Genesis is now part of Certe. More Details

Genesis Privacy Policy

Issued By

PHONE: (02) 9904 2792




Fortnum and its Principal Practices and associated entities, including any Authorised Representatives (Fortnum Group Members) (collectively, “we” or “us”) take very seriously our obligations under the Commonwealth Privacy Act (Privacy Act) to protect your personal information. Under the Privacy Act, we are bound by the Australian Privacy Principles, and in his Privacy Policy, we describe how we intend to meet our privacy obligations.

Personal Information

The Privacy Act sets out the information that it protects.

Personal information generally means information or an opinion about a person, where the person is identified or is reasonably identifiable.  Sensitive information means a person’s health information, genetic information, certain biometric information and biometric templates. It also means certain personal information, being an opinion about a person’s:
• racial or ethnic origin;
• political opinions;
• membership of a political association;
• religious beliefs or affiliations;
• philosophical beliefs;
• membership of a professional or trade association;
• membership of a trade union;
• sexual orientation or practices; or
• criminal record

Where in this Privacy Policy we refer to personal information, unless the context requires otherwise that is a reference to both personal information and sensitive information.

Personal Information Collected and Held

Fortnum and Fortnum Group Members only collect and hold personal information that is relevant to, and reasonably necessary for, the financial and other services we provide to you. In addition, we only collect sensitive information if you consent, or in specific circumstances set down in the Australian Privacy Principles.

The kind of information we will be likely to collect, and hold includes your name, address and contact details, tax file number, personal medical information, your date of birth and details about your financial circumstances, goals and strategies.

Consequences of not providing your personal information

You are not obliged to give us your personal information. However, if you decide not to give us information needed in order to provide you with services, we may not be able to provide those services to you.

How your personal information is collected and held

Fortnum and Fortnum Group Members must collect personal information only by lawful and fair means. We will usually only collect your personal information directly from you, for example, in discussion with you or via email. We may collect your personal information from another person if you consent, if we are required or allowed by law to do so, or if it would be unreasonable or impracticable for us to have to collect it from you.

For example, it may be necessary to collect personal details from third parties, such as issuers or operators of financial products or financial services. However, we will endeavour to collect such information directly from you wherever practicable. When we collect personal information about you, we will tell you why it is being collected, the organisations, or the types of organisations, to whom we usually disclose that kind of information, any law that requires the information to be collected, and the main consequences for you if the information (or part of the information) is not provided. We will also give you our contact details and tell you about how you can access the information.

Fortnum uses Salesforce as its cloud-based relationship managed system. Salesforce hosts data through Amazon Web Services (AWS). The AWS servers are located in Sydney. Salesforce do not own your data or have access to your data. There are instances where your data is stored within Salesforce. We have attached a link to the Salesforce Privacy Policy relevant to our instance here:

In addition, Fortnum uses the Microsoft Office 365 operating system. Portions of your data may be stored through these systems. Microsoft have confirmed that data is stored in part in Australia and also the United States of America. We have attached a link to the Microsoft Privacy Policy for your information:

In addition, Fortnum utilises the services of Contractors, who are located in the Philippines and India. From time to time, we may utilise services of Contractors who are located in other countries.  Your adviser may disclose your personal information to overseas recipients in order to access services they provide, such as paraplanning and administration. If this is the case, your Adviser or their Principal Practice will provide you with details, including the relevant countries. If you consent to this overseas disclosure, it is on the basis that Fortnum has not checked that the overseas recipient complies with the Privacy Act but rather, this due diligence has been undertaken by the Principal Practice.

How your personal information is used

Personal information is collected and held so that Fortnum and your Adviser can provide you with services you request. This is known as the “primary purpose” for collecting and holding personal information.

We cannot use or disclose your personal information for any secondary purposes unless certain circumstances apply. We can use or disclose personal information for a secondary purpose where you give us your consent to do so, or where:

• the secondary purpose is related to the primary purpose (where the information is sensitive information, it must be directly related to the primary purpose); and
• you would reasonably expect us to use or disclose the information for the secondary purpose.

The types of secondary purposes for which we would ordinarily use or disclose your personal information include contacting you regarding other services that we believe may be of interest to you. We may also use or disclose information where such use or disclosure is permitted by the Australian Privacy Principles. For example, where reasonably necessary to deal with unlawful activity or serious threats to life, health or safety.

Some primary and secondary purposes will require disclosure of your personal information to third parties. Some examples of when this would be required include for the purpose of providing you with services. The likely recipients would be the issuers or operators of financial products or financial services and providers of office and related services to us. We will require that any third parties to whom we disclose personal information will only use that information for the purposes for which we disclosed it to them and on the basis that they will comply with their privacy obligations.

If your Fortnum Group Member moves to another Australian Financial Services Licensee (AFSL), we may provide your personal information to the other AFSL to enable your Fortnum Group Member to continue providing you with services. Similarly, if your Fortnum Group Member sells their business to another financial adviser or AFSL we may provide your personal information to them to enable them to provide you with services. In the event of either of these things occurring, Fortnum will notify you in advance and you will have the ability to opt out of this transition.

Data Quality and Protection

Fortnum and your Fortnum Group Member will take reasonable steps:

• to make sure all personal information we collect is accurate, complete and up-to-date at all times;
• to make sure all personal information we use or disclose is (having regard to the purpose of the use or disclosure) accurate, complete up-to-date and relevant at all times.

We will also take reasonable steps to protect your personal information from misuse, interference and loss, and from unauthorised access, modification and disclosure. Once your personal information is no longer required by us, we will take reasonable steps to destroy or permanently de-identify that personal information, except in circumstances where we are required by law to retain it.

Access and Correction

If you think the personal information Fortnum and your Fortnum Group Member hold about you is not accurate, complete or up-to-date, you should let us know. Also, please let us know any relevant changes to your personal circumstances as soon as possible.

We will take reasonable steps to correct information where you provide sufficient evidence or we are otherwise satisfied, having regard for the purpose for which the information is held, that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading. We will also notify the correction to other parties to whom we have previously disclosed the information and if such a party refuses to make a correction, we will notify you of that refusal and how you can make a complaint.

If you require access to personal information we hold about you, please send us an email to We will generally allow access, unless certain exceptions apply under the Australian Privacy Principles – for example, if we reasonably consider providing access would pose a serious threat to the life, health or safety of any person, or providing access would be likely to prejudice action being taken by an enforcement body, or providing access would be unlawful.

Your request should specify the information to which you require access or which you wish to be corrected. We will keep a record of your request for and the manner in which it was dealt with. We will not charge you for requesting access to, or correction of, your personal information. We may, however, charge you the costs associated with meeting your request for access, for example photocopying and postage costs.

We are required to respond to your request for access or correction within a reasonable period, of receipt of your request. We will provide you with access in the manner you request, if it is reasonable and practicable to do so. If we cannot meet your request for access or correction, we will notify you by email and where reasonable we will give you our reason and take steps to provide you with access. We will also tell you about how you can complain about our decision.


You can contact us anonymously or by using a pseudonym. However, being unable to identify you will limit the services your Fortnum Group Member can provide you and there may be specific cases where we are prevented by law from dealing with you unless we identify you.

Data Breach

Should a data breach occur, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) of the data breaches that are likely to result in serious harm within 30 days of the breach event.

The factors which might contribute to a reasonable person thinking “serious harm” might have occurred include:
• The sensitivity of the information;
• Whether the information was encrypted;
• Whether the information was in a secure file;
• How likely it is that the security could be breached; or
• The identity of the person who obtained the information, whether they intend to cause harm to the affected person and the nature of the harm.

Complaints and Further Information

If you would like further information about how we handle your personal information, please send us an email to

If you wish to make a complaint in relation to privacy, including a breach of the Australian Privacy Principles, you can let us know by putting your concerns in writing or by calling us. You can contact us at:
Complaints Officer (Fortnum)
PO Box R1872 Royal Exchange NSW 1225

By email at or by calling (02) 9904 2792.Fortnum will investigate your complaint and respond to your concerns as quickly as possible and within 30 days.

Get in touch

Answers to all your questions,
even the ones you didn’t know to ask