Ryvo Privacy Policy

Last Updated: 1 February 2025

1. Introduction

1.1 Who We Are

This Privacy Policy applies to Ryvo (operated by Luminair Capital Pty Ltd, ABN [if applicable]), referred to as "Ryvo," "we," "us," or "our."

1.2 Our Commitment to Privacy

We are committed to protecting the privacy of individuals and handling your personal information in an open and transparent manner. We comply with the Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles (APPs), and, where applicable, New Zealand privacy laws.

1.3 Purpose of This Policy

This Privacy Policy explains how we manage your personal information, including how we collect, use, store, and disclose your data, and how you can access, correct, or make a complaint about our handling of your personal information.

2. Definitions

• Personal Information: Information or an opinion about an identified individual or an individual who is reasonably identifiable. This can include name, address, date of birth, or any data that uniquely identifies you.
• Sensitive Information: A subset of personal information that includes racial or ethnic origin, political opinions, religious beliefs, sexual orientation, criminal records, and health information. Under the Privacy Act, sensitive information is subject to higher levels of protection.

3. Types of Personal Information We Collect

We collect personal information that is reasonably necessary to provide our risk profiling services and to operate our business. The information we collect may include:

1. Contact Details
   • Name, address, phone number, and email address.
2. Identification Data
   • Date of birth, employment details, financial details (assets, liabilities, income, etc.), and any government identifiers where required by law (e.g., Tax File Number [TFN] or similar).
3. Risk Profiling and Application Data
   • Answers to questionnaires, investment preferences, goals, and other data relevant to determining your risk profile.
4. Device and Usage Information
   • IP addresses, device type, browser type, geolocation data (where consented), language preferences, and usage statistics (e.g., which features you access).
5. Transactional Information
   • Bank account details, payment information (if relevant), and details of any products/services you have requested or used.
6. Sensitive Information
   • We will only collect sensitive information (e.g., health data) if it is relevant to our risk profiling service, and only with your consent or as permitted by law.

4. How We Collect Your Personal Information

1. Directly from You
   • When you complete online forms, questionnaires, or sign up for an account.
   • When you communicate with us by phone, email, or in person.
2. Through Technology
   • Cookies and similar technologies that record information about your use of our website or mobile application.
   • Analytics services that help us understand how users interact with our platform.
3. Third Parties
   • Your financial adviser or other authorized representatives.
   • Publicly available sources, government databases, or identity verification service providers.
   • Data feed or integration services if you or your adviser have set these up.

5. Why We Collect, Use, and Disclose Your Personal Information

1. Provide Services
   • Assess your risk profile, deliver personalized insights, and facilitate the products or services you request.
2. Verify Identity
   • Comply with AML/CTF obligations and other legal requirements.
3. Manage Our Relationship
   • Communicate about updates, features, security alerts, and administrative matters.
4. Improve Our Services
   • Conduct internal analytics, research, and quality assurance.

6. Data Security

We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorized access, modification, or disclosure. This includes:

• Using encryption for data transmission and storage
• Implementing access controls and authentication measures
• Regular security assessments and monitoring
• Staff training on data protection and security practices

7. Contact Us

8. Cross-Border Disclosures

Your personal information may be stored or accessed outside of Australia or New Zealand (for example, where we use cloud services with servers in other countries). The countries to which we commonly transfer data may include the United States, Singapore, and the United Kingdom.

When we transfer your personal information overseas, we take reasonable steps to ensure the recipients protect your personal information in accordance with Australian or New Zealand privacy standards. However, if you direct us to send personal information to an overseas entity that is not bound by equivalent laws, we will inform you that we may not be able to ensure such protection and you may not have recourse under local privacy laws.

9. Cookies and Device Usage Information

9.1 Cookies

We use cookies and similar tracking technologies to:

• Recognize your device and user preferences
• Monitor usage patterns and traffic trends
• Personalize your experience
• Show you relevant ads or promotions

You can control how cookies are used by adjusting your browser settings. Disabling certain cookies might limit functionality or features of our services.

9.2 Analytics

We may use third-party analytics services (e.g., Google Analytics) to collect and analyze usage data. This helps us understand how users interact with our platform and continuously improve our offerings.

10. Data Retention and Destruction

We retain personal information only for as long as necessary to fulfill the purpose for which it was collected and to comply with our legal obligations (e.g., financial record-keeping and reporting). When we no longer need your information, we take reasonable steps to securely destroy or de-identify it.

11. Data Breach Response

We maintain protocols to detect, respond to, and contain data breaches in compliance with relevant breach notification laws, including the Notifiable Data Breaches (NDB) scheme in Australia.

• If a data breach is likely to result in serious harm, we will promptly notify affected individuals and the Office of the Australian Information Commissioner (OAIC), as required by law.

12. Accessing and Correcting Your Personal Information

12.1 Access Requests

You may request access to your personal information by contacting us. We will need to verify your identity before releasing any information. In most cases, we will provide this information free of charge within 30 days.

12.2 Refusal of Access

In certain circumstances (e.g., where giving access would impact another person's privacy or is otherwise unlawful), we may refuse or limit access. If we refuse your request, we will explain why in writing.

12.3 Correcting Your Information

If you believe any personal information we hold about you is inaccurate, out of date, or incomplete, please contact us. We will take reasonable steps to correct the information.

13. Complaints and Contact Details

13.1 How to Make a Complaint

If you have any concerns about how we handle your personal information, please contact our Privacy Officer:

We aim to acknowledge your complaint within 1 business day and provide a final response within30 days of receipt. If we cannot meet this timeframe, we will contact you to explain why.

13.2 Escalation

If you are not satisfied with our response, you may contact:

For New Zealand clients, you may contact the Office of the Privacy Commissioner at www.privacy.org.nz.

14. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our operations or legal obligations. Any updates will be posted on our website, and the "Last Updated" date at the top of this document will be revised accordingly. We encourage you to review this Policy periodically to stay informed about how we protect your personal information.

15. Your Consent

By using Ryvo's services, visiting our website, applying for a role with us, or otherwise providing us with your personal information, you agree to the terms of this Privacy Policy.