Data Protection Q & A

Q1. How safe is it for me to send you my personal data? 

We recommend that you do not send us your personal documents via email or links to external cloud storage which may no longer meet security requirements.

We have enabled our clients with access to the Client Portal for safe and secure supporting document upload – a platform that uses Multi-Factor (also known as 2-Factor) Authentication (MFA/2FA) to ensure strong security and identification.

Your Smartmove Advisor can step you through using Client Portal to provide us with your personal data in a safe and secure manner.

Q2. How safe is my personal data once it is with you? 

Smartmove uses modern, enterprise security practices to securely store your personal data, these include but are not limited to:

1. Multi-Factor Authentication (MFA) – MFA login is required of all staff to access Smartmove IT systems. MFA ensures an additional layer of security (such as the use of one-time passcodes that are entered online) to verify our staff’s identity before permitting access.

2. Least Privilege Access – Access to your personal data is on a “need to know only” basis, this means access is restricted and limited to your Smartmove client team. We update or remove access immediately if there are staff changes.

3. Strong Encryption – Your personal data is stored in an encrypted location, using modern encryption algorithms and standards, and remains on-shore in Australia.

4. Modern Security & Data Loss Prevention (DLP) – Smartmove uses enterprise-grade security (network firewall and endpoint security) and DLP measures to safeguard customer data.

Q3. How long do you keep my data for? 

We need to keep the data records for a minimum of seven years to comply with sections 120 and 143 of the NCCP Act.

However, to support our clients whose loan terms are longer than that we do not proactively delete data unless asked to do so.

Q4. Can I reach out and ask you to delete my data? 

Smartmove may be required to keep all historical data as part of our compliance requirements.

You can email our Data Privacy Officer at [email protected] to check if your data can be deleted at the time of your request or needs to be retained for compliance purposes.

Last Updated: 03-Nov-2022