Anastasiou Financial Services Pty Limited Privacy Policy1. Purpose and scopeThis Privacy Policy explains how we collect, hold, use and disclose personal information, how you can access and correct personal information we hold about you, and how you can make a privacy complaint. This policy applies to personal information we handle while providing financial services and running our business. 2. What is personal information?Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable. Sensitive information is a subset of personal information that includes information such as health information. 3. Dealing with us anonymously or by pseudonymWhere it is lawful and practicable, you may choose to deal with us anonymously or by using a pseudonym (for example, when making a general enquiry). However, for most financial services (including providing personal advice, implementing transactions, identity verification, and ongoing account administration), it will usually be impracticable for us to deal with you anonymously or by pseudonym, or we may be required or authorised by law to identify you. 4. The kinds of personal information we collect and holdDepending on the services we provide, we may collect and hold the following kinds of personal information:• Identity and contact details (e.g. name, date of birth, address, phone, email).• Employment and income information.• Financial information (e.g. assets, liabilities, expenses, bank account details relevant to advice implementation).• Investment and superannuation information (e.g. member numbers, account numbers, balances, contribution history).• Insurance information (e.g. existing policy details, underwriting information, claims-related correspondence).• Information about your objectives, needs, and risk preferences relevant to financial advice.• Documents you provide (e.g. statements, reports, identification documents).• Communications and records of interactions (e.g. file notes, emails, correspondence).• Audio/video recordings and transcripts of phone calls and online meetings where enabled (see section 7). Sensitive informationWe may collect sensitive information where reasonably necessary to provide financial services you request or where required for product applications. For example, health information may be collected for life insurance advice and underwriting. Tax file numbers (TFNs)We generally do not need your TFN. If we receive a TFN (for example, in documents you provide or from a product provider), we will handle it in accordance with applicable laws and rules and take extra care to protect it. 5. How we collect personal informationWe usually collect personal information directly from you, including when you:• complete a client data form / fact find or provide information during meetings;• communicate with us by phone, email, post, or via our website;• participate in online meetings (e.g. Microsoft Teams);• provide documents or authorise us to obtain documents on your behalf.• We may also collect personal information from third parties where appropriate and authorised, such as: o product issuers (e.g. insurers, fund managers), superannuation funds, platforms/custodians and registries;o your accountant, solicitor, employer, or other representatives (when you have authorised them to share information);o referrers or introducers (where you have consented or where permitted by law). Unsolicited personal informationIf we receive personal information we did not solicit, we will determine whether we could have collected it under applicable privacy laws. If not, we will destroy or de-identify it where lawful and practicable. 6. Why we collect, hold, use and disclose personal informationWe collect, hold, use and disclose personal information for purposes including:• providing financial services to you (including preparing and implementing advice and ongoing service);• identity verification and compliance with legal and regulatory obligations;• processing applications, instructions, and transactions (where authorised);• communicating with you and managing our relationship;• maintaining accurate records (including file notes and audit trails);• managing risk, security, fraud prevention, and business operations;• responding to complaints or disputes and engaging with external dispute resolution bodies; and• meeting obligations to regulators, courts, tribunals, and law enforcement where required or authorised.If you do not provide requested personal information, we may not be able to provide the services you request or provide them fully. 7. Call and meeting recordings (VoIP and Microsoft Teams)We may record telephone calls and online meetings (including Microsoft Teams meetings) for purposes such as record keeping, quality assurance, staff training, compliance, and dispute resolution. Where calls are recorded, we take reasonable steps to notify you (for example via an inbound call message or verbal notification). For online meetings, recording prompts may appear within the meeting application. If you do not want a call or meeting to be recorded, please tell us. We will consider your request and, where practicable, offer alternative ways to proceed (for example, continuing without recording or using written correspondence). We conduct any recording in accordance with applicable Commonwealth and State/Territory telecommunications and surveillance laws, and handle resulting personal information under this Privacy Policy. 8. Who we disclose personal information toWe may disclose personal information to the extent necessary to provide our services, including to:• superannuation funds, platforms/custodians, registries and product issuers (e.g. insurers, fund managers);• your authorised representatives (e.g. accountant, solicitor) and other persons you authorise us to deal with;• our employees and contractors (subject to confidentiality and access controls);• our service providers who support our operations (e.g. IT support, secure cloud services, telephony/call recording providers);• professional advisers (e.g. auditors, lawyers) where required; and• regulators, courts, tribunals and external dispute resolution bodies (including AFCA) as required or authorised by law.Key technology and service providers (examples)• Microsoft 365 services (including email, document storage and collaboration tools) – data stored geographically in Australia.• AdviserLogic CRM (client relationship management) – data stored Australian based cloud infrastructure.• Afi Backup for Microsoft 365 (backup storage in Australia).• Backblaze (backup/cloud storage in the United States West Region).• VoIP/telephony providers and related call recording services. 9. Overseas disclosure and cloud servicesSome third-party service providers may store, process, or have access to personal information outside Australia. Based on our current configuration, this may include the United States (West Region) for certain backup/cloud storage services. Where we disclose personal information to overseas recipients, we take reasonable steps to ensure those recipients handle personal information in a manner consistent with the Australian Privacy Principles. This may include contractual protections, vendor due diligence, access controls, and security requirements. 10. Direct marketingWe do not use personal information for direct marketing in the ordinary course of our business. If this changes, we will update this policy and provide you with appropriate choices and notices.If our practices change, we will provide clear opt-out options in our communications and comply with APP 7, the Spam Act 2003 (Cth) and Do Not Call Register obligations. 11. Website and online servicesWhen you visit our website, we may collect limited technical information such as IP address, browser type, and access times to help administer and improve our website. We do not use tracking for marketing purposes. If we introduce analytics or tracking tools, we will update this policy and any relevant notices. 12. Security of personal informationWe take reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. Our safeguards may include:• role-based access controls and least-privilege access;• multi-factor authentication (MFA) for key systems where available;• secure configuration of Microsoft 365 and related services;• encryption and secure transfer methods where appropriate;• regular backups and recovery testing;• monitoring, logging, and audit trails for key systems;• staff training and confidentiality requirements; and• physical security for any paper files.No method of transmission or storage is completely secure, but we work to maintain safeguards appropriate to the nature of the information we handle. 13. Data qualityWe take reasonable steps to ensure personal information we collect, use or disclose is accurate, up to date, complete and relevant. Please contact us if your details change so we can update our records. 14. How long we keep personal informationWe retain personal information for as long as needed to provide our services and comply with legal, regulatory, professional, dispute resolution and record-keeping requirements. When information is no longer required, we take reasonable steps to destroy or de-identify it, subject to any legal obligations to retain it. In addition, we retain certain personal-advice records for at least 7 years to meet financial services record-keeping requirements, and we retain AML/CTF records in accordance with AUSTRAC rules. 15. Accessing and correcting your personal informationYou may request access to personal information we hold about you and request correction if it is inaccurate, out of date, incomplete, irrelevant or misleading.How to request access or correction• Contact our Privacy Officer using the details in section 19.• We may need to verify your identity before processing your request.• We aim to acknowledge requests within 5 business days and provide a substantive response within 30 days, unless the request is complex or we are legally permitted to refuse access.• In some circumstances, we may charge a reasonable administrative fee for providing access (but not for making a request). If a fee applies, we will tell you in advance. 16. Notifiable data breachesIf we become aware of a suspected or actual data breach involving personal information, we will assess the incident and take steps to contain and remediate it. Where required, we will notify affected individuals and relevant regulators in accordance with applicable laws. 17. Privacy complaintsIf you have a complaint about how we have handled your personal information, please contact our Privacy Officer and provide as much detail as possible.Our complaint handling process• We will acknowledge receipt of your complaint within 5 business days.• We will investigate your complaint and aim to provide a written response within 30 days.• If your complaint is complex or requires more time, we will keep you informed of progress and expected timeframes.• If we uphold your complaint, we will work with you to agree an appropriate remedy (which may include correcting records, changing practices, or other appropriate steps). External escalationIf you are not satisfied with our response, you may be able to complain to:• Office of the Australian Information Commissioner (OAIC): www.oaic.gov.au • Australian Financial Complaints Authority (AFCA): www.afca.org.au 18. Automated decision-making transparency (commencing 10 December 2026)Australia’s privacy laws are evolving. From 10 December 2026, additional transparency obligations apply if an organisation arranges for a computer program to use personal information to make decisions that could reasonably be expected to significantly affect an individual’s rights or interests. If we adopt automated decision-making of that kind, we will update this Privacy Policy to include the additional information required (including the kinds of personal information used and the kinds of decisions involved). 19. Changes to this policyWe may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. The latest version will be available on our website and on request. 20. Contact us• Mail 137 Ross River Road, Mundingburra QLD 4812• Phone 07 4401 5742• Email admin@afsfinancial.com.au • Website www.afsfinancial.com.au