Privacy Policy

INTRODUCTION

PRIVACY POLICY

This Privacy Policy applies to the collection, use, and disclosure of personal information by BEYOND THE BRICK PTY LTD (ACN 675 287 206), a company registered under the laws of Australia and governed by the Privacy Act 1988 (Cth) ("Privacy Act") and the Australian Privacy Principles ("APPs").

Beyond The Brick Pty Ltd ("we," "us," "our") is responsible for managing personal information collected through its website [https://beyondthebrick.com.au/] (the "Website") and related services.

Questions or concerns that you may have about this Privacy Policy or the management of personal information may be directed to our Privacy Officer at:

• Email: info@beyondthebrick.com.au
  
  

We are committed to protecting your privacy and ensuring that your personal information is collected, used, and disclosed in accordance with the APPs.

This privacy policy is provided in a layered format so you can click through to the specific areas set out below. Alternatively, you can view the full version of the privacy policy here [LINK].

1. IMPORTANT INFORMATION AND WHO WE ARE (1)

2. TYPES OF PERSONAL DATA WE COLLECT ABOUT YOU (2)

3. HOW IS YOUR PERSONAL DATA COLLECTED? (3)

4. HOW WE USE YOUR PERSONAL DATA (4)

5. DISCLOSURES OF YOUR PERSONAL DATA (5)

6. INTERNATIONAL TRANSFERS (6)

7. DATA SECURITY (7)

8. DATA RETENTION (8)

9. YOUR LEGAL RIGHTS (9)

10. CONTACT DETAILS (10)

11. COMPLAINTS (11)

12. CHANGES TO THE PRIVACY POLICY AND YOUR DUTY TO INFORM US OF CHANGES (12)

13. THIRD PARTY LINKS AND USER-GENERATED CONTENT DISCLAIMER (13)

1. Important information and who we are

   1. This privacy policy gives you information about how we collect and use your personal data through your use of this Website, including personal information submitted when you provide property reviews, interact with our platform, or access related services

   2. This Website is intended for individuals aged 15 years and older. We do not knowingly collect personal information from children under 15. If we become aware that personal information from a minor has been provided, we will take reasonable steps to delete it.

   3. We have appointed a Privacy Officer (PO) who is responsible for overseeing questions in relation to this privacy policy.] If you have any questions about this privacy policy, including any requests to exercise your legal rights (9), please contact us using the information set out in the contact details section (10).

2. The types of personal data we collect about you

   1. Personal information refers to any information or opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether recorded in a material form or not, as defined under the Privacy Act 1988 (Cth).

   2. Categories of personal information collected

We may collect, use, store, and disclose various types of personal information, including but not limited to:

1. 1. 1. Identity information: Such as your full name, and any identification documents you provide for verification purposes.

      2. Contact information: Including your residential address, email address, and telephone numbers.

      3. Property review data: Comprising reviews, ratings, comments, and any multimedia content you submit related to properties.

      4. Verification data: Documents or information provided to confirm your identity or residency, such as utility bills or tenancy agreements.

      5. Technical information:
         Data such as your IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.

      6. Usage information: Details about how you interact with our Website, including page views, navigation paths, and patterns of usage.

      7. Marketing and communication preferences: Your preferences in receiving marketing materials from us and your communication preferences.

   2. Aggregated data

We also collect, use, and share aggregated data, such as statistical or demographic data, for various purposes. Aggregated data may be derived from your personal information but is not considered personal information under the law, as it does not directly or indirectly reveal your identity. For example, we may aggregate your usage information to assess the effectiveness of our website features.

1. 4. Sensitive Information

We do not actively collect sensitive information (such as information about your health, racial or ethnic origin, political opinions, religious beliefs, or sexual orientation), and we have obtained your consent or are otherwise permitted by law to do so.

3. How is your personal data collected?

   1. Direct collection

We may collect personal information directly from you through the following methods:

1. 1. 1. Property review submissions: When you complete and submit property reviews, including ratings, comments, and multimedia uploads, through our Website.

      2. Account registration: When you create an account or profile on our Website to access specific services, features, or subscriptions.

      3. Communications: When you contact us directly through email, phone, postal mail, or by using forms provided on our Website.

      4. Subscription services: When you subscribe to newsletters, notifications, or other marketing materials we offer, subject to your preferences and consent.

   2. Automated collection

We may also collect personal information automatically when you use or interact with our website. This information may include, but is not limited to:

1. 1. 1. Technical data: Such as IP addresses, browser types, operating system details, access times, referring URLs, and device types.

      2. Browsing Behaviour: Including pages viewed, search terms used, click patterns, and interactions with our website features.

      3. Cookies and similar technologies: We use cookies and similar tracking technologies to enhance user experience, provide functionality, and analyse website performance. These include:

         1. Essential Cookies: Necessary for the operation of our website.

         2. Analytical/Performance Cookies: To gather data on website usage for improvement.

         3. Preference Cookies: To store user preferences.

   2. Third parties or publicly available sources

We may obtain personal information about you from authorised third-party sources, including:

1. 1. 1. Analytics providers: Such as Google Analytics and other data analytics platforms that provide statistical and technical data about how our website is accessed and used.

      2. Publicly available sources: Including publicly accessible records, social media platforms where data is shared publicly, and real estate databases, to the extent permitted by law.

   2. Consent-based collection

Where required by law, we will obtain your consent before collecting certain categories of personal information, including sensitive information such as identity verification documents (e.g., utility bills or government-issued identification).

1. 5. Lawful collection

We will only collect personal information where it is reasonably necessary for our business operations or where required by law. If personal information is collected from third-party sources, we will take reasonable steps to ensure its accuracy, completeness, and relevance, in accordance with the Privacy Act and APPs.

4. How we use your personal data

   1. We process personal information in accordance with Australian privacy laws. We rely on one or more of the following legal bases when processing your personal information:

      1. Performance of a contract: We process personal information when it is necessary to enter into or perform a contract with you, including:

         1. Creating and managing user accounts.

         2. Publishing property reviews submitted through our platform.

         3. Providing access to relevant services available on our Websit
            e.

         4. Verifying reviews where users supply supporting documentation (e.g. utility bills) as part of the verification process.

      2. Legitimate interests: We process personal information where it is necessary for our legitimate business interests, provided that such processing does not override your fundamental rights and freedoms.

Our legitimate interests include:

1. 1. 1. 1. Improving and personalising our services.

         2. Ensuring website security and fraud prevention.

         3. Conducting internal analysis and service development.

         4. Communicating service updates and platform
            changes.

      2. Legal obligations: We process personal information when it is necessary to comply with our legal obligations, including but not limited to:

         1. Complying with applicable laws, regulations, and legal processes.

         2. Responding to requests from governmental or regulatory bodies.

      3. Consent: We process personal information based on your explicit consent for specific purposes, such as:

         1. Sending marketing communications, newsletters, and promotional offers.

         2. Conducting surveys, contests, and feedback requests.

You may withdraw
your consent at any time by contacting us using the information provided in this Privacy Policy.

1. 2. Purposes for processing personal information

We process personal information for the f
ollowing specific purposes:

1. 1. 1. To create, maintain, and manage your user account, including identity verification, enabling you to access our services;

      2. To publish and verify your property reviews, comments, ratings, and uploaded media as part of our service offering.

      3. To respond to inquiries, provide technical support, and send administrative updates related to changes in our services or policies.

      4. To analyse and improve the functionality of our website, services, and overall customer experience through statistical and performance data.

      5. To send you personalized marketing communications, offers, and updates, based on your preferences and prior interactions with our services, subject to your consent.

      6. To comply with legal and regulatory obligations, such as maintaining accurate business records, responding to law enforcement inquiries, and fulfilling reporting duties.

      7. To secure our platform, detect and prevent fraud, unauthorised access, and cyber threats, and ensure the overall safety of personal information processed through our systems.

      8. To provide anonymised data to developers for property and portfolio performance insights. Any data shared for this purpose will be aggregated and will not include personally identifiable information.

   2. Data retention

      1. We will retain your personal information only for as long as reasonably necessary to fulfil the purposes for which it was collected, including for legal, regulatory, accounting, or reporting obligations. The retention period will depend on:

         1. The nature of the personal information collected.

         2. The purposes of data processing.

         3. Legal and regulatory requirements applicable under Australian law.

      2. Once the retention period expires, personal information will be securely deleted, anonymised, or archived, as appropriate.

   3. Direct marketing and communications

      1. We may send you marketing communications about our services or promotions if:

         1. You have given explicit consent.

         2. You have previously used our services, and the communications are relevant to similar services, provided you have not opted out.

      2. Opting out

You may opt out of marketing communications at any time by:

1. 1. 1. 1. Following the unsubscribe instructions provided in each marketing email.

         2. Contacting us directly at info@beyondthebrick.com.au[
            INSERT CONTACT INFORMATION].

      2. Third-party marketing

We will obtain your explicit consent before sharing your personal information with third parties for their direct marketing purposes.

1. 5. Sharing personal information

We may share your personal information with third parties only under the following circumstances:

1. 1. 1. Service providers: We may disclose personal information to trusted service providers who assist us with website hosting, data analysis, and technical support.

      2. Legal compliance: We may share personal information when required by law, regulation, legal process, or government request.

      3. Business transactions: In the event of a business transfer, merger, or sale, personal information may be shared with the acquiring entity, subject to confidentiality obligations.

      4. Publicly Shared Content: When you submit a review, rating, or other user-generated content, it will be published on our platform and made publicly accessible. Your display name (as chosen by you) will be visible alongside your review, but no other personal information will be shared unless explicitly agreed.

   2. Security Measures

We implement technical, administrative, and physical security measures to safeguard personal information against unauthorized access, alteration, disclosure, or destruction. In the event of a data breach likely to cause serious harm, we will notify affected individuals and report the breach to the Office of the Australian Information Commissioner (OAIC) as required by the Notifiable Data Breaches (NDB) Scheme.

5. Disclosures of your personal data

   1. How we share your personal information

We may disclose your personal information to third parties when such disclosure is reasonably necessary to achieve the purposes outlined in this Privacy Policy. We will only disclose personal information in compliance with relevant Australian privacy laws.

1. 2. Categories of third parties

We may disclose personal information to the following categories of third parties:

1. 1. 1. Service providers: Companies that assist us in providing services, including website hosting, data storage, IT support, customer service, and analytics providers. For example cloud storage providers, technical support teams, and marketing platforms.

      2. Professional advisors: Legal advisors, accountants, auditors, and insurers, where disclosure is necessary for compliance, legal proceedings, or risk management.

      3. Developers and real estate agencies: Verified developers may access anonymised and aggregated property review data for benchmarking purposes.

      4. Regulatory authorities and law enforcement agencies: Government agencies, regulators, and law enforcement officials when disclosure is required by law or for legal proceedings.

      5. Business transfers: In the event of a merger, acquisition, sale, or transfer of business assets, personal information may be shared with the acquiring entity, subject to strict confidentiality obligations.

   2. Requirements for third-party processing

We require all third parties receiving personal information from us to comply with the following obligations:

1. 1. 1. Third parties must implement robust security measures to protect personal information from unauthorized access, misuse, and loss.

      2. Third parties may only process personal information in accordance with the specific purposes outlined in our instructions and must not use it for any unauthorized purposes.

      3. All third parties are bound by confidentiality agreements or similar legal obligations requiring them to handle personal information with utmost care and integrity.

      4. Any transfer of personal information to third parties outside Australia will comply with APP 8, ensuring appropriate safeguards are in place.

   2. Business transfers

In the event of a merger, acquisition, restructuring, or sale of our business or its assets, personal information may be transferred to the new entity. In such cases, we will:

1. 1. 1. Ensure that the acquiring entity continues to process personal information in compliance with this Privacy Policy.

      2. Provide notification of such changes through our website or other appropriate communication channels.

   2. Legal obligations and compliance

We may disclose personal information where required by law or when responding to legal requests, court orders, or regulatory inquiries. This includes situations where disclosure is necessary to protect our legal rights, defend against legal claims, or prevent potential fraud or abuse of our platform.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law.
We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

We are committed to protecting the privacy of individual users. Developers and other third parties will only have access to
anonymised and aggregated data for benchmarking purposes.
No personally identifiable information (PII) will be shared with developers or third parties unless explicitly consented to by the user.

6. International transfers

   1. General statement

We operate primarily within Australia. However, in certain circumstances, your personal information may be transferred, processed, or stored outside of Australia. Any such transfers will comply with the Privacy Act 1988 (Cth), particularly Australian Privacy Principle (APP) 8, which governs cross-border disclosure of personal information.

1. 2. When international transfers may occur

We may transfer personal information outside Australia in the following circumstances:

1. 1. 1. Cloud storage and data hosting services: When our third-party service providers, such as cloud storage or IT infrastructure providers, host personal information on servers located outside of Australia.

      2. Service providers and contractors: When service providers or contractors assisting in providing services are based outside Australia.

      3. Business transactions: In the event of a merger, acquisition, or sale of our business, personal information may be transferred to an acquiring entity operating outside Australia.

      4. Global business operations: If we expand our operations to other countries, your personal information may be processed at our international offices, subject to applicable legal safeguards.

   2. Safeguards for international transfers

Where personal information is transferred outside of Australia, we will ensure that reasonable steps are taken to protect the personal information in line with Australian privacy laws. These steps include, but are not limited to:

1. 1. 1. Contractual safeguards: We will ensure that appropriate contractual arrangements are in place with international service providers or third parties to ensure compliance with Australian privacy standards.

      2. Privacy policies and security standards: We will require all third parties processing personal information outside Australia to adhere to strict privacy and security standards equivalent to the requirements of the Privacy Act 1988 (Cth).

      3. Data minimisation: We will only transfer personal information that is necessary for the specified purpose and ensure that data is retained only for as long as required by applicable legal and operational requirements.

      4. Secure transfer methods: We will implement secure data transfer protocols, including encryption and secure file-sharing methods, to safeguard personal information in transit.

   2. User Consent for International Transfers

By using our services and submitting your personal information, you consent to the transfer, storage, and processing of your personal information outside Australia as described in this Privacy Policy.

1. 5. Requests and inquiries

For more details about international data transfers, including specific safeguards or contracts in place, please contact us using the details provided in this Privacy Policy.

7. Data security

   1. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

   2. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

8. Data retention

How long will you use my personal data for?

1. 1. We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

   2. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

   3. By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for [
      NUMBER] years after they cease being customers for tax purposes.

   4. In some circumstances you can ask us to delete your data: see [9] below for further information.

   5. In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

2. Your legal rights

   1. You have a number of rights under data protection laws in relation to your personal data.

You have the right to:

1. 1. 1. Request access to your personal data (commonly known as a "subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

      2. Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

      3. Request erasure of your personal data in certain circumstances. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

      4. Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) as the legal basis for that particular use of your data (including carrying out profiling based on our legitimate interests). In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your right to object.

      5. You also have the absolute right to object any time to the processing of your personal data for direct marketing purposes (see OPTING OUT OF MARKETING in 4.4(b) for details of how to object to receiving direct marketing communications).

      6. Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

      7. Withdraw consent at any time where we are relying on consent to process your personal data (see paragraph 4.1(d) for details of when we rely on your consent as the legal basis for using your data). However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.]

      8. Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in one of the following scenarios:

         1. If you want us to establish the data's accuracy;

         2. Where our use of the data is unlawful but you do not want us to erase it;

         3. Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or

         4. You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

   2. If you wish to exercise any of the rights set out above, [please contact us [see Contact details (10)] OR [SPECIFIC DETAILS OF WHO TO CONTACT FOR SUBJECT ACCESS RIGHTS]].

   3. No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

1. 4. What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

1. 5. Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

10. Contact details

If you have any questions about this privacy policy or about the use of your personal data or you want to exercise your privacy rights, please contact us in the following ways:

1. 1. 1. Email address : [info@beyondthebrick.com.au]

      2. Telephone number : [DETAILS]

2. Complaints

If you have concerns about how we collect, use, or disclose your personal information, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC), the regulator responsible for enforcing Australian privacy laws.

Office of the Australian Information Commissioner (OAIC)

1. 1. 1. Website : https://www.oaic.gov.au

      2. Phone : 1300 363 992

      3. Mailing Address : GPO Box 5218, Sydney NSW 2001, Australia

We encourage you to contact us first to allow us the opportunity to address your concerns before reaching out to the OAIC. You may contact our Privacy Officer at Beyond the Brick contact details provided above.

12. Changes to the privacy policy and your duty to inform us of changes

We keep our privacy policy under regular review. This version was last updated on [DATE].

13. Third-party links and user-generated content disclaimer

    1. This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

    2. 
       We act as a platform for user-generated reviews and does not endorse, verify, or take responsibility for the content of these reviews. All reviews reflect the opinions of individual users and not of BEYOND THE BRICK PTY LTD. We are not liable for any claims, damages, or legal actions arising from user-generated content, including defamation claims.