Privacy Policy

This Privacy Policy sets out the information handling policies of Hejaz Financial Services current as at 5th March 2025. 

Hejaz Financial Services is committed to protecting your privacy and handling your personal information responsibly. We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), as amended by the Privacy Amendment (Enhancing Privacy Protection) Act 2012, which replaced the National Privacy Principles under the Privacy Amendment (Private Sector) Act 2000. 

Our Privacy Policy outlines how we collect, use, disclose, and safeguard your information. We require all staff and representatives to adhere to these principles to maintain the highest privacy standards. 


Information collection 

As a financial services provider, we are subject to legislative and regulatory requirements that require us to collect and hold personal information. Additionally, to provide tailored financial planning and advice, we need relevant details about your financial circumstances. 

We only collect information necessary for our business functions and services. The type of information we collect depends on the products or services we provide. Whenever we collect personal information, we will inform you of its purpose and seek your consent where required. 

This may include but is not limited to: 

  • Name, address and contact details; 
  • Date of birth, age and your intended plans for retirement; 
  • Financial goals, needs, objectives and circumstances; 
  • Details of your dependents and beneficiaries; 
  • Financial information (for the purpose of preparing a financial plan and/or statement of advice); 
  • Information regarding your health (for some types of insurance); 
  • Your employment details (including your occupation, details of your employer, the nature of your employment and salary); 
  • Your tax file number (where you have given it to us); 
  • In some cases, insurance claim information; 
  • Identification documents for instance driver’s licence, passport, Medicare card (which, in some cases, we are required to collect by law); 
  • Socio-Demographic Data for instance Marital status, dependents, beneficiaries, and nationality; 
  • Call recordings – on occasion, we monitor and record our calls with you. We will let you know if we are doing this; and 
  • Other information, such as making a record of your interactions with us. 
  • The products and services we provide, or have provided, to you.

We do not generally collect sensitive information about you unless required by applicable law or rules, or you have consented to it. Sensitive information includes information relating to: 

  • Racial or ethnic origin 
  • Image of your face or biometrics data (for example your fingerprints) 
  • Political or religious beliefs 
  • Sexual preferences 
  • Criminal convictions 
  • Membership of professional or trade associations or unions; and 
  • Health information

If we require certain information about you such as health information for some types of insurance purposes, we will only process this with your consent or where otherwise lawfully permitted. 

Failure to provide the personal information referred to above may expose you to higher risks in respect of the recommendations made to you and may affect the adequacy or appropriateness of advice we give to you. 

We collect this information directly from you through various means, including written forms, phone calls, digital communications, online interactions, and in-person meetings. We may also obtain information from authorised third parties, such as service providers, agents, advisers, brokers, employers, or publicly available sources where permitted by law. 


Use and Disclosure of Information 

We use the personal information that you provide to us to assess your personal and financial circumstances and your risk tolerance so that we can formulate appropriate investment strategies and recommendations for you. 

We will not use or disclose the personal information we collect except in the following circumstances: 

  • For the purpose it was provided or for related secondary purposes that you would reasonably expect us to use or disclose the information, for instance we may disclose your personal information to third party service providers so that they can provide the contracted services to Hejaz such as IT support, hosting, and other operational functions. 
  • Where you have expressly or impliedly consented to the use or disclosure 
  • Where permitted or required by the Australian Privacy Principles, including situations related to public health and safety or specific operations carried out by or on behalf of a law enforcement body. 

From time to time, we may provide you with direct marketing material. If, at any time, you do not wish to receive this information any further, you can opt out at any time by 3 contacting us using the details provided in this policy. We will process your request as soon as possible and endeavour to action it within two weeks. 

We may disclose the personal information which we have about you to other organisations to assist us to implement and administer your investments, and provide you with certain products and services, including: 

  • Superannuation fund trustees, insurance providers, fund managers and other product providers in order to manage or administer your product or service; 
  • Compliance consultants;
  • Paraplanning contractors or temporary staff to handle workloads during peak periods; 
  • Mailing houses; • Insurance reference bureaus and loss adjusters; 
  • Your professional advisers, including your solicitor or accountant as authorised by you; 
  • Information technology service providers; 
  • Another Authorised Representative of HFA if necessary; 
  • A potential purchaser/organisation involved in the proposed sale of our business for the purpose of due diligence, corporate re-organisation and transfer of all or part of the assets of our business. Disclosure will be made in confidence and it will be a condition of that disclosure that no personal information will be used or disclosed by them; 
  • A new owner of our business that will require the transfer of your personal information; 
  • Government and regulatory authorities, as required or authorised by law.

We only use and disclose personal information about you for the purpose for which it was disclosed to us and for related purposes which would reasonably be necessary. For example, we may from time to time use your personal information to inform you of investment opportunities or to provide information about product and services which may be of interest to you. However, we do respect your right to ask us not to do this so please let us know if you do not want us to provide you with this additional information. We do not sell personal information to other organisations to allow them to do this. 

We may disclose your personal information to overseas entities if it is reasonably necessary, including for the provision of our financial products and services, when we have outsourced a business activity or function to an overseas service provider, for the purpose of certain electronic transactions, when we are authorized or required by law or court/tribunal to do so, or when you have asked us to do so and we have your consent. 

If we do disclose your personal information to an overseas entity, we will take reasonable steps to ensure that the overseas entity complies with the Australian Privacy Principles (APPs) or equivalent privacy laws in its jurisdiction to safeguard the security of your personal data. 

Your personal information may be stored in cloud-based or other electronic storage systems. As these systems may be accessible from various locations via the internet, it may not always be practicable to determine the exact country in which your information is held. We take reasonable steps to ensure that any storage and handling of your personal information comply with applicable privacy laws and security standards. 

Please note that by law, in some circumstances, we may be required to disclose your personal information to third parties without your authorisation such as to government authorities and law enforcement bodies in Australia and overseas. 


Quality of Personal Information 

It is in our interests to ensure that the personal information that we have about you is accurate, complete and up to date. To ensure we can maintain this level of accuracy and completeness, we recommend that you: 

  • Inform us of any errors in your personal information; and
  • Update us with any changes to your personal information as soon as possible.

If you provide inaccurate or incomplete information, we may not be able to provide you with the products or services you are seeking. 


Personal Information Security 

We are committed to keeping your personal information secure. We will use all reasonable steps to protect the personal information which we hold from misuse and loss, and from unauthorised access, modification and disclosure. 

Personal information is treated as confidential information and sensitive information is treated as highly confidential. 

It is a legislative requirement that we keep all personal information and records for a period of 7 years. Should you cease to be a client of ours, we will maintain your personal information on or off site in a secure manner for 7 years. After this, the information will be securely destroyed. 


Anonymity and pseudonymity 

Where practicable and permitted by law, you have the option to remain anonymous or use a pseudonym when interacting with Hejaz. However, in cases where identification is required to provide our services, we will inform you accordingly. 


Access to Personal Information and Correction 

Under the Australian Privacy Principles you have a right to access your personal information, subject to certain exceptions allowed by law. We ask that you provide your request in writing (for security reasons) and we will provide you with access to that personal information. Access to the requested personal information may include: 

  • Providing you with copies; 
  • Providing you with the opportunity for inspection; or 
  • Providing you with a summary.

If charges are applicable in providing access to you, we will disclose these charges to you prior to providing you with the information. 

Some exceptions exist where we will not provide you with access to personal information if:

  • Providing access would pose a serious threat to the life or health of a person; 
  • Providing access would have an unreasonable impact on the privacy of others; 
  • The request for access is frivolous or vexatious: 
  • The information is related to existing or anticipated legal proceedings between us and would not be discoverable in those proceedings; 
  • Providing access would reveal our intentions in relation to the negotiations with you in such a way as to prejudice those negotiations; 
  • Providing access would be unlawful; 
  • Denying access is required or authorised by or under law; 
  • Providing access would be likely to prejudice certain operations by or on behalf of an enforcement body or an enforcement body requests that access not be provided on the grounds of national security.

In some circumstances, we may refuse to give you access to your financial information. Those circumstances are set out in the Australian Privacy Principles and include situations where we are required to do so at law or access is likely to prejudice an enforcement body in relation to unlawful activity or seriously improper conduct. If we are entitled, under the Australian Privacy Principles, to refuse to give you access to your personal information, we will provide you with a written explanation for that refusal. 

If you believe that any personal information we hold about you is inaccurate, incomplete, or outdated, you may contact us at any time using the details provided below. Upon receiving sufficient evidence of the inaccuracy or incompleteness, we will take all reasonable steps to correct your information where required in accordance with the Australian Privacy Principles


Using Government Identifiers 

Although in certain circumstances we are required to collect government identifiers such as your tax file number, Medicare number or pension card number, we do not use or disclose this information other than when required or authorised by law or unless you have voluntarily consented to disclose this information to any third party. 


Privacy Complain 

This Privacy Policy has been developed to protect your privacy rights in accordance with applicable legislation. If you believe your personal information has been mishandled or there has been a breach of privacy, you may lodge a complaint to the contact details 6 provided below. We will investigate your complaint thoroughly and aim to respond within 5 working days. However, we will do out best to resolve any complaint promptly and to your satisfaction.

 

Privacy notice for online advertising

Privacy Notice

We have prepared this Privacy Notice to explain how, why, and when we collect data from you to provide targeted advertising.

Hejaz Financial Services subscribes to a service called AdRoll. To learn what data we collect when you visit our website, please visit the AdRoll Website Privacy Notice.

 

1. About Our Services

Hejaz Financial Services, through AdRoll, provides targeted advertising services. When you visit a website that subscribes to AdRoll, it may collect some or all of the data described in the AdRoll Service Privacy Notice. Our platform uses that data as well as other data described below to provide ads to you that are more relevant to you.

For example, if you visit the Hejaz Financial Services website and explore our financial services, our platform may later serve you with targeted ads for Hejaz Financial Services and/or its subsidiaries as you browse the internet or through other channels, such as emails.

 

2. What data we collect and how we use it

Hejaz Financial Services, through AdRoll, may collect the following categories of information for the purposes explained below.

Advertiser website activity: This is data about your browsing activity on the Hejaz Financial Services website. For example, which pages you visited and when, and any forms you may have filled out, which as an appointment form.
Device and browser information: This is technical information about the device or browser you use to access our website. For example, your device’s IP address, cookie string data and (in the case of mobile devices) your device type and mobile device’s unique identifier such as the Apple IDFA or Android Advertising ID.
Ad data: This is data about the online ads we have served (or attempted to serve) to you. It includes things like how many times an ad has been served to you, what page the ad appeared on, and whether you clicked on or otherwise interacted with the ad.
Email and Postal Addresses from Advertisers: Hejaz Financial Services does not share email information with advertisers or with AdRoll.
We use visitor data solely to serve ads that are relevant and informative to you. We also use this data to operate, improve and enhance our services including enhancing the data points we have about a particular user, browser, or device, or to target, optimize, cap, or synchronize advertising.

 

3. Data Sharing

We do not share your information with any third party sites at this time.
In connection with legal proceedings: When we are under a legal obligation to do so, for example to comply with a binding order of a court, or where disclosure is necessary to exercise, establish or defend the legal rights of Hejaz Financial Services.
In connection with a sale of our business: If a third party acquires some or all of our business or assets, we may disclose your information in connection with the sale.

 

4. Cookies and related technologies

Hejaz Financial Services, using the AdRoll platform, uses cookies, tracking pixels and related technologies to serve you advertising related to our company that may be of interest to you. Cookies are small data files that are served by our platform and stored on your device. They enable us to identify your device when you move between different websites and applications, so that we can serve targeted advertising to you.

Specifically, the AdRoll cookie we serve through the AdRoll platform for this purpose is named “__adroll”. We may also drop an additional AdRoll opt-out cookie if you opt-out as described below.

 

5. Your choices and opting-out

We recognize how important your online privacy is to you, so we offer the following options for controlling the targeted ads you receive and how we use your data:

You can opt out of receiving targeted ads served by us through AdRoll by clicking on the blue icon that typically appears in the corner of the ads we serve or by clicking here. Please note that, if you delete your cookies or upgrade your browser after having opted out, you will need to opt out again. Further, if you use multiple browsers or devices you will need to execute this opt out on each browser or device. If you opt-out, we may collect some data about your online activity for operational purposes (such as fraud prevention) but it won’t be used by us for the purpose of targeting ads to you.

AdRoll is also a member of the Network Advertising Initiative (NAI) and adheres to the NAI Codes of Conduct. You may use the NAI opt out tool here, which will allow you to opt out of seeing targeted ads from us.

We also comply with the Self-Regulatory Principles for Online Behavioral Advertising as managed by the Digital Advertising Alliance (DAA).

We also comply with the Canadian Self-regulatory Principles for Online Behavioral Advertising as managed by the Digital Advertising Alliance of Canada (DAAC). You may opt out of receiving targeted ads via the DAAC website here.

We also adhere to the European Interactive Advertising Digital Alliance (EDAA) guidelines for online advertising and you may opt out via their Your Online Choices

Please note that when using the ad industry opt-out tools described above:
• If you opt-out we may still collect some data about your online activity for operational purposes (such as fraud prevention) but it won’t be used by us for the purpose of targeting ads to you.
• If you use multiple browsers or devices, you may need to execute this opt out on each browser or device.
To opt out of receiving targeted ads that are based on your behavior across different mobile applications follow the below instructions, for iOS and Android devices:
• iOS 7 or Higher:Go to your Settings > Select Privacy > Select Advertising > Enable the “Limit Ad Tracking” setting
• For Android devices with OS 2.2 or higher and Google Play Services version 4.0 or higher:Open your Google Settings app > Ads > Enable “Opt out of interest-based advertising”

Some internet browsers allow users to send a “Do Not Track” signal to websites they visit. We do not respond to this signal.

 

6. Data retention

Hejaz Financial Services, via AdRoll, retains the identifiable data we collect directly for targeting purposes for 13 months, after which time we employ measures to de-identify the data by removing unique identifiers and truncating associated IP addresses.

Identifiable data collected for other purposes is held no longer than necessary for our business purposes or to meet legal requirements.

 

7. Security

We apply technical, administrative and organizational security measures to protect the data we collect against accidental or unlawful destruction and loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against other unlawful forms of processing.

 

8. Changes to this Privacy Notice

Changes to this Privacy Notice will be posted on this page. If we make a material change to our privacy practices, we will provide notice on the site.

 

9. Contact us about questions or concerns

If you wish to complain about any breach or potential breach of your privacy rights, you can contact info@hejazfs.com.au or call us on 1300 043 529

To contact AdRoll Advertising please e-mail delight@adroll.com or write to them at the following address:

AdRoll Advertising Limited
Attn: Privacy
Level 6
1, Burlington Plaza
Burlington Road
Dublin 4, Ireland