Privacy Policy

1. Introduction

Palader Pty Ltd (ABN [to be inserted]) ("Palader", "we", "our", or "us") is committed to protecting the privacy of your personal information. This Privacy Policy describes how we collect, hold, use, and disclose personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles ("APPs").

Our registered office is Level 18, 123 Pitt Street, Sydney NSW 2000, Australia.

This policy applies to all personal information collected through the Palader platform (including palader.com, associated subdomains, and APIs), as well as through direct communications, qualification processes, and NDA-governed introductions.

2. Information We Collect

We collect personal information that is reasonably necessary for the functions and activities of our business. The categories of information we collect depend on your interaction with the Platform.

3. How We Collect Information

We collect personal information through:

• Account registration and profile completion;
• The qualification and verification process;
• Investment brief and seller submission forms;
• NDA execution (electronic or otherwise);
• Direct communications (email, phone, video call, in-person meetings);
• Automated technologies (cookies, analytics tools, server logs);
• Third-party sources for verification purposes (identity verification services, company registries, professional reference checks), with your knowledge and where permitted by law.

Where we collect personal information about you from a third party, we will take reasonable steps to ensure you are aware of the matters set out in this policy.

4. How We Use Your Information

We use your personal information for the following purposes:

• To operate and improve the Platform;
• To verify your identity and complete the qualification process;
• To match buyers and sellers based on mandate criteria;
• To execute and administer NDAs;
• To provide sourcing, introduction, and market intelligence services;
• To generate Revenue Intelligence estimates (using property and market data — not personal data);
• To communicate with you about opportunities, services, and Platform updates;
• To comply with applicable laws, regulations, and legal processes, including AML/CTF obligations;
• To detect, prevent, and address fraud, security issues, and technical problems;
• To enforce our Terms of Service and protect our legal rights.

We will not use your personal information for direct marketing without your consent, and you may opt out of marketing communications at any time.

5. Disclosure of Information

5.1 Disclosure to counterparties

The core function of Palader is to facilitate introductions between verified principals. When you qualify for a specific opportunity and execute an NDA, certain personal and commercial information will be disclosed to the relevant counterparty. This disclosure is:

• Limited to information reasonably necessary for the counterparty to evaluate the introduction;
• Subject to NDA protections that bind the receiving party;
• Conducted only with your knowledge and (where not already covered by your acceptance of these terms) your explicit consent.

5.2 Disclosure to service providers

We may share personal information with third-party service providers who assist us in operating the Platform, including:

• Cloud hosting and infrastructure providers (servers located in Australia and, where necessary for redundancy, in data centres that comply with APP 8);
• Identity verification and AML/CTF screening services;
• Payment processors;
• Analytics and performance monitoring tools;
• Email and communication service providers.

All service providers are contractually bound to use personal information solely for the purpose of providing services to Palader and to maintain appropriate security measures.

5.3 Legal and regulatory disclosure

We may disclose personal information where required or authorised by law, including to:

• Law enforcement agencies, regulators, or government bodies (e.g., AUSTRAC, ASIC, ATO);
• Courts or tribunals in response to a subpoena, court order, or legal process;
• Professional advisers (legal, accounting, audit) for the purpose of obtaining professional advice.

6. NDA-Governed Information

Information disclosed under an NDA through the Platform occupies a special category. This includes property details, vendor identities, financial information, and commercial terms that are disclosed specifically for the purpose of evaluating a potential transaction.

• Dual protection: NDA-governed information is protected both by this Privacy Policy (to the extent it constitutes personal information) and by the specific terms of the applicable NDA. Where there is any inconsistency, the more restrictive obligation applies.
• Access logging: We maintain records of all NDA-governed disclosures, including the date, scope, and recipient of each disclosure. These records may be used to investigate suspected breaches.
• Breach notification: If we become aware of a suspected or actual breach of NDA-governed information, we will promptly notify the affected asset holder and take reasonable steps to mitigate any harm, including cooperating with legal proceedings.
• Surviving obligations: Our obligations regarding NDA-governed information survive the termination of your account, the completion or abandonment of any transaction, and the termination of these Terms.

7. Cross-Border Disclosure

Palader operates internationally and may disclose personal information to recipients located outside Australia, including counterparties in our active markets (United Kingdom, United States, Spain, Singapore, and other jurisdictions).

Before disclosing personal information overseas, we take reasonable steps (in accordance with APP 8) to ensure the recipient handles the information consistently with the APPs. This may include:

• Contractual obligations requiring the recipient to comply with standards substantially similar to the APPs;
• Relying on binding corporate rules or standard contractual clauses where applicable;
• Obtaining your explicit consent to the overseas disclosure, where required.

8. Data Security

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, and disclosure. Our security measures include:

• Encryption of data in transit (TLS 1.3) and at rest (AES-256);
• Role-based access controls with the principle of least privilege;
• Multi-factor authentication for all administrative access;
• Regular security assessments and penetration testing;
• Secure destruction of personal information when no longer required for any purpose covered by this policy;
• Incident response procedures that comply with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act.

9. Notifiable Data Breaches

In the event of a data breach that is likely to result in serious harm to any individual, we will:

• Notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable;
• Notify affected individuals as required under the NDB scheme;
• Take all reasonable steps to contain and remediate the breach;
• Maintain records of the breach and our response.

10. Cookies & Analytics

The Platform uses cookies and similar technologies for essential functionality, security, and analytics. We use:

• Strictly necessary cookies: Required for Platform functionality (session management, security tokens). Cannot be disabled.
• Analytics cookies: Help us understand how the Platform is used (page views, session duration, navigation patterns). Data is aggregated and anonymised where possible.
• Preference cookies: Remember your settings (theme preference, language).

We do not use advertising or targeting cookies. You can manage cookie preferences through your browser settings.

11. Your Rights

Under the Privacy Act and the APPs, you have the following rights:

• Access: You may request access to the personal information we hold about you. We will respond within 30 days. We may charge a reasonable fee for providing access to reflect our costs.
• Correction: You may request that we correct any personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading. We will respond within 30 days.
• Complaint: If you believe we have breached the APPs, you may lodge a complaint with us (see Section 14). We will investigate and respond within 30 days. If you are not satisfied with our response, you may complain to the OAIC.
• Anonymity: Where practicable, you may interact with us anonymously or using a pseudonym. However, given the nature of our qualification-gated model, anonymity is not possible for most Platform functions.

Please note that certain information may be retained notwithstanding a request for deletion, where we are required by law to retain it (e.g., AML/CTF record-keeping obligations) or where it is necessary for the establishment, exercise, or defence of legal claims.

12. Retention & Deletion

We retain personal information only for as long as reasonably necessary to fulfil the purposes for which it was collected, or as required by applicable law. Specific retention periods are set out in the table in Section 2.

When personal information is no longer required, we will take reasonable steps to destroy or de-identify it. NDA execution records are retained indefinitely as they relate to surviving contractual obligations.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered users and by posting a notice on the Platform. Your continued use of the Platform after any changes constitutes acceptance of the updated policy.

14. Contact & Complaints

If you have questions about this Privacy Policy, wish to exercise your rights, or wish to make a privacy complaint, contact our Privacy Officer:

If you are not satisfied with our response to a complaint, you may contact the Office of the Australian Information Commissioner: