Skip to main content
Secure MZF Tokens

Privacy Policy 

Application of Policy 

1.1. This policy applies to MZF PROTOCOL (MZF PROTOCOL).

Purpose of Policy 

2.1. Privacy is important and MZF PROTOCOL is committed to managing personal information responsibly.  

2.2. MZF PROTOCOL considers that in having a documented approach as to how it collects, secures, stores, uses and discloses personal information is important and this policy is designed: 

  1. to assist in identifying the personal and sensitive information held by MZF PROTOCOL; 
  2. to describe how it collects, secures, stores, uses and discloses personal information; 
  3. to describe MZF PROTOCOL’s approach to Notifiable Data Breaches; and 
  4. to set out the role of the Privacy Officer. 

2.3. MZF PROTOCOL provides a designated service for the purpose of the AML/CTF Act and must be aware how those laws impact on their obligations under the Privacy Act. 

What information does MZF PROTOCOL collect?  

3.1. MZF PROTOCOL in operating its business may collect personal information and in certain limited circumstances, sensitive information.  

Investors and custodial clients 

3.2. In operating its financial services business (including establishing and administering investments, providing custodial and depository services and determining and monitoring target markets for its financial products and handling complaints) MZF PROTOCOL may collect the following information: 

(a) full name, prior or other names, date of birth, gender; 

(b)      contact details including: 

  1. postal, residential and email addresses; and 
  2. telephone, mobile and fax numbers; 
  1. a copy of a driver licence and/or passport or other identification documentation for the purpose of verifying identity and residence and to ensure compliance with the any relevant requirements including AML/CTF Act, foreign tax compliance reporting or Australian withholding tax; 
  2. tax file numbers (TFN) and bank account details for the purpose of administering investor accounts and tax reporting and withholding; 
  3. investor contribution details and investment choice; 
  4. details about authorised signatories on investments or accounts with MZF PROTOCOL; 
  5. detailed contact information about the relevant financial adviser; and 
  6. copies of any relevant trust deeds, partnership agreements or constitutions, which may be relevant to comply with the AML/CTF Act.

3.3. It may, on occasion also be necessary in each case to obtain other details, including information relating to powers of attorney or for probate and estate administration. 

Personal information in relation to Fund Assets  

3.4. As trustee or responsible entity for a Fund, Primary may hold an asset (for example a lease of a property or a loan to, or guaranteed, by a person) that may require it to collect the following information: 

(a) full name, date of birth, gender and contact details including telephone, physical address, email and fax; 

(b) a copy of a driver’s licence and/or passport or other identification documentation for the purpose of verifying identity and residence; 

(c) tax file numbers (TFN) and bank account details for the purpose of administering payments in respect of the relevant Fund asset; 

(d) details about authorised signatories in connection with counterparts to the relevant Fund asset. 

3.5. It may, on occasion also be necessary in each case to obtain other details, including information relating to powers of attorney or for probate and estate administration.

Sensitive Information 

3.6. MZF PROTOCOL may collect sensitive information in respect of:  

  1. Investors, during their review of AML/CTF review, for example where a potential investor is identified as high risk because they have a criminal record or a political party affiliation; or   
  2. Potential employees where pre-appointments checks such as bankruptcy and criminal record are performed.  

MZF PROTOCOL would generally reject the application or, where MZF PROTOCOL’s Employee Handbook directs, the potential employee. Where the applicant or potential employee is rejected, then MZF PROTOCOL will destroy the information collected when it is no longer legally obliged to hold it. 

How does MZF PROTOCOL collect and hold personal information?  

4.1. In collecting personal information, MZF PROTOCOL will: 

  1. disclose how it manages personal information in an open and transparent way; 
  2. not collect personal information unless that information is reasonably necessary for the one or more of MZF PROTOCOL’s functions or activities;  
  3. only collect information by lawful and fair means; 
  4. only collect personal information from the individual unless it is unreasonable or impracticable to do so; and 
  5. if it receives personal information that was not solicited, destroy that information. 
  1. An individual is not required to provide an MZF PROTOCOL Licensee or their service provider with their personal information, but if they do not do so MZF PROTOCOL may not be able to provide them with products or services. If an individual applies for or accepts any of MZF PROTOCOL products or services or otherwise provides MZF PROTOCOL with their personal information, they agree to their information being collected, held, used and disclosed as set out in this Privacy Policy.  MZF PROTOCOL may revise this Privacy Policy and will advise place the revised Privacy Policy on the MZF PROTOCOL website or otherwise notifying individuals of the change. 
  2. MZF PROTOCOL may collect personal information in various ways including from Application Forms or other documents, telephone, email, letters or other correspondence and from websites and other social media channels.  Wherever practicable, MZF PROTOCOL will collect information about individuals from them directly. 
  3. However, it may be necessary at times to collect information about individuals from other external sources, such as: 
  1. a service provider, such as a registry service provider or investment manager; 
  2. a financial adviser or broker; 
  3. an online application provider; 
  4.  authorised representatives, such as executors or administrators; 
  5.  identification verification service providers. 

MZF PROTOCOL Websites 

4.5. If an individual uses the MZF PROTOCOL website the following types of information may be collected and analysed for statistical purposes: 

  1. the number of users who visit the website; 
  2. the number of pages viewed; and 
  3. traffic patterns. 
  1. This is anonymous statistical data and no attempt is made to identify users or their browsing activities.  This data is used only to evaluate MZF PROTOCOL’s website performance and to improve the content MZF PROTOCOL displays to the audience. 
  2. Other information, such as browser type, is included in a 'cookie' that is sent to the user’s computer when they complete certain tasks on the MZF PROTOCOL website.  A cookie contains bits of information that enables MZF PROTOCOL’s servers to identify and interact efficiently with the user’s computer.  Cookies are designed to provide a better, more customised website experience, and to make it easier for users to use MZF PROTOCOL’s website.  Individuals can configure their computer to accept or reject cookies.  

What does MZF PROTOCOL use personal information for? 

5.1. MZF PROTOCOL generally only uses and discloses information for the purpose for which it was disclosed or related purposes which would reasonably be expected.  Those purposes include: 

  1. to establish and administer investments or other relationships with the MZF PROTOCOL group; 
  2. for communication purposes including surveys and questionnaires; 
  3. to comply with MZF PROTOCOL’s record-keeping, reporting, and tax obligations; 
  4. to comply with other legal obligations such as laws that require MZF PROTOCOL to “know your customer”, to report on tax compliance and to determine a target market for its products; 
  5. to protect legal rights and to prevent fraud and abuse; 
  6. for quality assurance and training purposes; 
  7. to enable MZF PROTOCOL and its investment managers to provide information about new and existing products and services that will enhance the relationship between MZF PROTOCOL, the relevant investment manager and individuals.  However, MZF PROTOCOL respects the right of individuals to ask MZF PROTOCOL not to do this and will not share personal information between unrelated investment managers of different funds; and 
  8. to handle any relevant enquiries or complaints.  

5.2. MZF PROTOCOL may be required by law to disclose personal information.  For instance, MZF PROTOCOL may be required to provide details to: 

  1. Australian Government regulators such as the Australian Securities and Investments Commission, the Australian Tax Office, the Australian Transaction Reports and Analysis Centre and to other regulatory or government entities; 
  2. the Australian Financial Complaints Authority (AFCA) or the Australian Information Commissioner; 
  3. as required by a court order (including in Family Law matters); 
  4. other regulatory or governmental entities outside of Australia. 

5.3. In order to meet the needs of and provide services to individuals dealing with MZF PROTOCOL, such as registry services, administration of accounts and mailing of investor holding and distribution statements, it may be necessary to release information or provide access to external service providers, for instance: 

  1. to investment managers to better understand the types of investors in the funds they administer and provide services to the MZF PROTOCOL group including services in relation to target market determinations; 
  2. to any organisations involved in providing, managing or administering MZF PROTOCOL’s products systems or services such as custodians, registries, administrators, mail houses and software and information technology providers; 
  3. to auditors, consultants and other professional advisers; 
  4. to appropriate advisers, such as financial, legal, or other consultancy services; 
  5. to a legal personal representative, attorney or any other person who may be entitled to receive the proceeds from an individual’s investment or account with MZF PROTOCOL; 
  6. to other financial institutions who hold an account in an investor’s name, for example, where amounts have been transferred to or from that account;  
  7. to authorities investigating (or who could potentially investigate) alleged fraudulent or suspicious transactions in relation to an investment or account; 
  8. to online application provider; and 
  9. to lenders. 

5.4. Information about an individual or individual’s dealings with MZF PROTOCOL is not and will not be sold to any other company, individual, or group.  

Accessing and Amending Personal Information 

6.1. Individuals may request access to any personal information MZF PROTOCOL holds about them.  Generally, if it is incorrect, MZF PROTOCOL will correct it at their request. 

6.2. An individual’s right to access is subject to some exceptions allowed by law.  Where they are permitted and able to, MZF PROTOCOL will notify individuals of the basis for any denial of access to their personal information. 

Protection and storage of Personal Information 

7.1. All personal information MZF PROTOCOL collects will be held securely both physically and electronically. 

7.2. Personal information is protected from unauthorised access through the use of secure passwords, user logins or other security procedures.  Developments in security and encryption technology are reviewed regularly as detailed in MZF PROTOCOL’s IT, Cyber Resilience and Disaster Recovery Policy.  

Will information be sent overseas? 

8.1. MZF PROTOCOL does not anticipate that its trustees, responsible entities and custodians will disclose information to overseas recipients.  

8.2. Should MZF PROTOCOL need to disclose to overseas recipients the personal information they have collected from MZF PROTOCOL customers. MZF PROTOCOL will have procedures to monitor the recipients including having them confirm their compliance with the MZF PROTOCOL Privacy Act. 

Making MZF PROTOCOL’s Privacy Policy available 

9.1. MZF PROTOCOL will make its Privacy Policy available on its website and will send a printed version free of charge to those who specifically request it

9.2. MZF PROTOCOL will ensure that a PDS or other offer document for a product offered by them, contains: 

  1. a statement as to the availability of and access to the MZF PROTOCOL Privacy Policy;  
  2. a general statement as to the substantial aspects of the policy that may impact on investors in the product; and 
  3. a general statement as to MZF PROTOCOL’s obligations in respect of the collection of personal information. 

9.3. MZF PROTOCOL’s Privacy Policy is available from MZF PROTOCOL free of charge through: 

  1. downloading a copy in document format from MZF PROTOCOL’s website at www.MZF PROTOCOL.com; 
  2. Requesting a copy be emailed by emailing a request to enquiries@MZF PROTOCOL.com; or 
  3. Telephoning us and requesting a copy be mailed or emailed by calling (03) 7019 0846 (+61 for international callers).

9.4. If a copy of this Privacy Policy is requested in a particular format (for example, on audio disc) please contact MZF PROTOCOL at the telephone number set out above and MZF PROTOCOL will accommodate any reasonable request. 

Complaints 

10.1. If an individual has a complaint about the manner in which MZF PROTOCOL has collected, held, used, disclosed, kept, or given people access to their personal information, they may complain to MZF PROTOCOL by phone, email using the details in clause 9.3 above.  The individual will need to provide MZF PROTOCOL with sufficient details regarding their complaint and during the investigation phase, MZF PROTOCOL may ask complainants to provide additional information. 

10.2. Complaints will be referred to Primary’s Complaints Officer who will investigate and then determine the steps MZF PROTOCOL will take to resolve the complaint.  

10.3. MZF PROTOCOL will notify complainants in writing of MZF PROTOCOL’s determination, generally within 30 days.  If the complainant is not satisfied with MZF PROTOCOL’s determination or does not receive a response within 30 days, the complainant can contact MZF PROTOCOL to discuss their concerns and they can refer the complaint to the Office of the Australian Information Commissioner at www.oaic.gov.au  

Notifiable Data Breach  

11.1. If MZF PROTOCOL becomes aware that there are reasonable grounds to believe an eligible data breach has occurred, MZF PROTOCOL is obligated to notify individuals at likely risk of serious harm and the OAIC as soon practicable. In any event, MZF PROTOCOL must take all reasonable steps to ensure that their assessment is completed and the OAIC and potentially affected individuals are contacted within 30 days of the organisation becoming aware of the data breach. 

11.2. If there is a suspected or actual data breach which may compromise personal information, MZF PROTOCOL will promptly undertake an assessment of the incident.  Where relevant, immediate steps will be taken to contain the breach. These steps may include limiting any further access or distribution of the affected personal information, or the possible compromise of other personal information. 

11.3. If the unauthorised access, disclosure or loss of personal information is likely to cause serious harm to one or more individuals and the likely risk of serious harm has not been prevented by remedial action, MZF PROTOCOL will notify affected individuals and OAIC as soon as practicable.  The notification will include MZF PROTOCOL’s identity and contact details, a description of the incident, the kind of information concerned and any recommended steps for affected individuals. 

11.4. Following any data breach incident, MZF PROTOCOL will undertake a review process to help prevent future breaches in accordance with MZF PROTOCOL’s Data Breach Response Plan and Breach Reporting Template. 

Data Breach and Data Breach Response Plan 

12.1. A Data Breach occurs when either personal information or sensitive information is lost or subjected to unauthorised access, modification, use of disclosure or other misuse or interference.  

12.2. The data breaches can be caused or exacerbated by a range of factors, affect different types of personal information or sensitive information and give rise to a range of actual or potential harms to individuals, organisations and government agencies.   

12.3. The data breaches are required to be assessed and reported under this Privacy Policy, the Breach and Incident Handling Policy and MZF PROTOCOL’s Data Breach Response Plan. 

12.4. MZF PROTOCOL’s Data Breach Response Plan assists MZF PROTOCOL in managing a data breach. The plan forms part of MZF PROTOCOL’s incident and breach reporting process but sets out a specific framework of procedures and lines of authority for MZF PROTOCOL staff in the event of a data breach or suspected data breach.  

Privacy Officer  

13.1. MZF PROTOCOL has appointed a Privacy Officer to be the first point of contact in MZF PROTOCOL when privacy issues arise either internally or externally.  

13.2. The Privacy Officer is responsible for: 

  1. developing and implementing a privacy policy that suits MZF PROTOCOL’s business and complies with the law;  
  2. ensuring that the MZF PROTOCOL Privacy Policy and procedures are fully implemented and working effectively; and 
  3. reporting to the board of MZF PROTOCOL any breach of the MZF PROTOCOL Privacy Policy. 

Training and Compliance 

14.1. The implementation of (including training on) and monitoring of compliance with this policy is undertaken in accordance with MZF PROTOCOL’s Compliance Management Systems Framework

14.2. Compliance with this policy is mandatory and any actual non-compliance must be reported and assessed through the normal incident/ breach reporting process.  Any deliberate act of non-compliance by any employee may result in disciplinary action. 

Review of Policy 

This policy will be reviewed at the intervals and in the manner described in MZF PROTOCOL’s Compliance Management Systems Framework.  

Other relevant MZF PROTOCOL Policies  

In addition to the Compliance Management Systems Framework, other MZF PROTOCOL relevant policies and procedures are:  

  1. Breach and Incident Handling Policy; 
  2. IT, Cyber Resilience and Disaster Recovery Policy; 
  3. MZF PROTOCOL’s Employee Handbook; 
  4. Data Breach Response Plan.  

Dictionary and Interpretation  

17.1. In this policy, a reference to a person performing an act, for example Director, Operations, that person may delegate the performance of the relevant act to another, for example Manager, Operations provided they adequately supervise their delegate.  

17.2. In addition to the terms defined in the Compliance Management Systems Framework, when used in this policy, the following capitalised terms have the meanings set out below: 

Term 

Meaning 

AML/CTF Act 

Anti-Money Laundering and Counter-Terrorism Financing Act 2006  

AML/CTF Rules 

Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 

APPs 

The Australian Privacy Principles set out in the Privacy Act 

Application Form 

An application form or other request to invest in a fund operated by an MZF PROTOCOL Licensee or other method of providing its registry service provider with personal information.  

NDB Act 

Privacy Amendment (Notifiable Data Breaches) Act 2017 

OAIC 

Office of the Australian Information Commissioner  

Personal 

Information 

Information or an opinion (including information or an opinion forming part of a data base, whether true or not, and whether recorded in a material form or not) about an individual whose identity is apparent or can reasonably be ascertained from the information or opinion.  Personal information includes credit card details, information gathered on websites and mobile telephone numbers linked to user names and mailing lists.

Privacy Act 

Privacy Act 1988, as amended by the Privacy Amendment (Enhancing Privacy Protection) Act 2012 including the APPs. 

Sensitive 

Information 

Is a subset of personal information and includes information or an opinion about a person’s racial or ethnic origin, political or religious belief, philosophical beliefs, membership of professional or trade associations or unions, sexual preferences and practices and criminal record.  It also includes health information and genetic information about an individual that is not otherwise health information. 

 

"Ready to Fund Your Token Future"

Join the Pre-TGE funding revolution. Apply in minutes, get funded in days.

Get Started with MZF PROTOCOL

MZF PROTOCOL DaPP