Privacy Policy

1. About This Policy

Last Updated: 15/06/2026

This Privacy Policy details how Eastern & Allied Pty Ltd (E&A) collects, uses, and manages your personal information when you use our services online through our website or mobile app, via phone and email, or in person at our locations. Our services follow the Australian Privacy Principles under the Privacy Act 1988 (Commonwealth) and other privacy-related legislation.

This policy applies to all E&A and its Affiliates, as defined by the Anti-Money Laundering and Counter Terrorism Financing (AML/CTF) Act 2006. All Affiliates are subject to the same Privacy Policy as E&A for the services they provide.

2. Personal Information We Collect

To provide you with our money transfer, foreign exchange, and bullion services, we need to collect personal information from you.

We only collect information that is necessary to:

Confirm your identity,
Process your transactions,
Keep your account and transactions secure,
Meet our legal and regulatory obligations.

The types of personal information we collect depend on how you interact with us and the services you use.

2.1 Information You Give Us

We may collect personal information that you provide directly to us when you interact with us and request our services, including when you:

Register an account as a customer,
Conduct a transaction in-store, online, or remotely,
Contact our customer support team,
Complete forms in-store or online.

This may include:

Your name, date of birth, gender, and occupation,
Residential address and contact details (such as phone number and email address),
Identification information and documents (see section 2.3 below),
Payment information, including bank account details or card details,
Receiver details for transactions,
Organisation or business details (if you are acting on behalf of an organisation),
Purpose, source of funds or source of wealth information/documents required to meet our obligations under applicable laws.

2.2 Information from Third Parties

In some cases, we may receive personal information about you from third parties, including:

Public databases, credit reporting agencies, or organisations that help confirm your identity or support your transactions,
Analytics providers, marketing platforms, or search providers that help us understand how you interact with our services or how you found our website.

If we receive information we didn’t ask for:

Sometimes, we may receive your personal information from another source without requesting it.

When this happens, we will first determine assess whether the information is necessary for providing our services:

If it is relevant, we may keep it the same way as if you had provided it yourself - protecting it under our Privacy Policy.
If it is not required, we’ll safely delete or remove any details that could identify you if it is reasonably practical to do so.

In some cases, we may let you know that we have received your information this way and if it is lawful to do so.

2.3 Identification Information

To protect you and ensure your transactions are secure, we use Identification documents to confirm your identity when you register and when you conduct a transaction. This includes:

Government-issued identification documents (such as passport, driver licence or national ID),
Photographs or scans of identification documents,
Identification details including document number and expiry date,
Facial images (for example, a selfie taken for verification purposes) where applicable,
Biometric information derived from facial images, where applicable (for example, where automated identity verification or facial matching technology is used).

2.4 Purpose of Collection, Use and Retention

Given the nature of our services, including cash handling, cross-border transfers, and fraud risk, we retain physical and/or electronic records of transactions, information and documents from its branches and Affiliates on our database, as well as back-up copies of this database, because it is necessary for the following purposes:

Confirming your identity when you register an account, conduct a transaction, submit an inquiry or update your name,
Ensuring you are the authorised customer when conducting a transaction,
Resolving transaction-related disputes or issues where a transaction is challenged,
Ensuring only you access your account by maintaining the integrity, security, and reliability of our services,
Preventing, detecting, and investigating fraud.

If we are unable to collect the required information, we may not be able to proceed with the services or work with you or your organisation.

3. How We Handle Your Personal Information

We use and only share your personal information where it is necessary to provide our products and services, support your transactions, manage our relationship with you, comply with our legal and regulatory obligations, protect our customers, or where you have authorised us to do so.

Where we share your personal information with third parties, we take reasonable steps to ensure they handle it appropriately and use it only for authorised purposes. As part of our due diligence process, we review their privacy policy in relation to how they handle your personal information.

3.1 Service Providers and Business Partners

To provide our products and services, we may share your personal information with service providers and business partners in Australia and overseas, including:

Remittance/money transfer and payout partners,
Financial institutions and payment providers,
Identity confirmation, verification and electronic verification providers,
Technology, cloud hosting, and system service providers,
Professional advisers and service providers who help us meet our legal and regulatory obligations, manage risk, prevent fraud, and support our business operations.

3.2 Overseas Disclosures

As part of providing international remittance/money transfer and related services, your personal information may be shared with overseas recipients involved in processing your transaction.

The countries involved will depend on the destination of your transaction and the services used to complete it.

While privacy laws in other countries may differ from Australian privacy laws, we take reasonable steps to ensure overseas recipients handle your information appropriately and securely.

3.3 Regulators and Government Agencies

We may share your personal information with Regulators, Government Agencies, Law Enforcement authorities, Courts, and other authorities where compelled to, required or authorised by law.

This includes disclosures necessary to comply with legal and regulatory obligations, respond to lawful requests, and assist in the prevention, detection, or investigation of unlawful activity.

3.4 You and Your Authorised Representatives

We may share your personal information with:

You, after verifying your identity,
A person authorised by you to act on your behalf,
A person acting under a valid Power of Attorney, or
A representative of your business or organisation.

Before releasing information, we may request evidence of their identity and authority to ensure information is disclosed only to appropriately authorised persons.

3.5 Security Incidents and Privacy Risks

If a security incident occurs involving the unauthorised access, use, or disclosure of personal information, we may share relevant personal information with third parties who assist us in investigating, managing, or responding to the incident, such as forensic specialists, cybersecurity providers, or professional advisers.

Where we do so, we take reasonable steps to ensure that personal information is handled appropriately and protected. We may also disclose additional personal information where reasonably necessary to investigate, contain, or resolve the security incident.

4. CCTV and Audio Recording

4.1 CCTV Video and Audio Recording at Our Premises

Our branches and Affiliate locations are monitored by Closed-Circuit Television (CCTV) systems, which will include both video and audio recording for security, training and compliance purposes. These systems may capture video and voice recordings of individuals within our premises.

Our Purpose: CCTV recordings are used to ensure the safety and security of customers, staff, and premises, as well as to comply with legal and regulatory obligations.
Your Consent: By entering our premises, you consent to the collection of your personal information, including video and voice recordings, via CCTV systems.

4.2 Phone Call Recording

When you contact us or when we contact you by phone, the call may be recorded for training, verification, and compliance purposes. These recordings may capture your personal information, including your voice, contact details, and transaction related discussions.

Our Purpose: Phone recordings are used for customer service, dispute resolution, and to comply with applicable laws and regulations.
Your Consent: By continuing the call, you consent to the recording of the conversation.

4.3 Retention and Storage of Recordings

Retention: Both CCTV and phone call recordings will be retained for as long as necessary to fulfill the purposes outlined above, including legal, regulatory, and business requirements. ( Refer to the clause. Data Retention )
Storage: All recordings are securely stored and protected against unauthorised access. After the retention period expires, recordings will be either securely deleted or stored following our data retention rules and any legal or regulatory requirements.

4.4 Disclosure to Third Parties

We may disclose your personal information, including CCTV and phone call recordings, to third parties under the following circumstances:

Legal Requirements: We may share recordings with law enforcement agencies, government agencies, or other third parties, where required under or permitted by law (e.g. for investigations or to meet our legal obligations).
Protection of Rights: We may disclose recordings to protect our rights, property, or the safety of others.

5. Data Retention

We retain your personal information only for as long as it is reasonably necessary to:

Provide our services to you,
Manage our business and resolve disputes,
Comply with legal and regulatory obligations.

As a reporting entity under the AML/CTF Act, we are required to make and retain certain records, including information relating to customer identification and transactions for a minimum of seven years after the end of your relationship with us.

When your personal information is no longer required, we take reasonable steps to securely destroy or de-identify it in accordance with the Privacy Act 1988. This means we will only retain your personal information where there is a valid reason to do so, including where it is required by law or the purposes described in Section Purpose of collection, use, and retention. Transaction physical receipts are stored at secure premises for a minimum of seven years from the transaction date.

6. Confidentiality and Security

We will use all reasonable endeavours to keep your personal information safe and secure.

We use a range of physical, electronic, and procedural security measures to help protect your personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure.

Also when you use our online services (including our websites and mobile applications), we use industry-standard security measures, such as SSL/TLS encryption, to help protect your information during transmission.

Your personal information is securely stored and backed up by trusted third-party service providers, including tier-one global cloud service providers that support our business operations. We take reasonable steps to ensure these providers maintain appropriate security standards and safeguards.

While we take reasonable steps to protect your personal information, no method of transmitting or storing information electronically can be guaranteed to be completely secure. For this reason, we cannot guarantee absolute security of your information.

In the event of a security incident involving personal information, we will promptly investigate the matter and take reasonable steps to contain and assess the incident. If it is a breach that would require notification under applicable privacy laws, we will notify affected individuals and relevant regulators of eligible data breaches.

We continuously review and improve our security practices to help protect your personal information and reduce security risks.

7. Direct Marketing

We will use your personal information primarily for providing you with our services, and also for direct marketing purposes. This includes but is not limited to sending you personal information about new developments, new services and special offers to either or both your email address and mobile phone number that you have provided to us.

You can, at any time, opt out of receiving marketing material by:

Clicking on the unsubscribe button in an email. This will only stop you from receiving marketing emails. If you also wish to opt out from receiving SMS messages you will need to inform our team. (Refer to the clause. Our Contact )
Replying “STOP” to our SMS. This will only opt you out from receiving SMS marketing messages. If you also wish to opt out from receiving marketing emails you need to inform our team. (Refer to the clause. Our Contact )

Once you request to opt out from receiving our marketing materials, this removal from our distribution lists may take up to 5 business days after the date you opted out.

You agree and acknowledge that even if you opt out of receiving marketing material, we can still contact you relating to the services we have provided you.

8. Accuracy of Personal Information

We take all reasonable steps to ensure that your personal information held by us is accurate, up-to-date, complete, relevant and not misleading. If you believe that any of your personal information is not accurate, up-to-date, complete, relevant or is misleading, please contact us ( Refer to the clause. Our Contact ) and we will take all reasonable steps to correct it within a reasonable time.

You may request details of personal information we hold and request us to correct or erase any erroneous or out-of-date personal information by using the contact methods listed at the end of this statement. We reserve the right not to disclose personal information to you, other than the personal and sensitive information that you are entitled to access that we hold on or about you as long as it is lawful to do so. To protect your privacy, we will need to verify your identity before making details or corrections.

9. Access to Personal Information

9.1 Access from Us

When you request technical support, we may ask for your personal details, including your username and password, to assist in accessing your account. After resolving the issue, we will send you a link to reset and create a password.

9.2 Access by The Customer

When you request access to your personal information or records we hold about you, we will respond to your request within a reasonable period of time.

We will give access to personal information after identification and verification through approved identification documentation, in a manner you request, where possible. This will be subject to any exemptions allowed under the Privacy Act.

A reasonable administrative fee may apply for providing any records or documentation.

10. Complaints

We work to ensure that we operate in the manner outlined in this Privacy Policy however if you have any issues or concerns, please do not hesitate to contact us so we can resolve your issues.

If you believe your privacy may have been interfered with by us, you have the right to make a complaint about the matter by contacting our Privacy Officer ( Refer to the clause. Our Contact ). We will investigate the complaint, respond to you promptly and attempt to resolve it.

If we receive a request in writing from you seeking resolution of a dispute concerning our services, we will respond to you in writing within 30 days of receipt of the request.

If you are dissatisfied with our handling of the complaint, or the outcome, you may take your complaint to the Office of the Australian Information Commissioner (OAIC). Further information is available by phoning: 1300 363 992 or at: https://www.oaic.gov.au/privacy/privacy-complaints/lodge-a-privacy-complaint-with-us.

11. Your Consent

By your use of our services you consent to the collection, storage, use and disclosure of your personal information in accordance with this Privacy Policy and as otherwise permitted under the Privacy Act.

12. Change

We may vary the terms of this Privacy Policy from time to time if our services, legal requirements, or how we handle your information changes. The latest version will be available on our website.

We encourage you to review the Privacy Policy regularly to stay informed about how we protect your privacy. By continuing to use our services, you acknowledge that you agree to the new terms of the Privacy Policy.

13. Our Contact

To request your personal information or to submit a privacy-related complaint, you can contact us through any of the following channels:

email info@easternandallied.com.au‍
telephone +61 2 9331 0533
by post to: The Privacy Officer, Eastern & Allied Pty Ltd, 56 John Street, Cabramatta, NSW 2166, Australia.