Privacy Policy

CONSUMER PRIVACY POLICY

YPA Estate Agents Last updated: 23 March 2026

  1. About this policy

YPA Estate Agents, its related bodies corporate and franchisees (together YPA, we, our, us) is committed to protecting the privacy of individuals whose personal information we handle. We are bound by the Privacy Act 1988 (Cth) (Act), including the Australian Privacy Principles (APPs), and this policy describes how we collect, hold, use and disclose personal information.

  1. What personal information we collect

Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not and whether recorded in a material form or not.

We may collect the following kinds of personal information depending on the service we are providing to you:

  • Contact details — name, address, phone number, email address
  • Identification documents — driver’s licence or other photo ID (collected at property inspections for safety and security purposes; see section 7)
  • Property information — current property ownership details, property preferences
  • Rental application information — the information prescribed by Schedule 1 of the Residential Tenancies Regulations 2021 (Vic), which includes employment details, income, rental history and references. We collect only the information permitted by the prescribed application form and do not ask for more
  • Identity verification data — information required to verify your identity under AML/CTF laws when you buy or sell property (see section 8)


Sensitive information is a subset of personal information that includes information about an individual’s
racial or ethnic origin, political opinions, religious beliefs, sexual orientation, criminal record or health. We do not generally collect sensitive information unless required by law or with your consent.


We may also collect non-personal information such as anonymised survey responses or aggregated website usage data.

  1. Cookies and tracking technologies

Our website uses cookies and similar technologies. A cookie is a small text file stored on your device that
helps us understand how you interact with our site.

Strictly necessary cookies — required for the website to function (e.g. session management, security
tokens). These cookies cannot be disabled through our systems, but you may be able to block them via your browser settings. Doing so may prevent the website from functioning correctly.

Analytics cookies — we use Google Analytics to collect anonymised data about how visitors use our
website, such as pages visited, time on site and referring URLs. You can opt out of Google Analytics by
installing the Google Analytics Opt-out Browser Add-on. For more information, see Google’s Privacy Policy.

Third-party cookies — our website uses CoreLogic LeadPlus, a property valuation and lead generation tool. When you use this tool, CoreLogic may set cookies and collect personal information such as your name, contact details and property interest. CoreLogic handles this information in accordance with its own privacy policy, available at www.corelogic.com.au/privacy.

We do not currently use advertising or retargeting cookies. If this changes, we will update this policy and seek your consent before setting such cookies.

You can manage or disable cookies through your browser settings. Disabling certain cookies may affect the functionality of our website.

  1. Anonymity and pseudonymity

Where practicable, you have the option of not identifying yourself or of using a pseudonym when dealing with us. However, in many cases we will need to identify you to provide our services — for example, to process a rental application, facilitate a property sale, or comply with legal obligations such as AML/CTF identity verification.

  1. How we collect personal information

We collect personal information directly from you wherever reasonably practicable, including:

  • through your use of our website
  • by phone, email or letter
  • in person at property inspections, meetings or open homes
  • when you submit a rental application, make an offer, or engage us to sell your property
  • when you enter competitions or promotions, or request information from us
  • when you complete surveys or provide feedback

We may also collect personal information from third parties, including:

  • credit reporting agencies, law enforcement agencies and government bodies
  • your representatives (lawyers, accountants, financial advisers)
  • your employer (for rental applications)
  • property portals and lead services such as realestate.com.au, domain.com.au and Local Agent Finder
  • publicly available sources
  • identity verification service providers (see section 8)
  • other organisations where you have given consent
  1. Why we collect, use and disclose personal information

We collect, use and disclose your personal information for the following purposes:

  • Providing our services — facilitating property sales, purchases, leasing and property management
  • Communication — responding to your enquiries, providing property updates, and sending information you have requested
  • Legal and regulatory compliance — meeting our obligations under real estate, tenancy, AML/CTF and other applicable laws
  • Identity verification — verifying your identity as required by law (see section 8)
  • Property inspections — recording attendee identity for safety and security (see section 7)
  • Business operations — internal administration, training, quality control, complaint handling and dispute resolution
  • Marketing — sending you information about properties, services and promotions that may interest you (see section 11)
  1. Photo identification at property inspections

For the safety and security of our staff and the properties we manage, we require all persons aged 18 and
over attending a property inspection to present valid photo identification.

At an inspection we may ask for your full name, phone number and email address.

Primary purpose: To advise appropriate authorities and insurers if an accident occurs, or a crime is
committed or suspected to have been committed, at the property or in its immediate vicinity. You may not opt out of the primary purpose if you wish to enter the property for inspection.

Secondary purposes: Your information may also be used to:

  • inform the rental provider or vendor of those attending the inspection
  • provide you with further information or documentation about the property
  • negotiate offers to buy or lease that you may make for the property
  • where you have not opted out and where permitted by law, include your personal information in a database of potential vendors, purchasers, rental providers or renters for marketing purposes

You may opt out of all secondary purposes by informing our agent at the inspection. If you opt out, we will not be able to contact you with updates about the property or give you any further information on the sale or lease.

We sight your photo ID for verification only. We do not copy or store your identification documents from
inspections.

  1. Identity verification and AML/CTF compliance

From 1 July 2026 real estate agents are reporting entities under the Anti-Money Laundering and
Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act). When you buy or sell property in Australia, we
are required by law to:

  • verify your identity before providing designated services
  • understand beneficial ownership and control of any entity involved in the transaction
  • report suspicious matters and certain transactions to AUSTRAC
  • retain records of identification, transactions and compliance activities as required by law

To meet these obligations we may share your identification information with third-party identity verification providers, including:

  • AMLHub — identity verification and AML/CTF screening (Australia)
  • Reapit Verify — identity verification integrated with our property management platform (Australia)
  • ApplyID — digital identity verification (Australia)

These providers verify your identity and assist us in meeting our AUSTRAC reporting obligations. All providers listed above are based in Australia and process your information within Australia. If this changes, we will update this policy accordingly.

You cannot opt out of identity verification where it is required by law. Failure to provide the required
identification may mean we are unable to act for you in the transaction

  1. Who we disclose personal information to

We may disclose your personal information to:

  • Our network — our employees, related bodies corporate, franchisees and their agents, as needed to provide our services
  • Property and CRM platforms — we use customer relationship and property management systems such as Rex Software, Reapit AgentBox, ARO / Eagle, PropertyMe and PropertyTree to manage listings, contacts and transactions. These platforms primarily store data in Australia but may use overseas infrastructure or support services
  • Rental application platforms — such as REA Ignite, Snug and Reapit Lettings (2Apply), which process rental applications on our behalf
  • Rental compliance services — such as CheckHero, for rental compliance checks
  • Identity verification providers — AMLHub, Reapit Verify, ApplyID and similar services for AML/CTF compliance
  • Tenancy databases — such as the National Tenancy Database, where relevant to property management
  • Utility connection services — we may refer you to providers such as Compare & Connect and ConnectNow to assist with connecting utilities. We will only share your personal information with these providers where you have consented or where permitted by law. Once you engage with these services, they handle your personal information under their own privacy policies
  • Other service providers — IT and hosting providers, payment processors, mailing houses, professional advisers (accountants, lawyers, conveyancers), debt collectors and other contractors who assist our operations
  • Government and regulatory bodies — including the Titles Office, RTBA (Residential Tenancies Bond Authority) and AUSTRAC, as required by law
  • Law enforcement — where required or authorised by law
  • Other parties — with your express consent

We will not sell your personal information.

  1. Overseas disclosure

Our primary data storage is located in Australia. Some of our employees are based overseas and may access personal information in the course of their duties. Third-party platforms we use (see section 9) may also store or process data using overseas infrastructure.

Where practicable, we take reasonable steps to ensure overseas recipients handle personal information in
accordance with the APPs. In some cases, we may rely on your consent or another permitted exception under the Act before disclosing personal information overseas.

  1. Direct marketing

We may send you marketing communications about our properties and services by mail, SMS or email, in
accordance with the Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth).

We will only send you electronic marketing where we have your express consent (for example, you have
opted in via a form or at an inspection) or where we have inferred consent from an existing relationship with you (for example, you are a current client or have recently enquired about a property).

You may opt out of marketing communications at any time by:

  • using the unsubscribe link in any email or SMS
  • contacting us using the details in section 16

We will process your opt-out request promptly. Opting out of marketing does not affect communications we are required to send you by law or that are necessary to provide our services.

  1. Automated decision-making

Where we use a computer program (including artificial intelligence) to make, or do something substantially and directly related to making, a decision that could reasonably be expected to significantly affect your rights or interests, we will disclose this in this section.

We may use AI tools to assist our staff, but final decisions that affect your rights or interests are always made by a human. If this changes, we will update this policy.

  1. How we store and secure personal information

We take reasonable technical and organisational measures to protect personal information from misuse,
interference, loss, unauthorised access, modification and disclosure. These measures include:

  • access controls limiting personal information to authorised personnel
  • encryption of data in transit and at rest
  • regular review of our information security practices

No method of electronic storage or transmission is completely secure. If you have reason to believe your
interaction with us is no longer secure, contact us immediately using the details in section 16.

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected or as required by law. The following indicative retention periods apply:

Record typeMinimum retention periodSource
Estate agency records (trust
records, transaction documents,
authority agreements)		7 yearsEstate Agents Act 1980 (Vic) /
Consumer Affairs Victoria
Residential tenancy records
(lease agreements, condition
reports, bond records)		7 yearsResidential Tenancies Act 1997
(Vic)
AML/CTF identification and
transaction records		7 years after the relationship or
transaction ends		Anti-Money Laundering and
Counter-Terrorism Financing
Act 2006 (Cth)
Tax and financial records5 yearsIncome Tax Assessment Act
1997 (Cth)

When personal information is no longer needed for any purpose for which it may be used or disclosed, and we are not required by law to retain it, we will take reasonable steps to destroy or de-identify it.

  1. Notifiable data breaches

If we experience a data breach that is likely to result in serious harm to any individual whose personal
information is involved, we will notify the affected individuals and the Office of the Australian Information
Commissioner (OAIC) as required under Part IIIC of the Act.

  1. Accessing and correcting your personal information

You have the right to request access to the personal information we hold about you and to request correction if it is inaccurate, incomplete or out of date. Contact us using the details in section 16 and we will respond within 30 days.

We will not charge for making a request or for corrections. We may charge a reasonable fee for access
requests requiring significant effort; any fee will be communicated before we proceed. In limited circumstances we may refuse access — for example, where it would unreasonably impact the privacy of others. If we refuse, we will provide written reasons. If we decline to correct information, we will add a note recording your disagreement at your request.

  1. How to contact us

If you have questions about this policy, wish to access or correct your personal information, opt out of
marketing, or raise a privacy concern, contact our Privacy Officer:

Privacy Officer
Post: 22A Trade Park Drive, Tullamarine VIC 3043
Email: corporate@ypa.com.au

  1. Complaints and changes to this policy

If you believe we have breached your privacy, please contact our Privacy Officer. We will acknowledge your complaint promptly, investigate it, and provide you with a written response. We aim to resolve complaints within 30 days where practicable.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian
Information Commissioner:

Office of the Australian Information Commissioner (OAIC)
Website: www.oaic.gov.au
Phone: 1300 363 992 Post: GPO Box 5218, Sydney NSW 2001

Under the Privacy Act 1988 (as amended), individuals also have the right to seek a remedy through the courts for a serious invasion of privacy.

We may update this policy from time to time. The current version will always be available on our website.