Solomons Bullion (ABN: 62 856 278 773) ("Solomons Bullion," "we," "us," "our") is committed to protecting the privacy of individuals who interact with our business. This Privacy Policy describes how we collect, hold, use, and disclose personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
We are also a reporting entity under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act). This means we have additional obligations to collect and verify your identity, and to report certain transactions and suspicious matters to AUSTRAC. These obligations may require us to collect more personal information than a standard retailer, and to share it with government authorities in specified circumstances.
By dealing with us — whether in person, by telephone, or through our website — you consent to the collection, use, and disclosure of your personal information as described in this Policy.
1
Section 1
About This Policy
1.1This Policy applies to all personal information collected by Solomons Bullion in connection with our business activities, including the purchase, sale, and storage of precious metals, and all interactions with our website at solomonsbullion.com.au.
1.2This Policy applies to individuals — natural persons. Separate obligations may apply to corporate clients, but we handle personal information about directors, authorised representatives, and beneficial owners of corporate clients in accordance with this Policy.
1.4We review this Policy periodically to ensure it remains current and compliant with applicable law. We will notify registered clients of material changes via email and publish the current version on our website.
2
Section 2
Who We Are
Solomons Bullion is a registered Australian precious metals dealer operating from two offices — Sydney (Level 10, 1 Martin Place, Sydney NSW 2000) and Melbourne (Level 8, 360 Collins Street, Melbourne VIC 3000). We are registered with AUSTRAC as a reporting entity under the AML/CTF Act and hold all applicable licences for our business activities.
3
Section 3
What Personal Information
We Collect
The personal information we collect depends on the nature of your interaction with us. The following table summarises the categories of information we may collect and why.
| Category | Examples | Collected For |
|---|
| Identity Information |
Full legal name, date of birth, gender, photograph (from ID documents) |
AML/CTF identity verification — required by law for all clients |
| Contact Information |
Residential and mailing address, phone number, email address |
Delivering orders, sending invoices, communications, and statements |
| Identity Documents |
Australian passport, driver's licence, foreign passport details and copies |
AML/CTF identity verification — required by law |
| Financial Information |
Bank BSB and account number, bank name, transaction history with us |
Processing payments and sale proceeds; account management |
| Transaction Records |
Bullion purchased or sold, weights, prices, dates, product descriptions |
Regulatory record-keeping, tax invoices, CGT documentation, storage records |
| Storage Information |
Holdings inventory, serial numbers, storage plan, insurance details |
Managing your allocated vault storage account |
| Correspondence |
Emails, telephone call records, enquiry forms, in-person conversation notes |
Customer service, dispute resolution, compliance |
| Website Usage Data |
IP address, browser type, pages visited, session duration, referring URL |
Website analytics, security monitoring, user experience improvement |
| Sensitive Information |
We do not collect sensitive information (health, racial origin, political views, etc.) unless strictly required by law |
Not collected in ordinary course |
AML/CTF Identity Requirement
Identity verification is not optional. Under the AML/CTF Act, we are legally required to collect and verify the identity of all clients before conducting any transaction. We cannot deal with persons who refuse to provide adequate identification documentation. This obligation applies regardless of transaction size.
4
Section 4
How We Collect It
We collect personal information through several channels. Wherever reasonably practicable, we collect personal information directly from you.
4.1In person. When you visit our Sydney or Melbourne office, we collect identity documents, take copies of ID, and record transaction details. All in-person interactions relevant to a transaction are documented.
4.2By telephone. Calls to our offices may be recorded for quality assurance, training, and compliance purposes. You will be informed at the commencement of a recorded call. Call recordings are retained for the period required by law and our compliance obligations.
4.3By email and online forms. When you contact us via email, our website contact form, or newsletter sign-up, we collect the personal information you provide in those communications.
4.4Through our website. Our website uses cookies and analytics tools to collect technical information about your visit. See Section 10 for details on our use of cookies and website data.
4.5From third parties. In limited circumstances, we may collect personal information from identity verification providers, credit reporting bodies, publicly available government registers, or law enforcement agencies as required by our AML/CTF obligations.
4.6Indirectly. When a company, trust, or SMSF transacts with us, we collect personal information about the directors, trustees, beneficial owners, and authorised signatories of that entity as required for AML/CTF purposes.
5
Section 5
Why We Collect It
We collect, hold, and use personal information for the primary purposes for which it was collected. We will only use your information for secondary purposes if: (a) you have consented; (b) you would reasonably expect us to; or (c) we are required or authorised by law.
Primary purposes
Conducting precious metals transactions · Managing storage accounts · Issuing tax invoices and statements · Verifying identity under AML/CTF law · Processing payments and receipts · Delivering orders · Providing client services and support
Compliance purposes
AUSTRAC reporting obligations · AML/CTF Act compliance · ATO record-keeping requirements · Responding to lawful requests from law enforcement or government agencies · Resolving disputes and legal proceedings
Business improvement
Improving our products and services · Website analytics and user experience · Training staff · Fraud detection and security monitoring
Marketing (with consent)
Sending market updates, price alerts, and newsletters to clients who have opted in · Invitations to events or promotions · You may opt out at any time — see Section 11
6
Section 6
Disclosure to Third Parties
We do not sell, rent, or trade your personal information to third parties for commercial purposes. We disclose your information only in the limited circumstances described below.
6.1Service Providers. We engage trusted third-party service providers to assist us in delivering our services. These include: courier and logistics companies (for delivery); vault operators and insurers (for storage); payment processors and banks; IT service providers and cloud hosting; identity verification providers; and accountants and legal advisers. All service providers are bound by confidentiality obligations and are only permitted to use your information for the purposes for which it was shared.
6.2AUSTRAC and Government Authorities. We are required by law to disclose personal information and transaction data to AUSTRAC for AML/CTF compliance purposes, including Threshold Transaction Reports (TTRs) and Suspicious Matter Reports (SMRs). We may also disclose information to the ATO, ASIC, NSW Police, Victoria Police, or other government bodies where required by law. We cannot inform you when such disclosures have been made in circumstances where disclosure would prejudice law enforcement.
6.3Professional Advisers. We may disclose your information to our legal advisers, accountants, or auditors in connection with providing services to us. These parties are bound by strict confidentiality obligations.
6.4Insurance Providers. We share relevant transaction and storage information with our transit and vault insurers (including Lloyd's of London) to the extent required to obtain and maintain coverage and to process claims.
6.5Business Transactions. In the event of a merger, acquisition, asset sale, or restructure of our business, your personal information may be disclosed to the acquiring entity as part of that transaction, subject to that entity assuming our obligations under this Policy.
6.6With Your Consent. We may disclose your information to other parties where you have given us explicit consent, for example, authorising us to provide a reference or confirm your client status to a third party.
7
Section 7
AML/CTF Obligations
As a reporting entity under the AML/CTF Act, our privacy obligations are supplemented by specific legal requirements that may override standard privacy protections in limited circumstances.
7.1Customer Due Diligence (CDD). We are required to conduct CDD on all clients, including: verifying identity before or during the first transaction; re-verifying identity if we have doubts about previously collected information; and conducting enhanced due diligence for higher-risk clients or transactions.
7.2Record Retention. We are required to retain KYC (Know Your Customer) records and transaction records for a minimum of 7 years after the business relationship ends or the transaction is completed. This retention obligation overrides any request to delete your information during this period.
7.3Tipping Off Prohibition. We are legally prohibited from informing you that we have filed or intend to file a Suspicious Matter Report (SMR) with AUSTRAC, or that we are investigating a transaction for potential money laundering. If we are unable to complete a transaction and cannot explain why, this provision may be the reason.
7.4PEP and Sanctions Screening. We screen clients against Politically Exposed Person (PEP) lists and international sanctions lists as required by our AML/CTF Programme. This screening involves processing your name, date of birth, and nationality against these databases.
Note on Deletion Requests
We cannot delete your personal information during the mandatory 7-year AML/CTF retention period, even if you request deletion under privacy legislation. Your right of erasure under the Privacy Act is limited in this respect by the overriding requirements of the AML/CTF Act. After the retention period expires, we will delete or de-identify your records in accordance with our data retention schedule.
8
Section 8
Overseas Disclosure
In limited circumstances, we may disclose personal information to recipients located outside Australia. Where this occurs, we take steps to ensure the overseas recipient handles your information in accordance with standards at least equivalent to the Australian Privacy Principles.
8.1Cloud Service Providers. Some of our IT infrastructure and data storage is hosted on cloud platforms that may process or store data in data centres located outside Australia. We use reputable providers who operate under recognised data protection frameworks (including ISO 27001-certified facilities).
8.2Insurance (Lloyd's of London). Vault storage insurance arrangements involve Lloyd's of London, a UK-based insurance market. Certain information about your stored holdings may be processed by Lloyd's and its syndicates in the United Kingdom.
8.3International Mint Partners. Where we source products from international mints (including Royal Canadian Mint, PAMP Suisse, Valcambi), limited commercial information may be exchanged as part of supply and distribution arrangements. No personal information about individual retail clients is shared with mints.
8.4Before disclosing personal information overseas, we take reasonable steps to ensure the recipient is bound by privacy protections comparable to the Australian Privacy Principles. By transacting with us, you acknowledge and consent to these limited overseas disclosures.
9
Section 9
Storage & Security
We take the security of your personal information seriously and implement appropriate technical and organisational measures to protect it from unauthorised access, disclosure, alteration, or destruction.
9.1Physical Security. Paper records containing personal information are stored securely at our offices, which are protected by access control systems, CCTV, and on-site security. Records are not left unattended in accessible areas.
9.2Digital Security. Our digital systems employ industry-standard security measures including: encryption of sensitive data at rest and in transit (TLS/SSL); password protection with multi-factor authentication; access controls limiting data access to authorised personnel; regular security reviews and software updates.
9.3Staff Training. All staff who handle personal information are trained on our Privacy Policy, AML/CTF obligations, and data security practices. Access to personal information is limited on a need-to-know basis.
9.4Data Breaches. In the event of an eligible data breach as defined under the Notifiable Data Breaches scheme (Part IIIC of the Privacy Act), we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as required by law, as soon as reasonably practicable.
9.5Retention and Destruction. We retain personal information for as long as necessary to fulfil the purpose for which it was collected, subject to our legal obligations (including the 7-year AML/CTF retention requirement). When information is no longer required, we securely destroy or de-identify it.
Your Responsibilities
You also play a role in keeping your information secure. Please ensure you do not share your account credentials, transaction confirmation numbers, or other identifying information with unauthorised persons. If you believe your information has been compromised in any way, contact us immediately at
privacy@solomonsbullion.com.au.
10
Section 10
Cookies &
Website Data
Our website uses cookies and similar technologies to improve user experience, analyse usage patterns, and ensure the security of our website.
10.1What are cookies? Cookies are small text files stored on your device by your browser when you visit a website. They allow the website to remember information about your visit, such as your preferences and session data.
10.2Cookies we use. We use the following types of cookies: Essential cookies — required for the website to function; Analytics cookies — to understand how visitors use our site (e.g. Google Analytics); Functional cookies — to remember your preferences; Security cookies — to detect and prevent fraud and malicious activity.
10.3Live pricing data. Our website connects to third-party market data APIs to display live precious metals prices. These connections may involve the transmission of your IP address to third-party servers as part of the API request. We do not use this data to identify you personally.
10.4Third-party analytics. We use Google Analytics to collect anonymised data about website usage. Google Analytics may set its own cookies. You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.
10.5Managing cookies. You can control and delete cookies through your browser settings. Disabling certain cookies may affect the functionality of our website. Essential cookies cannot be disabled without impacting your ability to use the site.
10.6Do Not Track. Some browsers transmit a "Do Not Track" signal. Our website does not currently respond to Do Not Track signals, though we limit our data collection to what is necessary for legitimate business purposes.
11
Section 11
Direct Marketing
11.1We may send you market commentary, price alerts, product updates, and promotional communications by email if you have opted in to receive such communications, or if you are an existing client and we reasonably believe you would be interested in our products and services.
11.2Opting out. You may unsubscribe from marketing communications at any time by: clicking the "Unsubscribe" link in any marketing email; emailing privacy@solomonsbullion.com.au with the subject "Unsubscribe"; or calling us on 1300 000 000. We will process your opt-out within 5 business days.
11.3Opting out of marketing does not affect your receipt of transactional communications — we will continue to send you order confirmations, invoices, storage statements, and other necessary communications relating to your account.
11.4We comply with the Spam Act 2003 (Cth) and will not send unsolicited commercial electronic messages. We do not purchase marketing lists or send communications to persons with whom we have no relationship.
12
Section 12
Your Rights Under
the Australian Privacy Principles
The Australian Privacy Principles grant you a range of rights in relation to your personal information. These rights are subject to limitations, including our overriding obligations under the AML/CTF Act.
Right to Access
You may request access to the personal information we hold about you. We will provide access within 30 days, subject to identity verification and applicable legal limitations. See Section 13 for how to make a request.
Right to Correction
You may request correction of inaccurate, incomplete, or outdated personal information. We will take reasonable steps to correct the information or, if we disagree, attach a statement of the correction you requested.
Right to Opt Out of Marketing
You may opt out of receiving marketing communications at any time. See Section 11 for how to unsubscribe. Transactional communications required for your account are not affected.
Right to Complain
You may make a complaint about how we have handled your personal information. We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days. See Section 14 for the complaints process.
Right to Be Informed
You have the right to know what information we collect and why, before we collect it where practicable. This Policy fulfils that obligation. If we collect information in unusual circumstances, we will inform you at the point of collection.
Right to Deletion (Limited)
You may request deletion of your personal information where we no longer need it. Note: we cannot delete information during the mandatory 7-year AML/CTF retention period. After that period, we will delete or de-identify your records.
13
Section 13
Access & Correction
You may request access to or correction of personal information we hold about you by contacting our Privacy Officer. We will respond to access requests within 30 days.
13.1How to request access. Submit your request in writing to privacy@solomonsbullion.com.au or by post to our Sydney head office. Include your full name, contact details, and a clear description of the information you are seeking. We will verify your identity before providing access.
13.2When access may be refused. We may refuse access to your information (or provide limited access) where: providing access would pose a serious threat to life or safety of any person; providing access would have an unreasonable impact on the privacy of other individuals; the request is frivolous or vexatious; the information relates to existing or anticipated legal proceedings; or providing access would be unlawful or would prejudice law enforcement activities.
13.3Charges. We do not charge a fee for submitting an access request. We may charge a reasonable administrative fee for preparing and providing access to the information where the request is complex or extensive. We will advise you of any fee in advance.
13.4Correction requests. If you believe the personal information we hold about you is inaccurate, incomplete, or misleading, submit a correction request to our Privacy Officer with details of the information concerned and the correction you are requesting. We will take reasonable steps to correct the information within 30 days.
14
Section 14
Complaints
If you believe we have handled your personal information in breach of the Privacy Act or Australian Privacy Principles, you have the right to make a complaint.
14.1Step 1 — Contact Us First. Please bring your complaint to our Privacy Officer in the first instance. We take privacy complaints seriously and will acknowledge your complaint within 5 business days and aim to resolve it within 30 days. Contact details are in Section 16.
14.2Step 2 — Escalate to the OAIC. If you are not satisfied with our response, or if we fail to respond within 30 days, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC): website oaic.gov.au, phone 1300 363 992, or GPO Box 5218, Sydney NSW 2001.
14.3The OAIC may investigate your complaint and, if it finds a breach of the Privacy Act, may issue remedial directions. The OAIC has the power to require us to take specified steps to prevent future breaches.
15
Section 15
Amendments to This Policy
15.1We review and update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or technology. The current version is always available on our website.
15.2We will notify registered clients of material changes to this Policy via email at least 14 days before the changes take effect, where we hold current email contact details.
15.3Your continued use of our services after the effective date of an updated Policy constitutes your acceptance of the updated terms.
16
Section 16
Contact Our
Privacy Officer
All privacy-related enquiries, access requests, correction requests, opt-out requests, and complaints should be directed to our Privacy Officer using the details below.