Privacy Policy

Introduction

This policy explains how Bold Property Group (Bold Commercial Pty Ltd, ABN 33 697 224 025) handles personal information collected through enquiries, strategy sessions, buyer engagements, due diligence, settlement support and use of our website. We act only for the buyer, and we treat your information accordingly.

It is written to comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and it applies to all personal information we collect through the website, email, telephone and in-person meetings.

Using our services or website constitutes consent to the collection and use of personal information as described in this policy.

When we ask for financial documents

You do not need finance documents to receive a general response. Identity verification, pre-approval letters and credit information are requested only when the step you have reached actually requires them, never to field an initial enquiry.

We request financial documents only at one of the following points:

• Buyer engagement: a signed buyer’s advocacy agreement is in place
• Pre-qualification: to confirm purchasing capacity for your brief
• Property submission: a selling agent requires evidence of capacity to present an offer
• Offer or contract: preparing the offer terms or the contract itself
• AML/CTF or regulatory compliance: where the law requires verification
• Settlement: your conveyancer or financier requires it to complete

Information we collect

We collect information in two tiers, and most of it is held only while it is needed for the purpose it was collected for. The first tier covers everyone who contacts us; the second applies only once you have signed an engagement.

Enquiry data, held for all contacts: name, email and phone number; your property request submitted through our forms (asset type, location, budget band, timing and notes); and our correspondence with you.

Engaged-client data, collected only after a signed engagement: date of birth and identification documents for AML/CTF verification; employment and income indicators for pre-qualification; mailing address; and additional contact details.

Property and purchasing information: your preferences (location, type, size, features and price range), investment timeline and urgency, previous ownership history, current accommodation, and your property search history on the website.

Financial information, engaged clients only and only when needed: borrowing-capacity indicators and loan pre-approval letters held securely for active engagement steps; indicative deposit position; credit information, obtained only through an approved third-party mortgage broker with your separate express written consent for a specific engagement step; and the budget constraints in your brief.

Technical information: IP address, device and browser type, pages visited and time on site, and cookies.

Communication information: emails, telephone-call records (date, duration and a content summary for quality), meeting notes, feedback and survey responses.

• Enquiry data: name, email, phone, property-request details, correspondence
• Engaged-client data: date of birth, ID documents (AML/CTF), employment and income indicators, address, contact details
• Property and purchasing: preferences, timeline, ownership history, search history
• Financial (when needed): borrowing capacity, pre-approval letters, deposit position, credit information (with consent), budget
• Technical: IP address, device, browser, pages visited, cookies
• Communication: emails, call records, meeting notes, feedback, surveys

How we collect it

We collect personal information directly from you (enquiry forms, registration, consultations, phone calls and emails); automatically through website analytics, cookies and similar technologies; from third parties with your consent (mortgage brokers, banks, selling agents and conveyancers, for verification and to deliver the service); and from publicly available sources, including land-registry and public property data used for valuation and market analysis.

How we use your information

We use personal information to deliver the service and run the engagement, to communicate with you, to meet our legal and regulatory obligations, to improve what we do, and, only with your consent, to market to you. The detail breaks down as follows.

• Service delivery: buyer’s advocacy and sourcing, market research, due-diligence analysis, coordination with conveyancers and inspectors, and negotiation on your behalf
• Pre-qualification and engagement: assessing borrowing capacity and readiness, identity verification and AML/CTF compliance, and determining suitability and strategy
• Communication: property alerts and market updates, enquiry responses, service and transaction notifications, and invoices
• Legal and regulatory: AML/CTF obligations, tax and accounting records, lawful requests and court orders, and records kept for dispute resolution
• Business improvement: usage analysis, website functionality, market research and surveys, and team training and quality assurance
• Marketing (with consent only): newsletters, market reports, educational content, feedback and testimonials, and promotional campaigns

Disclosure of your information

We do not sell, trade or rent your personal information to anyone. Full stop.

In the course of delivering the service we may share information with the professionals an acquisition requires: conveyancing lawyers and legal advisers, licensed mortgage brokers and finance providers, valuers, building and pest inspectors, insurance brokers, selling agents and property managers, accountants and bookkeepers (for fee processing only), and our cloud-based data-management and CRM providers.

We may disclose information where the law compels it: a court order, a government authority, AML/CTF reporting, a tax-office enquiry or a law-enforcement investigation. In those cases we disclose only the minimum necessary.

Beyond the professionals listed above, we will not disclose your information to any third party without your express written consent, except where the law requires it.

Data security

Security is a priority, and our controls are informed by ISO/IEC 27001 and ISO 9001 principles. Sensitive data is encrypted in transit and at rest using AES-256 and TLS 1.2 or higher, and all data is held on Australian-based servers.

No method of transmission or electronic storage is ever completely secure, but we apply layered, contemporary controls and review them regularly.

If you suspect a security breach involving your information, contact us at privacy@boldpropertygroup.com.au immediately.

• Encryption: AES-256 at rest, TLS 1.2 or higher in transit
• Servers: Australian-based only
• Authentication: industry-standard secure password protocols
• Testing: regular security audits and penetration testing
• Access: restricted on a need-to-know basis
• Documents: secure management and file handling
• People: staff training and confidentiality agreements
• Resilience: regular backup and disaster-recovery procedures

Data retention

We keep personal information only as long as we need it to deliver the service, meet a legal obligation or resolve a dispute. When information is no longer required, we securely destroy or anonymise it under our data-destruction policy.

• Transactional records: 7 years (tax and AML/CTF compliance)
• Client service files: 3 years after the engagement concludes
• Website analytics: 24 months
• Marketing communications: until you unsubscribe or withdraw consent

Your rights under the Privacy Act

The Privacy Act 1988 (Cth) and the Australian Privacy Principles give you clear rights over the information we hold about you. You can exercise any of them by emailing privacy@boldpropertygroup.com.au.

• Access: request the personal information we hold, and we respond within 30 days, subject to lawful exceptions
• Correction: have inaccurate, incomplete or out-of-date information corrected; we take reasonable steps and notify affected parties where necessary
• Opt out: leave marketing communications at any time, without affecting essential service communications
• Complain: raise a concern with us first, then escalate to the OAIC if the APPs or your privacy rights have been breached

Cookies and analytics

Our website uses cookies (small data files stored on your device) to remember preferences and understand how the site is used. You can refuse cookies or ask to be alerted through your browser settings, though blocking essential cookies may impair functionality.

For analytics we use Google Analytics (GA4) only. It measures traffic and basic engagement using standard signals such as page views, referrer, anonymised IP and device type, with advertising-personalisation features off by default. See policies.google.com/privacy for how Google handles this data.

We do not use third-party advertising trackers, retargeting pixels or session-replay tools on the public site.

• Essential cookies: login, navigation and security, required for the site to work
• Performance cookies: anonymous usage data to improve the service
• Functional cookies: remember your preferences and previous interactions
• Marketing cookies: used only with your consent
• Analytics provider: Google Analytics (GA4) only, with no retargeting pixels and no session-replay

Data breach response

If we become aware of a data breach likely to result in serious harm, we move quickly and deliberately. Our timeline is deliberately shorter than the maximum allowed under the Notifiable Data Breaches scheme in the Privacy Act 1988 (Cth).

We contain and assess the breach within 72 hours of detection, and where it is confirmed notifiable, we notify the affected individuals and the OAIC within 7 days of that confirmation, well inside the 30-day statutory maximum.

Any notification gives a clear description of the breach, the information involved, the steps we are taking and the protective actions you can take. We also document the incident, its root cause and the remediation.

• Contain and assess within 72 hours of detection
• Notify affected individuals and the OAIC within 7 days of confirming a notifiable breach
• Provide a clear description, the data involved, and protective actions
• Document the incident, root cause and remediation

Links to external websites

Our website links to external sites such as property portals, government agencies and financial institutions. We are not responsible for their privacy practices, so review their policies before providing information. This policy applies only to information collected through Bold Property Group’s website and services.

Children’s privacy

Our services are not intended for anyone under 18, and we do not knowingly collect personal information from minors. If we become aware that we hold information from a person under 18, we will delete it and terminate the related account or access.

International data transfer

We currently operate within Australia, and all data is stored on Australian-based servers and managed under the Australian Privacy Principles. If we expand internationally, we will put appropriate safeguards in place to protect your information under the applicable laws of each jurisdiction.

Contact the Privacy Officer

For any question about this policy, to access or correct your information, or to raise a concern, contact our Privacy Officer. We respond to all privacy enquiries within 30 days.

If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or 1300 363 992.

• Privacy Officer: privacy@boldpropertygroup.com.au
• General enquiries: info@boldpropertygroup.com.au
• Post: Bold Property Group, Riparian Plaza, Level 35, 71 Eagle Street, Brisbane City QLD 4000
• Response time: within 30 days
• External escalation: Office of the Australian Information Commissioner (OAIC), oaic.gov.au, 1300 363 992