Privacy Policy – Greyfield

Privacy policy.

GREYFIELD ASSET MANAGEMENT PTY LTD

APP Privacy Policy

Greyfield Asset Management Pty Ltd (we, us, our) is committed to protecting personal information and meeting our obligations under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy explains how we manage personal information across our asset management activities, our websites and digital channels, and our interactions with clients, investors, counterparties, contractors and applicants.

1. Who We Are and Scope

This policy applies to Greyfield Asset Management Pty Ltd and any related entities that handle personal information on our behalf. It covers personal information collected in Australia in connection with our asset management services, including in-person meetings, over the phone, via email and messaging, through forms (paper or online), our websites and social media, CCTV at our premises, and third-party platforms we use (for example, investor portals and customer relationship systems). Where we engage service providers to process personal information for us, they must handle it in accordance with this policy and the APPs.

2. What Is Personal Information?

‘Personal information’ is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not and whether recorded in a material form or not. Some personal information is ‘sensitive information’ (e.g. health, biometric, criminal history, racial or ethnic origin, religious beliefs, sexual orientation, trade union membership). We only collect sensitive information where reasonably necessary and with consent or as permitted by law.

3. The Kinds of Personal Information We Collect

Depending on your relationship with us, we may collect:

Identification and contact details (name, address, email, phone, date of birth).
Proof of identity details (e.g. driver licence, passport, Medicare card) – we generally avoid retaining government identifiers and may mask or redact where practicable.
Investment, financial and transaction details (investment amounts, account details, ownership interests, transaction records, statements, reports).
Employment and financial details provided in applications (employer, income, references) to assess suitability.
Interactions and preferences (enquiry history, communication records, marketing preferences, call recordings where notified).
Device, technical and usage data from our websites (IP address, device identifiers, pages viewed, cookies/analytics). CCTV footage at our premises for security and incident management.
Health or accessibility information that you choose to provide to facilitate meetings or reasonable adjustments.
For contractors/suppliers: ABN, insurance, qualifications and compliance documentation.

4. How We Collect Personal Information

We usually collect information directly from you when you enquire, engage our services, lodge an application, sign an agreement, request information, interact with us online, or otherwise contact us. We may also collect information from third parties where lawful and reasonable, such as previous advisers, referees, publicly available sources (e.g. ASIC registers), service providers that assist with verification, and other counterparties engaged in connection with our services. If we receive unsolicited personal information that we do not need, we will deidentify or destroy it where lawful and reasonable.

5. Why We Collect, Use and Disclose Personal Information (Purposes)

We collect, use and disclose personal information to:

Provide and manage our asset management services.
Verify identity, assess applications, and manage client and investor relationships.
Communicate with you and respond to enquiries.
Manage reporting, billing, trust accounting and debt collection obligations.
Conduct business operations (IT support, analytics, training, risk management, record keeping and legal compliance).
Send direct marketing about services you may be interested in (you can opt out at any time).
Comply with laws and respond to lawful requests from regulators or law enforcement.

6. Direct Marketing and How to Opt Out

We may use your contact details to send you updates, market commentary and offers that we think may be relevant to you. We will always provide a simple way to unsubscribe from each message, or you can contact us using the details at Section 15 to opt out. We do not use sensitive information for direct marketing without consent.

7. Cookies, Analytics and Third Party Links

Our websites may use cookies and similar technologies (such as pixels and tags) to operate the site, remember your preferences and analyse traffic (for example, via analytics tools). You can control cookies via your browser settings; however, some features may not function properly if cookies are disabled. Our sites may link to third party websites. We are not responsible for the privacy practices of those sites; we recommend you review their privacy information.

8. Disclosing Personal Information (Including Typical Third Parties)

We may disclose personal information to: clients, investors and counterparties; previous or future advisers you nominate; conveyancers, solicitors and financial advisers; custodians, brokers and fund administrators; insurers and service providers engaged for operational purposes; IT and cloud hosting providers; marketing and analytics providers acting on our instructions; our professional advisers; regulatory authorities and dispute resolution bodies; and to any person as required or authorised by law. Where appropriate, we take reasonable steps (including contractual measures) to ensure service providers protect personal information and only use it for our purposes.

9. Overseas Disclosures (APP 8)

Some service providers or their support teams may be located outside Australia (for example, cloud hosting or help desk support). Before disclosing personal information overseas, we take reasonable steps to ensure the recipient will handle the information in accordance with the APPs (other than APP 1), such as by using enforceable contractual terms and oversight. Where an exception applies, we will rely on it only where appropriate and with necessary safeguards. Countries where overseas disclosures may occur include Australia, Cambodia, Canada, Denmark, India, Indonesia, Ireland, New Zealand, Philippines, South Africa, Switzerland, Thailand, the United Kingdom (UK), the United States of America (USA), and countries within Europe (including unspecified European countries).

10. Security of Personal Information (APP 11)

We implement technical and organisational measures to protect personal information from misuse, interference, loss and from unauthorised access, modification or disclosure. Measures include access controls, authentication, encryption in transit where appropriate, secure storage, staff training, confidentiality obligations with suppliers, secure disposal and data minimisation. We retain records only for as long as we need for our functions and legal obligations and then take reasonable steps to destroy or deidentify them.

11. Notifiable Data Breaches

If a data breach occurs that is likely to result in serious harm, we will assess and notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches (NDB) scheme. We maintain an incident response process to contain, assess and remediate suspected breaches.

12. Access and Correction (APP 12 & 13)

You can request access to the personal information we hold about you, and request that we correct it if it is inaccurate, out-of-date, incomplete, irrelevant or misleading. We will respond within a reasonable period. We may ask you to verify your identity. In some cases, we may refuse access or correction where it is permitted by law; if so, we will tell you why and how you can complain.

13. Employee Records

Certain acts or practices in handling current and former employees’ ’employee records’ may be exempt from the APPs when directly related to the employment relationship. This exemption is narrow and does not apply to prospective employees or to all handling of information about our staff. We still take reasonable steps to keep all staff information secure, and we manage recruitment information in accordance with this policy.

14. Children's Privacy

Our services are aimed at adults. We do not knowingly collect personal information about children unless it is reasonably necessary for our functions. We will take reasonable steps to handle children’s information appropriately. The OAIC is developing a Children’s Online Privacy Code due by 10 December 2026; we will update our practices and this policy to align with that Code where applicable.

15. How to Contact Us, Complaints and Escalation

If you have questions, would like to access or correct your information, opt out of marketing, or make a privacy complaint, please contact our Privacy Officer:

Privacy Officer

Name:     Matthew Nicholas
Phone:    0448 901 453
Email:    management@greyfield.com.au
Postal:   Suite 11, Level 9, 111 Phillip Street, Parramatta NSW 2150

We will acknowledge and investigate complaints and respond within a reasonable period. If you are not satisfied with our response, you can contact the OAIC: www.oaic.gov.au | 1300 363 992.

16. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will be available on our website and can be provided on request.

Appendix: Short Collection Notices (APP 5) – Examples

Client / Investor Onboarding (summary):

We collect your name and contact details to manage your onboarding, communicate about your investment, verify your identity and for regulatory compliance. If you do not provide these details, we may be unable to provide our services. We may disclose your details to our staff, custodians, administrators and service providers. See our Privacy Policy for more information, including how to access or correct your information and how to complain.

Service Enquiry (summary):

We collect personal information to assess your enquiry, verify details and communicate with you. If you do not provide information, we may not be able to process your enquiry. We may disclose your information to our staff and service providers, and government agencies as required. Overseas disclosures may occur via our IT providers. See our Privacy Policy for details and your rights.