Privacy Policy

1. Introduction

Yield Business Brokers (“we”, “us”, or “our”) recognises the importance of protecting the privacy of individuals whose personal information we collect and hold. This Privacy Policy explains how we manage personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

As a business brokerage operating in Australia, we collect personal information from buyers, sellers, enquirers, and website visitors in the course of our professional activities. We are committed to handling your personal information responsibly, transparently, and securely.

This policy should be read alongside any collection notice we provide to you at or before the time we collect your personal information.

2. Kinds of Personal Information We Collect

The types of personal information we may collect include:

  • Identity information: name, date of birth, and copies of government identification documents (e.g. driver licence, passport) where required for identity verification purposes
  • Contact information: email address, telephone number, and postal address
  • Financial information: income, assets, liabilities, business financial statements, and bank account details where relevant to a business transaction
  • Business information: details about businesses you own, are seeking to purchase, or have an interest in
  • Transaction and engagement data: records of enquiries, offers, negotiations, and completed transactions
  • Website usage data: IP addresses, browser type, pages visited, and cookies (non-personal unless linked to an identified individual)

We collect only the personal information that is reasonably necessary for our functions and activities as a business broker. We will not collect more information than is necessary simply because it may be convenient or useful in the future.

We generally do not collect sensitive information (as defined under the Privacy Act, including health information, racial or ethnic origin, criminal records, or financial details beyond what is necessary for our brokerage activities) unless you provide it voluntarily and we have your consent, or collection is otherwise permitted by law.

3. How We Collect Personal Information

We collect personal information in the following ways:

  • Directly from you when you register on our website, submit an enquiry, sign engagement documents, or communicate with us by phone, email, or in person
  • From third parties such as solicitors, accountants, financial advisers, and other professional advisers involved in a transaction, where you have authorised this
  • From publicly available sources such as ASIC, state business registers, and company directories, where relevant to verifying business information
  • Through our website via cookies, contact forms, and enquiry submissions

Where it is lawful and practicable, we will give you the option of interacting with us anonymously or using a pseudonym. However, for most brokerage services, we will need to identify you to provide our services.

4. Why We Collect Personal Information

We collect, hold, use, and disclose personal information for the following primary purposes:

  • Facilitating the sale, purchase, or transfer of businesses and business assets
  • Identifying and qualifying buyers and sellers
  • Preparing and executing sale agreements, confidentiality agreements, and related documents
  • Conducting due diligence activities in connection with a business transaction
  • Complying with our obligations under applicable laws, including anti-money laundering and counter-terrorism financing obligations
  • Communicating with you about listings, enquiries, and market updates
  • Marketing our services to you (subject to your preferences and the conditions below)
  • Improving our website, services, and client experience

We may also use or disclose your personal information for secondary purposes that are related to the primary purpose of collection, where you would reasonably expect us to do so, or where you have provided your consent.

5. Direct Marketing

We may use your personal information to send you updates, newsletters, or marketing communications about our services and relevant business-for-sale opportunities. We operate a permission-based marketing approach and will only contact you where:

  • You have consented to receive such communications, or
  • We collected the information directly from you and you would reasonably expect to receive marketing from us, and we provide a simple means to opt out

Every marketing email we send includes clear and easy-to-use unsubscribe instructions. You may opt out of marketing communications at any time by using the unsubscribe link in any email, or by contacting us directly using the details in Section 12 below. We will action opt-out requests promptly.

We do not use sensitive information for direct marketing purposes.

6. Disclosure of Personal Information to Third Parties

We do not sell, rent, or trade your personal information to third parties. We may disclose your personal information to the following categories of recipients where necessary for our brokerage activities:

  • Prospective buyers or sellers involved in a transaction you have authorised us to facilitate
  • Your professional advisers (solicitors, accountants, financial advisers) where you have directed us to communicate with them
  • Third-party service providers who assist us in delivering our services (e.g. IT systems providers, cloud storage providers, marketing platforms), subject to appropriate data processing arrangements
  • Government agencies or regulatory bodies (such as AUSTRAC or law enforcement) where required or authorised by law
  • Our outsourced support staff (see Section 7 below for cross-border disclosures)

We take reasonable steps to ensure that any third party to whom we disclose personal information is bound by appropriate confidentiality and privacy obligations consistent with this policy and the APPs.

7. Cross-Border Disclosure of Personal Information (APP 8)

We currently engage an outsourced support staff member located in Cebu, Philippines, through a third-party outsourcing company. This staff member may, in the course of their role, access personal information we hold in order to assist with administrative, data entry, client communication, and related business support functions.

The disclosure of personal information to this overseas recipient is governed by Australian Privacy Principle 8 (APP 8) under the Privacy Act 1988 (Cth). Before disclosing personal information to any overseas recipient, we take reasonable steps to ensure that the recipient does not breach the APPs in relation to that information.

The steps we take to protect your personal information when it is disclosed to our overseas support staff include:

  • Contractual protections: We have in place a binding agreement with our outsourcing provider that requires the overseas staff member to handle personal information only in accordance with our instructions and to standards that are substantially equivalent to the APPs
  • Access controls: The overseas support staff member is only granted access to personal information that is necessary for the specific tasks they are performing (minimum access principle)
  • Confidentiality obligations: All overseas staff are bound by strict confidentiality obligations
  • Security measures: We take reasonable steps to ensure appropriate technical and organisational security measures are in place to protect information accessed remotely
  • Oversight: We maintain ongoing oversight of how personal information is handled by our overseas support staff

Please note: Under APP 8.1, if we take reasonable steps as described above, we remain accountable if the overseas recipient nonetheless handles your personal information in a way that would breach the APPs. You can make a complaint to us (see Section 11) or to the Office of the Australian Information Commissioner (OAIC) in such circumstances.

The Philippines has its own data protection legislation (the Data Privacy Act 2012, administered by the National Privacy Commission). While we rely primarily on our contractual protections to meet our APP 8 obligations, we note that your information may be subject to applicable Philippine privacy laws while being handled by our overseas staff.

If you have any questions about how your personal information may be accessed by our overseas support staff, please contact our Privacy Officer using the details in Section 12.

8. Quality of Personal Information

We take reasonable steps to ensure that the personal information we collect, use, and disclose is accurate, up to date, complete, and relevant, having regard to the purpose for which it is to be used. We encourage you to contact us if any of your personal information changes so that we can update our records.

9. Security of Personal Information

We take reasonable steps to protect the personal information we hold from misuse, interference, and loss, and from unauthorised access, modification, and disclosure. Our security measures include:

  • Secure password-protected systems and role-based access controls
  • Encrypted transmission of data where technically feasible
  • Physical security measures at our offices
  • Staff training on privacy and information security obligations
  • Regular review of our security practices

Where we no longer require personal information for any purpose for which it may be used or disclosed under the APPs, and we are not required by law to retain it, we will take reasonable steps to destroy or de-identify the information.

In the event of a data breach that is likely to result in serious harm to affected individuals, we will comply with our obligations under the Notifiable Data Breaches (NDB) scheme, including notifying affected individuals and the OAIC as soon as practicable.

10. Government-Related Identifiers

In the course of verifying identity for business transactions, we may collect copies of government-issued identity documents. We will handle any government-related identifiers (such as Medicare numbers, driver licence numbers, or tax file numbers) strictly in accordance with APP 9 and the Tax File Number Rules. We will not adopt, use, or disclose government-related identifiers as our own identifiers, and will not use or disclose them for any purpose other than those for which they were provided or as required by law.

Where you provide us with an identity document, we recommend blanking out any government-related identifier not required for the specific purpose for which you are providing the document.

11. Access and Correction of Personal Information

Under APP 12, you have the right to request access to the personal information we hold about you. Under APP 13, you have the right to request correction of personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading.

To make an access or correction request, please contact our Privacy Officer using the details in Section 12. We will respond to your request within a reasonable timeframe (generally within 30 days) and will not charge you for making a request, though we may charge a reasonable fee to cover the cost of providing access where this is significant.

In limited circumstances, we may be entitled to refuse access or correction. If we do so, we will provide written reasons and information about how you may complain about the refusal.

12. Privacy Complaints

If you have a concern or complaint about the way we have handled your personal information, we encourage you to contact us in the first instance:

Paul Smith — Privacy Officer Yield Business Brokers

Email: paul@yieldbusinessbrokers.com.au
Phone: 0420 550 433
Address: 60/362 Mitchell Road, Alexandria NSW 2015

We will acknowledge your complaint and aim to resolve it within 30 days. If you are not satisfied with our response, or if we fail to respond within a reasonable time, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

13. Cookies and Website Usage

Our website uses cookies to improve your experience and to help us understand how visitors use our site. Cookies may collect non-personal information such as IP address, browser type, and pages visited. If linked to an identified individual, this information will be treated as personal information under this policy.

You may configure your browser to refuse cookies or to notify you when cookies are being sent. Please note that disabling cookies may affect the functionality of certain features of our website.

14. Third-Party Websites

Our website may contain links to third-party websites. When you follow a link to an external site, only referral information is transferred and your anonymity is preserved to the extent we are able. We are not responsible for the privacy practices of third-party websites and recommend that you review their privacy policies independently before providing any personal information.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or regulatory requirements. Where we make material changes, we will notify you by email or by posting a prominent notice on our website. The most current version of this policy is available on our website and is free of charge.

16. Contact Us

For any privacy-related enquiries, to update your personal information, or to exercise any of your rights under the Privacy Act 1988 (Cth), please contact:

Yield Business Brokers

Email: paul@yieldbusinessbrokers.com.au
Phone: 0420 550 433
Address: 60/362 Mitchell Road, Alexandria NSW 2015
Website: www.yieldbusinessbrokers.com.au