1. About This Policy
This Privacy Policy describes how PacificNet Solutions Pty Ltd (ABN 87 687 750 572) (‘PacificNet’, ‘we’, ‘us’, or ‘our’) collects, uses, holds, and discloses personal information through our website at pacificnet.com.au, PacificNet AML platform and in the course of providing our services.
We are committed to handling personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Policy applies to all visitors to our website, prospective clients who engage with our readiness assessment or contact forms, training course purchasers, and clients receiving advisory or technology services.
By visiting pacificnet.com.au or providing us with your personal information, you acknowledge you have read and understood this Policy.
2. Personal Information We Collect
2.1 Website Visitors
When you visit pacificnet.com.au, we may automatically collect non-personally identifying information including your browser type, IP address, pages visited, and referring URL. This information is used solely for website analytics and improvement purposes.
2.2 Contact and Enquiry Forms
When you submit a readiness assessment request or contact form, we collect:
- Your name and the name of your firm
- Your industry or profession
- Your email address and, optionally, your phone number
- A description of the services your firm provides
This information is used to respond to your enquiry and, if applicable, to schedule and conduct a Tranche 2 Readiness Assessment.
2.3 Training Course Purchases
When you purchase or enrol in one of our training courses, we collect your name, email address, billing details (processed securely by Stripe), and the name of your employer or firm. We also collect course progress, assessment results, and certificate details.
Training and certification records are retained for seven years as evidence of staff competency, consistent with AUSTRAC record-keeping expectations.
2.4 Advisory and Technology (KYC/KYB) Clients
When we provide advisory or identity verification (KYC/KYB) services, we collect the personal information necessary to deliver those services. Depending on the engagement, this may include your full name, date of birth, residential and contact details, copies of government-issued identity documents, and, where electronic identity verification is used, biometric information — a facial image and/or a short ‘liveness’ video used to confirm your identity against your document.
Biometric information is ‘sensitive information’ under the Privacy Act 1988 (Cth). We collect and use it only with your express consent and only for the purpose of identity verification. Section 8 explains how this information is processed.
2.5 Intake Forms
Where firms engage us, we collect business, governance, and compliance information through our online intake forms (provided via Tally.so) to scope and deliver our services. This information is routed to our secure systems for processing.
3. How We Use Personal Information
We use personal information to:
- Respond to enquiries and conduct readiness assessments
- Deliver our advisory, training, and identity verification services
- Process payments and issue training certificates
- Verify identity and conduct AML screening where we are engaged to do so
- Meet our legal and regulatory obligations, including under the AML/CTF Act and Rules
- Maintain records as required by law
- Improve our website and services
- Send service updates and, where you have consented or not opted out, marketing communications
4. Marketing Communications
We may send you information about our services, regulatory developments, and related updates where you have provided your details or consented to receive them. Every marketing email includes an unsubscribe link, and you can opt out at any time by using that link or by contacting us. Opting out of marketing does not affect transactional or service-related communications. We handle marketing in accordance with the Spam Act 2003 (Cth).
5. LinkedIn Advertising and Analytics
Our website uses the LinkedIn Insight Tag to enable conversion tracking and retargeting through LinkedIn Campaign Manager. This tag may set cookies on your browser that collect data about your visit to our website, including pages visited and whether you completed a conversion action (such as submitting a readiness assessment form).
LinkedIn is the data controller for data processed through its Insight Tag. You can opt out of LinkedIn’s use of this data for advertising purposes through your LinkedIn account settings or via the LinkedIn Opt-Out page. For more information, please refer to LinkedIn’s Privacy Policy.
We do not permit LinkedIn or any other advertising platform to use your personal information to serve advertising on our behalf without your consent.
6. Disclosure of Personal Information
6.1 Service Providers
We may disclose your personal information to third-party service providers who assist us in delivering our services, including:
- Sumsub — identity verification, KYC/KYB, and AML screening platform (data may be processed and stored internationally; refer to Sumsub’s Privacy Policy)
- Google — intake form and data collection platform
- Stripe — payment processing (Stripe is the data controller for payment data)
- LinkedIn — advertising and conversion tracking (see Section 5)
All service providers are required to handle personal information in a manner consistent with the Australian Privacy Principles, or equivalent standards.
6.2 Required Disclosures
We may disclose personal information where required by law, including in response to a valid request from a regulatory authority such as AUSTRAC, or where otherwise required or authorised by Australian law. In some circumstances, the law may prevent us from notifying you that such a disclosure has been made.
6.3 No Sale of Personal Information
We do not sell, rent, or trade personal information to third parties for their own marketing or commercial purposes.
7. Overseas Disclosure
Some of our service providers (including Sumsub) may store or process personal information outside Australia. Where personal information is disclosed to overseas recipients, we take reasonable steps to ensure those recipients handle it in a manner consistent with the Australian Privacy Principles, as required by APP 8.
The Privacy Act provides a mechanism for the Minister to declare countries or binding schemes that offer substantially similar protection to the APPs. Where no such determination applies to a recipient, we continue to rely on the reasonable-steps obligation in APP 8.1. Before disclosing biometric or other sensitive information overseas in connection with identity verification, we obtain your consent.
8. Identity Verification and Automated Decision-Making
Where we are engaged to verify identity, we use Sumsub to carry out electronic identity verification and AML screening. This involves automated processing, including document authentication, biometric face-matching and liveness detection, deepfake detection, and screening against sanctions lists, politically exposed person (PEP) databases, adverse media, and other watchlists.
These automated checks inform, but do not by themselves determine, decisions about whether identity has been verified and whether we are able to provide a particular service. Verification outcomes are reviewed by trained personnel and, where escalation is required, by our Compliance Officer, before a decision is made.
Biometric information is sensitive information under the Privacy Act 1988 (Cth) and is collected and used only with your express consent, solely for identity verification. You may withdraw consent at any time, although we may then be unable to verify your identity and, as a result, unable to provide certain services.
From 10 December 2026, new transparency obligations under the Privacy Act apply to organisations that use automated processing to make, or substantially assist in making, decisions that could significantly affect an individual’s rights or interests. We will keep this Policy updated to describe the personal information used and the kinds of decisions made or substantially assisted by automated means, in line with those obligations.
If you would prefer not to undergo electronic verification, please contact us to discuss alternative means of verifying your identity.
9. Data Security
We take reasonable steps to protect personal information from misuse, interference, and loss, and from unauthorised access, modification, or disclosure. These steps include restricting access to information on a need-to-know basis, using reputable platforms that apply encryption in transit, and storing records securely. Where we engage third-party providers, we rely on their security measures and contractual or regulatory obligations to protect the information they process on our behalf.
10. Data Retention
We retain personal information only for as long as necessary for the purposes for which it was collected, or as required by law. Training and certification records, and records relating to compliance, customer due diligence, and identity verification, are retained for seven years, consistent with AUSTRAC record-keeping requirements. General enquiry and marketing records are typically retained for around two years. When information is no longer required, it is securely destroyed or de-identified.
11. Access and Correction
You have the right to request access to the personal information we hold about you and to request correction of information that is inaccurate, out of date, incomplete, or misleading. To make a request, please contact us using the details in Section 13. We will respond within 30 days. We may need to verify your identity before processing your request, and in limited circumstances permitted by law we may decline access, in which case we will explain why.
12. Complaints
If you have a concern or complaint about how we have handled your personal information, please contact us first using the details in Section 13, and we will try to resolve it promptly. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
- Phone: 1300 363 992
- Website: www.oaic.gov.au
- Post: GPO Box 5288, Sydney NSW 2001
13. Contact Us
For any questions about this Policy or how we handle your personal information, please contact:
PacificNet Solutions Pty Ltd
Email: admin@pacificnet.com.au
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our services, technology, legal obligations, or regulatory environment. The most current version will always be available at pacificnet.com.au/privacy. We encourage you to review this Policy periodically.
Material changes will be notified on our website. Your continued use of our website or services after any changes constitutes acceptance of the updated Policy.
Questions about this Policy?
We’re happy to explain how we handle your personal information.
Email us at admin@pacificnet.com.au