Privacy Policy

OVERVIEW

Your privacy is important to us. This policy describes how @realty (ACN 167 076 306 / ABN 59 167 076 306 / RLA 269823) collects, uses, discloses, stores and protects your personal information when you engage with us. We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

From 1 July 2026, @realty is also a “reporting entity” under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act). This means we are legally required to collect, verify, retain and (in certain circumstances) disclose additional personal information about our customers. Section 4 of this policy explains those new obligations and how we have implemented them with our compliance partner, AMLHUB Australia Pty Ltd (AMLHUB).

SCOPE OF THIS PRIVACY POLICY

This Privacy Policy applies to users of our digital platforms (websites, social channels, customer portals), our sales and property-management clients, vendors, purchasers, landlords, tenants, and anyone else whose personal information we collect in the course of providing real estate services in Australia.

In this policy, “personal information” has the meaning given to it in the Privacy Act 1988 (Cth) — broadly, any information or opinion about an identified individual, or an individual who is reasonably identifiable. This may include your name, address, telephone number, email address, date of birth, profession or occupation, and the AML/CTF identification information described in Section 4.

AGREEMENT TO POLICY TERMS

By contacting us through our website, digital platforms, or social media, or by engaging us to provide a real estate or property-management service, you agree to this Privacy Policy. If you would prefer not to agree, please reach us by email at compliance@atrealty.com.au or phone 1300 299 377 (Privacy Officer) instead.

1. What Personal Information Do We Collect and Hold?

In the ordinary course of our real estate business we may collect:

Identity and contact details — name, mailing/street address, email, telephone, age or date of birth, profession, occupation or job title.
Information about a property you own, are selling, leasing, buying or renting.
Transaction information — offers, contract details, deposit information, settlement information.
Financial information you choose to share with us (for example, in support of an offer).
Information you provide via our service centre, customer surveys, marketing forms, agent visits, chatbots or our online listings.

AML/CTF identification information — From 1 July 2026, where we are required to conduct customer due diligence (CDD) under the AML/CTF Act we must also collect:

Full legal name, residential address and date of birth.
Photographic identity documents (e.g. driver licence, passport).
For non-individual customers: company name, ACN/ABN, registered office, beneficial ownership details and details of directors and persons exercising control.
Information about the nature and purpose of the transaction and (for higher-risk matters) the source of funds and/or source of wealth.
A risk rating assigned to you, and any ongoing customer due-diligence (OCDD) information we collect during our business relationship.

Sensitive information — We do not typically collect “sensitive information” (such as health information, racial or ethnic origin, or criminal records) unless it is reasonably necessary for our business functions and you have provided explicit consent, or where required or authorised by law (including under the AML/CTF Act).

2. How Do We Collect Your Personal Information?

We collect your personal information directly from you wherever it is reasonable and practicable to do so. Methods include:

Your access and use of our website, customer portals and online listing forms.
Phone or video calls (e.g. Microsoft Teams, Zoom, 3CX).
Telephone, letter, fax or email correspondence.
Conversations between you and our representatives, agents, property managers or contractors.
Contracts, offers, agency agreements, management agreements, tenancy applications, competitions and promotions.
Customer surveys, feedback, marketing forms and enquiries.
Our AMLHUB customer due-diligence portal, which we use to capture and electronically verify the identity information described in Section 4. When you provide identity information through AMLHUB, you do so under our customer-facing notice and this Privacy Policy; AMLHUB processes that information on our behalf as a data processor.

We may also collect information from third parties including credit reporting agencies, electronic identity-verification providers (including AMLHUB and its data-source partners), law-enforcement and government bodies (including AUSTRAC), your nominated representatives (lawyers, accountants, financial advisers, conveyancers), publicly available sources, or any other organisation where you have given your consent.

Anonymity and pseudonymity — Where lawful and practical (for example, general website browsing or initial enquiries), you may deal with us anonymously or using a pseudonym. However, we cannot conduct customer due diligence, enter an agency agreement, or provide a designated service under the AML/CTF Act anonymously — these activities require verified identity information.

3. Cookies and Analytics

When you access our website, we may send a “cookie” (a small summary file containing a unique ID number) to your device. Cookies allow us to recognise your device on return visits, keep track of products or services you view, and (with your consent where required) send you information about those products or services. We also use cookies to measure traffic patterns and improve the operation of our digital channels.

When you visit our website or social media pages, we may collect:

Visit date and time
Pages viewed and navigation details
Device and browser type
IP address

This information helps us understand your experience and improve our digital services. You can disable cookies via your browser settings, but parts of our site may not work properly.

4. AML/CTF Compliance (effective 1 July 2026)

@realty is regulated by AUSTRAC as a reporting entity under the AML/CTF Act. We have implemented an AML/CTF Program and use AMLHUB Australia Pty Ltd (ABN 27 679 005 915) as our compliance platform to capture, electronically verify and securely store customer due-diligence information.

4.1 What we must do

The AML/CTF Act requires us to:

Conduct initial customer due diligence (KYC & KYB) on certain customers — typically sellers and, where applicable, buyers, landlords and other parties — before, or as soon as practicable after, providing a designated service.
Identify and verify the beneficial owners and controllers of non-individual customers.
Assess the money-laundering and terrorism-financing risk of each customer and transaction, and apply enhanced due diligence to higher-risk matters (including obtaining source of funds / source of wealth information).
Conduct ongoing customer due diligence during a business relationship, including monitoring transactions for unusual activity.
Lodge Suspicious Matter Reports (SMRs), Threshold Transaction Reports (TTRs) and other prescribed reports with AUSTRAC.
Maintain records of all of the above for at least 7 years after the end of the business relationship or the date of the transaction (whichever is later).

4.2 How we use AMLHUB

We use the AMLHUB platform to:

Send you an electronic identity-verification request (typically by email or SMS).
Capture identity documents (driver licence, passport, etc.), photographic verification, and other KYC/KYB information.
Run electronic identity verification against authoritative data sources.
Store the resulting verification record securely and retain it for the period required by law.

When you provide your information through AMLHUB:

We remain the data controller. AMLHUB acts as our data processor under a written contract that requires it to handle your personal information in accordance with the Privacy Act 1988 (Cth) and the APPs.
Primary production data for Australian customers is hosted in Google Cloud’s Australia region.
AMLHUB uses certain support and SaaS tools located in the United States, European Union and New Zealand. AMLHUB has entered into written arrangements with those sub-processors requiring protections substantially similar to the APPs (APP 8.2(b)).
AMLHUB is ISO/IEC 27001:2022 certified and applies encryption in transit and at rest, role-based access controls, multi-factor authentication, vulnerability management and regular penetration testing.

A copy of AMLHUB’s own privacy policy is available at https://amlhub.com.au/privacy-policy. If you have a question that relates only to AMLHUB’s own processing, you may contact AMLHUB directly at privacy@amlhub.com.au; otherwise, please direct all AML-related privacy enquiries to @realty as the data controller.

4.3 Tipping-off

Where we lodge an SMR with AUSTRAC, the AML/CTF Act prohibits us from disclosing that fact to the customer or any third party (“tipping-off”). For that reason, where you make an access or correction request under Section 11, we may need to decline to confirm or deny the existence of certain AML/CTF records, or to provide only redacted information. We will provide written reasons to the extent permitted by law.

4.4 No marketing use

Personal information collected for AML/CTF purposes is used only for those purposes and to meet our legal obligations. We do not use AML/CTF identification information for direct marketing, research, profiling, or any commercial purpose unrelated to AML/CTF compliance.

5. What Happens If We Can’t Collect Your Personal Information?

If you do not provide the information described in this policy, we may not be able to:

Provide the requested products or services to you (including listing or marketing a property, accepting an offer, or entering a management or tenancy agreement);
Verify your identity as required under the AML/CTF Act, which may mean we cannot lawfully provide certain designated services;
Provide information about products and services you may want; or
Tailor the content of our website to your preferences.

6. Purposes of Collection, Holding, Use and Disclosure

We collect, hold, use and disclose your personal information for the following purposes:

To provide real estate, property-management and related products and services to you.
To comply with our obligations under the AML/CTF Act and other laws — including customer due diligence, ongoing due diligence, record-keeping and lawful reporting to AUSTRAC.
To verify eligibility for our services (including identity, capacity and any required licences).
To answer enquiries and provide information or advice about existing and new products or services.
To provide you with access to protected areas of our website and customer portals.
To assess and improve the performance of our website and digital services.
To conduct business-processing functions — including providing personal information to our related bodies corporate, contractors, service providers and other third parties (such as AMLHUB).
For administrative, marketing (including direct marketing), planning, product or service development, quality control, survey and research purposes of @realty, its related bodies corporate, contractors, franchisees, franchisees’ real estate agents or service providers (other than AML/CTF data, which is not used for marketing).
To update our records and keep your contact details accurate.
To process and respond to any complaint made by you.
To comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator (including AUSTRAC, OAIC, state Fair Trading bodies and the courts) or in co-operation with any governmental authority of any country (or political sub-division of a country).

Your personal information will not be shared, sold, rented or disclosed other than as described in this Privacy Policy.

7. To Whom May We Disclose Your Information?

We may disclose your personal information to:

Our employees, related bodies corporate, contractors, franchisees and franchisees’ real estate agents and property managers;
Service providers (web hosting, IT, mailing houses, payment processors, debt collectors, professional advisers);
AMLHUB Australia Pty Ltd and other AML/CTF service providers, electronic identity-verification providers and data sources, for the purposes set out in Section 4;
AUSTRAC and other law-enforcement, regulatory or government bodies, where we are required or authorised by law to do so (including via SMRs, TTRs and other prescribed reports);
Outsourced service providers (e.g. auditors);
Suppliers and third parties with whom we have commercial relationships for marketing purposes (other than AML/CTF data);
External dispute-resolution services;
Any organisation where you have provided express consent.

We may combine or share information we collect from you with information collected by any of our related bodies corporate within Australia.

We will not share personal information with third parties without your consent unless necessary for our services, required by law (including under the AML/CTF Act), or otherwise permitted by the APPs.

8. Direct Marketing

We may send you direct marketing communications and information about our products and services that we consider may be of interest to you. These communications may be sent in various forms, including mail, SMS, fax and email, in accordance with the Spam Act 2003 and the Privacy Act.

We may use your information to:

Send newsletters and property updates
Respond to enquiries
Improve website experiences
Provide relevant marketing content

You may opt out at any time by contacting our Privacy Officer or using the opt-out facilities provided in the marketing communications. We will then ensure your name is removed from our marketing list.

As noted in Section 4.4, AML/CTF data is never used for marketing.

9. Service Providers

We use third-party service providers to store and process some of the information we collect. We use secure cloud services and ensure that our cloud-based providers (including AMLHUB) are subject to appropriate security and information-handling arrangements and that the information stored or processed by them remains subject to confidentiality obligations.

10. Overseas Disclosure

We may disclose personal information to recipients located outside Australia for data hosting, IT support, customer due-diligence verification and development services. Countries may include but are not limited to:

Singapore — access to our CRM for software changes
The Philippines — administrative support
Ukraine & Portugal — software development
United States, European Union, New Zealand — AMLHUB sub-processors providing platform, CRM, email and analytics tools used in connection with AML/CTF compliance (primary production data is hosted in Australia)

Where personal information is transferred overseas, we (and our processors, including AMLHUB) either enter into written agreements requiring the recipient to handle the information to a standard comparable to the APPs, or rely on another permitted safeguard under APP 8.

11. How Can You Access and Correct Your Personal Information?

You may request access to any personal information we hold about you at any time by contacting our Privacy Officer (see Section 15). Where we hold information you are entitled to access, we will try to provide you with a suitable means of accessing it (for example, by mailing or emailing it to you). We may charge a reasonable fee for information access requests to cover our administrative costs. We aim to respond to all requests for access or correction within a reasonable period, usually within thirty (30) days.

There may be instances where we cannot grant you access to the personal information we hold. For example, we may need to refuse or restrict access where granting access would:

Interfere with the privacy of others;
Result in a breach of confidentiality;
Be unlawful, or prejudice an investigation; or
Result in a breach of the AML/CTF Act, including the tipping-off prohibition (see Section 4.3).

If we refuse or restrict access we will give you written reasons to the extent permitted by law.

If you believe personal information we hold about you is incorrect, incomplete or inaccurate, you may request that we amend it. We will consider whether the information requires amendment. If we do not agree there are grounds for amendment we will add a note to the personal information stating that you disagree with it.

12. Storage, Security and Retention

We hold your personal information in both hard copy and electronic form. We take all reasonable steps to protect your personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. We maintain physical, electronic and procedural safeguards to protect your personal information, including:

Access control and security protocols (including role-based access and multi-factor authentication)
Employee confidentiality and training (including AML/CTF training)
Encryption in transit and at rest for our customer due-diligence records held with AMLHUB
Data-retention policies aligned with our legal obligations

Some information is stored electronically, either on secure drives or with cloud-service providers including AMLHUB (Google Cloud, Australia region).

Retention: We retain personal information only for as long as is reasonably necessary for the purposes for which it was collected, or for any longer period required by law. In particular, AML/CTF records (including identity verification data and transaction records) must be retained for at least 7 years after the end of our business relationship with you, or after the date of the relevant transaction (whichever is later). Once personal information is no longer needed and is not required to be retained, we will take reasonable steps to securely destroy or permanently de-identify it.

However, because our website is connected to the internet, and the internet is inherently insecure, we cannot guarantee the security of information you transmit to us online. Information you transmit to us online is transmitted at your own risk.

Data breach notification: We take the security of your data seriously. In the unlikely event of an eligible data breach that is likely to result in serious harm to any individual whose personal information we hold, we maintain a data-breach response plan. We will promptly notify the affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth). Where the breach involves AML/CTF records held through AMLHUB, our notification will be coordinated with AMLHUB under the terms of our data-processing agreement.

Our website may contain links to other websites operated by third parties (including AMLHUB’s customer portal). We make no representations or warranties about the privacy practices of any third-party website and are not responsible for the privacy policies or content of those sites. Third-party websites are responsible for informing you about their own privacy practices.

14. Complaints and Disputes

If you believe your privacy has been breached, please contact our Privacy Officer. We will investigate your complaint and respond within a reasonable timeframe.

If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

Web:http://www.oaic.gov.au
Phone: 1300 363 992

Complaints about AML/CTF reporting are not within the OAIC’s jurisdiction; AUSTRAC handles compliance complaints in relation to the AML/CTF Act.

15. Contacting Us

If you have questions about this policy or wish to lodge a complaint, please contact:

Privacy Officer
Address: Level 11, 50 Cavill Avenue, Surfers Paradise, QLD 4217
Email: compliance@atrealty.com.au
Phone: 1300 299 377

Support Email: support@atrealty.com.au
Website: http://www.atrealty.com.au

Company Details:
ACN: 167 076 306
ABN: 59 167 076 306
RLA: 269823

16. Changes to Our Privacy Policy

We may change this Privacy Policy from time to time. We regularly review and update this policy. Significant changes will be posted on our website at http://www.atrealty.com.au. Any updated versions will be available on our website.

Created: 30 January 2014

Last updated: June 2026 (AML/CTF amendments to take effect 1 July 2026)