CFMGROUP
Legal

Privacy Policy

Effective 1 May 2026. CFM Group Pty Ltd · ABN 67 623 416 188.

CFM Group Pty Ltd ("CFM Group", "we", "us", "our") is bound by the Australian Privacy Principles ("APPs") set out in the Privacy Act 1988 (Cth). This policy describes how we collect, use, hold, disclose and protect personal information, and how you can access, correct or complain about our handling of your information.

1. About us

CFM Group Pty Ltd (ABN 67 623 416 188) is an Australian-incorporated performance advertising and lead-generation firm headquartered at Level 27, 25 Bligh Street, Sydney NSW 2000. We provide marketing services to Australian and international businesses across regulated and non-regulated verticals.

2. What information we collect

We collect personal information that is reasonably necessary to provide our services, comply with our legal obligations, and operate as a business. This includes:

  • Identifying information — name, email address, phone number, business / employer, role, and physical or business address.
  • Engagement information — context provided in consultation requests, partner applications, career applications and similar inbound enquiries.
  • Identity verification — for career applications, a government-issued photo ID (driver licence, passport, proof-of-age card or equivalent) collected for right-to-work verification only.
  • Resume / professional history — for career applications.
  • Technical information — IP address, browser type, device identifiers, pages viewed and referrers, collected through standard web logs and analytics tools.

3. How we collect information

We collect personal information directly from you when you:

  • Submit a consultation, partner or career application form
  • Email or call us
  • Engage us under a commercial contract
  • Visit our website (limited technical data only)

We may also collect information from publicly available sources or from a third party where you have authorised that party to disclose information to us.

4. Why we collect and use information

We use personal information to:

  • Respond to your enquiries and deliver services you have engaged us to provide
  • Perform identity, right-to-work and AML/CTF checks where applicable
  • Operate, secure and improve our services and systems
  • Comply with our legal, regulatory and tax obligations (ASIC, ACCC, ATO and others)
  • Communicate engagement updates, governance reports and operational notices

We do not use personal information for unsolicited marketing or sell it to third parties.

5. Disclosure

We disclose personal information only where reasonably necessary, and only to:

  • Our staff, contractors and partner network operators bound by confidentiality and AU privacy obligations
  • Service providers who host our infrastructure (Supabase, Vercel, Google Workspace, Make.com, Airtable) under their own privacy and security commitments
  • Regulators, law enforcement and other authorities where required or permitted by law

Some of these providers may store data outside Australia (United States, European Union, Singapore). Where data is transferred offshore, we take reasonable steps to ensure equivalent protections apply.

6. Security and retention

We hold personal information in encrypted databases, with role-based access controls and audit logging. Identity documents are stored in a segregated, private storage bucket accessible only by authorised staff. We retain personal information only for as long as necessary to fulfil the purpose for which it was collected, satisfy our legal obligations, or where retention is otherwise lawfully justified.

7. Your rights

You have the right to:

  • Request access to the personal information we hold about you
  • Request correction of personal information that is inaccurate, out of date or incomplete
  • Request deletion of personal information, subject to our legal obligations
  • Withdraw consent for any non-essential processing
  • Lodge a complaint with us or with the Office of the Australian Information Commissioner (OAIC)

8. Cookies & analytics

Our website uses essential cookies for site functionality. Where analytics are enabled (Google Analytics 4 or equivalent), we use them only to understand aggregate usage patterns. You can decline non-essential cookies via the consent banner shown on first visit, and adjust your preferences at any time via your browser settings.

9. Contact us

For privacy-related enquiries, requests or complaints:

  • Email: contact@cfm66group.com
  • Post: Privacy Officer, CFM Group Pty Ltd, Level 27, 25 Bligh Street, Sydney NSW 2000

If you are not satisfied with our response, you may contact the OAIC at www.oaic.gov.au.

This policy may be updated from time to time. The version published on this page is the current version. Last reviewed 1 May 2026.