Privacy and Security

10 November 2023

At State Trustees we believe it is important that people can trust us to collect, hold, use and disclose their personal information properly. To keep you informed, we have set out below our approach in relation to the way that we collect, hold and disclose information about individuals.


State Trustees values and is committed to maintaining responsible and transparent information-handling practices. This policy summarises our approach to collecting, holding and disclosing information about individuals, including clients, employees, and service providers.

This policy applies to all State Trustees and STL Financial Services Limited employees, directors and contractors.

We handle personal and health information in accordance with the:

  • Australian Privacy Principles (APPs) under the Privacy Act 1988 (Commonwealth)
  • Information Privacy Principles (IPPs) under the Privacy and Data Protection Act 2014 (VIC)
  • Health Privacy Principles (HPPs) under the Health Records Act 2001 (VIC)

We may also collect personal and health information because of the requirements of Commonwealth, State and Territory laws, including laws governing trusts, wills, and the administration of estates.

We may update this policy from time to time. Any changes to this policy will be published on the State Trustees website.


Personal information

Personal information is information or an opinion (including information or an opinion forming part of a database), that is recorded in any form and whether true or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.

Examples of personal information include a person’s name, sex, date of birth, address, financial details, marital status and education and employment history. Under the IPPs and HPPs, personal information does not include information of a kind to which the Health Records Act 2001 (Vic.) applies.

Sensitive information

Sensitive information is information about an individual’s racial or ethnic origin, political opinions and membership of political associations, religious or philosophical beliefs, sexual preferences or practices, criminal record, or membership of a professional or trade association. The law puts special restrictions on its collection.

Health information

Health information is personal information or an opinion about a living or deceased individual’s:

  • Physical, mental or psychological health
  • Disability
  • Expressed wishes about the future provision of health services to them
  • Access of a provided health service, or service to be provided to an individual

Principles contained in the Health Records Act 2001 will apply to the collection, use, storage and disclosure of health information.

Our services

State Trustees is a state-owned company and the public trustee for Victoria, Australia. As an unlisted public company, the State of Victoria is our sole shareholder. For generations, we have been administering deceased estates and managing the financial and property affairs of people who are unable to do so themselves, due to disability, mental illness or other incapacity.

State Trustees provides clients with estate planning and administration assistance during all stages of their life, including specialised services and products such as Will Writing, Powers of Attorney, Executor Services, Trustee Services and Financial Administration.

Some of State Trustees’ services are carried out in consultation with other public sector organisations or contracted service providers.

The information we collect

The types of personal and health information that we collect and process about you will depend on our relationship with you. It will include some or all of the following:

  • Applications, enquiries, submissions, surveys and complaints;
  • Your name, address, date of birth, contact details, and other personal details that may assist us in providing our services and products to you (or to support another person) now or at a later date;
  • Financial information, where it is relevant to the particular service we are providing;
  • Information about the status of the services we are providing to you (for example, whether you have appointed us under an enduring power of attorney that may be inactive);
  • Information about the manner in which you may wish us to act in relation to services we provide you (for example, any instructions you may give us for the preparation of a Will); and,
  • Information about your preference for the services and products we offer from time to time and about your dealings with us.

How we use your information

We may use your information for the following purposes:

  • For the purposes for which it was collected;
  • Where we are permitted, authorised or required to do so by law;
  • To assist us in effectively providing services and products to you;
  • To enable us to confirm your identity when dealing with you and generally to maintain our relationship with you;
  • To assist in the proper functioning and development of our operations (for example, to ensure we act within requirements relating to risk management, trustee, fiduciary and any other legal obligations);
  • For State Trustees’ research and planning purposes, such as administering, managing and developing our services and products;
  • To inform you about services and products we think might interest you; and
  • To process any job applications, and if you are successful, create and maintain your employee record.

We take reasonable steps to ensure that personal and health information held is accurate, complete and up-to-date. Usually, State Trustees relies on individuals to provide accurate and current information to us in the first instance, and to notify us when circumstances or details change.

Disclosure of information

We may also disclose your information to third parties (other persons or organisations):

  • Where they are a related company or entity;
  • Where we have contracted an external person or organisation to provide support services (such as third‐party suppliers, service providers providing archival, printing and posting, consulting, technology and security services, mailhouses, and our advisers, agents and representatives) and that person or organisation has agreed to observe our privacy standards;
  • Where that person or organisation assists us with any of our financial planning, trustee, custodial or personal investment products or services, including superannuation and managed funds organisations and their advisers, organisations in which you invest, and other persons;
  • Who are organisations involved in our normal business practices;
  • As permitted, authorised or required by law to do so (for example, where information is required by authorities that regulate us, or in response to Court Orders, or where we are obliged by law to decide how we are to act in a person’s interests);
  • Who are your advisers or representatives, including financial and legal advisers, their service providers, and entities to which they are responsible;
  • Where that person or organisation wishes to acquire or sell an interest in all or part of our assets and business, and any advisers to such a person or organisation;
  • Who are involved in maintaining, reviewing and developing our business systems, procedures and infrastructure, including testing and upgrading our computer systems;
  • Who are involved in the payments system including financial institutions, merchants and payment organisations;
  • In connection with estates, to records‐holders and other parties who may be able to assist in the course of genealogical or other research to locate beneficiaries, or other persons who are, or were, associated with our clients;
  • In some situations, where an individual’s consent has been sought to use or provide information to others;
  • Who (in the case of third parties to whom we may disclose information) may be located in other countries. While those third parties will often be subject to confidentiality or privacy obligations, you agree (where you consent to this privacy policy) that they may not always follow the particular requirements of Australian privacy laws.

How we keep information secure

All areas of State Trustees have security measures aimed at protecting personal and health information from misuse, loss, unauthorised access or disclosure.

We hold information in a combination of hardcopy and electronic records. The information is held at our own premises, or in the control of our personnel or service providers.

Where required, we will transfer hard‐copy records (which in some cases will include personal and health information) to the Public Records Office of Victoria. Where obliged to do so, we takereasonable measures to destroy or de‐identify information that is no longer required for one or more of the purposes for which it was collected.

State Trustees periodically reviews its ongoing need to collect and keep information.

Accessing information held by us

You may access the information we hold about you and ask State Trustees to update and/or correct it, subject to certain exceptions. State Trustees will not charge a fee for your access request, but may charge an administrative fee for providing a copy of your information. To protect your information, we may require identification from you before releasing the requested information.

In some circumstances, there may be reasons why we will not act on a request, such as where it would have an unreasonable impact on the privacy of others, or we may not be permitted to do so by law.

Your information for recruitment

If you apply or register your interest for a position with us, we may collect your personal information, including your name, resume, identification and contact details and the result of preemployment checks including ability and aptitude tests, criminal history checks and bankruptcy checks. We sometimes engage service providers to assist us in the recruitment process, including recruitment agencies, providers of ability and aptitude tests, information brokers, and recruitment website operators.

Where we do this, we may exchange your personal information with those service providers, who may be located outside Australia. In some cases, those service providers may collect your personal information directly and retain it for their own purposes, so you should ensure that you are aware of their privacy policies.

We may also exchange your personal information with referees, educational institutions and professional bodies. We may not be able to consider you for employment at State Trustees if we are unable to collect your relevant personal information.

Breaches of this policy

Information privacy complaints can be made verbally or in writing to the State Trustees Privacy Officer. If the complaint is complex, the complainant will be invited to submit their complaint in writing.

Following receipt of a privacy complaint, the below actions will occur simultaneously or in quick succession:

  • Breach containment and preliminary assessment/ investigation
  • Evaluation of the risks associated with the breach
  • Notification to appropriate delegates and authorities, where appropriate

State Trustees will endeavor to make a decision on all complaints within 28 working days. State Trustees will confirm the assessment and outcome to the complainant in writing. This may include accepting the complaint in full or part, declining to allow the complaint or referring the complaint to the Office of the Victorian Information Commissioner.

Information privacy complaints are recorded in a Complaints Register, maintained by our Client Feedback team.

Any breach of the policy by State Trustee employees may result in disciplinary action being taken per the State Trustees Performance and Misconduct Policy. In addition, a breach of this policy may constitute a breach of the Code of Conduct.

What happens if you do not provide us with information?

If you do not provide State Trustees with any of the personal information that we request, it may affect our ability to meet our obligations or provide services and products to you.

To find out more or make a complaint

State Trustees investigates and resolves privacy complaints with fairness, integrity and respect for the rights of the individual.

If you have a privacy complaint or wish to discuss our information handling practices further, please contact the State Trustees Privacy Officer:

Privacy Officer, State Trustees Limited

Postal: 1 McNab Avenue, Footscray, VIC 3011

Phone: 03 9667 6200


Aboriginal flag Torres Strait islander flag Pride flag
State Trustees Limited operates on the lands of Traditional Custodians. We acknowledge their history, culture and Elders past, present and emerging. State Trustees is committed to cultivating inclusive environments for staff and clients. We celebrate and value people of all backgrounds, genders, sexualities, cultures and abilities.

Original artwork ‘Four Sisters Coming Together’ by Melissa Bell 2023