to the user's browser that allows the web page server to retrieve information from the computer. Cookies can either be temporary session cookies or stored permanently on a computer. Cookies are used for a range of purposes, including security, identifying information, products or services which may be of interest to you and personalising promotional services. Cookies are used to recognise your browser or device, receive and store certain types of information whenever you interact with us or third parties that use our services. If you do not wish to receive cookies, you can set your browser so that your computer does not accept them. In addition, you are able delete or clear existing cookies that you have previously accepted.


7. Retention period

Lonsec is required by law to retain certain records of information for varying lengths of time and, in certain circumstances, permanently. Where your personal information is not required to be retained under law and is no longer required (whichever is the later) for the purpose for which it was collected, we will take reasonable steps to irrevocably destroy or de-identify it.


Join our mailing list

Keep up to date with all the latest news, content and initiatives from Implemented Portfolios HQ

Join Now