Privacy Policy

BlueRock is committed to protecting the privacy of your personal information. This Privacy Policy tells you how BlueRock 3030 Pty Ltd and its subsidiaries (together “BlueRock Group”, “us”, “our” or “we”) will handle your personal information in accordance with the Privacy Act 1988 (Cth) (“Privacy Act”) and the Australian Privacy Principles (“APPs”).

What Personal Information Do We Collect?

The personal information that we collect will depend on your relationship with us and the service(s) you or your organisation have engaged us to provide or are interested in. It may include:

  • Name and contact information (including telephone and mobile number, email address and residential and postal address);
  • Individual information (including racial or ethnic origin(s), language(s) spoken, religious belief(s) and affiliation(s), date of birth, age, place of birth, gender(s), occupation(s), employment and qualification details, financial records, income details, asset listings, taxation records, bank account details, insurance policies, medical history, disability status, criminal record and Court records);
  • Payment and transactional information (including banking and credit card details);
  • Other personal or sensitive information (including information contained in communications or documents, any information required due to the nature of your matter, or information we are required to or permitted to collect by law).
  • Identity verification information collected for the purpose of customer due diligence under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) ("AML/CTF Act"), including full name, date of birth, residential address, and details of government-issued identity documents (such as driver’s licence or passport number, type and expiry date). We do not retain copies of full identity documents — only the specific data points required for our AML/CTF record-keeping obligations.

Collecting Personal Information

How We Collect Personal Information

We may collect your personal information directly from you or in the course of our dealings with you. For example, we collect personal information from you or about you from:

  • Correspondence between you and us;
  • Meetings and interviews with us, telephone calls with us, the instructions you provide to us;
  • Visits to and submissions you make on our website;
  • Your interactions with our electronic direct mail and/or emails from our marketing campaigns (such as clicks on links included in these emails); and
  • Registration and forms you may fill in for our marketing-related activities and events.

In some instances, we may receive personal information about you from third parties, including entities within the BlueRock Group, associated businesses, government agencies, regulatory authorities and referrers (such as other accountants, law firms, real estate agents, financial planners, insurers and business consultants). We may also receive personal information about you from your authorised third parties and publicly available sources.

For the purposes of our AML/CTF obligations, we may also collect personal information from identity verification service providers, government registers and databases, sanctions and politically exposed persons (PEP) screening services, beneficial ownership registers, and other third-party sources where it is necessary to complete customer or personnel due diligence.

Artificial Intelligence (AI)

We may use artificial intelligence (AI) tools to assist in recording, transcribing, and summarising client meetings (including telephone, video, or in-person consultations), as well as to support certain analysis, document review/preparation, and service improvement functions across our firm. These tools may capture and process personal information you share with us, such as your name, financial circumstances, and goals.

We use AI tools only for purposes directly related to the provision and improvement of our services, including accurate record-keeping, regulatory compliance, and enhancing service quality. We ensure that any AI tools or platforms we use:

  • Comply with Australian privacy and data security standards.
  • Are subject to strict access controls and confidentiality obligations.
  • Do not use your personal information for unrelated or commercial purposes.
  • Are regularly reviewed to ensure ongoing compliance and protection of your information.

Why We Collect, Hold and Use Personal Information

We collect and hold your personal information for a variety of purposes, and you permit us to use it:

  • To provide you with our services and carry out our business functions;
  • For purposes related to the provision of our services such as planning, performance reporting, file research, internal investigations, our own internal administrative and accounting functions, our professional and reporting obligations, data backups, marketing and promotions, educational briefings and other service offering updates, conducting client satisfaction surveys and feedback requests, statistical collation and website traffic analysis;
  • For disclosure to third parties (such as government departments and agencies, other accountants, law firms, real estate agents, financial planners, insurers, local business and industry networks, Chambers of Commerce, business and industry alliances, auditors and other consultants and banking institutions) where it is reasonably necessary for them to assist us to provide our services to you, or to enable them to provide related service offerings you have requested;
  • For disclosure to any entity within the BlueRock Group as necessary for the provisions of our services, enabling them to provide service offerings you have requested and conflict checks.
  • Disclosure to third parties where required or permitted by law;
  • Where you are a prospective employee of BlueRock Group, for purposes related to your prospective recruitment. In some cases, our recruitment activities are managed by a third party recruitment agency.
  • To comply with our obligations as a reporting entity under the AML/CTF Act, including conducting customer due diligence, personnel due diligence, transaction monitoring, and reporting obligations (including to the Australian Transaction Reports and Analysis Centre ("AUSTRAC")).

In addition to the above, you permit us to use your personal information:

  • Where you have consented to its use or disclosure;
  • Where we reasonably believe that use or disclosure is necessary to lessen or prevent a serious, immediate threat to someone's health or safety or the public's health or safety;
  • Where we reasonably suspect that unlawful activity has been, is being or may be engaged in and the use or disclosure is a necessary part of our investigation or in reporting the matter to the relevant authorities;
  • Where such use or disclosure is required under or authorised by law (for example, to comply with a subpoena, a warrant or other order of a court or legal process);
  • Where we reasonably believe that use or disclosure is necessary for the prevention, investigation, prosecution and punishment of crimes or wrongdoings or the preparation for, or conduct of, proceedings before any court or tribunal (or the implementation of orders of a court or tribunal or on behalf of an enforcement body);
  • To develop and improve our business, products and services; and
  • For any lawful purpose.

Where we wish to use or disclose your personal information for other purposes, we will obtain your consent.

How We Hold and Store Personal Information

Your personal information is held and stored on paper, by electronic means or both. We have physical, electronic and procedural safeguards in place for personal information and take reasonable steps to ensure that your personal information is protected from misuse, interference, loss and unauthorised access, modification and disclosure:

Data held and stored on paper is stored in secure key-card premises.

Data held and stored electronically is protected by internal and external firewalls, high encryption and all access to electronic data including databases requires password access that meets Microsoft complexity standards.

Access to personal information is restricted to staff and contractors whose job description requires access. Our employees and contractors are contractually obliged to maintain the confidentiality of any personal information held by us.

Data stored or archived off-site is contained within secure facilities. We also require our storage contractors to implement privacy safeguards.

We undertake regular data backups, with the data copied and backed up to multiple locations for redundancy purposes.

Our staff receive regular training on privacy procedures.

Destruction Of Personal Information

We will retain your personal information whilst it is required for any of our business functions or for any other lawful purpose. We will also retain your personal information for the time periods required by law (commonly, seven years).

Personal information collected for AML/CTF purposes (including customer due diligence records) is required by law to be retained for a minimum of seven (7) years following the end of our business relationship or the date of the last occasional transaction (as applicable). This statutory retention obligation takes precedence over our standard destruction practices for the duration of that period.

Consistent with guidance from the Office of the Australian Information Commissioner ("OAIC"), we do not retain copies of full identity documents (such as passports or driver’s licences) for AML/CTF record-keeping purposes. We retain only the specific personal information required to satisfy our AML/CTF record-keeping obligations (such as name, date of birth, document type, document number and expiry date). Where copies of identity documents were collected prior to 31 March 2026, those records are retained for the applicable seven-year period in accordance with the AML/CTF Act.

We use secure methods to destroy or to permanently de-identify your personal information when it is no longer needed. Paper records are sent for secure destruction. In some instances, paper records and original documents will be returned to you and/or relevant third parties.

Electronic records retained for longer than 7 years may be archived to alternative storage and are subject to the procedural safeguards described above.

Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Obligations

From 1 July 2026, BlueRock Group became subject to the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act) as a reporting entity providing designated services. This section explains how we handle personal information in connection with our AML/CTF obligations.

Identity Verification and Customer Due Diligence

As part of our obligations under the AML/CTF Act, we are required to collect and verify personal information about our clients (and in some cases, their associates, beneficial owners and authorised representatives) before or during the provision of certain designated services. This is known as customer due diligence (“CDD”). We are required by law to conduct these checks and may be unable to provide certain services without completing CDD.

The personal information we may collect for CDD purposes includes:

  • Full name, date of birth and residential address;
  • Details of government-issued identity documents (including document type, number and expiry date);
  • Information about beneficial ownership and control structures;
  • Information relevant to assessing money laundering or terrorism financing risk (including politically exposed person (PEP) status and sanctions screening results); and
  • Other information required under the AML/CTF Act or AML/CTF Rules.

Disclosure to AUSTRAC and Other Authorities

We are required by the AML/CTF Act to report certain information to the Australian Transaction Reports and Analysis Centre (“AUSTRAC”), including suspicious matter reports (SMRs), threshold transaction reports (TTRs) and international funds transfer instructions (IFTIs). These disclosures may include your personal information and are required by law. We may also be required to disclose personal information to other regulatory authorities or law enforcement agencies in connection with our AML/CTF obligations.

Tipping-Off Restrictions

The AML/CTF Act prohibits us from disclosing the existence or content of suspicious matter reports or related investigations to the individuals concerned (known as “tipping off”). Where such restrictions apply, we may be unable to provide a collection notice, respond to certain access or correction requests, or otherwise communicate with you in the usual manner. This is a legal requirement and does not constitute a breach of our privacy obligations.

Personnel Due Diligence

As part of our AML/CTF compliance program, we may collect and handle personal information about employees, contractors and other personnel for the purposes of personnel due diligence. This information is collected and handled in accordance with our AML/CTF obligations and the Privacy Act, and is maintained separately from our general employee records.

Data Minimisation for AML/CTF Purposes

Consistent with our obligations under the Australian Privacy Principles, we limit the collection of personal information for AML/CTF purposes to what is reasonably necessary to comply with our AML/CTF obligations and carry out our related functions and activities. The AML/CTF Act does not provide us with unlimited authority to collect personal information, and we will not collect information beyond what is required.

Access To and Correction Of Personal Data

You have a right to request access to or correction of your personal information held by us.

If you wish to access, correct or update any personal information that we hold about you, please contact us via the details below.

We will respond to your request within a reasonable time of you making the request and give you access in the manner you requested, unless it is unreasonable or impracticable for us to do so.

There may be reasons why we cannot give you access to the information that you have requested, or we refuse to correct your personal information. If this is the case, we will let you know these reasons in writing.

Please note that where our AML/CTF tipping-off obligations apply, we may be restricted from providing access to certain personal information or from disclosing the reasons for withholding access. In such circumstances, we will advise you that we are unable to fulfil your request without providing reasons.

To assist us to keep our records up to date, please notify us of any changes to your personal information.

Data Breach

We will take seriously and deal promptly with any accidental or unauthorised loss, use or disclosure of personal information.

We are subject to the Notifiable Data Breaches Scheme (“NDB Scheme”) under the Privacy Act. In assessing and responding to suspected notifiable data breaches, we will act in accordance with:

  • Our applicable policies which incorporate the requirements of the NDB Scheme; and
  • The guidance of the Office of the Australian Information Commissioner (“OAIC”).

Where a data breach involves personal information collected for AML/CTF purposes, we will also notify AUSTRAC as required and take such additional steps as may be required under the AML/CTF Act or directed by AUSTRAC or the OAIC.

Feedback And Surveys

From time to time, you may have the option to participate in surveys or provide feedback intended to improve the services offered by us which may involve providing additional personal information. Your participation in such activities is subject to your consent.

IP Addresses

An Internet Protocol (“IP”) address is a small set of numbers automatically assigned to your computer when you log onto the internet. We may use general information about your visit to the website, including your IP address, the date and time of your visit, pages viewed and the type of browser you use. This assists us in improving the quality and usability of our website.

If you use social media, we may collect any information that you allow the social media site to share with us.

Direct Marketing

We may use and disclose your personal information for the purpose of direct marketing to you via direct mail, email, SMS, MMS, targeted digital advertising or any other means of marketing communication, where:

  • You have consented to us doing so; or
  • It is otherwise permitted by law.

You may opt out of direct marketing communications at any time by contacting us or by using opt-out facilities set out in the direct marketing communications.

Cookies

A cookie is a small data file that is placed on your computer or mobile device when you visit a website. Website owners widely use cookies in order to make their websites work, or to work more efficiently, as well as to provide reporting information. We use cookies to:

  • Personalise your visit to our website (as a cookie allows a web server to 'remember' visitors on subsequent visits without having to prompt them for information previously supplied. A cookie can also remember courses previously viewed by a site visitor);
  • Provide information about us to you while you browse; and
  • Obtain non-identifying information about your demographic group and general interests.

You may elect to disable cookies and/or geolocation sharing at any time.

Our website also contains links to other websites of interest. However, we note that once you have used those links to leave our website, we do not have control over that other website and are not responsible for the protection and privacy of any information you provide whilst visiting such sites, and such sites are not governed by this Privacy Policy. You should exercise caution and look at the privacy statement applicable to the site(s) in question.

Microsoft Clarity

We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement .

Changes To This Privacy Policy

We may update our Privacy Policy from time to time. Our Privacy Policy was last updated on 16 February 2026. By continuing to use our website or otherwise continuing to deal with us, you accept this Privacy Policy as it applies from time to time.

Complaints

We have procedures in place for dealing with complaints and concerns about our practices in relation to the Privacy Act, the APPs, and any alleged breach of this Privacy Policy. We will respond to your complaint in accordance with the relevant provisions of the APPs. For further information, please contact us.

If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au. We aim to respond to all privacy complaints within 30 days of receipt.

Contact

Privacy Officer
BlueRock
Level 2, East Podium, Rialto
525 Collins Street
MELBOURNE VIC 3000
Phone: (03) 8682 1111
Email: privacy@thebluerock.com.au

BlueRock acknowledges the Traditional Owners of the lands and waters on which we work, live and gather - including the Wurundjeri Woi Wurrung people of the Kulin Nation in Melbourne, and First Nations communities across Australia and beyond. We pay our respects to their Elders past, present and emerging, and honour the rich cultures and ongoing connection to Country.

Liability limited by a scheme approved under Professional Standards Legislation. © BlueRock 2026

Switch region