1. About us
LiteAML Pty Limited (ACN 697 814 216) is an Australian consulting firm specialising in anti-money-laundering and counter-terrorism-financing ("AML/CTF") compliance. Our services include outsourced compliance operations, AML program design and remediation, advisory, training, and on-demand AML resources for Australian businesses — particularly those with obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) ("AML/CTF Act").
Where we use a technology platform to support service delivery, we partner with AMLNow (operated by Intecco Pty Ltd), Australia's purpose-built AML/CTF compliance platform. Data processed through the AMLNow platform is subject to AMLNow's Privacy Policy in addition to this Policy.
2. The kinds of personal information we collect
2.1 Website visitors and enquirers
When you use our website, contact us, complete our readiness-check tool or download a resource, we may collect:
- name, business name, position/role and contact details (email, phone);
- your responses to readiness-assessment questions (which may include details about your business's AML/CTF obligations, regulated-entity status and compliance maturity);
- the content of messages and enquiries you send us; and
- technical information such as IP address, device and browser type, pages visited, timestamps and similar diagnostic data (see section 11).
2.2 Consulting clients
When we engage with you as a consulting client, we may collect:
- business contact information for key personnel;
- information about your business, its AML/CTF program, and its regulated activities that is necessary for us to provide our services;
- contractual and billing information; and
- records of communications and work product exchanged during the engagement.
Where our consulting services involve reviewing or advising on information that relates to your own customers (for example, as part of an AML program review), we handle that information on your instructions and as your service provider.
2.3 Sensitive information
We do not routinely collect sensitive information (such as health, biometric or criminal-history information). If it becomes necessary in the course of an engagement (for example, reviewing a client's customer due-diligence files), we will only do so with your consent or where permitted or required by law.
You can choose not to provide certain information. If you do, we may be unable to respond to your enquiry or provide some or all of our services.
3. How we collect personal information
We collect personal information:
- directly from you — when you fill in a contact or readiness-check form on our website, contact us by email or phone, or engage us for services;
- from your business — when representatives of your business interact with us in the course of an engagement;
- automatically — through your use of our website, using cookies and similar technologies (see section 11); and
- from referrers — when another business or partner refers you to us, we may receive basic contact details to facilitate the introduction.
Where it is reasonable and practicable, we collect personal information directly from the individual concerned.
4. Why we collect, hold, use and disclose personal information
We handle personal information for the following purposes:
- to respond to enquiries and assess whether our services are suitable for you;
- to provide and manage our consulting services and engagements;
- to communicate with you about our services, events and resources that may be relevant to your AML/CTF compliance obligations;
- to administer billing, invoicing and our business relationship with you;
- to improve our website, readiness tools and service offerings;
- to detect and prevent fraud, misuse and other unlawful activity;
- to comply with our own legal obligations and to establish, exercise or defend legal claims; and
- for any other purpose disclosed to you at the time of collection or to which you have consented.
We will not use or disclose personal information for a purpose other than the purpose for which it was collected (the primary purpose), unless a related secondary purpose would be reasonably expected by you, you have consented, or use or disclosure is otherwise permitted under the Privacy Act.
5. Disclosure of personal information
We may disclose personal information to:
- our service providers and contractors who help us operate our website and deliver our services, including cloud infrastructure providers, email and communications platforms, and document management tools;
- AMLNow (Intecco Pty Ltd), where you engage us to assist you in setting up or using the AMLNow compliance platform, only to the extent necessary for that purpose and subject to confidentiality obligations;
- professional advisers such as our lawyers, accountants and auditors;
- regulators, law-enforcement and government agencies (including AUSTRAC) where required or authorised by law;
- a purchaser or potential purchaser of our business or assets (subject to confidentiality); and
- any other person with your consent or as required or authorised by law.
We do not sell personal information.
6. Government-related identifiers
We do not use government-related identifiers (such as ABN, ACN, passport or driver licence numbers) as our own identifier of individuals. Where we collect such identifiers (for example, an ABN as part of onboarding a client business), we use them only for the purpose for which they were provided and as permitted under the Privacy Act.
7. Cross-border disclosure
Our primary business operations are in Australia, and we prefer Australian-hosted infrastructure where practicable. Some of our service providers may store or process personal information from outside Australia (which may include countries in the United States, the European Union, the United Kingdom and other jurisdictions).
Before disclosing personal information to an overseas recipient, we take steps that are reasonable in the circumstances to ensure the recipient handles the information consistently with the APPs, including through contractual data-protection commitments. By providing your information, you acknowledge that where you consent to an overseas disclosure, or where another exception applies, APP 8.1 may not require us to take those steps and we may not be accountable under the Privacy Act for that recipient's handling of your information.
8. Data security
We take reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure, including:
- use of reputable, security-certified cloud infrastructure;
- access controls and password-protected systems;
- encryption of data in transit; and
- limiting access to personal information to those who need it to do their job.
No method of transmission or storage is completely secure. While we work to protect personal information, we cannot guarantee absolute security.
9. Data retention
We retain personal information for as long as necessary to fulfil the purposes described in this Policy, to provide our services, and to comply with our legal obligations. Consulting engagement records may be retained for up to seven (7) years or such longer period as required by law or professional standards.
When personal information is no longer required and we are not required by law to retain it, we will take reasonable steps to destroy it or de-identify it.
10. Accessing and correcting your personal information
You may request access to, or correction of, the personal information we hold about you, subject to the exceptions in the Privacy Act. We will respond to access and correction requests within a reasonable period (usually within 30 days). We may need to verify your identity before acting on a request.
There is no fee for making a request, although we may charge a reasonable fee for giving access in some circumstances. If we refuse access or correction, we will give you written reasons and information about how to complain.
To make a request, contact our Privacy Officer using the details in section 15.
12. Notifiable data breaches
We have procedures to identify, contain and assess data-security incidents. If we become aware of an "eligible data breach" that is likely to result in serious harm to affected individuals, we will notify those individuals and the Office of the Australian Information Commissioner ("OAIC") as required under the Notifiable Data Breaches scheme in the Privacy Act.
13. Complaints
If you have a concern or complaint about how we have handled your personal information, please contact us using the details in section 15. We will acknowledge your complaint and aim to respond within a reasonable time, usually within 30 days.
If you are not satisfied with our response, you may complain to the OAIC:
- Website:
www.oaic.gov.au - Phone: 1300 363 992
- Post: GPO Box 5288, Sydney NSW 2001
14. Changes to this Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or the law. The current version will always be available on our website, with the "Last updated" date shown above. Material changes will be notified through our website or by email where appropriate.
15. Contact us
Privacy Officer
LiteAML Pty Limited (ACN 697 814 216)
Email: privacy@liteaml.com.au
Web: https://liteaml.com.au
For general enquiries: hello@liteaml.com.au