Privacy Policy

1.Introduction

This privacy policy applies to Online Exchange Pty Limited ACN 666 727 920 (OX Rooms) and any affiliates or subsidiaries of OX Rooms. OX Rooms operates an online property exchange platform (OX Rooms Platform) that allows users, including agents, lawyers, conveyancers, financial institutions, buyers and sellers to negotiate and exchange contracts and deeds in a secure online environment.

Protecting your privacy is important to us. This policy explains how we manage personal information within our organisation in accordance with Australian privacy law.

What information do we collect?

2.1. Information about Professional Users

If you are a user of the OX Rooms Platform in a professional capacity (e.g., a real estate agency, law firm, conveyancing firm, sole practitioner, developer, financial institution, or in-house), we may collect and hold the following types of personal information about you and your organisation:

Contact information, including your postal address, email address, and telephone number.

The name of your organization and your position within it

Details about your professional certificates, qualifications, licenses, or memberships

Verification of Identity (VOI) information, such as your name, date of birth, passport and driver’s license number, birth certificate, marriage certificate, or Medicare number

Banking details provided by your organization for the direct debiting of OX Room fees.

2.2. Information about buyers and sellers

If you are a buyer or seller using the OX Rooms Platform, or if your representative is using it, we may collect and hold the following information about you:

  • Identifying information like your name, residential or postal address, email address, and date of birth.
  • Information about relevant property or properties associated with transactions, including:
  • Land title details;
  • Address;
  • Details about your lender (if applicable);
  • Purchase/sale price.

Financial information such as bank account details, receipts, and other payment details.

If you use our OX Rooms Platform, website or mobile application, or attend our events, we may also collect and hold:

  • Your name and email address.
  • Usernames and passwords that you create.
  • Details of any OX Rooms products or services we provide to you.
  • Information about how you use our products and services.
  • Records of our communications with you, including any messages you send us.
  • Information related to products and services you access through our mobile applications.

If you attend our events, we may collect and hold your name and contact information (if you provide it) and information about the events you attend.

2.3. Information about others

We also collect information about our contractors, suppliers, business partners, and those employed by them. We gather this information to conduct business with the relevant individual or party.

3.Why do we collect personal information?

Without the above information, we may not be able to provide our OX Rooms Platform services, respond to your queries or requests, or invite you to events.

We collect personal information about you in the following ways:

  • When you provide it to us: For example, when setting up an account via our website or mobile applications, or when we ask for certain personal information.
  • When you or your representatives use our Platform.
  • When you subscribe to our newsletters or agree to receive information about other products or services.
  • From third parties: We may collect personal information from a third party, such as through your representatives, contractors who provide services to us, or third parties who refer you to us. We may also collect deidentified raw data about a property from suppliers of information products and services. In some cases, we may collect personal information about you from third parties so that we can verify or supplement data that we hold and to provide reports, products, and services to Users and others.
  • When you use our OX Rooms Platform, or someone uses those services on your behalf: We may collect information from third party sources such as the land registry, the revenue office, service providers to government authorities, financial institutions, your representative or representatives of other parties involved in the transaction, and your organization.

In some cases, we may be required by law to collect certain types of personal information about you.

If you provide us with personal information about someone else, you must only do so if that person consents to you doing so and to us collecting, holding, using and disclosing their personal information in accordance with our Privacy Policy.

4.How do we use personal information?

We use the personal information that we collect about you to operate the Online Property Exchange Platform, perform related services, verify your identity, provide reports to stakeholders, assess and improve our products and services, create new or enhanced products or services, carry out planning and forecasting activities, market analysis and research, invite you to events, consider you for employment or as part of your employment at OX Rooms, answer your queries and requests, comply with our legal and regulatory obligations, and manage and resolve any legal or commercial complaints or issues. We will not use your personal information for any purpose that is not related to the services we provide to you, or for any purpose for which you would not reasonably expect us to use your information other than as set out in this policy.

We may occasionally use your personal information to send you marketing materials about products or services that we think you may be interested in. You can opt-out of receiving marketing communications from us by contacting us or following the “unsubscribe” link in the communication.

We may also use and disclose your information for other purposes if you ask us to do so.

If we collect personal information about an individual from a Registrar, we undertake to handle that information in accordance with State or Territory privacy legislation applicable to the Registrar.

If we collect personal information about an individual from a third party, we aim to handle that information in a manner consistent with the third party’s own privacy policy and obligations under the Privacy Act. We will work with the third-party organization to address any security or related privacy issues. However, it remains the third party’s responsibility to ensure compliance with the Privacy Act and its own privacy policies.

5.Who do we disclose personal information to?

You agree that we may share your personal information with:

  • Other participants involved in your matter, such as agents, legal representatives, financial institutions, the buyer or seller of the property in question, and their representatives.
  • Your representative (e.g., lawyer or conveyancer).
  • Land registries and revenue offices.
  • Providers to government authorities (like land registry operators).
  • User's service providers (upon the user's request).
  • Our staff who need the information to perform their duties.
  • Our business partners, agents, and service providers, including information brokers, VOI contractors, payment system operators, and IT service providers.
  • Potential buyers of all or part of our business or shares in our company or a related entity.
  • Professional advisors we hire to provide business advice.
  • Government authorities that require us to disclose the information, or other parties as required by law (including to identify potentially fraudulent property transactions or other illegal activities).

Though we store all personal information on computer infrastructure located within Australia, your personal information may be accessible by participants in other countries. For example, to financial institutions with overseas processing arrangements. It is not possible for us to specify in advance every country from which your personal information may be accessed.

6.De-identified Information

We may de-identify your information so that it no longer identifies you. We might then use and disclose this de-identified information in our business and externally, including to create, use, and commercialise property-related products and services.

We may also aggregate information in a way that it no longer identifies you. We might then use this aggregated information in our business and externally, including to create, use, and commercialise property-related products and services.

Products or services we provide using de-identified and/or aggregated information will not use or disclose your personal information.

7.How do we store and secure your personal information?

Any computer infrastructure that is part of our OX Rooms Platform and stores personal information is located within Australia.

We store personal information for as long as it is needed for the purpose for which it was collected or as required by law. We generally store the personal information that we collect in electronic databases, some of which may be held on our behalf by third-party data storage providers. Sometimes we also keep hard copy records of this personal information in physical storage facilities. We use a range of physical and technical security processes and procedures to protect the confidentiality and security of the information that we hold, and we update these from time to time to address new and emerging security threats.

We also monitor access to and modification of your information by our staff. We ensure that our staff are aware of and properly trained in their obligations for managing your privacy.

We, or our subcontractors, may use cloud technology in connection with the storage of other personal information. This may result in offshore storage. It is not practicable for us to specify in advance which country will have jurisdiction over such offshore activities. However, all of our subcontractors are required to comply with the Privacy Act concerning the transfer or storage of personal information overseas.

8.Data Retention

OX Rooms may retain personal information collected from users of the OX Rooms Platform in accordance with applicable privacy laws and regulations. Unless otherwise required by law, OX Rooms will retain personal information for a period of at least 3 months. Users agree that they retain the primary obligation for record keeping in relation to their matter. OX Rooms is not required to matter related information for a period exceeding 3 months (the Retention Period).

Upon the expiration of the Retention Period, OX Rooms may securely and permanently delete or destroy all personal information in its possession, unless the retention of such information is necessary for legal or regulatory compliance, dispute resolution, or other legitimate business purposes.

OX Rooms will take reasonable measures to ensure the security of the retained personal information during the Retention Period, including implementing appropriate technical and organizational measures to prevent unauthorized access, disclosure, alteration, or destruction of the information.

In the event of a data breach or unauthorized access to the retained personal information, OX Rooms will promptly notify the affected individuals and take appropriate steps to mitigate any potential harm, as outlined in the Data Breach Notification clause of this policy.

OX Rooms will comply with all applicable Australian laws or regulations regarding the retention or disposal of personal information and will provide reasonable cooperation to assist the user in transferring or securely disposing of any personal information that may be in OX Rooms' possession.

9.How can you access and correct your information?

We take necessary steps to ensure your personal information is accurate, complete, and up to date. This includes promptly updating personal information when we're informed it has changed, verifying our contact lists for accuracy, and providing a simple method for individuals to update their personal information.

If you wish to access or correct your personal information (e.g., because you believe it is incomplete or incorrect), please contact us. To maintain the integrity and security of the information we hold, we may ask you to follow a specific access procedure, which may include identity verification steps. There is no charge for requesting access to your personal information, but we may require you to cover our reasonable costs in providing you with access. We may charge a reasonable fee for archive retrieval or to re-open a case so that you can access the information you require. We will notify you of any charges before proceeding. There may be situations where we cannot provide the information you request, such as when it would infringe on others' privacy or breach confidentiality. In these cases, we will inform you why we cannot fulfill your request.

If you believe the information we hold about you is inaccurate, outdated, incomplete, irrelevant, or misleading, we will take reasonable steps to correct that information upon your request. However, we may be unable to correct your information if doing so would violate the law or impact the integrity of a transaction.

10.Data Breach Notification

In the event of a data breach that results in the unauthorized access, acquisition, or disclosure of personal information, OX Rooms will promptly notify affected individuals and take appropriate steps to mitigate any potential harm.

Notification to affected individuals will be made without undue delay, in accordance with applicable laws and regulations, using the contact information provided to OX Rooms. The notification will include the nature of the breach, the types of personal information involved, and any recommended steps that affected individuals should take to protect themselves.
OX Rooms will also notify the relevant regulatory authorities as required by law and cooperate with any investigations or inquiries related to the breach.

Please note that OX Rooms will not be liable for any delays in notification or any failure to provide notification if such notification is prohibited by law or if it would compromise an ongoing investigation or the security of OX Rooms' systems.

OX Rooms will maintain records of all data breaches, including the date and time of the breach, the nature of the breach, and the remedial actions taken. These records will be kept for a period of time as required by applicable laws and regulations.
The parties acknowledge that the security of personal information is a shared responsibility, and each party agrees to promptly inform the other party of any actual or suspected data breaches that may impact the personal information shared between them.

This data breach notification clause shall survive the termination or expiration of this agreement.

11.Right to Object

If you do not wish for your personal information to be used for direct marketing purposes, you have the right to object to such use. You may exercise your right to object by contacting our Privacy Officer at [email protected]. We will promptly update our records and cease using your personal information for direct marketing purposes upon receipt of your objection. Please note that even if you exercise your right to object, we may still send you non-promotional communications, such as administrative messages or notifications related to your use of the OX Rooms Platform.

12.Changes to this policy

We may periodically update this policy to reflect changes in our standard practices and procedures, or to comply with new laws and regulations. The most recent version of this policy will always be available on our website.

13.Complaints

We strive to meet the highest standards to safeguard your privacy. If you are concerned about how we manage your personal information and suspect we may have violated the Australian Privacy Principles or any other relevant obligation, please contact our Privacy Officer at [email protected].

Please lodge complaints via email. We will handle the matter within a reasonable timeframe and keep you updated on the progress of our investigation.

When you file a complaint, we will acknowledge receipt of your complaint within two working days and inform you who will be managing your complaint. We aim to resolve your complaint within ten working days. If this is not feasible, we will contact you within this period to inform you of the anticipated resolution time. We will investigate your complaint, consult with other OX Rooms Platform users, if necessary, make a decision about your complaint, and write to you to explain our decision.

If we have not responded within a reasonable time or if you feel your complaint has not been satisfactorily resolved, you can contact us to discuss your concerns. You are also entitled to lodge a complaint with the Office of the Australian Information Commissioner (OAIC). You can find their contact details on the OAIC’s website: www.oaic.gov.au.

14.Contact Details

If you need to contact us or require further information on privacy matters, please contact our Privacy Officer at [email protected].