This Privacy Policy explains how Sydney Forex Pty Ltd ("SFPL," "we," "our," or "us") collects, uses, protects, and discloses your personal information.

This policy applies to all of our services, which are currently limited to money transfer and remittance services from Australia to Pakistan.

SFPL is committed to handling your personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the Anti-Money Laundering and CounterTerrorism Financing Act 2006 (AML/CTF Act), and other applicable laws and regulations.

Our goal is to ensure that your personal information is handled with confidentiality, integrity, and transparency.

• Personal Information: Information or an opinion that identifies, or could reasonably identify, an individual. This may also include information about an organization, business, or sole trader where such information is linked to, or could reasonably identify, an individual associated with that entity (e.g., a director, partner, or authorized representative).
• Sensitive Information: Includes government-issued identifiers, financial information, and biometric data.
• AML/CTF-Related Personal Information: Personal information collected or generated under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act), including identity verification records, transaction details, and reports made to AUSTRAC. Such information may be retained or disclosed as required by law, even if other deletion requests are made.
• Third Parties: Banks, payment providers, regulators, service providers, or overseas institutions with whom we may share information.
• AUSTRAC: The Australian Transaction Reports and Analysis Centre, our regulator under the AML/CTF Act.

We collect your personal information to:

• Comply with Australian laws, including the Privacy Act 1988, the AML/CTF Act 2006, and AUSTRAC regulations.
• Meet mandatory reporting obligations under the AML/CTF Act, including the submission of Suspicious Matter Reports (SMRs), International Funds Transfer Instructions (IFTIs), and Threshold Transaction Reports (TTRs) to AUSTRAC.
• Verify your identity (Know Your Customer – KYC).
• Process and complete money transfers securely.
• Detect, investigate, and prevent fraud, financial crime, and other unlawful activity.
• Provide customer support and resolve complaints.
• Improve our services and enhance your customer experience.
• Send you updates, promotions, or offers.

We may collect the following categories of information:

• Identification details: Full name, date of birth, address, phone number, email.
• Official documents: Passport, driver’s license, Medicare card, proof of age card, citizenship certificate, bank confirmation letter, or utility bill.
• Photographs or biometric data: For identity verification.
• Financial details: Bank account details, transaction history, proof of funds, and source of wealth.
• Beneficiary details: Name, date of birth, address, phone number, National ID, account details, and contact information of the person receiving funds.
• Communication records: Emails, calls, or messages exchanged with us.
• Technical and online data: Device/browser information, IP address, cookies, and analytics data.
• Publicly available information: From government records, directories, or social media (for verification purposes).

We may collect your information from:

• Directly from you when you create a profile, register, use our services, or contact us.
• Documents you provide for identity verification.
• Government databases, credit reporting bodies, and fraud prevention services.
• Public sources such as directories, news articles, or official websites.
• Social media platforms when you interact with us.

We use your personal information for the following purposes:

• Identity verification (KYC/AML): To meet legal obligations.
• Transaction processing: To securely complete your remittance.
• Fraud and crime prevention: To detect and prevent money laundering, terrorism financing, and unlawful activity.
• Regulatory compliance: To comply with tax reporting, recordkeeping, and other regulatory requirements.
• Service improvement: To monitor, analyses, and enhance service quality.
• Customer support: To assist with enquiries, disputes, or complaints.
• Communications: To send service updates and, marketing and/or promotional messages.
• Monitoring and analytics: To ensure the security, integrity, and proper functioning of our systems through monitoring tools, audits, and analytics.

We will not use or disclose your personal information for unrelated purposes unless required or permitted by law, or with your explicit consent.

SFPL does not engage in automated decision-making or profiling that could affect your rights. All significant compliance or transaction decisions are reviewed by authorized staff.

We may disclose your personal information where necessary and lawful:

• To banks, financial institutions, and payment partners to complete transfers.
• To government authorities, regulators, or law enforcement agencies in Australia or abroad.
• To trusted third-party service providers assisting with IT, compliance, audit, or security services.
• To financial institutions overseas, including in Pakistan, for remittance delivery.

We require all third parties to implement confidentiality, data protection, and security measures consistent with Australian law.

SFPL does not sell, rent, or trade customer information to any external party for marketing or unrelated commercial purposes.

As part of our remittance services, your personal information may be transferred to overseas correspondent financial institutions, including but not limited to those located in Pakistan and other countries where funds are being sent or processed.

We take all reasonable steps to ensure that any overseas recipients handle your information in accordance with strict confidentiality and security obligations and, where possible, apply safeguards equivalent to those required under Australian privacy law.

We implement security measures including:

• Encryption of data in transit and at rest.
• Secure servers, firewalls, and password-protected systems.
• Restricted access to authorized and trained staff only.
• Regular system audits and monitoring for suspicious activity.

• Retention Periods: We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including to provide you with services, to comply with our legal obligations, resolve disputes, and enforce our agreements.
  
  The specific retention period for different types of personal data is determined by considering the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process it, and whether we can achieve those purposes through other means.
• Legal and Regulatory Obligations: We retain your personal information for as long as you remain our customer and the relationship are active. Once you formally terminate or end your relationship with us, we are legally required under the AML/CTF Act 2006 and other applicable laws to retain certain records for a minimum of seven (7) years from the date of the last transaction or the end of the customer relationship.

After the required retention period has passed, your personal information will be securely deleted, destroyed, or permanently anonymized in accordance with applicable legal and regulatory requirements.

Certain AUSTRAC-related records or encrypted backups may be securely stored on servers located in Australia or in approved jurisdictions with equivalent data-protection standards. These systems are compliant with APP 11 (Security of Personal Information).

You have the right to:

• Access the personal information we hold about you.
• Request correction of inaccurate or incomplete information.
• Request deletion of your data (subject to legal requirements).
• Please note that under the AML/CTF Act 2006, SFPL may be legally required to retain specific customer and transaction records for a minimum of seven (7) years, even if you request deletion.
• Withdraw consent for marketing communications.
• Request a copy of your information in a readable format.
• Object to automated decision-making (if applicable).

You can opt out of receiving marketing messages by:

• Clicking “unsubscribe” in emails.
• Replying “STOP” to SMS.
• Contacting us directly to update preferences.

You may still receive essential service communications (e.g., transaction confirmations).

Our website may use cookies and analytics tools to:

• Improve performance and customer experience.
• Enhance security.
• Understand how users interact with our services.

You can manage or disable cookies via your browser settings.

Our website may contain links to external websites.

• We are not responsible for the privacy practices of those websites.
• We encourage you to read their privacy policies before providing personal information.

If you believe your privacy has been compromised, you may contact us. We will:

• Acknowledge your complaint within 3 working days.
• Aim to resolve it within 10 working days.

If unresolved, you may escalate your complaint to:

• The Office of the Australian Information Commissioner (OAIC); or
• Or an external dispute resolution body.

This Privacy Policy is not a static document and may be updated from time to time. Where material changes occur, we will notify customers via our website.

• We encourage you to review this policy regularly.

For questions, concerns, or requests regarding this Privacy Policy, please contact our Privacy Officer:

• 📧 Email: compliance@sydneyforex.com.au
• 📮 Postal: PO Box 99, Lakemba NSW 2195
• 🏢 Office: Suite 13-14/168-172 Haldon Street, Lakemba NSW 2195