Information We Collect

When you engage with elmarothiven for capital allocation services, we need certain information to provide you with proper advice and meet our regulatory obligations under Australian law.

Information You Provide Directly

This includes details you share when you contact us, request a consultation, or become a client:

• Personal identification details (name, date of birth, residential address)
• Contact information (email address, phone numbers)
• Financial information (income, assets, investment objectives, risk tolerance)
• Business details (if you're seeking advice for a company or trust structure)
• Tax file numbers and Australian Business Numbers when legally required
• Documentation supporting your financial position and investment goals

Information We Collect Automatically

When you visit our website, we collect standard technical data:

• IP address and general location data
• Browser type and device information
• Pages visited and time spent on our site
• Referring website or search terms used to find us

How We Use Your Information

Every piece of information we collect has a specific purpose related to providing financial services or meeting legal requirements.

We also use your information to meet obligations under the Corporations Act 2001, including maintaining accurate client records and providing required regulatory reports to ASIC when necessary.

Who We Share Information With

We don't sell, rent, or trade your personal information. However, providing financial services sometimes requires us to share specific details with other parties.

Service Providers and Professional Partners

We work with trusted third parties who help us deliver services:

• Investment platform providers who custody assets (they need identification details to open accounts in your name)
• Accounting firms when coordinating tax-efficient structures
• Legal advisors when setting up trusts or company structures
• Technology providers for secure document storage and client portal access
• Professional indemnity insurers (only summary information, not full files)

Regulatory and Legal Requirements

Australian law sometimes requires us to disclose information:

• ASIC and AUSTRAC for compliance monitoring and anti-money laundering reporting
• Australian Taxation Office when legally obligated
• Law enforcement agencies with valid warrants or legal notices
• Courts or tribunals responding to subpoenas or legal proceedings

Your Privacy Rights Under Australian Law

The Privacy Act 1988 and Australian Privacy Principles give you specific rights regarding your personal information.

How to Exercise These Rights

Send requests to our Privacy Officer at info@elmarothiven.org or call +61400052535. We'll verify your identity before providing access to personal information, which typically involves confirming details from your original application.

For deletion requests, we'll explain which records we're legally required to retain and delete everything else within 30 days. Some information in backup systems may persist for up to 90 days due to technical backup cycles.

Data Security and Protection

Financial information requires serious security measures. Here's what we've implemented to protect your data.

Technical Safeguards

• End-to-end encryption for all data transmission using TLS 1.3 protocols
• Encrypted storage systems with AES-256 encryption at rest
• Multi-factor authentication required for staff accessing client files
• Regular penetration testing by independent security firms
• Firewalls and intrusion detection systems monitoring network traffic
• Automated daily backups stored in geographically separate Australian data centers

Organizational Safeguards

• Staff undergo annual privacy and data security training
• Access to client information limited to personnel directly involved in your service
• Clean desk policies requiring physical documents to be secured when not in use
• Confidentiality clauses in all employment contracts
• Regular audits of access logs to identify unusual activity

Despite these precautions, no system is completely immune to security breaches. If we experience a data breach that affects your information, we'll notify you within 72 hours and report to the Office of the Australian Information Commissioner as required by the Notifiable Data Breaches scheme.

Data Retention Periods

We retain your information for specific periods based on legal requirements and business needs.

The seven-year retention period comes from Corporations Act requirements and Australian Taxation Office record-keeping rules. After retention periods expire, we securely delete electronic records and shred physical documents using certified destruction services.

International Data Transfers

We store all client data within Australia using local data centers. Your information doesn't leave Australian jurisdiction under normal circumstances.

Two specific scenarios might involve overseas data transfer:

• If you invest in international securities, the relevant offshore custodian or exchange receives necessary identification details to process transactions
• Some technology services we use (like cloud infrastructure providers) have parent companies headquartered overseas, though actual data storage remains in Australian facilities

When international transfers are necessary, we ensure the recipient either operates under Australian Privacy Principles, equivalent privacy protections, or has signed standard contractual clauses approved by the Office of the Australian Information Commissioner.

Children's Privacy

Our services target adults making financial decisions. We don't knowingly collect information from children under 18 without parental consent.

We do provide advice regarding minor children in specific contexts like setting up education funds or family trust structures. In these cases, we collect information from parents or legal guardians, not directly from minors.

If you're under 18 and have somehow provided information directly to us, please have a parent or guardian contact us at info@elmarothiven.org so we can handle your data appropriately.

Cookies and Website Technology

Our website uses minimal cookies—small data files stored in your browser.

Essential Cookies

These are necessary for the website to function properly. They remember your session when you use our secure client portal and maintain security settings. You can't disable these without losing website functionality.

Analytics Cookies

We use basic analytics to understand how visitors use our site—which pages get read, where people come from, what devices they use. This data is anonymized and helps us improve content. You can disable these in your browser settings without affecting site functionality.

What We Don't Use

We don't use advertising cookies, social media tracking pixels, or third-party marketing tools that follow you around the internet. If you see elmarothiven advertisements on other websites, those platforms are targeting based on their own data, not information we've shared with them.

Changes to This Privacy Policy

We review this privacy policy annually or whenever there are significant changes to how we handle information. The last update date appears at the top of this page.

If we make material changes that affect how we use previously collected information, we'll notify existing clients by email at least 30 days before changes take effect. For significant changes, we might require you to actively consent to continue using our services.

Minor updates like adding clarity to existing practices or updating contact information won't trigger notifications, but we'll always maintain the update date prominently.

Third-Party Links

Our website occasionally links to external resources—financial regulators, investment platform providers, or educational content. We're not responsible for privacy practices on those sites.

Before providing personal information to any third-party website, review their privacy policy. Just because we link to a resource doesn't mean we endorse their data handling practices.