Chat with us, powered by LiveChat

Privacy & Security

This privacy policy outlines how HOW – Home Loans Pty Ltd (‘HOW – Home Loans’, ‘HHL’, ‘us’, ‘we’) collect, hold, use, disclose and otherwise manage your personal information and comply with our obligations under the Privacy Act 1988 (Cth). It applies to all of your dealings with us. You will always be able to access a current version of our privacy policy on our website. Occasionally it will be necessary for us to update our privacy policy. When we do so, we will place a notice on our website.

How We Collect Your Personal Information
All personal data is collected for use by HOW – Strategy Group. HOW – Home Loans collects your personal information for the following main purposes:
  • to keep clients and contacts informed of current developments and the products and services we offer;
  • to maintain contact with clients;
  • to notify contacts and clients of events, products and services;
  • to manage and administer the products and services we offer;
  • to improve our websites to provide you with a personalised experience; and
  • to provide you with information about other products and services we offer that may be relevant to you.

We may collect your personal information via a number of methods. These include in person at a meeting or seminar, when you register for e-newsletters, fill out a form, or correspond with us via our website, email or by telephone.

On occasion it may be necessary for us to collect your personal information from a publicly available source. We will only do so where you have consented, you would reasonably expect us to do so, or if it is necessary for us to perform a specific service.

Personal Information Collected

Generally the personal information we collect consists of your full name and contact details. This may include postal and email address, phone and mobile number and business contact details. Where relevant we may ask you for other information. To deliver our more complex services, it may be necessary to collect information including employment status, income, dependencies and asset and liability information.

We may collect personal information such as your IP address and web activity through third party companies such as Pardot and Google Analytics if you interact with us over the internet.

Usually we will not collect sensitive information (e.g. data relating to professional memberships, race or ethnic origin, religious beliefs, political opinions, criminal record, physical or mental health, or sexual orientation) from you. We may do so only if it is reasonably necessary for one or more of our functions and you explicitly consent beforehand.

How We Use Your Personal Information

We use your personal information to perform our services, respond to your requests and provide you with information about HOW – Strategy Group.

We may disclose your personal information to third parties who assist us to provide the products and services you request (e.g. a specified accountant). With your verbal or written consent, we may use or disclose your personal information to the following third parties:

  • those that provide, manage or administer our product or service to you;
  • those involved in product planning and development;
  • your representatives, including your broker, accountant and legal advisers; and/or
  • those required or authorised by law, for example, government or regulatory bodies for purposes related to public health or safety, the prevention or detection of unlawful activities or to protect public revenue.

We require third parties to protect your information in a manner consistent with this policy and the Privacy Act 1988 (Cth). We will never sell your personal information.

HOW – Strategy Group operates only in Australia. As a result, your personal information is not likely to be used in other States, Territories and overseas. Where your personal information is provided to overseas entities, we will take reasonable steps to ensure that the information remains secure and is used in a manner consistent with this policy and our obligations under the Privacy Act 1988 (Cth).

If personal information is not able to be collected, this may impact the level of service HOW – Strategy Group is able to provide.

We may use your personal information to market our services, including by phone, email or SMS. If at any stage you no longer wish to receive this marketing, please send an email to with your full name, postcode, mobile number and the communication mediums you wish to unsubscribe from. We will endeavour to process your request within 21 days. We will hold your personal information for such time as required to fulfil the purposes for which it was collected, or as required by law.

Security of Your Personal Information

We take the security of your personal information very seriously. We will take reasonable commercial measures to protect your personal information from misuse, interference, loss, unauthorised access, modification or disclosure. Your information may be kept in electronic form or hard copy.

We implement a number of processes to ensure your personal information is safeguarded. Our processes include the following:
  • information storage security policies;
  • security measures for systems access;
  • providing discreet meeting areas for confidential discussions;
  • accessed control for our Customer Relationship Management systems; and
  • secure web forms when collecting sensitive information.

We take reasonable care to ensure any personal information you provide us via our website is protected. For example, if we require your sensitive information our websites have electronic security systems in place which include data encryption. Depending on your involvement with HOW – Strategy Group and the type of information collected, user identifiers, passwords or other access codes may also be used to control access to your personal information.

More specifically, for clients of HOW Strategy Group, we advise that our IT infrastructure is built from several different factors that keeps the staff and client’s data safe. These include: 1. Office 365 for all their emails and files

  • Enforcing staff security by enabling 2 factor authentication and password expiry policies to ensure that staff regularly change their passwords.
  • All files are kept securely in SharePoint with restrictions on folders to only allow access to the staff members that require access to each folder.
  • File and email retention policies to ensure no data is deleted within a 7-year period by any staff member.
  • Audit logs are constantly being collected to ensure that they can be reviewed at any point where necessary.
  • Emails are secured and authenticated with industry standard SPF, DKIM and DMARC records to ensure that no unauthorised personnel are sending emails using the How Strategy Group email accounts.
  • Ability to remotely wipe any mobile devices that is registered with Office 365 system to ensure all data is secure in the event of devices being lost or stolen.
  • 2. Anti-Virus and Firewalls
  • Each office machine is secured by a business grade Avast Firewall and Anti-Virus solution that is updated regularly to ensure that no computers are infected internally to the network
  • The office router has been secured to ensure that no incoming ports are opened for any inbound services. Due to the cloud services, there is no data/services on the internal network to give hackers the opportunity to exploit the network.
  • 3. Office computers: Backed up daily to an internal server that ensures that the staff will only suffer minimal downtime from a severe hardware failure.

    4. Web sites and domain names: Web sites are regularly backed up and updated to ensure that they are free from any security exploits that may lead to downtime or loss of data

    5. All passwords are kept in a highly encrypted file that can only be accessed by authorised personnel to ensure that no hackers gain access to company systems.

    6. Staff are regularly trained on new spam and phishing techniques that hackers/scammers are using to ensure that they can detect any infiltration attempts that evade the Office 365 spam filter detection.

    7. Cyber security policies are in place within the organisation to ensure that staff are aware of all threats and their responsibilities.

    In addition, any third party portals that are utilised by HOW Strategy Group are used with the maximum security policies that are available with each portal. This includes but not limited to:
  • 2-factor authentication
  • Complex password policies
  • Password expiration guidelines
  • In addition to this, all web services must use end-to-end encryption certificates that will keep any transmitted data from the server to the client (web portal user) safely. This is conducted by using a SSL Certificate which can be verified with the padlock in next to the address bar on most modern web browsers.

    Use of Cookies

    You are not required to provide us with any personal information as a visitor to our website. You may choose to remain anonymous or to provide us with a pseudonym if you do not wish to reveal your identity. However, please be aware that if this is impractical we may be unable to provide you with proper services.

    Blogs, Forums, and Other Social Media

    HOW - Strategy Group communicates with clients by social media, forums and other interactive platforms. Any personal information you disclose on these sites may be read, collected and used by other users over whom we have no control. HOW - Strategy Group is not responsible for any use, misuse or misappropriation by other users of any personal information that you contribute in this manner.

    Our website may include links to third party websites. If you access those websites you will be subject to their privacy policy, the terms and conditions of which may differ from our own. You will need to contact or examine those websites or companies directly to determine their privacy standards, policies and procedures.

    Access to Your Personal Information

    To request access to your personal information, please email In certain circumstances we may be able to deal with your request over the telephone or in person. Otherwise we will endeavour to process your request within 21 days. In some circumstances we may refuse to give you access. We will explain why if that is the case (e.g. it may unreasonably affect the privacy of others).

    We take reasonable steps to ensure that the personal information we collect and store is accurate, up-to-date and complete. Should you wish to access your personal information to ensure it is accurate, up-to-date, complete, relevant and not misleading, and if not, to correct it, please email


    If you believe we have breached an Australian Privacy Principle or registered Australian Privacy Principle code and would like to make a complaint, you can do so in writing by emailing We will endeavour to respond to your complaint within 30 days. You may direct any subsequent complaints to the Office of the Australian Information Commissioner (OAIC) at

    How to Contact Us

    We are committed to respecting your right to privacy and protecting your personal information. You may request further information about the way we manage your personal information by contacting HOW - Strategy Group.

    HOW - Strategy Group

    PO Box 80
    St Leonards
    NSW 1590
    Phone:  (02) 8004 2222