OpenAgent understands that when you use our website, products or services, you are trusting us to handle your data respectfully and appropriately. In order for you to make an informed decision about providing us with your personal information, you need access to relevant information. As a result, we’re transparent about our use of your personal information, as well as de-identified data.
We are subject to the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs). The APPs set out the manner in which we may collect, store, use and disclose personal information and how a person, such as yourself, can access and/or correct records containing their personal information.
If you have any questions, we encourage you to contact us. We’re here to help.
Any material revisions of this policy that would result in a material detriment to you will be notified to you by a posting on the website, via e-mail or any other means available to us.
Personal information is information about an identified individual, or an individual who is reasonably identifiable. This information does not need to be true or recorded in a material form in order to be counted as personal information.
Whether information is personal information is determined by giving due consideration to whether it is information about an identified individual or about an individual who is reasonably identifiable. For example, sometimes you might provide us with information that has no connection to you as an individual or will not reveal or convey anything about you. This type of information is not personal information.
OpenAgent does collect different types of information that are explicitly recognised as constituting personal information under the Privacy Act. For example:
- your name and contact details;
- your residential or investment property address;
- information about your real estate interests or private/family situation;
- commentary and opinions, including your tastes and preferences;
- images, including (without limitation) photos, 3D virtual tours or renderings, floor plans, illustrations or other material;
- limited credit information (if relevant to the Services);
- billing information (if relevant to the Services);
- employee record and tax file number information (this is only relevant if you work for us).
The type of personal information that we may collect and the reasons for using it will depend on the nature of your relationship with us but may include the types of information set out above, and the purposes set out below under ‘How We Use Personal Information & De-Identified Data’.
We will also collect general information that is not personal to you. This type of information generally relates to your behaviour on the site. It includes things like (but not limited to):
- the type of browser you are using;
- your operating system (e.g. Windows, Mac);
- the date and time of your visit to our website;
- the pages accessed and your top-level domain name (e.g. .com, .gov, .au); and
- how you came to our website.
It also includes information that will help us trouble-shoot problems, analyse our resources and improve the Services. We may also use it for statistical purposes. We will only use this type of information to attempt to identify you in the unlikely event of an investigation by a law enforcement agency or other government agency. You can contact us at any time to ask what other general information we have collected through your engagement with the Services.
We understand that in our interactions with you, there may be information shared which is not relevant our Services. When we receive unsolicited personal information (including sensitive information), we will determine the appropriateness of collecting such information. Examples of sensitive information are racial or ethnicity information, political opinions or associations and health information. If it is appropriate, we will handle the information as outlined in this policy. If it is not appropriate, and the information is not contained in a Commonwealth record, we will destroy or de-identify it as soon as practicable, but only if it is lawful and reasonable to do so.
There are many aspects of our website that can be viewed without providing personal information. However, for access to some of our products and services (for example, the Vendor Research Services and OpenEstimates), you are required to submit personally identifiable information. This may include - but is not limited to - your name, email, phone, address. You may also need to provide us with personal information to log into an account. In limited circumstances, we may request information to confirm your identity and property ownership, or to determine your suitability for a particular product or service.
To be clear, you are not obligated to provide us with your information. You can use a pseudonym or not identify yourself. However, our ability to provide a personalised and relevant service to you is dependent on the accuracy of information given to us. We may be limited in our ability to assist you (but we'll still try!).
If we have received personal information that is immaterial to the provision of the Services, we will either delete or destroy it as soon as practicable (but only if it is lawful and reasonable to do so), or ensure that the information is de-identified. In certain circumstances we may be required or permitted by law, court or tribunal order to collect certain personal information about you.
By providing us with personal information, you represent to us that this is your own information or information which you have been authorised to provide. Where you provide us with your personal information but wish to limit the use and disclosure of the personal information, you should expressly state those limitations to us in writing.
If you are a real estate agency providing us with personal information as it relates to you customers, you must only provide such information in compliance with the Privacy Act. You must not provide us with personal information without the consent of the individual it relates to.
We collect information from you whenever you visit our website, register to use the Services, request further information about us or interact with related software (including through mobile applications). This information is collected automatically using tracking technologies, including cookies, and through your submission of webforms to us.
More specifically, we collect information from:
- You and your authorised representatives. For example, when you provide information by phone, in application forms or other agreements. This extends to information provided by joint applicants, permitted where you have authorised the disclosure and it is unreasonable or impractical for us to also collect that information directly from you.
- Third parties. For example, our commercial partners such as real estate agents, service and survey providers or marketing providers. These parties are required to only share your personal information with us where you have given consent. You can request more information on how we collected your personal information on the Contact Us details below.
- Our related bodies corporate. For example, our subsidiaries including propper Pty Ltd and Doorsteps Finance Pty Ltd may share your information with us from time to time.
- publicly available sources of information;
- your participation in activities or offers, including any of our online competitions or promotions;
- your access of our services through a social network or third-party site;
- submission of information to us as part of an employment opportunity;
- digital tracking tools (for example, Google Analytics and Google Signals); and
- where you provide us with feedback or make a complaint.
We don't collect information for the sake of it. All the information we gather has a specific purpose. Those purposes are identified below under "How We Use Personal Information & De-identified Data". For example, by completing a web-form, we are able to personalise a service to your stated needs, and then follow up to make sure you’re happy. Any information that we receive will also be used to provide a better or more relevant service or product to you. The information we collect also allows us to learn more about who is interested in the Services. By further understanding how you interact with content on our website, including tracking the content that you view most, we can improve the navigational experience on our website and commit to providing you with more information that we know you’re likely to be interested in.
If you enter into a contract for our Services where a fee is payable, we will need to collect and use your payment information, including your credit/debit card details. This type of personal information is processed strictly in accordance with the relevant payment card provider’s terms.
We believe in transparency so if you want further information on when we have collected your personal information and for what purpose, please don't hesitate to contact us.
The main ways we use your personal information and de-identified data are set out as follows:
Provide and personalise OpenAgent’s Services
· to contact you;
· to verify your identity;
· to check your eligibility for OpenAgent's Services;
· to assist you in gaining approval for, or provision of, a product or service;
· to provide and personalise products and services to you;
· to establish, administer and manage your account and/or profile, including verifications of profiles, monitoring and reporting as required under our terms or under any applicable laws;
· to facilitate communications between you and us or a Stakeholder* that you have requested contact with, including (without limitation) real estate agents, buyers or vendors of real estate property, credit providers or their intermediaries;
· to refer you to a related body corporate of OpenAgent.
We use Personal Information for this.
Improve and develop OpenAgent’s Services
· to understand, diagnose, troubleshoot, and fix issues with OpenAgent's Services;
· to evaluate and develop new content, features, technologies, and improvements to OpenAgent's Services, including the development, administration and enhancement of algorithms, functionality and performance;
Creation of Content, Advertising and Marketing
· to generate and provide stories, commentary, and property profiles or descriptions (including without limitation, the sharing of feedback or reviews, photos or other personal information) accessible through OpenAgent Services, associated websites and/or social media channels;
· to create, host, publish, post, share, store or upload photos illustrations, text, video, still images, audio, interactive virtual tours and schematic floor plans or other material of a real estate property on our platform and with our Stakeholders;
· to generate and report aggregate statistics to advertisers and our service providers and third-parties;
· to create or distribute advertising and marketing material that is relevant to you, including material relevant to or on behalf of our Stakeholders - for example, Doorsteps Finance Pty Ltd;
· to initiate and develop new business opportunities for us and our Stakeholders;
· to nurture and verify your data profile by combining your personal information with information we have collected from other sources in order to generate and report analytics, insights and research (including without limitation, your propensity to buy or sell property) for us, and for our Stakeholders;
We use Personal Information and De-Identified Information for this.
· for quality assurance and training purposes;
· to conduct business planning, reporting, and forecasting;
· to administer and manage delivery of products and services, including matters relating to making payments;
· to communicate with you in relation to OpenAgent's Services, which includes notifying you of changes, surveys, and information about security updates;
We use Personal Information and De-Identified Information for this.
Legal Obligations and Compliance
· to satisfy legal obligations which may arise from agreements or contracts entered into, including (without limitation) the management and marketing of real estate interests;
· to comply with law enforcement requests including (without limitation), taking appropriate action with respect to reports of intellectual property infringement and inappropriate content;
· to manage our risks, including by identifying and/or investigating illegal activity;
· in the establishment, exercise or defence of legal claims, whether administrative, an in-court proceeding or in out-of-court procedure; and
· any other uses identified at the time of collecting your personal information.
We use Personal Information and De-Identified Information for this.
* A “Stakeholder” is a related body corporate of OpenAgent or third-party service provider (such as real estate agents or mortgage brokers).
If you are a Stakeholder collaborating with us in connection with the Services then we may also use personal information:
- to process any payments and for invoicing generally; and
- for disclosure to debt collection agencies to recover any amounts you owe to us.
In oorder to deliver the products or services you require, we may disclose your personal information to organisations outside of OpenAgent and to Stakeholders.
Your personal information and de-identified data may be disclosed, if appropriate, to our related body corporates and any other business or organisation in order to facilitate the purpose for which the information was collected. Those purposes are identified above under "How We Use Personal Information & De-identified Data”.
We may share your personal information with our related body corporates, including details relevant to whether and to what extent you have engaged with us, in order to further facilitate business operations and to advertise, facilitate, maintain or deliver more relevant products and services to you.
When we disclose your personal information to organisations outside OpenAgent, it is only for the purpose of assisting OpenAgent in delivering or supporting the Services to you, or to complete a referral consented to by you. For example, if you tell us you want to hear from a recommended agent, we will provide your personal information to them. More specific examples include:
- anybody who represents you, such as real estate agents involved in the sale or purchase of your property;
- your potential or actual employer, referees or identity verification services;
- credit providers and mortgage broking service providers, including Australian Banks and non-bank lenders including Doorsteps Finance Pty Ltd for the provision of credit, financial or insurance services, subject to you having provided us with consent
- our related bodies corporate and our professional advisers;
- selected business and commercial partners who generate or manage business for us, or any entity that has an interest in our business;
- government and regulatory authorities and other organisations under which we are governed and other bodies as required or authorised by law;
- any relevant industry body, tribunal, court or otherwise in connection with any complaint, dispute or litigation;
- social media companies, including Facebook;
- if you conduct any transaction that requires a payment by you (or us), some of your details may be provided to a third-party payment processor to allow the transaction to be completed;
- a service provider to allow data analytics to be performed, including Google Analytics and Google Signals; and
- anyone else, subject to you having provided us with consent.
Those entities will be permitted to obtain only the personal information necessary to deliver the product, service or analysis or purpose relevant to the disclosure. We take reasonable steps to ensure that these organisations and individuals are bound by equivalent confidentiality and privacy obligations in relation to the protection of your personal information. If you would like to know who has been given access to your personal information, just ask! Remember, if you do provide us with your personal information and you wish to limit the use and disclosure of personal information, you should expressly state those limitations to us in writing.
We may also share with or permit the use of de-identified data or content by others, including our Stakeholders, for the purposes of posting or contributing material about real estate properties, as well as performing data analytics which serve a commercial purpose. This extends to research for and execution of marketing initiatives around OpenAgent and non-OpenAgent product offerings. Content includes 3D virtual tours, floorplans, photographs, video, or other images in any form or by any means (including, without limitation, electronic mechanical, micro-copying, photocopying, recording or otherwise) that are created, generated, used, copied reproduced, stored or transmitted in connection with your use of any of our Services. If you do not wish for this to occur, you must state those limitations to us in writing via the following methods:
By post: PO Box 419, Alexandria NSW 1435; or
By email: email@example.com.
From time to time, these parties may reside outside Australia. For example, service teams who reside in New Zealand and the Philippines may assist us in providing the Services to you. In addition, OpenAgent uses services provided by Google to store and process data. As a result, Google may transfer, store and process personal information in the United States or any other country in which Google or its agents maintain facilities.
At minimum, we require appropriate technical and organisational security standards, consistent with Privacy Law. However, by agreeing to the disclosure of your personal information to these entities outside of Australia, you acknowledge that we will no longer be required to take reasonable steps to ensure the recipient’s compliance with the Australian privacy law in relation to your personal information and to the extent permitted by law, we will not be liable to you for any breach of the Australian privacy law by these overseas recipients. On this basis, you consent to such disclosure.
To access the personal information we hold about you, please contact us. From time to time, we may need to consult with other entities before proceeding with your request. As such, we will respond to your request within 30 days, unless otherwise notified to you. We will give access in the manner you have requested and at no-cost, if it is reasonable to do so. If any fees do apply, we will notify you in writing and shall await your payment before proceeding.
We may deny you access to your personal information in certain circumstances, for example, if required or authorised by or under an Australian law or a court/tribunal order, or it would be likely to prejudice enforcement related activities by an enforcement body. If we do not give you access, we will provide you with the reasons for the refusal (except where it would be unreasonable to do so) and information on how you can complain about the refusal, in writing.
We take reasonable steps to ensure that the personal information we hold about you is accurate, complete and up to date. However, we also rely on you to advise us of any changes to your personal information. Please contact us on the details provided below as soon as possible if there are any changes to your personal information or if you believe the personal information, we hold about you is not accurate, complete or up-to-date and we will update your records accordingly.
If appropriate, we will correct the personal information at the time of the request. In some circumstances, we will need to conduct an investigation, after which we will notify you of the decision to update or change your personal information within 30 days of the initial request. This timeframe is a result of the need to consult with other entities from time to time as part of our investigation. If we refuse to correct personal information, we will provide you with our reasons for not correcting the information. If we refuse your request to correct your personal information, at your request, we will include a note to your personal information which states you disagree with its accuracy or completeness.
For us to successfully do business with you it will not (in most circumstances) be practical for us to deal with you without you providing relevant personal information to us. However, where it is lawful and practicable to do so, you may deal with us anonymously or by using a pseudonym.
We use de-identified data for research and commercial purposes, such as creating reports and insights. For example, we will use and share historical and current de-identified user and transactional data to develop marketing initiatives, statistical analysis, business planning and product offerings. Those understandings, whether developed internally or in connection with a third party may also be provided to our Stakeholders from time to time. If you have any concerns or questions about our approach to, or use of, de-identified data, please let us know.
From time to time, we may use automated decision making to help us pursue our legitimate interests in improving our Service and providing you with relevant marketing material We do not use this information to develop a personalised profile of you. We may also use automatic decision making to identify and prevent spam or other prohibited behaviours, including abusive or fraudulent activity, taking place via the Services. Further details ae provided under ‘Cookies’. If you are unable to access your account at any time, please contact us.
More specifically, OpenAgent does use Google Analytics and Google Signals.
Google Signals allows us to assign and track the customer journey of an individual website visitor to different end devices. For example, we can see when a user clicks on an OpenAgent ad on one device and then registers for our services on another device. However, we can only see this if the user has logged in to a Google service when visiting a website and has activated the option "personalised advertising" in their Google account settings at the same time. No personal data or user profiles are accessible to us; this means you remain anonymous to us.
If you do not want "Google Signals" to be used, you can disable the "Ads Personalisation" option in your Google Account preferences.
Our website may contain links to the websites of other entities. If you click on such links, you will be transferred to the website of these entities. Those third parties may collect information about you (including, without limitation, cookie and web beacon information, information about your preferences or other information you have provided about yourself), and we may also collect or have access to that information as part of our arrangements with those third parties.
We will store your personal information for as long as needed to provide you with the relevant Services and to operate our business. We store this information in different ways, including in paper and electronic form. At any time, you can request to access your personal information held on our website (subject to service outages) to keep it updated. We will also delete specific personal information upon request, unless deleting that information prevents us from carrying out necessary business functions, such as billing and conducting required audits. Please note, there may be a delay in completing erasure as we track down all other copies from our active and backup systems. If we are unable to delete your data, we will transform it so that it can no longer be used to identify you.
We have a variety of appropriate security measures to protect the security of your personal information both online and offline. These measures vary based on the sensitivity of the personal information we collect, process and store and the current state of technology. It includes physical and electronic measures. Although we aim to create a safe, secure environment, we cannot guarantee that unauthorised parties will not gain access but will notify you regarding eligible data breaches if they are likely to result in serious harm to you.
The Notifiable Data Breaches (NDB) scheme applies to eligible data breaches that occur on or after 22 February 2018. It mandates a reporting and notification process for OpenAgent. The Office of the Australian Information Commissioner (OAIC) administers the NDB Scheme.
- there is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, that OpenAgent holds; and
- this is likely to result in serious harm to one or more individuals; and
- we have not been able to prevent the likely risk of serious harm with remedial action,
then OpenAgent is required to notify the OAIC and impacted individuals about the incident.
There is a broad scope of activities that would be considered unauthorised access, unauthorised disclosure or loss of personal information. Some examples include:
- a third-party hacking our systems or databases;
- a person browsing customer records without any legitimate or authorised purpose;
- a laptop containing personal information is stolen or lost;
- a person sends an email containing personal information to the contact.
The NDB scheme ensures that as an organisation, we are accountable for your privacy protection. The notification process is important for building a relationship of trust and transparency. In addition, by keeping you notified, you’re better able to take steps to mitigate harm, such as changing passwords or being alert to phishing emails or scams. In the interim, OpenAgent would also be taking steps to remediate the breach and will keep you advised on our progress, including the security measures being undertaken.
Please contact us on the details provided below if you have any questions about this.
As of 25 May 2018, the European Union’s General Data Protection Regulation (GDPR) serves to regulate data protection and privacy for individuals in the European Union (EU), including the processing of personal information. Our collection, use, disclosure and processing of your personal information is regulated by the GDPR if we offer the Services to you while you are in the EU, or if we monitor your behaviour while you are located or residing in the EU (Data Subject).
The GDPR provides Data Subjects with certain rights. These include the right of access; the right to be informed; the right to object; the right to withdraw consent; the right to rectification; the right to erasure; the right to data portability; the right to restrict processing (in particular circumstances); and the right to object to automated decision making in limited circumstances. If you need further information on these rights, please contact us on the details provided below.
As a Data Subject, you can request and obtain:
- copies of your data and how OpenAgent is using it;
- details of how long the data will be stored; and
- information about whom the data may be disclosed to.
You can also contact us at any time to learn about the security measures taken by OpenAgent to safeguard your data on the details provided below.
For clarity, OpenAgent will only collect and store your data if you have provided express consent and if the provision of your personal data is necessary for the performance of an agreement between yourself and OpenAgent, including fulfilment of pre-contractual obligations.
We will collect information using cookies when you use the OpenAgent website, including any mobile or tablet applications. These cookies will tell us about your visit to our website and help us to remember you, allowing us to create a customised experience for your next visit. For example, marketing cookies help us to determine which of the Services may be of interest and value to you and then tell you about them.
OpenAgent may also collect your data to comply with legal obligations, and if the processing of your data is related to a matter in the public interest or in the exercise of official authority vested in OpenAgent. OpenAgent’s reliance on ‘legal obligations’ grounds is our legitimate interest in providing our Services to you and to develop our business, but only in circumstances where our not outweighed by our obligation to protect your privacy. We may also collect and use your information to satisfy our contractual obligations with you or your authorised representatives, and to comply with any requirements by law.
Please note, you have the right to object at any time to the processing of your personal data. If processing occurs for legitimate business interests, you will need to provide us with grounds justifying your objection. If we are processing your personal data for direct marketing relating to OpenAgent, you can object without any justification. We want to know about your objections as soon as possible, so please don’t hesitate to contact us and let us know.
Under the GDPR, you can also request information about whether we are transferring any of your personal data to another country; or an international organization governed by public international law or set up by two or more countries. You can also elect to have your personal data transmitted to another controller if your personal data is being processed by automated means and if the processing is based on your contracted consent.
For clarity, we will only send your personal information outside of the European Economic Area (EEA) where you instruct us to do so or to comply with the law or to work with other companies within the OpenAgent Group, partners and third-parties who help us deliver the Services. If we disclose and store your personal information outside the EEA, we will only do so if it is protected to an equivalent or higher standard than GDPR. For example, we will require the recipient of your personal information to:
- enter into standard model clauses, which can be viewed here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en;
- be based in jurisdictions that the European Commission has determined to offer adequate protection for your personal information; or
- agree to comply with schemes approved by the European Commission to protect your personal information.
Finally, your personal data will only be processed and stored for as long as required by the purpose for which it has been collected for. Following withdrawal of consent, or where there is no legitimate need for your personal data, we will delete it. Please note, there may be a delay in completing erasure as we track down all other copies from our active and backup systems.
OpenAgent will collect personal information from you if you apply for a job with and/or become employed by us. In these circumstances:
- you authorise us to collect any personal information (whether written or verbal) from any referee or previous employer specified in your application for employment or curriculum vitae for evaluation of your application for employment and to hold such information on your personal file for future evaluation of your employment by us; and
- you acknowledge that we collect your personal information for the purpose of evaluating your application for employment and, should you accept employment with us, the assessment of your continued employment by us and the administration by us of your remuneration and any PAYG obligations;
- you acknowledge that a failure by you to provide the requested personal information will have a detrimental effect on our ability to give your application proper consideration. You can request to access and/or correct your personal information at any time.
We care about your rights and want you to feel confident in how we store and use your personal information.
We encourage you to speak to us about your complaint directly. Please provide as much information as possible, with any supporting documentation if relevant. This will help us to resolve your complaint as quickly as possible. After contacting us with details of a complaint, you will receive an initial response from us within five (5) business days, to acknowledge we have received your feedback. We will then investigate the matter internally, and may liaise with you for further details, in writing and over phone, where and if appropriate. You will receive in writing the outcome of your complaint within 30 calendar days.
Please contact us immediately if you become aware of or have reason to suspect any breach of security, including unauthorised use of your account or handling of your personal information.
For more general information regarding privacy in Australia, visit the website of the Office of the Australian Information Commissioner (www.oaic.gov.au):