Fortis Group of Companies and its related bodies corporate (referred to collectively as “Fortis Group of Companies”, “we”, “us”, “our”, “Fortis” in this Privacy Policy) are committed to respecting the privacy of its members and clients by ensuring that it manages any personal information it collects or holds in accordance with the Privacy Act 1998 (Cth) and the Australian Privacy Principles (“APPs”) – where applicable. This Privacy Policy sets out how we collect, use, store and disclose your personal information.

​

This Privacy Policy applies from July 2025.

By providing personal information to us, you consent to our collection, use and disclosure of your personal information in accordance with this Privacy Policy and any other arrangements that apply between us. We may change our Privacy Policy from time to time by publishing changes to it on our website. We encourage you to check our website periodically to ensure that you are aware of our current Privacy Policy.

 

1. Who does this Privacy Policy apply to?
This Privacy Policy applies to any person for whom we currently hold, or may in the future collect, personal information.

This Privacy Policy does not apply to acts and practices which relate directly to Fortis Legal & Advisory,  employee records of our current and former employees.
 

2. What information does this privacy policy apply to?
This Privacy Policy applies to “Personal Information”.

“Personal information” includes information or an opinion about an individual that is reasonably identifiable. For example, this may include your name, age, gender, postcode and contact details.
It may also include financial information. However, where information or opinions cannot be linked to a particular individual, such information or opinions are not personal information.

 

3. What kinds of personal information does Fortis Group of Companies collect and hold?

Fortis Group of Companies is a dynamic company operating across the full spectrum of property, financial and investment transactions, and holds different information depending on the type services we are providing, have provided or will provide to you.​

We endeavour to only collect personal information which is reasonably necessary to provide our services, or as required by our professional obligations. Such information may include:​

​

• an individual’s personal and contact details;

• financial information;

• business circumstances;

• family circumstances;

• information about assets and investments;

• employment history;

• date and place of birth;

• banking and credit card details;

• driver’s licence and other photographic information;

• information otherwise required by law; and

• any other personal information as required from time to time.

 

Without collecting the above information, Fortis Group of Companies may not be able to provide its services to its clients. On occasions, a range of sensitive information may also be collected or held about you. Where you provide sensitive information to us, you consent to us using that sensitive information for the purpose for which it was collected. 

​

5. How does Fortis Group of Companies collect personal information?

We will only collect personal information in a lawful and fair manner. Wherever possible, personal information will be collected directly from the individual, unless it is unreasonable or impracticable to do so. Sensitive information will only be collected where the individual consents to the collection of that information.

​

We also have a range of referral networks and also collect personal information from numerous other sources. It is not possible to provide an exhaustive list of these sources, but they may include:

​

• professional advisors or agents for individuals who we act for;

• banks and financial institutions;

• government bodies;

• businesses about their current or former employees, contractors, customers or suppliers;

• consultants and professional advisors;

• recruitment and other professional service agencies; and

• from paid search providers.
   

We  may also collect your information when you:
 

• visit and/or register on any of our websites;

• use our services; and

• contact our support team.

 

6. Receipt of Unsolicited Personal Information

If Fortis Group of Companies receives unsolicited personal information it will, within a reasonable period of time, assess whether it would otherwise have been entitled to collect the information in accordance with this Privacy Policy. If the personal information could have been collected by us,  it will ensure that this Privacy Policy is complied with in respect of that information and it will notify the individual:
 

• that the unsolicited personal information has been collected;

• of the circumstances of that collection; and

• provide access to a copy of this Privacy Policy.

 

If the personal information could not have been collected by Fortis Group of Companies, it will destroy the information or ensure that the information is de-identified.

 

7. How does Fortis Group of Companies hold personal information?

We hold personal information:

​

1. physically:

• on our premises; and

• by a third party storage provider;
   

1. electronically:

• on an internal server;

• on electronic storage devices, including hard-drives and USB;

 

It is also possible that we may store information in a private cloud in the future. We will not store information in a private cloud unless we are satisfied with the security and safety of the relevant cloud provider.

 

Fortis Group of Companies will endeavour to ensure that, in relation to any personal information it holds, it takes such steps as are reasonable in the circumstances, to protect the information from:
 

• misuse, interference and loss; and

• unauthorised access, modification or disclosure.
   

Some of the methods we use to store and secure information include:

• secured electronic and physical filing systems located on our premises;

• using unique usernames, passwords and other protections on systems that can access personal information; and

• if we hold information which it no longer needs (for any purpose for which the information may be used or disclosed) or it is no longer required to keep, it will take such steps as are reasonable in the circumstance to destroy the information or to ensure that the information is de-identified.
   

However, we do not guarantee that personal information cannot be accessed by an unauthorised person (e.g. a hacker) or that unauthorised disclosures will not occur.

 

8. What is the purpose for which Fortis Group of Companies collects, holds, uses
and discloses personal information?

Fortis Group of Companies collects, holds, uses and discloses personal information for the purposes of providing services, which you have engaged us to do, generally includes arranging connectivity with various organisations and solutions pertaining to property development and direct property.

​

In the case of potential employees, the primary purpose the information is collected is to assess the individual’s suitability for a position with us.

​

Where Fortis collects an individual’s personal information for a particular purpose (i.e. the primary purpose), it will not use that information for another purpose (i.e. a secondary purpose) unless the individual has consented to the use or disclosure of that information or:
 

• it would be reasonably expected that the information would be disclosed for a secondary purpose which is related to the primary purpose (and in relation to sensitive information for a secondary purpose which is directly related to the primary purpose); or

• the use or disclosure of the information is legally required, specifically authorised by the APPs or reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
   

We will endeavour to record in writing circumstances where it uses or discloses personal information for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.

​

Personal information collected by one entity within the Fortis Group of companies may be used by another entity within the group provided that the personal information is held, used and disclosed for the same primary purpose.

​

Except as set out in this Privacy Policy, Fortis Group of Companies does not normally disclose personal information about its members and clients to third parties without the relevant individual’s consent. However, we may disclose personal information:
 

1. to those contracted to provide services to Fortis Group of Companies, in order for us to provide our agreed services to you or the related client or proposed client.
   These third-party recipients may include:

• any proposed distributor of a lending product; and

• Fortis Group of Companies professional advisers and contracted service providers e.g. auditors, lawyers, platform operators, providers, custodian
  and consultants;
   

1. with consent, Fortis Group of Companies will disclose personal information to a member’s or client’s accountant, financial consultant or other person or organisation they nominate; and

2. to the Australian Taxation Office or other government authorities or agencies as required by law.
    

Where we engage third party contractors to perform services for us, we may be required to disclose your personal information to such third party contractor or those contractors may be required to handle your personal information. This means that we usually collect personal information about you both for our internal purposes and on behalf of those third party contractors for their internal purposes, in accordance with the purpose for which we collected your personal information.

 

Accordingly, the consent you provide under this Privacy Policy to the collection of personal information by us applies equally to those third party contractors we engage to perform services for us. For example, where you provide your personal information in relation to a request for us to arrange a  solution, then, under this Privacy Policy, you will have consented to your personal information being used by us, being provided to the proposed distributor of a product or solution arranged by us and being used by that product distributor for its internal purposes that primarily relate to the services you have engaged Fortis Group of Companies to complete.

​

In these circumstances, Fortis Group of Companies takes care and caution to ensure that the third party contractor takes the security and confidentiality of your personal information as seriously as it does and requires that those third party contractors safeguard this information and must only use it for the purposes for which it was supplied. However, Fortis Group of Companies is not responsible for ensuring they do so or for any actions by a third party contractor which may be in breach of Australia’s privacy laws.  If Fortis Group of Companies uses or discloses personal information for direct marketing purposes, it will include a simple and free means of ‘opting-out’

of receiving future direct marketing material and it will ensure that it respects such requests, within a reasonable period of time and notifies any other organisation it is using to facilitate the direct marketing. If Fortis Group of Companies has not collected the personal information directly from the individual, the ‘opt-out’ statement will be prominent. Fortis Group of Companies will only use sensitive information for direct marketing purposes where the individual has provided consent for it to be used for that purpose.

​

If Fortis Group of Companies uses personal information provided by a source other than the individual for direct marketing purposes, the individual may request Fortis Group of Companies to provide details of the source of the information. Fortis Group of Companies will provide this information free of charge and within a reasonable period of time. 

​

9. How does Fortis Group of Companies hold/collect and manage your information?

As part of our services,  we may collect information that is necessary to provide a client, or potential client, with our services. Our usual purpose for collecting, holding, using and disclosing information about you is to enable us to provide you with solutions and services. We may also collect information to process payments.

​

The main kind of information we collect is an individual’s identification information. However, in the course of providing our services to you, we may be provided with (and subsequently hold) the following other kinds of information:
 

• information about any solution or service that has been provided to you;

• payment history;

• information about anomalies we find;

• if terms and conditions of your arrangements are varied;

• if any court proceedings are initiated against you in relation to your activities;

• information about any agreements involving you;

• any publicly available information; and

• any information about you where you may have fraudulently or otherwise
  committed a serious infringement.
   

We do not collect your information from reporting bodies, banks or other credit providers unless it is necessary for you to provide us with such information as directed by us.

​

In most cases, we will only collect information about you if you disclose it to us and it is relevant in providing you with our services. However, in some circumstances we may collect the information about you, as provided by you or with your consent, from:
 

• banks and other credit providers;

• other individuals and entities via referrals; and

• your suppliers and third-parties.
   

In most cases you will be aware that this information is being collected as part of the service we are providing to you.

​

Information is stored and held in the same manner as outlined in section 7 of this Privacy Policy.

​

We will not disclose your information to overseas entities unless you expressly advise us to, apart from the extent that it is necessary or desirable to make such a disclosure to obtain payment of money owed to us, or as otherwise set out under Section 10 below.

​

10. Does Fortis Group of Companies disclose personal information to overseas recipients?

No, Fortis Group of Companies is not likely to disclose personal information about an individual to an overseas recipient. Some of the third party contractors that the we work with or solution arranged by Fortis Group of Companies may have an office or branch of their business located overseas. Wherever possible, we endeavour to ensure that Fortis Group of Companies is dealing with the Australian office of any third party contractors and that any third party contractor holds and stores any of your personal information inside Australia. However, Fortis Group of Companies is not responsible for ensuring such third party contractors hold and store your personal information inside Australia.

​

If at some future time, Fortis Group of Companies chooses to disclose personal information about an individual to an overseas recipient (for any reason other than being required to do so by Australian law), it will either, prior to doing so:
 

• obtain the individual’s informed consent prior to doing so; or

• will take such steps as are reasonable in the circumstances to endeavour to ensure that the overseas recipient does not breach the APPs in relation to the information. 
   

13. How to contact us?

If you have a comment or concern about a breach of your privacy, please forward your request to:

 

The Director Fortis Group of Companies c/- PO BOX 3380, RUNDLE MALL SA 5000

​

We will respond to your query or complaint as soon as possible.

 

14. Changes to and Availability of this Privacy Policy

From time to time it may be necessary for us to review and revise this Privacy Policy. We reserve the right to change this Privacy Policy at any time. We may notify you about changes to this Privacy Policy by publishing an updated version on our website.

​

If you wish to access this Privacy Policy in an alternate form, for example hard-copy, please contact Fortis Group of Companies using the contact details set out above under the heading 
this Privacy Policy.

​

This Privacy Policy applies from July 2025