Privacy Policy

Civium Property Group (‘the Group’) is subject to the Privacy Act 1988 (‘the Act’). The Act regulates how the Group collects, uses, stores and discloses Personal Information. In this regard, the Group is committed to protecting the privacy of its clients, maintaining the confidentiality of their Personal Information and applying the Australian Privacy Principles (APPs).

Personal and Sensitive Information

The Group may at times collect personal and sometimes sensitive information such as financial records and tax file numbers in order to provide services. The Group is committed to only collecting Personal Information that is necessary for the provision of its services and the operation of the Group.

The provision of Personal Information  by clients is optional. However, the Group’s ability to provide services may be limited should the client choose not to provide the required Personal Information.

Collection

The Group will only collect Personal Information by lawful and fair means that is relevant to the scope of services required. If the need arises, further Personal Information may be requested in the future. The Group will not collect Personal Information unless the information is reasonably necessary to conduct the client’s matter.

When collecting Personal Information, the Group will take reasonable steps at or before the time of collection to ensure that the client is aware of:

• the identity of the Group;
• the fact that the information has been collected;
• whether the information was required under Australian law or court/tribunal order, and details of that requirement
• the purposes for which information is collected;
• the main consequences of not providing the information;
• the organisations (or types of organisations) to which the Group usually discloses such information;
• the fact that the client is able to access the information;
• how to complain about a breach of an APP; and
• whether the information is likely to be disclosed overseas.

Clients may also contact the Office of the Australian Information Commissioner (OAIC) if they are not satisfied with our response regarding a privacy concern. OAIC can be contacted at www.oaic.gov.au or on 1300 363 992.

We may disclose Personal Information to overseas recipients where necessary, including cloud‑based service providers. Likely locations include the Philippines depending on the systems used.

Types of Personal Information we collect include: This will vary depending on the service and may include identification details, contact information, tenancy application information, sales and leasing enquiry information, strata records, meeting and voting information, building access information, CCTV footage, billing and levy data, financial verification documents, and contractor or supplier communications.

Personal Information is collected through online forms, inspection sign‑ins, auction registrations, emails, phone calls, and digital submission portals, as well as information provided during strata meetings and property management interactions.

At or before the time we collect Personal Information, we will provide or make available an APP 5 Collection Notice appropriate to the type of interaction, such as rental applications, sales or leasing enquiries, inspection sign‑ins, strata records requests, and website forms, outlining the purpose of collection, usual disclosures, and how to access or correct Personal Information.

When attending open homes, inspections, or auctions, Personal Information may be collected for safety, security, regulatory compliance, and follow‑up communication. Sign‑in forms or QR codes include a collection notice explaining why the information is collected, how it will be used, and how long it will be retained.

As real estate agencies become reporting entities under the Anti‑Money Laundering and Counter‑Terrorism Financing (AML/CTF) reforms, the Group may be required to collect additional identification and verification documents. Such information will be handled strictly in accordance with AML/CTF requirements and privacy laws.

Sensitive Information

The Group will not collect Sensitive Information unless:

1. the information is reasonably necessary for the matter;
2. required or authorised by or under an  Australian  law or court/tribunal order;
3. a Permitted General Situation exists; or
4. a Permitted Health Situation exists.

We only request identification and supporting documents that are necessary for tenancy assessments. Where possible, government identifiers (e.g. license numbers) will be redacted. Supporting financial or employment documents are used solely for assessing suitability and are handled securely.

Disclosure by the Group

Clients agree the Group can disclose Personal Information to third party’s (e.g. agents, lawyers, accountants, banks, trades, insurers, government bodies) where required to deliver services.

The Group will attempt to provide services without disclosure and will obtain consent when disclosure is outside normal service delivery, unless:

1. disclosure is required by law;
2. required by court/tribunal order; or
3. required due to legal obligations.

The Group may use automated tools or AI‑assisted systems to support certain functions, such as lead management, marketing segmentation, identity verification, or initial tenancy application triage. These tools do not make final decisions without human involvement. Clients may request human review.

We engage third‑party service providers such as cloud hosting providers, software platforms, marketing systems, trades and contractors, insurers, and professional advisers who may have access to Personal Information as part of providing services to us. These providers are required to handle Personal Information in accordance with confidentiality obligations and applicable privacy laws.

Strata legislation may require disclosure of commissions, affiliations or benefits, to the owners corporation.

Disclosure for a Secondary Purpose

The Group will not use or disclose Personal Information for a secondary purpose unless:

1. it has obtained consent to do so,
2. the secondary purpose is reasonably expected and directly related to the primary purpose;
3. required or authorised by law;
4. a Permitted General Situation exists;
5. a Permitted Health Situation exists; or
6. reasonably necessary for enforcement-related activities.

Where disclosure occurs under these conditions, reasonable steps will be taken to de‑identify the information.

Transfer of Personal Information Overseas

If the Group is required to transfer any Personal Information outside Australia, the Group will comply with the provisions of the Act which apply to cross border data flows. Personal Information will only be transferred overseas where required. Reasonable steps will be taken to ensure the overseas recipient does not breach the APPs unless:

2. they are subject to similar privacy protections;
3. the client consents after being informed of risks;
4. required or authorised by law; or
5. a Permitted General Situation applies.

The Group may store or process information using overseas platforms (cloud storage, email hosting, analytics, business continuity and disaster recovery solutions). Current provider locations include the United States and Germany, this may change depending on the technology used by the Group.

Identification

Individuals may engage anonymously or under a pseudonym where lawful and practicable. Identification is required for tenancy applications, trust transactions, sales negotiations and accessing strata/building records.

The Group will not adopt government‑related identifiers as its own

The client will be required to identify themselves however where:

1. required or authorised under an Australian law or a court/tribunal order to deal only with clients who have identified themselves; or
2. it is impractical for the Group to deal with clients who have not identified

Unsolicited Personal Information

If unsolicited information is received, the Group will determine whether it is required. If not, and where lawful, it will be securely destroyed or the individual notified.

Security

The Group will uses secure methods (including but not limited to firewalls, antivirus tools, secure filing systems) to protect Personal Information.

Reasonable steps will be taken to destroy personal information when no longer required unless retention is legally required.

Data Breach Response

The Group will continue to comply with its ongoing obligations under the Act to take reasonable steps to protect Personal Information from misuse, interference and loss and from unauthored access, modification and disclosure. In the event that a data breach is detected and is determined to likely result in serious harm, the Group will take all reasonable steps to contain the suspected or actual breach and will notify the affected individuals and the OAIC.

A formal review will be conducted following any data breach, including the development of an action plan.

Access to Personal Information

Clients may request access unless an exception applies (e.g. serious threat to safety, legal proceedings, impact on others’ privacy, unlawful disclosure).

If access is refused, the Group will:

• consider alternative means of access; and
• provide written reasons and complaint options.

A reasonable fee may apply for administrative costs.

Information Integrity

The Group wishes to maintain the integrity of the Personal Information that it holds by updating its databases as required. Clients are encouraged and should notify the Group immediately if there is a change to their Personal Information or if errors are discovered.

The Group will correct inaccurate, incomplete or outdated information.

Even if requested to do so, the Group may refuse to correct Personal Information, in which case the Group will give the client a written notice setting out:

1. the reasons for the refusal to correct the Personal Information (except where it would be unreasonable to provide those reasons);
2. mechanisms available to the client to complain about the refusal; and
3. any other matter prescribed by; and
4. the client may request a note be attached recording disputed accuracy

Strata Information Handling

When providing strata management services, we handle Personal Information contained within strata roll records, committee correspondence, minutes, levy information, building access logs, CCTV footage, and maintenance and defect documentation. Access to this information is strictly controlled and is only provided in accordance with applicable strata legislation and the authorisation of the owners corporation.

We protect the privacy of lot owners and residents by limiting disclosure of contact details and other identifying information to circumstances where disclosure is permitted by law or authorised by the owners corporation.

Cookies and Other Analytics Tools

Civium may use cookies and online behavioural tracking tools, such as web beacons, pixels, device identifiers and web server logs, to analyse website traffic. These cookies and tools do not use to record any personal information.

Third‑party analytics tools (Google Analytics, Meta pixels, portal integrations) may collect anonymised behavioural data.

Civium may use and combine this information to maintain, secure and improve our websites, enhance your experience when using our websites, display and deliver relevant content, services and advertising and understand the effectiveness of our marketing and advertising (including direct marketing and online ads on external websites).

Users may disable cookies, but some features may be limited.

Credit Card Information

Credit card information may be obtained for payment processing only. They are not stored in the Group’s systems. Receipts may be retained

Names and Addresses

The Group maintains a record of clients’ names and addresses for ensuring that there is no conflict in acting for certain clients.

Direct Marketing Materials

We may send you direct marketing communications and information about our products and services that we consider may be of interest to you. These communications may be sent in various forms, including mail, SMS, and email, in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth). If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so. You may request the source of your personal information if we collected it from a third party, and we will provide this within a reasonable period. Clients may request to opt out of direct marketing at any time, and such requests will be processed as soon as practicable by contacting us or by using opt-out facilities provided in the marketing communications.  Our marketing systems may use anonymised analytics to tailor communications, but clients will not be subject to profiling that has legal or significant effects.

Destruction and De-identification of Personal Information

In accordance with the Privacy Act 1988 (Cth) and Australian Privacy Principle 11.2, the Group will take reasonable steps to destroy or permanently de‑identify Personal Information once it is no longer required for any lawful purpose, unless the information must be retained under Australian law.

The Group retains Personal Information only for as long as is reasonably necessary to satisfy operational needs or comply with legal, regulatory or statutory obligations.

Personal Information may need to be retained where:

• retention is required under an Australian law (including taxation, corporations, property, trust account, employment or record‑keeping legislation);
• the information is necessary for ongoing or anticipated legal proceedings, dispute resolution or regulatory investigations; or
• retention is reasonably necessary to protect the Group’s legal or commercial interests.

When destruction is required, the Group will ensure that Personal Information is destroyed securely and irreversibly, including through:

• secure shredding or disposal of physical records; and
• secure deletion or overwriting of electronic records in accordance with industry‑accepted information security practices.

Where de‑identification is used, the Group will take reasonable steps to ensure the Personal Information cannot be used to identify an individual, either directly or indirectly.

Complaints

If a client has any concerns or complaints about the manner in which Personal Information has been collected or handled by the Group; please contact our Privacy officer via email at hr@civium.com.au or by writing to:

Privacy Officer – Civium Property Group

3 Lonsdale Street, Braddon ACT 2612

Australia

Definitions

Owners Corporation: refers to any entity responsible for managing a subdivided or community‑based property arrangement, including but not limited to:

• Owners Corporation;
• Strata Scheme;
• Body Corporate;
• Company Title Scheme;
• Community Title Scheme or Community Association; or
• any equivalent management or governance body, as defined under the applicable state or territory strata or community title legislation.

This definition is intended to cover all jurisdictional naming variations relevant to the provision of strata management services. 

Personal Information: means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether:

• the information or opinion is true or not; and
• the information or opinion is recorded in a material form or not.

Personal Information includes (but is not limited to):

• name, address, contact details or date of birth;
• identification details and supporting documents;
• financial, employment or tenancy‑related information;
• records of interactions or correspondence; and
• digital identifiers and access logs.

Sensitive Information: is a subset of Personal Information and includes information or an opinion about an individual’s:

• racial or ethnic origin;
• political opinions or membership of a political association;
• religious beliefs or affiliations;
• philosophical beliefs;
• membership of a professional or trade association;
• membership of a trade union;
• sexual orientation or practices;
• criminal record;
• health information;
• genetic information (that is not otherwise health information);
• biometric information used for automated biometric verification or biometric identification; or
• biometric templates.

Sensitive Information is subject to higher protection under the Privacy Act 1988 (Cth) and generally requires consent to collect, unless an exception applies.

A Permitted General Situation exists where the collection, use or disclosure of Personal Information is reasonably necessary for one or more of the following:

1. Preventing a serious threat:
   1. It is unreasonable or impracticable to obtain the individual’s consent; and
   2. The Group reasonably believes the collection, use or disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety.
2. Addressing unlawful activity or misconduct:
   1. The Group suspects unlawful activity or misconduct of a serious nature relating to its functions or activities; and
   2. The Group reasonably believes the collection, use or disclosure is necessary to take appropriate action.
3. Locating a missing person:
   1. The Group reasonably believes the collection, use or disclosure is reasonably necessary to assist an enforcement body, agency or other APP entity to locate a missing person; and
   2. The activity complies with rules issued by the Australian Information Commissioner.
4. Legal claims:
   1. The collection, use or disclosure is reasonably necessary for the establishment, exercise, or defence of a legal or equitable claim.
5. Alternative dispute resolution:
   1. The collection, use or disclosure is reasonably necessary for the purposes of a confidential alternative dispute resolution process.

A Permitted Health Situation means a situation described in section 16B of the Privacy Act 1988 (Cth), including where the collection, use or disclosure of health information is necessary for:

• providing a health service;
• certain research or statistical purposes;
• the management, funding or monitoring of a health service;
• preventing a serious threat to the life, health or safety of an individual or public; or
• complying with relevant laws relating to health information.