header search

Sidenav Overview

Back to budgewoi.ljhooker.com.au

Sidenav Overview

LJ Hooker Budgewoi | Toukley

85-87 Scenic Drive, BUDGEWOI NSW 2262

Ph: (02) 4390 5555

budgewoi@ljhooker.com.au

85-87 Scenic Drive Budgewoi 2262

Trading Hours

Weekdays: 9am - 5pm

Saturday: 9am - 5pm

Sunday: By Appointment

Home Privacy Policy

Privacy Policy

Privacy Policy – LJ Hooker Budgewoi | Toukley

The privacy policy utilised by LJ Hooker Budgewoi | Toukley is designed to reduce the high risk of identity theft and data breaches.

    • Transparency: Agents must explicitly state how personal information is collected, used, disclosed and destroyed.
    • In-person Collection: Agents must reflect in-person data collection (e.g at open for inspections) and this data must be made easily accessible should a client request it. Be careful with paper registers as they can be a breach of APP11 because other people can take photographs of the register. If you do use paper registers, ensure that reasonable steps are taken so they are kept secure, and others cannot access the details. If someone does not consent to provide information you can bar access to the open for inspection. If they provide information, then you have obtained their voluntary consent.
    • Minimised Data Collection: Agents must only collect necessary information, reducing the collection of excessive details such as tattoos, relationship status, full social media history, or unnecessary financial details, such as excessive request for bank statements is prohibited.
    • Secure Destruction: Personal information must be destroyed or de-identified when no longer needed. To destroy information implies rendering it irretrievable, rather than merely archiving it. To de-identify information means to make it so that the identity of that individual can no longer be ascertained from that information. New standards require the destruction of unsuccessful tenant information. This data can no longer be kept “just in case” and stricter rules also apply for third-party CRM platforms.
    • Standardised Applications: New laws mandate a standard rental application form to clarify what information can and cannot be collected, aimed at preventing intrusive and non-essential requests.
    • AI Disclosure: AI-generated images in rental listings must be disclosed to prevent misleading advertisements.
    • Legal Obligations: Agents must comply with the 13 Australian Privacy Principles (APPs) if their turnover exceeds $3 million, including strict data breach notification requirements. This is irrespective of your business structure.
    • Consent & Use: Personal information must not be used or disclosed for any purpose other than what was originally authorised, including for marketing activities. Any “direct marketing” type of communication should have an easy to use “unsubscribe” functionality to comply with APP7 and the SPAM Act.
    • Request for personal information: You cannot charge a person for making a request to access their personal information, but you can charge them a fee for providing them access to the information. This fee cannot be excessive, and could include staff related costs of locating, sorting through and assembling the personal information as well as reproducing and sending it, and the costs associated with any material or postage required.

 

 

 

Compliance Steps

    • LJ Hooker Budgewoi | Toukley reviews and updates company privacy policies on an annual basis to ensure compliance with legislation and to reflect the new restrictions on data collection, storage, and destruction.
    • LJ Hooker Budgewoi | Toukley implements secure, permanent, and automated deletion methods for prospective tenant data, contractors and filenotes.
    • LJ Hooker Budgewoi | Toukley trains and educates all staff on the implementation of privacy legislation as it affects daily practice within the agency.
    • LJ Hooker Budgewoi | Toukley conducts reviews and due diligence on all third-party service providers, such as CRM and IT platforms (and has written agreements with these third-party companies) for compliance with data retention and deletion policies.
    • LJ Hooker Budgewoi | Toukley ensures that explicit, voluntary consent is obtained for marketing, particularly when using data collected at open homes.
    • LJ Hooker Budgewoi | Toukley educates staff on the new privacy obligations and has created a formal Data Breach Response Plan that contains the identity and contact details of the organisation, a description of the data breach, the kinds of information affected, recommendations for affected people and if it is notifiable to the Office of the Australian Information Commission (OAIC). (see proforma at the end of this policy)
    • LJ Hooker Budgewoi | Toukley displays clear, updated collection notices at all open homes and on digital platforms, explaining why data is collected and how the data will be used.

 

 

What is Personal Information?

When used in this Privacy Policy, the term “Personal Information” has the meaning given to it in the Act. In general terms, it is any information that can be used to personally identify you. This may include your name, address, telephone number, email address, credit information and profession or occupation. If the information we collect personally identifies you, or you are reasonably identifiable from it, the information will be considered Personal Information.

 

What type of Personal Information does LJ Hooker Budgewoi | Toukley collect and hold about you?

LJ Hooker Budgewoi | Toukley may collect any of the following information about you if you are a current or prospective vendor, purchaser or landlord of real estate or if you visit our website or make an enquiry with us via another method:

  • contact details (including, name, address, telephone number and email address);
  • driver’s licence number;
  • current property ownership and title details;
  • desired property ownership details; and
  • details of properties sold or acquired by you

 

If you are a current or prospective tenant for a rental property, LJ Hooker Budgewoi | Toukley may collect the following additional information from you:

  • contact details (including, name, address, telephone number and email address);
  • driver’s license number;
  • employment details such as your employment status, employer, salary, length of employment;
  • other sources of income; and
  • personal and financial referees whom we may contact about your application.

 

Sometimes LJ Hooker Budgewoi | Toukley may also need to ask you for other forms of Personal Information to enable us to provide services to you.

How does LJ Hooker Budgewoi | Toukley collect Personal Information about me?

LJ Hooker Budgewoi | Toukley collects your Personal Information directly from you unless it is unreasonable or impracticable to do so. When collecting Personal Information from you, LJ Hooker Budgewoi | Toukley may collect in various ways, including emails, letters, telephone calls.

 

LJ Hooker Budgewoi | Toukley may collect information about you from the following third party sources:

  • databases in the public domain such as telephone indexes, Australia Post database, Titles Office or other property databases; and
  • referrals and recommendations from existing clients of LJ Hooker Budgewoi | Toukley.

 

As part of the process of entering into lease or rental agreements with you, LJ Hooker Budgewoi | Toukley may disclose your information to authorised credit or tenant checking agencies.

 

Does LJ Hooker Budgewoi | Toukley use automated decision-making tools?

Automated decision-making refers to when an organisation uses technology (like algorithms or AI systems) to make decisions about individuals with no human involvement or minimal human review. For example:

  • automatically approving or rejecting tenancy applications based on credit score checks.
  • auto-calculating rent increases based on market data.
  • using AI chatbots to decide maintenance request prioritisation.
  • AI generated email responses for email enquiries.

Currently, the Privacy Act 1988 does not contain a specific right for individuals to know when decisions about them are made solely by automated means. However:

  • the Australian Privacy Principles (APPs) still apply. So, organisations must:
    • be transparent about how personal information is collected and utilised (APP 1)
    • not collect more data than necessary (APP 3)
    • take reasonable steps to ensure the data is accurate (APP 10)

LJ Hooker Budgewoi | Toukley does NOT use any automated decision-making AI tools. If the agency does commence to utilise such services, this Privacy Policy will be amended accordingly.

What happens if we can’t collect your Personal Information?

If you do not provide LJ Hooker Budgewoi | Toukley with the Personal Information described above, some or all of the following may happen:

  • we may not be able to provide our services to you, either to the same standard or at all; or
  • we may not be able to provide you with information about services that you may want, including information about new properties that are available for lease or purchase.

 

Why does LJ Hooker Budgewoi | Toukley collect, hold, use and disclose your Personal Information?

LJ Hooker Budgewoi | Toukley collects information for a range of purposes including:

  • enable our agency to provide you with the services and/or products you may require;
  • to comply with local, state and federal legislation or regulations, and those specifically related to real estate property sales, rental and administration;
  • to enable our agency to assist you with related services, as required;
  • for our internal administrative, marketing, planning, product development and research requirements;
  • to update our agency’s records and keep your contact details up to date;
  • to deal with your queries or customer service issues promptly, whether by email, telephone or mail;
  • to conduct relevant business processing functions; and
  • to process and respond to any complaint made by you.

 

Your Personal Information will not be shared, sold, rented or disclosed other than as described in this Privacy Policy.

 

How does LJ Hooker Budgewoi | Toukley use the Personal Information held about you?

Any Personal Information about you that our agency collects and records will only be used or disclosed by our agency for the purpose of:

  • compliance with obligations under real-estate regulations and laws applicable for all states in Australia;
  • for our agency’s administrative, planning, product or service development, quality control and research purposes; and
  • complying with any other relevant laws or regulations.

 

LJ Hooker Budgewoi | Toukley may also use or disclose the information it collects for any other purpose specified to you at the time of collection.

 

 

Direct marketing?

Our agency may send you direct marketing communications and information about our services that we consider may be of interest to you. These may include:

  • offering to provide you with products or services provided by our agency and third party providers; or
  • sending you news and other information about our agency’s activities and general promotional material which we believe may be of interest to you.

 

These communications may be sent in various forms, including mail, SMS and email, in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth). When our agency does this, we will provide you with the opportunity to opt-out from receiving any further communication from our agency.

 

You may at any time request not to receive direct marketing from LJ Hooker Budgewoi | Toukley by contacting our agency or by using opt-out facilities provided in the marketing communications and we will then ensure that your name is removed from our mailing list.

 

The LJ Hooker Budgewoi | Toukley website

LJ Hooker Budgewoi | Toukley privacy policy also applies to our website at www.budgewoi.ljhooker.com.au

 

When you access our website, we may send a “cookie” (which is a small summary file containing a unique ID number) to your computer. This enables us to recognise your computer and greet you each time you visit our website. Our cookies do not collect Personal Information, although they do identify your browser. If you do not wish to receive cookies, you can set your browser so that your computer does not accept them.

 

As our website is linked to the Internet, and the Internet is inherently insecure, we cannot provide any assurance regarding the security of transmission of information you communicate to us online. We also cannot guarantee that the information you supply will not be intercepted while being transmitted over the Internet. Accordingly, any Personal Information or other information, which you transmit to us online, is transmitted at your own risk.

 

Our website may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third party website and we are not responsible for the privacy policies or the content of any third party website. Third party websites are responsible for informing you about their own privacy practices.

 

 

Does LJ Hooker Budgewoi | Toukley utilise services that are located outside of Australia?

Strata managers and property managers regularly handle sensitive information (owners’ contact details, tenancy applications, bank details). As such, agencies must ensure robust privacy policies and staff training on updated obligations. For those agencies who utilise data services outside of Australia, there are Cross-border disclosure implications, under APP8. Such disclosures are required if:

  • personal information is sent to or stored on servers overseas (e.g. cloud-based software with data centres outside Australia)
  • outsourced administration, virtual asssistants or IT services are provided from overseas locations

The new Privacy Act Amendments require:

  • Reasonable steps to ensure the overseas recipient does not breach the APPs, unless:
    • an exception applies (e.g. the individual consents after being expressly informed of the risks), or
    • the recipient is subject to a law or binding scheme substantially similar to the APPs

It is extremely important for agencies and agency owners to note that accountability remains with the Australian entity if a breach occurs overseas.

The actions that the agency implements in relation to cross-border services, include:

  1. Audit cross-border data flows
    • Identify if any personal information is disclosed or stored overseas (including cloud providers).
  2. Review contracts with IT and/or offshore employment providers
    • Ensure contractual clauses require compliance with APPs or equivalent standards.
  3. Update privacy policies and collection notices
    • Clearly inform owners and tenants if personal data is stored or accessed overseas.
  4. Implement stronger security and governance measures
    • This will mitigate risk of substantial penalties under the new enforcement regime.
  5. Train all agency staff on:
    • Updated breach notification obligations
    • Privacy impact assessments for new systems or providers

 

The amendments emphasise accountability for how personal information is handled both in Australia and overseas. In the strata and property sector, where cloud-based management systems, outsourced administration, or international ownership structures are common, proactive compliance, rather than a reactive approach is critical to avoid severe penalties and reputational damage.

What happens if I want to access or correct the Personal Information held about me?

You may request access to your Personal Information held by our agency, at any time by contacting us. We will try to provide you with suitable means of accessing your Personal Information (for example, by mailing or emailing it to you). We will respond to your request for access within 7 days and endeavour to provide the requested information within 21 days.

There may be instances where LJ Hooker Budgewoi | Toukley cannot grant you access to the Personal Information we hold. For example, we may not be able to provide access to information in the following situations:

  • where in our opinion providing the information your request, may create a serious threat to the life or health of any individual or may be an unreasonable intrusion into the privacy of another individual;
  • where your request for access is, in our agency’s opinion, frivolous or vexatious; or
  • where providing access would be unlawful, may prejudice an investigation of possible unlawful activity, may prejudice enforcement of law, or denying access is specifically authorised by law.

 

If for any reason our agency does not allow you to access your Personal Information, we will provide you with reasons in writing for our decision.

 

If you believe that Personal Information that our agency holds about you is incorrect, incomplete or inaccurate, then you may request that we amend it. LJ Hooker Budgewoi | Toukley will consider if the information requires amendment. If our agency does not agree that there are grounds for amendment, then we will add a note to the Personal Information stating that you disagree with it.

 

To whom does LJ Hooker Budgewoi | Toukley disclose my Personal Information?

We may disclose your Personal Information:

  • to employees of our agency and our contractors or service providers for the purposes of operation of our website or our business, fulfilling requests by you, and to otherwise provide services to you;
  • if you are a tenant of any property that we are managing, to a National Tenancy Database;
  • to suppliers and other third parties with whom we have commercial relationships, for business, marketing, and related purposes; and
  • to any organisation for any authorised purpose with your express consent.

There are some instances when our agency may need to provide your Personal Information to third parties. LJ Hooker Budgewoi | Toukley may be bound by law to provide your details to government-related bodies, including the Local Council, Law Enforcement, Titles Office or the Residential Tenancies Bond Authority.

 

LJ Hooker Budgewoi | Toukley does not sell your personal details to other organisations. We may however use the information about you to assist us with internal marketing and research.

 

We may disclose your Personal Information to entities located outside of Australia, including our data hosting and other IT service providers, who may pass information to secondary data hosting providers located outside of Australia.

 

How does LJ Hooker Budgewoi | Toukley keep my Personal Information secure?

LJ Hooker Budgewoi | Toukley will take reasonable steps to ensure information collected, used or disclosed is stored in a secure environment that is accessed only by persons authorised by our agency so as to prevent interference, misuse, loss, unauthorised access, modification or disclosure.

 

If the Personal Information is no longer needed for any purpose, our agency will take reasonable steps to destroy or permanently de-identify the Personal Information.

 

LJ Hooker Budgewoi | Toukley endeavours to provide a secure environment and a reliable system but you should be aware that there are inherent risks associated with the electronic storage and transmission of information (particularly via the Internet) which cannot be guaranteed to be 100% secure.

 

Who do I contact for further information?

Kimberly Pryce – Office Manager can assist you with any enquiries you have about the information that we hold about you.

 

What if I have a complaint or concern?

If you have a complaint or concern you can email, Budgewoi@ljhooker.com.au or phone our agency on 4390 5555. We will do our best to try and resolve your complaint within 30 days.

 

What if you are unable to resolve my complaint or concern?

If we are unable to resolve your complaint within this time, or you are unhappy with the outcome, you may refer your complaint to the Australian Information Commissioner. The Australian Information Commissioner can be contacted at the below details:

 

The Office of the Australian Information Commissioner

GPO Box 5218

Sydney NSW 1042

Phone: 1300 363 992

E-mail: enquiries@oaic.gov.au

 

This privacy property was last updated on 27th March 2026.

 

Third‑Party Platforms, Overseas Handling & Data Locations

We use the third‑party platforms listed below to provide real estate sales, rental, marketing, inspection, document, IT, and business services.
These platforms are cloud‑based and, according to their published privacy policies, personal information may be stored, processed, or accessed in Australia and/or overseas.

Where overseas handling occurs, we take reasonable steps to ensure personal information is handled consistently with the Australian Privacy Principles (APPs). We remain accountable under the Privacy Act 1988 (Cth).

Schedule — Platforms, Regions & Privacy Policies

Important note:
Many providers do not guarantee Australia‑only handling. Where a provider lists regions broadly (e.g. “global operations” or “overseas service providers”), we reflect that wording exactly, which is acceptable under OAIC guidance.

realestate.com.au (REA Group Ltd)

Use: Sales & rental listings, enquiries, inspections, leads
Regions disclosed:

Domain Group (Domain Holdings Australia Limited)

Use: Property advertising, marketing, enquiries, data tools
Regions disclosed:

    • Australia
    • Overseas locations used by Domain, related entities, and technology providers (not exhaustively listed)
      Privacy policy: [imjhealth.org]
    • https://www.domain.com.au/connections/privacy [imjhealth.org]

Homepass

Use: Open‑home & inspection check‑in, visitor management, CRM sync
Regions disclosed:

    • Australia
    • Overseas locations where cloud hosting, analytics, messaging, and integration services operate
      Privacy policy: [propertyme.com]
    • https://www.homepass.com/privacy [propertyme.com]

Ignite (REA Group Ltd)

Use: Digital advertising, marketing, lead services
Regions disclosed:

    • Australia
    • Overseas locations used by REA Group and its service providers (including cloud hosting and analytics)
      Privacy policy: [igniteco.com]
    • https://www.realestate.com.au/legal/privacy-policy [igniteco.com]

PropertyMe

Use: Property management & trust accounting
Regions disclosed:

    • Australia
    • Overseas locations used for cloud hosting, backups, support, and development (including New Zealand and other regions used by service providers)
      Privacy policy: [jacmac.com.au]
    • https://www.propertyme.com.au/privacy-policy/ [jacmac.com.au]

MOVE (Inhabit)

Use: CRM & real estate business operations
Regions disclosed:

    • Australia
    • United States and other countries where Inhabit, its affiliates, and cloud/service providers operate
      Privacy policy: [microsoft.com]
    • https://inhabit.com/privacy-policy/ [microsoft.com]

LJ Hooker (Corporation Ltd & Franchising Pty Ltd)

Use: Franchise systems, marketing & operational platforms
Regions disclosed:

    • Australia
    • Overseas locations via IT systems, software platforms, and service providers used by LJ Hooker and its franchise network
      Privacy policy: [helpy.io]
    • https://www.ljhooker.com.au/Legals/Privacy-Policy [termsfeed.com]

Realhub (Realhub Marketplace Ltd / Realhub 365)

Use: CRM, marketing, digital workflows
Regions disclosed:

Inspection Express (iProperty Express Pty Ltd)

Use: Property inspections, reports, photos, videos
Regions disclosed:

    • Australia
    • Overseas locations used for cloud hosting, backups, security, and support (GDPR‑aligned where applicable)
      Privacy policy: [learn.microsoft.com]
    • https://ipropertyexpress.com/privacy-policy/ [learn.microsoft.com]

FLK it over Pty Limited

Use: E‑signatures, digital forms, document workflows, VOI
Regions disclosed:

    • Australia
    • Overseas locations used by cloud infrastructure and service providers supporting the platform
      Privacy policy: [neweracap.com.au]
    • https://flkitover.com/privacy-policy/ [ljhooker.com.au]

Microsoft 365 (Microsoft Corporation)

Use: Email, documents, collaboration, security
Regions disclosed:

New Era Technology

Use: Managed IT, cloud, cybersecurity
Regions disclosed:

 

 

Data Breach Response Plan

 

1. Organisation Details & Responsibilities

    • Data Breach Response Team (DBRT):
      • Licencee In Charge – Damian Montgomery
      • Franchise Owner – Rebecca Montgomery
      • Office Manager & Privacy Officer – Kimberley Pryce
      • New Era Technology – IT Support
      • Aubrey Brown Partners – Legal
      • LJ Hooker Ltd – PR Support
    • Internal Reporting Procedure: Staff must immediately report suspected breaches to Privacy Office, Licensee-In-Charge & Franchise Owner.

 

2. Step 1: Containment and Preliminary Assessment

    • Containment Action: Immediately isolate affected systems, change passwords, or revoke access to prevent further data loss.
    • Preliminary Assessment:
      • Date, time, and location of the breach.
      • Type of information involved (e.g., personal, health, financial).
      • Cause of the breach (e.g., cyberattack, human error, lost device).
      • Number of individuals affected.

 

3. Step 2: Evaluate the Risk (Serious Harm Assessment)

    • Assess whether the breach is likely to result in serious harm (physical, psychological, emotional, financial, or reputation) to individuals.
    • If remedial action successfully mitigates the risk, notification may not be required.

 

4. Step 3: Notification

    • Notify OAIC: If it is an "Eligible Data Breach," report to the Office of the Australian Information Commissioner using the online form. https://webform.oaic.gov.au/prod?entitytype=DBN&layoutcode=DataBreachWF
    • Notify Individuals: Clearly communicate to affected individuals what happened, what information was involved, and steps they should take.

 

5. Step 4: Prevention and Review

    • Prevent Re-occurrence: Implement long-term security measures (e.g., encryption, training, system updates).
    • Review Plan: Evaluate the response effectiveness to improve future security.

 

Key Considerations

    • Timeline: The assessment should ideally be completed within 30 days of discovering a suspected breach.
    • Documentation: Keep detailed records of all actions taken, even if the breach did not require notification.
    • Legal Advice: Engage external legal or IT experts if needed.