PURPOSE
WHK Commercial Property (the Agency’) provides real estate services including:
• Commercial Sales
• Commercial Leasing
• Property Management
• Facilities & Maintenance Management
• Valuations
We are bound by the Privacy Act 1988 including in particular the Australian Privacy Principles (APP) which regulate the collection, use and disclosure of personal information. This Privacy Policy explains;
• The scope of our Privacy Policy;
• Why We collect personal information;
• What personal information We collect;
• How We collect and use Your personal information;
• How We disclose Your personal information;
• Your right to access Your personal information;
• Your right to correct Your personal information;
• How We protect the integrity of Your personal information;
• Your right to make a privacy complaint; and
• How You can contact Us regarding privacy concerns.
We reserve the right to review and if necessary, change this Privacy Policy. We will post changes to this Privacy Policy on our website. This Privacy Policy is on our website.
SCOPE
This Privacy Policy governs all personal information collected by and provided to Us and must be adhered to by all persons who access, use, process, control or otherwise deal with personal information on our behalf. This Policy applies to independent contractors and job applicants, as well as individuals who provide Us with personal information.
INTERPRETATION
Personal pronouns: except where the context otherwise provides or requires:
• The terms We, Us or Our refers to WHK Commercial Property (WHK Rentals Pty Ltd) and
• The terms You or Your refers to any person who provides Us with personal information in any form or by any means.
WHAT IS PERSONAL INFORMATION?
Personal information is any information that can be used to identify You. This includes any information or an opinion about You (including information or an opinion forming part of a database), whether true or not, and no matter how the information or opinions are recorded. The information may be collected from You directly or provided to Us by another party.
WHY DO WE COLLECT PERSONAL INFORMATION?
We collect personal information from You for the following purposes:
• To allow Us to lawfully carry out our real estate functions and activities;
• To enable Us to deliver the products and services that You requested;
• To provide You with further information about the products and services You requested;
• To personalise and customise Your experiences with Us;
• To help Us review, manage and enhance our services;
• To communicate more effectively with You;
• For administration purposes, including charging, billing and collecting debts;
• To promote and market our products and services which We consider may be of interest to You;
• When considering making offers to job applicants and prospective employees or for employment purposes; and
• To receive services from You or the organisation which employs You.
We may also collect, hold, use and/ordisclose personal information if You consent or if required or authorised under law.
WHAT PERSONAL INFORMATION DO WE COLLECT?
We collect personal information that is reasonably necessary for one or more of Our functions or activities.
The type of information that We collect and hold may depend on Your relationship with Us. For example:
Candidate: if You are a candidate seeking employment with Us, We may collect and hold information including Your name, address, email address, contact telephone number, gender, age, employment history, references, resume, medical history, emergency contact, taxation details, qualifications, payment details and Drivers Licence details.
Customer: if You are a customer of the Agency, the Agency may collect and hold information including Your name, address, email address, contact telephone number, gender, age and identification documentation including Drivers Licence, Passport or Medicare details.
Supplier: if You are a supplier of the Agency, the Agency may collect and hold information including Your name, address, email address, contact telephone number, business records, qualifications, certificates, billing information, information about goods and services supplied by You and insurance information including copies of Certificates of Currency for various relevant policies.
Sensitive information: We will only collect sensitive information where You consent to the collection of the information and the information is reasonably necessary for one or more of the Agency’s functions or activities. Sensitive information includes, but is not limited to, information or an opinion about racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, membership of a trade union, sexual preferences, criminal record, health information or genetic information.
If You feel that the personal information that We are requesting at any point is not information that You wish to provide, please feel free to raise this with Us.
OPEN AND TRANSPARENT MANAGEMENT OF PERSONAL INFORMATION
We will manage personal information and sensitive information (where the context permits, a reference to personal information below includes reference to sensitive information) in an open and transparent manner. In doing so, we will ensure that individuals are notified at the time of collecting their personal information (or if this is not possible then as soon as reasonably practical after):
• what type of personal information is being collected;
• to whom that personal information will be disclosed; and
• how we use that personal information.
We ensure all our employees are trained at regular intervals to ensure they understand our obligations under the Act.
We have currently adopted the following Privacy Policies in respect of the following aspects of our business:
1. Real Estate Business: a Privacy Policy and Privacy Collection Notice are made available on our website, at our office and may also be made available to actual or prospective clients and other attendees at any property inspections. We may also make it available by email when we first communicate with actual or prospective clients and other people who provide us with their personal information.
2. Website: at www.whkcommercial.com.au which has adopted a Privacy Policy in regards to the use of our website.
If at any time, our business practices change, we will review the scope of our existing Privacy Policies and assess whether or not amendments or additional Privacy Policies are required in order to address changes or addition to our business.
HOW DO WE COLLECT & HOLD PERSONAL INFORMATION?
We must collect personal information only by lawful and fair means. We will collect personal information directly from You if it is reasonable or practicable to do so.
We may collect personal information for the following purposes:
Property Management
• to identify and/or verify the identity of any prospective or actual landlord or tenant for any property we manage or propose to manage;
• to process and assess any application received in relation to a tenancy or lease of any property;
WHK Rentals Pty Ltd – Information Security & Privacy Procedures Policy V2 – Feb 2026 Page 4 of 11
• to advertise, market and promote any tenancy or lease of any property;
• to negotiate and prepare any tenancy agreement, lease or any other document for any property;
• to liaise and exchange information with the landlord or the tenant as well as their agents, contractors, legal, financial and other advisors in relation to or in connection with any tenancy or lease of the property;
• to manage any tenancy or lease agreement including the collection of rent and other amounts on behalf of the landlord and the preparation of required statements of account;
• to ensure the safety and security of landlords and existing occupiers and of each of their property in connection with the inspection of any property by prospective tenants;
• to comply with any applicable law in connection with the tenancy agreement or lease;
• to confirm whether the landlord or tenant is registered for GST purposes;
• to tell an individual about any other rental property that we are managing or any other service that we provide, unless that individual tells us not to (this is referred to as direct marketing);
Sales & Leasing
• to identify and/or verify the identity of any prospective or actual vendor for any property we list as the sales agent;
• to advertise, market and promote the sale of any property;
• to negotiate and manage the sale of any property (including to provide non legal assistance with the exchange of the contract for the sale of property and the preparation of any required statements of account);
• to liaise and exchange information with the vendor, purchaser (including any prospective purchaser) as well with their respective agents, contractors, legal, financial and other advisors in relation to or in connection with the sale of the property;
• to ensure the safety and security of vendors and existing occupiers and of each of their property in connection with auctions and the inspection of any property by prospective purchasers;
• to comply with any applicable law in connection with the sale of the property;
• to confirm whether the vendor or purchaser is registered for GST purposes;
• to tell an individual about any other property that we are selling or any other service that we provide, unless that individual tells us not to (this is referred to as direct marketing).
Generally
• to act on behalf of clients in accordance with any agency agreement and to comply with our obligations under that agreement;
• to allow us to run our business efficiently and to perform administrative and operational tasks;
• to operate controlled money accounts;
• to comply with any dispute resolution or other legal process;
• in order to update our records and an individual’s contact details;
• if we enter into or propose to enter into any agreement or arrangement with any party for the purpose of or in connection with the acquisition of our business (including any part of our business that includes personal information), then we may provide that party (including its legal, financial and other professional advisers) with personal information in relation to or in connection with those arrangements; and
• any other purpose to which an individual has consented.
If we collect sensitive information then we generally collect it directly from the individual concerned. We should only collect sensitive information where it is actually required (for example, if a tenant has a disability, it may be relevant to disclose this to the landlord in order for the parties to assess whether the property is suitable for the proposed tenant). We may also collect sensitive information when it has been provided to us by a third party who has been authorised to supply that information to us. Any sensitive information that is collected in this way must only be used for the purposes for which it is provided, and is collected with the relevant individual’s consent. We require any third party that we deal with to comply with the Act.
We may collect personal and/or sensitive information in a number of ways, including without limitation:
• through application forms;
• by email or other written mechanisms;
• over a telephone call;
• in person;
• through transactions;
• business cards;
• contracts;
• through our website;
• through surveillance cameras;
• by technology that is used to support communications between Us; and
• from third parties, including through publicly available information sources (which may include telephone directories, the internet and social media sites).
When We collect personal information about You through publicly available information sources, such information will be managed in accordance with the APPs.
Unsolicited personal information is personal information that We receive which We did not solicit. Unless We determine that We could have collected the personal information in line with the APPs or the information is contained within a Commonwealth record, We must destroy the information to ensure it is de-identified.
NOTIFICATION OF THE COLLECTION OF PERSONAL INFORMATION
When we first collect personal information from an individual we will notify them that we have collected their personal information. This is achieved by making our relevant privacy policy available at our business address, on our website, at any property inspection and auction as well as making copies available when we send email communications to the individuals concerned.
Our current privacy policy does not include a consent to use personal information for marketing and related purposes as we consider that those purposes are reasonably contemplated and, in any event, if an individual requests that we not contact them further then we will update our records to ensure that we will not contact them again. However, as we are not obtaining consent from the individual, we must not under any circumstances use any sensitive information in connection with any marketing and related purposes without the express consent of the individual concerned.
All marketing communications must also include a functional opt-out notice to comply with the Spam Act 2003 (Cth).
The privacy policy referred to above will provide the individual with information about (including without limitation):
• how we collect their personal information;
• the purposes of the collection of their personal information;
• those entities that we usually disclose personal information to;
• what happens if the individual chooses not to provide us with personal information;
• direct marketing that may be undertaken by us or any related company, preferred supplier or sponsor;
• when we are required to collect personal information under an Australian or State law, such as the Property, Stock and Business Agents Act 2002 (NSW), including any regulation under that law;
• our privacy policy and where it can be found; and
• any disclosure of personal information that we make to an overseas entity.
If we know that, as part of our relationship with the individual, we will disclose their personal information to another identifiable entity, we will notify the individual of the following matters at the time we first collect their personal information (or if that is not possible, then as soon as reasonably practical thereafter):
• the identity and contact details of that organisation; and
• why their information may be disclosed to the organisation.
HOW DO WE USE YOUR PERSONAL INFORMATION?
We will only use and disclose Your personal information for purposes which are related to those identified under this Policy or if we get Your consent to do so and it is in accordance with this Privacy Policy and the Privacy Act.
We will not use Your personal information for any purpose for which You would not reasonably expect Us to use it for. Additionally, We will not disclose Your sensitive information without Your consent, unless there is a need to disclose such information in accordance with the Privacy Act or to comply with any other regulatory requirement.
IS PERSONAL INFORMATION USED FOR DIRECT MARKETING?
We may use or disclose personal information (other than sensitive information) about You for the purpose of direct marketing (for example, advising You of new goods and/or services being offered by Us).
We may use or disclose sensitive information about You for the purpose of direct marketing if You have consented to the use or disclosure of the information for that purpose.
You can opt out of receiving direct marketing communications from the Agency by contacting our office in writing at reception@whkcommercial.com.au or, where available, accessing the Agency’s website and unsubscribing appropriately.
WHAT HAPPENS IF YOU DO NOT PROVIDE YOUR PERSONAL INFORMATION?
You are not obliged to give Us Your personal information. If You would like to access any of our services on an anonymous basis or using a pseudonym, We will take reasonable steps to comply with Your request.
However, We will require You to identify yourself if:
• We are required by law to deal with individuals who have identified themselves; or
• It is impracticable for Us to deal with You if You do not identify Yourself or elect to use a pseudonym.
This might include ensuring the safety of others for whom We have responsibility.
Please be aware that Your request to be anonymous or to use a pseudonym may affect our ability to provide You with the requested services. For example, Your ability to bid for a property at auction.
WHEN DO WE DISCLOSE YOUR PERSONAL INFORMATION?
You acknowledge and agree that We may disclose Your personal information for any of the purposes for which it is was collected, as indicated under this Policy, or where it is under a legal duty to do so.
Disclosure will usually be internally and to related entities or to third parties such as contracted service suppliers.
• Before We disclose personal information about You to a third party, We will take steps as are reasonable in the circumstances to ensure that the third party does not breach the APPs in relation to the information.
ACCESS TO YOUR PERSONAL INFORMATION
Individuals may request access to any personal information that we hold about them. We may (but do not currently intend to) charge the individual a fee for requesting access to their personal information. If we charge a fee, the fee must be justified and reasonable.
We will verify the individual’s identity prior to disclosing any of their personal information to them.
When an individual requests access to their personal information, we will conduct a search of our customer relationship database. This search may also indicate if there are any paper records that contain personal information.
We will not give access to the personal information that we hold about an individual where it is unreasonable or impracticable to provide access or in circumstances where the request would likely:
• pose a serious threat to the life, health or safety of any individual, or to public health or public safety;
• unreasonably access the privacy of other individuals;
• be frivolous or vexatious;
• relate to legal proceedings or anticipated legal proceedings, and the correct method of access to personal information is by the process of discovery in those legal proceedings; • reveal the intentions of the entity in relation to negotiations with the individual in such a way as to prejudice those negotiations;
• be unlawful or in breach of an Australian or State law;
• prejudice the taking of appropriate action in relation to a matter where unlawful activity or misconduct relates to our functions or activities;
• prejudice enforcement-related activities of an enforcement body; or
• reveal commercially sensitive information.
When we receive a request for access we will usually respond to the individual with 7 days. However, depending on the nature of the request, we may provide the personal information when the request is made.
If the individual is requesting a large amount of personal information, or the request cannot be dealt with immediately, then after we have investigated the request for access we will advise the individual what personal information we hold and provide details of that personal information.
We will comply with all reasonable requests by an individual to provide details of their personal information that we hold in the requested format.
There are certain circumstances in which We may refuse to grant You access to the personal information. In such situations We will give you written notice that sets out:
• the reasons for the refusal; and
• the mechanisms available to You to make a complaint.
If we do not provide access to the personal information we will provide written reasons setting out why we do not believe we need to provide access.
CORRECTION OF YOUR PERSONAL INFORMATION
We rely on individuals to help us to ensure that their personal information is accurate, up-to-date, complete, relevant and not misleading.
If We hold personal information that is inaccurate, out-of-date, incomplete, irrelevant or misleading, We must take steps as are reasonable to correct the information.
If We hold personal information and You make a request in writing addressed to the Privacy Officer to correct the information, We must take steps as are reasonable to correct the information and We will respond to any request within a reasonable period.
There are certain circumstances in which We may refuse to correct the personal information. In such situations We will give You written notice that sets out:
• the reasons for the refusal; and
• the mechanisms available to You to make a complaint.
If We correct personal information that We have previously supplied to a third party and You request us to notify the third party of the correction, We will take such steps as are reasonable to give that notification unless impracticable or unlawful to do so.
INTEGRITY AND SECURITY OF YOUR PERSONAL INFORMATION
We will take such steps (if any) as are reasonable in the circumstances to ensure that the personal information that We:
• collect is accurate, up-to-date and complete; and
• use or disclose is, having regard to the purpose of the use or disclosure, accurate, up-to-date and complete.
Information which We collect will be stored in paper-based files or other electronic record keeping methods in secure databases (including trusted third party storage providers based in Australia and overseas). Personal information may be collected in paper-based documents and converted to electronic form for use or storage (with the original paper-based documents securely destroyed). We will take steps as are reasonable in the circumstances to protect the personal information from misuse, interference, loss and from unauthorised access, modification or disclosure.
Personal information will be retained only for as long as is reasonably necessary to fulfil the purpose for which it was collected, or as required by Law.
The Agency maintains physical security over temporarily-stored paper and electronic data, such as through locks and security systems at Our premises. We also maintain computer and network security, such as firewalls and other security systems such as user identifiers and passwords to control access to the computer systems.
If We hold personal information and no longer need the information for any purpose for which the information may be used or disclosed, the information is not contained in any Commonwealth record and We are not required by law to retain the information, We will take such steps as are reasonable in the circumstances to destroy the information or to ensure it is de-identified.
We do not use Government-related identifiers to identify individuals.
We do not disclose personal information overseas. We may use cloud storage and IT servers that may be located overseas to store the personal information we hold. As electronic or networked storage can be accessed from various countries through an internet connection it is not always practical to know in which country information about an individual may be held.
We may receive tax file numbers in the course of our practice. We may also receive and disclose a tax file number to a financial institution (such as a bank) in order to open a controlled monies account in relation to a lease or a sale and purchase of property, however, we do not use or disclose tax file numbers for any other purpose.
INFORMATION SECURITY CONTROLS
Access Control
Access to systems, applications and data is granted based on the principle of
Least privilege. Access rights are reviewed regularly and revoked promptly when no longer
required.
Data Encryption
Sensitive information is encrypted using industry-standard encryption algorithms to
prevent unauthorised access.
Network Security
Firewalls, intrusion detection and prevention systems, and other security controls
are implemented to protect our network infrastructure from unauthorised access and cyber
threats.
Endpoint Security
All endpoints (e.g. computers, mobile devices) are equipped with up-to-date security software, including anti-virus, and endpoint detection and response tools.
COMPLAINTS
You have a right to complain about our handling of Your personal information if You believe we have breached the APPs.
If You wish to make such a complaint to Us, You should first contact the Compliance Officer in writing. Your complaint will be dealt with in accordance with our Grievances, Misconduct and Performance Policy and We will provide a response within a reasonable period.
If You are unhappy with our response to Your complaint, You may refer Your complaint to the Office of the Australian Information Commissioner (‘OAIC’). The OAIC can be contacted by telephone on 1300 363 992 or by using the contact details on the OAIC website.
COMPLIANCE
We are committed to complying will all applicable laws, regulation and industry standards related to information security and data privacy.
Adherence to this Information Security and Privacy Procedures Policy is essential to safeguarding the confidentiality, integrity and availability of information assets at WHK Commercial Property. By following this Policy, we demonstrate out commitment to protecting the privacy of our clients and maintaining the trust they place in us.
This Policy will be reviewed regularly to ensure its effectiveness and compliance with changing legal and regulatory requirements.
The Agency may amend this Privacy Policy from time to time, with or without notice to You.