# Privacy Policy

**Vision Asset Group — Vision Property Portal**

**Effective date:** 22 April 2026
**Last updated:** 22 April 2026

---

## 1. About this Policy

This Privacy Policy explains how **Vision Asset Group** ("we", "us", "our") collects, uses, stores, discloses, and protects personal information that you ("you", the "User") provide when you access or use the Vision Asset Group sales portal operated at https://vision.sydneyportal.app (the "Portal").

We are committed to complying with the *Privacy Act 1988* (Cth), the Australian Privacy Principles ("APPs"), the *Property and Stock Agents Act 2002* (NSW), the *Property and Stock Agents Regulation 2022* (NSW), and all other applicable New South Wales real-estate and privacy regulations.

## 2. Who We Are

- **Entity name:** Vision Asset Group
- **ABN:** 50 638 846 661
- **Registered office:** Suite 213, 4 Columbia Court, Norwest NSW 2153, Australia
- **Privacy contact:** inquiries@visionasset.com.au

Vision Asset Group operates as a licensed real estate corporation in New South Wales under the *Property and Stock Agents Act 2002* (NSW). Detailed corporation and Licensee-in-Charge particulars are available to authenticated Portal users. You may also verify our licence status directly through Service NSW at https://www.service.nsw.gov.au/transaction/verify-property-agent-licence.

## 3. Anonymity and Pseudonymity (APP 2)

Because the Portal is a closed business-to-business platform restricted to licensed real-estate professionals, anonymous or pseudonymous access is not practicable. Verification of your identity and your real-estate licensing credentials is a legal prerequisite for access under the *Property and Stock Agents Act 2002* (NSW).

## 4. Information We Collect (APP 3 & APP 5)

We collect only personal information that is reasonably necessary to operate the Portal and to perform our role as a Master Channel Agent.

### 4.1 Account and identity information

- Full name and agency affiliation
- Business email address
- Mobile or business phone number
- Real-estate licence or registration identifiers, where required by law
- Role within the Portal (Master, Sub-agent)

### 4.2 Authentication and security information

- Hashed passwords (passwords are never stored in plain text; they are one-way hashed by our authentication provider)
- Password reset tokens and session identifiers
- IP address, device type, and browser metadata for each sign-in event
- Date and time of sign-in events

### 4.3 Activity information

- Projects, buildings, and units you view
- Filters and searches you apply
- Downloads you initiate (e.g. floor plans, brochures), and the expiry of signed download URLs

### 4.4 Information we do NOT collect

- We do not collect sensitive information as defined in section 6 of the *Privacy Act 1988* (Cth), including health, racial, political, religious, or sexual orientation data.
- Consistent with the *Anti-Discrimination Act 1977* (NSW), we do not collect information that could enable unlawful discrimination in the allocation of property opportunities.
- We do not collect personal information from members of the public — the Portal is restricted to invited sub-agencies and our internal staff.

## 5. Government-Related Identifiers (APP 9)

We do not adopt, use, or disclose government-related identifiers (such as Tax File Numbers, Medicare numbers, or Driver Licence numbers) as an identifier of your Portal account. Where we are required by law to collect your NSW real-estate licence number, that number is used solely for verifying your professional credentials and for our record-keeping obligations under the *Property and Stock Agents Act 2002* (NSW).

## 6. How We Use Your Information (APP 6)

We use your personal information only for the following purposes:

- To authenticate you and secure your account
- To provide the Portal's functionality, including project inventory, allocations, and signed document downloads
- To administer the commercial relationship between Vision Asset Group and your sub-agency
- To send transactional emails (password reset, account changes, new project allocations, and system notices) in accordance with the *Spam Act 2003* (Cth)
- To maintain audit logs and comply with our regulatory record-keeping obligations under the *Property and Stock Agents Act 2002* (NSW)
- To investigate, prevent, and respond to suspected fraud, breach of terms, or security incidents

As the Portal is a closed B2B system with no marketing communications, unsubscribe links are not provided on transactional messages where their removal would prevent you from receiving security-critical notices. We do **not** use your personal information for direct marketing (APP 7), and we do not sell your personal information to any third party.

## 7. Disclosure to Third Parties (APP 6 & APP 8)

We disclose your personal information only in the limited circumstances described below:

- **Service providers** — including our authentication and database provider (Supabase, with primary storage hosted on AWS infrastructure in the Sydney, ap-southeast-2 region), our application hosting provider (Vercel, which processes technical metadata on infrastructure in the United States and other jurisdictions), and any transactional email service. All such providers process personal information strictly on our documented instructions and under written data-protection obligations.
- **Developer partners** — where a project has been allocated to your sub-agency, we may disclose that your agency has been granted access to that project's inventory. We do not disclose individual sub-agent names or contact details without a separate, lawful basis.
- **Regulators and courts** — where disclosure is required by law, subpoena, warrant, or other legal process, including lawful requests from NSW Fair Trading, the Office of the Australian Information Commissioner ("OAIC"), or the Australian Taxation Office.
- **Business transfers** — in the event Vision Asset Group is involved in a merger, acquisition, or sale of assets, we will ensure any recipient is bound by equivalent privacy obligations.

## 8. Overseas Data Transfers (APP 8)

The substantive content of the Portal — your account records, project allocations, and transaction data — is stored in **Australia** on AWS infrastructure located in the Sydney (ap-southeast-2) region. This preserves Australian data sovereignty over the substantive content of the Portal.

Certain technical metadata (for example, content-delivery-network logs and error-reporting data) may be processed overseas by our service providers, including in the United States and the European Union. Before any such disclosure, we take reasonable steps as required by APP 8.1 to ensure that the overseas recipient is bound by obligations substantially similar to the Australian Privacy Principles.

## 9. Data Storage and Security (APP 11)

We apply technical and organisational measures designed to protect your personal information, including:

- Encrypted connections (HTTPS / TLS) for all Portal traffic
- Encryption at rest for stored data
- Row-level security policies restricting each sub-agent's access to only the projects allocated to their agency
- Signed, time-limited URLs for file downloads
- Mandatory authentication for administrative accounts
- Regular automated backups of Portal data

Despite these measures, no online system is completely secure. You are responsible for keeping your login credentials confidential and for reporting any suspected unauthorised access to us immediately at inquiries@visionasset.com.au.

## 10. Notifiable Data Breaches

If we become aware of an "eligible data breach" that is likely to result in serious harm to any affected individual, we will comply with our obligations under Part IIIC of the *Privacy Act 1988* (Cth) and the Notifiable Data Breaches scheme. In particular, we will:

- notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable;
- notify affected individuals as soon as practicable, by email or another reasonable means; and
- where the breach involves records required to be maintained under the *Property and Stock Agents Act 2002* (NSW), notify NSW Fair Trading to the extent required by law.

## 11. Cookies and Similar Technologies

We use only cookies that are strictly necessary to operate the Portal — principally authentication session cookies. We do not deploy advertising, analytics, or third-party tracking cookies. Because no non-essential cookies are used, no cookie consent banner is displayed; this approach is consistent with Australian privacy law, which does not impose EU-GDPR-style consent requirements for strictly necessary cookies. Disabling essential cookies will prevent the Portal from functioning.

## 12. Access and Correction (APP 12 & APP 13)

Under the Australian Privacy Principles, you have the right to:

- request access to the personal information we hold about you (APP 12);
- request correction of inaccurate, out-of-date, incomplete, irrelevant, or misleading information (APP 13); and
- request that we destroy or de-identify your personal information where it is no longer needed for the purposes set out in this Policy, subject to the record-keeping obligations set out in section 13 below.

To exercise these rights, contact us at inquiries@visionasset.com.au. We will acknowledge your request within a reasonable period and respond within 30 days where practicable.

## 13. Data Retention (APP 11.2)

We retain personal information only for as long as is necessary to fulfil the purposes described in this Policy, or for as long as we are required to retain it under applicable law, including:

- **Property transaction records** — a minimum of 3 years under the *Property and Stock Agents Regulation 2022* (NSW);
- **Trust account records** — a minimum of 5 years under section 110 of the *Property and Stock Agents Act 2002* (NSW);
- **Taxation records** — a minimum of 5 years under the *Income Tax Assessment Act 1997* (Cth) and Australian Taxation Office requirements; and
- **AML/CTF records** — where applicable, a minimum of 7 years under the *Anti-Money Laundering and Counter-Terrorism Financing Act 2006* (Cth).

When personal information is no longer required and no legal retention obligation applies, we take reasonable steps to destroy or permanently de-identify it in accordance with APP 11.2.

## 14. Children

The Portal is a business-to-business platform restricted to licensed real-estate professionals. It is not directed at, and we do not knowingly collect personal information from, anyone under 18 years of age.

## 15. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Effective date" shown at the top of this page and, where the change is material, notify Portal users by email or by a prominent notice within the Portal.

## 16. Complaints and Contact

If you believe we have breached the Australian Privacy Principles or mishandled your personal information, please contact us first at **inquiries@visionasset.com.au**. We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days.

If you are not satisfied with our response, you may escalate your complaint through the following pathways:

- **Privacy-related complaints** — Office of the Australian Information Commissioner (OAIC), https://www.oaic.gov.au or 1300 363 992
- **Real-estate conduct complaints** — NSW Fair Trading, https://www.fairtrading.nsw.gov.au or 13 32 20
- **Formal dispute resolution** — NSW Civil and Administrative Tribunal (NCAT), https://www.ncat.nsw.gov.au

---

*End of Privacy Policy*