WOODGATE REALTY
PRIVACY POLICY
This Privacy Policy explains how Woodgate Realty Pty Ltd (“Woodgate Realty”, “we”, “our” or “us”) collects, holds, uses, discloses, secures and manages personal information in accordance with:
a. the Privacy Act 1988 (Cth);
b. the Australian Privacy Principles (“APPs”);
c. the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (“AML/CTF Act”); and
d. associated AML/CTF Rules and regulatory guidance.
This Privacy Policy applies to personal information collected in connection with:
a. property sales;
b. leasing and property management services;
c. customer enquiries and communications;
d. identity verification procedures;
e. AML/CTF compliance obligations;
f. website interactions; and
g. any other services provided by us.
This Privacy Policy has been prepared having regard to the Office of the Australian Information Commissioner (“OAIC”) Privacy guidance for reporting entities under the AML/CTF Act (February 2026).
By engaging our services, accessing our website, or otherwise providing personal information to us, you acknowledge and consent to the collection, use and disclosure of your personal information in accordance with this Privacy Policy.
1. Privacy governance and compliance
Woodgate Realty is committed to maintaining practices, procedures and systems to ensure compliance with applicable privacy obligations.
We maintain internal procedures relating to:
a. collection and handling of personal information;
b. AML/CTF compliance procedures;
c. identity verification procedures;
d. data retention and destruction;
e. cyber security and access controls;
f. privacy complaints and enquiries;
g. data breach response procedures; and
h. staff privacy and confidentiality training.
The agency has designated personnel responsible for privacy management and AML/CTF compliance.
2. Types of personal information collected
We may collect personal information reasonably necessary for our business activities and legal obligations, including:
a. names;
b. residential, postal and business addresses;
c. email addresses;
d. telephone numbers;
e. date of birth;
f. identification details;
g. property ownership information;
h. transaction information;
i. trust and company ownership information;
j. financial and payment information;
k. tenancy information;
l. records of communications;
m. CCTV or photographic images where applicable; and
n. any other information reasonably necessary for our services or compliance obligations.
For AML/CTF purposes, we may also collect:
a. beneficial ownership information;
b. source of funds or source of wealth information;
c. sanctions or politically exposed person screening information;
d. verification outcomes and risk assessments; and
e. information reasonably necessary for customer due diligence obligations.
We will take reasonable steps to ensure we only collect information reasonably necessary for our functions and activities.
3. Collection of personal information
We may collect personal information:
a. directly from you;
b. through contracts, forms and agency agreements;
c. through our website;
d. during sales, leasing and property management activities;
e. through identification and verification processes;
f. from publicly available registers and databases;
g. from financial institutions and professional advisers;
h. from third party verification providers;
i. from government agencies and regulators; and
j. from other persons where authorised or required by law.
Where reasonable and practicable, personal information will be collected directly from the relevant individual.
In some circumstances, we may collect personal information from third parties where:
a. this is authorised or required by law;
b. direct collection is unreasonable or impracticable; or
c. collection relates to AML/CTF compliance obligations, including beneficial ownership enquiries.
4. AML/CTF identity verification
As a reporting entity under the AML/CTF Act, we are required to undertake customer due diligence and identity verification procedures.
This may include:
a. verification of identity documents;
b. electronic identity verification;
c. verification of companies, trusts and beneficial ownership structures;
d. sanctions screening;
e. politically exposed person screening;
f. source of funds or source of wealth enquiries;
g. transaction risk assessments; and
h. ongoing customer due diligence.
We may use external providers including PEXA Clear and other compliance providers to assist with identity verification and AML/CTF compliance processes.
Where legally required, failure to provide requested information may result in:
a. delays to transactions;
b. refusal to provide services;
c. termination of engagements; or
d. reporting obligations arising under the AML/CTF Act.
Where required or authorised by law, we may disclose personal information to AUSTRAC, law enforcement agencies or other regulators.
5. Sensitive information and biometric information
Some information collected for AML/CTF purposes may constitute sensitive information under the Privacy Act.
This may include:
a. politically exposed person information;
b. sanctions screening information;
c. criminal history information where permitted by law; or
d. biometric information used for electronic identity verification.
Where biometric verification or identification processes are used, we will:
a. seek consent where required;
b. provide appropriate notice regarding the process;
c. ensure collection is reasonably necessary and proportionate; and
d. use reputable verification providers with appropriate security safeguards.
6. Purpose of collection
We collect, hold, use and disclose personal information for purposes including:
a. providing real estate and property services;
b. facilitating sales and leasing transactions;
c. property management activities;
d. customer due diligence and identity verification;
e. compliance with legal and regulatory obligations;
f. fraud prevention and risk management;
g. compliance with AML/CTF obligations;
h. responding to enquiries and complaints;
i. administration and record management;
j. cyber security and systems management;
k. direct marketing where permitted by law; and
l. any other purpose reasonably connected with our business operations.
7. Disclosure of personal information
We may disclose personal information to:
a. employees, contractors and agents;
b. vendors, purchasers, landlords and tenants;
c. financial institutions;
d. legal and professional advisers;
e. conveyancers and settlement agents;
f. identity verification providers;
g. information technology and cloud storage providers;
h. insurers and auditors;
i. government departments and regulators;
j. AUSTRAC;
k. courts and law enforcement agencies; and
l. any other person authorised or required by law.
Personal information collected for AML/CTF purposes may be used or disclosed where:
a. required or authorised by law;
b. reasonably necessary for AML/CTF compliance;
c. required for suspicious matter reporting obligations; or
d. necessary to prevent fraud, unlawful conduct or financial crime.
We will not disclose information where doing so would contravene applicable secrecy or tipping off obligations under the AML/CTF Act.
8. Overseas disclosure
Some third-party providers or cloud systems used by us may store or process information outside Australia.
Where overseas disclosure occurs, we will take reasonable steps to ensure recipients handle information consistently with Australian privacy obligations.
We may conduct due diligence regarding overseas service providers, including reviewing:
a. privacy and security practices;
b. data breach response procedures;
c. contractual privacy obligations; and
d. storage and access arrangements.
9. Security of personal information
We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification and disclosure.
Security measures may include:
a. password-protected systems;
b. multi-factor authentication;
c. restricted staff access;
d. audit logs and monitoring;
e. encryption technologies;
f. secure cloud storage;
g. cyber security protections;
h. secure disposal procedures; and
i. staff confidentiality obligations.
We maintain a data breach response process to manage suspected or actual data breaches in accordance with applicable legal obligations.
The Notifiable Data Breaches scheme may apply where eligible data breaches occur.
10. Retention and destruction of information
We retain personal information only for as long as reasonably necessary for:
a. business operations;
b. legal obligations;
c. AML/CTF compliance obligations; or
d. other permitted purposes under the Privacy Act.
Where information is no longer required, we will take reasonable steps to securely destroy or de-identify it.
From commencement of the amended AML/CTF regime applying to tranche 2 reporting entities, we generally do not retain copies of full identity documents for AML/CTF record keeping purposes unless otherwise required or authorised by law.
Instead, we may retain:
a. document type;
b. verification outcomes;
c. identifying reference information;
d. expiry dates;
e. risk assessments; and
f. records reasonably necessary to demonstrate AML/CTF compliance.
We may maintain destruction schedules or retention registers to assist with compliance obligations.
11. Website data and cookies
When individuals access our website, we may automatically collect information including:
a. browser type;
b. operating system information;
c. IP address information;
d. pages viewed;
e. access times; and
f. referring websites.
We may use cookies and analytics technologies to improve website functionality and user experience.
Users may adjust browser settings to refuse cookies, although some website functionality may be affected.
12. Access and correction
Individuals may request access to personal information held by us, subject to legal exceptions.
We may require verification of identity before granting access.
We may refuse access where:
a. disclosure would be unlawful;
b. disclosure would prejudice enforcement activities;
c. disclosure would breach tipping off obligations under the AML/CTF Act; or
d. another lawful basis for refusal applies.
If access is refused, we will provide written notice unless doing so would itself contravene legal obligations.
Individuals may also request correction of inaccurate, incomplete or outdated information.
13. Privacy complaints
If you believe we have breached privacy obligations or mishandled personal information, you may submit a complaint to us in writing.
We will:
a. investigate complaints;
b. respond within a reasonable period where practicable;
c. maintain internal complaint handling procedures; and
d. provide information regarding further complaint avenues where appropriate.
Complaints may also be referred to the Office of the Australian Information Commissioner.
14. Staff training and third-party providers
We provide privacy and AML/CTF-related training to relevant staff regarding:
a. handling personal information;
b. confidentiality obligations;
c. cyber security;
d. AML/CTF compliance;
e. suspicious matter escalation; and
f. privacy complaint handling.
Where third-party providers handle personal information on our behalf, we may:
a. review their privacy and security arrangements;
b. require contractual confidentiality obligations;
c. undertake due diligence assessments; and
d. periodically review compliance arrangements.
15. Changes to this Privacy Policy
We may amend this Privacy Policy from time to time to reflect legal, operational or regulatory changes.
The current version of this Privacy Policy will be published on our website.
16. Contact details
Woodgate Realty Pty Ltd
Address:
2/14 Frizzells Road
Woodgate QLD 4660
Telephone:
(07) 4126 5199
Email:
[email protected]
This Privacy Policy has been updated to align with OAIC Privacy guidance for reporting entities under the AML/CTF Act (February 2026), including guidance regarding collection limitation, AML/CTF collection notices, APP compliance, data retention, destruction obligations, third-party providers, overseas disclosure, data breach response planning, and restrictions on retaining copies of full identification documents.