Privacy policy

Why your privacy matters to us

This privacy policy sets out how and why propper Pty Ltd ACN: 616760377 (“propper”, “we” or “us”) collects, stores, uses and discloses your personal information in connection with any use of our products and services, including our website (hereafter referred to together as the “Services”).  It also provides information on how you may access personal information about you and seek correction of such information, as well as the types of information we collect and what we do with that information (among other things).

We collect a variety of information from visitors to our website and in connection with use of the Services generally, some of which can be confidential. By visiting our website, using the Services or otherwise providing us with your personal information (or authorising it to be provided to us by someone else), you agree to your personal information being handled as set out in this Privacy Policy. propper may update this Privacy Policy from time to time so please review it periodically for changes on our website at Your continued use of the Services, requesting our assistance or the provision of further personal information to us (directly or via an authorised person) after this Privacy Policy has been revised, constitutes your acceptance of the revised privacy policy.


What kind of information do we collect?

Regardless of whether you register on the website, we will collect general information that is not personal to you. This type of information generally relates to your behaviour on the site, and includes things like the type of browser you are using, your geographic location, and how you came to the website. It also includes information that will help us trouble-shoot problems, analyse our resources and improve our services. There are many aspects of the site that can be viewed without providing personal information, however, for access to propper customer support features and our general services you are required to submit personally identifiable information. This may include but is not limited to name, email, phone, address, photos and the provision of information to confirm your identity and property ownership. If we have received personal information that we have not requested (unsolicited personal information) we will delete or destroy it as soon as practicable but only if it is lawful and reasonable to do so, or we will ensure that the information is de-identified. In certain circumstances we may be required or permitted by law, court or tribunal order to collect and/or disclose certain personal information about you. You do not have to provide us with your personal information, but if you do not provide us with the personal information that we need, we may not be able to provide our services or assistance to you or on your behalf.


When do we collect personal information?

We collect information from you whenever you visit our website, register to use our services, request further information about us or interact with related software (including mobile applications). We will collect this information automatically using tracking technologies, including cookies, and through web forms where you type in your information. We will also collect information when you:

We don't collect information for the sake of it. All the information we gather has a specific purpose. Those purposes are identified below under " How do we use your personal information?". For example, by completing a web-form, we are able to respond to your rental application and advise you if there are any additional services that may assist you during a relocation.  Any information that we receive from Stakeholders is used to provide a better or more relevant service or product to you


How do we use your personal information?

We collect your personal information in order that you may receive the benefit of our website. Subject to this Privacy Policy, we may use your personal information:

As a reminder, your use of the Services is conditional on us using and disclosing your personal information in any manner that could reasonably be contemplated by this Privacy Policy and the terms and conditions of the Services generally. Where relevant, you consent to our using your personal information for the purpose of our functions and/or activities outlined above, and in accordance with this policy generally.  This includes propper posting and using any photographs and/or personal information you might upload both on its website, its social media sites (including Facebook) and in any other content or copy we may use for the purpose of our functions and/or activities.


When might we disclose your personal information & de-identified data?

Any personal information provided to us, and from time to time, de-identified information may be disclosed, if appropriate, to other entities in order to facilitate the purpose for which the information was collected, and those purposes may be commercial in nature. Such entities generally include:

Those entities will be permitted to obtain only the personal information necessary to deliver the service or to facilitate the purpose for which the information was collected. Those purposes are identified under ‘How do we use your information’ (see above).

propper takes reasonable steps to ensure that these organisations and individuals are bound by confidentiality and privacy obligations in relation to the protection of your personal information. From time to time, these parties may reside outside Australia. For example, your personal information may also be sent to our customer service teams who reside in the Philippines and Indonesia, and assist us in providing the services to you. We may also share data with any of our Stakeholders who have overseas based entities (for example, an analytics hub based in Singapore) that will perform data analytics on the Stakeholder's behalf. Our contracts with these parties generally include an obligation for them to comply with Australian privacy law and this Privacy Policy. However you acknowledge that, by agreeing to the disclosure of your personal information to these entities outside of Australia, we will no longer be required to take reasonable steps to ensure the recipient’s compliance with the Australian privacy law in relation to your personal information and we will not be liable to you for any breach of the Australian privacy law by these overseas recipients. On this basis, you consent to such disclosure. If you conduct any transaction that requires a payment by you, some of your details may be provided to a third party payment processor to allow the transaction to be completed.


Does propper use personal information for direct marketing?

From time to time we may use the personal information we collect from you to identify particular propper services that we believe may be of interest to you. We may then contact you to let you know about these services and how they may benefit you. We will generally only do this with your prior consent (where practical) and we will always give you a choice to opt out of receiving such information in future. Direct Marketing from propper generally takes the form of an electronic marketing email. Electronic marketing occurs where we use your personal information to send you marketing information by email, SMS, MMS or other electronic means. We may do so with your express or implied consent. You may give us your express consent by, for example, ticking a box on an electronic or signing in paper form where we seek your permission to send you electronic or other marketing information. Consent may be implied from our existing business relationship or where you have a reasonable expectation of receiving an electronic marketing communication. Every directly addressed marketing contact sent or made by propper will include a means by which customers may unsubscribe (or opt out) of receiving further marketing information. Additionally, you may instruct us at any time to remove any previous consent you provided to receive marketing communications from us. Requests should be directed to us via the channels provided under ‘Contact Us’ below.


Does propper receive information from third-parties?

From time to time, we will collect personal information about you from Stakeholders. The information we receive is still subject to underlying consent. This means that you must have consented to their sharing that information with us. This is usually disclosed in their Privacy Policy.   

We may receive information about you from:

You must not provide us with the personal information about another person unless you have first obtained that person’s prior consent to do so and you have told them their personal information will be handled in accordance with this Privacy Policy (including where they can find it).


Links to third-party websites

Our website may contain links to the websites of other entities. If you click on such links, you will be transferred to the website of these entities. propper has no control over, and is not responsible for, the privacy practices of these entities. You should read the privacy policy of these entities to find out how they handle your personal information when you visit their websites.


Personal information about employees or job applicants

propper may also collect personal information from you if you apply for a job with and/or become employed by us. In these circumstances:


Accessing your personal information held by propper

You may review, edit, correct or delete any personal information you submit to us at any time. To do this, you will need to contact propper in writing or over the phone through the contact details below. You may access personal information we otherwise hold about you. Access to your personal information may be denied on certain grounds including, for example: it is unlawful; it may have an unreasonable impact upon the privacy of other individuals; or your request is frivolous or vexatious. If we deny you access we will provide our reason for doing so at the time of your request. If you wish to access the personal information we hold about you or request correction of it, you should contact the privacy officer on the details below who will respond to your request within a reasonable period after the request is made. While we do not charge you for a request for accessing your personal information you should be aware that we may charge a reasonable fee (which will be notified to you once you make a request) for time and cost in the following circumstances:


How can you correct and update your information?

We take reasonable steps to ensure that the personal information we hold about you is accurate, complete and up-to-date. However, we also rely on you to advise us of any changes to your personal information by maintaining and updating your profile. Please contact us using the contact details below as soon as possible if there are any changes to your personal information or if you believe the personal information we hold about you is not accurate, complete or up-to-date so that we can update your file accordingly.


Dealing with us Anonymously or by Pseudonym

In order for us to successfully do business with you it will not, in most circumstances, be practical for us to deal with you without you providing relevant personal information to us. However, where it is lawful and practicable to do so, you may deal with us anonymously or by using a pseudonym.


De-Identified Data

From time to time, we may collect, use and disclose de-identified data. De-identified data is data which has had all personally identifiable information removed or anonymised.  This means that you can no longer be identified, nor can any other individual in that data-set. When we no longer need your personal information for any of the purposes set out in this Privacy Policy, or as otherwise required by law, we will take reasonable steps to destroy it or to de-identify it.  We will use de-identified data for research and commercial purposes, such as creating reports and insights. For example, we will use and share historical and current de-identified user and transactional data to develop marketing initiatives and product offerings. Those understandings, whether developed internally or in connection with an external partner may also be provided to our Stakeholders from time to time.  If you have any concerns or questions about our approach to, or use of, de-identified data, please let us know


Storage and security

propper will store your personal information for as long as needed to provide you with the Services and to operate our business. At any time, you can request to access your personal information held on our website (subject to service outages) to keep it updated.  We will also delete specific personal information upon request, unless deleting that information prevents us from carrying out necessary business functions, such as billing and conducting required audits. If we are unable to delete your data, we will transform it so that it can no longer be used to identify you.

We have a variety of appropriate security measures to protect the security of your personal information both online and offline. These measures vary based on the sensitivity of the personal information we collect, process and store and the current state of technology. It includes physical and electronic measures. Although we aim to create a safe, secure environment, we cannot guarantee that unauthorised parties will not gain access but will notify you regarding eligible data breaches if they are likely to or do impact you. 

If you have a specific concern or request about your data, please contact us on the details provided below.


Notifiable Data Breach Scheme

The Notifiable Data Breaches (NDB) scheme applies to eligible data breaches that occur on or after 22 February 2018. It mandates a reporting and notification process for propper. The Office of the Australian Information Commissioner (OAIC) administers the NDB Scheme.

In simple terms, if:

  1.  there is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, that propper holds; and
  2.  this is likely to result in serious harm to one or more individuals; and
  3. we have not been able to prevent the likely risk of serious harm with remedial action,

then we are required to notify the OAIC and impacted individuals about the incident.

There is a broad scope of activities that would be considered unauthorised access, unauthorised disclosure or loss of personal information. Some examples include:

The NDB scheme ensures that as an organisation, we are accountable for your privacy protection. The notification process is important for building a relationship of trust and transparency. In addition, by keeping you notified, you’re better able to take steps to mitigate harm, such as changing passwords or being alert to phishing emails or scams. In the interim, We would also be taking steps to remediate the breach and will keep you advised on our progress, including the security measures being undertaken.  

Please “Contact Us” on the details provided below if you have any questions about this.


General Data Protection Regulation

The General Data Protection Regulation (GDPR) regulates the processing of personal information under European Union law. The GDPR aims to protect the information relating to individuals located in the European Union. If you are interacting with or being monitored by propper or using our services whilst being located in the European Union, our collection, use, disclosure and processing of your personal information is regulated by the GDPR. You have the right to request and obtain:

We will only collect and store your data if you have provided express consent; and if the provision of your personal data is necessary for the performance of an agreement between yourself and propper and/or for any pre-contractual obligations. We may also collect your data to comply with legal obligations to which propper is subject; and if the processing of your data is related to a matter in the public interest or in the exercise of official authority vested in propper. If we are obliged to retain your personal data for a longer period due to the performance of a legal obligation or upon order of an authority, we will comply with our obligations and inform you as such. Please note, you have the right to object at any time to the processing of your personal data. If processing occurs for legitimate business interests, you will need to provide us with grounds justifying your objection. If we are processing your personal data for direct marketing relating to propper, you can object without any justification. Your personal data will only be processed and stored for as long as required by the purpose for which it has been collected for. Following withdrawal of consent, or where there is no legitimate need for your personal data, we will delete it. Under the GDPR, you can also request information about whether we are transferring any of your personal data to another country; or an international organization governed by public international law or set up by two or more countries. You can also elect to have your personal data transmitted to another controller if your personal data is being processed by automated means and if the processing is based on your contracted consent. You can contact us to learn about the security measures taken by propper to safeguard your data on the “Contact Us” details provided below.


Changes to this Privacy Policy

We may update this Privacy Policy from time to time.  As a result, we encourage you to review our policy periodically for changes and provide your feedback to us.  Don’t worry - these updates are usually clarifications based on feedback from customers or product and service developments.  Any material revisions of this policy that would result in a material detriment to you will be notified to you by a posting on website, via e-mail or any other means available to us.

Please note that your continued use of propper's Services, requesting our assistance or the provision of further personal information to us (directly or via an authorised person) after this Privacy Policy has been revised, constitutes your acceptance of the updated Privacy Policy.


Automated Decision-Making

From time to time, we may use automated decision making to help identify and prevent spam or other prohibited behaviours, including abusive or fraudulent activity, taking place via the Services.  If you are unable to access your account at any time, please “Contact Us” on the details provided below.


Privacy complaints

If you believe that we have breached your privacy rights in any way, or you would like to discuss any issues about our Privacy Policy please contact us on All such enquiries or complaints will be taken seriously and will be handled as soon as reasonably practicable.

Please contact us immediately if you become aware of or have reason to suspect any breach of security, including unauthorised use of your account or handling of your personal information.


Contact Us

Please contact us immediately if you become aware of or have reason to suspect any breach of security, including unauthorised use of your account or handling of your personal information.

You can also contact us via the contact details provided below if you want to:

Our contact details:


Need more information on privacy?

For more general information regarding privacy in Australia, visit the website of the Office of the Australian Information Commissioner (