Why your privacy matters to us
What kind of information do we collect?
Regardless of whether you register on the website, we will collect general information that is not personal to you. This type of information generally relates to your behaviour on the site, and includes things like the type of browser you are using, your geographic location, and how you came to the website. It also includes information that will help us trouble-shoot problems, analyse our resources and improve our services. There are many aspects of the site that can be viewed without providing personal information, however, for access to propper customer support features and our general services you are required to submit personally identifiable information. This may include but is not limited to name, email, phone, address, photos and the provision of information to confirm your identity and property ownership. If we have received personal information that we have not requested (unsolicited personal information) we will delete or destroy it as soon as practicable but only if it is lawful and reasonable to do so, or we will ensure that the information is de-identified. In certain circumstances we may be required or permitted by law, court or tribunal order to collect and/or disclose certain personal information about you. You do not have to provide us with your personal information, but if you do not provide us with the personal information that we need, we may not be able to provide our services or assistance to you or on your behalf.
When do we collect personal information?
We collect information from you whenever you visit our website, register to use our services, request further information about us or interact with related software (including mobile applications). We will collect this information automatically using tracking technologies, including cookies, and through web forms where you type in your information. We will also collect information when you:
- submit documentation to us in connection with the Services, including (without limitation) a tenancy application or managing agency agreement;
- provide us with (or instruct us to create) photos, illustrations, text, video, still images, audio, interactive virtual tours and schematic floor plans or other material of a real estate property;
- contact and interact with us independently of our website, such as contacting us by email, phone or in person;
- participate in activities or offers, including any of our online competitions or promotions;
- access any of our Services through a social network site;
- submit information to us as part of an employment opportunity;
- consent to the sharing of your personal information with us through a related body corporate, service provider or third-party (Stakeholders); and
- when you provide us with feedback or make a complaint.
We don't collect information for the sake of it. All the information we gather has a specific purpose. Those purposes are identified below under " How do we use your personal information?". For example, by completing a web-form, we are able to respond to your rental application and advise you if there are any additional services that may assist you during a relocation. Any information that we receive from Stakeholders is used to provide a better or more relevant service or product to you
How do we use your personal information?
- to check your eligibility for the Services;
- to provide and personalise the Services to you;
- to establish, maintain and administer your account and/or profile with us;
- to process and respond to an application in connection with the Services;
- to facilitate communications between you and us or a Stakeholder that you have requested contact with. Examples (without limitation) include propper Maintenance, buyers or vendors of real estate property, insurance or credit providers and their intermediaries etc;
- to refer you to our related body corporates;
- to understand, diagnose, troubleshoot and fix issues with the Services;
- to evaluate and develop new content, features, technologies and improvements to the Services;
- to develop, administer and enhance the algorithms, functionality and performance of the Services;
- to process payments and for invoicing generally;
- for quality assurance and training purposes;
- to conduct business planning, reporting and forecasting;
- for disclosure to debt collection agencies to recover any amounts you owe to us;
- to satisfy legal obligations which may arise from agreements or contracts entered into, including (without limitation) the management and marketing of real estate interests, compliance with law enforcement requests, taking appropriate action with respect to reports of intellectual property infringement and inappropriate content etc.;
- in the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure;
- to conduct verifications of profiles, checking credentials, monitoring and reporting as reported under the relevant propper terms and conditions or under any applicable laws;
- to host, publish, post, share, store or upload photos, illustrations, text, video, still images, audio, interactive virtual tours and schematic floor plans or other material of a real estate property on our platform and with our Stakeholders;
- to nurture and verify your data profile by combining your personal information through data sharing and data cross-matching activities with information we have collected from other sources in order to generate and report analytics, insights and research (including without limitation, your propensity to buy or sell property, and to promote insurance offerings as well as other varied product offerings) to and on behalf of our Stakeholders;
- to generate and report aggregate statistics to advertisers and Stakeholders;
- to communicate with you in relation to the Services, including without limitation, notifying you of changes, surveys and information about security updates;
- to create or distribute advertising and marketing material that is relevant to you, including material relevant to our Stakeholders;
- to generate and provide stories, commentary, and property profiles or descriptions (including without limitation, the sharing of feedback or reviews, photos or other personal information) which may be accessible through the Services, associated websites and/or social media channels; and
- any other uses identified at the time of collecting your personal information.
When might we disclose your personal information & de-identified data?
Any personal information provided to us, and from time to time, de-identified information may be disclosed, if appropriate, to other entities in order to facilitate the purpose for which the information was collected, and those purposes may be commercial in nature. Such entities generally include:
- landlords or tenants (including prospective tenants);
- any related entity of propper;
- third-party service providers for the purpose of enabling them to provide a service such as (but not limited to), payroll, superannuation administration, IT service providers, data storage, web-hosting and server providers, debt collectors and credit, reference and criminal history checking agencies;
- our Stakeholders with whom propper has a commercial relationship or who jointly with us, provide products or services to you, or with whom we partner to provide products or services to you;
- the data analytic partners or service providers of those Stakeholders;
- any applicable or relevant regulator, government agency or third party for the purpose of legislative or contractual compliance and/or reporting;
- professional advisors such as our financial advisers, legal advisers and auditors;
- your representatives (including your legal adviser, accountant, mortgage broker, financial adviser, executor, administrator, guardian, trustee, or attorney) or
- other entities if you have given your express consent.
Those entities will be permitted to obtain only the personal information necessary to deliver the service or to facilitate the purpose for which the information was collected. Those purposes are identified under ‘How do we use your information’ (see above).
Does propper use personal information for direct marketing?
From time to time we may use the personal information we collect from you to identify particular propper services that we believe may be of interest to you. We may then contact you to let you know about these services and how they may benefit you. We will generally only do this with your prior consent (where practical) and we will always give you a choice to opt out of receiving such information in future. Direct Marketing from propper generally takes the form of an electronic marketing email. Electronic marketing occurs where we use your personal information to send you marketing information by email, SMS, MMS or other electronic means. We may do so with your express or implied consent. You may give us your express consent by, for example, ticking a box on an electronic or signing in paper form where we seek your permission to send you electronic or other marketing information. Consent may be implied from our existing business relationship or where you have a reasonable expectation of receiving an electronic marketing communication. Every directly addressed marketing contact sent or made by propper will include a means by which customers may unsubscribe (or opt out) of receiving further marketing information. Additionally, you may instruct us at any time to remove any previous consent you provided to receive marketing communications from us. Requests should be directed to us via the channels provided under ‘Contact Us’ below.
Does propper receive information from third-parties?
We may receive information about you from:
- OpenAgent Group companies (our related bodies corporate);
- your representatives (including employers), upon authorisation from you;
- public registers or other publicly available sources of information;
- our contracted service providers (for example, website server hosts, IT and HR management and resourcing);
- other Stakeholders who collaborate with us to provide products and services to you;
- third-party websites, applications or platforms that interface with our own websites and applications (for example, customer relationship management providers);
- social media platforms when you publicly comment, interact with us or send us a private message (for example, LinkedIn, Facebook and Instagram); and
- digital tracking tools (for example, cookies).
Links to third-party websites
Personal information about employees or job applicants
propper may also collect personal information from you if you apply for a job with and/or become employed by us. In these circumstances:
- you authorise us to collect any personal information (whether written or verbal) from any referee or previous employer specified in your application for employment or curriculum vitae for evaluation of your application for
- employment and to hold such information on your personal file for future evaluation of your employment by us.
- you acknowledge that we collect your personal information for the purpose of evaluating your application for employment and, should you accept employment with us, the assessment of your continued employment by us and the administration by us of your remuneration and any PAYE obligations.
- You acknowledge that a failure by you to provide the requested personal information will have a detrimental effect on our ability to give your application proper consideration. You can request to access and/or correct your personal information in accordance with this policy.
Accessing your personal information held by propper
You may review, edit, correct or delete any personal information you submit to us at any time. To do this, you will need to contact propper in writing or over the phone through the contact details below. You may access personal information we otherwise hold about you. Access to your personal information may be denied on certain grounds including, for example: it is unlawful; it may have an unreasonable impact upon the privacy of other individuals; or your request is frivolous or vexatious. If we deny you access we will provide our reason for doing so at the time of your request. If you wish to access the personal information we hold about you or request correction of it, you should contact the privacy officer on the details below who will respond to your request within a reasonable period after the request is made. While we do not charge you for a request for accessing your personal information you should be aware that we may charge a reasonable fee (which will be notified to you once you make a request) for time and cost in the following circumstances:
- if an extended amount of time is required to collate and prepare material for you; and
- if you wish to have your files photocopied for you.
How can you correct and update your information?
We take reasonable steps to ensure that the personal information we hold about you is accurate, complete and up-to-date. However, we also rely on you to advise us of any changes to your personal information by maintaining and updating your profile. Please contact us using the contact details below as soon as possible if there are any changes to your personal information or if you believe the personal information we hold about you is not accurate, complete or up-to-date so that we can update your file accordingly.
Dealing with us Anonymously or by Pseudonym
In order for us to successfully do business with you it will not, in most circumstances, be practical for us to deal with you without you providing relevant personal information to us. However, where it is lawful and practicable to do so, you may deal with us anonymously or by using a pseudonym.
Storage and security
propper will store your personal information for as long as needed to provide you with the Services and to operate our business. At any time, you can request to access your personal information held on our website (subject to service outages) to keep it updated. We will also delete specific personal information upon request, unless deleting that information prevents us from carrying out necessary business functions, such as billing and conducting required audits. If we are unable to delete your data, we will transform it so that it can no longer be used to identify you.
We have a variety of appropriate security measures to protect the security of your personal information both online and offline. These measures vary based on the sensitivity of the personal information we collect, process and store and the current state of technology. It includes physical and electronic measures. Although we aim to create a safe, secure environment, we cannot guarantee that unauthorised parties will not gain access but will notify you regarding eligible data breaches if they are likely to or do impact you.
If you have a specific concern or request about your data, please contact us on the details provided below.
Notifiable Data Breach Scheme
The Notifiable Data Breaches (NDB) scheme applies to eligible data breaches that occur on or after 22 February 2018. It mandates a reporting and notification process for propper. The Office of the Australian Information Commissioner (OAIC) administers the NDB Scheme.
In simple terms, if:
- there is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, that propper holds; and
- this is likely to result in serious harm to one or more individuals; and
- we have not been able to prevent the likely risk of serious harm with remedial action,
then we are required to notify the OAIC and impacted individuals about the incident.
There is a broad scope of activities that would be considered unauthorised access, unauthorised disclosure or loss of personal information. Some examples include:
- a third-party hacking our systems or databases;
- a person browsing customer records without any legitimate or authorised purpose;
- a laptop containing personal information is stolen or lost;
- a person sends an email containing personal information to the contact.
The NDB scheme ensures that as an organisation, we are accountable for your privacy protection. The notification process is important for building a relationship of trust and transparency. In addition, by keeping you notified, you’re better able to take steps to mitigate harm, such as changing passwords or being alert to phishing emails or scams. In the interim, We would also be taking steps to remediate the breach and will keep you advised on our progress, including the security measures being undertaken.
Please “Contact Us” on the details provided below if you have any questions about this.
General Data Protection Regulation
The General Data Protection Regulation (GDPR) regulates the processing of personal information under European Union law. The GDPR aims to protect the information relating to individuals located in the European Union. If you are interacting with or being monitored by propper or using our services whilst being located in the European Union, our collection, use, disclosure and processing of your personal information is regulated by the GDPR. You have the right to request and obtain:
- copies of your data and how propper is using it;
- details of how long the data will be stored; and
- information about whom the data may be disclosed to.
We will only collect and store your data if you have provided express consent; and if the provision of your personal data is necessary for the performance of an agreement between yourself and propper and/or for any pre-contractual obligations. We may also collect your data to comply with legal obligations to which propper is subject; and if the processing of your data is related to a matter in the public interest or in the exercise of official authority vested in propper. If we are obliged to retain your personal data for a longer period due to the performance of a legal obligation or upon order of an authority, we will comply with our obligations and inform you as such. Please note, you have the right to object at any time to the processing of your personal data. If processing occurs for legitimate business interests, you will need to provide us with grounds justifying your objection. If we are processing your personal data for direct marketing relating to propper, you can object without any justification. Your personal data will only be processed and stored for as long as required by the purpose for which it has been collected for. Following withdrawal of consent, or where there is no legitimate need for your personal data, we will delete it. Under the GDPR, you can also request information about whether we are transferring any of your personal data to another country; or an international organization governed by public international law or set up by two or more countries. You can also elect to have your personal data transmitted to another controller if your personal data is being processed by automated means and if the processing is based on your contracted consent. You can contact us to learn about the security measures taken by propper to safeguard your data on the “Contact Us” details provided below.
From time to time, we may use automated decision making to help identify and prevent spam or other prohibited behaviours, including abusive or fraudulent activity, taking place via the Services. If you are unable to access your account at any time, please “Contact Us” on the details provided below.
Please contact us immediately if you become aware of or have reason to suspect any breach of security, including unauthorised use of your account or handling of your personal information.
Please contact us immediately if you become aware of or have reason to suspect any breach of security, including unauthorised use of your account or handling of your personal information.
You can also contact us via the contact details provided below if you want to:
- request further information about the way we collect, handle, manage and secure your personal information;
- request access to or update your personal information held by us;
- limit our use and disclosure of your personal information;
- inform us about any suspected or known unauthorised use of your account by anyone else;
- unsubscribe from any propper mailing list or flag with us concerns about any communications that you may have received or are concerned about;
- ask us any other questions or raise a complaint.
Our contact details:
Need more information on privacy?
For more general information regarding privacy in Australia, visit the website of the Office of the Australian Information Commissioner (www.oaic.gov.au).