Privacy Policy

Above Property Group (‘the Group’) is subject to the Privacy Act 1988 (‘the Act’). The Act regulates how the Group collects, uses, stores and discloses Personal Information. In this regard, the Group is committed to protecting the privacy of its clients, maintaining the confidentiality of their Personal Information and applying the Australian Privacy Principles (‘APP’).

The Group subscribes to the following Privacy Policy:

1. Personal and Sensitive Information

The Group may at times collect personal and sometimes sensitive information e.g. financial records and tax file numbers about its clients in order to provide its services. The Group is committed to only collecting Personal Information which is necessary for the provision of its services and the operation of the Group. The provision of Personal Information by our clients is optional. However, the Group’s ability to provide its services may be limited should the client choose not to provide the required Personal Information. If that occurs, the Group may end its engagement with the client.

2. Collection

The Group will only collect Personal Information by lawful and fair means, and which is relevant to the scope of services required. If the need arises, further Personal Information may need to be collected from the client in the future. The Group will not collect Personal Information unless the information is reasonably necessary for the Group to conduct the client’s matter. When the Group collects Personal Information about a client, the Group will take reasonable steps at or before the time of collection to ensure that the client is aware of certain key matters, such as:

  • the identity of the Group;
  • the fact that the information has been collected;
  • whether the information was required under an Australian law, or court/tribunal
  • order, and the details of the law, court or tribunal;
  • the purposes for which information is collected;
  • the main consequences (if any) of not collecting the information;
  • the organisations (or types of organisations) to which the Group would normally
  • disclose information of that kind;
  • the fact that the client is able to access the information;
  • how to complain about a breach of an APP; and
  • whether the information is likely to be disclosed to overseas

3. Sensitive Information

The Group will not collect Sensitive Information unless:

  • the information is reasonably necessary for the Group to conduct the matter; or
  • the collection of the information is required or authorised by or under an Australian law or a court/tribunal order;
  • a Permitted General Situation exists in relation to the collection of the information
    by the Group; or
  • a Permitted Health Situation exists in relation to the collection of the information by the Group.

4. Disclosure by the Group

Clients agree the Group can disclose Personal Information to third party’s e.g. other agents, lawyers, accountants, banks, witnesses and government agencies if it is required as part of the Group providing its services. The client will, if it requests the Group in writing, be provided with details of the recipient. The Group will use its best efforts to provide its services without the need to disclose Personal Information and will obtain consent from the client should the need for disclosure other than in the ordinary course of the provision of its services arise, except where the information must be provided by the Group under:

  • an Australian law; or
  • a court/tribunal order; or
  • other legal

5. Disclosure for a secondary purpose

The Group will not use or disclose Personal Information for a secondary purpose unless:

  • it has obtained consent to do so,
  • the client would reasonably expect the Group to use or disclose the information for the secondary purpose which is directly related to the primary purpose;
  • it is required or authorised under an Australian law or court/tribunal order;
  • a Permitted General Situation exists;
  • a Permitted Health Situation exists; or
  • the Group believes it reasonably necessary for one or more enforcement activities by, or on behalf of an enforcement

Where the Group has used or disclosed information under (b) – (f) above, the Group will take steps as are reasonable to ensure the information is de-identified before being used or disclosed.

6. Transfer of Personal Information overseas

If the Group is required to transfer any Personal Information outside Australia, the Group will comply with the provisions of the Act which apply to cross border data flows. The Group will only transfer Personal Information overseas where the context of the matter requires it. The Group will first take reasonable steps to ensure the recipient does not breach the APPs in relation to the information, except where:

  • the Group believes the recipient is subject to a scheme offering the same protection as the APPs, and there are mechanisms for the client to enforce that protection;
  • after being told that if the client consents to the disclosure, the Group is not required to ensure that the recipient conforms to the APP, and the client consents regardless;
  • the disclosure is required or authorised under an Australian law or court/tribunal order; or
  • a Permitted General Situation (other than the situation referred to in item (g) or (h) of the definition of Permitted General Situation below) exists in relation to the disclosure of the information by the

7. Identification

Where possible, and if directed by a client, the client will not be required to identify themselves when dealing with the Group in relation to a particular matter. The client will be required to identify themselves however where:

  • the Group is required or authorised under an Australian law or a court/tribunal order to deal only with clients who have identified themselves; or
  • it is impractical for the Group to deal with clients who have not identified

Generally, a client will be required to identify themselves when they are a client of the Group. However, the Group will not disclose a client’s identity to a third party unless the matter necessitates it, or as directed by the client. The Group will not adopt a government related identifier of a client (including those assigned by a state or territory) as its own.

8. Unsolicited Personal Information

If the Group receives unsolicited Personal Information, the Group will determine as soon as possible, whether the information is required for the client’s purposes with the Group. If the information is not required, provided it is lawful and reasonable to do so, the Group will either destroy the information, or ensure that it is made known to the client.

9. Security

The Group will use all prudent methods to keep all Personal Information safe and secure from unauthorised access through the use of firewalls, anti-virus software and secure filing systems. Where the Personal Information is no longer required for the purpose for which it was disclosed, and the Group is not required by law to retain it, the Group will take reasonable steps to destroy the information.

10. Data Breach Response

The Group will continue to comply with its ongoing obligations under the Act to take reasonable steps to protect Personal Information from misuse, interference and loss and from unauthored access, modification and disclosure. In the event that a data breach is detected and is determined to likely result in serious harm to a client, the Group will take all reasonable steps to contain the suspected or actual breach and will notify the Office of the Australian Information Commissioner as well as the client in accordance with the Act. A formal review will be conducted by the Group following any data breach in order to investigate the cause and develop an action plan.

11. Access to Personal Information

Clients are entitled to access their Personal Information held by the Group, provided that one of the following exceptions does not apply:

  • the Group reasonably believes that giving access would pose a serious threat to
  • the life, health or safety of a client, or to public safety;
  • giving access would in the Group’s opinion, have an unreasonable impact on the
  • privacy of other individuals / clients;
  • the request for access is frivolous or vexatious;
  • the information relates to existing or anticipated legal proceedings between the Group and the client, and would not be accessible through the process of discovery in those proceedings;
  • giving access would reveal the intentions of the Group in relation to negotiations with the client in such a way as to prejudice those negotiations;
  • giving access would be unlawful;
  • denying access is required or authorised by or under an Australian law or a
  • court/tribunal order;
  • both of the following apply: the Group has reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to the Group’s functions or activities has been, is being or may be engaged in; giving access would be likely to prejudice the taking of appropriate action in relation to the
  • giving access would be likely to prejudice one or more enforcement related
  • activities conducted by, or on behalf of, an enforcement body; or
  • giving access would reveal evaluative information generated within the Group in
  • connection with a commercially sensitive decision-making

Upon request by a client for access to Personal Information, the Group will respond and provide access within a reasonable time, if it is reasonable and practical to do so. If the Group refuses to give the client access to the Personal Information for a reason detailed above, the Group must:

  • endeavour to take reasonable steps to give access in a way that meets the
  • needs of the Group and the client; or
  • provide a written notice to the client that sets out: the reasons for the refusal except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so; the mechanisms available to complain about the refusal; and any other matter prescribed by the regulations to the

The Group may charge a reasonable fee to the client for costs incurred in providing the information to the client.

12. Information Integrity

The Group wishes to maintain the integrity of the Personal Information that it holds by updating its databases as required. Clients are encouraged to notify the Group immediately if there is a change to their Personal Information by contacting the Group’s Privacy Officer on (02) 6162 0681.

If the Group is satisfied that Personal Information about a client held by the Group, having regard to the reason the Personal Information is held, is inaccurate, out of date, incomplete, irrelevant or misleading, or the client requests the Group to update or correct the Personal Information, then the Group will take all reasonable steps to correct the information. The client may request that the Group update the Personal Information provided by the Group to any other entity on behalf of the client.

Even if requested to do so, the Group may refuse to correct Personal Information, in which case the Group will give the client a written notice setting out:

  • the reasons for the refusal to correct the Personal Information (except where it would be unreasonable to provide those reasons);
  • mechanisms available to the client to complain about the refusal; and
  • any other matter prescribed by

Where the Group has refused to correct the Personal Information of a client, the client may request that the Group associate a statement with the Personal Information that the Personal Information is inaccurate, out of date, incomplete, irrelevant or misleading. The statement will be made apparent to users of the Personal Information.

Where a request is made by a client to update or attach a statement to the information, the Group will respond within a reasonable period after the request is made.

13. Credit Card Information

Credit card information may be obtained for payment processing only. Credit card information is not stored on the Group’s database, however receipts will be kept on file or with our accounts department.

14. Names and addresses

The Group values its clients greatly. It does keep a record of clients’ names and addresses for ensuring that there is no conflict in acting for certain clients. The Group also uses this list for its own marketing and distribution of material, and as a client, unless you tell us, the Group assumes you agree to receive material from us. However, this information is not and will not be divulged outside the Group, and a client can, of course, at any time, request to be removed from any list or mail or email material, and the Group will happily do so.

15. Errors

The Group will promptly correct any error about a client’s Personal Information as soon as it is brought to the Group’s attention. Information on accessing Personal Information records may be obtained by contacting the Group’s Privacy Officer on (02) 6162 0681

16. Complaints

Clients may contact the Group’s Privacy Officer on (02) 6162 0681 if a client has any concerns or complaints about the manner in which Personal Information has been collected or handled by the Group.

1 Sensitive Information means 1 Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable: whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or not.

  • information or an opinion about an individual’s: racial or ethnic origin; or political opinions; or
  • membership of a political association; or
  • religious beliefs or affiliations; or
  • philosophical beliefs; or
  • membership of a professional or trade association; or
  • membership of a trade union; or
  • sexual orientation or practices; or
  • criminal record;

that is also Personal Information; or

  • health information about an individual; or
  • genetic information about an individual that is not otherwise health information; or
  • biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or
  • biometric

1 Permitted General Situation means it is unreasonable or impracticable to obtain the individual’s consent to the collection, use or disclosure; and the Firm reasonably believes that the collection, use or disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety,

OR

the Firm has reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to the Firm’s functions or activities has been, is being or may be engaged in; and the Firm reasonably believes that the collection, use or disclosure is necessary in order for the Firm to take appropriate action in relation to the matter,

OR

the Firm reasonably believes that the collection, use or disclosure is reasonably necessary to assist any APP entity, body or person to locate a person who has been reported as missing; and the collection, use or disclosure complies with the rules made by the Privacy Commissioner, 

OR

the collection, use or disclosure is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim,

OR

the collection, use or disclosure is reasonably necessary for the purposes of a confidential alternative dispute resolution

1 Permitted Health Situation means a situation described in paragraph 16B of the APPs.