Privacy Policy

Last updated:

AMLX Pty Ltd (ABN 70699972677) ("AMLX", "we", "us", "our") provides AML/CTF compliance advisory, program setup, training and support services to Australian businesses. We are committed to protecting your privacy and handling personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This Privacy Policy explains how we collect, use, hold and disclose personal information — whether you are a visitor to our website, a client of AMLX, or an individual whose identity is verified as part of the compliance services we deliver for our clients.

1. What personal information we collect

The personal information we collect depends on how you interact with us.

Website visitors and enquiries. When you visit our website or contact us, we may collect your name, email address, phone number, business name, and the contents of any message you send us, along with technical data such as your IP address, browser type, pages visited and referring website (collected via cookies and analytics tools).

Clients. When you engage AMLX, we collect information needed to deliver our services, including the names and contact details of your directors, compliance officers and staff, business registration details (ABN/ACN), information about your business operations and risk profile, AUSTRAC enrolment details, and training and program records.

Verified individuals (KYC subjects). As part of delivering Know Your Customer (KYC) and customer due diligence services on behalf of our clients, we may collect and process identity information about our clients' customers. This can include full name, date of birth, residential address, government-issued identity documents (such as a driver licence or passport), and the results of identity verification, politically exposed person (PEP) and sanctions screening. In some cases this information may include sensitive information as defined in the Privacy Act. Where we process this information on behalf of a client, that client is generally the primary collector of the information, and we handle it to help them meet their obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act).

2. How we collect personal information

We collect personal information directly from you where practicable — through our website forms, email, phone, meetings and the course of providing our services. We may also collect information from third parties, including our clients (in respect of individuals being verified), identity verification and screening providers, publicly available sources and registers (such as ASIC), and the AML/CTF compliance platforms we use to deliver our services, including AMLHUB.

Because identity verification is required by law for certain transactions, individuals generally cannot opt out of providing identity information where a reporting entity is required to collect it under the AML/CTF Act. If required information is not provided, our client may be unable to provide their services to that individual.

3. Why we collect, use and disclose personal information

We collect, hold, use and disclose personal information to:

  • respond to enquiries and provide quotes and proposals;

  • deliver our services, including AUSTRAC enrolment support, risk assessments, AML/CTF program development, KYC and customer due diligence workflows, staff training, ongoing monitoring and reporting support;

  • assist our clients to meet their legal obligations under the AML/CTF Act and AUSTRAC rules, including record-keeping, threshold transaction reports and suspicious matter reports;

  • manage our client relationships, billing and accounts;

  • improve our website and services, including through analytics;

  • send service updates and, with your consent or as otherwise permitted by law, marketing communications (you can opt out at any time); and

  • comply with our own legal and regulatory obligations.

We do not sell personal information.

4. Who we disclose personal information to

We may disclose personal information to:

  • AUSTRAC and other regulators, where required or authorised by law — including reports lodged on behalf of clients under the AML/CTF Act;

  • our clients, in respect of individuals verified as part of that client's customer due diligence;

  • service providers and platforms we use to deliver our services, including AML/CTF compliance software (such as AMLHUB), identity verification and screening providers, cloud hosting, email, document management and analytics providers;

  • professional advisers, such as lawyers, accountants and insurers; and

  • other parties where you consent, or where disclosure is required or authorised by law.

Where the AML/CTF Act restricts disclosure — for example, the prohibition on "tipping off" in relation to suspicious matter reports — we will not disclose that information, including to the individual concerned, except as permitted by law.

5. Overseas disclosure

We aim to store personal information in Australia. Some of our service providers (such as cloud hosting or analytics providers) may store or process information overseas, including in the United States. Where we disclose personal information overseas, we take reasonable steps to ensure the recipient handles it in a manner consistent with the APPs.

6. How we hold and protect personal information

We hold personal information in secure, access-controlled cloud systems. We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification or disclosure, including encryption in transit, access controls, and limiting access to staff who need it to perform their role.

Retention. We retain personal information only as long as needed for the purposes described in this policy or as required by law. Records collected under the AML/CTF Act — including customer identification records — must generally be retained for seven years, and we (or our clients) retain those records for that period. When personal information is no longer required, we take reasonable steps to destroy or de-identify it.

Data breaches. If a data breach occurs that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme.

7. Cookies and analytics

Our website uses cookies and similar technologies to operate the site and understand how visitors use it. You can control or disable cookies through your browser settings, though some parts of the website may not function fully without them.

8. Accessing and correcting your information

You may request access to, or correction of, the personal information we hold about you by contacting us using the details below. We will respond within a reasonable period. In limited circumstances the law may allow or require us to refuse access — for example, where information relates to a suspicious matter report — and where possible we will explain why.

If your personal information was collected by one of our clients as part of their customer due diligence, we may refer your request to that client, as they are generally the entity responsible for that information.

9. Complaints

If you have a concern about how we have handled your personal information, please contact us first and we will investigate and respond within a reasonable time. If you are not satisfied with our response, you can complain to the Office of the Australian Information Commissioner:

Office of the Australian Information Commissioner (OAIC) Website: www.oaic.gov.au Phone: 1300 363 992

10. Changes to this policy

We may update this Privacy Policy from time to time. The current version will always be available on our website, with the date of the last update shown at the top.

11. Contact us

Email: casey@amlx.com.au Phone: 07 3053 5666