Data protection, security and privacy FAQs

Emails/links sent from The Perth Mint will always include our branding and privacy policy. Ensure the email originates from an @perthmint.com address.

To confirm an email/link is legitimate, call our customer contact centre or customer operations team.

We have not lost your data and it is securely stored in our systems.

We have obligations under legislation such as the Anti-Money Laundering and Counter-Terrorism Financing Act  2006, which requires us to undertake periodic refreshes of know your customer data. Verifying current documents are requirements of this legislation.

We will provide you with a secure link. We do not request you send documentation by email.

Alternatively, you can send by  post. We recommend purchasing tracking and signature on delivery. If you would like to send via post, please ask us for our mailing address.

 A key part of our requirements under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 is that we have thorough know your customer processes in place.

If you do not provide the requested documentation within the required timeframes, we may need to place your account on hold until we are able to confirm if your details are accurate and current.

We take the protection and security of your information seriously. We will continue to review and improve our security measures to ensure your information remains protected.

Some of the measures we currently take include:

• Using firewalls, virus scanning and access logging tools and encrypting data to protect against unauthorised access to your data and our network.
• Using secure work (and sometimes closed) environments and workflow systems to prevent unauthorised access and copying of your personal information.
• Managing access privileges to ensure that only those who really need it can see your personal information.
• Using the latest industry standard for data encryption (Transport Layer Security protocols) to keep your transactions secure and private. TLS provides a secure link between your browser and our server and encrypts your personal information to ensure it is kept private over the internet.
• Being guided by our information security policy. This includes ensuring that technology is appropriately assessed and reviewed as part of security protocols. Our key third party suppliers are also held to strict security standards to ensure any services are delivered with appropriate care and security.
• Ongoing employee training and security reviews.

We may be unable to delete your data at this time due to legislative requirements.  

Organisations must maintain personal data in accordance with the various privacy legislations around the world. For example, the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 requires us to keep records of our business activities, including customer  details, for seven years.

If you do not wish to continue to do business with The Perth Mint, we can close your account and mark it as inactive. While we cannot delete all your personal data from our systems, it will only be accessed to meet requirements set by the Australian government and others.

The retention period is usually seven years under the requirements of legislation such as the Anti-Money Laundering and Counter-Terrorism Financing Act 2006.

The assessment of any retention period depends on the nature of the data as well as the method and reason for its collection, the channel through which it was collected and any other legislative requirements that apply.

Once the retention period for the data is reached, it is disposed of. If we are unable to dispose of it (for example, due to system limitations), reasonable attempts will be made to de-identify the data so that it cannot be used to identify you.

Your data is held across numerous systems within our environment, both on-premises and in the cloud. We prefer to maintain our data storage within Australia but follow WA Government guideline for offshoring data. Data is held outside Australia only after rigorous investigation.

We do not sell your personal data to any third parties.

In accordance with our privacy policy, we may transfer data to other companies and organisations (“third parties”) to enable us to carry out normal business operations. This is standard procedure and common practice across companies and organisations.

For example, we use a multinational to supply our business systems. We may transfer personal data to that company when using their platforms, such when emailing customers, communicating internally and producing and storing documents. Documents, such as purchase receipts, may also be stored in the systems.

Prior to engagement with any third party, comprehensive due diligence is performed on their operations. Should a third party not pass the due diligence process we do not deal with them.

Information security threats are constantly evolving. While there are many ways to counter and reduce this threat, the security industry recognises there is no method to provide 100% protection against cyberattacks. We strive to maintain best practice protections for your personal data.

The Perth Mint Privacy team are responsible for management and communications in the event of a breach of customer data from our systems. You will be contacted by the privacy team if we need to notify you of a breach.

If you identify a breach, we encourage you to notify us on the email address below as soon as possible so we can undertake remediation actions.

Any recourse depends on the size, scale, and nature of the breach along with the information shared. It can range from notification and support services to monetary compensation at the discretion of The Perth Mint.

If the individual is not happy with the proposed recourse, they can escalate their complaint to the applicable regulatory authority:

• If you reside in Australia you can escalate your complaint to the Office of the Information Commissioner.
• If you reside in Europe or the EEA you can escalate your complaint to the applicable data protection authority.
• If you reside in the United States, you may be able to escalate your complaint to the Federal Trade Commission. There may be different methods for escalating your complaint depending on the state you reside in, such as your state’s office of the attorney general, or a private right of action.