Your privacy is important to us, have a read about how we handle your information
Your privacy is important to us. This policy explains how the TOOP+TOOP group of companies (“Our Group”, “we”, “us”, “our”) collects, uses, stores, discloses and protects your personal information, including the information we are now required to collect to verify your identity. We handle your personal information in line with the Privacy Act 1988 (Cth) and the Australian Privacy Principles. The latest version of this policy is always available on our website.
Last updated: 15 June 2026
From 1 July 2026, Australian real estate agencies are “reporting entities” under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), as expanded by the AML/CTF Amendment Act 2024 (the “Tranche 2” reforms). This means we are legally required to verify the identity of vendors who appoint us to sell their property, and of buyers who enter into a contract to purchase a property through us, at set points in the transaction (see section 4). Australia’s AML/CTF regulator, AUSTRAC, explains these obligations for our industry on its Real estate services (Reform) page. These checks are not optional for us, and your cooperation helps us meet our obligations and keep the process quick and secure.
To be clear: these identity checks only apply when you enter into a property transaction. Browsing our website, receiving property alerts, or signing up as a ToopVAULT member does not trigger an identity check.
Our Group collects personal information from clients and customers in order to provide real estate services, to deliver effective customer service, and to meet our legal and regulatory obligations. Those purposes now include verifying your identity and meeting our anti-money laundering and counter-terrorism financing (AML/CTF) obligations. We only collect personal information that is reasonably necessary for these purposes.
Depending on how you deal with us, the personal information we collect may include:
The most common collection of information is at property inspections and at auctions. It is understood by people looking at a property that they will be asked to provide their name and mobile number, and we may also request your email or home address. It is a requirement at law that we record proof of identity, such as a driver’s licence, when you register to bid at auction, and it is often a requirement of our Vendor that any person entering their property be identified and recorded.
Your information is also collected when (as a vendor) we appraise, value or list your property for sale, or register you for ToopVAULT, our off-market property matching membership; when (as a buyer) you use our website, register for ToopVAULT, give your details to one of our Sales / Leasing Partners or Finance team, or make enquiries about a property; when (as a landlord) you register your property with our Property Investment team; and (as a tenant) when you complete a tenancy application and during the course of a tenancy (for example, a periodic inspection). Information may also be collected during telephone or email contact with Our Group.
In addition, when you appoint us to sell your property, or when you enter into a contract to buy a property through us, we are required to verify your identity under the AML/CTF laws (see section 4). Registering for ToopVAULT or receiving property alerts does not, by itself, require this verification.
To meet our obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), we are required to carry out “customer due diligence” — confirming who you are — at certain points in a property transaction. There are two situations in which we will arrange an identity check:
These are the only two situations in which we require an AML/CTF identity check. It does not apply to people who are simply browsing listings, making general enquiries, receiving property alerts, or registered as ToopVAULT members.
We use a specialist identity-verification provider, AMLHub, to carry out these checks securely. When a check is required, an AMLHub representative will contact the relevant vendor or buyer directly — including by phone — at the appropriate time to complete it. If you are ever unsure whether a request to verify your identity is genuine, you are welcome to confirm it with your TOOP+TOOP agent before providing any information.
As part of this process, we may use electronic identity verification, including the Australian Government’s Document Verification Service (DVS).
Where you have consented, your name, date of birth and identity document details are securely checked against the records of the Commonwealth or State authority that issued your document — for example, a driver’s licence authority, a passport office, the Department of Home Affairs, or Births, Deaths and Marriages. Those authorities check only whether the details you have provided match their records:
This verification may be carried out through accredited identity-verification providers and their authorised sub-providers. More information about the DVS is available at idmatch.gov.au.
As part of identity verification, we may collect biometric information, such as a facial image or a short video of you holding your identity document. Biometric information may be used to:
Biometric information is treated as sensitive information under the Privacy Act. We only use it for identity verification and related compliance purposes, and only with your consent.
By providing your personal information and completing the identity-verification process, you consent to:
Your consent is voluntary, and you can withdraw it at any time by contacting our Privacy Officer (see section 15). However, if you do not consent, or do not provide the information we need, we may not be able to verify your identity electronically. In that case we may need to verify your identity another way, or we may be unable to provide our services to you, because the law requires us to complete these checks.
Beyond the biometric and identity information described above, Our Group does not actively collect sensitive information about individuals. However, we may hold sensitive information about job applicants, and at times about prospective or current tenants, for use in considering a tenancy application or managing a tenancy, to the extent that it is lawful for us to do so. Sensitive information will not be disclosed without your consent unless the law requires or authorises us to. Our Group also collects personal information about individuals who apply to us for employment, or who supply (or are associated with the supply of) goods and services to Our Group. Sensitive hard-copy information is placed in confidential bins when our dealings with that individual have ceased (for example, an unsuccessful rental applicant).
Our Group may use or disclose your personal information for the primary purpose for which we collected it, for related and reasonably expected secondary purposes, where you have consented, or where we are required or authorised by law to do so. Uses and disclosures may include:
Our Group does not sell your personal information to any other party, nor do we purchase lists of information from any source.
We may also disclose your personal information to:
Our Group companies are based in South Australia. While most of your information is held in Australia, some of our technology and service providers — including providers that help us verify identity, deliver email, host data or operate our systems — may store or process personal information outside Australia. Where this happens, we take reasonable steps to ensure your personal information is handled in line with the Australian Privacy Principles, including through contractual protections with those providers.
To protect the security of personal information, almost all data is stored electronically in a security-protected database or in secure archiving and storage areas. Hard-copy storage is diminishing over time and is becoming rare. Our database is security-coded, and our electronic records are stored within Our Group’s secure, restricted-access computer systems, which are constantly upgraded to maintain security protection. We take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification or disclosure, including through secure systems, access controls, and encryption where appropriate. All paper-based documents and records are stored in secure archiving and storage areas.
We keep personal information only for as long as we need it for the purposes set out in this policy, or as required by law. Records collected to meet our AML/CTF obligations must be kept for seven (7) years, as required under the AML/CTF Act. When we no longer need your information, we securely delete or de-identify it.
When you use our website, we may collect technical information such as your device type, browser, IP address and how you interact with our pages. We use cookies and similar technologies, along with analytics and security services, to operate the site, keep it secure, understand how it is used, and improve your experience. You can manage or disable cookies through your browser settings, although some parts of the site may not work as intended if you do.
If a data breach occurs that is likely to result in serious harm to anyone whose personal information we hold, we will respond in line with the Notifiable Data Breaches scheme under the Privacy Act. This includes containing the breach, assessing it, and notifying affected individuals and the Office of the Australian Information Commissioner where required.
You have the right to ask for access to the personal information we hold about you, and to ask us to correct it if it is inaccurate, incomplete or out of date. If you believe we hold information about you that is inaccurate, or you wish to change, update or access any of the information you have provided, please contact us by emailing privacy@toop.com.au. We will respond within a reasonable time.
From time to time we may use your contact details to send you information about our services, or about real estate matters such as new property listings, that we think may be of interest to you. You can opt out at any time by using the unsubscribe link in our messages, by replying to tell us you no longer wish to receive this information, or by contacting us at privacy@toop.com.au.
Employees of Our Group are aware of their privacy obligations and must comply with clear privacy guidelines when dealing with your personal information. Any inappropriate dealing with your personal information is treated as a serious matter and dealt with accordingly, and we provide training to our staff as required.
Should you have a query, wish to provide feedback about privacy matters, or wish to make a privacy-related complaint, please contact our Privacy Officer first by emailing privacy@toop.com.au or calling (08) 8362 8888. We will acknowledge your complaint, investigate it, and respond within a reasonable time.
If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
Our Group will continue to review and update this policy to ensure we remain compliant with the Privacy Act 1988, our AML/CTF obligations, and current real estate practices and procedures. The latest version of this policy will always be available on our website, and where changes are significant we will let you know. You can also contact our Privacy Officer to obtain the latest version at any time.
The following are the laws and official sources behind the obligations described above.
| Legislation / source | Link |
|---|---|
| Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) — the primary Act we are now regulated under | legislation.gov.au/C2006A00169 |
| Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 (Cth) — the “Tranche 2” reforms that bring real estate into the regime (Home Affairs overview) | homeaffairs.gov.au |
| AUSTRAC — Real estate services (Reform): confirms obligations apply from 1 July 2026 | austrac.gov.au |
| AUSTRAC — About the AML/CTF Act | austrac.gov.au/legislation |
| Privacy Act 1988 (Cth) | legislation.gov.au/C2004A03712 |
| Office of the Australian Information Commissioner — Australian Privacy Principles | oaic.gov.au |
| Office of the Australian Information Commissioner — Notifiable Data Breaches scheme | oaic.gov.au/notifiable-data-breaches |
| Australian Government Document Verification Service (DVS) | idmatch.gov.au |
You must not rely on information on this website. Always seek independent advice.
Section 7 — Statements relating to encumbrances and other matters affecting properties may be inspected at our office three business days prior to auction, and at the place of auction 30 minutes before it commences.