Privacy Policy –
SPM REAL ESTATE
Last updated: January 2026
1. Who we are
This website (https://spmre.net/) is operated by SPM REAL ESTATE, a licensed real estate agency operating in New South Wales, Australia.
We are committed to protecting your privacy and handling your personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the Privacy Legislation Amendment (Enforcement and Other Measures) Act 2022, and the Spam Act 2003 (Cth).
Contact us about privacy:
- Privacy Officer: Elee Boustani
- Email: info@spmre.net
- Phone: Office: 02 8632 3026
- Address: Unit 7a/36 Holbeche Rd, Arndell Park NSW 2148
Please mark any written correspondence “Privacy Request”.
2. What personal information we collect
We only collect personal information that we reasonably need for our real estate business:
From website visitors and online interactions:
- Name, email address, phone number, contact preferences
- Property preferences, budget range, and specific requirements
- IP address, device information, browser data, and general location (for security and analytics)
- Information submitted through contact forms, property alerts, virtual tour bookings, or AI chatbot interactions
- Digital interaction logs and website navigation patterns
- Location data (only if you enable location services for property searches)
From buyers, sellers, landlords and tenants:
- Full contact details and government-issued identification (driver’s license, passport)
- Financial information including income verification, employment details, and references (primarily for rental applications)
- Property ownership or tenancy history and previous rental records
- Banking details and payment information for transactions, bonds, deposits, and rent payments
- Digital signatures and electronic consent records
- Records of all communications including emails, SMS, and conversation notes
From AI and automated interactions:
- Chatbot conversation logs and inquiry patterns
- Automated property matching preferences and search behavior
- Virtual inspection engagement data and 3D tour navigation
- Biometric data (only if using digital identity verification services)
Sensitive information (such as criminal history, financial hardship details, or health information) is only collected where necessary for tenancy database checks or identity verification, with your explicit consent or as otherwise permitted by law.
3. How we use artificial intelligence and automated systems
Transparency is paramount in 2026. We use AI and automated processing technologies to enhance our services:
AI-Powered Services:
- Property Matching: Algorithms analyze your preferences to suggest relevant properties
- Chatbots: AI-driven responses to common inquiries (clearly identified as automated)
- Application Screening: Rental applications may be pre-screened by software for completeness and basic criteria verification
- Market Analysis: Automated property valuations and market trend analysis
- Personalized Recommendations: Tailored property suggestions based on your search behavior
Important Guarantees:
- Final decisions on tenancy approvals or sales are always made by human agents and property owners
- You have the right to request human review of any automated decision that significantly affects you
- We will clearly identify when you’re interacting with AI systems versus human staff
- You can opt out of automated decision-making for your applications (this may slow processing times)
4. Website technology and data collection
Digital Property Services:
- Virtual Tours & 3D Walkthroughs: Third-party providers may collect data on how you navigate digital property spaces
- Media Uploads: If you upload images (e.g., for maintenance requests), please remove embedded location data (EXIF GPS) unless location is relevant
- Live Chat & Video Calls: Conversations may be recorded for quality assurance and dispute resolution
Cookies & Similar Technologies: We use cookies, pixels, and similar technologies to:
- Essential Functions: Enable login, security features, and core website functionality
- Preferences: Remember your search filters and favorite properties (stored for one year)
- Analytics: Understand website traffic through tools like Google Analytics 4 (anonymized data)
- Marketing: Show relevant property advertisements on other websites (you can opt out via browser settings)
- Security: Detect suspicious activity and prevent fraud
You can manage cookie preferences through your browser settings or our cookie consent manager.
5. Who we share your information with
We only share personal information when necessary for real estate services or required by law:
Real Estate Transactions:
- Property owners and landlords (for rental applications and inquiries)
- Prospective tenants and buyers (where you’re selling or leasing property)
- Professional services (solicitors, conveyancers, valuers, accountants, financial advisors)
Verification and Compliance:
- Tenancy databases (TICA, NTD, TRA) for rental application processing
- Digital identity verification services (government-approved ID verification platforms)
- Government agencies (NSW Fair Trading, ATO, AUSTRAC) as required by law
- Credit checking agencies (for rental applications where consented)
Service Providers:
- Technology platforms (CRM systems, cloud storage, email platforms, payment processors, AI service providers)
- Property portals (realestate.com.au, Domain) for listing syndication
- Marketing platforms (where you’ve consented to receive marketing)
- Tradespeople and contractors (for property maintenance and inspections)
We do not sell your personal information to data brokers or third parties for their marketing purposes.
6. Data security and overseas transfers
2026-Standard Security Measures:
- Encryption: All data is encrypted in transit and at rest using industry-standard protocols
- Access Controls: Multi-Factor Authentication (MFA) required for all staff accessing personal data
- Regular Security Audits: Quarterly cybersecurity assessments and penetration testing
- Staff Training: Ongoing privacy and security training for all team members
Overseas Data Storage: Some service providers (cloud hosting, CRM platforms, AI services) may store or process data outside Australia, including in the United States, European Union, and other jurisdictions. We ensure compliance through:
- Standard Contractual Clauses with international providers
- Privacy Shield or equivalent frameworks where applicable
- Binding Corporate Rules for multinational service providers
- Your explicit consent where required by law
Data Breach Response: In the event of a notifiable data breach likely to cause serious harm, we will:
- Notify affected individuals within 72 hours where practicable
- Report to the OAIC as required under the Notifiable Data Breaches (NDB) scheme
- Provide clear information about what happened and steps to protect yourself
- Implement immediate containment measures to prevent further unauthorized access
7. How long we keep your information
Legal Retention Requirements:
- Real estate and trust account records: Minimum 7 years (NSW Fair Trading regulations and tax law)
- Rental and sales contracts: 7 years from completion or termination
- Marketing communications: Until you opt out or 3 years of inactivity
- Website data: Comments and user accounts retained indefinitely unless deletion requested
- CCTV footage (if applicable): 30 days unless required for incident investigation
- AI interaction logs: 2 years for quality assurance and dispute resolution
Secure Disposal: When retention periods expire and we’re not legally required to keep information, we will securely destroy or de-identify data using industry-standard methods.
Important: Some data cannot be deleted due to legal record-keeping requirements (including anti-money laundering laws), even if you request deletion.
8. Your rights under Australian privacy law
Access and Correction Rights:
- Request access to personal information we hold about you
- Correct inaccurate, incomplete, or out-of-date information
- Request deletion (subject to legal retention requirements)
Control and Choice Rights:
- Opt out of marketing communications at any time
- Object to automated decision-making in certain circumstances
- Request human review of automated decisions affecting you
- Choose not to provide certain information (may limit available services)
Response Timeframes:
- Simple requests: 14 days
- Complex requests: 30 days
- Access requests: May incur reasonable administrative fees for extensive requests
To exercise these rights, contact our Privacy Officer using the details in section 1.
9. Marketing communications and consent
How We Communicate: We may send property alerts, market updates, newsletters, and promotional information via email, SMS, or phone where you’ve provided consent or we have a legitimate business relationship.
Your Control:
- Opt out anytime by clicking “unsubscribe” in emails
- Reply “STOP” to SMS marketing messages
- Update preferences in your online account (if available)
- Contact us directly to modify communication preferences
We process opt-out requests within 5 business days.
Note: Even if you opt out of marketing, we may still contact you about current transactions, tenancies, or important account notices.
10. Privacy complaints and resolution
Step 1 – Contact Us: Email our Privacy Officer. We will:
- Acknowledge your complaint within 7 days
- Investigate thoroughly and impartially
- Respond with our findings and any corrective action within 30 days
Step 2 – External Review: If unsatisfied with our response, contact:
Office of the Australian Information Commissioner (OAIC):
- Website: https://www.oaic.gov.au
- Phone: 1300 363 992
- Email: enquiries@oaic.gov.au
- Mail: GPO Box 5218, Sydney NSW 2001
NSW Fair Trading (for real estate-specific complaints):
11. Children’s privacy
Our services are primarily directed at adults. We do not knowingly collect personal information from children under 18 without parental or guardian consent. If you believe we’ve inadvertently collected information from a minor, please contact us immediately for removal.
12. Policy updates and notifications
We may update this policy to reflect changes in law, technology, or business practices. Material changes will be communicated via:
- Prominent website notice for 30 days
- Email notification to registered users
- Updated “Last updated” date at the top of this policy
Continued use of our services after policy updates constitutes acceptance of the revised terms.
13. 2026-specific considerations
Digital Identity Verification: We may use government-approved digital identity verification services that access official databases to confirm your identity. These services do not store copies of your government identification documents.
Artificial Intelligence Accountability: All AI systems used in our business undergo regular bias testing and accuracy audits. We maintain human oversight of all automated processes that significantly impact our clients.
Quantum-Safe Security: Our security infrastructure is designed to be resilient against emerging quantum computing threats, ensuring your data remains protected as technology evolves.
