Privacy Policy

This Privacy Policy explains how RPM Real Estate Group Pty Ltd (ACN 067 034 262) (“RPM”, “we”, “us”, “our”) handles Personal Information in connection with the supply to you of our services, your use of our websites, and in our performing related support and billing activities. We are bound by the Privacy Act 1988 (Cth) (the “Privacy Act”) and the Australian Privacy Principles (“APP”s) provided under the Privacy Act.

This Policy applies to Personal Information about our customers and users, prospective customers, website visitors and other individuals who interact with us. It does not apply to information about companies or other organisations where that information does not include Personal Information.

This Privacy Policy is available free of charge on our website and can be provided in an alternative format (for example, large print or hard copy) on request.

The purpose of our Privacy Policy is to:

• Give you a better and more complete understanding of the kinds of Personal Information that we collect
• Clearly and concisely communicate how and when we collect, disclose, use, store and otherwise handle Personal Information
• Inform you about the purposes for which we collect, hold, use and disclose Personal Information
• Provide you with information about how you may access your Personal Information, and seek correction of your Personal Information
• Provide you with information about how you may make a complaint, and how we will deal with any such complaint
• Advise you of the circumstances in which we are likely to disclose Personal Information to overseas recipients; and
• Enhance the transparency of our operations in relation to your Personal Information.

• “Personal Information” has the meaning in the Privacy Act namely, information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not and whether recorded in material form or not. Examples of Personal Information include your name, date of birth, telephone number, email address and home address.
• “Sensitive Information” includes information about health, biometric templates, racial or ethnic origin, political opinions, religious beliefs, sexual orientation and criminal records.
• “Customer Data” means data our customers upload to or generate when using our Services. Customer Data may include limited Personal Information (e.g., business contact details of Users).
• “Services” means the services supplied by RPM including residential and commercial sales and leasing, business broking, marketing, research, data, and advisory services for developers and investors.

We will only collect Personal Information from you to the extent it is reasonably necessary for, or directly related to, one or more of our functions or activities including when we are providing the Services to you.

The types of Personal Information collected by us will differ, depending on whether you are, or would like to become a supplier, purchaser, vendor, customer or property developer.

If you are a supplier or a property developer, we may also require some or all of the following details:

• your company’s ABN and/or ACN
• your occupation and business address
• financial information including bank account details, profit and loss statements, balance sheets.

If you are a property vendor, we may also require some or all of the following:

• your date of birth
• title and mortgage details of any relevant property.

If you are a customer or a purchaser, we may also require:

• your date of birth
• driver’s license, passport and/or visa status
• details specifically pertaining to your requirements in relation to purchasing property (e.g. lot size required, builder engaged, price range, FIRB status, etc.).

When you are using the Services, including our website or other online services and platforms we will also collect from you to the extent not mentioned in the above,  the following information:

• Account and billing: your name, business contact details, employer/role, billing address, your Australian Business Number (ABN) where applicable, payment method tokens (processed by our payment processor), and your transaction history.
• Platform use and support: account identifiers, login activity, usage telemetry (query counts, feature use, page views), device/browser information, session IDs, support communications and attachments, preferences and settings.
• Website and analytics: cookie identifiers and similar technologies, IP address, browser/OS type, pages viewed, links clicked, referral information and timestamps.
• Marketing: your marketing preferences and interactions (opens, clicks) when you use the Services or subscribe to our updates.

We generally do not need or require you to provide Sensitive Information. However, there may be circumstances where the information provided by you reveals Sensitive Information.

We will only collect Sensitive Information in circumstances where:

• It is reasonably necessary for one or more of the services we provide or functions we carry out, and you consent to the collection of the Sensitive Information; or
• We are required or authorised by law to collect the Sensitive Information.

We collect Personal Information by the following ways:

• Directly from you: when you register or contract with us to receive the Services, create an account, request a demonstration of the Services, contact our sales or support team, participate in research or events that we may organise from time to time or otherwise interact with our team.
• Automatically: through cookies and similar technologies when you use our websites and Services (see “Cookies & Analytics”).
• From your organisation: where your employer or client authorises you to access the Services as a User or they pay invoices on your behalf that include your contact details.
• From service providers that provide services in relation to identity verification, payment processing, analytics and customer support. If you have enquired about purchasing a property from a developer, we may have received your Personal Information from the developer.
• Sometimes we will collect Personal Information from a third party or a publicly available source. For example, we may need to collect Personal Information from a credit reporting agency, your legal adviser, or we may receive your contact details from developers, business partners, or referral sources when you have made an enquiry about purchasing a property.

Where it is lawful and practical, you may interact with us anonymously or using a pseudonym (for example, when browsing our website). However, as a practical matter in order for us to provide you with the Services and manage your account with us, we will usually need your name and business contact details.

When collecting your Personal Information directly from you, we will provide you with a Privacy Collection Notice explaining the specific purposes for collection, use, and disclosure of your information in accordance with this Privacy Policy. These notices appear on our website contact forms, application forms, and mailing list subscriptions.

If we receive Personal Information that we did not solicit from you ourselves, we will determine as soon as reasonably practicable, whether we could have lawfully collected that information as part of our functions or activities. If we are not satisfied that we could have lawfully collected the information, then we will (if it is lawful and reasonable to do do) destroy the information or ensure that the information is de-identified.

We collect, use and disclose Personal Information for the following purposes:

• Assisting you to market and sell your property
• Assisting you to purchase a property
• Assisting you to obtain a loan
• Conducting appropriate credit checks
• Recording or accessing information at the state pr territory “Land Titles Registry Office” or other governmental agency
• Client and business relationship management
• Marketing of products and services to you including email marketing, text messaging and other promotional activities (with your consent);
• Providing you with access to RPM Research & Data, Market Insights and Industry News through our mailing lists and specialised content areas
• Sending you newsletters, exclusive offers, latest releases, insider tips, latest updates, and current promotions.
• Management of our database
• Enforcing the terms and conditions of our engagement with you
• Compiling anonymous market research data (in which case, it will be disclosed in a de-identified form)
• Send service announcements and—where permitted—marketing communications with an easy opt‑out. For example, your email address might be used to send you our newsletter, exclusive offers, latest releases, insider tips, latest updates, and current promotions.
• Ensuring our respective compliance with statutory obligations.
• Provide, operate and support the Services, including authentication, authorisation and securing accounts.
• Process orders, subscriptions, payments, renewals and related billing/administration.
• Communicate with you about your account, the Services, updates and changes to our terms and policies.
• Provide customer support; investigate, prevent and remediate incidents or misuse.
• Improve and develop the Services, including usage analytics, troubleshooting and quality assurance.
• Comply with the law, court orders and to enforce our agreements.

We may create aggregated or de‑identified statistics from the use of our Services. Aggregated/de‑identified information is not Personal Information.

We will only use or disclose Personal Information for the primary purpose for which it was collected, or for a secondary purpose where permitted by law.

Typical secondary purposes for which we may use or disclose Personal Information include conducting analytics to improve our services, providing internal training to staff and contractors, ensuring compliance with legal and regulatory obligations, managing risk and legal liabilities (such as liaising with insurers and legal representatives), and responding to subpoenas or other lawful requests.

We may send you marketing communications about us or the project relating to your enquiry if you are a customer or user of the Services or if you have opted in to receive this information.

You can opt out at any time using the unsubscribe link in the marketing communications message or by contacting us. We will not send to you marketing communications if you have not provided consent or if such use of Personal Information would not be expected by you. We will not use your Sensitive Information in any marketing communications unless we have your written consent.

We may, from time to time, use analytics services to assist us in understanding our website and Services users, to better monitor the performance of our platform and services, to undertake data analysis and trend analysis to better understand our customers’ preferences, to personalise our website, and to offer services of greater interest to you.

By accessing our website and our platform, you consent to the collection and processing of your non-identifiable information or data for the above purposes, including the association of such information or data with visitation information analytics may collect from our website and our platform.

When you access our website or platform, we may use tracking technologies such as cookies to make a record of your visit by logging your internet protocol address, device name, operating system version, the date and time of your visit to our site, the pages that you have accessed and the type of browser you were using. We use this information for statistical purposes and for the purposes of improving our services. This type of statistical information does not identify you. You have the option to either accept or refuse cookies. If you do not wish to receive any cookies you may set your browser to refuse them. However, this may result in you being unable to use all or part of our website and or Services.

Depending on the specific circumstances, we may disclose your Personal Information to the persons or organisations described below:

• If you are a purchaser; to the owners or developers of the property you are considering purchasing
• If you are a vendor; to prospective buyers of the property owned by you
• Your legal advisor(s) and the legal advisor(s) representing the other party(s) involved in your transaction
• Your financial institution and/or financial advisor
• Insurance providers and brokers
• Utility providers and utility connection service providers
• Persons or organisations involved in providing, managing or administering our products or services, including independent contractors engaged by us as real estate agents
• Tradespeople engaged by us to repair or maintain a property owned by you
• Organisations involved in maintaining, reviewing and developing our business systems, procedures and infrastructure including maintaining or upgrading our computer systems
• Persons or organisations involved in selling/purchasing part or all of our business
• Organisations involved in the payments systems, including financial institutions, merchants and payment organisations
• The Titles Registry Office or other government agency
• Real estate websites
• Marketing agencies working in conjunction with RPM Real Estate Group to market land or property for sale
• Local councils
• Your organisation (e.g., your account owner or administrator) in connection with the Services and billing.
• Technology service providers who assist in maintaining our online services including (IT hosting, cloud infrastructure, customer support, analytics, email delivery, payment processing)
• Customer support service providers
• Organisations involved in maintaining, reviewing and developing our business systems, procedures and infrastructure including maintaining or upgrading our computer systems
• Persons or organisations involved in selling/purchasing part or all of our business
• Organisations involved in the payments systems, including financial institutions, merchants and payment organisations.
• Professional advisers, auditors and insurers (for our legitimate business and compliance purposes).
• Prospective purchasers and their advisers in connection with a sale or corporate transaction, subject to confidentiality.
• Government agencies, courts or law enforcement where required by law or to protect our legal rights.

We require our service providers to handle Personal Information in accordance with the Privacy Act, this Privacy Policy and our instructions.

In addition to the above, a formal Data Sharing Agreement is in place between  Terralytics (Aust) Pty Ltd (ACN 681 043 327) (“Terralytics”)and us. This agreement governs how your Personal Information is handled and used by Terralytics in the provision of its land‑market intelligence platform and associated services, ensuring that the same privacy standards set out in this policy are maintained by Terralytics.

We will not directly transfer your Personal Information overseas. However, we use programs, software, and online tools that may be based in and/or housed overseas. Our use of such products may involve disclosure of your Personal Information to such organisations overseas.

In using such products, we will take all reasonable steps to ensure all privacy settings in our agreements with such parties are set to the highest possible level of confidentiality and privacy. However, use and disclosure of your Personal Information by such overseas organisations is generally in accordance with the terms and conditions and privacy policies of such organisations.

We use reasonable endeavours to review such terms and conditions and privacy policies and to satisfy ourselves that such platforms are reputable and that their policies indicate they will treat your Personal Information in a manner that is consistent with the requirements of this Privacy Policy.

We use reputable cloud and SaaS providers that may process Personal Information in the following locations:

HAVING BEEN INFORMED OF THE POSSIBILITY THAT THE ABOVE DISCLOSURES MAY OCCUR, YOU CONSENT TO THAT DISCLOSURE BY CONTINUING TO PROVIDE US WITH YOUR PERSONAL INFORMATION AND CONTINUING TO USE THE PLATFORM AND THE SERVICES.

Your Personal Information may be stored in hard copy documents or electronically.

We are committed to ensuring the security of your Personal Information and will take all reasonable steps to protect it from misuse, interference, loss, unauthorised access, modification or disclosure.

We do this via a layered technological security strategy which includes:

• Two factor or multi-factor authentication for access to RPM system, apps and devices;
• Specialised suites of security systems to protect the network and all data; and
• Regular external and internal threats and penetration testing.

Other ways we protect your Personal Information are:

• Requiring employees and contractors to enter into confidentiality agreements
• Secure hard copy document storage (i.e. storing hard copy documents in locked filing cabinets)
• Access control for our buildings;
• Security monitoring,
• Vulnerability management,
• Staff privacy training,
• Penetration testing,
• Supply-chain risk management and
• Regular backups that are proportionate to business continuity needs.

We retain Personal Information for as long as necessary to provide the Services and otherwise fulfil the purposes described in this Policy, including for legal, accounting or reporting requirements. When Personal Information is no longer required, we take reasonable steps to destroy or de‑identify it.

We will take reasonable steps to ensure that all Personal Information we collect, use, or disclose is accurate, complete, and up-to-date.

You may request access to the Personal Information we hold about you, by sending your request by email or mail using the contact details set out in Section 18.

If you wish to amend the Personal Information because it is inaccurate, out of date, incomplete, irrelevant or misleading, or if you wish your Personal Information to be deleted, you can update many details directly through your Services account portal or send your request by email or mail using the contact details set out below.

We will provide you with access to your Personal Information on request within a reasonable period after the request is made (usually within 30 days) except in the circumstances where we are not required to do so, pursuant to the Privacy Act. If we deny your request for access, we will let you know why.

We will, prior to providing access, require you to provide evidence of your identity.

No fee will be charged for standard access requests made through your account portal. For complex access requests requiring manual processing, we may charge a reasonable fee for expenses incurred in providing any information (such as search and administrative costs). We will inform you of any fees before processing your request.

We will correct your Personal Information if you request that we make the change, within a reasonable time of the request being made. Many corrections can be made immediately through your account portal. If you ask us to, we will take reasonable steps to notify third parties to whom we have previously disclosed the Personal Information, that corrections are required. However, we will only comply with such request if such notification is not impracticable or unlawful.

If we are asked to correct Personal Information and we do not agree that it is incorrect, we will provide a written explanation of the reasons for our refusal to correct the information, and the mechanisms available to you to make a complaint if you are unsatisfied. In these circumstances, we will keep a record of the information regarded as inaccurate or out-of-date.

If we experience a data breach that is likely to result in serious harm to individuals, we will assess the situation and, if it is an eligible data breach under the Privacy Act, notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as soon as practicable and in accordance with requirements of the Privacy Act. We will also take steps to contain and remediate the breach.

Our Services are intended for business use. We do not knowingly collect Personal Information about children. If you believe a child has provided us with Personal Information, please contact us and we will take appropriate steps.

Our websites may contain links to third‑party sites. We are not responsible for the privacy practices of those sites. We encourage you to review their privacy policies before you use or access such third party sites.

We do not adopt, use or disclose government-related identifiers (such as Medicare or tax-file numbers) as our own identifiers of an individual except where required or authorised by law or in accordance with the Privacy Act.

We may update this Privacy Policy from time to time. The updated version will be posted on our website and will take effect when posted, unless otherwise stated.

If you have questions, concerns or complaints about how we handle Personal Information, or if you wish to exercise your privacy rights, please contact us at:

Email: [email protected]

or

Mail:

Attention: Head of HR
Suite 1, Level 26, 2 Southbank Boulevard
Southbank VIC 3006

Upon you making a complaint we will acknowledge your complaint promptly and aim to resolve it within 30 days. Where it is anticipated that this timeframe is not achievable, we will contact you to provide an estimate of how long it will take to investigate and respond to the complaint.

If we decide that your complaint is justified, we will then decide what action we should take in response. We will always try to match our response to the nature of your complaint and your desired outcome, but this may not always be possible.

Some of the things that we may decide to do include: take steps to rectify the problem or issue you have raised; provide you with additional information or advice so that you can understand what happened and how we have dealt with it; or take steps to change our policies or procedures if your complaint identifies a problem in the way we are doing things.

It will not always be possible to resolve a complaint to everyone’s satisfaction. In that case, you might want to escalate the matter to the Privacy Commissioner via an online privacy complaint form which can be found at: https://www.oaic.gov.au/privacy/privacy-complaints/lodge-a-privacy-complaint-with-us/.