Privacy Policy
Laguna Bay Group Pty Ltd (and all its subsidiaries including LBPC Services Pty Ltd ABN 56 168 904 916, AFS licence: 461135, and its authorised representatives) (the Company, we, our, us) is committed to respecting the privacy of its investors, clients and other individuals we deal with by ensuring that it manages any personal information it collects or holds in accordance with the Australian Privacy Principles (APPs).
This Privacy Policy is current as at February 2026 and may be updated from time to time and is available electronically on the Company’s website (www.lagunabay.com.au). The Company will provide a copy of it free of charge and in any form reasonably requested (eg. electronically or in hard copy).
Kinds of personal information the Company collects and holds
The Company will only collect an individual’s personal information which is reasonably necessary for it to issue interests in its financial products and operate its financial services business. Such information may include:
- identification information (e.g. name, date of birth, occupation);
- contact details (e.g. address, email, phone number, IP address);
- financial information (e.g. bank account or investment details);
- employment and background information; and
- information contained in identification documents.
In some circumstances, we may also collect sensitive information (such as health information or criminal history information) where reasonably necessary and with your consent, or as otherwise permitted by law.
Criminal history information (e.g. police checks) may be collected for fit and proper person assessments, regulatory compliance and risk management purposes and will only be used and disclosed for those purposes.
Without this information, the Company would not be able to issue its financial products and financial services to its Unitholders.
Certain privacy obligations under the Privacy Act do not apply to employee records in limited circumstances. However, we remain committed to handling all personal information responsibly and in accordance with applicable laws.
Can an individual remain anonymous when dealing with the Company?
Given the nature of the Company’s financial products and services, it is not practical for the Company to deal with individuals who wish to remain anonymous or would prefer to identify themselves only by way of pseudonym.
How the Company collects and holds personal information
When collecting, using or disclosing personal information, the Company will take such steps as are reasonable in the circumstances to ensure that the information is accurate, up-to-date and complete.
The Company will only collect personal information in a lawful and fair manner. Wherever possible, personal information will be collected directly from the individual.
We may also collect personal information from third parties and other sources, including employers, referees, service providers, publicly available sources (such as LinkedIn), and marketing or event lists. Where we collect sensitive information, we will only do so with your consent or as otherwise permitted by law.
If the Company receives unsolicited personal information it will, within a reasonable period of time, assess whether it would otherwise have been entitled to collect the information in accordance with this Privacy Policy. If the personal information could have been collected by the Company, it will ensure that this Privacy Policy is complied with in respect of that information and it will notify the individual:
(a) that the unsolicited personal information has been collected;
(b) of the circumstances of that collection; and
(c) provide access to a copy of this Privacy Policy.
If the personal information could not have been collected by the Company, it will destroy the information or ensure that the information is de-identified.
At or before the time or, if that is not practicable, as soon as practicable after, the Company collects personal information about an individual, the Company will ensure the individual is aware:
(a) of the Company’s identity and its contact details;
(b) that the collection of personal information is permitted by the Company under the Corporations Act 2001 and the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 and/or a particular court/tribunal order;
(c) of the purpose for which the Company collects the personal information;
(d) of the main consequences (if any) for the individual if all or some of the personal information is not collected;
(e) of any other entity (or type of entity) to which the Company generally discloses the personal information it collects;
(f) that the Company’s Privacy Policy contains information about how the individual may:
(i) access and seek correction of the personal information about the individual that the Company holds; and
(ii) complain about a breach of the APPs and how the Company will deal with such a complaint; and
(g) of whether the Company is likely to disclose the personal information to overseas recipients.
Unless permitted by law, the Company will not adopt a government related identifier (e.g. a tax file number) of an individual as its own identifier and it will only disclose such identifiers for the purposes of verifying the identity of the individual, or as permitted by law or as is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
The Company will ensure that in relation to any personal information it holds that it will take reasonable steps to protect the information from:
- misuse, interference and loss; and
- unauthorised access, modification or disclosure,
including through physical, technological and organisational security measures such as access controls, encryption, multi-factor authentication and staff training.
We retain personal information, only for as long as necessary to fulfil the purposes for which it was collected, to comply with legal obligations or for legitimate business purposes, after which it is securely destroyed or de-identified.
The purpose for which the Company collects, holds, uses and discloses personal information
The Company collects, holds, uses and discloses personal information for the purposes of issuing its securities and operating its financial services business. This includes administering its registry of members (via an external service provider), providing appropriate financial services and communicating with Unitholders and other relevant parties.
We may also disclose personal information within our corporate group and to third party service providers who assist us in operating our business, subject to appropriate confidentiality and privacy obligations.
Where the Company collects an individual’s personal information for a particular purpose (i.e. the primary purpose), it will not use that information for another purpose (i.e. a secondary purpose) unless the individual has consented to the use or disclosure of that information or:
(a) it would be reasonably expected that the information would be disclosed for a secondary purpose which is related to the primary purpose (and in relation to sensitive information for a secondary purpose which is directly related to the primary purpose); or
(b) the use or disclosure of the information is legally required, specifically authorised by the APPs or reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
The Company will record in writing circumstances where it uses or discloses personal information for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
Personal information collected by one entity within the Company group may be used by another entity within the group provided that the personal information is held, used and disclosed for the same primary purpose.
The Company does not normally disclose personal information about its Unitholders to outside parties, except those contracted to provide services to the Company. These may include the Company’s professional advisers and contracted service providers – e.g. registry, administrator, auditors, lawyers, property managers, custodian and consultants.
With consent, the Company will disclose personal information to a Unitholder’s accountant, financial consultant or other person or organisation they nominate. Personal information may also be disclosed to the Australian Taxation Office or other government authorities or agencies as required by law.
If the Company uses or discloses personal information for direct marketing purposes, it will include a simple and free means of ‘opting-out’ of receiving future direct marketing material and it will ensure that it respects such requests, within a reasonable period of time and notifies any other organisation it is using to facilitate the direct marketing. If the Company has not collected the personal information directly from the individual, the ‘opt-out’ statement will be prominent. The Company will not use sensitive information for direct marketing purposes.
If the Company uses personal information provided by a source other than the individual for direct marketing purposes, the individual may request the Company to provide details of the source of the information. The Company will provide this information free of charge and within a reasonable period of time.
If the Company uses the personal information for direct marketing purposes, it will ensure that it complies with the requirements of the Do Not Call Register Act 2006, the Spam Act 2003 and the Corporations Act 2001.
We may use automated systems and processes (for example, for risk assessment purposes). Where such processing has a significant impact on you, you may request information about how the decision was made and request human review.
How an individual may access and seek correction of personal information held by the Company
Generally, the Company will provide an individual with access to their personal information in a manner they request and within a reasonable period of time after the request is made. An individual can request the Company to correct any personal information it holds about that individual.
To apply for access or to request a correction to personal information, contact the Privacy Officer by:
| Writing to: | Privacy Officer, PO Box 2007, New Farm QLD 4005 | |
| Visiting: | Level 1, 69 Robertson Street, Fortitude Valley QLD 4006 | |
| Calling: | +61 7 3062 2514 | |
| Emailing: | [email protected] |
There are no charges for an individual requesting access to personal information. However, the Company may charge a fee to provide access, provided that such fee is not excessive.
As set out in the APPs, some exceptions apply. If the Company relies on one of the exceptions or is unable to provide the personal information in the manner requested by the individual, it will take such steps (if any) as are reasonable in the circumstances to give access in a way that meets the needs of both the Company and the individual and it will provide a written notice setting out:
(a) the reasons for the refusal except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so; and
(b) the mechanisms available to complain about the refusal; and
(c) any other relevant matter.
Having regard to the purpose for which the personal information is held, if the Company is satisfied that the information is inaccurate, out of date, incomplete, irrelevant or misleading or a request is received from an individual, the Company will take such steps as are necessary to correct that information. This will be done free of charge within a reasonable period after the request has been made. If the Company has provided that information to a third party, the individual may request the Company to notify that third party of that correction.
If the Company refuses to correct an individual’s personal information it will provide a written notice to the individual setting out:
(a) the reasons for the refusal except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so; and
(b) the mechanisms available to complain about the refusal; and
(c) any other relevant matter.
If the Company refuses to correct an individual’s personal information and the individual requests the Company to associate a statement that the information is inaccurate, out of date, incomplete, irrelevant or misleading with that information, the Company must take such steps as are reasonable in the circumstances to associate the statement in such a way that will make the statement apparent to users of the information. This will be done free of charge within a reasonable period after the request has been made.
Obligations in the event of a data breach
The Company will respond to data breaches by:
(a) containing the breach and taking remedial action;
(b) assessing the breach, including within required timeframes;
(c) notifying affected individuals and regulators where required; and
(d) taking steps to prevent future breaches.
An eligible data breach occurs where there is unauthorised access to or disclosure of personal information and serious harm is likely. If there are grounds to suspect an ‘eligible’ data breach has occurred, the Company will undertake a reasonable and expeditious assessment (within 30 days).
If it is found that an ‘eligible’ data breach has occurred, affected individuals and the Office of the Australian Information Commissioner will be notified as soon as practicable.
How an individual can complain about a breach of the APPs and how the complaint will be dealt with
An individual may complain to the Company about a breach of the APPs by the Company by contacting the Privacy Officer by:
| Writing to: | Privacy Officer, PO Box 2007, New Farm QLD 4005 | |
| Visiting: | Level 1, 69 Robertson Street, Fortitude Valley QLD 4006 | |
| Calling: | +61 7 3062 2514 | |
| Emailing: | [email protected] |
The complaint will be handled in an appropriate, timely and courteous manner.
Disclosure of personal information to overseas recipients
We may disclose personal information to overseas recipients in connection with providing our services. Where we do so, we will take reasonable steps to ensure that the recipient handles the information in accordance with Australian privacy laws, including through contractual safeguards or other appropriate protections. In some circumstances, we may obtain your consent before disclosing your information overseas.
