Privacy Policy

This policy explains how we collect, hold, use and disclose your Personal Information, including when we provide Designated Services under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006. Please contact us if you have any questions: (07) 3063 3373.

Brisbane City skyline reflected in water at sunset. Privacy Policy
2,000+ Businesses Construction Businesses
Supported
50+ Years Combined Construction
Industry Experience
Tiers 1, 2 & 3 Construction Experience
Across All Tiers
Table of Contents

Privacy Policy for AML/CTF Obligations

Blaze Business & Legal Pty Ltd ABN 45 652 018 383

Privacy Officer: Rachelle Hare
AML/CTF Compliance Officer: Rachelle Hare

Email: enquiry@blazebusinessandlegal.com.au

Phone: (07) 3063 3373

Address: Suite 8, Level 7, 154 Melbourne Street, South Brisbane QLD 4101

Date reviewed: June 2026

Our Commitment

We are committed to protecting your privacy. We collect, use, share and manage Personal Information only as reasonably necessary to carry out our functions and activities, including where we provide you with Designated Services under the AML/CTF Framework.

If we provide, prepare to provide, or reasonably anticipate that we may provide Designated Services to you, we will handle your Personal Information openly and transparently, subject to our legal obligations, in accordance with this policy.

What This Policy Covers

This policy applies only to Personal Information handled in connection with our AML/CTF obligations under the AML/CTF Framework. All other services we provide, including our legal services and business advisory services, are handled under our general confidentiality obligations, and the Privacy Act does not apply to Personal Information we collect for those services.

Meaning of Terms Used in This Policy

In this policy, the terms listed below have the following meanings.

AML/CTF Act

Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth).

AML/CTF Framework

The AML/CTF Act, AML/CTF Rules and AUSTRAC-issued guidance.

AML/CTF Rules

Anti-Money Laundering and Terrorism Financing Rules 2025 (Cth) made under the AML/CTF Act.

APLYiD

APLYiD Pty Ltd, ABN 36 632 866 794, an accredited identity verification provider and its authorised sub-providers.

APPs

The Australian Privacy Principles in Schedule 1 of the Privacy Act.

AUSTRAC

Australian Transaction Reports and Analysis Centre.

Designated Services

The services described in Table 6 of section 6 of the AML/CTF Act that we provide or anticipate providing, including:

  • assisting a client to plan, execute, or act on their behalf in buying, selling, or transferring a body corporate or legal arrangement (including a company, trust, or business);
  • assisting a client to plan, organise, execute, or act on their behalf in a transaction for equity or debt financing related to a body corporate or legal arrangement;
  • assisting a client to plan, execute, or act on their behalf in the creation or restructuring of a body corporate or legal arrangement;
  • where we assist a client, acting as, or arranging for another person to act as, a company director or secretary, a power of attorney, a partner, a trustee, or an equivalent position on behalf of a nominator; and
  • where we assist a client, acting as, or arranging for another person to act as, a nominee shareholder for a body corporate or legal arrangement on behalf of a nominator.

DVS

The Australian Government’s Document Verification Service, a national online system that allows authorised organisations to verify identity documents against records held by the issuing Commonwealth or State authority.

KYC Information

Information sufficient to establish initial customer due diligence on reasonable grounds, or to fulfil our ongoing customer due diligence obligations, under the AML/CTF Act, including:

  • the identity of our client;
  • the identity of any person on whose behalf our client is receiving the service;
  • the identity of any person acting on behalf of the client, including their authority to act;
  • where the client is not an individual, the identity of any beneficial owners;
  • whether the client, any beneficial owner, or any person acting on their behalf is a politically exposed person or a person designated for targeted financial sanctions;
  • information regarding source of wealth and source of funds;
  • the nature and purpose of the business relationship or transaction; and
  • any other matter specified in the AML/CTF Rules.

OAIC

Office of the Australian Information Commissioner.

Personal Information

Information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not and whether recorded in a material form or not, provided to us for the purposes of, or in connection with, our AML/CTF obligations.

Privacy Act

Privacy Act 1988 (Cth).

Sensitive Information

A subset of Personal Information that includes information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, or criminal record; health information; genetic information that is not otherwise health information; biometric information used for automated biometric verification or identification; and biometric templates.

We, us, our

Blaze Business & Legal Pty Ltd  ABN 45 652 018 383, practising as Blaze Business & Legal.

What Privacy Law Applies

We are a small business operator under section 6D of the Privacy Act. We become subject to the Privacy Act, in relation to AML/CTF-related activities, by operation of section 6E(1A) of that Act.

The Privacy Act, including the APPs, applies only to our collection, use, sharing and management of Personal Information required to comply with our obligations under the AML/CTF Framework. Our other client information-handling activities, including information handled for our legal services and business advisory services, are governed by our confidentiality obligations under the Legal Profession Act 2007 (Qld), the Australian Solicitors’ Conduct Rules, and our general contractual obligations.

Under APP 2, you may interact with us anonymously or using a pseudonym where this is lawful and practicable. Where we ask you to provide Personal Information, we do so because we are required to identify and verify you under the AML/CTF Framework, and anonymous interaction is not possible in those circumstances.

We conduct ongoing monitoring of transactions and client information to comply with our AML/CTF obligations.

How We Collect Personal Information

We collect Personal Information only by lawful and fair means.

We collect Personal Information directly from the individual who is its subject unless the individual has consented to collection from a third party, direct collection is unreasonable or impracticable, or we are required or authorised by law to collect information from a third party.

We may collect Personal Information when you, your organisation, or those acting on your behalf:

  • meet with us in person or by telephone, video conference, email, or other correspondence;
  • engage us to provide services, including when you supply KYC Information in response to a direct request from us; or
  • register to attend or participate in a meeting, conference, or event hosted or presented by us.

We will provide you with a collection notice at or before the time we collect your Personal Information.

Personal Information We Collect

We are required by law under the AML/CTF Act to collect and verify certain Personal Information and may be unable to provide Designated Services if we cannot do so.

We collect KYC Information as required by the AML/CTF Act, which may include names, addresses, contact details, date of birth, document types and numbers, source of wealth and funds, and information about ownership and control structures. We may also collect Sensitive Information where required for compliance with the AML/CTF Framework or where otherwise permitted by law.

Identity Verification and the Document Verification Service

To verify your identity, we may use electronic identity verification services, including the Australian Government’s Document Verification Service (DVS).

Where you have consented, your name, date of birth and identity document details will be securely sent to the relevant Commonwealth or State authority that issued your document. This may include passport offices, driver licence authorities, the Department of Home Affairs, Births Deaths and Marriages, or other authorised record holders. Those authorities check whether the details you have provided match the records they hold.

We do not receive a copy of your government records. The authority returns a match result only, confirming whether your details match (yes or no).

This process may be carried out through accredited identity verification providers, including APLYiD and its sub-providers. More information about the DVS is available at idmatch.gov.au.

We may also use a credit reporting body for electronic identity verification. Where we do so, we will seek your express consent before proceeding and will offer you an alternative means of verification (such as production of identity documents), as required by law.

Biometric Information

As part of identity verification, we may collect biometric information, such as a facial image or a short video of you holding your identity document.

Biometric information may be used to:

  • confirm that you are a real person and physically present;
  • match your image to the photograph on your identification document; and
  • reduce the risk of fraud and identity theft.

Biometric information is Sensitive Information under the Privacy Act. We only collect and use biometric information for identity verification and related compliance purposes, and only with your consent.

Consent to Collection and Identity Verification

By providing your Personal Information and completing the identity verification process, you consent to:

  • the collection, use and disclosure of your Personal Information for identity verification, AML/CTF and related compliance purposes;
  • the collection and use of biometric information, such as a facial image or video, for identity verification;
  • your information being checked against records held by Commonwealth and State authorities through the DVS; and
  • your information being shared with our authorised identity verification providers, including APLYiD.

Your consent is voluntary. You can withdraw your consent at any time by contacting our Privacy Officer using the details at the end of this policy.

If you do not consent, or do not provide the information we need, we may not be able to verify your identity electronically. In that case, we may need to verify your identity in another way, or we may not be able to provide our services to you.

What Happens If You Do Not Provide Requested Personal Information

If you do not provide requested Personal Information, we may be unable to provide Designated Services or comply with our legal obligations under the AML/CTF Framework. We may therefore be required to decline to act for you or provide you with services, and should this occur during the course of an ongoing engagement, we may need to terminate our services effective immediately.

Why We Collect Personal Information

We collect and use Personal Information to carry out our functions and activities, including providing you with Designated Services and complying with our regulatory obligations in relation to those services under the AML/CTF Framework and other applicable legislation.

Unless you consent otherwise, we will only use your Personal Information for the primary purpose for which it was collected, or for a secondary purpose you would reasonably expect that is related to the primary purpose. For Sensitive Information, any secondary purpose will be one you would reasonably expect and that is directly related to the primary purpose.

Disclosure of Personal Information

Third parties

Subject to legal requirements, we do not share your Personal Information with third parties except with your express permission, or to contracted service providers engaged to facilitate the administration, management, or delivery of our services, including service providers that support our due diligence processes, such as APLYiD. We use reasonable endeavours to ensure that those service providers commit to protecting your Personal Information and agree not to use or disclose it for any other purpose, except as required by law.

Legal requirements

We may use or disclose your Personal Information where required or authorised by law, including:

  • where we reasonably believe disclosure is necessary to prevent a serious threat to life, health, or safety;
  • where we have reason to suspect unlawful activity or serious misconduct relating to our functions and believe disclosure is necessary to take appropriate action; or
  • where we are compelled by law, including by warrant or subpoena, by order of a government agency, court or tribunal, or to AUSTRAC and other government agencies without your knowledge or consent, including where we form a suspicion under the AML/CTF Framework.

Nothing in this policy limits our confidentiality obligations or client legal privilege. There are circumstances, however, where we are compelled to disclose confidential information to AUSTRAC under the AML/CTF Framework. We are prohibited from notifying you of such disclosures and may be prohibited from notifying you of disclosures to other government agencies or authorities.

Business transactions

If we are involved in a merger, acquisition, or asset sale, your Personal Information may be disclosed in confidence as part of a due diligence process and may be transferred to the new owner. We will notify you before your Personal Information is transferred and becomes subject to a different privacy policy.

How We Protect Your Information

We may hold Personal Information in electronic and hard-copy formats. We take reasonable steps to protect that information from misuse, interference, loss, and unauthorised access, modification, or disclosure, including through:

  • staff training on privacy obligations when handling Personal Information;
  • administrative and technical controls to restrict access to authorised personnel only; and
  • technological security measures, including firewalls, encryption, and anti-virus software.

Where a data breach is likely to result in serious harm, we will comply with the Notifiable Data Breaches scheme under the Privacy Act, including notifying the OAIC and affected individuals as required.

When we consider Personal Information is no longer needed for any purpose for which we may use or disclose it under this policy, and we are not required by law or court order to retain it, we will take reasonable steps to destroy or de-identify that information. Our record retention obligations are set out in the section below.

Retention and Destruction of Personal Information

From 1 July 2026, the AML/CTF Act does not require us to keep scanned or photocopied identity documents for record-keeping purposes. We retain only the specific Personal Information from identity documents that is necessary to demonstrate compliance with our customer due diligence obligations, for example, name, date of birth, residential address, document type, document number, date of expiry, the outcome of our verification, and our assessment of money-laundering and terrorism-financing risk.

KYC Information and transaction records are retained for seven years after the end of the business relationship or after the date of the last occasional transaction, as required by the AML/CTF Framework. Once those retention periods have expired and no other permitted purpose exists for holding the information, we will take reasonable steps to destroy or de-identify that information.

Can Your Personal Information Be Accessed Offshore

We use reasonable endeavours to maintain your Personal Information physically and electronically within Australia, unless we have agreed with you to share your Personal Information with third parties offshore (such as legal experts in another jurisdiction).

Some of our service providers, including APLYiD, may store or process Personal Information outside Australia. Where this occurs, we use reasonable endeavours to ensure that your Personal Information is handled in a manner consistent with the Australian Privacy Principles, including through contractual protections with those providers.

Accessing and Correcting Your Personal Information

We will respond to inquiries from you regarding whether we hold Personal Information about you, and will allow you to access and correct that information, subject to our contractual arrangements where information is held by a third party and the conditions and limitations in the Privacy Act, including where:

  • giving access would pose a serious threat to life, health, or safety;
  • access would have an unreasonable impact on the privacy of other individuals;
  • the request is frivolous or vexatious;
  • giving access would be unlawful (including, for example, where it would constitute tipping off under section 123 of the AML/CTF Act, in which case our written notice refusing access will not explain why);
  • denying access is required or authorised by Australian law or a court or tribunal order;
  • giving access would reveal the intentions of our practice in relation to negotiations with you in a way that would prejudice those negotiations; or
  • giving access would be likely to prejudice one or more enforcement-related activities conducted by or on behalf of an enforcement body.

To request access to or correction of your Personal Information, please contact our Privacy Officer. We may ask you to verify your identity before providing access or making corrections. We may charge a reasonable fee for providing access but will not charge for making a correction.

We will take reasonable steps to respond to access requests and to correct Personal Information within 30 days of receiving your request.

Complaints About Our Information Handling

All privacy-related inquiries and complaints are handled by our Privacy Officer. If you have concerns about how we manage your Personal Information, or believe we have breached the APPs, please contact our Privacy Officer in writing with the details of your complaint.

When you lodge a complaint, we will:

  1. acknowledge receipt within a reasonable time, usually within seven days;
  2. conduct an internal investigation, which may involve reviewing the circumstances of the collection, use, or disclosure of your information and assessing our compliance with the Privacy Act, and we may contact you to request further information; and
  3. endeavour to provide you with a written response within 30 days of receiving your complaint, setting out the outcome of our review and any corrective action we propose to take.

If you are not satisfied with our response, or if we do not resolve your complaint within 30 days, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au/privacy/privacy-complaints.

Privacy Officer: Rachelle Hare

Email: enquiry@blazebusinessandlegal.com.au

Phone: (07) 3063 3373

Address: Suite 8, Level 7, 154 Melbourne Street, South Brisbane QLD 4101

If you require a copy of this policy in a different format, please contact our Privacy Officer.

Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or in the law. The current version of this policy is always available at blazebusinessandlegal.com.au/privacy-policy/.

We will notify you of significant changes where we reasonably can, but we do not guarantee that you will receive notification of every update. We encourage you to check this policy periodically on our website to ensure you are aware of any changes. Your continued engagement with us following a change to this policy constitutes your acceptance of the updated policy.

Rachelle Hare and Shannon Drew - Business Management Consultant - Blaze Business & Legal in Brisbane

Don’t know where to start? Can’t work out why your business is struggling? We don’t judge. We own bricks & mortar businesses ourselves, and we’re experts at diagnosing business problems and their causes. We may even be able to give you a starting point in our initial free phone call. Worth 15 mins of your time?

Share With Your Network

Blaze Business & Legal Logo - Structuring your construction business
Rachelle Hare, Construction Lawyer, Business Adviser and Commercial Manager, Blaze Business and Legal
About the Author

Rachelle Hare

Construction Lawyer, Business Adviser and Commercial Manager|Blaze Business & Legal

Rachelle has more than 25 years of experience in construction law, business advisory, commercial management, contract administration and construction business structuring. Her career includes senior in-house legal roles at Tier 1 and Tier 2 construction companies including Thiess, Laing O’Rourke and Acciona, and private practice experience at top-tier law firms Corrs Chambers Westgarth and McCullough Robertson. She also spent over six years as a senior commercial manager on Defence and Tier 2 Construction and Technology Projects, including 8 months as Deputy Program Manager on a construction and technology program of National significance. At Blaze Business & Legal, Rachelle works alongside Shannon Drew to provide integrated construction law, financial management, commercial and business advisory services to construction businesses across Australia.

Reviewed byShannon Drew, Management Accountant, Costs Accountant, Fractional CFO and Business Adviser, with 25+ years of construction industry experience.

Structure. Strategy. Systems. Success.

Let’s Chat About How We Can Help You

  • Contact us to discuss how we can help you and your construction business
  • No-obligation quote
  • We work to your budget and timeframes

Call Us

Email Us

Send Us a Message