Privacy Policy


Our commitment to privacy

CBM INV PTY LTD is committed to respecting your right to privacy and protecting your personal information. We are bound by the Privacy Act 1988 (Cth) (Act) and the Australian Privacy Principles contained within the Act.

We take reasonable steps to ensure that all officers, employees, and subcontractors understand and comply with their obligations under the Act. This is achieved through internal policies, procedures, and ongoing training designed to prevent personal information from being collected, used, disclosed, retained, accessed, or disposed of improperly.

This Privacy Policy applies to all dealings you have with us, whether in person, by telephone, email, correspondence, through our website, or via our social media platforms.

Purpose of this Policy

The purpose of this Policy is to:

  • Explain the types of personal information we collect and hold;

  • Clearly outline how and when we collect, use, disclose, store, and manage personal information;

  • Describe the purposes for which personal information is collected and used;

  • Inform you how you may access and correct your personal information;

  • Explain how you may make a privacy-related complaint and how we will handle it;

  • Advise when personal information may be disclosed to overseas recipients; and

  • Promote transparency in our operations.

Definitions

For the purposes of this Policy, terms have the meanings given to them in section 6 of the Act.

Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether recorded in a material form or not.

Sensitive information includes information or an opinion about an individual’s racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, trade union membership, sexual orientation or practices, criminal record, health information, genetic information, biometric information, or biometric templates.

Health information includes information or opinions about an individual’s health, disability, provision of health services, genetic information, or information collected in connection with the donation of body parts or substances.

Collection of personal information

We collect personal information in order to provide real estate, property management, marketing, and related services. We only collect personal information that is reasonably necessary for, or directly related to, our services and functions.

The types of personal information we may collect include (but are not limited to):

  • Name and date of birth;

  • Residential, postal, and email addresses;

  • Telephone and mobile numbers;

  • Occupation and business details;

  • Financial information (including employer details and banking institution);

  • Details of spouses, partners, dependants, or occupants;

  • Property ownership and tenancy information.

Sensitive information

We do not ordinarily request sensitive information. However, sensitive information may be incidentally disclosed, for example:

  • Requests for disability access features (which may indicate health information);

  • Disclosure of relationship details (which may indicate sexual orientation).

We will only collect sensitive information where:

  • It is reasonably necessary for our services or functions; and

  • You have consented; or

  • We are required or authorised by law.

How personal information is collected

Where reasonable and practicable, we collect personal information directly from you. This may occur when you complete forms, communicate with us, or interact with us in person, by phone, email, correspondence, or online.

We may also collect personal information from third parties or publicly available sources, including:

  • Credit reporting agencies;

  • Legal advisers;

  • Employers or referees;

  • Previous lessors or property managers;

  • Tenancy databases and government authorities.

If we receive unsolicited personal information, we will assess whether it could lawfully have been collected. If not, the information will be destroyed or de-identified where lawful and reasonable.

You may deal with us anonymously or using a pseudonym where lawful and practicable. However, anonymity may prevent us from providing certain services (for example, lodging documents with government agencies).

Website and online information collection

We may collect personal information through our website, including names, contact details, and enquiry information. We may also collect anonymous demographic data such as postcode, age range, and general preferences.

Technical information may be automatically collected, including IP address, browser type, access times, and referring websites. This information is used for website operation, security, and analytics.

If you disclose personal information through public forums such as blogs or comments, that information may be visible to others. We do not monitor private online communications.

Our website may contain links to external websites. We are not responsible for the privacy practices of third-party websites.

Use and disclosure of personal information

We use personal information to provide services including (but not limited to):

  • Selling or purchasing property;

  • Leasing property as lessor or lessee;

  • Property management and maintenance;

  • Financing, bonds, and tenancy matters;

  • Marketing and client relationship management;

  • Compliance with legal and regulatory obligations.

We may disclose personal information to:

  • Buyers, sellers, lessors, or lessees involved in a transaction;

  • Legal advisers, financial institutions, insurers, and service providers;

  • Tradespeople and contractors;

  • Government agencies and statutory authorities;

  • Real estate platforms, peak bodies, and databases;

  • Payment processors and financial institutions;

  • Parties involved in business restructuring or sale.

We only disclose personal information for the primary purpose for which it was collected, or a related purpose you would reasonably expect.

Marketing and advertising

We may use your personal information to inform you about services or opportunities you may be interested in. You may opt out of marketing communications at any time by:

  • Using the unsubscribe link in communications; or

  • Contacting us directly.

We do not use sensitive information for direct marketing without your express consent.

We may use encrypted (hashed) data to create custom audiences on advertising platforms such as Google, Facebook, or Instagram.

Overseas disclosure

In some circumstances, personal information may be disclosed to overseas recipients (for example, cloud hosting or software providers). We take reasonable steps to ensure overseas recipients comply with the Australian Privacy Principles.

Security of personal information

Personal information may be stored electronically or in hard copy. We take reasonable steps to protect personal information, including:

  • Confidentiality agreements with staff and contractors;

  • Secure document storage;

  • Restricted system access;

  • Physical security controls;

  • Website and data security measures.

Information no longer required is securely destroyed or de-identified.

Access and correction

You may request access to or correction of your personal information. Requests will be acknowledged within 10 business days and processed within 10–20 business days, depending on complexity.

We may refuse access in limited circumstances permitted by law. If access or correction is refused, we will provide written reasons and complaint options.

Complaints

If you believe your privacy has been breached, you may lodge a complaint with us. We will acknowledge complaints within 2 business days and aim to resolve them within 20 business days.

If you are dissatisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC).