Policy Snapshot
We are committed to protecting your privacy in compliance with our legislative obligations.
We will only collect, use, handle and disclose personal information as allowed by, and in compliance with, the privacy legislation applicable to us.
Application
QIC Limited and its subsidiaries (together ‘QIC’, ‘we’ or ‘our’) have offices in Australia, the United States, the United Kingdom (UK), Europe and Singapore. We are committed to protecting your privacy, in compliance with internal policies and procedures and all privacy laws in jurisdictions where we operate, including the Privacy Act 1988 (Cth), the UK Data Protection Act (2018) and the European Union (EU) and UK General Data Protection Regulation (collectively the “GDPR”).
This QIC Privacy Policy (‘Policy’) applies to all individuals we collect personal information about including but not limited to clients, prospective clients, visitors to our offices, users of our websites and potential employee candidates* (‘you’, ‘your’).
* Please note that the Australian Privacy Act 1988 (Cth) does not apply to the handling of personal information directly related to a current or former employment relationship with QIC or to employee records held by QIC. The Privacy Act 1988 (Cth) applies to the personal information of unsuccessful employee candidates.
Objective
This Policy sets out why we need to collect personal information, how we collect it, what we do with it, how it is stored and who we might share it with. The Policy also describes how you can access or correct information we hold about you and how you can ask further questions or make a complaint.
This Policy does not apply to personal information collected in connection with the retail and commercial properties identified on the QIC Real Estate website. Refer to the QIC Real Estate Privacy Policy located on the QIC Real Estate website for details on how QIC Real Estate handles personal information in connection with our properties.
What is personal information?
Generally, “personal information” refers to information or an opinion about an individual, where that individual is identified or reasonably identifiable. In this Policy, personal information also includes ‘personal data’ under the GDPR.
“Sensitive information” is a subcategory of personal information which is strictly regulated. Sensitive information includes information about your racial or ethnic origin, your religious, philosophical or political beliefs, your trade union membership or association, your sexual preferences and orientation, or your genetic, biometric or health information. Sensitive information includes any ‘special category data’ under the GDPR.
Your privacy is important to us
QIC respects your privacy and we are committed to being transparent about our privacy practices and security. This Policy explains how we handle your personal information by setting out:
Collection
- what personal information we collect;
- whose personal information we collect;
- why we collect personal information;
Use
- disclosure of personal information
- storage and retention of personal information; and
- protection of personal information.
The Policy also describes how you can:
- access or correct personal information;
- opt out of communications;
- make a complaint; and
- contact us.
From time to time it may be necessary for QIC to collect personal information in order to continue our business operations and deliver products and services.
Depending on your interactions with us, we may collect the following types of personal information:
- Name;
- Business and personal contact details including email addresses and phone numbers;
- Financial transaction information;
- Date of birth;
- Copies of identification documents;
- Dietary information, where this is provided in relation to an event organised or sponsored by QIC;
- CCTV footage at QIC corporate offices and sites;
- Information in support of employment applications or other due diligence checks including employment history, experience, qualifications, and criminal history, regulatory sanctions and personal insolvency checks;
- General information such as the pages you access, the date and time of your visit, your IP address, cookie identifiers, and the domain name and country from which you access QIC websites; and
- Opinions about or from you as well as other personal information you provide.
In addition, we may collect personal information about you from related bodies corporate, funds we manage or advise, service providers, business partners and government agencies. We may also collect information about you in the course of providing services to clients and investors in any QIC funds, such as information about individuals authorised to act on behalf of the client or investor.
Except as outlined in this Policy, we do not collect sensitive information unless required by law or where you consent for us to do so (and in any event only where it is relevant). We will not collect sensitive information about you where this is expressly prohibited by applicable law.
If we receive personal information about you, whether received directly from you or on your behalf, that we did not ask for and where it is unlawful for us to collect this information, we will, if it is lawful and reasonable to do so, de-identify or destroy that personal information. Any unsolicited information we collect about you will only be used for the purposes for which it was provided.
QIC may collect or create anonymised data. Anonymised data is not personal information and does not identify you. QIC may use anonymised data for the purposes listed in this Policy, as well as to inform our promotional and marketing strategies, and for research and profiling purposes.
Any research, statistical analysis or profiling we perform may be compiled and analysed on an aggregate basis, and we may share this aggregate data with our affiliates, agents and business partners. We may also disclose aggregated information in order to describe our services to current and prospective business partners, and to other third parties for other lawful purposes.
A 'cookie' is a packet of information placed on a user's computer by a website for record keeping purposes. Cookies are generally used by our website to:
- Enhance browsing experience - if you log into our secure areas on our websites, we will use cookies to save your preferences and remember your user settings.
- Manage advertising - cookies are sometimes used to collect anonymous information about the page you visit and the type of software you are using.
- Monitor traffic - we use anonymous information to track how people are using the QIC site. This may include time of visit, pages visited and some system information about the type of computer you are using.
You can configure your browser to accept all cookies, reject all cookies, or notify you when a cookie is sent. (Each browser is different, so check the Help menu of your browser to learn how to change your cookie preferences).
If you disable the use of cookies on your web browser or remove or reject specific cookies from QIC websites or linked sites, then you may not be able to gain access to all the content and facilities on those websites.
For more information see the QIC Cookies Notice
QIC’s websites may contain links to websites operated by third parties. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, or security of those linked websites, and have no control over or rights in those linked websites. The privacy policies that apply to those other websites may differ substantially from this Policy, so we encourage you to read them before using those websites.
The types of personal information we may collect will vary depending on the capacity in which we are dealing with you. We limit our collection of personal information to those details we identify as reasonably necessary for the lawful purposes of our business.
Examples of who we usually collect personal information about include:
- Key individuals employed by our investment clients or their representatives;
- Potential employee candidates;
- Referees and emergency contacts of potential and successful employee candidates;
- Industry-related contacts and other individuals interested in QIC or the funds management industry;
- Individuals who supply (or are employed by organisations that supply) goods or services to QIC. This includes those who facilitate our investment transactions;
- Anyone who visit QIC’s website or uses any digital portals; and
- Individuals who contact QIC and provide information about themselves or others in response to consultations or complaints.
Some web browsers incorporate a “Do Not Track” (“DNT”) or similar feature that signals to digital devices that a visitor does not want to have their online activity tracked. DNT is not a standardised feature in browsers and not all web browsers offer DNT options, which prevents QIC guaranteeing support of the feature to users. As such, while respecting users’ privacy and their ability to request that data not be collected, or deleted on request, we and many other website operators do not, as standard, respond to DNT signals.
We collect personal information about you which is reasonably necessary to:
- administer and manage our products and services (including monitoring, auditing, and evaluating those products and services);
- conduct business transactions (proposed or actual purchase, sale or any other type of acquisition, financing or investment);
- conduct background checks (including criminal and credit checks);
- facilitate credit and payment arrangements;
- consider applications and approaches you make to us;
- establish and maintain client relationships;
- manage conflicts of interest;
- monitor and provide strategic oversight of our portfolio companies;
- communicate with you and deal with or investigate any complaints or enquiries;
- conduct marketing and social functions including business development, seminars and other client events;
- maintain contact details and appropriate business records;
- provide industry updates;
- monitor and maintain the safety and security of our corporate offices;
- fulfil our legal obligations, such as those relating to taxation and anti-money laundering and counter-terrorism financing or as otherwise authorised by you; and
- for any other purpose to which you consent.
We will only collect your personal data as reasonably necessary for one or more of our functions or activities or for the purposes we tell you about at the time of collection, and only do so where there is a lawful basis and, where required, with your consent. We will generally rely upon our legitimate business interests to collect and/or process your personal data.
We will inform you at or before the time of collection (or as soon as possible afterwards) of the purposes for collection, to whom your data might be disclosed and any other relevant details that will help you to ensure we are protecting your privacy. In some instances, we may direct you to this Policy for this information.
It is at your discretion whether you provide QIC with this information, however, failure to supply relevant information may mean we are unable to maintain or provide products or services to you or, where applicable, proceed with recruitment.
We understand how important it is to keep your personal information private, so we will only disclose personal information we have about you in certain specific circumstances, when:
- you consent to the disclosure; or
- where there is a lawful basis; or
- we use it for the purposes for which we collected it; or
- disclosure is required or authorised by law.
To the extent permitted by law, we may disclose information about you to:
- QIC’s entities including those outside of Australia,
- our agents and contractors and other trusted partners QIC engages;
- law enforcement or government agencies and regulatory authorities as part of our legal obligations;
- our insurers and insurance brokers;
- our commercial and joint-venture partners;
- third parties who perform services for us; or
- as otherwise permitted by law.
We may from time to time disclose your personal information to third party suppliers and service providers located overseas (including providers for the operation of our websites and/or our business or in connection with providing our products and services to you). The countries to which we usually transfer information are the United States of America, the UK, Ireland, Denmark, Sweden, and Singapore. Your personal information may be transferred to other countries, which may not have similar privacy or data protection laws, and may in certain circumstances be compelled to disclose personal information to a third party such as an overseas authority for the purpose of complying with foreign law or regulatory requirements.
We do not sell personal information to other organisations for marketing purposes. Any data sharing will be in compliance with local privacy laws and governed by our strict standards and policies, and where appropriate, confidentiality and other agreements and safeguards to ensure your information is secure and treated with the utmost care and respect. For example, personal data collected in the EU may be transferred to Australia under an agreement based on standard contractual clauses that have been approved by the European Commission for the transfer of data from the EU.
We also take reasonable steps to securely destroy or de-identify personal information where we no longer need it for the purpose for which we collected it and where it is not required by or under an Australian law, or court/tribunal order to retain that information. We keep personal information in physical and electronic records, at our premises and the premises of our service providers, which may include processing or storage in the cloud, which may mean in practice that this information is stored outside Australia. Where this occurs, we take steps to protect the security and integrity of personal information.
We may also keep records of our interactions with you (including by telephone, video conferencing, email and online).
We protect personal information with appropriate safeguards and security measures and restrict access to those who have a legitimate business purpose and reason for accessing it.
All personal information collected by QIC is held securely, whether on QIC’s physical files, in QIC’s computer systems or in a database (which may be hosted by QIC or a third party on QIC’s behalf). This information is only made available to QIC’s staff on a 'need to know' basis for the purposes outlined above, or to other people as outlined in this Policy who have agreed to treat that information confidentially. These databases are protected by a firewall as well as host-based security.
Examples of the steps QIC takes to protect the security of the personal information we hold include:
sophisticated system security including:
- network controls for all devices of the QIC network such as firewalls, intrusion prevention, anti-virus, web application firewall, advanced threat detection, data loss prevention, system hardening, wireless access controllers and secure network design
- two-factor authentication for remote access functionality
- Advanced password protection controls
- comprehensive enterprise-wide staff awareness and education on privacy topics such as data governance, cyber-security, data breaches and phishing scenario testing
- ongoing monitoring and oversight where regular security assessments are performed on all critical IT assets, systems and third parties
- destroying information when no longer required.
If other organisations provide support services on our behalf, we require them to take appropriate technical and organisational measures to secure the privacy of the information provided to them.
QIC has established processes for detecting potential privacy breaches and providing appropriate notification of personal data breaches that may cause harm to an individual or that may result in a risk to the rights or freedoms of an individual. Where required by law, we will provide such notification without undue delay to affected individuals and/or any relevant supervisory authorities.
At QIC, decisions and actions may be taken or made on the basis of personal information in our possession and we take reasonable steps to keep personal information as accurate, complete, and up-to-date as is necessary.
Should you, or your authorised representative, want to exercise your right to access, modify, correct, or restrict your personal information, we may ask you to put such a request in writing. We may require identification to ensure the person requesting access is entitled to such access. If you, or your representative, is denied access to your information, we shall provide reasons for the denial.
If we are reasonably satisfied our records need correcting, we will make the correction as soon as possible. If we do not agree our records need correcting, we will inform you of the reason(s) and you may require us to keep a statement on our records that you believe the information is inaccurate, incomplete, misleading, irrelevant or not up-to-date.
In the event you would like QIC to delete, stop processing, or withdraw consent for, your personal information to the extent you are entitled to under applicable law, you can make such a request in writing. We will respond to all legitimate requests in line with the timescales set out in applicable law.
As provided for in the GDPR you have the right to:
- access your data;
- correct or rectify your data;
- delete your data, subject to applicable law;
- have your data processed only in accordance with applicable law;
- have copies of your data to be moved to another controller or be provided to you in a portable format;
- object to our processing your data otherwise than in accordance with the law; and
- withdraw any consent to our processing your data at any time.
Please email privacy@qic.com if you wish to exercise any of these rights.
We will not provide you with marketing communications unless you request to receive such communications. If you change your mind about receiving marketing communications from us, you may easily request not to receive such communications by:
- following the instructions on the communication to opt-out or unsubscribe from further communications;
- contacting your usual QIC contact; or
- emailing privacy@qic.com.
If you have any questions, concerns or complaints about the treatment of your personal information, the first step is to discuss the issue with your usual QIC contact or our Privacy Officer by emailing privacy@qic.com. We will respond to let you know who will be handling your matter and when you can expect a further response.
If you are unsatisfied with the resolution of your concerns, you may be able to escalate your complaint to the Office of the Australian Information Commissioner on 1300 363 992 or by email to enquiries@oaic.gov.au. You can also visit their website at www.oaic.gov.au.
If you are in the UK, you may be able to escalate your complaint to the Information Commissioners Office. More information is available on their website.
If you are in the EU, you may contact one of the EU data protection regulators found here.
Contact us
If you have any questions or comments about this Policy, please contact our Privacy Officer by emailing privacy@qic.com.
Changes to our Privacy Policy
This policy was last updated on 26 March 2024 and outlines our current privacy practices. We will take reasonable steps to publicise when we make changes to this policy through the channels available to us. You should also check this page from time to time for the most recent version of the policy.