Statement of Privacy Policy


At WLM Financial Services Pty Limited (WLM) we recognise that your privacy is very important to you – it is to us as well. We handle Personal Information provided by and about people every day. By Personal Information we mean information or an opinion about a person whose identity is apparent or can reasonably be ascertained.

We support the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Privacy Act). Our aim is to support and comply with the APPs that form the basis of laws introduced to strengthen privacy protection for the general public. The information set out below is largely a summary of our objectives under the APPs.

This policy will be reviewed from time to time to take account of new laws and/or changes to our operations. Any information we hold about you will be governed by our most current policy. We recommend that you periodically review this policy for any changes.


As a professional services organisation offering accounting and financial planning services, we are subject to certain legislative and regulatory requirements which necessitate us obtaining and holding detailed information which personally identifies you and/or contains information or an opinion about you (Personal Information). In addition, our ability to provide you with a comprehensive accounting and/or financial planning service is dependent on us obtaining certain Personal Information about you.

At or before the time we collect Personal Information from you we will take reasonable steps to inform you why we are collecting that Personal Information, who else we might disclose that Personal Information to, and what will happen if you do not provide Personal Information to us.

As an example, and without limiting the types of Personal Information we collect, we may collect the following Personal Information:

  • your name, date of birth, address, telephone number, e-mail address;
  • accounting information such as your tax file number, bank account details, credit card details and details of your investments;
  • employment details and employment history;
  • details of your interests in or ownership of entities or control of trusts;
  • details of your financial needs and objectives;
  • details of your current financial circumstances, including your assets and liabilities (both actual and potential), income, expenditure, insurance cover and supperannuation;
  • details of your investment preferences and aversion or tolerance to risk;
  • information about your employment history, employment circumstances, family commitments and social security eligibility;
  • any other information that may be required to form a basis for recommendations.

If you operate a social media or other online account, we may collect your username associated with that account, and any other information or content you have made public in connection with that account. Such information or content may include Personal Information.

We may also collect information about your interests and preferences, other demographic information such as your gender, age and location, and anonymous information such as your IP address, browser type, and other software or hardware information. Generally, this information is not Personal Information as it cannot be used to identify you.

Where reasonable and practicable, we will only collect Personal Information about you, from you.

Tax File Numbers (TFN)

The Privacy (Tax File Number) Rule 2015 (TFN Rule) issued under s 17 of the Privacy Act regulates the collection, storage, use, disclosure, security and disposal of individuals’ TFN information.

The obligations relating to the handling of TFNs under the TFN Rule are in addition to responsibilities under other laws, including:

  • the Australian Privacy Principles
  • the Taxation Administration Act 1953,
  • Part VA of the Income Tax Assessment Act 1936
  • Part 25A of the Superannuation Industry (Supervision) Act 1993 and Part 11 of the Retirement Savings Accounts Act 1997,
  • the Data-matching Program (Assistance and Tax) Act 1990

As an authorised TFN recipient, WLM will only record, collect, use or disclose a TFN where it is permitted under taxation, personal assistance or superannuation law (for example, when lodging a tax return).

When collecting Tax File Number information, WLM will take reasonable steps to ensure that TFNs are only requested or collected when necessary and relevant to the purpose of collection under applicable taxation law, personal assistance law or superannuation law, and that the manner of collection does not unreasonably intrude on the individual’s affairs.

Refusal to provide information

Wherever it is lawful and practicable, we will give you the option of not identifying yourself or not providing Personal Information when entering transactions with us. However, failure to provide full and complete information we request may mean that we are unable to provide services to you fully and properly.

When undertaking financial planning services we are required to collect sufficient information to ensure appropriate advice can be given in respect of recommendations made to our clients (pursuant to the Corporations Act 2001 (Corporations Act) and The Financial Planning Association’s Code of Professional Practice (FPA Code of Conduct). Therefore, if you elect not to provide us with the Personal Information referred to above, we may elect to terminate our retainer with you if we believe we are unable to provide you with a complete service.


We will not use or disclose Personal Information collected by us for any purpose other than:

  • the purposes for which it was provided or secondary related purposes in circumstances where you would reasonably expect such use or disclosure; or
  • where you have consented to such disclosure; or
  • where the APPs authorise use or disclosure where required or authorised under law, in circumstances relating to public health and safety and in connection with certain operations by or on behalf of an enforcement body, in connection with any legal proceedings or anticipated legal proceedings, or in order to comply with any legal obligation, or to establish, exercise or defend our legal rights.

In the event that we propose to sell our business we may disclose your Personal Information to potential purchasers for the purpose of them conducting due diligence investigations. Any such disclosure will be made in confidence and it will be a condition of that disclosure that no Personal Information will be used or disclosed by them. In the event that a sale of our business is affected, we may transfer your Personal Information to the purchaser of the business. As a client you will be advised of any such transfer.

Financial Planning Use

Where you are a client of our financial planning services, the following will apply:

In order to ensure that you receive a personal and tailored service, your Personal Information may be transferred to one of our agents or authorised representatives who will be your primary point of contact with the organisation. It is a condition of our agreement with each of our representatives that they adopt and adhere to this Privacy Policy. You can be assured that your information will be maintained by any agent or representative in accordance with this Policy. If you have any concerns in this regard, you should contact us by any of the methods detailed below.

We may disclose your Personal Information to superannuation fund trustees, insurance providers, and product issuers for the purpose of giving effect to your financial plan and the recommendations made by us.

We are required under the FPA Code of Conduct to make certain information available for inspection by the Association on request to ensure ongoing compliance with mandatory professional standards. This may involve the disclosure of your Personal Information. We are also obliged pursuant to the Corporations Act to maintain certain transaction records and make those records available for inspection by the Australian Securities and Investments Commission.


You agree that we may disclose your Personal Information in any of these circumstances. We disclaim all liability for any privacy breaches by third parties to whom we have disclosed your Personal Information in accordance with this Policy.

You may withdraw your consent to use or disclose your Personal Information at any time. To withdraw this consent please contact us at the details below. Please note that withdrawing your consent may mean that we are unable to provide you with our services.


Employees of WLM are required to comply with the principle of confidentiality, which requires to respect the confidentiality of information acquired as a result of professional business relationships.

WLM employees are expected to continue to comply with the principle of confidentiality even after the end of the relationship between WLM and a client or employing organisation.

Further information regarding obligations to confidentiality can be found within the relevant professional membership code of ethics (e.g. the APES 110 Code of Ethics for Professional Accountants, and/or the Financial Planners and Advisers Code of Ethics 2019).



You may at any time, by contacting us by any of the methods detailed below, request access to your Personal Information and we will (subject to the following exceptions) provide you with access to that information either by providing you with copies of the information requested, allowing you to inspect the information requested or providing you with an accurate summary of the information held. We will, prior to providing access in accordance with this policy, require you to provide evidence of your identity.

We will not provide you access to Personal Information which would reveal any confidential formulae or the detail of any in house evaluative decision making process, but may instead provide you with the result of the formulae or process or an explanation of that result.

We will not provide you with access to your Personal Information if:

  • providing access would pose a serious threat to the life or health of a person;
  • providing access would have an unreasonable impact on the privacy of others;
  • the request for access is frivolous or vexatious;
  • the information related to existing or anticipated legal proceedings between us would not be discoverable in those proceedings;
  • providing access would reveal our intentions in relation to negotiations with you in such a way as to prejudice those negotiations;
  • providing access would be unlawful;
  • denying access is required or authorised by or under law;
  • providing access would be likely to prejudice certain operations by or on behalf of an enforcement body or an enforcement body requests that access not be provided on the grounds of national security.

In the event we refuse you access to your Personal Information, we will provide you with an explanation for that refusal.


We will endeavour to ensure that, at all times, the Personal Information about you which we hold is up to date and accurate. In the event that you become aware, or believe, that any Personal Information which we hold about you is inaccurate, incomplete or outdated, you may contact us by any of the methods detailed below and provide to us evidence of the inaccuracy or incompleteness or outdatedness and we will, if we agree that the information requires correcting, take all reasonable steps to correct the information.

If we do not agree that your Personal Information requires correcting, we must, if you request, take reasonable steps to ensure that whenever your Personal Information is accessed or handled in the future, it is apparent that you are not satisfied as to the accuracy or completeness of that information.

We will endeavour to respond to any request for access within 14-30 days depending on the complexity of the information and/or the request. If your request is urgent please indicate this clearly.


Your Personal Information is generally held in your client file. Personal Information may also be held in a computer database.

We will not adopt as our own any identifiers that you may provide to us such as TFNs, Medicare numbers etc.

At all times your Personal Information is treated as confidential and any sensitive information is treated as highly confidential. We will at all times seek to ensure that the Personal Information collected and held by us is protected from misuse, loss, unauthorised access, modification or disclosure.

All physical paperwork is either securely destroyed or stored in our offices, which is locked out of business hours. All archived files are kept in a secure location and are recorded in a register.

All computer-based information is protected through the use of access passwords on both our cloud-based systems and physical hardware. All WLM staff are set up with a secure password and data tool, to ensure security of passwords and cloud based applications. Data is backed up via the cloud.

In the event you cease to be a client of this organisation, any Personal Information which we hold about you will be maintained in a secure off site storage facility for a period of 7 years in order to comply with legislative and professional requirements, following which time the information will be destroyed.

We will protect Personal Information from misuse and loss, and destroy or permanently de-identify Personal Information we no longer need.


A data breach occurs when Personal Information that an entity holds is subject to unauthorised access or disclosure, or is lost. Examples include:

  • loss or theft of physical devices (such as laptops and storage devices) or paper records that contain Personal Information
  • unauthorised access to Personal Information by an employee
  • inadvertent disclosure of Personal Information due to ‘human error’, for example an email sent to the wrong person
  • disclosure of an individual’s Personal Information to a scammer, as a result of inadequate identity verification procedures.

In the unlikely event of an ‘eligible data breach’ (where the access, disclosure or loss is likely to result in serious harm to any of the individuals to whom the information relates), WLM will undertake the following steps (in accordance with their data breach response plan):

1) Contain the data breach to prevent any further compromise of Personal Information.
2) Assess the data breach by gathering the facts and evaluating the risks, including potential harm to affected individuals and, where possible, taking action to remediate any risk of harm.
3) Notify the individuals, the Commissioner (if required) and other entities depending on the categories of information involved in the data breach
4) Review the incident and consider what actions can be taken to prevent future breaches.


When you visit our website, details may be recorded about your visit, such as time and date, your server address, pages accessed, time spent and type of browser. This information is used in an anonymous form for statistical purposes and as such cannot identify you individually.

We may use cookies to identify your browser so that next time you visit our website we remember your log in details. A cookie is a small file that remains on your computer and contains information enabling our website to recognise your browser. If you do not wish to use cookies, you can adjust the settings on your browser to reject cookies or notify you when they are being used.


We will not send any Personal Information about you overseas unless you consent to this, or we reasonably believe that the other country has privacy laws substantially similar to our own, or we provide the information in other circumstances giving like protection.

If on the other hand you reside overseas, then you acknowledge and consent to your Personal Information being transferred to and retained in Australia for the purposes set out in this privacy policy.

Our website may contain a number of links to other third party websites. When this occurs be sure to check the privacy policy of those websites as we are not responsible for privacy practices of those other parties.


We are committed to providing our clients, and other parties whose Personal Information we hold, a fair and responsible system for the handling of their complaints.

If you wish to complain about any breach or potential breach of this privacy policy or the APPs, you should contact us by any of the methods detailed below and request that your complaint be directed to the Privacy Officer. Your complaint will be considered within 7 days and responded to. It is our intention to use our best endeavours to resolve any complaint to your satisfaction; however, if you are unhappy with our response, you are entitled to contact the Australian Privacy Commissioner (see or call 1300 363 992) who may investigate your complaint further.


We believe that this policy will address any potential concerns regarding how Personal Information is collected, held, used, corrected, disclosed and transferred at WLM.

If you seek any further information from WLM about this policy, please contact our Privacy Officer, Stephen Buhlman, at one of the reference points below:

Office:Level 20, 56 Pitt Street, Sydney NSW 2000
Postal:GPO Box 5025, Sydney NSW 2000
Telephone:(02) 9221 7777
Facsimile:(02) 9221 7900

Further information on privacy in Australia may be obtained by visiting the web site of the Office of the Australian Information Commissioner at