This Privacy Policy applies to all personal information collected by the Company (we, us or our) via the website located at www.propertyloan.info (Website).

1. What information do we collect?

The kind of Personal Information that we collect from you will depend on how you use the website. The Personal Information which we collect and hold about you may include:

• Full name

• Gender

• Date of birth

• Marital status

• Contact details (phone, email, residential address) Family details (dependents, citizenship status)

• Residential history Employment details and history Income Details

• Credit information (history, existing debts, credit concerns) Co-borrower details (if applicable)

• Purchase goals and preferences

• Property details (price range, location, timeline)

• Loan specifications (amount, features, lender preferences)

2. Types of information

The Privacy Act 1998 (Cth) (Privacy Act) defines types of information, including Personal Information and Sensitive Information.

Personal Information means information or an opinion about an identified individual or an individual who is reasonably identifiable:

(a) whether the information or opinion is true or not; and

(b) (ii) whether the information or opinion is recorded in a material form or not.

If the information does not disclose your identity or enable your identity to be ascertained, it will in most cases not be classified as “Personal Information” and will not be subject to this privacy policy.

Sensitive Information is defined in the Privacy Act as including information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.

Sensitive Information will be used by us only:

(a) for the primary purpose for which it was obtained;

(b) for a secondary purpose that is directly related to the primary purpose; and

(c) with your consent or where required or authorised by law.

3. How we collect your Personal Information

(a) We may collect Personal Information from you whenever you input such information into the Website, related app or provide it to Us in any other way.

(b) We use cookies and implement robust security measures to protect your data. All data collected through cookies is encrypted using industry-standard AES-256 encryption and transmitted via secure HTTPS protocols. Our security measures include: - Multi-factor authentication for administrative access - Regular security audits and penetration testing - 24/7 system monitoring and threat detection - Secure data centers with ISO 27001 certification Cookies are stored with restricted access permissions and are automatically purged after 90 days. You can manage cookie preferences through your browser settings, including blocking or deleting cookies. Third-party cookies are subject to their providers' privacy policies and security standards, which we verify before implementation.

(c) We use different types of cookies including essential cookies for Website functionality,

analytical cookies to improve user experience, and marketing cookies that may be set by third parties. These cookies are retained for up to 90 days and can be managed through your browser settings. Third-party cookies are subject to their respective privacy policies, which we encourage you to review.

(d) We only collect Sensitive Information in specific circumstances where: - It is necessary for assessing loan eligibility (e.g., citizenship status for first home buyer schemes) - Required by law or regulatory obligations - You have provided explicit consent When handling Sensitive Information, we implement additional safeguards including: - Restricted access limited to authorized personnel - Enhanced encryption (AES-256) during storage and transmission - Separate secure storage with audit logging - Immediate deletion when no longer required - Regular staff training on sensitive data handling We will notify you when collecting Sensitive Information and obtain your explicit consent before any processing occurs.

(e) Where reasonable and practicable we collect your Personal Information from you only. However, sometimes we may be given information from a third party, in cases like this we will take steps to make you aware of the information that was provided by a third party.

4. Purpose of collection

(a) We collect Personal Information for the following specific purposes and retention periods:

• Identity verification and account management (using name, contact details)

• Active accounts: retained for account duration plus 2 years

• Inactive accounts: deleted after 12 months of inactivity

• Loan assessment and processing (using financial and employment information)

• Successful applications: retained for 7 years after loan completion

• Unsuccessful applications: retained for 12 months then securely deleted

• Property matching services (using purchase preferences and requirements)

• Active searches: retained for 6 months

• Completed matches: deleted within 30 days of settlement

• Regulatory compliance and fraud prevention (using identification documents)

• Retained for 7 years as required by law

• Updated every 2 years or when validity expires

• Service improvements and website optimisation (using usage data)

• Aggregated data: retained for 2 years

• Individual usage data: anonymised after 90 days

• Marketing communications (using contact preferences)

• Active subscribers: reviewed annually

• Unsubscribed users: deleted within 30 days

  We only collect and use Personal Information that is reasonably necessary for these purposes. All retention periods are regularly reviewed and data is securely deleted when no longer required.

(b) We only disclose Personal Information to service providers who have contractually agreed to: - Maintain data confidentiality and security standards equivalent to our own - Process data solely for authorised purposes specified in written agreements - Implement encryption and access controls meeting ISO 27001 standards - Return or securely destroy data upon contract termination - Notify us immediately of any data breaches or security incidents - Comply with Australian Privacy Principles and applicable data protection laws All service providers must sign data processing agreements before accessing Personal Information. For overseas transfers, providers must demonstrate compliance with equivalent privacy standards and implement secure data transfer protocols.

(c) We will only send you direct marketing communications after receiving your explicit consent through our opt-in process. During account registration or loan application, you will be given clear options to choose whether you wish to receive marketing communications. You can modify these choices at any time. We do not use sensitive Personal Information in direct marketing activity. All marketing communications will include an unsubscribe option and clear information about how to manage your preferences.

(d) You can manage your marketing preferences through your account settings or by contacting our Privacy Officer at [email protected]. Marketing communications may include: (a) weekly newsletters; (b) monthly product or service updates; (c) seasonal promotional announcements; and (d) important service notifications. You can select your preferences: (a) all marketing communications; (b) selected types of communications only; or (c) essential service notifications only. We will process preference changes within 5 business days. Each communication will include a prominent "unsubscribe" link and preference management options. If you withdraw consent, we will retain minimal Personal Information necessary to ensure compliance with your request.

5. Security, Access and correction

(a) We store your Personal Information in a way that reasonably protects it from unauthorised access, misuse, modification or disclosure. When we no longer require your Personal Information for the purpose for which we obtained it, we will take reasonable steps to destroy and anonymise or de-identify it. Most of the Personal Information that is stored in our client files and records will be kept for a maximum of 7 years to fulfill our record keeping obligations.

We implement industry-standard security measures including encryption, access controls, and secure data centers to protect your Personal Information. When deletion is required, we use secure erasure methods including digital shredding and physical destruction of storage media. For digital records, we employ a 90-day retention period for active data and 2-year retention period for archived data, after which automated purge protocols permanently remove the information using government-approved secure deletion standards.

(b) The Australian Privacy Principles:

(i) permit you to obtain access to the Personal Information we hold about you in certain circumstances (Australian Privacy Principle 12); and

(ii) allow you to correct inaccurate Personal Information subject to certain exceptions (Australian Privacy Principle 13).

(c) Where you would like to obtain such access, please contact us in writing on the contact details set out at the bottom of this privacy policy.

6. Complaint procedure

If you have a complaint concerning the manner in which we maintain the privacy of your Personal Information, please contact us as on the contact details set out at the bottom of this policy. All complaints will be considered by the Compliance Officer and we may seek further information from you to clarify your concerns. If we agree that your complaint is well founded, we will, in consultation with you, take appropriate steps to rectify the problem. If you remain dissatisfied with the outcome, you may refer the matter to the Office of the Australian Information Commissioner.

7. Documentation and Response Timeline

We will acknowledge receipt of your complaint within 2 business days and provide you with a reference number. Our privacy team will investigate your complaint and maintain detailed records of all communications and findings. We aim to resolve all privacy complaints within 30 business days. If additional time is required, we will notify you in writing. All complaint documentation will be retained for 24 months following resolution. If the matter requires escalation, our Privacy Officer will personally review your case within 5 business days of the escalation request.

8. Overseas transfer

Your Personal Information may be transferred to recipients located in the European Economic Area (EEA) and the United Kingdom. These transfers are governed by Standard Contractual Clauses (SCCs) approved by the European Commission and the UK Information Commissioner's Office. Recipients must comply with the General Data Protection Regulation (GDPR) and equivalent UK data protection laws, which provide robust protection for Personal Information.

These jurisdictions maintain data protection standards that meet or exceed the Australian Privacy Principles, including: - Strict data minimisation requirements - Enhanced security measures - Comprehensive data subject rights - Mandatory breach notification We regularly assess our overseas recipients' compliance with these requirements and maintain records of all international transfers. You can request a copy of the applicable SCCs by contacting our Privacy Officer.

9. How to contact us about privacy

If you have any queries, or if you seek access to your Personal Information, or if you have a complaint about our privacy practices, you can contact us through: [email protected].