Privacy policy
HLBullion (Havilah Liberty Pty Ltd)
1. Introduction
HLBullion (Havilah Liberty Pty Ltd) (“HLBullion”, “we”, “us”, “our”) is committed to protecting your privacy and handling personal information in a transparent, secure, and responsible manner.
We recognise that clients value discretion and trust, particularly when transacting in precious metals. We do not sell or rent personal information.
This Privacy Policy explains how we collect, use, store, disclose, and protect personal information in accordance with applicable Australian laws, including:
The Privacy Act 1988
The Australian Privacy Principles (APPs)
The Notifiable Data Breaches (NDB) scheme
The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 and AML/CTF Rules
This policy applies to all interactions with us, including online, phone, email, and in-person transactions.
2. What Personal Information We Collect
We collect personal information that is reasonably necessary to provide our services and comply with legal obligations.
2.1 Identity Information
Full name
Date of birth
Residential address
Contact details (phone, email)
Government-issued identification (e.g. driver’s licence, passport)
2.2 Verification & Compliance Information
Identity verification data (including electronic verification via third-party providers)
Beneficial ownership and control information (for companies, trusts, SMSFs)
Politically Exposed Person (PEP) status
Source of funds and source of wealth information (where required)
2.3 Transaction Information
Purchase and sale history
Payment details (excluding full banking credentials)
Transaction patterns and behaviour
2.4 Technical & System Data
Website usage data
Device and login information (where applicable)
3. Why We Collect Personal Information
We collect and use personal information for the following purposes:
3.1 Legal and Regulatory Compliance
We are required by law to collect and verify personal information to comply with AML/CTF obligations, including reporting to AUSTRAC.
3.2 Providing Our Services
Processing bullion transactions
Verifying identity before completing transactions
Managing client relationships and appointments
3.3 Risk Management and Fraud Prevention
Detecting suspicious activity
Preventing fraud and financial crime
Conducting ongoing due diligence
3.4 Business Operations
Record keeping
Internal reporting
Compliance monitoring
3.5 Marketing and Communications
Where permitted by law, we may use your contact details to:
Send service updates
Provide relevant product or market information
Conduct limited marketing communications
You may opt out of marketing communications at any time.
4. Legal Requirement to Provide Information
In many cases, the collection of your personal information is required by law.
If you do not provide requested information, we may be unable to:
Complete a transaction
Provide services
Meet our legal obligations
5. Disclosure of Personal Information
We may disclose personal information where required or authorised by law.
5.1 Regulators and Authorities
AUSTRAC
Law enforcement agencies
Government and regulatory bodies
We may be required to disclose information without notifying you, including where prohibited by law.
5.2 Service Providers (SaaS Platforms)
We use trusted third-party service providers to operate our business, including:
Accounting platforms
Customer relationship systems
E-commerce platforms
Identity verification providers
Cloud and productivity platforms
These providers may access personal information only to the extent necessary to perform services on our behalf.
6. Overseas Disclosure
Due to our use of cloud-based systems, personal information may be stored or processed outside Australia.
This may include:
United States
European Union
Other jurisdictions where our service providers operate
We take reasonable steps to ensure that overseas recipients handle personal information in a manner consistent with Australian privacy laws.
7. Data Retention
We retain personal information only as long as required to:
Comply with legal obligations
Resolve disputes
Maintain business records
AML/CTF Requirement
We retain identification and transaction records for a minimum of 7 years in accordance with AML/CTF laws.
8. Security of Personal Information
We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access.
Our security measures include:
Multi-factor authentication (MFA) across systems
Access controls using identity management systems
Managed device environments
Secure cloud storage
Restricted administrative access
9. Data Breaches
If a data breach occurs that is likely to result in serious harm, we will:
Investigate and contain the breach
Notify affected individuals
Notify the Office of the Australian Information Commissioner where required in accordance with the Notifiable Data Breaches scheme.
10. Cookies and Website Analytics
Our website may use cookies and similar technologies to:
Improve user experience
Analyse website traffic
Support website functionality
You may adjust your browser settings to refuse cookies; however, this may affect website functionality.
11. Access and Correction
You have the right to:
Request access to your personal information
Request correction of inaccurate or incomplete information
12. Complaints
If you have a concern about how we handle your personal information, you may contact us.
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner.
13. Sensitive Information
We may collect sensitive information (such as identity verification data) where:
Required by law; or
Necessary to verify identity and prevent financial crime
This information is handled with a higher level of security and care.
14. Changes to this Policy
We may update this Privacy Policy from time to time to reflect changes in legal requirements or business practices.
The latest version of this policy will always be available upon request or on our website.