Protecting your personal information is of the utmost importance to us.
The purpose of this policy is to provide you with information on the type of personal information that we collect and retain. It also explains how we handle your personal information in accordance with the Australian Privacy Principles (APPs).
This policy outlines:
Except as outlined below, we do not share, or sell, or disclose to a third party, any personally identifiable information collected on our website.
‘Personal information’ is any information that can personally identify you as an individual.
We are required to obtain personal information about you to ensure we can provide you with financial products and services pertaining to your account and comply with legislative and regulatory requirements in Australia.
Further, when you apply for, or maintain your Monex AU trading account,, the personal information we will collect from and about you is for purposes such as confirming your identity, evaluating your suitability in relation to our products and services, processing your requests and transactions on your behalf. We may use your personal information to inform you about products and services that may be suitable to you and providing customer service support.
We are required to collect your personal information to confirm your identity. We will collect personal information directly from you and commercially available third-party databases and publicly available resources for the purpose of complying with our obligations under Anti-Money Laundering laws ( Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), as amended).
We collect or confirm your personal information from a third-party service provider such as a credit-reporting agency or through an identity or document verification service (DVS) provider. You grant your consent to this procedure when you agree to our Securities Trading Terms and Conditions.
Such information may include:
We will not collect sensitive personal information unless you have consented or an exemption under APPs applies. These exemptions include if the collection is required or authorised by law or if it is necessary to take appropriate action in relation to suspected unlawful activity or serious misconduct.
By not providing us your personal information for the purpose of establishing a trading account, we may delay or not be able to provide you with some or all the products or services we make available.
We will not accept the option of dealing with you anonymously, or under a pseudonym. This is because it is impractical for us to deal with individuals who are not identified.
We may receive unsolicited personal information about you. Our employees are required to notify the Privacy Officer of all unsolicited personal information received by them.
Further, when you visit our website ( www.monexsecurities.com.au), use our software applications (apps) or other web-based content and services (“Websites”), our service providers or us will record information (such as your computer’s IP address and top level domain name, the type of browser you are using, the date, time and pages accessed) in relation to your visit. This information is used in an aggregated manner to analyse how people use our site, such that we can improve our service.
You can configure your Internet browser to notify you when you receive a cookie, please consult with your Internet browser provider on how to do this.
Given our website may contain links to other websites. We are not responsible for the privacy practices of linked websites and these websites are not subject to our privacy policies and procedures.
This information is recognised by our servers and the pages that you visit are recorded. We shall not under any circumstances, divulge your e-mail address to any person who is not an employee or contractor of Monex AU, and who does not need to know, either generally or specifically. This information is used:
When you call us, we may collect Calling Line Identification (CLI) information. We may use this information to help improve the efficiency and effectiveness of our services.
Monex AU or other parties providing connected services to us may record telephone conversations.
When you send an electronic message or mail to us, we may collect the data you have given to us in that message in order to obtain confirmation that you are entitled to receive the information and to provide to you the information you need. We may record your request and our reply in order to increase the efficiency of our business. We may retain personally identifiable information associated with your message, such as your name or email address. Please notify us if you do not wish for this information to be retained.
We are required by law to collect information to identify and verify you. We make enquiries as to your identity (identities) and other personal details in accordance with Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), as amended.
We will only use your personal information for the purpose of providing you with our financial products and services. Your personal information will be used by us for the purpose of assessing your application, communicating with you in relation to your account so We can provide a continuous service to you and to operate our business processing functions by disclosing your personal information to our related business entities, appointed service providers or other third parties.
We will also use your personal information to assist us with administrative, marketing and direct marketing, product or service development and internal quality assurance and control functions.
We take all reasonable steps to ensure that all personal information we hold is as accurate as possible. You can contact us if you believe the information, we have about you is inaccurate or incomplete, or to provide us with information about changes to your personal information.
We will keep your personal information secure from misuse, loss, interference, unauthorised access, modification or disclosure. We have security measures in place such as encryption, firewalls, intrusion detection and anti-virus technology to prevent unauthorised access.
We retain information for so long as may be necessary to respond to issues that may arise at a later date, and longer in appropriate cases where required by law. When personal information is no longer required by us, it is deleted, destroyed or de-identified.
The Internet is inherently insecure, and we cannot give any assurance to any person regarding the security of transmission of information you communicate to us online. We also cannot guarantee that the information you supply will not be intercepted while being transmitted over the Internet. Accordingly, any personal information or other information, which you transmit to us online, is transmitted at your own risk.
When you open an account with us, you are issued a unique account number, login and a password. You are ultimately responsible for maintaining the confidentiality of your account number, login, and password. We strongly recommend that you do not disclose this information to anyone else.
We may also send you direct marketing communications and information about our products and services by mail, SMS and email. You consent to us sending you those direct marketing communications by any method. You can opt-out of receiving marketing communications from us by contacting us by telephone or in writing. We will then ensure that your name is removed from the relevant list.
Please note that that we may be required to send you essential information about your account, the relevant services or products and other information required by law, such as welcome emails, trade confirmations and holding statements. This type of information, for the purpose of this policy, is not deemed direct marketing.
Our website may contain references or links to other external websites. Those references or links may in turn refer or link to other references or links. We are not responsible for the privacy practices of other such websites. We encourage our users to be aware, when they leave our website, to read the privacy statements of every website that collects personal identifiable information.
We will only use or disclose your personal information collected from and about you for the purpose for which you provided it to us (or related purposes which would reasonably be expected, without your permission, or as permitted by the Australian Privacy Principles).
We take reasonable steps to ensure that any third-party organisations we engage with to deliver our products and services abide by our confidentiality and privacy requirements in relation to the protection of your personal information.
We also disclose your personal information to entities located overseas for one or more of the purposes set out below. We will take reasonable steps to ensure that the overseas recipient of your personal information does not breach the Australian Privacy Principles relating to your personal information.
Examples of when your personal information may be disclosed to external parties include (but are not limited to) the following:
We may also provide your personal information to a third party if Monex sells its business assets or engages a third-party service provider to provide services to Monex (such as software services).
Further, we may need to share some of your information with organisations outside Australia. For example, when we use service providers located overseas to perform a function on our behalf.
Monex AU may share your information with overseas organisations that are located in the following countries:
When we share your information with organisations overseas, we ensure appropriate data handling and security measures are in place.
Our web sites are hosted in Hong Kong and in the secure Google cloud regions of Hong Kong, Australia and USA. We also use outsourced services in countries outside Australia from time to time in other aspects of our business. Our technical centre is based in Hong Kong. Accordingly, data obtained within Australia may be “processed” outside Australia and data obtained in any other country as noted above may be processed within or outside that country.
Further, to ensure your account is operating effectively with access to the full product features we have to offer, we will exchange your personal information with Monex BOOM Securities (H.K.) Limited (“BOOM”), a financial services company registered in Hong Kong. BOOM is our appointed international broker, clearing and settlement participant, and custodian for the safe keeping of your assets (Participant ID: 1740).
To ensure that your trading information is processed in accordance with your instructions, BOOM is required to exchange your personal information in accordance with the market rules and regulations of Hong Kong Exchanges and Clearing Limited (“HKEX”), The Stock Exchange of Hong Kong Limited (“SEHK”), Hong Kong Securities Clearing Company Limited (“HKSCC”), Shanghai Stock Exchange (“SSE”), Shenzhen Stock Exchange. Please contact us if you would like further information on the data transmitted to these foreign exchanges to abide by their local regulations.
By opening an account with us and using our products and services, you authorise us to provide BOOM with the necessary personal information for any foreign trading BOOM executes on your behalf. BOOM may use your personal data for the purposes of complying with the requirements of the SEHK rules as applicable in connection with the China Connect Market. Your personal data will be stored, used, disclosed, transferred and otherwise processed for the above purposes, whether before or after such purported withdrawal of consent.
If you choose not to allow Monex AU to share your personal information with BOOM, Monex AU may not be able to carry out your trading instructions and you will be prevented from trading Chinese markets via BOOM’s China Connect Service.
Monex AU complies with certain principles of data protection that are set out in the GDPR for the purpose of fairness, transparency and lawful data collection and use.
We process your personal information as a Controller and Processor and/or to the extent that we are a Controller as defined in the GDPR.
We must establish a lawful basis for processing your personal information. The legal basis for which we collect your personal information depends on the data that we collect and how we use it.
We will only collect your personal information with your express consent for a specific purpose and any data collected will be to the extent necessary and not excessive for its purpose. We will keep your data safe and secure.
We will also process your personal information if it is necessary for our legitimate interests, or to fulfil a contractual or legal obligation.
We do not collect or process any personal information from you that is considered "Sensitive Personal Information" under the GDPR unless we have obtained your consent, or if it is being collected subject to and in accordance with the GDPR.
You must not provide us with your personal information if you are under the age of 18 without the consent of your parent, guardian or someone who has parental authority for you. We do not knowingly collect or process the personal information of children.
Your rights under the GDPR
If you are an individual residing in the EU, you have certain rights as to how your personal information is obtained and used. Monex Securities Australia Pty Ltd complies with your rights under the GDPR as to how your personal information is used and controlled if you are an individual residing in the EU
Except as otherwise provided in the GDPR, you have the following rights:
We may ask you to verify your identity before acting on any of your requests.
We are subject to the law like everyone else. We may be required to give information to legal authorities if they so request or if they have the proper authorisation such as a search warrant or court order.
If you have any concerns regarding this policy, how we use, collect and store your personal information, we would like to hear from you. It is your choice as to whether you wish to use our services or not.
Further, Monex AU has an internal policy on dealing with data breaches as a result of unauthorised access to your personal information in accordance with the mandatory data breach-reporting requirements effective in Australia since 22nd February 2018.
Our data breach response policy contains four key steps including actions to be taken to contain the breach, evaluating the risks, impact to you as our customer and steps on notification to the OAIC, affected individuals and law enforcement agencies (as applicable). Further information is available to you on request.
Under the Privacy Act, the Australian Privacy Principles (APPs) and to the extent applicable the EU GDPR, you have the right to obtain a copy of any personal information that we hold about you and to advise us of any inaccuracies.
To make a request, you will need to write to us verifying your identity and specifying what information you require. We will respond to your request within 14 days. If the information sought after is extensive, we may charge a fee to cover cost.
In normal circumstances we will give you full access to your information. However, there may be times where some legal reason requires us to deny access, such as where granting access would interfere with the privacy of others or it would result in a breach of confidentiality. If access is denied, we will give you written reasons for any refusal.
We aim to ensure that the personal information held about you is accurate, complete and up -to-date. You should contact us as soon as possible if any of your details change. If we do not agree that there are grounds for amendment, then we will add a note to the personal information stating that you disagree with it.
Monex has regulatory obligations to keep your Personal Information on record for a period of seven years in the case you wish to terminate your working relationship with us.
If you believe that your privacy has been breached or compromised, please contact our Privacy Officer and provide details of the incident so that we can investigate it immediately.
We request that complaints about breaches of privacy be made in writing, so we can be sure about the details of the complaint. We will attempt to confirm as appropriate and necessary your understanding of the conduct relevant to the complaint and what you expect as an outcome. We will inform you whether we will investigate, the name, title, and contact details of the investigating officer and the estimated completion date for the investigation process.
After we have completed our enquiries, we will contact you, usually in writing, to advise the outcome and invite a response to our conclusions about the complaint. If we receive a response from you, we will assess it and advise if we have changed our view.
The Privacy Officer – Alex Douglas
Monex Securities Australia Pty Ltd
Registered Address: Level 11, 300 George Street, Sydney NSW 2000
Postal Address: Level 11, 300 George Street, Sydney NSW 2000
Phone: +61 2 9103 9600
You may refer your complaint directly to the relevant External Dispute Resolution (EDR) scheme.
Australian Financial Complaints Authority
GPO Box 3
Melbourne Vic 3001
You are not required to supply any of the personal information that we may request from you although failure to do so may result in us being unable to open or maintain your account or provide services to you. While we make every effort to ensure that all information we hold about you is accurate, complete, and up to date, you can help us considerably in this regard by promptly notifying us if there are any changes to your personal information.
Please contact us should you wish to unsubscribe from any general non-account specific information on Monex AU products and Services.
Should you wish to obtain further information about privacy you can do so by visiting the Office of the Australian Information Commissioner (OAIC) website at www.oaic.gov.au
Dated: 10 March 2020 (version 3.0)