Privacy Policy

The protection of individuals with regards to the processing of their Personal Data (as defined below) is a fundamental right that Alerius (referred to as "we", "us", or "our") takes very seriously. Alerius processes Personal Data as part of its relations with its clients, prospects, partners, employees, job applicants, service providers, and any users of its website (the “Website”) (collectively referred to as “Individuals”).

Alerius is firmly committed to conducting its business in accordance with the applicable data protection regulations, including the Australian Privacy Act 1988 (Cth) and, where applicable, the General Data Protection Regulation (EU) 2016/679 of April 27th, 2016 (“GDPR”), which aims to protect individuals’ rights regarding the collection, use, retention, transfer, disclosure, and destruction of their Personal Data.

The purpose of this privacy policy (“Privacy Policy”) is to set forth the types of Personal Data Alerius may collect from Individuals and the ways we may process it through interactions with Alerius, including through our media platforms. Alerius strives to ensure adequate protection of Individuals’ Personal Data and to preserve its security, as well as inform and uphold Individuals’ rights.

What Personal Data is Alerius collecting and processing about Individuals? Why is Alerius processing Individuals’ Personal Data? What are the legal bases that entitle Alerius to do so? From what sources does Alerius collect Individuals’ Personal Data? Who are the authorized parties allowed to process Individuals’ Personal Data? How does Alerius ensure the security and protection of Individuals’ Personal Data? How long will Alerius retain Individuals’ Personal Data? What are Individuals’ rights regarding the processing made by Alerius on their Personal Data? How can Individuals exercise their rights?

Please read the following Privacy Policy carefully and note that the following definitions will apply:

• Data Controller(s): Alerius.
• Data Processor(s): Any natural person or legal entity who processes Personal Data on behalf of Alerius.
• Data Recipient(s): Any individual or legal entity who receives Personal Data from Alerius. Data Recipients may include employees of Alerius or external entities (e.g., partners, suppliers, service providers, financial advisors, etc.).
• Data Subject(s): The Individuals.
• Personal Data: Any information or pieces of information that can directly or indirectly identify a Data Subject, such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that individual.

The purpose of this Privacy Policy is to comply with the information obligations of Alerius under the Australian Privacy Act 1988 (Cth) and, where applicable, the General Data Protection Regulation (GDPR) (Articles 12 to 14), and to document the rights of Individuals regarding the processing of their Personal Data.

This Privacy Policy applies to all processing of Individuals’ Personal Data by Alerius. We make every effort to ensure that Personal Data is processed within the framework of strict internal governance and compliance with relevant privacy laws and regulations. This Privacy Policy only covers Personal Data for which Alerius acts as the Data Controller, and does not extend to processing activities performed outside Alerius’ governance.

The processing of Personal Data may be managed directly by Alerius or via Data Processors specifically designated by Alerius. This Privacy Policy is independent of any other documents that may apply in the context of the contractual relationship between Alerius and the Individuals.

Where necessary, specific privacy and data protection notices and/or consent forms will be provided to the concerned Individuals in specific situations where Alerius may process their Personal Data.

Alerius processes Personal Data in accordance with Australian privacy laws and the principles outlined in the GDPR, where applicable. Personal Data is only processed if it directly relates to Alerius’ business activities and if it complies with relevant legal and ethical obligations. Alerius may process Personal Data for the following purposes:

Alerius’ business and contractual relationship purposes

• Management of business relationships, including identifying potential clients, partners, service providers, and contractors.
• Execution and management of agreements with clients, financial service providers, and other business partners, ensuring the smooth operation of financial paraplanning services.
• Administration and management of invoicing, billing, and accounting.

Research and development activities

• Conducting market research to improve financial paraplanning services, including gathering insights to enhance the tools and methodologies used in financial analysis.
• Using available data to explore new strategies or approaches in financial paraplanning to better serve clients’ financial planning needs.

Compliance with legal, regulatory, and ethical obligations

• Ensuring that Alerius adheres to applicable laws, industry standards, and best practices in financial planning.
• Carrying out necessary audits, legal declarations, and administrative formalities.
• Managing recruitment in compliance with data protection regulations.
• Ensuring the security and protection of Personal Data processed by Alerius in line with applicable privacy laws.
• Processing of Personal Data to fulfill legal obligations or respond to requests related to individual rights, such as managing requests under data protection regulations (e.g., access or correction of data).

Marketing purposes

• Managing and implementing marketing campaigns, including email, SMS, or phone communications to promote our financial paraplanning services.
• Organizing and managing events or webinars in which Alerius participates.
• Sending newsletters and managing targeted advertising or media outreach.
• Collecting feedback through surveys and managing statistics to improve services.
• Processing of Personal Data to fulfill legal obligations or respond to requests related to individual rights, such as managing requests under data protection regulations (e.g., access or correction of data).

Management of recruitment

• Handling job advertisements and managing job applications, including the pre-contractual relationship between Alerius and job applicants.

Management of the Website

• Managing content on the Website, including contact forms, case studies, and other interactive features.

Protect Alerius’ rights and interests

• Managing content on the Website, including contact forms, case studies, and other interactive features.
• Protecting Alerius’ rights, intellectual property, privacy, and safety, as well as safeguarding against any fraudulent actions or omissions that may cause harm to Alerius.
• Defending against actions that could damage Alerius or its clients.

While this list aims to be as exhaustive as possible, any new use or modification of existing processing will be notified to Individuals through updated versions of this Privacy Policy published on the Website. Alerius encourages Individuals to check this Privacy Policy regularly for updates on any changes in how Personal Data is processed.

Alerius retains the right to process Personal Data for the aforementioned purposes. However, any additional data derived from analysis conducted by Alerius, such as usage analysis or statistics, remains the exclusive property of Alerius.

The purposes for which Alerius processes Personal Data, as described above, are based on the following legal grounds:

The processing is necessary for the purpose of the legitimate interest of Alerius or a third party

When Alerius processes Personal Data for its legitimate interest, we ensure that the rights and interests of Data Subjects are fully considered. Alerius ensures that its legitimate interests do not override the fundamental rights of the Data Subjects. For example, Alerius processes Personal Data based on its legitimate interest for the following purposes:

• Protecting Alerius from fraudulent actions or omissions.
• Managing and developing business relationships and opportunities.
• Conducting business development activities such as identifying potential clients or partners.
• Sending newsletters to clients, partners, and contractors with whom Alerius has pre-existing professional relationships.

The processing is necessary for compliance with legal obligations applicable to Alerius

Alerius may process Personal Data to comply with Australian laws or other applicable regulations. For example, Alerius processes Personal Data to fulfill legal obligations for:

• Financial and tax reporting requirements.
• Responding to Data Subjects’ access and correction requests.
• Ensuring transparency in business relationships and compliance with relevant regulations, including obligations concerning financial advisors and service providers.

The Data Subject has given consent for specific purposes

In some instances, Alerius may process Personal Data when the Data Subject has provided clear and specific consent. For example, a Data Subject's consent may be required for:

• Receiving Alerius’ marketing communications, such as newsletters.
• Participating in surveys or events organized by Alerius.

Data Subjects have the right to withdraw their consent at any time, and Alerius will honor such requests promptly.

The processing is necessary for the performance of a contract

Alerius processes Personal Data when necessary to execute a contract between Alerius and the Data Subjects (or their employers). For example, this applies to:

• Negotiating and finalizing contracts with clients, partners, suppliers, or service providers.
• Managing and following up on the contractual relationships between Alerius and its partners, suppliers, service providers, or clients.

Personal Data is generally collected directly from Data Subjects (direct collection), such as through interactions with Alerius, including when individuals engage with our financial paraplanning services, apply for jobs, or communicate with us via our website.

In some cases, Personal Data may be collected indirectly through Alerius' clients, service providers, partners, or other third-party entities authorized to collect and share this information in compliance with applicable laws and their own privacy policies.

When Alerius receives Personal Data from these third parties, we take great care to ensure the accuracy and quality of the data. If Data Subjects have questions regarding how their Personal Data was initially collected by Alerius’ partners, clients, or service providers, we may recommend that they contact the relevant third party directly and/or review their respective privacy policies.

Alerius ensures that Personal Data can only be accessed by authorized individuals within the company, depending on the purpose(s) for which the Personal Data is processed. Access is strictly limited to those who need it to perform their job functions and ensure compliance with Alerius' privacy and security policies.

Alerius’ internal Data Recipients

Depending on the purpose(s) for which Personal Data is processed, authorized personnel at Alerius may include:

• Client Relations and Business Development Department: Managing client relationships and developing new business opportunities.
• Financial Planning Department: Supporting financial paraplanning activities, including the creation of strategies and financial reports.
• Finance Department: Managing billing, invoicing, and financial reporting.
• IT Department: Ensuring data security and managing technical infrastructure.
• Legal Department: Overseeing compliance with legal obligations and data protection regulations.
• Human Resources Department: Handling recruitment and employee-related matters.
• Audit and Compliance Department: Monitoring and conducting internal audits to ensure data protection policies are adhered to.

Alerius defines the retention period of Personal Data in accordance with its legal and contractual obligations, or based on specific operational needs. Alerius will hold Personal Data for no longer than one (1) year, unless otherwise required by applicable laws.

Clients and partners’ Personal Data

Personal Data related to clients and partners will be retained for the duration of the contractual relationship, and then stored for an additional one (1) year after the end of the contract. After this period, the data will be deleted or anonymized, unless required by law or for legal claims.

Job applicant’s Personal Data

Personal Data collected from job applicants will be stored for one (1) year from the date of collection. If the applicant does not request otherwise, this data will be deleted after the retention period has elapsed. Alerius will not retain applicant data beyond one (1) year unless further consent is obtained.

Personal Data relating to contacts and potential clients

Personal Data related to contacts and potential clients will be retained for up to one (1) year from the date of collection or the last interaction with Alerius, whichever is more recent.

Information related to bank details (if applicable)

Personal Data related to payment details will be retained until full payment is made and the service has been provided. For any potential disputes regarding payment transactions, payment data may be retained for one (1) year following the transaction.

After the specified retention periods, Personal Data will be either deleted or anonymized. In the case of anonymization, the data will no longer be identifiable, and Alerius will be unable to link it back to any individual.

Please note that deletion or anonymization of Personal Data are irreversible operations, meaning that once data has been removed or anonymized, Alerius will no longer be able to comply with any requests related to this data, such as accessing or rectifying it.

Alerius may engage third-party Data Processors to assist in processing Personal Data as needed. In all such cases, Alerius ensures that these Data Processors comply with applicable data privacy laws and regulations, including the Australian Privacy Act 1988 (Cth) and, where relevant, the GDPR.

Alerius enters into a formal contract with each Data Processor, ensuring that they are subject to the same Personal Data protection obligations that apply to Alerius. Alerius also reserves the right to conduct audits of its Data Processors to verify their compliance with their data protection obligations.

This Privacy Policy may be amended or supplemented at any time in response to legal or regulatory developments, new uses of Personal Data, or any recommendations issued by relevant supervisory authorities. Changes may also be made to reflect updates in Alerius’ business practices.

Any new version of this Privacy Policy will be made available on this page. Alerius encourages Data Subjects to check this Privacy Policy regularly to stay informed of any changes.

For further information on Personal Data protection, please consult the website of the Office of the Australian Information Commissioner (OAIC) or other relevant supervisory authorities. For GDPR-related inquiries, individuals may refer to the European Data Protection Board website for details on supervisory authorities within the European Union.