Privacy Policy

2.1 Personal Information

We collect personal information necessary to provide our services and comply with legal obligations, including:

• Full name (including any previous names)
• Date of birth
• Residential address and previous addresses
• Contact details (phone number, email address)
• Government-issued identification details (driver's licence, passport, Medicare card)
• Occupation and employment details
• Financial information and transaction history
• Source of funds and wealth information
• Business activities and purpose of transactions

2.2 AML/CTF Specific Information

To comply with the AML/CTF Act, we collect additional information including:

• Beneficial ownership information for companies, trusts, and other entities
• Details of politically exposed persons (PEPs) status
• Information about the nature and purpose of the business relationship
• Transaction patterns and account activity
• Information to verify your identity and assess money laundering and terrorism financing risks
• Details of authorised signatories and controllers

4.1 Primary Purposes

We collect and use your personal information to:

• Provide you with our products and services
• Verify your identity and assess your application
• Manage your account and process transactions
• Communicate with you about your account
• Improve our products and services
• Conduct market research and analysis

4.2 AML/CTF Compliance Purposes

We are required by law to collect and use your information to:

• Verify your identity as required under the AML/CTF Act
• Conduct initial and ongoing customer due diligence (CDD)
• Assess and manage money laundering, terrorism financing, and proliferation financing risks
• Monitor transactions for suspicious activity
• Report to the Australian Transaction Reports and Analysis Centre (AUSTRAC)
• Comply with sanctions and counter-terrorism financing obligations
• Maintain records as required by law
• Respond to requests from law enforcement and regulatory authorities

Important: Our collection and use of information for AML/CTF compliance is a legal requirement. We cannot provide services to you if you do not provide the required information.

5.1 General Disclosures

We may disclose your personal information to:

• Service providers and contractors who assist us in operating our business
• Payment processors and financial institutions
• Professional advisors (lawyers, accountants, auditors)
• Related entities within our corporate group
• Third parties with your consent

5.2 AML/CTF and Regulatory Disclosures

We may disclose your information to:

• AUSTRAC – for reporting suspicious matters, threshold transactions, and other regulatory reports
• Australian Federal Police and state/territory police – for investigation of suspected criminal activity
• Australian Securities and Investments Commission (ASIC) and other regulatory bodies
• Foreign government agencies – under international information-sharing agreements
• Identity verification service providers – to verify your identity and assess risk
• Law enforcement agencies – when required by law or court order

5.3 Tipping Off Prohibition

We are prohibited by law from disclosing that we have submitted, or may submit, a suspicious matter report to AUSTRAC. We cannot inform you if your information has been reported to authorities where doing so could prejudice an investigation.

6.1 Accuracy

We take reasonable steps to ensure the personal information we collect and use is accurate, complete, and up to date. You can help us by notifying us of any changes to your information.

6.2 Security Measures

We implement physical, technical, and administrative security measures to protect your information from:

• Unauthorised access, use, or disclosure
• Misuse, interference, and loss
• Modification or destruction

Our security measures include:

• Secure storage systems with restricted access
• Encryption of sensitive data
• Regular security assessments and updates
• Staff training on privacy and security obligations
• Secure disposal of information when no longer required

6.3 Third-Party Security

When we engage third-party service providers, we require them to maintain appropriate security measures and comply with privacy and AML/CTF obligations.

7.1 AML/CTF Retention Requirements

Under the AML/CTF Act, we are required to retain records for at least 7 years after:

• The end of our relationship with you, or
• The completion of a transaction

This includes records of:

• Customer identification and verification procedures
• Transaction details and account activity
• Risk assessments and due diligence measures
• Reports submitted to AUSTRAC
• Communications and correspondence

7.2 Extended Retention

We may retain information for longer than 7 years if:

• Required by other laws or regulations
• Necessary for ongoing investigations or legal proceedings
• Required to establish, exercise, or defend legal claims
• You have consented to longer retention

7.3 Secure Destruction

When information is no longer required, we securely destroy or de-identify it in accordance with our data retention and destruction policies.

8.1 Access to Your Information

You have the right to request access to the personal information we hold about you. To make an access request, contact us using the details in Section 12.

We will respond to your request within a reasonable timeframe, usually within 30 days.

8.2 Limitations on Access

We may deny or limit access to your information if:

• Providing access would be unlawful
• Disclosure would prejudice an investigation or enforcement activity
• Disclosure would reveal information about a suspicious matter report
• Providing access would pose a serious threat to life, health, or safety
• The request is frivolous or vexatious
• Denying access is required or authorised by law

If we deny access, we will provide you with written reasons (unless doing so would be unlawful).

8.3 Correction of Information

If you believe information we hold about you is inaccurate, incomplete, or out of date, you can request correction. We will take reasonable steps to correct the information or, if we disagree, attach a statement to the record noting your view.

8.4 Consequences of Not Providing Information

If you do not provide the information we request, particularly information required for AML/CTF compliance:

• We may be unable to provide services to you
• We may be required to close your account
• We may be unable to process transactions
• We may be required to report the matter to AUSTRAC

9.1 Overseas Transfers

We may disclose your personal information to recipients located overseas, including:

• Third party service providers in Africa, Asia, Europe and America
• Related entities in our corporate group
• Foreign regulatory authorities under information-sharing agreements

When we disclose information overseas, we take reasonable steps to ensure recipients comply with privacy obligations equivalent to those under Australian law. Recipients are individuals you've engaged in financial transaction using our platforms, and/or third party partners in different jurisdictions where Payvel provides services.

9.2 International Transactions

If you send or receive international funds transfers, we are required to collect and report information about these transactions to AUSTRAC, including details of the sender, recipient, and intermediary institutions.

10.1 Electronic Verification

We may use electronic verification systems and third-party digital identity service providers to verify your identity. These systems may access government databases and other information sources.

10.2 Automated Decision-Making

We may use automated systems to:

• Assess transaction risk
• Detect suspicious activity
• Screen against sanctions lists
• Monitor account behaviour

If an automated system makes a decision that significantly affects you, you can request human review of that decision.

12.1 Privacy Complaints

If you have a complaint about how we have handled your personal information, please contact our Privacy Officer:

• Email: privacy@payvel.com.au
• Phone: 0734961581

We will:

• Acknowledge your complaint within 7 days
• Investigate the matter thoroughly
• Respond to you within 30 days with our decision

12.2 External Complaints

If you are not satisfied with our response, you can lodge a complaint with:

• Office of the Australian Information Commissioner (OAIC)
• Phone Number: 1300 363 992
• Email: enquiries@oaic.gov.au
• Website: www.oaic.gov.au

12.3 General Enquiries

For general enquiries about this Privacy Policy or how we handle your information:

• Email: Enquiries@payvel.com.au
• Phone: 0734961581