Privacy Policy

Introduction

This Privacy Policy applies to Firefly Financial Pty Ltd, its related and associated entities, as well as all directors, representatives, and staff (“we,” “our,” or “us”).

It explains how we collect, use, store, and protect personal information that we handle in the course of providing financial advice and related services. We’re committed to managing your personal information responsibly, securely, and transparently.

We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), which set out the standards for the collection, use, disclosure, and storage of personal information in Australia.

If you’d like to learn more about how we manage your personal information or have any privacy‑related concerns, please contact our Privacy Officer using the details provided at the end of this policy.

Definitions

For the purposes of this policy:

Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not.

Sensitive Information means personal information that includes details about a person’s health, racial or ethnic origin, political opinions, religious beliefs, membership of professional or trade associations, sexual preferences, or criminal record.

You / Your refers to any client, prospective client, website visitor, or other individual from whom we collect personal information.

We / Us / Our means Firefly Financial Pty Ltd and its related and associated entities.

APPs refers to the Australian Privacy Principles contained in Schedule 1 of the Privacy Act 1988 (Cth).

Representative means any director, employee, authorised representative, or contractor engaged by Firefly Financial Pty Ltd.

Third Party means any external service provider, product issuer, or professional adviser engaged to provide services on our behalf.

Processing means any operation performed on personal data including collection, storage, use, disclosure, or destruction.

Artificial Intelligence (AI) Tools means software systems that use machine learning or algorithmic processes to assist with the preparation and transcription of meeting file notes, including generating summaries or action items from client discussions. These tools do not make decisions, provide advice, or act without the oversight and verification of a licensed financial adviser.

Privacy Officer means the person responsible for overseeing privacy compliance and responding to privacy-related inquiries and complaints.

The information we collect and why

As part of providing financial advice and related services, we need to collect certain personal information from you. This helps us understand your goals, assess your financial position, and ensure any advice or recommendations we provide are suitable for your circumstances.

Personal information means any details or opinions about you that can reasonably identify you—whether those details are recorded in writing, electronically, or shared verbally.

The information we may collect includes:

  • Your name, date of birth, contact details, and tax file number

  • Your employment details and work history

  • Your financial information, such as your income, assets, liabilities, needs, and objectives

  • Your investment goals, preferences, and tolerance for financial risk

  • Relevant information about your family circumstances and social security entitlement

We only collect the information that is reasonably necessary for us to deliver financial services, meet our legal obligations under the Corporations Act 2001, and provide advice that acts in your best interests.

Handling Sensitive information

At times, we may need to collect sensitive information—for example, when arranging insurance cover or providing advice that requires details about your health or other personal matters.

Sensitive information includes details such as your health or medical history, racial or ethnic origin, religious beliefs, political opinions, membership of professional or trade associations, sexual orientation, criminal record, or genetic information.​

We only collect sensitive information when it is reasonably necessary for us to perform our services—such as providing financial advice or managing your insurance needs—and only with your consent or where required or authorised by law. We handle all sensitive information with additional care and ensure it is used solely for the purpose for which it was collected.

How we collect your information

We collect personal and sensitive information in several ways to help us provide you with quality financial services. This may include:

  • Directly from you – for example, when you share information with us during meetings, by phone, email, or through online or paper forms, or when you authorise us to liaise with other parties on your behalf.

  • Through our website – our website may use cookies to help us understand which pages and services visitors find most useful. Cookies are small data files stored on your device that allow us to improve your online experience. You can adjust your browser settings to refuse or delete cookies at any time, although this may limit access to some features on our site.

  • From third parties you authorise – such as fund managers, superannuation funds, insurers, product issuers, or other financial organisations, once you’ve given us permission to obtain information from them.

Do you have to provide your personal information?

You don’t have to provide the personal information we request or allow us to collect it from other parties. However, if we don’t have enough information, we may not be able to offer you the financial advice or services you’ve asked for.

It’s also important that the information you give us is accurate, complete, and up to date. If we rely on incomplete or incorrect details, there’s a risk that our advice or recommendations may not be appropriate for your circumstances, which could lead to financial loss or other disadvantages.

If you decide not to share certain information with us, we’ll always explain what that means for your service options before proceeding.

If we receive personal information we didn’t ask for

Sometimes we may receive personal information that we did not request—for example, information sent to us in error or provided voluntarily without our prompting.

If this happens, we will review the information and decide whether it’s something we would normally need to collect as part of providing our financial services.

If the information is relevant and necessary for our work, we’ll handle it in the same secure way as other personal information we collect.

If it’s not something we’re permitted or required to collect, we’ll securely delete it or de-identify it as soon as practicable, provided it’s lawful and reasonable to do so.

How we use your personal information

We use your personal information mainly to deliver the financial advice and services you’ve requested, and to help ensure our recommendations are the right fit for your circumstances. This can include:

  • Providing you with financial services or tax (financial) advice

  • Implementing investment strategies or risk management solutions for you

  • We may also use your information for purposes that are closely related to our work with you, such as:

  • Identifying other products or services you may benefit from

  • Referring you to our related or associated businesses if it’s relevant to your needs

  • Conducting quality checks and professional reviews to maintain high standards

  • Managing our day-to-day business operations and keeping our IT systems secure

We don’t use your personal information for any unrelated purposes unless you give your consent, or unless we’re permitted or required to by law.

Use of Artificial Intelligence for Meeting File Notes

We use artificial intelligence (AI) tools to help prepare accurate and compliant meeting file notes. These tools may securely record or transcribe adviser–client meetings (with your consent) to create clear summaries of the discussions, key points, and agreed actions. This process helps improve record‑keeping accuracy and reduces manual administrative work.

All notes prepared using AI are reviewed, verified, and approved by a licensed financial adviser before being stored in our systems. Our AI tools are used solely for documentation support—they do not make decisions, provide advice, or operate without human oversight. We maintain internal governance measures to ensure these tools are used responsibly, with your privacy and data security as our highest priority.

Direct Marketing and How to Opt-out

From time to time, we may use your personal information to let you know about products, services, or opportunities that could be relevant to your financial goals. We might also share limited details with trusted third‑party providers who help us deliver these communications or who offer supporting services.

We only use or share your personal information for direct marketing if:

  • we collected the information directly from you, and

  • you would reasonably expect us to contact you for this purpose, and

  • we always give you a clear and simple way to opt out of future marketing messages.

  • You can opt out of receiving these communications at any time—simply let us know using the contact details provided at the end of this policy. Once you do, we’ll update our records promptly to ensure you no longer receive marketing from us.

We will never use your sensitive information for direct marketing unless you have expressly provided consent.

Who we may share your information with

We only share your personal information where it’s necessary to provide our financial services, meet legal obligations, or where you’ve given consent.

Your information may be disclosed to:

  • Our advisers and representatives who help deliver financial services to you

  • Product issuers or providers connected to the financial products or services you choose to acquire, vary, or dispose of with our assistance

  • External specialists and service providers who help us deliver administration, technology, or professional support

  • Our related or associated business entities

  • Government or regulatory bodies, agencies, and professional associations when required or authorised by law

  • Organisations or parties considering acquiring all or part of our business

  • Examples of such disclosures include:

  • Financial product issuers, credit providers, and insurers in connection with implementing our advice or managing your investments and insurance cover

  • Administrative or technical service providers such as custodians, brokers, credit reporting agencies, actuaries, mail services, and IT contractors

  • Compliance and audit professionals who provide quality assurance or technical support

  • Any other party as required or permitted under Australian law.

We take reasonable steps to ensure that any third‑party recipients handle your personal information securely and in accordance with privacy and confidentiality standards.

 

Government‑issued identification numbers

We don’t use or adopt government‑issued identification numbers (such as your tax file number, driver’s licence, Medicare number or pension card number) as our own internal identifiers. However, in some situations we may be required to collect these details under Australian law—for example, to verify your identity, meet taxation or financial services obligations, or process certain transactions.

We only use or disclose these identifiers when it is required, authorised, or permitted by law or a court/tribunal order. We never use them for any unrelated purpose or to create our own client identity system.

Sharing personal information outside Australia

At times, we may store, process, or manage your personal information using systems or service providers located outside Australia. This could occur when our technology partners or related entities provide secure data storage, IT support, or other professional services to help us deliver our financial services to you.

If this happens, we take reasonable steps to ensure that any overseas organisation handling your information protects it in line with the Australian Privacy Principles (other than APP 1). These steps may include:

  • entering into contractual agreements requiring the overseas recipient to handle your information in a way that provides equivalent privacy safeguards

  • reviewing the recipient’s data protection standards to confirm that comparable privacy laws or binding schemes are in place, or

  • seeking your consent before any overseas disclosure where required.

  • We carefully select our service providers through due diligence checks and only engage reputable partners who meet high standards of data protection, privacy, and security. If you choose not to allow overseas disclosures, we may be unable to provide certain services that depend on international data storage or technology platforms.

How we protect and store your personal information

We keep your personal information in secure systems and, where required, in authorised hard copy files. Our digital systems, including our encrypted client database and secure cloud solutions, are protected through multiple security layers to prevent unauthorised access, misuse, interference, loss, or disclosure.

Wherever possible, we use a secure client portal to share and store confidential documents instead of standard email. This reduces risks associated with email transmission and ensures your information remains private when exchanged electronically.

We take a combination of technical and organisational measures to safeguard your data—such as controlled access, encryption, secure passwords, staff training, and ongoing system monitoring.

When your relationship with us ends, we retain your personal information for at least seven (7) years to meet our legal and professional obligations. After that period, we will securely destroy or de‑identify your information when it is no longer required or lawfully necessary to keep it.

Data Breaches and How We Respond

We take the protection of your personal information seriously and have systems in place to detect and respond quickly to any suspected data breaches.

Under the Privacy Act 1988, we are required to notify both you and the Office of the Australian Information Commissioner (OAIC) if an eligible data breach occurs. This means that:

  • your personal information has been subject to unauthorised access, unauthorised disclosure, or accidental loss, and

  • a reasonable person would conclude that the breach is likely to result in serious harm to you.

  • If an eligible data breach happens, we will promptly inform you of what occurred, what information is involved, and recommend practical steps you can take to protect yourself. We will also investigate the cause of the breach and take corrective actions to prevent a recurrence.

Accessing and updating your information

You have the right to access the personal information we hold about you at any time. If you’d like a copy or details, just contact us and we’ll respond as quickly as possible. In most cases, we’ll provide this information free of charge, though if there are any reasonable costs (such as copying or administration), we’ll tell you the details before you proceed.

We’re committed to keeping your information accurate, up to date, and relevant for the services we provide. If you believe any of the details we hold are incorrect or incomplete, please let us know and we’ll correct them promptly—there’s never a fee for updating your information.

If there’s ever a reason we cannot grant access to your information or cannot make a correction you’ve requested, we’ll let you know in writing the reasons for our decision and explain how you can make a complaint or request a review.

How to make a privacy complaint

We take privacy concerns seriously and aim to resolve any issues quickly and fairly. If you believe we’ve mishandled your personal information or breached your privacy rights under the Australian Privacy Principles, please contact us so we can investigate.

When raising your concern, it helps to include:

  • a short description of the issue,

  • why you believe your privacy has been affected, and

  • what outcome or resolution you are seeking.


Please address your complaint to our Privacy Officer: Nicole Andrews (contact details are listed at the end of this policy).

We’ll acknowledge your complaint, investigate the matter, and respond within 30 days of receiving it. If more time is required, we’ll let you know the reason and provide regular updates.

If you’re not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC), which oversees privacy complaint investigations in Australia. The OAIC can be reached via oaic.gov.au or by calling 1300 363 992.

Keeping this policy up to date

We may update this Privacy Policy from time to time to reflect changes in our business practices, services, or legal obligations. When this happens, the updated version will be published on our website and will take effect from the date it’s posted.

You can always access the most current version of our Privacy Policy at www.fireflyfinancial.com.au or by contacting us directly. If the changes are significant, we’ll also take reasonable steps to inform you through our usual communication channels.

Contact details

Privacy officer: Nicole Andrews

Name of licensee: Firefly Financial Pty Ltd

AFSL number: 700033

Address: Suite 3, 84 Gilbertson Road Kardinya WA 6163

Postal address: PO Box 2266 Kardinya WA 6163

Telephone: 08 9337 5247