Privacy Policy

1. About This Policy

Last Updated: 10/12/2025

This Privacy Policy details how Eastern & Allied Pty Ltd (E&A) collects, uses, and manages your personal information when you use our services online through our website or mobile app, via phone and email, or in person at our locations. Our services follow the Australian Privacy Principles under the Privacy Act 1988 (Commonwealth) and other privacy-related legislation.

This policy applies to all E&A and its Affiliates, as defined by the Anti-Money Laundering and Counter Terrorism Financing (AML/CTF) Act 2006. All Affiliates are subject to the same Privacy Policy as E&A for the services they provide.

2. Personal Information We Collect

To provide you with our money transfer and foreign exchange services, we will collect and store some of your personal information. We may collect this information directly from you or from third-party sources.

2.1 Types of Personal Information We Collect

The personal information we collect may include (but is not limited to):

  • Identity Information: your name, date of birth, gender, occupation, identification documents (e.g. passport, driver’s licence), selfie of you holding your provided documentation.
  • Contact Information: residential address, phone number, email address.
  • Organisational Information: organisation or business details (if you are acting on behalf of an organisation).
  • Payment Information: your bank account number, credit or debit card numbers.
  • Sources of Funds and Sources of Wealth Information: financial information/documents provided to assist with our obligations under the Anti-Money Laundering/Counter-Terrorism Financing (AML/CTF) Act.
  • Transaction-related Information: details about the receiver are required by our partners/service providers to facilitate payout transactions and any other transaction related information to assist with our obligations under the AML/CTF Act.

By using our services, you agree that we can collect, use, transfer, and store your personal information in our secure systems. It also means you consent to the disclosure of your personal information by us to: 

  • identity verification providers;
  • payment processing partners;
  • partners or service providers who help us deliver our services.
2.2 How Your Information Is Collected

We may collect or update your personal information in the following ways:

Directly from you: 

  • when you visit one of our branches or affiliates and provide your details in person;
  • when you submit your information to us online;
  • through communication channels such as phone calls, emails, SMS, or postal mail.

From Third-Party Sources: 

  • public databases, credit reporting agencies, or other organisations that help verify your identity or support your transactions;
  • social media channels, analytics providers, marketing softwares or search information providers, which may give us information about how you interact with our services or how you found our website.

If we receive your personal information from someone else that we did not ask for, we will first determine whether it is information we would normally need for our remittance services:

  • If yes, we may keep it the same way as if you had provided it yourself - protecting it under our Privacy Policy.
  • If not, we’ll safely delete or remove any details that could identify you if it is reasonably practical to do so.

In some cases, we may let you know that we have received your information this way and it is lawful to do so.

2.3 Why We Collect Your Information

We only collect the personal information we need to deliver our services and meet legal and regulatory requirements. If we are unable to collect the required information, we may not be able to proceed with your transaction or work with you or your organisation.

3. CCTV and Audio Recording
3.1 CCTV Video and Audio Recording at Our Premises

Our branches and affiliate locations are monitored by Closed-Circuit Television (CCTV) systems, which will include both video and audio recording for security, training and compliance purposes. These systems may capture video and voice recordings of individuals within our premises. 

  • Our Purpose: CCTV recordings are used to ensure the safety and security of customers, staff, and premises, as well as to comply with legal and regulatory obligations. 
  • Your Consent: By entering our premises, you consent to the collection of your personal information, including video and voice recordings, via CCTV systems.
3.2 Phone Call Recording

When you contact us or when we contact you by phone, the call may be recorded for training, verification, and compliance purposes. These recordings may capture your personal information, including your voice, contact details, and transaction related discussions.

  • Our Purpose: Phone recordings are used for customer service, dispute resolution, and to comply with applicable laws and regulations.
  • Your Consent: By continuing the call, you consent to the recording of the conversation.
3.3 Retention and Storage of Recordings
  • Retention: Both CCTV and phone call recordings will be retained for as long as necessary to fulfill the purposes outlined above, including legal, regulatory, and business requirements.
  • Storage: All recordings are securely stored and protected against unauthorised access. After the retention period expires, recordings will be either securely deleted or stored following our data retention rules and any legal or regulatory requirements.
3.4 Disclosure to Third Parties

We may disclose your personal information, including CCTV and phone call recordings, to third parties under the following circumstances:

  • Legal Requirements: We may share recordings with law enforcement agencies, government agencies, or other third parties, where required under or permitted by law (e.g. for investigations or to meet our legal obligations).
  • Protection of Rights: We may disclose recordings to protect our rights, property, or the safety of others.
4. Privacy Disclosure and Consent

We will use your personal information to provide you with our services and to meet our regulatory requirements including Anti-Money Laundering/Counter Terrorism Funding (AML/CTF) obligations. We may use any email address, other personal information or contact information you provide to us at any time for this purpose.

As a customer of our business we have collected personal information from you and we will also use your personal information, from time to time, for the purposes of direct marketing communication (Refer to clause 6 - Direct Marketing). 

You agree and acknowledge that even if you opt out of receiving marketing material, we can still contact you relating to the services we have provided you. 

We will not disclose your personal information to any third party other than as set out in this Privacy Policy. In order for us to provide you with our services, we may disclose your personal information to other organisations. We take reasonable steps to ensure that these organisations are bound by privacy obligations in relation to protecting your personal information. 

We reserve the right not to disclose your personal information to you, other than the personal and sensitive information that you are entitled to access that we hold on or about you.

4.1 Disclosure to Other Organisations to Provide Our Services

We may disclose your personal information to our service providers and Affiliates. This disclosure may be to entities within Australia and overseas. These include organisations that help us comply with our regulatory obligations (e.g. verify your identity, screen your name against watch lists and provide advice or compliance and auditing services) and a corresponding local or international party service provider that we partner with to fulfil your transfer instructions. 

While we take appropriate measures to protect personal information before disclosure to overseas recipients. However, they may have different disclosure requirements under local laws. The countries we disclose your personal information to will depend on the details of the transaction you ask us to carry out. In providing us with your personal information, you consent to the transfer of your personal information to these organisations for the purposes outlined in this privacy policy.

Before we partner with these organisations we will as part of our due diligence process, review their privacy policy and/or have an agreement in place about the disclosure of your personal information.

4.2 Disclosure to The Australian Transaction Reports and Analysis Centre (AUSTRAC) and Other Government Agencies:

Under the AML/CTF Act, we are required to disclose your personal information to AUSTRAC. From time to time other government agencies may request your personal information which we are obliged to provide.

4.3  Disclosure to You or Your Attorney

Our privacy disclosure and consent process is as follows. The customer or a person authorised under a valid Power of Attorney of the customer has personal information disclosed to them only once they have been properly identified and verified with approved identification and documentation. Your personal information may be given to a customer’s Power of Attorney when they have been identified as such with an original or a certified copy of appropriate documentation. We reserve the right not to disclose any personal information until we are satisfied with the identity of the customer or the Attorney of the customer. 

4.4 Disclosure to Your Authorised Person

We may allow your personal information to be disclosed to an authorised person. For this to happen, we would need a written authorisation from you. The customer and the authorised person must first be properly identified and verified with approved identification documentation. In addition to this, we would need confirmation in person that this disclosure is allowed. We reserve the right not to disclose any personal information until we are satisfied with the identity of the authorised person and the customer.

4.5 Security Incident Regarding Privacy Risks

In the event of a security incident involving unauthorised access, use or disclosure of personal information where we may need to share personal information with a third party (such as a forensic specialist), we will seek to work cooperatively with them to protect the personal information. We may disclose further personal information for the purpose of investigating a security incident.

5. Confidentiality and Security

We will use all reasonable endeavours to keep your personal information in a secure environment and to ensure that records of customer information are protected from unauthorised access. However, this security cannot be guaranteed. We implement industry-accepted standards in protecting your personal information provided to us in person or on our websites. Additionally, we adopt Secure Socket Layer (SSL) encryption technology to protect your sensitive personal information transmitted on our websites. Your personal information is securely stored on our transaction process platform backed up to the cloud via Amazon Web Services. We also require a username and password and/or a customer verification from each user who wants to access his or her information.

We maintain physical, electronic and procedural safeguards that comply with applicable government regulations to protect your personal information. We use up-to-date technology and procedures to ensure customer data is protected from unauthorised access, misuse, and/or loss.

Notwithstanding the reasonable steps taken to keep your personal information secure, breaches may occur. In the event of a security incident, we have put in place procedures to promptly investigate the incident and determine if there has been a data breach involving personal information and if so, to assess if it is a breach that would require notification. If it is, we will notify affected parties in accordance with Privacy Act requirements.

Our organisation, our employees and affiliates are the only people allowed to have access to your personal information and, within the organisation, only those employees who need to access your personal information as part of their job will be able to do so.

If we no longer need your personal information, unless we are required under Australian law to retain it, we will take reasonable steps to destroy or de-identify your personal information.

Our current requirements:

  • Transaction records: 7 years. 
  • Customer identification records for the duration of your relationship with us, and for an additional seven years after we stop providing any services to you.

This is subject to Australian laws and may change.

6. Direct Marketing

We will use your personal information primarily for providing you with our services, and also for direct marketing purposes. This includes but is not limited to sending you personal information about new developments, new services and special offers to either or both your email address and mobile phone number that you have provided to us.

You can, at any time, opt out of receiving marketing material by:

  • Clicking on the unsubscribe button in an email. This will only stop you from receiving marketing emails. If you also wish to opt out from receiving SMS messages you will need to inform our team (Refer to clause 10).  
  • Replying “STOP” to our SMS. This will only opt you out from receiving SMS marketing messages. If you also wish to opt out from receiving marketing emails you need to inform our team (Refer to clause 10). 

Once you request to opt out from receiving our marketing materials, this removal from our distribution lists may take up to 5 business days after the date you opted out. 

You agree and acknowledge that even if you opt out of receiving marketing material, we can still contact you relating to the services we have provided you.

7. Accuracy of Personal Information

We take all reasonable steps to ensure that your personal information held by us is accurate, up-to-date, complete, relevant and not misleading. If you believe that any of your personal information is not accurate, up-to-date, complete, relevant or is misleading, please contact us (Refer to clause 10) and we will take all reasonable steps to correct it within a reasonable time.

You may request details of personal information we hold and request us to correct or erase any erroneous or out-of-date personal information by using the contact methods listed at the end of this statement. We reserve the right not to disclose personal information to you, other than the personal and sensitive information that you are entitled to access that we hold on or about you as long as it is lawful to do so. To protect your privacy, we will need to verify your identity before making details or corrections.

8. Your Consent

By your use of our services you consent to the collection, storage, use and disclosure of your personal information in accordance with this Privacy Policy and as otherwise permitted under the Privacy Act.  

9. Changes

We may vary the terms of this Privacy Policy from time to time if our services, legal requirements, or how we handle your information changes. The latest version will be available on our website.

We encourage you to review the Privacy Policy regularly to stay informed about how we protect your privacy. By continuing to use our services, you acknowledge that you agree to the new terms of the Privacy Policy.

10. Complaints

We work to ensure that we operate in the manner outlined in this Privacy Policy however if you have any issues or concerns, please do not hesitate to contact us so we can resolve your issues.

If you believe your privacy may have been interfered with by us, you have the right to make a complaint about the matter by contacting our Privacy Officer at the contact details below. We will investigate the complaint, respond to you promptly and attempt to resolve it.

If we receive a request in writing from you seeking resolution of a dispute concerning our services, we will respond to you in writing within 30 days of receipt of the request.

If you are dissatisfied with our handling of the complaint, or the outcome, you may take your complaint to the Office of the Australian Information Commissioner (OAIC). Further information is available by phoning: 1300 363 992 or at: http://www.oaic.gov.au/about-us/contact-us-page.

11. Access to Personal Information
11.1 Access from Us

When you request technical support, we may ask for your personal details, including your username and password, to assist in accessing your account. After resolving the issue, we will send you a link to reset and create a password.

11.2 Access by the Customer

When  you request access to your personal information or records we hold about you, we will respond to your request within a reasonable period of time. 

We will give access to personal information after identification and verification through approved identification documentation, in a manner you request, where possible. This will be subject to any exemptions allowed under the Privacy Act. 

A reasonable administrative fee may apply for providing any records or documentation.

To request your personal information or to submit a privacy-related complaint, you can contact us through any of the following channels:

  • in person at one of our branches
  • email info@hhmt.com.au
  • telephone +61 (2) 9728 7928
  • by post to: The Privacy Officer, Eastern & Allied Pty Ltd, 56 John Street, Cabramatta, NSW 2166, Australia.