Privacy Policy

1. Introduction

Debtequity Pty Ltd as trustee for the Aussiedane International Family Trust, referred to in this Privacy Policy as Debtequity, we, our or us, is committed to protecting the privacy, confidentiality and security of personal information entrusted to us.

Debtequity operates in commercial, investment, capital structuring, advisory and related business contexts. In handling personal information, Debtequity seeks to act consistently with the Privacy Act 1988 (Cth), including the Australian Privacy Principles, and with the governance, confidentiality and record-keeping standards expected in wholesale investment, commercial mortgage, family office, corporate advisory and transaction-related environments.

Where Debtequity collects, uses, holds or discloses personal information in connection with any activity conducted under, referred to, administered by, or associated with Newport Private Wealth Pty Ltd ACN 166 931 960, AFSL 451820, Debtequity may handle, refer or escalate privacy matters in accordance with Newport Private Wealth’s privacy, compliance and complaints framework.

All third parties, including clients, counterparties, suppliers, sub-contractors, professional advisers, agents and service providers, that have access to or use personal information collected or held by Debtequity must handle that information consistently with this Privacy Policy and Collection Statement.

Debtequity makes this Privacy Policy available free of charge on its website at www.debtequity.com.au.

In this Privacy Policy:

• Disclosure of information means providing information to persons outside Debtequity.
• Personal information means information or an opinion relating to an individual which can be used to identify that individual.
• Privacy Officer means the contact person within Debtequity for questions or complaints regarding Debtequity’s handling of personal information.
• Sensitive information is personal information that includes information relating to a person’s racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, sexual preferences, criminal record and health information.
• Use of information means use of information within Debtequity.

2. What kind of personal information do we collect and hold?

We may collect and hold a range of personal information about you to conduct our business, communicate with stakeholders, assess opportunities, manage relationships, support transaction processes and meet legal, regulatory, compliance, investor management and governance obligations.

This may include:

• name;
• address;
• phone numbers;
• email addresses;
• occupation;
• business, company, trust or entity details;
• bank account details, where relevant;
• driver’s licence, passport or other identity verification information, where required;
• financial information, including investment, asset, liability, income or transaction-related information;
• information relevant to wholesale, sophisticated or professional investor status;
• insurance policy information, where relevant;
• estate planning or succession information, where relevant;
• taxation information;
• health information, where relevant and lawfully required or authorised;
• information required under anti-money laundering and counter-terrorism financing laws;
• information required under taxation, trust, company, registry, trustee, lender, investment or compliance processes; and
• information required under foreign account tax or beneficial ownership reporting regimes, where applicable.

3. How do we collect personal information?

We generally collect personal information directly from you. Personal information may be collected through enquiry forms, correspondence, application processes, investor forms, subscription documents, investor onboarding, verification processes, transaction files, mandate documents, due diligence processes and other interactions with you.

We may also collect personal information when you visit our website, use any online form, call us, email us, send correspondence or otherwise communicate with Debtequity.

We may collect personal information about you from third parties, including electronic verification services, referrers, professional advisers, accountants, lawyers, fund administrators, trustees, lenders, registry providers, compliance service providers, technology providers and marketing or website analytics providers. Where appropriate, we will take reasonable steps to ensure you are made aware of this Privacy Policy.

We may use third parties to analyse traffic on our website, which may involve the use of cookies. Information collected through such analysis is generally anonymous or aggregated unless otherwise disclosed.

We will not collect sensitive information about you without your consent unless an exemption under the Australian Privacy Principles applies.

If the personal information we request is not provided, we may not be able to provide services, assess eligibility, progress a transaction, satisfy legal or regulatory obligations, verify investor status, complete due diligence or meet your needs appropriately.

In many circumstances, Debtequity cannot practically or lawfully deal with individuals anonymously or under a pseudonym. Identification may be required for investment, wholesale investor verification, anti-money laundering, taxation, trustee, registry, lender, legal, governance or transaction-related purposes.

4. Unsolicited personal information

We may receive unsolicited personal information about you. We will destroy or de-identify unsolicited personal information we receive unless it is relevant to our lawful purposes for collecting personal information, or unless we are required or permitted by law to retain it.

5. Who do we collect personal information about?

The personal information we may collect and hold includes personal information about:

• clients;
• potential clients;
• investors and prospective investors;
• wholesale, sophisticated and professional investor applicants;
• borrowers, sponsors, vendors, counterparties and transaction participants;
• service providers and suppliers;
• professional advisers and consultants;
• prospective employees, employees and contractors; and
• other third parties with whom we come into contact.

6. Website collection

We collect personal information when we receive completed online forms from our website or related digital channels. We may also use third parties to analyse traffic to our website, which may involve the use of cookies. Information collected through such analysis is generally anonymous or aggregated.

You can view and access this Privacy Policy on our website at www.debtequity.com.au.

7. Why do we collect and hold personal information?

We may use and disclose the information we collect about you for the following purposes:

• to provide information, services, business communications and stakeholder updates;
• to assess investor eligibility, wholesale investor status, counterparty suitability or transaction relevance;
• to review and meet your ongoing needs;
• to consider, structure, assess, manage or administer transactions, mandates, investments, projects or commercial opportunities;
• to provide information we believe may be relevant or of interest to you, where permitted;
• to let you know about products, services, investment opportunities, events or updates, where permitted;
• to consider any concerns, disputes or complaints you may have;
• to comply with relevant laws, regulations, contractual obligations, trustee obligations, lender requirements, compliance frameworks and other legal obligations;
• to assist trustees, fund managers, administrators, registries, custodians, lawyers, accountants, auditors, lenders, consultants and other professional service providers involved in relevant mandates or transactions;
• to help us improve our services, stakeholder communications, investor communications, systems and business processes; and
• to maintain appropriate records, audit trails, compliance evidence, governance files, transaction records and trustee-defensible documentation.

We may use and disclose your personal information for any of these purposes. We may also use and disclose your personal information for secondary purposes which are related to the primary purposes set out above, or in other circumstances authorised by the Privacy Act.

Sensitive information will be used and disclosed only for the purpose for which it was provided, or a directly related secondary purpose, unless you agree otherwise or an exemption under the Privacy Act applies.

8. Who might we disclose personal information to?

We may disclose personal information to:

• related entities, trustees, trust entities, investment entities or associated business entities of Debtequity;
• Newport Private Wealth Pty Ltd, where relevant to activities conducted under, referred to, administered by, or associated with its AFSL, privacy, compliance or complaints framework;
• licensed financial services providers, responsible entities, trustees, fund managers, custodians, registries and administrators involved in relevant investment structures;
• lawyers, accountants, auditors, compliance consultants, tax advisers, valuers, quantity surveyors, consultants, technology providers and other professional advisers;
• lenders, financiers, security trustees, mortgage managers, servicers, credit assessors and debt market participants involved in a relevant transaction;
• agents, contractors or service providers we engage to carry out our functions and activities;
• organisations involved in a transfer, restructure, merger, sale or proposed sale of all or part of our assets, business or interests;
• organisations involved in managing payments, including payment merchants and financial institutions such as banks;
• regulatory bodies, government agencies, law enforcement bodies, courts and tribunals;
• financial product issuers and professional service providers connected with a relevant mandate, investment, fund, trust, project or transaction;
• anyone else to whom you authorise us to disclose it; and
• any person or organisation where disclosure is required or authorised by law.

If we disclose your personal information to service providers that perform business activities for us, they may only use your personal information for the specific purpose for which we supply it. We will take reasonable steps to ensure contractual arrangements with third parties adequately address privacy issues and that third parties are made aware of this Privacy Policy where appropriate.

9. Sending information overseas

We will not send personal information to recipients outside Australia unless:

• we have taken reasonable steps to ensure that the recipient does not breach the Privacy Act and the Australian Privacy Principles;
• the recipient is subject to an information privacy scheme similar to the Privacy Act;
• the disclosure is required or authorised by law; or
• the individual has consented to the disclosure.

If you consent to your personal information being disclosed to an overseas recipient and the recipient breaches the Australian Privacy Principles, we may not be accountable for that breach under the Privacy Act and you may not be able to seek redress under the Privacy Act.

Where it is practicable to identify the countries in which overseas recipients are likely to be located, Debtequity will do so in the relevant collection notice, mandate, data room terms, application document, investor document or transaction-specific disclosure.

10. Management of personal information

We recognise the importance of securing personal information. We will take reasonable steps to ensure your personal information is protected from misuse, interference, loss, unauthorised access, modification or disclosure.

Your personal information may be stored in electronic systems, secure databases, cloud-based systems, investor files, compliance records, document management systems, transaction rooms, trustee files or paper files. Paper files, where used, are stored in secure areas.

In relation to information held electronically, we apply security practices which may include:

• strong password requirements;
• defined data ownership and access permissions;
• changes to employee or contractor access when duties or roles change;
• employee and contractor compliance with operating procedures and policies for securing personal information;
• restricted access to systems and files based on role and business need;
• logging and review of unauthorised access attempts where systems support this;
• restrictions on unauthorised persons updating or editing personal information;
• physical and electronic security for devices and systems containing personal information;
• anti-virus and security updates where applicable;
• encryption during transmission where reasonably available and appropriate; and
• limits on printing or reporting of data containing personal information.

Where employees, contractors or advisers work remotely or from home, additional measures may include:

• two-factor authentication for remote access where reasonably available;
• password complexity requirements;
• access only to personal information directly relevant to their duties;
• prohibitions or restrictions on working in public spaces where privacy could be compromised;
• audit trails and audit logs to track access to personal information where systems support this;
• monitoring access to personal information and investigating unauthorised access;
• screen privacy and device-locking requirements;
• requirements that work devices not be used by other household members;
• secure storage of devices when not in use;
• restrictions on hard copies of documents containing personal information;
• prohibitions on emailing documents containing personal information to personal email accounts; and
• restrictions on disclosing personal information through personal chat groups or unauthorised channels.

11. Data breaches and security incidents

Debtequity maintains internal procedures to identify, assess, contain, manage and respond to privacy incidents and data security events.

Where Debtequity becomes aware of a suspected or actual data breach involving personal information, Debtequity will take reasonable steps to assess the circumstances, reduce the risk of harm, preserve relevant records and determine whether notification is required under the Notifiable Data Breaches scheme or any applicable law, contractual obligation, trustee obligation or AFSL-related compliance framework.

Where a data breach relates to activities conducted under, referred to, administered by, or associated with Newport Private Wealth Pty Ltd, Debtequity may notify, refer or escalate the matter to Newport Private Wealth in accordance with its privacy, compliance and incident management framework.

12. Direct marketing

We may only use personal information we collect from you for the purposes of direct marketing without your consent if:

• the personal information does not include sensitive information;
• you would reasonably expect us to use or disclose the information for direct marketing;
• we provide a simple way of opting out of direct marketing; and
• you have not requested to opt out of receiving direct marketing from us.

If we collect personal information about you from a third party, we will only use that information for direct marketing if you have consented, or it is impracticable to obtain your consent, and we will provide a simple means by which you can request not to receive direct marketing communications from us.

You have the right to request that we do not use or disclose your personal information for direct marketing, or for facilitating direct marketing by other organisations. We will give effect to such a request within a reasonable period of time.

13. Automated decision support and technology-assisted processes

Debtequity may use technology, workflow rules, secure portals, data rooms, verification tools or computer-assisted processes to support identity verification, investor eligibility checks, onboarding, compliance review, transaction assessment, record management, document management and administrative workflows.

These tools are used to support administrative, compliance and governance processes. Debtequity does not rely on automated processing as a substitute for required human review where a decision may materially affect a person’s rights, eligibility or interests, unless this is disclosed and managed in accordance with applicable privacy law.

14. Identifiers

We do not adopt identifiers assigned by the Government, such as driver’s licence numbers, as our own file recording identifiers unless one of the exemptions under the Privacy Act applies.

15. How do we keep personal information accurate and up-to-date?

We are committed to ensuring that the personal information we collect, use and disclose is relevant, accurate, complete and up-to-date.

We encourage you to contact us to update any personal information we hold about you. If we correct information that has previously been disclosed to another entity, we will notify the other entity within a reasonable period of the correction where required.

Where we are satisfied information is inaccurate, we will take reasonable steps to correct the information within 30 days unless you agree otherwise. We do not charge you for correcting information.

16. Accessing your personal information

Subject to the exceptions set out in the Privacy Act, you may request access to personal information that we hold about you by contacting Debtequity’s Privacy Officer.

We will endeavour to provide access within 30 days of your request. If we refuse to provide information, we will provide reasons for the refusal where required by law.

We may require identity verification and specification of the information requested. An administrative fee for search, retrieval or photocopying costs may be charged for providing access where permitted.

Privacy access requests relating to Newport Private Wealth authorised activities may also be referred to Newport Private Wealth’s Compliance Officer by email at enquiries@newportpw.com.

17. Updates to this Privacy Policy

This Privacy Policy will be reviewed from time to time to take account of new laws, technology, changes to our operations, changes to the legal and regulatory environment and changes to the business environment.

18. Responsibilities

It is the responsibility of management to inform employees, contractors and other relevant third parties about this Privacy Policy.

Management must ensure that employees and other relevant third parties are advised of any changes to this Privacy Policy. New employees and contractors are to be provided with timely and appropriate access to this Privacy Policy, and relevant personnel are to receive training or guidance in relation to appropriate handling of personal information.

Employees, contractors or other relevant third parties that do not comply with this Privacy Policy may be subject to disciplinary or contractual action.

19. Non-compliance and disciplinary actions

Privacy breaches must be reported to management by employees, contractors and relevant third parties. Ignorance of this Privacy Policy will not be an acceptable excuse for non-compliance.

Employees, contractors or other relevant third parties that do not comply with this Privacy Policy may be subject to disciplinary, contractual or other appropriate action.

20. Incidents, complaints handling and making a complaint

We maintain a complaint handling process to manage privacy risks and privacy issues.

The complaints handling process is intended to:

• identify and address systemic or ongoing compliance problems;
• increase confidence in our privacy procedures; and
• help preserve our reputation, governance standards and business integrity.

You can make a complaint to us about the treatment or handling of your personal information by lodging a complaint with Debtequity’s Privacy Officer.

If you have any questions about this Privacy Policy, or wish to make a complaint about how we have handled your personal information, you can lodge a complaint by emailing: admin@debtequity.com.au.

Where your complaint relates to activities conducted under, referred to, administered by, or associated with Newport Private Wealth Pty Ltd ACN 166 931 960, AFSL 451820, Debtequity may refer or escalate the matter to Newport Private Wealth’s Compliance Officer.

Privacy complaints relating to Newport Private Wealth authorised activities may also be referred directly to Newport Private Wealth by email at enquiries@newportpw.com.

If you are not satisfied with our response to your complaint, you may also refer your complaint to the Office of the Australian Information Commissioner by:

• telephoning: 1300 363 992;
• writing to: Director of Complaints, Office of the Australian Information Commissioner, GPO Box 5218, Sydney NSW 2001; or
• using the OAIC online complaint form available through the OAIC website.

21. Contractual arrangements with third parties

We take reasonable steps to ensure contractual arrangements with third parties adequately address privacy issues and that relevant third parties are made aware of this Privacy Policy.

Third parties may be required to implement policies and procedures in relation to the management of personal information in accordance with the Privacy Act. These policies and procedures may include:

• regulating the collection, use and disclosure of personal and sensitive information;
• de-identifying personal and sensitive information wherever possible;
• ensuring that personal and sensitive information is kept securely, with access limited to authorised employees, contractors or agents; and
• ensuring that personal and sensitive information is only disclosed to organisations approved by us or otherwise authorised by law.

22. Your rights

This Privacy Policy contains information about how:

• you may access the personal information we hold about you;
• you may seek correction of your personal information;
• you may ask us to provide an alternative means of identity verification for anti-money laundering and counter-terrorism financing purposes, where applicable;
• you may complain about a breach of the Privacy Act, including the Australian Privacy Principles; and
• we will deal with a privacy complaint.