Updated 8 October 2024

Privacy Policy - SARA

1. Introduction

iComply2 Financial Services Pty Ltd ("we", "us", or "our") is committed to protecting your personal information and respecting your privacy. This Privacy Policy outlines how we collect, use, disclose, store, and safeguard your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

A copy of the Australian Privacy Principles can be obtained from the website of the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

2. About Our Service

SARA is a software-as-a-service (SaaS) solution that uses artificial intelligence (AI) to perform compliance checks on Statements of Advice within the financial advice industry in Australia. Our service leverages the Microsoft Azure OpenAI Search service, securely deployed within Australia, to ensure data privacy and security.

3. Personal Information We Collect

3.1. Types of Personal Information

We may collect the following types of personal information:

  • Identification Details: Name, job title, company name.

  • Contact Information: Address, email address, telephone number.

  • Professional Information: Details related to your role in the financial advice industry.

  • Client Information: Information contained within Statements of Advice or other documents submitted for compliance checks.

  • Usage Data: Information about how you use our services.

3.2. Sensitive Information

Given the nature of our services, we may collect sensitive information, including:

  • Financial details of your clients.

  • Health information if included in the Statements of Advice.

  • Other sensitive data as defined under the Privacy Act.

We will collect sensitive information only with your explicit consent or when required or authorised by law.

4. How We Collect Personal Information

4.1. Direct Collection

We collect personal information directly from you when you:

  • Register for our services.

  • Upload or submit Statements of Advice or related documents.

  • Communicate with us via phone, email, or in person.

  • Use our website or services.

  • Provide feedback or complete surveys.

4.2. Indirect Collection

We may also collect personal information from third parties, such as:

  • Your authorised representatives.

  • Publicly available sources.

  • Cookies and similar tracking technologies.

When collecting information from third parties, we will take reasonable steps to ensure you are aware of the information collected and the circumstances of collection.

5. Purpose of Collecting Personal Information

We collect and use your personal information for the following purposes:

  • Service Provision: To enable you to access and use our AI-powered compliance checking services.

  • Compliance Checks: To analyse Statements of Advice using AI to ensure they meet regulatory requirements.

  • Communication: To contact and communicate with you regarding our services, updates, and compliance matters.

  • Administration: For internal record-keeping, billing, and administrative purposes.

  • Legal Compliance: To comply with our legal obligations and resolve any disputes.

  • Service Improvement: To enhance our AI algorithms and services (using anonymised data where possible).

6. Use of Azure OpenAI

6.1. Transparency in AI Usage

Our service harnesses the capabilities of Azure OpenAI to perform advanced compliance checks on financial documents. Through automated processing, our AI system is designed to::

  • Identify potential compliance issues.

  • Provide actionable insights and recommendations, and

  • Enhance overall efficiency and accuracy in compliance reviews. This approach ensures a transparent and reliable integration of AI within our compliance framework.

6.2. Data Handling and Security with Azure OpenAI

All data processed by our Azure OpenAI system is securely managed within our Microsoft Azure environment, ensuring robust protection for your personal and sensitive information. Key measures include:

  • Data Security: Data is encrypted and transmitted using industry-leading protocols, ensuring its integrity and confidentiality.

  • API Calls: Secure API calls are utilised to facilitate seamless and protected integration with the Azure OpenAI service.

  • Access Controls: Strict access controls are in place to ensure that only authorised personnel can access personal data.

  • Anonymisation: Where feasible, data is anonymised during processing to safeguard individual identities, reinforcing our commitment to privacy.

6.3 Overseas Deployment for Latest AI Models

To ensure that our service remains at the forefront of technological innovation, we may, on occasion, utilise deployments located overseas when the latest AI models are not yet available within Australia. In such instances, data processing may occur on servers outside Australia, but only under the following conditions:

  • Data Security: All data processed overseas is subject to robust security controls and encryption protocols comparable to those in our domestic environment.

  • Compliance: Overseas deployments adhere to stringent privacy requirements and comply with relevant international data protection regulations, as well as the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles.

  • User Consent and Transparency: By using our service, you acknowledge and consent to the possibility of your data being processed overseas when accessing the most up-to-date AI capabilities. We commit to keeping you informed of any significant changes to this practice.

This approach allows us to integrate cutting-edge AI advancements while maintaining a high standard of data protection and privacy.

6.4. Limitations and Human Oversight

While Azure OpenAI significantly enhances compliance review processes, rigorous human oversight is required to ensure the highest level of accuracy and accountability. This oversight includes:

  • Reviewing AI-generated outputs to confirm their accuracy and relevance.

  • Addressing any discrepancies or errors that may arise, and

  • Ensuring that final decisions are supported by professional judgment, rather than being solely reliant on automated processing.

7. Use of Microsoft Azure AI Search Service

We employ the Microsoft Azure AI Search service as an integral component of our compliance and data processing framework. This service is securely deployed within Australia, ensuring that our operations adhere to the highest standards of data protection and regulatory compliance.

The Azure AI Search service creates a comprehensive index of your data to enable efficient and accurate search capabilities. This indexing process involves analyzing the submitted content, extracting relevant metadata, and organizing it into a searchable format. This robust index not only accelerates query performance but also enhances the overall accuracy of compliance checks. The automated indexing process is designed to maintain data integrity while ensuring that all search operations are performed in a secure environment.

Key assurances include:

  • Data Residency: All data processed through the Azure AI Search service is stored exclusively in Australian data centres, ensuring that your data remains subject to Australian jurisdiction and privacy laws.

  • Security Compliance: Microsoft Azure upholds stringent security standards through advanced measures such as encryption, multi-factor authentication, and regular security audits. These protocols are designed to protect data against unauthorized access and potential security threats.

  • Privacy Assurance: Data processed by Azure AI Search is managed in full compliance with Australian privacy laws, including the Privacy Act 1988 (Cth) and the Australian Privacy Principles. Our commitment to privacy is further reinforced by our internal policies and practices, ensuring that personal information is handled with the utmost care and integrity.

By leveraging the robust infrastructure and comprehensive security features of Microsoft Azure, we deliver a secure and reliable service that supports our AI-driven compliance checks while safeguarding your sensitive financial data.

8. Use of Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your experience. Cookies are small data files stored on your device. We use cookies to:

  • Understand website usage and trends.

  • Remember your preferences and settings.

  • Improve website functionality.

You can manage or disable cookies through your browser settings. However, this may affect your ability to use certain features of our website.

9. Disclosure of Personal Information

9.1. Third-Party Service Providers

We may disclose your personal information to third-party service providers for the purpose of:

  • Providing and maintaining our services.

  • Data storage and hosting within Australia.

  • Professional advisors (e.g., legal, accounting).

9.2. Legal Obligations

We may disclose your personal information:

  • When required or authorised by law.

  • To regulatory authorities with jurisdiction over us.

  • To comply with a subpoena, court order, or legal process.

10. Security of Personal Information

We are committed to safeguarding your personal information. We implement a variety of security measures, including:

  • Physical Security: Secure facilities and restricted access to physical records.

  • Electronic Security: Firewalls, encryption, secure servers, and regular security audits.

  • Managerial Controls: Policies and procedures to ensure staff handle data appropriately, including training on AI data handling.

While we strive to protect your personal information, we cannot guarantee absolute security, especially concerning internet transmissions.

11. Access and Correction of Personal Information

11.1. Access Rights

You have the right to request access to the personal information we hold about you. To make a request:

  • Contact Us: Email or write to us using the contact details provided in Section 16.

  • Verification: We may need to verify your identity before providing access.

We will respond to your request within a reasonable timeframe, usually within 30 days.

11.2. Correction Rights

If you believe that any personal information we hold about you or your clients is incorrect, incomplete, or outdated:

  • Notify Us: Contact us with the details of the required correction.

  • Action: We will take reasonable steps to correct the information.

12. Anonymity and Pseudonymity

Where practicable, you have the option to interact with us anonymously or using a pseudonym. However, given the nature of our services, identification is typically required to:

  • Provide accurate compliance checks.

  • Comply with legal and regulatory obligations.

13. Data Breach Notification

In the unlikely event of a data breach that is likely to result in serious harm, we will:

  • Notify affected individuals promptly.

  • Inform the OAIC as required.

  • Take steps to mitigate any potential harm.

14. Complaints and Dispute Resolution

If you have a complaint about how we handle your personal information:

  • Contact Us: Provide details of your complaint using the contact information in Section 16.

  • Response: We will investigate and respond within 30 days.

  • Further Action: If unsatisfied, you may contact the OAIC.

15. Children's Privacy

Our services are intended for professional use within the financial advice industry and are not directed towards individuals under the age of 18.

16. Contact Information

For any questions, concerns, or requests regarding this Privacy Policy, please contact our Privacy Officer.

Privacy Officer

iComply2 Financial Services Pty Ltd
Level 10, 60 York Street
SYDNEY NSW 2000
Email: anthony.lyon@icomply2.com.au

7. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When changes are made:

  • Notification: We will post the updated policy on our website with a new effective date.

  • Significant Changes: For substantial changes, we may notify you directly via email or a prominent notice on our website.

18. Maintaining the Quality of Your Personal Information

We take reasonable steps to ensure your personal information is accurate, complete, and up-to-date. Please inform us of any changes to your information so we can update our records accordingly.

19. Handling Unsolicited Personal Information

If we receive unsolicited personal information:

  • Assessment: We will determine if it could have been collected under this Privacy Policy.

  • Action: If not, we will destroy or de-identify the information as soon as practicable, provided it is lawful and reasonable to do so.

20. Consent and Legal Basis for Processing

By providing your personal information to us, you consent to its collection, use, and disclosure in accordance with this Privacy Policy. You may withdraw your consent at any time by contacting us. However, withdrawing consent may affect our ability to provide you with certain services.

21. Marketing Communications

We may send you marketing communications about our services and products. You can opt out by:

  • Clicking the "Unsubscribe" link in our emails.

  • Contacting us directly to request removal from our mailing list.

22. Data Analytics

We may use your personal information for data analytics to improve our AI algorithms and services. Where possible, we use anonymised or aggregated data to protect your privacy.

23. User Responsibilities

23.1. Client Consent

If you provide us with personal information about your clients:

  • Consent Assurance: You must ensure that you have obtained all necessary consents from your clients to share their personal information with us.

  • Disclosure: Inform your clients about how their personal information will be used, including processing through AI systems.

23.2. Accuracy of Information

You are responsible for ensuring that the information you provide is accurate and up-to-date.

24. Limitations of AI Processing

While our AI systems are designed to enhance compliance checks, they may have limitations:

  • No Legal Advice: AI-generated outputs are not legal advice. Professional judgment should be applied.

  • Verification: Users should verify the results and not solely rely on automated processing.

25. Changes to Our Service

We may update or modify our AI services, which could impact how we process personal information. We will notify you of any significant changes that may affect your privacy rights.