Legal, Privacy & Compliance

This Privacy Policy explains how Gallantree Pty Ltd and its related bodies corporate (together, “Gallantree”, “we”, “us” or “our”) collect, use, store, disclose and protect personal information. It applies to this website, the Gallantree Compliance platform and any other interactions you have with us, and is consistent with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

The kinds of personal information we collect depend on how you interact with us, and may include:

• identification details such as your full name, date of birth, address, nationality and government-issued identification (for AML/CTF and KYC purposes);
• contact details such as email address, phone number and postal address;
• professional details such as your role, employer, AFSL number (if applicable) and wholesale-client evidence;
• financial information such as bank account details for settlements and information about your assets, liabilities, income and investment experience;
• usage data such as IP address, device identifiers, browser type, pages visited and actions taken within the Gallantree Compliance platform; and
• any other information you choose to provide to us through forms, emails or other communications.

We do not collect sensitive information (as defined in the Privacy Act) unless it is reasonably necessary for one of our functions or activities and you consent to the collection, or where the collection is required or authorised by law.

Wherever practicable, we collect personal information directly from you — for example, when you sign up to the Gallantree Compliance platform, complete an investor onboarding form, contact us, or use our services. We may also collect personal information from third parties such as your employer, your professional advisers, identity verification providers, credit reporting bodies, public registers, and from cookies and analytics tools when you use our website.

We use personal information to:

• provide and operate the Gallantree Compliance platform and our services;
• verify your identity and assess your eligibility (including for wholesale-client and AML/CTF purposes);
• administer accounts, process transactions and settle distributions;
• communicate with you about your account, products, or service updates;
• meet our regulatory, compliance, audit, tax and risk-management obligations (including obligations under the Corporations Act, the AML/CTF Act, the Taxation Administration Act, FATCA and CRS);
• improve our products, services and platform; and
• respond to enquiries, feedback or complaints.

We may disclose your personal information to:

• our related bodies corporate;
• service providers who help us operate our business and platform, including hosting and infrastructure providers, identity verification providers, payment processors, email providers, analytics providers, custodians, trustees, fund administrators, auditors and professional advisers;
• regulators and government agencies (including ASIC, AUSTRAC, the ATO, DFAT and law enforcement) where required or authorised by law;
• your authorised representatives, advisers or agents; and
• any other person to whom disclosure is required or permitted by law.

We require our service providers to handle personal information in accordance with the Privacy Act and our contractual security and confidentiality requirements.

Some of our service providers (for example, cloud hosting, email delivery, identity verification and analytics providers) may be located outside Australia, including in the United States and the European Economic Area. Where personal information is disclosed overseas, we take reasonable steps to ensure that the overseas recipient handles the information consistently with the Australian Privacy Principles.

We take reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. These steps include encrypted transport (TLS) for data in transit, encryption at rest for sensitive data, access controls, logging and monitoring, multi-factor authentication for staff, vendor due diligence and incident response procedures. No transmission over the internet or method of electronic storage is completely secure; however, we work to maintain industry-standard controls.

We retain personal information only for as long as is reasonably necessary to fulfil the purposes for which it was collected, to comply with our legal, regulatory, tax and audit obligations (including the seven-year record-keeping obligations under the Corporations Act and the AML/CTF Act), and to resolve disputes. When personal information is no longer required, we take reasonable steps to destroy or de-identify it.

You have a right to request access to the personal information we hold about you and to request correction of information that is inaccurate, out of date, incomplete, irrelevant or misleading. Requests should be sent to privacy@gallantree.com.au. We will respond within a reasonable period (generally within 30 days) and may need to verify your identity before acting on a request. In limited circumstances we may decline a request, in which case we will explain the reason in writing.

Our website and platform use cookies and similar technologies to remember your preferences, keep you signed in, measure performance and improve the user experience. You can configure your browser to refuse cookies, although doing so may limit the functionality of the site. We may use analytics providers to understand aggregate usage; where these providers process personal information on our behalf, they do so under contractual privacy obligations.

If you believe we have breached the Australian Privacy Principles or your privacy rights, please contact us at privacy@gallantree.com.au. We will acknowledge your complaint within one business day and aim to resolve it within 30 calendar days. If you are not satisfied with our response, you may refer the complaint to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

We may update this Privacy Policy from time to time. The current version, with its “Last updated” date, will always be available on this page. Material changes will be brought to your attention through the platform or other appropriate channels.

Contact our Privacy Officer at privacy@gallantree.com.au.