(Commonwealth) including the Australian Privacy Principles (Privacy Laws).
We respect your personal information, and this Policy explains how We handle it. The Policy
covers Gilshenan Capital Pty Ltd (ACN 611 216 374) (We, Our or Us).
This Policy may change. We will let you know of any changes to this Policy by posting a
notification on our website (www.gilshenancapital.com). Any information collected after an
What this Policy deals with
• The kinds of personal information that We collect and hold
• How We collect and hold personal information
• The purposes for which We collect, hold, use and disclose personal information
• How you may access personal information that We hold about you and seek the correction of
• How to complain about a breach of the Australian Privacy Principles and how We will deal
with such a complaint
• If We disclose personal information to overseas recipients—the countries in which such
recipients are likely to be located if it is practicable to specify those countries in the policy.
1. Types of personal information We collect
We only collect personal information that is reasonably necessary for one or more of Our
functions or activities. The types of personal information that We collect and hold about you could
• identification information such as your name, postal or email address, telephone numbers,
and date of birth;
• other contact details such as social media handles;
• financial details such as your tax file number; and
• other information We think is necessary.
We may collect statistical information about visitors to our website. Generally, this information
cannot be used to identify particular individuals but may include a visitor’s internet protocol
address, which could be linked to an individual.
2. How We collect and hold personal information
We must collect personal information only by lawful and fair means.
We must collect your personal information from you unless it is unreasonable or impracticable to
do so. For example, if We are unable to contact you and We then rely on publicly available
information to update your contact details or if, at your request, We exchange information with
your legal or financial advisers or other representatives.
We might collect your information when you fill out a form with us (either in hard copy or via our
website) or register as a user of our website, when We speak with you on the telephone or face to
face. We may also verify your information via electronic means, such as email.
If We receive personal information that We did not solicit, then within a reasonable period after
receiving the information, We must determine whether or not We could have collected the
information under Australian Privacy Principle 3 (collection of solicited personal information) if
We had solicited the information and We may use or disclose the personal information to make
If We determine that We could not have collected the personal information and the information
is not contained in a Commonwealth record, We must, as soon as practicable but only if it is lawful
and reasonable to do so, destroy the information or ensure that the information is de-identified. If
this does not apply in relation to the personal information, then Australian Privacy Principles 5 to
13 apply in relation to the information as if We had collected the information by solicitation.
We will do all that We can to ensure that the personal information that We collect, use and
disclose is accurate, up-to-date, complete and relevant.
3. Notifying you
When We receive personal information from you directly, We will take reasonable steps to notify
you how and why we collected your information, who We may disclose it to and outline how you
can access it, seek correction of it or make a complaint.
Sometimes We collect your personal information from third parties. You may not be aware that
We have done so. If We collect information that can be used to identify you, We will take
reasonable steps to notify you of that collection.
4. The purposes for which We collect, hold, use and disclose personal
We may collect information about you because We are required or authorised by law to collect it.
There are laws that affect Us, including company and tax law, which require Us to collect personal
information. For example, We may require personal information to verify your identity under the
Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Commonwealth) and related
We may use your personal information for a number of purposes including (but not limited to):
• us providing you with our services;
• enabling us to register you as a user of our services through our website; and
• responding to any queries you may have and to provide you with our feedback to your
If We collect and hold your personal information for a primary purpose, We will not use or
disclose the information for a secondary purpose unless:
• you have consented to the use or disclosure of the information;
• you would reasonably expect Us to use or disclose the information for the other purpose and
the other purpose is related to the first particular purpose;
• the use or disclosure of the information is required or authorised by or under an Australian
law or a court/tribunal order;
• a permitted general situation exists in relation to the use or disclosure of the information by
• We reasonably believe that the use or disclosure of the information is reasonably necessary for
one or more enforcement related activities conducted by, or on behalf of, an enforcement
body (and, if We use or disclose personal information in accordance with this point, We must
make a written note of the use or disclosure).
If We collect personal information from any of our related bodies corporate, this principle applies
as if Our primary purpose for the collection of the information were the primary purpose for any
of our related bodies corporate collected the information.
If We hold personal information about an individual, We must not use or disclose the information
for the purpose of direct marketing, unless We collected the information from the individual and
the individual would reasonably expect Us to use or disclose the information for that purpose. We
provide a simple means by which the individual may easily request not to receive direct marketing
communications from Us and the individual has not made such a request to us.
We may also use or disclose personal information about an individual for the purpose of direct
marketing if We collected the information from the individual and the individual would not
reasonably expect Us to use or disclose the information for that purpose or someone other than
the individual and either the individual has consented to the use or disclosure of the information
for that purpose, or it is impracticable to obtain that consent.
We will provide a simple means by which the individual may easily request not to receive direct
marketing communications from Us, and in each direct marketing communication with the
individual, We include a prominent statement that the individual may make such a request, or We
otherwise draw the individual’s attention to the fact that the individual may make such a request.
If you have general enquiry type questions, you can choose to do this anonymously or use a
pseudonym. We might not always be able to interact with you this way however as we are often
governed by strict regulations that require us to know who We are dealing with. In general, We will
not be able to deal with you anonymously or where you are using a pseudonym when it is
impracticable or we are required or authorised by law or a court/tribunal order to deal with you
5. How you can access your personal information that We hold and seek the
correction of such information
We will always give you access to your personal information unless there are certain legal reasons
why We cannot do so. We do not have to provide you with access to your personal information if:
• We cannot verify that you made the request;
• We believe there is a threat to life or public safety;
• there is an unreasonable impact on other individuals;
• the request is frivolous;
• the information request is subject to legal proceedings;
• it would be unlawful;
• it would jeopardise taking action against serious misconduct by you;
• it would be likely to harm the activities of an enforcement body (e.g. the police);
• it would harm the confidentiality of our commercially sensitive information.
If we cannot provide your information in the way you have requested, we will tell you why in
writing. If you have concerns, you can complain by contacting us by emailing
If you believe that is something wrong with the information, for example if you think that the
information We hold is inaccurate, out of date, incomplete, irrelevant or misleading, please send
us an email to firstname.lastname@example.org so we can update your details.
If you are worried that We have given incorrect information to others, you can ask us to tell them
about the correction. We will correct this if We can or We will notify you if We are unable to
change the details.
You can ask us to access your personal information that We hold by sending us an email to
We will give you access to your information in the form you want it where it is reasonable and
practical to do so. We may charge you a small fee to cover our costs when giving you access, but
We will always notify you of this first and this fee will not relate to you making a request for your
information, only to give you access to the information.
We are required to help you ask for the information to be corrected if We cannot correct this for
you. Accordingly, We may need to talk to third parties. However, the most efficient way for you to
make a correction request is to send it to the organisation which you believe made the mistake.
If We are able to correct the information, We will notify you within five (5) business days of
deciding to do this. We will also notify the relevant third parties as well as any others you notify Us
about. If there are any instances where We cannot do this, then We will notify you in writing.
If We are unable to correct your information, We will explain why in writing within five (5)
business days of making this decision. If We cannot resolve this with you internally, you are able to
make a complaint via our external dispute resolution scheme, by contacting the Financial Services
Ombudsman (FOS) or the Office of the Australian Information Commissioner (OAIC).
If We agree to correct your information, we will do so within 30 days from when you asked us, or
a longer period as agreed between Us and you.
If We are unable to make corrections within a 30 day time frame or the agreed time frame, We
must notify you of the delay, the reasons for it and when we expect to resolve the matter, ask you
to agree in writing to give us more time and let you know you can complain to FOS or OAIC.
6. Security and management of your personal information
We will take all reasonable steps to protect your personal information that we hold from misuse
and loss from unauthorised access, modification or disclosure. The way we do this includes:
• ensuring that we verify the identity of every individual that we hold personal information for;
• only collecting personal information that is relevant to the services that we provide to you; and
• using secure technology methods. For example, our website has electronic security systems in
place, including the use of firewalls and data encryption. User identifiers, passwords and other
access codes may also be used to control access to your personal information.
However, you should be aware that the internet is not a totally secure environment. Gilshenan
Capital (or its related entities) cannot guarantee the security of information you provide to us or we
provide to you via the internet.
You may be able to access external websites by clicking on links we have provided. Those other
websites are not subject to our privacy standards, policies and procedures. You will need to review
those websites to ascertain their privacy standards, policies and procedures.
7. Which overseas recipients and countries are We likely to disclose personal
We may need to share some of your information with organisations outside Australia. For
example, in the course of our marketing activities We will generally need to share your details with
our marketing software providers, Infusionsoft, MailChimp and Twilio, who are based outside of
Australia. We will not send your personal information to a recipient outside Australia without
obtaining your prior consent or otherwise complying with the Privacy laws.
We may store your information in cloud or other types of networked or electronic storage. As
electronic or networked storage can be accessed from various countries via an internet connection,
it is not always practicable to know in which country your information may be held. If your
information is stored in this way, disclosures may occur in countries other than those listed.
Overseas organisations may be required to disclose information We share with them under a
foreign law. In those instances, We will not be responsible for that disclosure.
8. Government Identifiers
Sometimes We may be required to collect government-related identifiers such as your tax file
number. We will not use or disclose this information unless We are authorised or required to do
so by law or the use or disclosure of the identifier is reasonably necessary for Us to verify your
identity for the purposes of Our business activities or functions.
9. How you can complain about a breach of this Policy and how We will deal
with such a complaint
If an individual feels that We have breached our obligations in the handling, use or disclosure of
their personal information, they may raise a complaint. We encourage individuals to discuss the
situation with one of Our representatives in the first instance, before making a complaint.
The complaints handling process is as follows:
The individual should make the complaint including as much detail about the issue as possible, in
writing to Us:
The Complaints Department
Gilshenan Capital Pty Ltd
155 Varsity Parade, Varsity Lakes QLD 4227
We will investigate the circumstances included in the complaint and respond to the individual as
soon as possible (and within 30 calendar days) regarding Our findings and actions following this
investigation. After considering this response, if the individual is still not satisfied they make
escalate their complaint directly to the Information Commissioner for investigation:
Office of the Australian Information Commissioner (OAIC)
GPO Box 5218
SYDNEY NSW 2001
Phone: 1300 363 992
When investigating a complaint, the OAIC will initially attempt to conciliate the complaint, before
considering the exercise of other complaint resolution powers.