Privacy Policy

1  Introduction and Scope

SIAC (Strategic Intelligence & Advisory Compliance) is an AML/CTF advisory practice based in Melbourne, Victoria, Australia. SIAC operates the website siac.com.au (the Website) and is committed to handling personal information responsibly, transparently, and in compliance with the Privacy Act 1988 (Cth) (the Act) and the Australian Privacy Principles (APPs).

1.1  Who This Policy Applies To

This Privacy Policy applies to all personal information collected by SIAC from:

• visitors to and users of the Website;
• individuals who purchase or download Products from the Website;
• individuals who register for an account on the Website;
• individuals who contact SIAC through the Website or by email; and
• individuals who subscribe to SIAC's marketing or update communications.

“Personal information” has the meaning given to it in the Act: information or an opinion about an identified individual or an individual who is reasonably identifiable, whether true or not, and whether recorded in a material form or not.

1.2  Our Commitment

SIAC collects only the personal information it needs, uses it only for the purposes for which it was collected, protects it from misuse or unauthorised disclosure, and gives individuals access to and control over their information in accordance with the APPs.

1.3  Relationship to Other Documents

This Privacy Policy should be read alongside SIAC's Website Terms and Conditions and Product Disclaimer. Where those documents address specific data-handling matters, this Policy provides the full privacy framework.

2  What Personal Information SIAC Collects

2.1  Information You Provide Directly

SIAC collects personal information that you voluntarily provide, including:

• Identity information: your full name, job title or role, and professional body membership details;
• Contact information: email address, phone number, and business or postal address;
• Business information: business name, Australian Business Number (ABN), business type, and professional sector;
• Transaction information: details of Products purchased, order history, and payment-related information (not including full card numbers, which are handled by the payment processor);
• Account credentials: username and encrypted password if you create a Website account;
• Communication content: the content of any enquiry, message, or feedback you submit through the Website or by email; and
• Marketing preferences: your subscription status and communication preferences.

2.2  Information Collected Automatically

When you access the Website, SIAC and its service providers may automatically collect:

• Technical data: IP address, device type, browser type and version, operating system, and screen resolution;
• Usage data: pages visited, time spent on pages, links clicked, referring URL, and navigation paths;
• Cookie and tracking data: see clause 8 for detail on cookies and similar technologies; and
• Transaction metadata: download timestamps, file access logs, and product delivery records.

2.3  Information from Third Parties

In limited circumstances, SIAC may receive personal information about you from third parties, including:

• payment processors (such as Stripe) who provide transaction status information;
• analytics providers (such as Google Analytics) who provide aggregated or pseudonymised usage statistics; and
• email delivery services who provide delivery and engagement data for communications.

SIAC does not purchase personal information from data brokers or third-party marketing lists.

2.4  Sensitive Information

SIAC does not intentionally collect sensitive information (as defined in the Act, including racial or ethnic origin, health information, or financial account details beyond what is required for payment processing). If you voluntarily include sensitive information in a communication to SIAC, SIAC will treat it with the heightened protections required by the APPs and will not use it for any purpose other than responding to your enquiry.

3  Why SIAC Collects Personal Information

3.1  Primary Purposes

SIAC collects and uses personal information for the following primary purposes:

• Processing and fulfilling product purchases, including sending order confirmations, download links, and purchase receipts;
• Creating and managing Website accounts;
• Responding to enquiries, feedback, and support requests submitted through the Website;
• Delivering digital Products and related documentation;
• Verifying the identity of purchasers and detecting and preventing fraud;
• Maintaining records of transactions and downloads as required by law; and
• Complying with SIAC's legal obligations.

3.2  Secondary Purposes

With your consent, or where permitted by the APPs, SIAC may also use your personal information for:

• Sending you marketing communications about new Products, regulatory updates, and advisory resources relevant to your sector — subject to your communication preferences and your right to opt out at any time;
• Improving the Website and Products through usage analytics, feedback, and aggregate research;
• Contacting you about updates to Products you have purchased; and
• Notifying you of material changes to these Terms or this Privacy Policy.

3.3  Direct Marketing — Consent and Opt-Out

SIAC will only send direct marketing communications where you have expressly or impliedly consented in accordance with the Privacy Act 1988 (Cth) and the Spam Act 2003 (Cth). You may withdraw consent and opt out of marketing communications at any time by:

• clicking the unsubscribe link in any marketing email; or
• contacting SIAC at siac.com.au/contact.

Opting out of marketing will not affect transactional communications related to active purchases or account management.

4  Disclosure of Personal Information

4.1  When SIAC Shares Information

SIAC does not sell, rent, or trade personal information. SIAC may share personal information with third parties only in the following circumstances:

• Service providers: SIAC engages third-party service providers who perform functions on SIAC's behalf, including payment processing (e.g. Stripe), email delivery (e.g. Mailchimp or equivalent), website hosting, and analytics. These providers access personal information only to the extent necessary to perform their services and are contractually required to handle it in accordance with applicable privacy law.
• Legal requirements: SIAC may disclose personal information where required or authorised by law — for example, to comply with a court order, subpoena, or regulatory requirement, or in response to a request from a law enforcement agency.
• Protection of rights: SIAC may disclose personal information where SIAC reasonably believes disclosure is necessary to prevent or investigate fraud, a security breach, or a threat to the safety of any person.
• Business transfer: if SIAC's business is sold or transferred, personal information held by SIAC may be transferred as part of that transaction. SIAC will take reasonable steps to ensure the recipient handles the information in accordance with the APPs.

4.2  No Overseas Disclosure (General)

SIAC's operations are based in Australia and SIAC does not generally disclose personal information to overseas recipients. However, some of SIAC's service providers (including cloud hosting and analytics services) may store or process data on servers located outside Australia, including in the United States or the European Union.

Where personal information is disclosed to an overseas recipient, SIAC takes reasonable steps to ensure the recipient does not breach the APPs in relation to that information, including through contractual privacy protections. By using the Website, you acknowledge that your information may be processed in overseas jurisdictions.

4.3  Aggregated and De-identified Data

SIAC may use and share aggregated, de-identified data (which does not identify any individual) for purposes including product development, regulatory research, and Website improvement. This data is not personal information for the purposes of the Act.

5  Data Security

5.1  Security Measures

SIAC takes reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. These steps include:

• Transmission security: SIAC's Website uses TLS (HTTPS) encryption for all data transmitted between your device and the Website.
• Access controls: access to personal information held by SIAC is restricted to personnel who need it to perform their role.
• Payment security: payment card details are processed by a PCI DSS-compliant third-party payment processor. SIAC does not store full card numbers.
• Data minimisation: SIAC collects only the personal information it needs for the purposes described in this Policy.
• Password security: account passwords are stored in hashed (not plain text) form.

5.2  No Absolute Security

While SIAC takes reasonable precautions, no data transmission or storage system is completely secure. SIAC cannot guarantee the absolute security of personal information. If you believe your information has been compromised, please contact SIAC immediately at siac.com.au/contact.

5.3  Data Breach Response

In the event of a data breach that is likely to result in serious harm to any individual whose personal information is involved, SIAC will comply with its obligations under the Notifiable Data Breaches scheme (Part IIIC of the Act), including notifying the Office of the Australian Information Commissioner (OAIC) and affected individuals as required.

6  Data Retention

6.1  Retention Periods

SIAC retains personal information for as long as necessary to fulfil the purposes for which it was collected, to comply with legal obligations, or to resolve disputes. The following general retention periods apply:

6.2  Destruction and De-identification

When personal information is no longer required, SIAC will take reasonable steps to destroy it or permanently de-identify it. Electronic records are permanently deleted; physical records (if any) are securely shredded.

7  Your Privacy Rights

7.1  Access to Your Information

You have the right to request access to the personal information SIAC holds about you. To make an access request, contact SIAC at siac.com.au/contact with your full name and a description of the information you are seeking. SIAC will respond within 30 days. SIAC may charge a reasonable administrative fee for providing access where the request is complex or voluminous.

SIAC may refuse access in limited circumstances permitted by the APPs, including where providing access would unreasonably impact the privacy of another person, or where a legal exception applies. SIAC will give reasons for any refusal.

7.2  Correction of Your Information

If you believe that personal information SIAC holds about you is inaccurate, out of date, incomplete, irrelevant, or misleading, you have the right to request correction. SIAC will take reasonable steps to correct the information within 30 days of a request. If SIAC does not agree that correction is warranted, SIAC will explain why and note your request in our records.

7.3  Opt-Out of Marketing

You may opt out of marketing communications at any time. See clause 3.3 for how to opt out.

7.4  Complaints

If you have a concern about how SIAC has handled your personal information, please contact SIAC first at siac.com.au/contact so that SIAC has the opportunity to address your concern directly. SIAC will respond within 30 days.

If you are not satisfied with SIAC's response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

7.5  Anonymity

Where it is lawful and practicable, you may interact with SIAC or the Website without identifying yourself — for example, by browsing publicly available content without creating an account. However, SIAC cannot process a purchase or respond to a specific enquiry without being able to identify you.

8  Cookies and Tracking Technologies

8.1  What Cookies Are

Cookies are small text files placed on your device by a website. SIAC uses cookies and similar technologies (including web beacons and pixel tags) on the Website for the following purposes:

• Essential cookies: necessary for the Website to function, including maintaining your session, remembering your cart, and enabling secure login. These cannot be disabled without affecting Website functionality.
• Analytics cookies: used to understand how visitors use the Website, including which pages are most visited and how users navigate the site. SIAC uses Google Analytics or a similar service for this purpose. Analytics data is aggregated and anonymised where possible.
• Preference cookies: used to remember your settings and preferences, such as language or region.
• Marketing cookies: if SIAC uses third-party advertising or remarketing tools in the future, these may be disclosed in an updated version of this Policy.

8.2  Managing Cookies

You can control cookie settings through your browser settings. Most browsers allow you to refuse all cookies, accept only certain cookies, or delete existing cookies. Note that disabling cookies may impair the functionality of certain parts of the Website.

For information about managing cookies in common browsers, visit the relevant browser's help documentation. To opt out of Google Analytics specifically, you may use the Google Analytics Opt-out Browser Add-on.

8.3  Do Not Track

Some browsers include a Do Not Track (DNT) feature. SIAC does not currently respond to DNT signals as there is no consistent industry standard for how they should be interpreted. SIAC will reassess this position as standards develop.

9  Australian Privacy Principles — Summary

The following table summarises SIAC's approach to each of the 13 Australian Privacy Principles:

10  Children's Privacy

SIAC's Website and Products are intended for use by businesses and compliance professionals. SIAC does not knowingly collect personal information from individuals under the age of 18. If SIAC becomes aware that personal information from a minor has been collected without appropriate parental or guardian consent, SIAC will take steps to delete it promptly.

11  Third-Party Services and Links

The Website may contain links to third-party websites and may use third-party services (such as payment processors, analytics providers, and email services). SIAC is not responsible for the privacy practices of those third parties. When you leave the Website or use a third-party service, you are subject to that party's privacy policy. SIAC encourages you to review the privacy policies of any third-party services you use.

12  Changes to This Privacy Policy

SIAC may update this Privacy Policy from time to time to reflect changes in SIAC's practices, legal obligations, or the features of the Website. The updated Policy will be published on the Website with a revised “Last updated” date. SIAC will notify registered users of material changes by email where practicable.

Your continued use of the Website after a revised Policy is published constitutes your acceptance of the updated Policy. If you do not accept the changes, you should discontinue use of the Website.

13  Contact and Complaints

13.1  Privacy Contact

For all privacy enquiries, access or correction requests, and complaints, please contact SIAC:

13.2  External Complaints

If you are not satisfied with SIAC's response to a privacy complaint, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or by calling 1300 363 992.