Privacy Policy

1. Introduction

Navigator Broking Pty Ltd (ABN: 87 658 763 976), Credit Representative No. 473888 under Australian Credit Licence 389328, is committed to protecting your privacy and handling your personal information in accordance with the Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs 1–13) and Part IIIA (credit reporting).

This Privacy Policy explains how we collect, hold, use, disclose, and safeguard personal information when you visit our website, submit enquiry forms, or use our mortgage broking services. By using our website or providing information to us, you acknowledge that you have read and understood this policy.

2. Information We Collect

We may collect the following types of personal information:

• Contact Details: Full name, email address, phone number, residential address
• Financial Goals: Property purchase intentions, refinancing goals, loan amounts sought, investment objectives, timeframes
• Profession and Employment: Occupation, employer, employment status (including self-employed and medical professional details)
• Financial Information: Income details, employment history, bank statements, financial statements, tax returns, existing debts and liabilities, monthly expenses
• Credit Information: Credit reports, credit scores, repayment history, credit applications
• Identification Documents: Driver’s licence, passport, Medicare card, or other government-issued identification
• Property Details: Property addresses, valuations, rental income, ownership structure
• Website Form Submissions: Name, email, phone number, finance goals, property details, loan amounts, profession, preferred timeframe, and any free-text messages submitted through our enquiry forms
• Website Usage Data: IP address, browser type, device information, pages visited, time on site, referral source (collected via cookies and analytics)
• Communication Records: Records of phone calls, emails, video meetings, and other correspondence

3. How We Collect Information

We collect personal information through the following means:

• Directly from you: When you submit website enquiry forms (consultation requests, property purchase funnels, refinance funnels, specialist lending enquiries), call or email us, attend meetings, or provide documents for a loan application
• From third parties: Lenders and financial institutions, credit reporting bodies (Equifax, Illion, Experian), our aggregator (Connective), your accountant or solicitor, real estate agents, valuers, and our CRM system (Mercury by Connective)
• Automatically via our website: Through cookies, Google Analytics, and our web hosting platform when you browse our site (see Section 8 for details)

4. How We Use Your Information

We use your personal information for the following purposes:

• To provide mortgage broking and credit assistance services, including assessing your borrowing capacity and recommending suitable loan products
• To submit loan applications to lenders on your behalf
• To communicate with you about your enquiry, application progress, or ongoing loan management
• To verify your identity as required by the Anti-Money Laundering and Counter-Terrorism Financing Act 2006
• To comply with our obligations under the National Consumer Credit Protection Act 2009 (NCCP Act), including responsible lending assessments
• To comply with regulatory and legal requirements (ASIC, AUSTRAC, OAIC)
• To improve our website, services, and client experience based on analytics data
• To send you marketing communications about our services, market updates, or interest rate changes (only with your consent, and you may opt out at any time)

5. Information Sharing and Disclosure

We may share your personal information with the following parties, only to the extent necessary for the stated purposes:

• Lenders and Financial Institutions: To process and assess your loan application
• Credit Reporting Bodies: Equifax, Illion, and Experian for credit checks and reporting as permitted under the Privacy Act
• Our Aggregator (Connective): For compliance, licensing, and loan submission purposes
• Professional Service Providers: Solicitors, conveyancers, accountants, financial planners, valuers, and lenders mortgage insurers involved in your transaction
• Regulatory Bodies: ASIC, AUSTRAC, the OAIC, and other authorities as required by law
• Technology Service Providers: As described in Section 6 below, for website hosting, analytics, email, and SMS delivery

We will not sell your personal information to any third party. We will not disclose your information for purposes unrelated to our services unless required by law or with your consent.

6. Third-Party Service Providers

Our website uses the following third-party services that may process limited personal or usage data on our behalf:

Service	Purpose	Data Processed	Server Location
Google Analytics 4 (G-DRFVWE3JC2)	Website traffic analysis	IP address (anonymised), pages visited, device/browser info	United States
Netlify	Website hosting and form processing	Form submissions, server logs	United States
SendGrid (Twilio)	Email notifications for form submissions	Name, email, phone, enquiry details	United States
Twilio	SMS notifications for form submissions	Name, phone, enquiry summary	United States
Google Fonts	Web typography (Roboto font)	IP address, browser/OS info	United States
Cloudflare CDN	Icon delivery (Font Awesome)	IP address, browser info	Global (including US)
Microsoft Outlook	Calendar booking integration	Booking details (name, email, time)	Australia / United States

Each service provider is contractually obligated to handle data in accordance with their published privacy policies and applicable data protection laws.

7. Cross-Border Data Disclosure (APP 8)

As described in Section 6, some of our third-party service providers are based in the United States. This means that certain personal information (primarily website usage data and form submission details) may be transferred to, stored, and processed in the United States.

Before disclosing personal information overseas, we take reasonable steps to ensure that the overseas recipient handles the information in a manner consistent with the Australian Privacy Principles. Safeguards include:

• Selecting service providers with robust data protection policies and certifications
• Using encrypted transmission channels (HTTPS/TLS) for all data transfers
• Limiting the data shared to only what is necessary for the service
• Reviewing provider privacy policies and terms of service

Sensitive financial information (credit reports, bank statements, loan application documents) is not transmitted to these third-party web services. Such information is handled directly through lender portals and our aggregator’s secure platform.

8. Cookies and Website Analytics

Our website uses Google Analytics 4 (Property ID: G-DRFVWE3JC2) to understand how visitors use our site. Google Analytics sets the following cookies on your device:

• _ga — Distinguishes unique users. Expires after 14 months.
• _ga_DRFVWE3JC2 — Maintains session state. Expires after 14 months.

Google Analytics collects data including pages visited, time on site, referral source, browser type, device, and approximate geographic location (city-level). IP addresses are anonymised by default in GA4. Data is retained for 14 months.

Opting out: You can prevent Google Analytics from collecting your data by installing the Google Analytics Opt-out Browser Add-on. You can also manage cookie preferences in your browser settings.

Our website may also use local browser storage for functional purposes such as remembering theme preferences.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, loss, misuse, or alteration. These measures include:

• SSL/TLS encryption on all website pages and form submissions
• Encrypted credential storage for all third-party service integrations
• Access controls restricting personal information to authorised personnel on a need-to-know basis
• Regular security reviews of our systems and processes
• Encrypted daily backups of client data with 30-day retention
• Secure document handling through lender and aggregator portals

While we take all reasonable steps to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security.

10. Data Retention

We retain personal information in accordance with the following schedules:

• Client loan records: Minimum 7 years after the end of the client relationship, as required by ASIC Regulatory Guide 209 and the NCCP Act
• Website form submissions: Processed immediately upon receipt; server logs retained for approximately 90 days on Netlify
• Website analytics data: 14 months (Google Analytics 4 default retention period)
• Communication records: Retained for the duration of the client relationship plus 7 years
• Marketing consent records: Retained for as long as consent is active, plus a reasonable period for audit purposes

When personal information is no longer required, we will take reasonable steps to destroy or de-identify it.

11. Your Rights (APPs 12–13)

Under the Australian Privacy Principles, you have the right to:

• Access your information (APP 12): Request a copy of the personal information we hold about you. We will respond within 30 days.
• Correct your information (APP 13): Request correction of any inaccurate, out-of-date, incomplete, or misleading information.
• Request deletion: Ask us to delete your personal information, subject to our legal retention obligations.
• Opt out of marketing: Unsubscribe from marketing communications at any time by contacting us or using any unsubscribe link provided.
• Lodge a complaint: If you believe we have breached the APPs, you may lodge a complaint with us (see Section 15 below).

To exercise any of these rights, please contact us using the details in Section 15. We will not charge you for making a request, although we may charge a reasonable fee for providing access to large volumes of information.

12. Credit Reporting

As a credit assistance provider, we handle credit-related information in accordance with Part IIIA of the Privacy Act 1988 and the Credit Reporting Privacy Code 2014. This includes:

• Collecting credit information (credit reports, credit scores, repayment history) for the purpose of assessing your suitability for credit products
• Disclosing credit information to lenders as part of your loan application
• Sharing credit information with credit reporting bodies (Equifax, Illion, Experian) as required

Important: In accordance with the National Consumer Credit Protection Act 2009, we will not request a credit report until you have been provided with and acknowledged our Credit Guide. This ensures you are fully informed of our services, fees, and complaint resolution processes before any credit enquiry is made.

You have the right to request access to your credit report from any credit reporting body. If you believe information in your credit report is incorrect, you may request a correction.

13. Notifiable Data Breaches

In the event of a data breach that is likely to result in serious harm to any individual whose personal information is affected, we will comply with Part IIIC of the Privacy Act 1988 (Notifiable Data Breaches scheme). This means we will:

• Take immediate steps to contain the breach and assess the risk of serious harm
• Notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable, and within 30 days of becoming aware of the breach
• Notify affected individuals with details of the breach, the type of information involved, and recommended steps to protect themselves
• Document the breach and our response in accordance with our internal breach response plan

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. Any changes will be posted on this page with an updated “Last Updated” date. We encourage you to review this policy periodically. Continued use of our website or services following any changes constitutes acceptance of the updated policy.

15. Contact Us and Complaints

If you have questions about this Privacy Policy, wish to exercise your rights, or want to make a complaint about our handling of your personal information, please contact us:

• Email: info@navigatorbroking.com.au
• Phone: 0405 678 979
• Address: Melbourne, Victoria, Australia

We will acknowledge your complaint within 7 days and aim to resolve it within 30 days. If you are not satisfied with our response, you may escalate your complaint to:

• Office of the Australian Information Commissioner (OAIC)
  Website: www.oaic.gov.au
  Phone: 1300 363 992
• Australian Financial Complaints Authority (AFCA) — for financial services complaints
  Website: www.afca.org.au
  Phone: 1800 931 678