1. Our commitment to your privacy

CRE Brokers recognises the importance of protecting your privacy and the security of your personal information. We are committed to handling personal information responsibly and in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This Privacy Policy explains how we collect, use, disclose, and manage personal information across our business — including through our website at www.crebrokers.com and in connection with the commercial real estate and business sale services we provide.

2. What personal information we collect

The types of personal information we may collect and hold include:

• Full name, date of birth, and gender
• Contact details (address, phone number, email address)
• Employment details and professional background (where relevant to a transaction)
• Identity documents (e.g. passport, driver’s licence, Medicare card)
• Business and entity information (e.g. company name, ABN, ACN, trust details, ASIC extract data)
• Beneficial ownership and director information
• Financial information (e.g. transaction details, source of funds, credit history)
• Website usage data (IP address, browser type, cookies — see Section 6)
• Any other information you provide to us directly or as part of a transaction

3. How we collect personal information

We collect personal information through various means, including:

• Direct interactions with you (e.g. meetings, phone calls, emails, enquiry forms)
• Our website (e.g. contact forms, cookies, analytics tools)
• Our CRM and verification platform (Reapit Sales / Reapit Verify)
• Third parties involved in a transaction (e.g. solicitors, accountants, financiers)
• Publicly available sources (e.g. ASIC registers, AUSTRAC-accessible databases, government records)

Where reasonable and practicable, we collect personal information directly from you. If we collect information from third parties, we will take reasonable steps to notify you.

4. Why we collect personal information

We collect, hold, use, and disclose personal information for purposes including:

• Providing commercial real estate and business sale services
• Managing client and counterparty relationships
• Responding to enquiries and requests
• Verifying identity and conducting due diligence as required by law (see Section 5)
• Managing billing, payments, and transaction records
• Communicating with you about our services
• Complying with legal and regulatory obligations
• Improving our services and website functionality

5. Identity verification and AML/CTF obligations

From 1 July 2026, CRE Brokers is a reporting entity under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act). We are legally required to collect and verify identity information for all sellers and purchasers in commercial real estate and business sale transactions.

What this means for you

As part of our AML/CTF compliance program, we are required to:

• Collect and verify your identity before or during a transaction (Know Your Customer / KYC)
• Verify the identity and ownership structure of any business or entity involved in a transaction (Know Your Business / KYB)
• Identify beneficial owners and controllers of companies, trusts, and other entities
• Assess the risk profile of each transaction and the parties involved
• Monitor transactions for unusual or suspicious activity
• Retain identity and transaction records for a minimum of 7 years
• Complying with legal and regulatory obligations
• Improving our services and website functionality

6. Website usage, cookies, and analytics

When you visit www.crebrokers.com, we may automatically collect certain technical information, including:

• Date and time of your visit
• Pages accessed and time spent on each page
• Referring website or search terms used
• IP address, browser type, and device information

This information is used for website administration, analytics, and improving user experience. It is not linked to personally identifiable information unless you choose to provide it.

Cookies

We use cookies to store visitor preferences and improve your experience on our website. A cookie is a small file placed on your device when you visit our site. You can manage or disable cookies through your browser settings; however, some features of our website may not function as intended if cookies are disabled.

We may use third-party analytics tools (such as Google Analytics) to help us understand how visitors use our website. These tools may set their own cookies. We do not use our website to serve third-party advertising, and we do not sell your browsing data to advertisers.

7. Disclosure of personal information

We may disclose personal information to:

• Other parties to a transaction (e.g. solicitors, financiers, accountants, settlement agents)
• Government agencies and regulators, including AUSTRAC, as required by the AML/CTF Act
• The Australian Federal Police, state police, or other law enforcement bodies where required or authorised by law
• ASIC, the ATO, and other statutory bodies where required
• Our identity verification platform provider (Reapit Verify)
• Our CRM and property management software providers (Reapit Sales, Agentbox, PropertyMe)
• External professional advisers (e.g. lawyers, accountants)
• Entities involved in a business transfer or restructuring involving CRE Brokers

We take reasonable steps to ensure that third-party service providers comply with their own privacy obligations. We do not sell personal information to third parties.

8. Overseas disclosure

We do not routinely disclose personal information overseas. Where our technology providers store or process data offshore (e.g. cloud infrastructure), we take reasonable steps to ensure those providers comply with standards consistent with Australian privacy law.

Where overseas disclosure is required by law (e.g. international sanctions screening), we will comply with our obligations under the AML/CTF Act.

9. Data security and storage

We take reasonable steps to protect personal information from misuse, loss, unauthorised access, modification, or disclosure. Our security measures include:

• Secure electronic storage and access controls
• Encryption and firewall protections
• Staff training and confidentiality obligations
• Secure verification platforms with biometric and document authenticity controls

We retain personal information only as long as necessary for the purposes for which it was collected, and in accordance with any legal retention obligations. Under the AML/CTF Act, identity and transaction records must be retained for a minimum of 7 years.

When personal information is no longer required, we take reasonable steps to destroy or de-identify it securely.

10. Access and correction

You may request access to, or correction of, your personal information held by us at any time. We will respond to your request in accordance with the Australian Privacy Principles.

We may decline access in limited circumstances (e.g. where access would unreasonably affect the privacy of another individual, or where we are prohibited from disclosure by law, including the AML/CTF Act).

If you believe your information is inaccurate, incomplete, or out of date, please contact us and we will take reasonable steps to correct it.

11. Privacy breaches

In the event of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth).

12. Children’s information

Our website and services are directed at adults engaged in commercial real estate and business sale transactions. We do not knowingly collect personal information from children under the age of 18. If you believe we have inadvertently collected such information, please contact us immediately and we will take prompt steps to remove it.

13. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or technology. The current version will always be available at www.crebrokers.com. We encourage you to review this policy periodically.

This policy was last updated in June 2026, and supersedes all prior versions including the previous policy dated September 2016.

14. Contact us

If you have any questions about this Privacy Policy, wish to access or correct your personal information, or wish to make a privacy complaint, please contact:

CRE Brokers — Privacy & Compliance
Email: mail@crebrokers.com
Phone: 1300 767 802
Website: www.crebrokers.com

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• Website: www.oaic.gov.au
• Phone: 1300 363 992

Our obligations

From 1 July 2026, new federal laws require CRE Brokers, along with all other regulated commercial real estate and business sales agencies, to comply with Australia’s Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) rules.

Under these laws, all regulated businesses must:

• verify the identity of sellers and purchasers
• understand the purpose and nature of each transaction
• assess and document risks associated with each matter
• keep clear, accurate records of decisions and checks performed

We are legally required to complete these checks before we can progress a transaction.

This applies to all commercial real estate and business sale transactions we facilitate.

Why these checks matter

Money laundering is a serious issue in Australia. Criminals use legitimate businesses — including real estate and business sales — to disguise billions of dollars in illegal funds each year.

These funds can be linked to:

• drug trafficking
• human exploitation
• terrorism financing
• large-scale financial fraud

Strong AML/CTF controls help prevent criminal networks from using professional services to move or conceal illicit money. Every identity check and risk assessment we perform contributes to protecting our clients, our industry, and the broader community.

Our verification process

Our process is designed to be straightforward, efficient and secure. Most clients complete it quickly once the required information is provided.

1. Share your details — We request basic identity information and any relevant documents relevant to the transaction.
2. Verify your information — Identity and ownership details are checked securely through our approved verification system.
3. Clarify anything missing — If further documents or information are needed, we will let you know promptly.
4. Complete the assessment — We review the transaction, assess risk, and finalise the required AML/CTF checks.
5. Proceed with your transaction — Once checks are complete, we progress your matter without delay.

Verification is a mandatory legal requirement. It is not discretionary and applies to all parties in every transaction we facilitate, regardless of transaction size or deal type.

Our commitment to your privacy

We take the privacy and security of your personal information seriously. All identity and verification data collected for AML/CTF purposes is handled in accordance with our Privacy Policy and applicable Australian privacy laws.

Your information is used solely for the purposes of satisfying our legal obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 and is not shared with third parties except as required by law.

For more information, please refer to our Privacy Policy