Data protection, security and privacy FAQs
The Perth Mint may request personal information from new and existing customers. See below for more information.
How can I tell if an email or link is legitimate?
To confirm an email/link is legitimate, call our customer contact centre or customer operations team.
Customer Contact CentreAvailable Monday - Friday: 7am–5.30pm AWST
Why are you asking for personal data that I supplied when I opened my account? Have you lost it?
We have not lost your data and it is securely stored in our systems.
We have obligations under legislation such as the Anti-Money Laundering and Counter-Terrorism Financing Act 2006, which requires us to undertake periodic refreshes of know your customer data. Verifying current documents are requirements of this legislation.
How do I securely transfer my personal data?
We will provide you with a secure link. We do not request you send documentation by email.
Alternatively, you can send by post. We recommend purchasing tracking and signature on delivery. If you would like to send via post, please ask us for our mailing address.
What happens if I don’t provide the requested information/documents?
A key part of our requirements under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 is that we have thorough know your customer processes in place.
If you do not provide the requested documentation within the required timeframes, we may need to place your account on hold until we are able to confirm if your details are accurate and current.
How is my personal data protected?
We take the protection and security of your information seriously. We will continue to review and improve our security measures to ensure your information remains protected.
Some of the measures we currently take include:
- Using firewalls, virus scanning and access logging tools and encrypting data to protect against unauthorised access to your data and our network.
- Using secure work (and sometimes closed) environments and workflow systems to prevent unauthorised access and copying of your personal information.
- Managing access privileges to ensure that only those who really need it can see your personal information.
- Using the latest industry standard for data encryption (Transport Layer Security protocols) to keep your transactions secure and private. TLS provides a secure link between your browser and our server and encrypts your personal information to ensure it is kept private over the internet.
- Being guided by our information security policy. This includes ensuring that technology is appropriately assessed and reviewed as part of security protocols. Our key third party suppliers are also held to strict security standards to ensure any services are delivered with appropriate care and security.
- Ongoing employee training and security reviews.
Can you delete my personal data from your systems?
We may be unable to delete your data at this time due to legislative requirements.
Organisations must maintain personal data in accordance with the various privacy legislations around the world. For example, the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 requires us to keep records of our business activities, including customer details, for seven years.
If you can’t delete my personal data what can you do?
If you do not wish to continue to do business with The Perth Mint, we can close your account and mark it as inactive. While we cannot delete all your personal data from our systems, it will only be accessed to meet requirements set by the Australian government and others.
How long will you store my personal data?
The retention period is usually seven years under the requirements of legislation such as the Anti-Money Laundering and Counter-Terrorism Financing Act 2006.
The assessment of any retention period depends on the nature of the data as well as the method and reason for its collection, the channel through which it was collected and any other legislative requirements that apply.
Once the retention period for the data is reached, it is disposed of. If we are unable to dispose of it (for example, due to system limitations), reasonable attempts will be made to de-identify the data so that it cannot be used to identify you.
Where is my personal data held?
Your data is held across numerous systems within our environment, both on-premises and in the cloud. We prefer to maintain our data storage within Australia but follow WA Government guideline for offshoring data. Data is held outside Australia only after rigorous investigation.
Do you transfer my data to other companies and organisations?
We do not sell your personal data to any third parties.
What third parties do you transfer my data to?
For example, we use a multinational to supply our business systems. We may transfer personal data to that company when using their platforms, such when emailing customers, communicating internally and producing and storing documents. Documents, such as purchase receipts, may also be stored in the systems.
How do you ensure third parties are protecting my personal data?
Prior to engagement with any third party, comprehensive due diligence is performed on their operations. Should a third party not pass the due diligence process we do not deal with them.
Can you guarantee my personal data is safe 100% of the time on your systems?
Information security threats are constantly evolving. While there are many ways to counter and reduce this threat, the security industry recognises there is no method to provide 100% protection against cyberattacks. We strive to maintain best practice protections for your personal data.
Who is responsible if my data is leaked?
The Perth Mint Privacy team are responsible for management and communications in the event of a breach of customer data from our systems. You will be contacted by the privacy team if we need to notify you of a breach.
If you identify a breach, we encourage you to notify us on the email address below as soon as possible so we can undertake remediation actions.
How will I be compensated in the event of a breach?
Any recourse depends on the size, scale, and nature of the breach along with the information shared. It can range from notification and support services to monetary compensation at the discretion of The Perth Mint.
If the individual is not happy with the proposed recourse, they can escalate their complaint to the applicable regulatory authority:
- If you reside in Australia you can escalate your complaint to the Office of the Information Commissioner.
- If you reside in Europe or the EEA you can escalate your complaint to the applicable data protection authority.
- If you reside in the United States, you may be able to escalate your complaint to the Federal Trade Commission. There may be different methods for escalating your complaint depending on the state you reside in, such as your state’s office of the attorney general, or a private right of action.