1. Information We Collect

When you use our services, we collect different types of information depending on how you interact with us. Here's what we gather and why.

Personal Identification Information

This includes your name, address, date of birth, and contact details. We need this to verify your identity and comply with Australian financial regulations. You'll provide most of this when you first register with us.

Financial Information

We collect details about your income, expenses, assets, and liabilities. This helps us understand your financial situation so we can provide relevant guidance and services. Transaction history falls under this category too.

Technical Data

When you visit our website, we automatically collect information like your IP address, browser type, device information, and how you navigate through our pages. This helps us improve our digital experience and keep things secure.

Communication Records

We keep records of emails, phone calls, and messages between you and our team. These help us maintain service quality and resolve any questions that might come up later.

2. How We Use Your Information

Your data serves specific purposes. We don't use it for anything outside these categories:

• Service Delivery: We use your information to provide the financial services you've requested. This includes account management, transaction processing, and personalized advice.
• Legal Compliance: Australian law requires us to verify identities, report certain transactions, and maintain specific records. Your data helps us meet these obligations.
• Security and Fraud Prevention: We monitor activity patterns to detect unusual behaviour that might indicate fraud or unauthorized access.
• Communication: We'll contact you about your account, service updates, or important changes to our terms. Occasionally, we might share relevant information about new services — but you can opt out of these messages.
• Service Improvement: Aggregated, anonymized data helps us understand how people use our services and where we can do better.

3. Legal Basis for Processing

Under the Australian Privacy Act 1988 and Australian Privacy Principles (APPs), we process your data based on several legal grounds:

Consent

When you sign up for our services, you're giving us permission to process your information for the purposes we've outlined. You can withdraw this consent, though it might limit what services we can provide.

Contractual Necessity

Some data processing is essential to fulfill our service agreement with you. Without it, we simply can't deliver what you've asked for.

Legal Obligations

Financial services in Australia come with strict regulatory requirements. We process certain data because the law requires it — not because we want to be nosy.

Legitimate Interests

Sometimes we process data to protect our business interests or improve services, as long as this doesn't override your privacy rights. We always balance these carefully.

4. Data Sharing and Disclosure

We don't sell your information to third parties. Period. But we do share data in specific circumstances:

Service Providers

We work with trusted companies that help us run our business — payment processors, cloud hosting providers, customer support platforms. These partners can only use your data to provide services to us, and they're bound by strict confidentiality agreements.

Regulatory Bodies

When required by law, we share information with Australian financial regulators, tax authorities, and law enforcement. This isn't optional — it's part of operating legally in Australia.

Professional Advisors

Our lawyers, accountants, and auditors sometimes need access to client data to help us maintain compliance and run our business properly.

Business Transfers

If cavalunthos is acquired or merged with another company, your information would likely be transferred as part of that transaction. You'd be notified if this happens.

5. Data Security Measures

Protecting your information isn't just good practice — it's fundamental to what we do. Here's how we keep things secure:

Technical Safeguards

We use industry-standard encryption for data transmission and storage. All sensitive information is encrypted both in transit and at rest. Our systems are regularly updated and patched against known vulnerabilities.

Access Controls

Only authorized staff can access your data, and they only see what's necessary for their role. We maintain detailed logs of who accesses what and when.

Physical Security

Our servers are housed in secure Australian data centres with restricted access, surveillance, and environmental controls.

Regular Assessments

We conduct periodic security audits and penetration testing to identify and fix potential weaknesses before they become problems.

6. Your Privacy Rights

You have significant control over your personal information. Here's what you can do:

Access Your Data

You can request a copy of all personal information we hold about you. We'll provide this within 30 days, free of charge for your first request each year.

Correct Inaccuracies

If any of your information is wrong or outdated, let us know and we'll fix it promptly. Accurate data benefits everyone.

Request Deletion

You can ask us to delete your data, subject to any legal obligations we have to retain certain records. Financial regulations often require us to keep information for specific periods.

Object to Processing

If you disagree with how we're using your data, you can object. We'll review your request and stop the processing unless we have compelling legal grounds to continue.

Data Portability

Where technically feasible, you can request your data in a machine-readable format to transfer to another service provider.

Withdraw Consent

For processing based on consent, you can withdraw that permission at any time. This won't affect processing that happened before you withdrew consent.

7. Data Retention

We don't keep your information longer than necessary. But "necessary" varies depending on the type of data:

• Account Information: Kept for the duration of your relationship with us, plus seven years afterwards to meet regulatory requirements.
• Transaction Records: Retained for seven years from the date of the transaction, as required by Australian tax and financial regulations.
• Communication Records: Generally kept for five years, unless they relate to specific transactions or disputes that require longer retention.
• Technical Logs: Usually deleted after 12 months unless needed for security investigations or legal proceedings.
• Marketing Preferences: Maintained until you change them or close your account.

When we no longer need your data, we securely delete it using methods that make recovery impossible.

8. International Data Transfers

Your data is primarily stored in Australia. However, some of our service providers operate internationally, which means your information might be processed overseas.

When this happens, we ensure adequate protections are in place through contractual agreements that require equivalent security standards. We work with providers in countries that Australia recognizes as having adequate privacy protections.

You have the right to know where your data is stored and processed. Contact us if you want specific details about international transfers.

9. Cookies and Tracking

Our website uses cookies — small text files stored on your device. Here's what they do:

Essential Cookies

These are necessary for the website to function. They remember your login status and security settings. You can't disable these without breaking the site.

Performance Cookies

These help us understand how visitors use our site by collecting anonymous data about page visits, time spent, and navigation patterns.

Preference Cookies

These remember your choices — like language settings or display preferences — to make your next visit smoother.

You can control cookies through your browser settings. Blocking all cookies might limit website functionality, but you'll still be able to access basic services.

10. Children's Privacy

Our services are designed for adults. We don't knowingly collect information from anyone under 18 without parental consent.

If you're a parent and believe your child has provided us with personal information, contact us immediately and we'll delete it.

11. Changes to This Policy

Privacy practices evolve, and so does legislation. We review this policy regularly and update it when necessary.

When we make significant changes, we'll notify you by email and post a notice on our website. The "Last Updated" date at the top of this page shows when the most recent changes were made.

Continuing to use our services after we've notified you of changes means you accept the updated policy. If you disagree with changes, you can close your account.

12. Making Complaints

If you're unhappy with how we've handled your personal information, we want to know about it.

First, contact our privacy officer using the details below. We'll investigate and respond within 30 days.

If you're not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC). They're an independent body that handles privacy complaints: