Privacy Policy

1. Introduction

Aurevault Precious Metals Pty LTD (ABN 58 174 649 285), together with its subsidiaries, affiliates, and related entities (collectively, “Aurevault,” “we,” “our,” or “us”), respects your privacy and is committed to protecting the personal information you provide to us. This Privacy Policy explains how we collect, use, disclose, store, and safeguard your personal information in accordance with the Australian Privacy Act 1988 (Cth) (“Privacy Act”) and the Australian Privacy Principles (“APPs”).

This Privacy Policy applies to all interactions with Aurevault, including through our website (www.aurevault.com.au), mobile applications, in-person consultations, telephone and email communications, vault access services, shipment and tracking services, and any other channels through which we collect personal information.

2. Personal Information We Collect

We may collect the following categories of personal information depending on the nature of your interaction with us:

• Identity Information: Full legal name, date of birth, nationality, gender, and photographs or scanned copies of government-issued identification documents (passport, driver’s licence, or national identity card).
• Contact Information: Residential and postal addresses, email addresses, telephone numbers, and emergency contact details.
• Financial Information: Bank account details, credit or debit card numbers, billing addresses, payment and transaction histories, tax file numbers (where lawfully required), and source-of-funds declarations.
• Vault and Asset Information: Details of precious metals and diamonds stored in our vault facilities, including type, weight, purity, certification identifiers, serial numbers, insurance valuations, and custodial records.
• Verification and Compliance Information: Information collected for Know-Your-Customer (“KYC”), Anti-Money Laundering (“AML”), and Counter-Terrorism Financing (“CTF”) purposes, including beneficial ownership information, politically exposed person (“PEP”) screenings, and sanctions checks.
• Technical Information: IP addresses, browser type and version, device identifiers, operating system, access times, referring URLs, pages viewed, clickstream data, and cookies or similar tracking technologies.
• Communications: Records and content of correspondence, telephone calls (which may be recorded for quality and compliance purposes), and any feedback, reviews, or survey responses you provide.
• CCTV and Access Records: Video surveillance footage and biometric access logs captured at our vault and office facilities for security purposes.

3. How We Collect Personal Information

We collect personal information through the following means:

• Directly from you when you register for an account, engage our services, make enquiries, visit our facilities, or submit forms through our website or other channels.
• From third-party sources, including identity verification providers, credit reporting agencies, financial institutions, government registers and public databases, and our business partners and service providers.
• Through automated technologies when you interact with our website or digital platforms, including cookies, web beacons, server logs, and analytics services.
• From CCTV systems and access control systems at our vault and office locations.

Where practicable, we will collect personal information directly from you. If we receive unsolicited personal information that we are not permitted to collect under the APPs, we will destroy or de-identify that information as soon as practicable.

4. Purpose of Collection and Use

We collect and use your personal information for the following purposes:

• To provide, administer, and improve our vault storage, shipment, tracking, and trustee services.
• To verify your identity and conduct due diligence in accordance with AML/CTF legislation, AUSTRAC reporting obligations, and our internal compliance programs.
• To process transactions, manage your account, and maintain accurate custodial records of assets held on your behalf.
• To communicate with you regarding your account, services, and any changes to our terms, policies, or operations.
• To comply with applicable Australian and international laws, regulations, industry standards, and court or governmental orders.
• To detect, prevent, and investigate fraud, money laundering, terrorist financing, theft, and other illegal or unauthorised activities.
• To manage our business operations, including risk management, auditing, record keeping, insurance, and dispute resolution.
• To maintain the safety and security of our facilities, personnel, customers, and assets through surveillance and access control systems.
• To conduct research and analysis to improve our services, customer experience, and security protocols.

5. Disclosure of Personal Information

We may disclose your personal information to the following categories of third parties:

• Service Providers: Third-party providers who assist us in delivering our services, including vault operators, armoured transport companies, insurance underwriters, IT service providers, payment processors, identity verification services, and professional advisors (legal, accounting, and audit).
• Regulatory and Government Bodies: AUSTRAC, the Australian Securities and Investments Commission (ASIC), the Australian Taxation Office (ATO), law enforcement agencies, courts, and other regulatory authorities as required by law or in response to lawful requests.
• Financial Institutions: Banks and other financial institutions for the purpose of processing transactions, verifying source of funds, and complying with financial reporting requirements.
• Related Entities: Our parent companies, subsidiaries, and affiliated entities for purposes consistent with this Privacy Policy.
• Corporate Transactions: In the event of a merger, acquisition, reorganisation, sale of assets, or insolvency, your personal information may be transferred as part of that transaction.

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.

6. Overseas Disclosure

In the course of providing our services, we may disclose personal information to recipients located outside of Australia, including in jurisdictions where our vault facilities, service providers, or related entities operate. Where we disclose personal information overseas, we take reasonable steps to ensure that the overseas recipient does not breach the APPs, or that you consent to the disclosure, or that the disclosure is required or authorised by law.

7. Data Security

We maintain administrative, technical, and physical safeguards designed to protect your personal information against unauthorised access, modification, disclosure, loss, misuse, or destruction. These measures include, but are not limited to:

• 256-bit AES encryption for data at rest and TLS 1.3 encryption for data in transit.
• Multi-factor authentication and role-based access controls for all systems containing personal information.
• Regular security audits, penetration testing, and vulnerability assessments conducted by independent security consultants.
• Strict access controls, including biometric verification, at all physical facilities.
• Staff training on privacy and information security obligations.
• Incident response plans for data breaches in accordance with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act.

8. Data Retention

We retain personal information only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law. In general, personal information is retained for the duration of your relationship with us plus a minimum of seven (7) years following the termination of that relationship to satisfy our legal, regulatory, audit, and record-keeping obligations, including under the AML/CTF Act 2006 (Cth) which requires retention of certain records for seven years. After the applicable retention period, personal information is securely destroyed or de-identified.

9. Your Rights

Under the Privacy Act and the APPs, you have the following rights in relation to your personal information:

• Access: You may request access to the personal information we hold about you. We will respond to your request within a reasonable period (generally within 30 days).
• Correction: You may request that we correct any personal information that is inaccurate, out-of-date, incomplete, irrelevant, or misleading.
• Complaints: If you believe your privacy has been breached, you may lodge a complaint with us. We will investigate and respond to your complaint within 30 days. If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.
• Opt-Out: You may opt out of receiving marketing communications from us at any time by contacting us or using the unsubscribe mechanism in our communications.

To exercise any of these rights, please contact our Privacy Officer using the contact details provided below. We may need to verify your identity before processing your request.

10. Cookies and Tracking Technologies

Our website uses cookies, web beacons, and similar tracking technologies to collect information about your browsing activities, improve site functionality, and analyse usage patterns. We use both session cookies (which expire when you close your browser) and persistent cookies (which remain on your device until deleted or expired). You can manage your cookie preferences through your browser settings. Disabling cookies may affect the functionality of certain features of our website.

11. Third-Party Links

Our website may contain links to third-party websites, applications, or services that are not operated or controlled by Aurevault. This Privacy Policy does not apply to such third-party services. We encourage you to review the privacy policies of any third-party services before providing personal information.

12. Children’s Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have inadvertently collected personal information from a child under 18, we will take reasonable steps to delete that information promptly.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will post the updated Privacy Policy on our website and update the “Last Updated” date. Where changes are material, we will take reasonable steps to notify you, including by email or through a prominent notice on our website. Your continued use of our services after such changes constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your privacy rights, or have a complaint about how we have handled your personal information, please contact our Privacy Officer:

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC): Phone: 1300 363 992 | Web: www.oaic.gov.au