Privacy Policy

Mayfair Real Estate

Last updated: January 2026

Mayfair Real Estate (“we”, “us”, “our”) is committed to protecting the privacy of personal information we collect and hold in the course of providing real estate services.

This Privacy Policy explains how we manage personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and relevant NSW regulatory requirements applicable to licensed real estate agents.

1. What Is Personal Information

Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable.

2. Personal Information We Collect

We may collect and hold personal information including, but not limited to:

  • Full name
  • Date of birth
  • Residential and postal address
  • Email address and telephone number
  • Identification documents (e.g. driver’s licence, passport)
  • Employment, income and financial information
  • Rental history and references
  • Emergency contact details
  • Banking details where required for rent, bond or refunds
  • Images or video footage where applicable (e.g. CCTV)

We only collect personal information that is reasonably necessary for our real estate functions and activities.

3. Property Inspections and Open Homes

When you attend an open home or property inspection conducted by Mayfair Real Estate, we may collect personal information such as:

  • Your name
  • Your contact details
  • Details confirming attendance at the inspection

This information may be collected via:

  • Physical inspection registers
  • Digital sign-in systems, QR codes or inspection applications

Purpose of inspection data collection

  • Property security and safety
  • Contacting attendees in relation to the property
  • Compliance with insurance, risk management and record-keeping obligations

Providing this information may be a condition of entry to a property.

4. How We Collect Personal Information

We collect personal information directly from you when you:

  • Attend property inspections
  • Submit a rental or tenancy application
  • Enter into a tenancy or sales agreement
  • Contact us by phone, email, website or digital platforms
  • Engage our property management or sales services

We may also collect information from third parties such as:

  • Referees and employers
  • Previous landlords or managing agents
  • Tenancy databases (where permitted by law)
  • Government agencies or authorities
  • Service providers acting on our behalf

5. Why We Collect and Use Personal Information

Mayfair Real Estate collects, uses and holds personal information for purposes including:

  • Managing property inspections and enquiries
  • Assessing rental applications
  • Managing residential and commercial tenancies
  • Managing property sales transactions
  • Communicating with tenants, landlords, buyers and sellers
  • Trust accounting and financial administration
  • Compliance with legal, regulatory and audit obligations
  • Risk management, insurance and dispute resolution

We do not use personal information for purposes unrelated to our real estate functions.

6. Disclosure of Personal Information

We may disclose personal information to:

  • Property owners and landlords
  • Tenants (where relevant to tenancy matters)
  • Tradespeople and contractors
  • Property management, trust accounting and CRM software providers
  • Professional advisers (including legal, accounting and auditing services)
  • Government authorities, courts or tribunals where required or authorised by law

We do not sell or trade personal information.

7. Storage and Security of Personal Information

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure.

Security measures include:

  • Secure electronic property management systems
  • Access controls and user permissions
  • Password protection and system security measures
  • Secure destruction or de-identification of information when no longer required

We retain personal information only for as long as required by law or business necessity.

8. Access and Correction

You may request access to personal information we hold about you, or request correction if the information is inaccurate, out of date or incomplete.

Requests can be made by contacting our Privacy Officer using the details below.
We will respond within a reasonable timeframe in accordance with the Privacy Act.

9. Complaints

If you believe Mayfair Real Estate has breached your privacy, you may make a complaint in writing.

We will investigate all complaints promptly and take reasonable steps to resolve them.
If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC).

10. Data Breaches

Mayfair Real Estate has a Data Breach Response Plan in place in accordance with the Notifiable Data Breaches Scheme.

If a data breach occurs that is likely to result in serious harm, we will:

  • Take immediate steps to contain the breach
  • Assess the impact of the breach
  • Notify affected individuals and the OAIC where required

11. Contact Us

Privacy Officer / Licensee-in-Charge
Mayfair Real Estate
Email: karem@mayfairrealestate.com.au

DATA BREACH RESPONSE PLAN

1. Purpose

This Data Breach Response Plan outlines how Mayfair Real Estate responds to actual or suspected data breaches involving personal information, in compliance with the Notifiable Data Breaches (NDB) Scheme.

2. What Is a Data Breach?

A data breach occurs when personal information held by Mayfair Real Estate is:

  • Lost
  • Accessed without authorisation
  • Disclosed without authorisation

Examples include:

  • Emails sent to the wrong recipient
  • Lost or stolen devices
  • Cyber-security incidents
  • Unauthorised access to trust or tenancy records

3. Immediate Response

Upon identifying a suspected or actual data breach, Mayfair Real Estate will:

  1. Contain the breach
    • Secure systems and restrict access
    • Disable compromised accounts
    • Recover information where possible
  2. Assess the breach
    • Identify the type of information involved
    • Determine the number of affected individuals
    • Assess the likelihood of serious harm

4. Notification Requirements

If a breach is likely to result in serious harm, Mayfair Real Estate will:

  • Notify affected individuals as soon as practicable
  • Notify the Office of the Australian Information Commissioner (OAIC)

Notifications will include:

  • Description of the breach
  • Type of information involved
  • Recommended steps for affected individuals
  • Actions taken to mitigate harm

5. Prevention and Review

Following a data breach, Mayfair Real Estate will:

  • Review internal policies and procedures
  • Strengthen security controls
  • Provide staff training where required
  • Document the breach and response actions

6. Responsibility

The Privacy Officer / Licensee-in-Charge is responsible for:

  • Managing data breach responses
  • Ensuring compliance
  • Staff awareness and training