ProspEX
Back to homepage
Legal

Prospex Privacy Policy

Definition of Confidential Information

This Privacy Statement explains how your Personal Information is collected, processed and used by us, and your rights in relation to that information.

References to “Prospex”, “Company”, “our”, “us”, or “we” are to Prospex Group Pty Ltd and its related bodies corporate. References to “you” are to individuals whose personal information is collected by Prospex. “Personal Information” is information which identifies you personally or by which your identity can reasonably be ascertained. This may include your name, address, e-mail address, financial information, transaction information and other details necessary for us to comply with our regulatory. “platform”, “site” or “website” refers to the sites and platforms operated by us.

We are committed to protecting and respecting your privacy. In addition, we are subject to the Privacy Act 1988 and the National Privacy Principles which form part of that Act.

The purpose of this Privacy Policy is to inform you of:

  1. the kinds of Personal Information which we may collect about you and how it may be used;
  2. our use of information regarding IP Addresses and our use of cookies;
  3. how your Personal Information may be disclosed to third parties;
  4. your ability to access, correct, update and delete your Personal Information; and
  5. the security measures we have in place to prevent the loss, misuse, or alteration of Personal Information under our control.

Gathering and Use of Personal Information

We may collect your personal information if you use the site; open an account to use the platform; or perform any transactions on the platform.

We may also collect personal information about you from recordings of telephone conversations between us and you (or your representatives) and from publicly available registers.

Some of the personal information we collect is required to meet legal and regulatory obligations (e.g. to verify your identity). Otherwise, the personal information we collect is required to provide our services efficiently and effectively.

The types of personal information may include: your name; photographic identification; your address; phone number; e-mail address; banking details including account numbers; date of birth; and information about your transactions.

We may use your personal information for the following purposes:

  1. to allow you to open and operate an account
  2. to enable you to complete transactions on the platform
  3. to correspond with you in relation to your account and your transactions
  4. to analyse use of our site and the services we provide
  5. as required for legal and regulatory purposes, including for dispute resolution purposes
  6. to provide you with information about products, services and promotions that may be of interest to you, from ourselves and third parties
  7. for market research, e.g. surveying users’ needs and opinions on issues, such as our performance.

You should note that you are not obliged to give your personal information to the company. If you choose not to do so, we may not be able to provide our services, or your access to our services may be limited.

IP Addresses

We may collect information about your computer, including where available your IP address, operating system, and browser type. We use this information for system administration, platform security, analytics, and to determine your approximate location. Your IP address may be associated with a pseudonymous analytics profile. We do not use your IP address for third party direct marketing.

Cookies

We may use a browser feature known as a ‘cookie’ which assigns a unique identifier to your computer.

Cookies are typically stored on your computer’s hard drive. Information collected from cookies is used by us to evaluate the effectiveness of our site, analyse trends, and administer the platform.

Information collected from cookies allows us to determine for example which parts of our site are most visited, or any difficulties in accessing our site.

With this knowledge, we can improve the quality of your experience on the platform.

We also use cookies and/or a technology known as web bugs or clear GIFs. They are typically stored in emails to confirm your receipt and response to our emails. It also provides a more personalised experience when using our site.

Cookies and Website Analytics

Google Analytics Use

Prospex uses Google Analytics tags to understand visitor interactions and user behavior on the Prospex website. Google Analytics collects non-identifiable data, including IP addresses, pages visited, time spent on pages, and links clicked. This data helps us analyse site performance and user engagement.

We explicitly prohibit the collection of Personally Identifiable Information (PII) through Google Analytics. PII includes names, email addresses, financial information, or any other data that could identify you. Google Analytics is configured to exclude sensitive personal information from all tracking.

Data Storage

Website traffic information collected using Google Analytics may be stored and processed by Google on servers located overseas, including in the United States. Google’s data handling practices are governed by Google’s Privacy Policy (https://policies.google.com/privacy).

Opt-Out Options

You can opt out of Google Analytics tracking by:

  • Disabling cookies in your web browser settings, or
  • Downloading and installing the Google Analytics Opt-out Browser Add-on

Session Authentication Cookies

We also use essential cookies for session authentication and user identification on our platform. These cookies are necessary for the platform to function and do not require explicit consent.

By using our site you agree that we may use cookies for the purposes set out above.

Disclosure of Personal Information

We use personal information for the purposes indicated at the time you provided us with the information. It is also used for purposes set out in this privacy policy and/or as otherwise permitted by law.

We may make the personal information available to our affiliates, agents, representatives, service providers and contractors for these purposes.

We may share the personal information with financial institutions or insurance companies as required for the purposes of the company’s dealings with those institutions.

It may also be shared with other companies in the case of a merger, divestiture, or other corporate re-organization.

We may share users’ personal information with the Australian Securities & Investments Commission; AUSTRAC; third party service providers and any financial dispute resolution scheme to which the company subscribes. This includes other law enforcement bodies; regulatory agencies; courts; arbitration bodies; and dispute resolution schemes. This may be both in Australia and internationally, as may be required by law.

If you request in writing, we may share your personal information with your nominated advisers. Except where disclosure of your personal information is required by law or requested by you, we will generally require any third party which receives, or has access to, personal information to protect it. Also to use it only to carry out the services they are performing for you or for us, unless otherwise required or permitted by law.

We will ensure that any such third party is aware of our obligations under this privacy policy.

We will take reasonable steps to ensure that contracts we enter with such third parties binds them to terms no less protective of any personal information disclosed to them than the obligations we undertake to you under this privacy policy, or which are imposed on us under applicable data protection laws.

Sharing Your Information with Third Parties

Given the nature of our activities, we are required to disclose your personal information to a number of third parties. We will only disclose personal information where we have a lawful basis to do so. A non-exhaustive list of these parties are set out below.

Regulatory and Law Enforcement

We may be required by law to disclose personal information to the following authorities, and we may not be able to inform you when we make such disclosures:

  • AUSTRAC — we are required to submit SMRs, TTRs and other reports, which may contain your personal information. We are prohibited by the tipping off provisions of the AML/CTF Act from disclosing to you that a report has been made.
  • ASIC — in connection with our AFSL obligations, including responses to regulatory inquiries, investigations or licensing matters.
  • The Australian Taxation Office (ATO) — in connection with FATCA, CRS and domestic tax reporting obligations.
  • Australian Federal Police, state police and other law enforcement agencies — where required by law, pursuant to a court order, warrant or other lawful authority.
  • Other Australian government agencies — where required or authorised by Australian law.
  • Foreign regulatory and law enforcement authorities — where required under mutual assistance arrangements or applicable law, and subject to the cross-border disclosure requirements.
  • We are required to comply with the Travel Rule under section 66A of the AML/CTF Act and may convey certain information with respect to transfers to external parties to ensure compliance with this rule.

KYC Providers

We engage third-party identity verification providers to conduct KYC checks on our behalf. These providers receive identity documents and biometric data for the purpose of verifying your identity in accordance with our AML/CTF obligations. They are contractually bound to handle your personal information in accordance with Australian privacy law and our instructions.

We may also use organisations such as Chainalysis to analyse transactions.

Professional Advisers

  • Legal advisers — in connection with legal advice, dispute resolution or regulatory proceedings.
  • Auditors and compliance reviewers — including for independent AML/CTF program reviews required under the AML/CTF Act.
  • Tax advisers — in connection with structuring and tax compliance.
  • Insurers — in connection with professional indemnity, directors and officers liability and other insurance.
  • Providers of financial services licences and entities that we work with on our regulatory compliance, including Alpha Node Capital Pty Ltd (ACN 603 150 634; AFSL No. 479974).

Mining Royalty Counterparties

In connection with the underlying mining royalty interests that the asset tokens represent, we may need to disclose your identity and holding information to the relevant royalty issuers, mine operators or royalty administrators. This is necessary for the administration of royalty distributions and compliance with any requirements imposed by the issuer or the relevant state mining regulatory framework.

Direct Marketing

We may use your contact details to send you information about our products, services and Platform developments. You may opt out of receiving marketing communications at any time by contacting us, or by using the unsubscribe mechanism in any marketing email. We will not use or disclose your personal information for direct marketing purposes if you have opted out.

We will never sell your personal information to third parties for marketing purposes.

Access and Changing of Personal Information

You have the right to access the personal information we hold about you.

You have the right to require the correction, updating and blocking of inaccurate and/or incorrect data by sending an email to us at support@prospexgroup.com.au.

We will usually respond to your request within 14 days. You may also request the deletion or destruction of your personal information, your account details or your transaction details by sending an email to us.

The company will act on your request only when it is not inconsistent with its legal and regulatory obligations and compliance procedures.

Upon your written request, we will inform you of the use and general disclosure of your personal information. Depending on the nature of your request, there may be a minimal charge for accessing your personal information.

Security

We take reasonable steps to protect your personal information from misuse, loss, unauthorised access, modification or disclosure, including implementing appropriate security measures.

Encryption

Data in Transit: All personal information transmitted between your browser and our platform is encrypted using TLS (Transport Layer Security) protocols. This protects data as it travels across the internet.

Data at Rest: Personal information stored in our databases and systems is encrypted using industry-standard encryption algorithms. This protects data from unauthorised access if storage systems are compromised.

Access Controls

Role-Based Access: We implement role-based access controls (RBAC) to limit employee and contractor access to personal information. Staff members can only access the data required to perform their specific functions.

Authentication: Access to our systems requires secure authentication protocols. Unauthorised access attempts are logged and monitored.

Ongoing Protection

Our security measures are reviewed and updated regularly in line with legal, regulatory, and technical developments to address emerging threats.

We conduct regular security assessments and maintain incident response procedures to detect and respond to potential security incidents.

Limitation of Liability

While we implement robust security measures, no system is completely secure. We do not guarantee that misuse, loss, unauthorised access, modification or disclosure will not occur. You are responsible for maintaining the confidentiality of your login credentials and account information.

Retention of Personal Information

We will hold your personal information only for as long as it is necessary for us to do so, having regard to the purposes described in this privacy policy and our own legal and regulatory requirements.

In general, personal information relating to your account is held for at least a period of five years after your account is closed.

Similarly, we usually retain information about transactions on your account for a period of five years from the date of the transaction. Personal information which is collected for other purposes will be discarded in accordance with our policies in place from time to time.

For analytics data collected through Google Analytics, retention follows Google’s standard data retention policies, typically 26 months. You can adjust data retention settings in your Google Analytics account.

Links

There may be links from our site to other sites and resources provided by third parties. This privacy policy applies only to our site. Accessing those third party sites or sources requires you to leave our site.

We do not control those third party sites or any of the content contained therein. You agree that we are in no way responsible or liable for any of those third party sites. This includes without limitation, their content, policies, failures, promotions, products, services or actions and/or any damages, losses, failures or problems caused by, related to or arising from those sites.

We encourage you to review all policies, rules, terms and regulations, including the privacy policies, of each site that you visit.

Avoiding Phishing and Scams

We may ask you to confirm details in relation to your account to assist us with identification. However, we will never ask you to provide other personal or financial information such as passwords, date of birth or instruct you to pay funds into third party bank accounts.

We will not request access to your wallet or for you to provide us with any OTP code.

If you receive a communication from someone who claims to be from Prospex and who asks you to provide your personal or financial information, this may indicate that you are the target of a scam. If this happens to you, please immediately report this to us immediately.

Changes

Our policies, content, information, promotions, disclosures, disclaimers and features may be revised, modified, updated, and/or supplemented at any time and without prior notice at the sole and absolute discretion of the company. If we change this privacy policy, we will take steps to notify all users by a notice on our website and will post the amended privacy policy on the website.

Contact Us

If you have any questions, comments, or concerns regarding our privacy policy and/or practices as it or they relate to the platform, please contact us.

Email: support@prospexgroup.com.au

Mailing Address: 595 Stirling Highway, Cottesloe WA 6011

If you have a complaint about how your personal information has been used, please contact us in the first instance. If we cannot resolve your complaint to your satisfaction, you may complain to the Privacy Commissioner (www.oaic.gov.au) who may investigate your complaint further.