This policy sets out how and why The Investors Agency Pty Ltd ACN 633 337 854 (TIA) and its related entities, including DIYBA Aus Pty Ltd ACN 650 136 771 (DIYBA), collect, use, hold and disclose your personal information (which we call information). In this policy, we, us, or our refers to both of TIA and DIYBA, unless the context indicates otherwise.
However, this policy does not apply to any information that is not ‘personal information’ as defined in the Privacy Act 1988 (Cth) (Privacy Act), despite us using the term ‘information’ in this policy.
- Our commitment to you
We are committed to being transparent about our management of your personal information and take all reasonable steps to ensure our practices and procedures relating to our activities comply with any applicable requirements in the Privacy Act.
We do so by striving to adhere to the following principles:
- your personal information will be collected, stored, used and disclosed in accordance with all applicable privacy laws;
- your personal information will generally only be used where necessary for us to deliver our products or services or perform other reasonably necessary business functions and activities.
We will not use or disclose your personal information for purposes unrelated to our business’ services and activities, unless we first obtain your consent or where doing so would not breach applicable privacy laws.
By engaging with our business or by providing your personal information to us, you consent to our collection, storage, use and disclosure of your personal information, in accordance with this policy.
- Why do we need personal information?
Your personal information is important to us as we may require it in order to conduct our business and provide our products and services to you. We refer to our business activities, including TIA’s buyer’s agency services and DIYBA’s activities and software/online application (App) and related services as our Products in this policy.
In order to conduct our business and provide our Products most effectively, we will be required to rely on the collection of personal information that is provided to us. Some of the reasons for why such personal information may be required include the following:
- to process your request for our Products, including accepting your request, arranging for you to create an account with us (whether via DIYBA’s App, website or otherwise), arranging for the provision of Products (if agreed), liaising with you in respect of our Products or any defects in our Products and any similar matters;
- to make our App and website available to customers to facilitate a customer-friendly platform whereby we can showcase our Products, in which case we will collect personal information regarding your interaction with our App and website so we can improve it and to handle enquiries and complaints placed via our App and website;
- to add value to our services especially when we are dealing with you and provide assistance with the selection of our Products and the like;
- internal processes and operations, such as data analytics, record keeping or training;
- to continually enhance and improve our services to our customers and our Product offering, as well as allowing us to notify our customers and those we deal with regarding new Products that are available where we consider they may be interested in those new Products; and
- to comply with all applicable laws and regulations in fulfilling our obligations to our customers and other businesses and persons we deal with.
We refer to the above matters and the other purposes for which we may collect and handle your personal information as our Activities in this policy. Our Activities also include any functions or purposes that we may specify to you at the time of requesting the personal information, as well as any other functions or purposes for which you provide us the relevant personal information.
We may also need personal information to perform functions that are incidental to, or are otherwise reasonably necessary for us to, operate our business, conduct our Activities or provide our Products.
In order to achieve the above, we rely on you to provide us with accurate personal information to enable us to provide you with continually improving Products and to continually improve our services and support.
- Collecting your personal information
What personal information might we collect?
The types of personal information we may collect, hold, use or disclose will depend on your interactions with us. Examples of the types of personal information we collect are set out below.
Personal information you provide to us directly: we may collect and hold personal information you provide to us directly. For example, such personal information may include:
- Contact or demographic information: names (such as a customer’s name who provides their details creating an account with the App or accessing our Products), delivery or correspondence addresses (such as postal or email addresses), phone numbers, dates of birth, nationality, languages and, if you contact us via social media, then we may record your social media account;
- Payment information: bank accounts details, credit or debit card details (such as for customers who provide their credit card details to DIYBA via the App or for clients of TIA when they are arranging payment of TIA’s fees), payment history details and associated transaction details; and
- Product information: personal information related to customer preferences and interests, information relevant to customer surveys or offers or information in respect of requirements for our Products or similar matters.
Sensitive information you provide: We will generally not collect ‘sensitive information’ (as defined in the Privacy Act) from you, unless you provide that information to us directly.
Information from third parties: We may collect personal information about you from third parties, such as where your accountant, agent or a person requesting Products on your behalf provides us with your personal information or where us or our insurers are investigating a claim in respect of our Products.
Information we create using your personal information: We may develop information using your personal information. For example, where you make a complaint, we may develop and keep a record of the complaint which may contain your personal information. We may develop information in the form of internal quality assurance reports, evaluative reports regarding our sales targets, customer satisfaction data or record of interactions, file notes and/or any recorded phone conversations with you that may be kept for quality assurance purposes.
Information we collect automatically: We may collect personal information about you automatically when you visit our websites, such as your IP address and device type. Some of this information may be collected using cookies and similar tracking technologies.
Public information: We may collect personal information from publicly available sources such as ASIC records, credit history details (provided we have your consent to obtain the relevant credit report).
How do we collect your personal information?
Information we request
Our general practice is to collect information directly from you, as and when required, such as when you complete our forms (such as online forms to create an account with DIYBA and information you provide in a client engagement agreement for buyer’s agency services with TIA) and when you contact us expressing a desire to access our Products or conduct business with us.
Ordinarily, we are most likely to collect information from you through our website and App. We may also to collect personal information from you during your discussions with us either via, email (i.e. when you email us with your queries), telephone (i.e. when you might call us with your queries), web queries (i.e. when you interact with our website), through in person discussions, through online forms, contracts, and/or social media networking platforms (such as Instagram and Facebook).
You have the option not to provide any personal information that we request. Depending upon what information you do not wish to provide, we may not be able to deal with you or your requests further on a particular matter. For instance, if you make a complaint but refuse to provide your contact information, then we may not be able to process or escalate your complaint. Where you provide us with personal information on request, we do so on the understanding that you consent to our collection because you have this option to refuse to provide that information.
You may have the option not to identify yourself or identify yourself by a pseudonym. However, this is not generally practical for us as we need to know who you are in order to contact and liaise with you and to process your orders, to ensure that you are authorised to provide credit card information to us and in order to best provide our Products to you. For example, if you are a customer needing TIA’s to purchase an investment property, we will need to know who you are so that we know who we are entering into a contract with, so we can contact you to clarify any information that may have been provided and so that we can negotiate terms and price on your behalf. We still need your legal name when you create an account with us, otherwise we may not know who to contact in the event of a dispute and we will not know who to charge for the Products.
Where we collect personal information about you from someone other than you, this is generally because it would be unreasonable or impracticable for us to do so.
Personal information we do not request
Sometimes you may voluntarily provide us with personal information that we have not requested. If this happens, we may use and disclose the personal information in order to determine whether we could have collected the information had we requested it. If we consider that we could not have collected the personal information, then we may either destroy or de-identify that personal information as soon as reasonably practical where required by law.
- Holding your personal information
Your personal information may be stored in hard copy, electronically or both. We do not adopt or use any identifiers that a government agency may have assigned to you.
Electronic information may be stored on our computer systems and networks and on our customer relationship management platforms, our accounting platforms and our email platforms. Our digital systems are protected by mechanisms which may include passwords, firewalls, antivirus software, scheduled password changes, internal access limitation processes and internal monitoring, depending on the relevant system.
Where we store your personal information, we take reasonable steps to ensure it is protected from misuse, interference, loss or unauthorised access, modification or disclosure. However, we cannot guarantee that this will never occur. If a serious data breach occurs, and we believe your personal information has been compromised, we will assess the breach as soon as we become aware of it and take all reasonable and necessary steps as prescribed under Australian privacy laws.
We also take reasonable steps to destroy or permanently de-identify personal information that we no longer need for any purpose required by law.
- Retention of personal information
The amount of time we may keep your personal information will depend on the circumstances and whether we have an ongoing business need to retain it (such as whether we have agreed to provide you with Products and the Products are still within a warranty period offered by us or under law or whether we need to retain it due to legal requirements such as financial reporting legislation, product defect laws or the like).
We will retain your personal information for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our internal retention policies and practices. Following that period, we will make sure such personal information is deleted or anonymised where required by law.
- Using your personal information
We may use your personal information to perform our Activities (as outlined above) or any activities that are related (or in the case of sensitive information, directly related) to the performance of our Activities. We may do these things without your prior consent where the law allows or requires us to do, including where it is impracticable for us to obtain your consent.
We may provide your personal information to law enforcement agencies and regulatory authorities where required from time to time. We may also provide your personal information to third parties such as our professional advisors, third-party service providers, any payment providers or any sub-contractors, where they are providing services to us and such personal information is necessary for them to provide those services.
Do we use your personal information for direct marketing?
We may use your personal information to directly market our Products to you. This marketing material may be sent by email, SMS, phone or post. We may also use personal information collected about you from other individuals for these purposes where it is impracticable to obtain your consent in advance.
Where you have signed up to DIYBA’s App, the current T&Cs applicable to the App generally allow DIYBA to send you electronic direct messages for marketing purposes (such as details of promotions or offers from third parties who goods or services are displayed in the App). If you do not want to receive those messages, please let us know.
You may ‘opt-out’ or raise any concerns you may have regarding these messages by contacting us through our website or by ‘unsubscribing’ to such emails, SMS messages or any such marketing, where such an option is made available.
- Disclosing your personal information
When may we disclose your personal information?
We may disclose your personal information to perform our Activities or any functions that are related (or in the case of sensitive information, directly related) to the performance of those Activities. This may include disclosing personal information to:
- our related entities where reasonably required to operate their respective businesses, including to facilitate the collection of debts on behalf of our related entities or enforce their rights under any agreement between our related entities and us;
- business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you that relates to our Products;
- third-party service providers or contractors that we engage, such as those that provide our cloud-based computing systems, transport and delivery services or our IT contractors, but we will usually only do this where those third parties are accessing our records generally to help us with any issues we are having, or where specifically needed in connection with any supply of our Products to you;
- third parties who advertise their goods, services or other products via the App, as the App may allow you to contact those third parties directly and the functionality of the App may pass on contact information from you to that third party and vice versa;
- analytics and search engine providers that assist us in improving and optimising your use of our website.
As TIA and DIYBA have shared premises, staff, systems and other material, information provided to TIA may be shared with and accessible by DIYBA and vice versa. Accordingly, by providing TIA or DIYBA with your personal information, you acknowledge that it may be shared between those two businesses. Further, DIYBA’s App may allow you to elect to engage a buyer’s agent as part of a ‘managed purchase’ or similar arrangement. Where you choose to do so, DIYBA will pass on your contact details and information you have supplied via the App (such as the property you are interested in purchasing) to TIA in order for TIA to contact you and assist you with the purchase of the property.
We will not otherwise disclose personal information unless we believe we have reasonable grounds to do so or that we reasonably believe you have provided your authorisation for us to do to. You should be aware however, that we may be required to disclose personal information without your consent in order to comply with any court orders, subpoenas or any other legal process or investigation including by tax authorities, if such disclosure is required by law. Where possible and appropriate, we will attempt to notify you if we are required by law to disclose your personal information.
Are we likely to disclose personal information to overseas recipients?
We do not intend to disclose personal information overseas, unless you have provided the information to us for that purpose, where we are providing you with Products overseas, where you have contacted us from overseas or where required by law.
However, there are some circumstances where we may disclose personal information overseas, such as where we use secure cloud storage services that may have servers located overseas or when you communicate with us through a social network service (e.g. Facebook), and the social network provider and its partners may collect and hold your personal information overseas.
We may also need to comply with overseas authorities in the event you (or those who you represent) also carry on business overseas and an overseas authority issues us with a valid court order, subpoena or other such legal demand to cooperate with their legal investigations with respect to you.
- How can you access and correct your personal information?
It is primarily your responsibility to ensure that the information you provide to us is accurate, complete and up-to-date. We may periodically review your information to ensure that it is accurate, up-to-date, complete and relevant. Where we have reason to believe that your information may not be accurate, up-to-date, complete or relevant then we may either attempt to contact you to correct the information or deidentify or destroy the personal information as required by law.
You may request access to the personal information we hold about you, or request that we update or correct any personal information we hold about you or ask us to restrict or cease processing your personal information or even delete your personal information, by setting out your request in writing and sending it by contacting us through our website.
Where you make a request to access your personal information, we will do our best to respond within a reasonable period. While we may allow access and provide the means by which you can access your personal information, we may refuse the request where we are entitled to do so under the Privacy Act or at law. In this event, we will tell you the grounds for this refusal as well as suggested steps which may allow you to access your personal information in the circumstances of our refusal. You may complain about this refusal by making a complaint as set out below.
- External links
Cookies and similar matters
What are cookies?
What cookies do we use?
Our website uses persistent and session cookies. Persistent cookie allows a website to recognise users when they return to a site and keep certain information on user preferences. These cookies may stay on a computer until they are deleted by the user. Session cookies allow a website to carry over information from one page to another so that a user does not have to re-enter information. These cookies deleted themselves at the end of the session or at a certain time.
We also use traffic log cookies including third-party partners such as Google and Facebook to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. These cookies also allow us to display promotional material on other sites you visit across the internet. You can manage your preferences in relation to targeted online advertising directly through digital platforms such as Google or Facebook.
If you would like details of the specific cookies we use on our website, please contact us via the details below.
Your privacy concerns and making a complaint
If you have any concerns or are unhappy about how your information is handled, please contact us at:
Phone: +61 02 8385 5923
Post: 11/22 Darley Rd, Manly, NSW, 2095
Upon receipt of your concerns we will designate an appropriate individual within our organisation who will liaise with you regarding the complaint and how it can be resolved. We will do our best to provide a response to your complaint within 30 days of receipt. If it will take longer, we will contact you to let you know why and ask for more time.
Contacting the Office of the Australian information Commissioner
If you would like more information regarding Australian privacy laws, or to make a complaint, refer to the Office of the Australian information Commissioner (OAIC) who can be contacted at:
Address: GPO Box 5218, Sydney NSW 2001
Phone: 1300 363 992
However, please note that at the date this policy was adopted (outlined below), neither TIA nor DIYBA are subject to the Privacy Act and the OAIC may not be able to assist you with your complaint.
- Changes to this policy
This policy will be routinely reviewed to ensure it is accurate, up-to-date and complies with any and all updates under Australian privacy law. The current policy is published on our website or can be obtained by contacting us using the information above.
Where we amend the terms of this policy from time to time, we will notify you of any changes by posting an updated version of this policy on our website. It is your responsibility to check the website periodically for any changes.
This policy was last reviewed and updated on 1 April 2022.