Privacy Policy

1. Introduction

Oakhampton Capital Pty Ltd (ABN: 58 684 868 915) ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our platform and services. This policy complies with the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Australian Privacy Act 1988, and other applicable data protection laws.

2. Information We Collect

Personal Information

We collect the following categories of personal information:

• Identification Data: Name, email address, phone number, company name, job title
• Account Data: Username, password (encrypted), account preferences
• Financial Data: Payment card information (tokenized), billing address, transaction history
• Business Data: Company information, deal details, investment criteria, market interests
• Technical Data: IP address, browser type, device information, cookies, usage data
• Communication Data: Messages, support tickets, feedback, survey responses

Sensitive Personal Information

We may collect sensitive personal information including:

• Financial account information for payment processing
• Government-issued identification for KYC/AML compliance (where required)
• Investor qualification status (accredited/sophisticated investor)

3. How We Use Your Information

Legal Basis for Processing (GDPR)

We process your personal data based on:

• Contractual Necessity: To provide services you've subscribed to
• Legal Obligation: For KYC/AML compliance, tax reporting, regulatory requirements
• Legitimate Interest: For fraud prevention, security, service improvement
• Consent: For marketing communications, cookies, optional features

Business Purposes

We use your information to:

• Provide, operate, and maintain our services
• Process transactions and send transaction notifications
• Facilitate introductions between buyers, sellers, and investors
• Deliver market intelligence and research reports
• Provide customer support and respond to inquiries
• Send administrative information, updates, and security alerts
• Comply with legal obligations (AML/KYC, tax reporting)
• Prevent fraud, security breaches, and prohibited activities
• Analyze usage patterns and improve our services
• Send marketing communications (with your consent)

4. Information Sharing and Disclosure

We share your personal information with:

• Service Providers: Payment processors (Stripe), email services (SendGrid), cloud hosting providers, analytics tools
• Business Partners: When facilitating introductions (with your explicit consent)
• Legal Authorities: When required by law, subpoena, court order, or to protect our rights
• Professional Advisors: Lawyers, auditors, consultants (under confidentiality obligations)
• Business Transfers: In connection with merger, acquisition, or sale of assets

We do NOT sell your personal information to third parties.

5. International Data Transfers

Your information may be transferred to and processed in countries outside your country of residence, including the United States and Australia. We ensure appropriate safeguards through Standard Contractual Clauses (SCCs), adequacy decisions, or other legal mechanisms approved under GDPR and applicable laws.

6. Data Retention

We retain your personal information for:

• Account Data: Duration of account plus 3 years
• Transaction Data: 7 years (tax and AML requirements)
• Communication Data: 2 years
• Marketing Data: Until consent is withdrawn
• Legal Compliance Data: As required by law (AML records: up to 10 years)

7. Your Privacy Rights

GDPR Rights (EU/EEA Users)

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate data
• Right to Erasure: Request deletion of your data (subject to legal obligations)
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time
• Right to Lodge a Complaint: File complaint with your supervisory authority

CCPA/CPRA Rights (California Users)

• Right to Know: What personal information we collect, use, disclose
• Right to Delete: Request deletion of your personal information
• Right to Correct: Correct inaccurate personal information
• Right to Opt-Out: Opt-out of "sale" or "sharing" of personal information
• Right to Limit Sensitive Data Use: Limit use of sensitive personal information
• Right to Non-Discrimination: Equal service regardless of exercising rights

Australian Privacy Rights

• Access and correction of personal information
• Complaint to the Office of the Australian Information Commissioner (OAIC)

To exercise your rights, contact us at [email protected]. We will respond within 30 days (GDPR) or 45 days (CCPA).

8. Security Measures

We implement industry-standard security measures including:

• Encryption in transit (TLS/SSL) and at rest (AES-256)
• Tokenization of payment card data (PCI DSS compliant)
• Multi-factor authentication for sensitive accounts
• Regular security audits and penetration testing
• Access controls and role-based permissions
• Data Loss Prevention (DLP) systems
• Incident response and breach notification procedures

In the event of a data breach, we will notify affected users and authorities within 72 hours (GDPR) or as required by applicable law.

9. Cookies and Tracking Technologies

We use cookies and similar technologies for:

• Essential Cookies: Required for platform functionality (authentication, security)
• Performance Cookies: Analytics and usage tracking (Google Analytics)
• Functional Cookies: Preferences and settings
• Marketing Cookies: Advertising and remarketing (with consent)

You can control cookies through your browser settings. We honor Global Privacy Control (GPC) signals.

10. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we discover we have collected data from a child, we will delete it immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or platform notification at least 30 days before the changes take effect. Your continued use of our services after changes constitutes acceptance of the updated policy.

12. Contact Information

For privacy-related questions or to exercise your rights, contact: