Clinch Group – PRIVACY POLICY
Clinch Group (ABN 61 642 772 316) (we, us or our) understands that protecting your personal information is important. This Privacy Policy sets out our commitment to protecting the privacy of personal information provided to us, or collected by us, when interacting with you across our business brokerage operations, digital platforms, and customer verification workflows.
As a designated business brokerage entity providing “designated services” , we operate as an AML/CTF reporting entity under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act). While we have strict statutory obligations to collect personal information for customer due diligence purposes , we handle all such information in strict compliance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
The information we collect
We collect several categories of personal information depending on whether you are a vendor (seller), a prospective purchaser (buyer), or a general user of our ecosystem:
Personal Information
- Identity Data: Your name, age, profession, and photographic identification.
- Contact Data: Your telephone number, residential or business address, and email address.
- Financial Data: Bank account and payment card details. When processed through our third-party payment processor, they store such information and we do not have direct access to those card details.
- Background Verification, KYC & Due Diligence Data: Your government-issued identification details, beneficial ownership data (if you represent a body corporate or legal arrangement), politically exposed person (PEP) status, and related verification documentation requested through our platform to comply with our customer due diligence obligations, anti-money laundering laws, and ongoing monitoring commitments.
- Transaction Data: Details about payments to you from us and from you to us, and other details of products and services you have purchased from us or we have purchased from you.
- Technical and Usage Data: When you access any of our websites or platforms, details about your internet protocol (IP) address, login data, browser session and geo-location data, statistics on page views and sessions, device and network information, acquisition sources, search queries and/or browsing behaviour, access and use of our website (including through the use of Internet cookies or analytics), and communications with our website.
- Interaction Data: Information you provide to us when you participate in any interactive features, including surveys, contests, promotions, activities, or events.
- Marketing and Communications Data: Your preferences in receiving marketing from us and our third parties and your communication preferences.
- Professional Data: Where you are a worker of ours or applying for a role with us, your professional history such as your previous positions and professional experience, or whether you hold required authorisations or licences.
How we collect personal information
We collect personal information in a variety of ways, including:
- Directly via our Platform: Digitally when you interact with our secure verification portal at www.businesssales.com.au to undergo mandatory Know Your Customer (KYC), vendor onboarding (customer due diligence), or prospective buyer screening workflows.
- Directly from You: When you provide it directly to us face-to-face, over the phone, over email, or online prior to or during an agency engagement.
- Via Digital Verification Interfaces: Interacting with accredited identity verification networks or Digital ID ecosystem partners where you choose to verify your identity via automated means.
- Form Submissions: When you complete a form, such as registering for any events or newsletters, or responding to surveys.
- Website Interactions: When you use any website we operate (including from any analytics, cookie, or marketing providers).
- Third Parties and Public Sources: From publicly available sources, corporate registries (such as ASIC), and commercial risk intelligence third parties.
Why we collect, hold, use and disclose personal information
Personal information:
We collect, hold, use and disclose your personal information for the following purposes:
- Mandatory Initial and Ongoing Customer Due Diligence: To perform Know Your Customer (KYC) identity checks, anti-money laundering risk scoring, anti-terrorism and proliferation screening, and other background checks on you before commencing designated services or “effective cause of sale” activities.
- Buyer and Seller Qualification: To conduct formal checks on buyers including Know your Business (KYB) and verify ownership details for vendors via our secure platform pipeline.
- Service Execution: To work or do business with you, handle business broker listings, and execute transactions securely.
- Communications: To contact and communicate with you about our business, including in response to any support requests you lodge with us or other enquiries you make via any website we operate.
- Administration & Billing: For internal record keeping, corporate administration, invoicing, and billing purposes;
- Development & Analytics: For analytics, market research, and business development, including to operate and improve our business, platform systems, associated applications, and social media platforms.
- Marketing: For advertising and marketing, including to send you promotional information about our events, experiences, and market data that we consider may be of interest to you.
- Recruitment: If you have applied for employment with us, to consider your employment application.
- Legal Obligations: To comply with our corporate legal obligations or if otherwise required or authorised by law.
Sensitive Information
We only collect, hold, use and disclose sensitive information for the following purposes:
- Any purposes you explicitly consent to.
- The primary purpose for which it is collected (such as mandatory criminal history screening or PEP/sanctions verification).
- Secondary purposes that are directly related to the primary purpose for which it was collected, including disclosure to listed third-party verification clearings houses as reasonably necessary to work with you.
- To contact emergency services, or to speak with your family, partner, or support person where we reasonably believe there is a serious threat to the life, health, or safety of any individual, or to public health or safety, and it is unreasonable or impracticable for us to obtain your consent.
- If otherwise required or authorised by an Australian law or a court/tribunal order.
Our disclosures of personal information to third parties
Personal information:
We will only disclose personal information (excluding sensitive information) to third parties where it is necessary as part of our business, where we have your consent, or where permitted by law. This means that we may disclose personal information (excluding sensitive information) to:
- Our employees, contractors, and/or related corporate entities.
- Specialised Third-Party AML/CTF Verification Providers: Specialized identity verification and background screening providers engaged through www.businesssales.com.au to facilitate compliant due diligence checks.
- IT service providers, data storage, web-hosting, CRM, and server providers.
- Marketing or advertising providers.
- Professional advisors, bankers, auditors, our insurers, and insurance brokers.
- Payment systems operators or processors.
- Our existing or potential agents, brokers, or business partners.
- Advisers and prospective purchasers in the event we merge with, are acquired by, or sell a portion of our corporate assets.
- Courts, tribunals, regulatory authorities, and law enforcement officers as required or authorised by law (such as mandatory threshold or financial updates to the AUSTRAC CEO), in connection with any actual or prospective legal proceedings, or in order to establish, exercise, or defend our legal rights.
Sensitive Information
We will only disclose sensitive information with your explicit consent or where required or authorised by or under an Australian law or a court/tribunal order. This means we may disclose sensitive information to regulatory bodies, courts, or specialized background-screening data processors where required to verify your legal status or ensure compliance with anti-proliferation or financial sanction listings.
Statutory Secrecy & Anti-Tipping Off Obligations
Pursuant to section 123 of the AML/CTF Act, we are bound by strict statutory secrecy laws. We are legally prohibited from disclosing to any client, vendor, buyer, or unauthorized third party that a Suspicious Matter Report (SMR) has been generated or submitted to AUSTRAC, or that a regulatory investigation is active or pending. No access or correction request under any privacy framework can override this federal non-disclosure mandate.
Overseas disclosure
We store your personal information primarily in secure infrastructure within Australia. Where we disclose your personal information to third parties, those third parties may store, transfer, or access personal information outside of Australia, including but not limited to the United States of America. We will only disclose your personal information overseas in accordance with Australian Privacy Principle 8, ensuring the recipient is subject to substantially similar data protection laws or that appropriate contractual safeguards are enacted.
Your rights and controlling your personal information
Your Choice: Please read this Privacy Policy carefully. If you provide personal information to us, you understand we will collect, hold, use and disclose your personal information in accordance with this Privacy Policy. You do not have to provide personal information to us, however, if you do not, it will affect our ability to fulfill our statutory onboarding requirements and we will be unable to provide you with designated brokerage services.
Information from Third Parties: If we receive personal information about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.
Restrict and Unsubscribe: To object to processing for direct marketing or unsubscribe from our email database, please use the opt-out facilities provided within the platform communication or contact us via the endpoints below.
Access: You may request access to the personal information that we hold about you. An administrative fee may be payable for the provision of such information. Please note that we may be legally permitted or required to withhold access to your personal information where providing access would violate a legal obligation (such as federal anti-tipping off restrictions) or interfere with law enforcement activities.
Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, please contact us. We will take reasonable steps to promptly correct the data. If we are legally permitted to refuse a correction, we will provide you with written reasons and the available mechanisms to lodge a formal complaint.
Storage and security
We use cookies, Google Analytics, and Meta platform pixels to track Technical and Usage Data on our platform to optimize user experiences, monitor system performance, and deliver relevant marketing communications. You can easily manage your tracking and ad-delivery preferences through your browser settings, Google’s Ads Preferences Manager, or Meta’s platform controls
We are committed to ensuring that the personal information we collect is secure. In order to prevent unauthorised access, modification, or disclosure, we have put in place suitable physical, electronic, and managerial procedures to protect personal information from misuse, interference, loss, and cyber threat vectors.
- Mandatory 7-Year Retention: Pursuant to section 111 of the AML/CTF Act and corporate record-keeping requirements, all customer due diligence records, identity documents, risk assessments, and transaction logs must be securely retained for a minimum period of seven (7) years from the date the service relationship ceases or your final account is settled.
- Data Breach Indemnity & Third-Party Allocation: We maintain robust data handling agreements with all integrated third-party AML/CTF screening networks. Our agreements clearly allocate administrative and legal responsibility in the event of an eligible data breach, ensuring that strict security protocols shield our systems and your personal information from unauthorized exposure.
User-Generated Content
We may enable you to post reviews, comments, photos and other user-generated content. Any content you choose to submit will be accessible by anyone, including third parties not associated with us. We have no control over how others may use or misuse information you make publicly available. We are not responsible for the privacy, security or accuracy of any user-generated content you choose to post or for the use or misuse of that information by any third parties.
Cookies and Analytics
We use cookies, Google Analytics, and Meta platform pixels to track Technical and Usage Data on our platform to optimize user experiences, monitor system performance, and deliver relevant marketing communications. You can easily manage your tracking and ad-delivery preferences through your browser settings, Google’s Ads Preferences Manager, or Meta’s platform controls
Links to other websites
Our website may contain links to other party’s websites. We do not have any control over those websites and we are not responsible for the protection and privacy of any personal information which you provide whilst visiting those websites. Those websites are not governed by this Privacy Policy.
Amendments
We may, at any time and at our discretion, vary this Privacy Policy by publishing the amended Privacy Policy on our website. We recommend you check our website regularly to ensure you are aware of our current Privacy Policy.
For any questions or notices, please contact us at:
Clinch Group (ABN 61 642 772 316)
Email: info@clinchgroup.co
If you are not satisfied with our internal complaint resolution process, you maintain an absolute statutory right to escalate the matter directly to the Office of the Australian Information Commissioner (OAIC).
Updated 01/07/2026