Privacy Policy
Last updated: 2 July 2026
- Introduction
Broadleaf Financial Group Limited (“Broadleaf”) does not provide financial planning services and does not ordinarily collect end-client financial advice information. The information collected by “Broadleaf” is related to investee company personnel, directors, shareholders, vendors, referrers, due diligence materials, financial records, governance records, and occasional incidental client information.
“Broadleaf” does not ordinarily collect personal information about financial planning clients directly. Where we receive such information, it is usually incidental to due diligence, investment monitoring, governance, compliance, audit, or transaction activities, and we take steps to limit, de-identify, redact, or securely handle that information where practicable.
“Broadleaf” is committed to providing quality services to you and this policy outlines our ongoing obligations to you in respect of how we manage your Personal Information.
We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The APPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information.
A copy of the Australian Privacy Principles may be obtained from the website of the Office of the Australian Information Commissioner at www.oaic.gov.au.
- What is Personal Information
Personal Information is information or an opinion that identifies an individual. Examples of Personal Information we collect include names, addresses, email addresses, phone numbers and social media accounts.
This Personal Information is obtained in many ways, including from the individual directly; investee companies; target companies during due diligence; vendors, sellers and their advisers; public registers; ASIC and other corporate records; professional advisers; service providers; websites and media.
If a business or individual provides us with Personal Information about another person, we expect and assume that they have that person’s permission to provide it to us, and that they have made that person aware their Personal Information will be handled in accordance with this Policy.
“Broadleaf” is committed to requesting only the information reasonably necessary for the investment or governance purpose.
- Anonymity and Pseudonymity
Where it is lawful and practicable to do so, you have the option of not identifying yourself, or of using a alias, when dealing with us — for example, when making a general enquiry about our business.
In many cases, however, it will not be practicable for us to deal with you on an anonymous or alias basis, including where we are required by law to verify your identity, where we need to know your identity to properly assess or manage an investment, governance, compliance or due diligence matter, or where dealing with you anonymously or under an alias would prevent us from providing our services or meeting our legal obligations.
- Unsolicited Personal Information
From time to time we may receive Personal Information that we did not solicit, for example, where it is included in due diligence materials, correspondence, or documents provided to us by investee companies, target companies, vendors or other third parties.
Where we receive unsolicited Personal Information, we will assess whether we could have lawfully collected it had we requested it. If we determine that we could not have lawfully collected the information, and it is not contained in a Commonwealth record, we will take reasonable steps to destroy or de-identify that information as soon as practicable, provided it is lawful and reasonable to do so. If we determine that we could have lawfully collected the information, we will handle it in accordance with this Policy.
- What is Sensitive Information
Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual’s racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.
Sensitive information will be used by us only:
- for the primary purpose for which it was obtained;
- for a secondary purpose that is directly related to the primary purpose; or
- with your consent, or where required or authorised by law.
- Why do we collect your Information?
“Broadleaf” collects your Personal Information for the primary purpose of providing our services to you, and providing information to our clients and stakeholders. We may also use your Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure.
When we collect personal information, we will, where appropriate and possible, explain to you why we are collecting the information and how we plan to use it.
The personal information that we collect may be used for conducting due diligence on potential investments or acquisitions; assessing and managing investments; corporate governance and board reporting; financial reporting, valuation and forecasting; employment, contractor and HR administration; legal, tax, audit, insurance and compliance obligations; risk management; fraud prevention; dispute resolution; integration or restructuring activities; and communicating with business contacts.
If we use your Personal Information to send you marketing or promotional communications, you may opt out at any time by contacting us using the details in section 17.
- How We Use Your Personal Information
Your Personal Information may be disclosed in a number of circumstances, including the following:
- where required or authorised by law;
- in connection with legal proceedings or prospective legal proceedings, or to establish, exercise, or defend our legal rights; and
- to third parties where you consent to the use or disclosure.
This may include disclosure to: directors and board observers; professional advisers; auditors; lawyers; accountants; insurers; financiers; banks; valuation consultants; technology, payroll, HR, cloud and data-room providers; regulators and government agencies; and dispute-resolution bodies.
Where we disclose your Personal Information to service providers, agents, or subcontractors for these purposes, we require them to handle that information in accordance with this Policy and applicable privacy laws.
“Broadleaf” does not sell personal information.
Use of Artificial Intelligence and Automated Tools
“Broadleaf” does not make decisions with legal or similarly significant effects about individuals solely by automated means or the use of automated decision-making or AI. If this changes, we will update this policy to explain the kinds of personal information used and the kinds of decisions involved.
We may use artificial intelligence, automation, analytics and similar technology tools to support our business operations, including document review, summarisation, research, administration, reporting, due diligence, compliance, cyber security, data analysis and productivity.
Where these tools involve personal information, we take steps designed to ensure that the collection, use and disclosure of that information is lawful, fair, reasonably necessary for our business activities, and subject to appropriate security and access controls.
We do not intentionally enter sensitive personal information, financial planning client files, health information, tax file numbers, identity documents or other highly confidential information into publicly available AI tools, unless we have assessed that it is lawful, appropriate and subject to suitable safeguards.
We may use AI-assisted tools to generate summaries, identify trends, support due diligence, review documents or assist staff, but we do not rely on AI tools as the sole basis for decisions that have a significant legal or similarly significant effect on an individual without appropriate human review.
Where practicable, we use de-identified, aggregated or redacted information when using AI tools.
- 8. Overseas Disclosure of Personal Information
We do not directly engage overseas third-party contractors. However, some of the cloud storage, data processing, or technology platforms we use to store or manage Personal Information may store or process data on servers located outside Australia.
If we do disclose Personal Information to an overseas recipient, we take reasonable steps to ensure that recipient handles the information consistently with the Australian Privacy Principles — for example, through contractual arrangements — unless an exception under the Privacy Act applies, such as where you have given informed consent to the disclosure.
If you would like more information about whether, or where, your Personal Information may be handled overseas, please contact us using the details in section 17.
- Government Related Identifiers
We do not use, adopt or disclose a government related identifier (such as a tax file number, Medicare number, or driver’s licence number) as our own identifier for an individual, except where this is required or authorised by or under an Australian law or a court/tribunal order, or another exception under the Privacy Act applies.
Where we receive government related identifiers in the course of due diligence, compliance, tax, or audit activities, we handle that information in accordance with the security and retention practices described in this Policy.
- Security of Personal Information
Your Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorised access, modification or disclosure, including through multi-factor authentication; restricted permissions; confidentiality obligations; encryption where appropriate; audit logs; secure disposal; staff training; vendor due diligence; and incident response and data breach procedures.
Where we use secure document-sharing platforms or data rooms, we use access controls and other security measures designed to limit access to only authorised users.
Please note that the transmission of information over the internet is not completely secure. While we take reasonable steps to protect your Personal Information, we cannot guarantee the security of information you transmit to us electronically, and any such transmission is at your own risk.
Personal information is only kept for as long as reasonably necessary for investment, legal, tax, audit, governance, employment, insurance or dispute-resolution purposes.
When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy, delete or permanently de-identify your Personal Information.
- Data Breach Notification
Under the Privacy Act, we are required to notify the Office of the Australian Information Commissioner (OAIC) and any affected individuals if we experience an eligible data breach involving your Personal Information.
An eligible data breach generally occurs where there is unauthorised access to, or unauthorised disclosure of, Personal Information we hold, and a reasonable person would conclude that this is likely to result in serious harm to the individuals concerned. Serious harm may include financial loss, identity theft, damage to reputation, or other significant harm.
Where we are required to notify you of an eligible data breach, we will provide details of the breach, the type of information involved, the steps we have taken or plan to take in response, and any recommendations for steps you can take to protect yourself.
There are some circumstances in which notification is not required, including where we take remedial action before serious harm occurs, where you have already been notified by another entity, or where an exception under the Privacy Act otherwise applies.
- Third Parties
Where reasonable and practicable to do so, we will collect your Personal Information only from you. However, in some circumstances we may be provided with information by third parties. In such a case, we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.
Our website may contain links to third-party websites or services. We are not responsible for the content, availability, security or privacy practices of those third-party websites or services. You should review the privacy policy of any third party you interact with.
- Business Assignment
In the event of a sale, restructure, or transfer of all or part of our business, we may need to transfer some of the Personal Information we hold to the purchaser or transferee so that the relevant business activities can continue.
We will only transfer your Personal Information in these circumstances with your prior consent, except where the transfer is otherwise permitted or required by law. Where practicable, we will notify you before any such transfer takes place and provide you with the opportunity to ask questions about how your information will be handled.
- Maintaining the Quality of your Personal Information
It is important to us that your Personal Information is up to date. We will take reasonable steps to make sure that your Personal Information is accurate, complete and up to date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.
- Access to and Correction of your Personal Information
You may access the Personal Information we hold about you and update and/or correct it, subject to certain exceptions. If you wish to access your Personal Information, please contact us in writing at info@broadleafgroup.com.au.
We may decline a request for access to your Personal Information in certain circumstances permitted by law, for example where the request is frivolous or vexatious, or where providing access would be unlawful or would unreasonably impact the privacy of another person. If we refuse a request for access, we will provide you with reasons for our decision.
In order to protect your Personal Information, we may require identification from you before releasing the requested information.
If we correct Personal Information that we have previously disclosed to another entity, and you request that we notify that entity of the correction, we will take reasonable steps to do so, unless it is impracticable or unlawful.
If we refuse to correct Personal Information as you have requested, we will provide you with written reasons for the refusal and information about how you may complain about that decision. If you ask us to associate a statement with the information to the effect that you believe it is inaccurate, out of date, incomplete, irrelevant or misleading, we will take reasonable steps to do so.
- Policy Updates
This Policy may change from time to time. Any updates will be published on our website, and the version in effect at the relevant time will apply. We do not typically notify individuals directly of changes to this Policy, unless required to do so by law. We encourage you to review this Policy periodically to stay informed of how we handle your Personal Information.
- Privacy Policy Complaints and Enquiries
If you have any queries or complaints about our Privacy Policy, please contact us at:
Broadleaf Financial Group Limited
5A Churchill Court, 335 Hay Street, Subiaco WA 6008
Phone: +61 8 6500 7888
Email: info@broadleafgroup.com.au
If you are not satisfied with our response to your complaint, you may refer the matter to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.