Effective date: 15^th October 2025

The Real Estate Institute of the ACT Limited (‘we’, ‘us’ and ‘REIACT’) is committed to protecting your privacy. We comply with the Privacy Act 1988 (Cth) (the Act), including the Australian Privacy Principles (APPs), and other applicable privacy laws. This Privacy Policy explains how we collect, store, use, disclose, and protect the personal information of our members, employees and volunteers, and those that conduct business with us. It also sets out your rights to access and correct your information, and how to make a complaint.

You acknowledge that by giving us your personal information, doing business with us, making enquiries with us, or visiting our website or other social media you agree that your personal information will be dealt with as set out in this Privacy Policy.

We reserve the right to revise this Privacy Policy or any part of it at our discretion and without notice.

Information We Collect

We may collect and hold the following types of personal information:

names, addresses and contact information, including, but not limited to, telephone numbers, social media identifiers and email addresses;

information about your business, occupation or employment, including, but not limited to, your employer, any business organisations you are affiliated with, your commercial activities and your job description);

information about your professional qualifications, including, but not limited to, licence details and other regulatory certifications;

information about your account and profile with REIACT, including, but not limited to, login details, membership applications, and event registrations.

financial information, including payment information collected and processed through secure third-party payment providers but excluding full credit or debit card details which REIACT does not collect. Where a record is required, we entrust credit cards to our payment gateway and store only the last few digits and expiry date of your credit card solely for purposes of identity confirmation and forewarning of expiry;

information about staff and volunteers, as required in the normal course of human resource management (including but not limited to name, address, date and place of birth, addresses and contact information, tax file number (if provided), emergency contact information, bank account details, right to work information);

information about your use of our website, including but not limited to, cookies, IP Address and data collected by website traffic monitors which may include demographics, browsing behaviour and usage statistics;

content you choose to provide to us, for example through comments, feedback or testimonials; and

information about how you interact with us, including your activity on our website, comments or articles you publish, orders you place, votes and enquiries you make with us.

Where lawful and practicable to do so, we will give you the option of interacting with us anonymously or under a pseudonym. However, if you do not provide us with the information we ask for, we may not be able to provide you with some or all of our services.

How We Collect Personal Information

We only collect personal information by lawful, fair and reasonable means. We usually collect personal information from you directly. However, we may also collect your personal information from a range of sources, including your representatives, business partners and government agencies. For example, we may collect your personal information when you:

provide information directly to us by using our products or services, or by otherwise interacting with us including, but not limited to, where you make applications, phone calls, or engage in correspondence, and event registrations and event attendance;

view our website or take specific actions on our website (for example, where you enable cookies or click on an internal link);

create or log into an account with us through our website;

render payment to us through a secure third-party payment provider; We may also collect personal information about you from third parties where authorised or required by law, including regulators, professional registers or professional service providers.

If we received personal information about you that we have not requested, and we determine that we could not have otherwise lawfully collected that information in accordance with the Act and the APPs, we will destroy or de-identify that information if it is lawful and reasonable to do so.

Why We Collect and Use Personal Information

We only collect and use your personal information for the purposes for which it was provided, for related purposes in the ordinary course of business, and as required or permitted by the Act, APPs and other privacy legislation. These purposes include to:

provide, administer and maintain our products and services, including, but not limited to, considering membership applications, managing your membership (including the complaints/disciplinary function of REIACT), training, and events

organise, host, market and generally facilitate events, such as conferences and training sessions;

provide customer support, including investigating, responding to and actioning your enquiries, feedback, comments and complaints;

performing general administration, reporting and management functions, including, but not limited to, the processing of payments, invoicing, training, risk management, governance, maintaining records and complying with our legal and regulatory obligations;

confirming your identity, where necessary;

monitoring and improving our website, services and operations;

inform and conduct marketing activities for the promotion of our services and brand, including, but not limited to, sending updates, newsletters or marketing materials (noting that you have the right to opt-out of receiving marketing materials at any time).

We may collect sensitive information about you that relates to your membership of REIACT as a professional association. Otherwise, we do not normally collect and hold sensitive information. To the extent that we do collect additional sensitive information we will only use it for the purpose for which it was collected or a related purpose in accordance with the Act, or otherwise where you give your consent.

Sensitive information is defined in the Act as information included (but not limited to) information about racial or ethnic origin; political opinions; membership of a political association; religious beliefs or affiliations; philosophical beliefs; membership of a professional or trade association; membership of a trade union; sexual preferences or practices; or criminal record.

Disclosure of Personal Information

We may disclose, and you consent to us disclosing, your personal information to:

third parties that are engaged by us to provide products or services, or to undertake functions on our behalf, including, but not limited to, persons and entities contracted to assist us with providing third-party training to members, managing our information-technology infrastructure, payment processing, marketing, and administration, and to sponsors or event co-ordinators where you are attending one of our events;

third parties that act as our external professional advisors, including lawyers, accountants or property advisors;

the third party we engage to manage out REI Forms platform to establish and verify accounts for our members;

facilitate the processing of credit card payments by Internet Payment Gateways and Merchant Facilities

facilitate advertising or completing the sale of part or all of our business;

other third parties where you authorise to receive information held by REIACT; and

government agencies and regulators, where required or authorised by law (for example, Access Canberra).

We will never sell your personal information to third parties.

Overseas Disclosure

You consent to the disclosure of your personal information to overseas recipients where we have engaged them to assist us in the course of our business as service providers, contractors, employees or advisors. As at the date of this Privacy Policy we do not use or disclose personal information outside of Australia.

Before disclosing your personal information to an overseas recipient, REIACT will take reasonable steps to ensure that the recipient does not breach the APPs in relation to your personal information.

Nevertheless, you acknowledge and agree that if we disclose your personal information to overseas recipient, that we cannot guarantee that the recipients of your personal information comply with this Privacy Policy or the privacy framework established by the Act and APPs. You consent to our disclosure of information to overseas recipients on the basis that you will not be liable to you for (and you release us in respect of) any breaches of Australian privacy legislation or this Policy by overseas recipients following disclosure by REIACT

Marketing Use, Disclosure and Opt-Out

We may use and disclose your personal information to provide you with information about our products or services from time to time. You may opt-out of receiving marketing or promotional materials at any time by:

contacting our CEO in writing and requesting that we no longer send you marketing or promotional materials; or

clicking on the “unsubscribe” button if applicable.

Data Security and Retention

We take reasonable steps to protect your personal information against misuse, interference, loss, unauthorised access, modification, or disclosure. We implement a number of technical and organisational methods to protect your personal information, including:

firewalls;

password protection;

encryption;

secure servers;

multi-factor authentication;

privacy training for staff who handle personal information; and

limitation on who within REIACT can access and use personal information.

We take reasonable steps to destroy or de-identify personal information if we consider that it is no longer required to fulfill the purpose for which it was collected, used or disclosed, a secondary purpose permitted by the APPs or otherwise to meet our obligations at law.

Cookies and Website Analytics

Cookies are electronic tokens containing small amounts of information that are passed between a web browser and server. They are used to maintain session state between pages or to retain information between visits if you return to the website at a later time.

We use cookies and third-party analytics tools to monitor and improve website performance and user experience. You may disable cookies in your browser, but this may limit website functionality.

Publishable Content

When you submit content to us for publication (including but not limited to comments, testimonials, votes, or forum posts) you assign us a transferrable, perpetual right to publish and/or commercially exploit that content without limitation. You also warrant in submitting such content that the content is owned or produced by yourself or you otherwise have permission to assign publication rights to us. Publication rights do not extend to fields specifically marked as private (e.g. your email address), except in cases of clear violations of our terms of use.

Content submitted by you for publication may be disclosed to all visitors of our website, and/or republished on other websites at our discretion. We reserve the right to remove content which we believe is offensive, unlawful, defamatory, false or misleading, violates or infringes the intellectual property rights of others or contains advertising.

If you provide personal information (your own or that of a third party) as part of publishable content, you warrant that you have permission to publish said information and indemnify us against any consequences resulting from the publication of said information.

Notifiable Data Breaches

If a data breach occurs that is likely to cause serious harm, we will promptly notify the affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme.

Accessing and Correcting Your Personal Information

You have a right to access your personal information held by us. Any such request must be made in writing to our CEO. REIACT reserves the right to request verification of identity before responding to a request.

If the CEO denies your request they will contact you and inform you of the basis for the denial (for example, where it would not be practicable or reasonable to approve your request).

We will provide you with access to your information in the format you request it where it is practicable and reasonable for us to do so. We reserve the right to charge a reasonable fee in certain circumstances for the retrieval of your personal information.

If you believe that information that we hold about you is incorrect or incomplete, you may request that your information is updated at any time in writing, with your request to be addressed to the CEO. If we consider that your personal information is correct or otherwise complete, we are not required to update your information and will give you a written notice setting out our reasons.

Automated Decision-Making Systems

REIACT does not implement automated decision-making systems that use, collect, disclose or otherwise handle your personal information.

Complaints

If you have a concern about how we handle your personal information, please contact us first (see section 11). We will investigate and respond to your complaint.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC):Website: [www.oaic.gov.au](http://www.oaic.gov.au)

Phone: 1300 363 992

Contact Us

For questions, access requests, or privacy complaints, please contact:

CEO

Real Estate Institute of the ACT (REIACT)

Email: admin@reiact.com.au

Phone: 0499881168

Address: Suite1B 16 Thesiger Street Deakin ACT 2606