Privacy

About Iress

Iress Limited (incorporated in Australia, ABN 47 060 313 359), and all companies within its Group, (together ("Iress", "us" or "we"), is a technology company providing software and services to the financial services industry. Depending on the jurisdiction in which we are conducting business, we provide software and services for trading and market data, financial advice, investment management, mortgages, superannuation, life and pensions, and data intelligence. Our software and services are used by more than 10,000 businesses and 500,000 users globally, and we have 1,900 people based in Asia-Pacific, North America, Africa, the United Kingdom, and Europe.

Privacy statement

We are required to comply with all applicable personal data protection (“privacy”) legislation, including delegated legislation, in the jurisdictions in which we conduct our business. In Singapore, this includes the Personal Data Protection Act 2012 (“Act”) and Data Protection Obligations contained within.

This Policy describes the personal data (“personal information”) we may collect, and how we may use, disclose, share, store, and protect (“handle”) that personal information. Note: This Policy applies to personal information collected via our corporate website (https://www.iress.com/) and in the provision of our products and services.

Personal information under the Act means information, whether true or not, about an individual who can be identified either:

from that information; or
from that information and other information to which we have or are likely to have access.

By providing us with your personal information, you consent to us handling your personal information as set out in this Policy. We are committed to protecting the personal information we handle.

Collection of personal information

At times we may request that you provide us with personal information. Generally, this personal information is requested when you subscribe for a product, request a service, or request information from us—such as when you request a fact sheet or a demonstration of one of our products or services.

We will only seek to collect a level of personal information, reasonably necessary for us to appropriately perform our functions and activities. In the event we receive unsolicited personal information not required for the performance of our functions and activities, we will destroy or de-identify that personal information as soon as practicable if it is lawful and reasonable to do so.

Direct and indirect collection

Depending on the circumstances, we may collect personal information either directly or indirectly from you. For example, at times we may collect personal information about you indirectly from a third party (e.g. a company that provides services to us or an information service provider) where it’s not practicable to collect it directly.

In addition to this, we may handle your personal information as a third party service provider. For example, we may handle your personal information where you are a customer of a client (e.g. investment and/or advice provider), and that client has contracted us to provide a product or service on their behalf.

Types of personal information

Depending on the purpose behind the collection of your personal information, and the subsequent use of that personal information, we may collect from you or a third party the following personal information about you:

	Types of personal information collected
General	- name or alias, title, date of birth, marital status, and country and city of birth details; - mailing address, telephone number, email address, and other contact details; - next-of-kin, spouse, and other family members, and emergency contact details; - payment information (including bank details), and tax residency and tax status details; - employment history, including education, job titles, work history, employment location details; - salary, annual leave, sick leave, and benefits information, including compensation history details; - cashflow position, investments and liabilities, and financial needs, objectives and goals details; - username and passwords, for access and use of our online products and services; and/or - internet-enabled device information and browsing patterns, such as your IP address, operating system, and browser type
Sensitive and other special categories	Types of personal information we may collect that is also sensitive information: - National Registration Identity Card (NRIC) or Foreign Identification Number (FIN) details; - health and genetic information, including insurance policies and medical conditions details; and/or - racial or ethnic origin, religious and philosophical beliefs, and gender identity and pronoun details.

Types of personal information collected

General

- name or alias, title, date of birth, marital status, and country and city of birth details;
- mailing address, telephone number, email address, and other contact details;
- next-of-kin, spouse, and other family members, and emergency contact details;
- payment information (including bank details), and tax residency and tax status details;
- employment history, including education, job titles, work history, employment location details;
- salary, annual leave, sick leave, and benefits information, including compensation history details;
- cashflow position, investments and liabilities, and financial needs, objectives and goals details;
- username and passwords, for access and use of our online products and services; and/or
- internet-enabled device information and browsing patterns, such as your IP address, operating system, and browser type

Sensitive and other special categories

Types of personal information we may collect that is also sensitive information:
- National Registration Identity Card (NRIC) or Foreign Identification Number (FIN) details;
- health and genetic information, including insurance policies and medical conditions details; and/or
- racial or ethnic origin, religious and philosophical beliefs, and gender identity and pronoun details.

Use of cookies

We may access cookies stored on your computer when you visit our website or when you open an email from us. We are able to do this by including web beacons (also known as clear GIFs or web bugs) in our emails. Our web beacons do not store additional information on your computer but, by communicating with our cookies on your computer they can tell us when you have opened emails from us and what pages you look at.

Please see our cookies policy for further information on the use of cookies.

Event registrations and surveys

We may hold events, or request the completion of a survey, in relation to our products and services. In these instances, we may collect your personal information, such as your name, email, job role, place of work, and other information that may be relevant in the context of these particular events and surveys.

Social networking services

We use Instagram, YouTube and LinkedIn to communicate with the public about our company, and the products and services that we offer. When you communicate with us using these services, we collect the personal information you provide to us by engaging in that communication. Note: Instagram, YouTube and LinkedIn each have their own privacy policies.

Anonymity

You have the option to interact with us anonymously or using a pseudonym, where reasonably possible. For example, if you contact us with a general question regarding our products or services, you will not be asked for your name unless it is required to adequately handle your enquiry.

However, for most of your interactions with us, your name, contact information and enough information about the particular matter in question will be required to enable us to deal with the matter at hand. For example, in the case of dispute resolution, it may be impracticable to investigate and resolve the handling of a particular complaint unless you provide us with personal information, such as your name or similar information.

Purpose and use of personal information

The personal information we collect about you may be used by us for one or more of the following purposes:

to perform obligations in the course of or in connection with our provision of the products and/or services requested by you;
to verify your identity;
to manage fiscal components; for administration and client relationship management;
to meet our legal (including contractual) and regulatory obligations;
to process payments and transactions;
to help us improve and develop our website and online products and services;
to understand our user demographics and use of our website and online products;
for corporate and investor communications (in compliance with any regulator requirements);
to enable you to use our online products, our website, or receive the benefit of certain services;
to answer questions and respond to comments, requests, applications, feedback or queries you send us;
to send invoices or reminder notices, or otherwise notify you of changes to our online products or services, and any other purpose related to or ancillary to any of the above;
to enable any actual or proposed assignee, transferee, or purchaser, its holding company or its business to evaluate any proposed transaction with us;
to comply with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;
any other purposes for which you have provided the personal information; and/or
any other incidental business purposes related to or in connection with the above.

The purposes listed above may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).

Direct marketing

Depending on the purpose of collection of your personal information, we may disclose your personal information with our business partners for marketing purposes or we may send you information about other organisations and their products and services. We may contact you by mail, telephone, fax, email, or other electronic messaging service with offers of products, services, or information that may be of interest to you.

By providing us with your contact details you consent to being contacted by these methods for these purposes. If you do not wish to receive marketing information from any companies within our group or our business partners (other than on the website which you have requested information about) please indicate this on the relevant form where we collect your information, or contact us using the details below.

Anonymisation

Subject to applicable legal obligations, we may anonymise (e.g. de-identify) your personal information so that it can no longer be associated with you, in which case we may retain, and use, disclose, and share such information for researching, testing, training, developing, delivering and/or improving Iress’ services or solutions or for any other business or commercial purposes, without further notice to you. In addition, to achieve an appropriate standard of anonymisation, we may contract a third party to assist us with this process.

Artificial intelligence (AI)

To help us improve and develop our website and online products and services we may employ the use of Artificial Intelligence (AI) tools. In these cases, we have controls to ensure that any use is ethical and compliant with all applicable legal (including contractual) obligations, and company policies.

Sharing or disclosure of personal information

We may share or disclose your personal information with one or more of the following:

the companies in our corporate group;
third party vendors, to satisfy our third party data payment arrangements;
our subcontractors, suppliers, and advisors, to the extent necessary and relevant for the provision of our online products or services;
our personnel, subcontractors, agents, and advisors, who have a need for that information as they assist us in running our business, this website, or providing related services; and/or
those other persons we believe are reasonably necessary, to comply with our legal and regulatory requirements and/or exercise any rights we have under our contracts.

Overseas disclosures

We may share your personal information to members of our corporate group located overseas. Countries in which we are based include Australia, the United Kingdom, Singapore, Malaysia, Tunisia, Hong Kong, South Africa, New Zealand, the United State of America (USA), and Canada. Note: We have appropriate controls in place in relation to intra-group transfers.

In addition, we may transfer your personal information to countries or jurisdictions which do not provide the same level of privacy protection as the country in which you reside, if necessary for achieving the purposes set out above. If we do make such a transfer, we will do so in accordance with the Act to ensure your personal information is protected.

Where we wish to disclose your personal information with third parties who are not listed above then we shall seek your consent before doing so, unless your personal information is anonymised; in which case we may disclose the information without first obtaining your consent.

By submitting your personal information, you agree to such sharing and disclosure as set out above. We will take all steps reasonably necessary to ensure that your personal information is treated securely and in accordance with this Policy.

Storage and security of personal information

We take appropriate steps, and maintain electronic, physical, procedural, and organisational safeguards, using industry standard techniques and controls, to protect your personal information from misuse, interference, loss, unauthorised or accidental access, modification or disclosure.

Privacy impact assessments

In addition to the above controls, we are committed to conducting Data Protection Impact Assessments (DPIAs) (“Privacy Impact Assessments (PIAs)”) for new projects in which your personal information will be handled, or when a change is proposed to existing personal information handling practices.

Data breach notification

In the event of an incident that may constitute misuse, interference, loss, unauthorised or accidental access, modification or disclosure of your personal information, an investigation of the incident will take place.

Based on the findings of the investigation, an assessment will be made regarding any appropriate remediation actions that may be required, as well as an assessment of reportability to you and other parties (e.g. a regulatory body), which will be informed by our legal (including contractual) obligations.

Retention and destruction of personal information

We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements, or as required or permitted by applicable laws.

To determine the appropriate retention period for personal information, we consider, for example:

the amount, nature, and sensitivity of the personal information;
the potential risk of harm from misuse, interference, loss, unauthorised or accidental access, modification, or disclosure of the personal information;
the purposes for which we process your personal information and whether we can achieve those purposes through other means (e.g. de-identification); and
the applicable legal (including contractual) requirements.

In some circumstances, we may anonymise (e.g. de-identify) your personal information so that it can no longer be associated with you, in which case we may use such personal information without further notice to you.

Access and correction of personal information

You have the right to request access or corrections to and copies of the personal information we hold about you. Upon a request for access or correction being made, we will ask you to verify your identity before we give you access to your personal information or the ability to correct it.

The steps appropriate to verify your identity will depend on the circumstances. We will seek the minimum amount of personal information needed to establish your identity. Note: For quality control and training purposes we may monitor or record your communications with us.

Other important matters

Right to withdraw consent

In the limited circumstances, where you may have provided your consent to the collection, storage, use, sharing, and disclosure of your personal information for a specific purpose or purposes, you have the right to withdraw your consent for that specific purpose or purposes at any time.

To withdraw your consent, please contact corporate@iress.com. Once we have received notification that you have withdrawn your consent, we will no longer process your personal information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. Note: By withdrawing your consent, we may no longer be able to provide services to you or on behalf of another for you.

Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within thirty (30) days of receiving it.

Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.

Third party sites

Our corporate website contains links to other external third party websites, including social media sites and widgets. We are not responsible for the content or privacy practices (including the delivery of any cookies) of these websites. We strongly encourage you to read the privacy notices and policies of those websites before providing those third parties with your personal information.

Children’s privacy

Our products and services are not directed at, or intended for use by, people under the age of eighteen (18) or such other age designated by applicable law (“minors”). We do not knowingly collect or request personal information from minors. We do not knowingly allow minors to use our products or services.

If you are a minor, please do not use our products or services or attempt to send us your personal information. In the event that we learn that we have collected the personal information of a minor, we will take steps to delete the personal information as soon as possible.

Contact information

If you have any questions or comments about this Policy, would like to request a copy of this Policy, or have any concerns about our handling of your personal information, then please contact our Data Protection / Privacy Officer whose contact details are below:

Email: corporate@iress.com
Phone: +61 3 9018 5800
Mail: Iress Limited, Iress Data Protection / Privacy Officer, Level 16, 385 Bourke St, Melbourne, VIC, 3000

If you wish to make a formal complaint, then please make your complaint in writing to our Data Protection / Privacy Officer (as noted above). We will consider your complaint promptly and contact you to seek to resolve the matter.

If however, you are not satisfied with our response, you are then able to lodge a complaint with the Personal Data Protection Commission (“PDPC”):

PDPC
- Online: https://www.pdpc.gov.sg/
- Mail: Personal Data Protection Commission, 10 Pasir Panjang Road, #03-01 Mapletree Business City Singapore 117438

Note: If you would like further information about privacy, the protection of privacy, and your privacy rights, then please visit the PDPC website at https://www.pdpc.gov.sg/.

Updates and changes

We reserve the right, at our discretion, to change, modify, add or remove portions from this Policy from time to time, so we encourage you to review this Policy regularly.

Privacy Notice

Join us

Trust

About

Social