Last Updated: January 2026
Information Brokers Pty Ltd (ACN 143 037 325) (“Information Brokers”, “we”, “us”, “our”) is committed to protecting your privacy and handling personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and international information security standards, including the ISO/IEC 27001 framework.
1. What Personal Information We Collect
We collect personal information that is reasonably necessary for our functions and activities. This includes:
- Direct Information: Name, contact details (email, phone, address), and demographic data (postcode).
- Identity Verification Data: Where required by law or for specific services, we collect government-issued identifiers (e.g., Driver’s Licence, Passport) for use with the Document Verification Service (DVS).
- Payment Information: For service purchases, we collect payment details. All transactions are encrypted and disclosed only to necessary service providers.
- Technical Data: IP addresses, device identifiers (cookies), and aggregate usage statistics (traffic patterns, search queries) to diagnose issues and improve website functionality.
2. How We Collect Personal Information
We collect information through:
- Direct Interaction: When you complete forms, register for services, or communicate with us.
- Automated Technologies: Through cookies and website analytics.
- Authorised Partners: From selected partners providing secure payment processing or identity verification.
3. Purpose of Collection and Use
We use your personal information to:
- Provide and manage our products and services.
- Verify your identity through approved Gateway Service Providers (GSPs).
- Improve website performance and user experience.
- Communicate updates or offers (subject to your express opt-in).
- Maintain our Information Security Management System (ISMS) and detect fraudulent activity.
4. Automated Decision-Making (ADM)
To improve efficiency and security, we may use automated systems and AI:
- Usage: ADM may be used for fraud detection, analysing website activity and improving service performance.
- Human Oversight: These systems do not make decisions that produce legal or significant effects without human involvement. Decisions are subject to regular oversight and review to ensure accuracy.
- Your Rights: You may request information about the logic used in these processes or request a human review of any automated decision that significantly affects your rights or interests.
5. Data Security
We take all reasonable steps to protect personal information from misuse, interference, loss, or unauthorised access:
- Encryption: Data in transit and at rest is protected using industry-standard cryptographic protocols (e.g., SSL/TLS, AES-256).
- Access Control: We follow the "Principle of Least Privilege." Access is restricted to authorised personnel via Multi-Factor Authentication (MFA) and is regularly audited.
- Physical Security: Data is stored in secure, ISO-certified data centres located within Australia.
- Monitoring: We conduct continuous security monitoring and periodic penetration testing to identify and remediate vulnerabilities.
- Retention & Destruction: We retain personal information only for as long as necessary. When no longer required, Digital Data is rendered unrecoverable via secure cryptographic wiping or overwriting. Physical Media is destroyed via secure shredding by ISO-compliant disposal partners.
6. Disclosure of Personal Information
We do not sell your data. Disclosure occurs only when:
- Required by Law: Or authorised by a court/tribunal.
- Service Delivery: Shared with trusted partners (e.g., payment processors, GSPs).
- Overseas Disclosure: We may use cloud service providers with servers located outside Australia. We take reasonable steps to ensure these recipients comply with the APPs or equivalent privacy laws.
7. Identity Verification (DVS)
- We obtain express consent before undertaking any identity verification.
- Information is used solely to confirm validity via an Information Match Request against the relevant Official Record Holder.
- Information Match Requests are processed via an approved Gateway Service Provider (GSP) using the Document Verification Service (DVS)
- If you choose not to provide consent, we may be unable to deliver certain services.
- Further information on the collection, use and disclosure of information and the DVS is available on the ID Match website: https://www.idmatch.gov.au/access-our-services
8. Your Rights and Choices
Under APPs, you have the right to:
- Access: Request a copy of the data we hold about you.
- Correction: Request updates to inaccurate or incomplete information.
- Deletion: Request the erasure of your data where it is no longer required or where consent is withdrawn. We will comply unless legally required to retain it.
- Requests: Contact our Privacy Officer (details at end of document). We aim to respond within 30 days. We may need to verify your identity before providing access or making changes. In most cases, we provide access to your information free of charge. However, if your request is particularly complex, we may charge a reasonable administrative fee for the time and resources required to retrieve the data. We will notify you of any charges before proceeding. In limited circumstances (as permitted by the Privacy Act), we may refuse access—for example, if providing it would pose a serious threat to the life or health of any individual or if it would unreasonably impact the privacy of others. If we refuse, we will provide you with a written explanation.
9. External Links and Advertisers
Our website may contain links to third-party sites. We are not responsible for their privacy practices and encourage you to review their specific policies.
10. Notifiable Data Breaches (NDB)
In the event of an eligible data breach that is likely to result in serious harm, we will notify you and the Office of the Australian Information Commissioner (OAIC) promptly, as required by the Privacy Act.
11. Contact and Complaints
For questions or to lodge a complaint regarding a breach of the APPs or our security standards:
- Email: info@ib.com.au
- Post: PO Box 2168, Oakleigh VIC 3166
- Escalation: If unsatisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.
