At Gather Wealth Pty Ltd ("Gather", "we", "our", "us"), we are committed to protecting your privacy and ensuring that your information is handled with care.

This privacy policy explains what personal data we collect, why we collect it and how we protect it. By using our service, you agree to our Privacy Policy.

2.1 Personal Information

Personal Information means any information that identifies or relates to a particular individual (often referred to as “personally identifiable information” or “PII”).

Data that has been anonymised or de-identified and cannot be linked with an individual is not considered Personal Information.

2.2 Service

"Service" or “Product” refers to any website, mobile app, or similar interface provided to the customer by Gather.

2.3 Service Providers

“Service Providers” help us run our business and provide our products and services to you. They may include hosting, analytics, database, and communication providers, as well as security consultants who help us reduce security vulnerabilities in our software.

2.4 Consumer Data Right

Consumer Data Right (”CDR”, “Open Banking”) is a government-regulated system that lets you safely share your banking and energy data with trusted entities like Gather.

Organisations must go through a rigorous vetting process to provide CDR services to you. The Australian Competition and Consumer Commission (ACCC) manages this process. CDR is opt-in and you control who can access your CDR Data and how it is used. More information on CDR can be found here.

Gather is a vetted CDR Representative. We partner with Basiq, an Accredited Data Recipient, to provide you with secure access to your financial information under the CDR framework. You can read Basiq's privacy policy here.

Our guiding principle is to only collect the information we need to provide you with our Services.

To provide you Services to organise and build your wealth, we collect financial information, including account information, transactional histories, account numbers, and balances/limits, as well as general identity data such as your name, email, phone number and addresses.

We may collect information from your browser, and device, including IP address, geographical location, search terms, device description, device operating system, browsing times and dates, user ID, location information, page view statistics, website traffic information, referral url, web log information.

We may also collect statistically aggregated information about how both unregistered and registered users collectively use our Services.

Our use of your personal information will always have a lawful basis, either because you have consented to our use of your personal information or because it is reasonably necessary to provide our services and undertake our activities.

We may use your personal information for the following purposes:

We do not sell your information or use it for a purpose other than stated in this policy unless you expressly consent or direct us to do so.

We may disclose your information - at your direction - if you integrate a third-party service into your use of our products.

We may also disclose your information to law enforcement, government officials, or other third parties if required by law or if we believe in good faith that the disclosure is necessary to prevent physical harm or financial loss, to report suspected illegal activity, or to investigate violations of our Terms of Service.

We may also access, hold and use aggregated information about the people that use our services. Aggregated information won’t identify you or any other individual but simply provides us with non-personally identifiable data that we’ll use to improve our services, understand our users’ needs and develop tailored content. We may disclose this aggregate information to third parties for purposes including research and publishing statistics related to our business. Although you would have provided us with the information we aggregate for these purposes, it won’t identify you or enable you to be personally identified.

Your information is protected by security measures including data encryption, firewalls, secure coding practices, multi-factor authentication, certified hosting infrastructure and information access controls. You can read more about our security practices here.

If you believe your information has been compromised, please contact us at: [email protected]

The infrastructure that powers our Services is primarily located in Australia. However, we may process certain data with our Service Providers located in the United States and Europe. We vet Service Providers to validate that they adhere to our strict security and privacy standards.

We aim to ensure personal information is accurate, up-to-date and complete. Please ensure that you provide us with accurate information.

You have the right to ask for access to personal information that we hold about you, and ask that we correct that personal information. Following your access request, we must give you access to your personal information and we must take steps to correct it if we consider it is incorrect, unless we are prevented from doing so under a relevant law.

We will require you to verify your identity before we give you access to your information or correct it. If we refuse to give you access, or correct it, we must notify you in writing of the reasons.

We may update this Privacy Policy from time to time. The latest version will always be available on our website. We encourage you to review this policy periodically to stay informed about how we manage your personal information.

If you have any questions, comments, or concerns about this privacy policy, your data, or your rights with respect to your information, please get in touch by emailing us at [email protected]

If you need additional information about the Australian Privacy Principles, the Privacy Law or our obligations you can also access the website of The Office of the Australian Information Commissioner (http://www.oaic.gov.au/).