This Privacy Policy explains how Sydney Forex Pty Ltd ("SFPL", "we", "our", or "us") collects, uses, discloses, and protects your personal information.

This policy applies to all services provided by SFPL, including money transfer and remittance services.

We handle your personal information in accordance with applicable Australian laws, including the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the Anti-Money Laundering and Counter-Terrorism Financing Act 2006, and are committed to doing so securely and transparently.

• Personal Information: Information or an opinion that identifies, or could reasonably identify, an individual.
• Sensitive Information: Includes biometric information and other information considered sensitive under applicable privacy laws.
• AML/CTF-Related Personal Information: Personal information collected or generated under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006, including identity verification records, transaction details, and reports made to AUSTRAC. This information may be retained or disclosed as required by law.
• Third Parties: Banks, financial institutions, regulators, service providers, and overseas partners with whom we may share information.
• AUSTRAC: The Australian Transaction Reports and Analysis Centre, our regulator under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006.

Where lawful and practicable, you may have the option of not identifying yourself or of using a pseudonym when interacting with us.

However, due to our obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006, we are generally required to identify our customers before providing services. As a result, it will not be possible to deal with SFPL anonymously when using our remittance services.

We collect your personal information to verify your identity and provide remittance services in accordance with applicable laws, including the Anti-Money Laundering and Counter-Terrorism Financing Act 2006.

Your personal information may be disclosed to the following parties for the purpose of processing transactions and complying with legal and regulatory obligations:

• Banks and financial institutions
• Government regulators (including AUSTRAC)
• Identity verification service providers
• Overseas partners (including where funds are processed)

If you do not provide the requested information, we may be unable to verify your identity or provide our services.

Further details on how your personal information is collected, used, disclosed, and managed are set out in this Privacy Policy, including information about how to access and correct your personal information and how to make a complaint.

Our contact details are provided at the end of this Privacy Policy.

If you do not provide the personal information requested, we may be unable to verify your identity or provide our services.

We may collect your personal information from:

• Directly from you when you create a profile, register, use our services, or contact us.
• Documents you provide for identity verification.
• Government databases, credit reporting bodies, and fraud prevention services.
• Publicly available sources such as directories, official records or websites.
• Financial institutions and service providers involved in processing transactions.
• Social media platforms, where you interact with us.

We may collect the following categories of personal information:

• Identification details: Full name, date of birth, address, phone number and email address.
• Identity documents: Passport, driver's license, Medicare card, proof of age card, citizenship certificate, and supporting documents such as bank confirmation letters or utility bills.
• Photographs and biometric information: Such as a photograph or selfie.
• Financial information: Bank account details, transaction history, and, where required, proof of funds or source of wealth.
• Beneficiary information: Name, date of birth, address, phone number, local identification details, account details, and contact information of the person receiving funds.
• Communication records: Emails, phone calls, messages and other communications with us.
• Technical and online data: Device and browser information, IP address, cookies, and analytics data.
• Publicly available information: Information from government records, directories, or social media or other public sources used for verification purposes.

We use certain personal information, including identity documents and, where applicable, biometric information (such as a photograph or selfie), to verify your identity in accordance with legal and regulatory obligations.

We may verify your identity with relevant issuers, official record holders, and authorised verification service providers.

We take reasonable steps to avoid retaining full copies of identity documents unless required by law, regulatory guidance, or risk management obligations. Where full documents are not required, we retain verification results, reference data, or limited information necessary to meet legal, regulatory, and operational requirements.

We do not adopt, use, or disclose government-related identifiers (such as passport numbers, driver licence numbers, or Medicare numbers) as our own identifiers of individuals unless required or authorised by law, including for identity verification purposes under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006.

Where possible, SFPL adopts a data minimisation approach in the collection and retention of identity verification information.

If we receive personal information we did not request, we will assess whether we could have lawfully collected it.

If not, we will take reasonable steps to destroy or de-identify the information.

We use your personal information for the following purposes:

• Identity verification (KYC/AML): To verify your identity and meet legal and regulatory obligations.
• Transaction processing: To process and complete money transfers and remittance services securely.
• Fraud and financial crime prevention: To detect, investigate, and prevent money laundering, terrorism financing, and other unlawful activity.
• Regulatory compliance and reporting: To comply with applicable laws, including recordkeeping and reporting obligations to regulators such as AUSTRAC.
• Customer support: To assist with enquiries, transactions, disputes, or complaints.
• Service improvement: To monitor and improve our services and customer experience.
• Communications: To send service-related updates and, where you have provided consent, marketing communications.
• Monitoring and analytics: To maintain the security, integrity, and performance of our systems.

We will not use or disclose your personal information for unrelated purposes unless required or permitted by law, or with your consent.

SFPL does not rely solely on automated decision-making or profiling to make material compliance or transaction decisions that could significantly affect customers.

All significant compliance or transaction decisions are subject to review by authorised personnel.

We collect, use, and disclose your personal information on the following legal bases:

• Legal and regulatory obligations: To comply with Australian laws, including the Privacy Act 1988 (Cth), the Anti-Money Laundering and Counter-Terrorism Financing Act 2006, and AUSTRAC requirements.
• Provision of services: Where necessary to provide our remittance services, including processing transactions and managing your account.
• Consent: Where you have provided consent, including for receiving marketing communications.

In some circumstances, we are required by law to collect, use, retain, or disclose personal information, and your consent is not required or may not be able to be withdrawn.

Where SFPL is subject to legal or regulatory obligations, those obligations override any customer preference relating to the collection, use, disclosure, or retention of personal information.

We may disclose your personal information where necessary and lawful, including to:

• Banks, financial institutions, and payment partners to process and complete transactions.
• Government authorities, regulators, and law enforcement agencies (in Australia or overseas), including AUSTRAC, where required by law.
• Identity verification service providers to verify your identity.
• Service providers assisting with our operations, including IT, compliance, audit, and security services.
• Overseas partners, including financial institutions in Pakistan and other jurisdictions where remittance transactions are processed, to facilitate such transactions and related services.

We take reasonable steps to ensure that third parties handle your personal information securely and in accordance with applicable privacy and data protection requirements.

SFPL does not sell, rent, or trade personal information to third parties for marketing or unrelated commercial purposes.

In certain circumstances, SFPL may be legally restricted from informing you about how your personal information has been used or disclosed, including where doing so may breach obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 or related legal restrictions.

As part of our remittance services, your personal information may be disclosed to overseas recipients, including correspondent financial institutions and service providers located outside Australia, including in countries where funds are being sent or processed.

These recipients may be subject to laws that differ from Australian privacy laws, and you may not have the same rights in relation to your personal information.

We take reasonable steps to ensure that overseas recipients handle your personal information securely and in accordance with applicable confidentiality and data protection requirements. However, we cannot guarantee that overseas recipients will comply with privacy standards equivalent to those under Australian law.

By using our services, you acknowledge that overseas recipients may be subject to privacy or confidentiality laws that differ from those in Australia and may not provide protections equivalent to Australian privacy law.

By using our services, you acknowledge and consent to such disclosures where they are reasonably necessary for SFPL to provide its services, process transactions, meet legal or regulatory obligations, or manage operational risk.

SFPL takes reasonable steps to ensure that personal information we hold is accurate, up-to-date, complete, relevant, and not misleading.

Where inconsistencies, outdated information, or discrepancies are identified, including through transaction monitoring or compliance reviews, we may request updated information or supporting documentation from customers.

Failure to provide updated information may result in delays, restrictions, or suspension of services in accordance with our legal and regulatory obligations.

We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, or disclosure, in accordance with applicable privacy laws.

These measures include:

• Secure systems and access controls, including password-protected systems and restricted access to authorised personnel.
• Encryption of data, including data in transit and, where appropriate, at rest.
• System monitoring and security controls, including logging and detection of suspicious activity.
• Regular reviews and updates of our security practices.

We retain your personal information only for as long as necessary to:

• provide our services
• comply with legal and regulatory obligations
• resolve disputes and enforce our agreements

The length of time we retain personal information depends on factors such as the nature and sensitivity of the information, the purpose for which it was collected, and applicable legal requirements.

While your account remains active, we retain your personal information to support ongoing services and compliance obligations.

After your relationship with us ends, we are required under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 and other applicable laws to retain certain records for a minimum of seven (7) years from the date of the last transaction or the end of the customer relationship.

After the applicable retention period has passed, we take reasonable steps to securely destroy, delete, or de-identify your personal information where it is no longer required.

We periodically review the personal information we hold and take reasonable steps to ensure it is not retained longer than necessary.

Certain records, including compliance-related data and secure backups, may be retained where required to meet legal or regulatory obligations.

You have the right to:

• Access the personal information we hold about you.
• Request correction of personal information that is inaccurate, out-of-date, incomplete, irrelevant, or misleading.
• Request deletion of your personal information, subject to legal and regulatory requirements.
• Request a copy of your personal information in a commonly used format.

We will respond to such requests within a reasonable timeframe and in accordance with applicable legal requirements. We may take reasonable steps to verify your identity before processing your request.

In certain circumstances, we may refuse access where permitted by law, including where access would pose a serious threat to the life, health or safety of any individual, have an unreasonable impact on the privacy of others, be unlawful, or prejudice regulatory or enforcement activities.

If we refuse to provide access or to correct your personal information, we will provide written reasons (unless it would be unreasonable to do so) and inform you of the available complaint mechanisms.

You may also request that a statement be associated with your personal information noting that you believe the information is inaccurate, out-of-date, incomplete, irrelevant, or misleading.

Where reasonable and practicable, and upon your request, we will take reasonable steps to notify relevant third parties to whom we have previously disclosed your personal information of any correction.

Please note that under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006, we may be required to retain certain personal information and transaction records for a minimum of seven (7) years, even if a deletion request is made.

We will only send marketing communications where permitted by law or where you have provided your consent.

You may opt out of receiving marketing communications at any time by contacting us to update your preferences.

We will not use or disclose your personal information for direct marketing purposes without providing a simple and effective means for you to opt out.

You may still receive essential service-related communications, such as transaction updates, account notifications, and compliance-related messages, which are not considered direct marketing.

We may use limited cookies or similar technologies to support basic website functionality and security. We do not currently use cookies for tracking or marketing purposes.

If this changes in the future, this Privacy Policy will be updated to reflect how such technologies are used.

Our website, communications, or services may include links to third-party websites or involve third-party services, including financial institutions processing remittance transactions.

We are not responsible for their privacy practices and encourage you to review their privacy policies before providing any personal information.

If you have a concern about how we handle your personal information, you may contact us.

We will:

• Acknowledge your complaint within 3 working days.
• Aim to resolve it within 10 working days.

If you are not satisfied with our response, you may escalate your complaint to:

• The Office of the Australian Information Commissioner (OAIC); or
• An external dispute resolution body (where applicable).

We may update this Privacy Policy from time to time.

Where material changes are made, we may notify customers by publishing the updated policy on our website or by other appropriate means.

We encourage you to review this Privacy Policy regularly.

For questions, concerns, or requests regarding this Privacy Policy, please contact our Privacy Officer: