Privacy Policy (v2.0)    |    Last updated: 19th June 2026

Fourth Line Pty Ltd ACN 628 372 378 (Fourth Line, we, us or our) recognises the importance of protecting the privacy of individuals who come into contact with us. We are committed to handling personal information responsibly and in accordance with the law. This commitment forms part of the trust we seek to build with our customers, their clients, our suppliers and the broader community.

While Fourth Line may qualify as a small business operator for the purposes of the Privacy Act 1988 (Cth) (Privacy Act), we have chosen to handle personal information in accordance with the Privacy Act and the 13 Australian Privacy Principles (APPs) as if we were bound by them. The APPs set out how organisations must collect, use, store, secure and disclose personal information, including sensitive information. Further information about Australian privacy law is available from the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

This Privacy Policy explains what kinds of personal information we collect and hold, how and why we collect it, how we use and disclose it, how we keep it secure, how we use automated and AI-assisted technology in our services, your rights to access and correct your information, and how you can make a complaint.

1. What is personal information?

Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether it is recorded in a material form or not.

Sensitive information is a subset of personal information that is given a higher level of protection under the Privacy Act. It includes information about a person’s racial or ethnic origin, political opinions or associations, religious or philosophical beliefs, trade union or professional association membership, sexual orientation or practices, criminal record, and health, genetic or biometric information.

2. What kinds of personal information do we collect and hold?

We collect and hold the following information about individuals who interact with us, including:

  • our customers and potential customers, including Australian Financial Services licensees, financial advisers and their representatives
  • the clients of our customers, where personal information about those clients is contained in documents provided to us for review (see section 4)
  • our suppliers, contractors and their representatives
  • our employees, past and present, and job applicants
  • other individuals who come into contact with us

The personal information we collect and hold depends on the nature of our dealings with you, and may include:

  • name and contact details, including residential or postal address, telephone and mobile numbers, email address of clients, and employment details,
  • employer and professional registration details (for example, financial adviser authorisation details)
  • financial information, including assets, liabilities, income and expenditure, where this is contained in documents provided to us for the purpose of our services
  • transaction and billing information, including purchases, purchase amounts, dates and payment method
  • Australian Business Number and trading name
  • user credentials and any user or subscriber identifiers we assign to you to access the Fourth Line service
  • information about your use of our website, products or services

We also collect limited anonymous device, usage and tracking data via cookies and similar technologies on devices used to access our website or services, including through third party analytics providers (such as Google Analytics).

In most cases, if we do not collect the information we require, we may be unable to undertake certain activities, such as providing you, or the organisation with which you are connected, with the requested information, products or services.

3. How do we collect personal information?

Where it is reasonable and practicable to do so, we collect personal information directly from you, for example when you:

  • acquire products from us or use our services
  • provide information to us in person, by email, by post, over the phone or by completing a form on our website
  • visit our website or premises
  • request information about us, our products or our services, or subscribe to our publications
  • provide feedback or make a complaint

We may also collect personal information from third parties, including:

  • our customers, who supply documents containing personal information about their clients and representatives to us for the purpose of our services
  • third party service providers we have arranged to provide products or services
  • publicly available sources of information
  • our related companies
  • our professional advisers, including lawyers, auditors and insurers

We will only collect your personal information from third parties if it is unreasonable or impracticable to collect it directly from you, or where we are otherwise permitted to do so.

4. Information about our customers’ clients

Fourth Line provides advice assurance, file review and related compliance services to Australian Financial Services licensees and financial advice businesses. In providing these services, we receive documents from our customers, such as Statements of Advice, records of advice, fact finds, file notes and supporting records, that contain personal information about our customers’ clients. This may include identity and contact details, financial information and, in limited cases, sensitive information (see section 5).

Where we collect personal information about our customers’ clients in this way:

  • we collect and handle that information under our agreement with the relevant customer, and solely for the purpose of providing our services to that customer, including conducting file reviews and producing review outputs, and for directly related purposes such as quality assurance and record keeping
  • we do not use that information for direct marketing
  • we rely on our customers, as the organisations with the direct relationship with their clients, to notify their clients that personal information may be disclosed to service providers such as Fourth Line, in accordance with the customers’ own privacy obligations
  • we apply the same security, retention and destruction practices to that information as we apply to all personal information we hold (see sections 10 and 11)
5. How do we handle sensitive information?

We do not actively seek to collect sensitive information. However, documents provided to us for review may incidentally contain sensitive information, most commonly limited health-related information, such as general statements about a client’s state of health recorded in an advice file.

Where we hold sensitive information, we will only use and disclose it for the purpose for which it was provided, or a directly related purpose, unless you agree otherwise or the use or disclosure is required or authorised by law. Where it is practical and reasonable to do so, we will only collect sensitive information with consent. We never use sensitive information for direct marketing.

6. Anonymity and pseudonymity

Where it is lawful and practicable, you may deal with us anonymously or using a pseudonym, for example when making a general enquiry about our products or services. It is not practicable for us to deal with you anonymously where we are providing services to you or your organisation, administering an account, or responding to an access, correction or complaint request.

7. Why do we collect, hold and use personal information?

We collect, hold and use personal information in order to operate our business and to provide our products and services. In particular, we collect, hold and use personal information:

  • to identify you, conduct appropriate checks and communicate with you
  • to provide our products and services, including the Fourth Line service and FLAi platform, to our customers
  • to set up, administer and manage accounts, products and services, including billing and payment
  • to arrange for products and services to be supplied by third parties where appropriate
  • to maintain records for accounting, administration, audit, backup and business support purposes
  • to analyse customer needs, improve our products and services, and for statistical and research purposes
  • to inform you about products and services that we consider may be of interest to you, unless you ask us not to (see section 9)
  • to protect you and us from fraud
  • to manage, train and develop our employees and representatives
  • to recover amounts owing to us
  • to comply with our statutory and legal obligations
  • to respond to queries or complaints
8. Automated and AI-assisted decision-making

Fourth Line uses computer programs, including artificial intelligence, in the operation of its advice assurance platform, FLAi (pronounced “fly”). We are committed to being transparent about how these technologies use personal information, consistent with the automated decision-making transparency requirements introduced into the Privacy Act by the Privacy and Other Legislation Amendment Act 2024 (Cth), which we have adopted ahead of their commencement on 10 December 2026.

Kinds of personal information used.

FLAi uses personal information contained in the advice files and related documents provided to us by our customers. This may include client identity and contact details, financial information (such as assets, liabilities, income, expenditure and financial goals), limited health-related information recorded in advice files, and information about the financial advisers who provided the advice.

Kinds of decisions involved.

FLAi uses this information to assess advice files against compliance and quality criteria, including legislative and regulatory obligations, and to produce review outputs such as assessment outcomes, findings and reports. These outputs substantially and directly assist decisions made by Fourth Line personnel and by our customers about the quality and compliance of financial advice.

Human oversight.

Fourth Line does not use computer programs to make solely automated decisions about individuals. Review outputs produced with the assistance of FLAi are subject to human oversight, and any decisions or actions arising from a review, including decisions affecting a financial adviser or a client, are made by our customers in accordance with their own governance processes.

9. When do we disclose personal information?

We may disclose personal information to our related entities, to other parties where it is necessary to enable us to provide a product or service, and where otherwise permitted or required by law, for the purposes set out in this policy. The parties to whom we may disclose personal information include:

  • companies related to us
  • our customers, in the form of review outputs and reports relating to the services we provide to them
  • service providers who provide services to us or perform functions on our behalf, including information technology and hosting providers, software providers and professional advisers (such as auditors, lawyers and insurers)
  • financial institutions for payment processing
  • debt collection agencies, where necessary to recover amounts owing to us
  • government and regulatory authorities and other organisations, as required or authorised by law

Where we disclose personal information to contracted service providers, we require those providers to keep the information confidential and to use it only for the purpose of providing the relevant services to us, unless they are required to disclose it by law or by an order of a court or tribunal.

Overseas disclosure

We do not currently disclose personal information to recipients located outside Australia. The service providers we use in delivering our services, including the artificial intelligence and hosting providers used in the operation of FLAi, are domiciled in Australia. If this changes, we will only disclose personal information to overseas recipients in accordance with APP 8, and we will update this policy to identify the countries in which those recipients are likely to be located.

10. Direct marketing, surveys and communications

From time to time, we may use your personal information to send you information about our products and services, including newsletters, updates and special offers, and to invite you to participate in customer satisfaction surveys. We will only do this where permitted under APP 7, that is, where you have consented, or where we collected your information directly from you and you would reasonably expect us to use it in this way.

Every direct marketing communication we send will include a simple means of opting out, and we will honour any opt-out request promptly. You may also opt out at any time by contacting us using the details in section 16. If you opt out of marketing, we may still send you communications that are necessary for the services we provide, such as service, technical and safety-related messages. You may also ask us to tell you the source of any personal information we have used for direct marketing, and we will do so unless it is unreasonable or impracticable.

We do not use sensitive information for direct marketing, and we do not use or disclose personal information received from our customers about their clients for direct marketing.

We will not send commercial electronic messages, such as email or SMS, except as permitted by the Spam Act 2003 (Cth). Any commercial electronic message we send will identify us as the sender and include our contact details. We will not call a number listed on the Do Not Call Register where this is prohibited under the Do Not Call Register Act 2006 (Cth).

11. Keeping personal information accurate and up to date

We rely on the personal information we hold in conducting our business. We take reasonable steps to ensure that the personal information we collect, use and disclose is accurate, complete, up to date and relevant. You can help by letting us know about any changes to your personal information, such as a new email address or telephone number.

12. How do we hold and secure personal information?

We hold personal information in electronic form on secure systems. We take reasonable steps, including technical and organisational measures, to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. These measures include:

  • access controls that restrict access to personnel who need the information to perform their roles
  • authentication measures, including user credentials and password controls
  • security software, firewalls and the maintenance of our technology systems
  • staff training on the appropriate access, use and disclosure of personal information

Retention and destruction

We retain personal information for as long as it is needed for the purposes for which it was collected, and as required to meet our legal, regulatory and contractual obligations, including record-keeping obligations that apply to our customers and to the services we provide. When personal information is no longer needed for any purpose for which it may be used or disclosed under the Privacy Act, we take reasonable steps to destroy it or to ensure it is de-identified.

13. Data breaches

We maintain processes for identifying, assessing and responding to data breaches. If a data breach occurs that is likely to result in serious harm to any individual whose personal information is involved, we will notify the affected individuals and the Office of the Australian Information Commissioner in accordance with the Notifiable Data Breaches scheme in Part IIIC of the Privacy Act. Where the affected information relates to the clients of one of our customers, we will also notify and work with that customer.

14. Government identifiers

We do not use Commonwealth government identifiers, such as tax file numbers or Medicare numbers, as our own identifiers of individuals. We will only use or disclose such identifiers in the circumstances permitted by the Privacy Act and other applicable law.

15. Accessing and correcting your personal information

You are entitled to request access to the personal information we hold about you, and to request that it be corrected if it is inaccurate, out of date, incomplete, irrelevant or misleading. You can make a request by contacting us using the details in section 16. It will assist us to respond promptly if your request is made in writing and includes as much detail as possible.

We will respond to access and correction requests within a reasonable period, and in any event we aim to respond within 30 days. We do not charge a fee for making a request or for correcting your information. Depending on the nature of an access request, we may charge a reasonable fee for providing access, but the charge will not be excessive and we will inform you of any charge before proceeding.

If we refuse to provide access or to correct your personal information, we will give you written reasons for the refusal, except where it would be unreasonable to do so, and we will tell you about the mechanisms available to complain about the refusal. If we refuse to correct your personal information, you may ask us to associate with the information a statement that you believe it is inaccurate, out of date, incomplete, irrelevant or misleading, and we will take reasonable steps to do so.

Please note that where personal information about a client of one of our customers is contained in documents provided to us for review, a request for access or correction may be best directed in the first instance to the relevant financial advice business or licensee, which holds the primary client relationship and records. We will assist with such requests where appropriate.

16. Job applicants and employees

The Privacy Act provides an exemption for employee records, being records of personal information that relate directly to a current or former employment relationship between an employer and an individual. That exemption may apply to information we hold about our employees.

Personal information provided to us in connection with a job application may be used to consider the applicant for current and future employment, and may be disclosed to our third party advisers to assist in the selection and recruitment process.

17. How to make a complaint

If you believe that we have not respected your privacy, or that we have acted inconsistently with this Privacy Policy or the Australian Privacy Principles, please contact us using the details in section 18 as soon as possible. It will assist us to respond promptly if your complaint is made in writing and includes as much information as possible about the matter and the parties involved.

We will acknowledge your complaint and investigate it. We aim to respond within 30 days, although complex matters may take longer, in which case we will keep you informed of our progress

If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner:

  • Online: oaic.gov.au
  • Phone: 1300 363 992
  • Post: GPO Box 5288, Sydney NSW 2001
18. Updates to this Privacy Policy and contact details

We may update this Privacy Policy from time to time, including to reflect new laws and regulations, changes to our business and changes in technology. The current version will always be available on our website, and this policy is available free of charge in a printable form on request.

If you have any questions about this Privacy Policy, would like more information about how we manage personal information, or wish to make a request or complaint, please contact us:

  • Email: info@fourth-line.com.au
  • Web: www.fourth-line.com.au
  • Post: Fourth Line Pty Ltd, Level 2, 545 King Street, West Melbourne, Victoria, 3003