top of page

Privacy Policy

In this Privacy Policy, “we”, “us” and “our” refer to Vector Capital Management Pty Ltd (ACN 643 767 168) trading as Signafi Capital Management (“Signafi”) and “you” and “your” refer to any person who visits our website, uses our services (including our affiliates’ services), accesses the Client Portal or whose personal information Signafi collects or holds. This Privacy Policy explains how Signafi collects, uses, discloses, stores and protects personal information in connection with its financial services and our secure Client Portal (being the online platform you access using your login credentials).

 

Signafi is committed to protecting personal information and complying with the Australian Privacy Principles under the Privacy Act 1988 (Cth), including applicable requirements relating to transparency, security, complaint handling and eligible data breach notification, and we may update this Privacy Policy from time to time to reflect changes in our practices and updates to privacy laws. As we provide services internationally, additional privacy requirements and individual rights may also apply depending on where you are located or where our processing occurs, and where applicable we will provide any required additional notices and explain how you can exercise relevant privacy rights.

PRIVACY POLICY CONSENT

By using Signafi’s services, you acknowledge that we collect, use and disclose personal information as described in this Privacy Policy. We may provide additional disclosures from time to time, which supplement and form part of this Privacy Policy. These disclosures may expand on information administration practices or provide further clarification for specific practices. If you disagree with or are not comfortable with any aspect of Signafi’s Privacy Policy, you should immediately cease the use of Signafi’s services.

CHANGES TO THE PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes to our practices, services, or applicable laws. We encourage you to review this Privacy Policy periodically. Where a change is material, we will take reasonable steps to notify you, such as by email, a notice in the Client Portal, or by posting an updated version on our website with a revised effective date.

WHO DOES SIGNAFI'S PRIVACY POLICY APPLY TO?

This Privacy Policy applies to personal information we handle about anyone who uses Signafi’s services, whether provided by Signafi or through our affiliates in connection with our digital currency exchange and advisory services. This includes individuals, merchants, and representatives of legal entities such as directors, officers, authorised users and beneficial owners.

WHAT PERSONAL INFORMATION DO WE COLLECT

We collect only the personal information that is reasonably necessary to or directly related to providing our services, operating the Client Portal, conducting due diligence, managing risk (including fraud, financial crime, cybersecurity and sanctions risk), improving our services, and meeting legal and regulatory obligations. The types of personal information we may collect include:

  1. Identification Information: Full name, date of birth, age, nationality, gender, signature, phone number, home address, email, utility bills, passport number, driver’s license details, national identity card details, photograph identification cards, taxation ID numbers, Client Portal login credentials and activity logs.

  2. Financial Information: Transaction history, trading data, deposit and withdrawal information, bank account details, payment card information (processed via our payment providers and protected using security measures such as tokenisation where available), and information stored or displayed in the Client Portal.

  3. Employment Information (where relevant): Job title, office location or role description (for example, where required for onboarding, suitability, fraud prevention or compliance checks).

  4. Sensitive Information (where required): We only collect sensitive information where it is permitted by law and reasonably necessary for a specific purpose (for example, criminal history or sanctions screening outcomes, and biometrics where enabled). Where required under the Privacy Act 1988 (), we will obtain your consent before collecting sensitive information.

  5. Any other relevant information: This will generally depend on the circumstances, relationship and factual situation as between Signafi as service provider and you, the client.

Personal information may be collected when you apply for or use Signafi’s services, when you submit an enquiry through our website and when you access or use the Client Portal (for example, through login and security activity logs). We may also collect personal information from third parties where permitted by law such as identity verification providers (including providers engaged to conduct document verification, sanctions, PEP and other compliance checks), government and public registers and other databases as permitted by law.

You will receive this Privacy Policy or a link to it when registering for Signafi’s services which serves as notification of the collection of your personal information. For information collected after registration, Signafi will notify you as soon as practicable, including the purpose of collection, entities it may be disclosed to, consequences of non-provision, and your rights to access and correct the information.

Sensitive information will only be collected with your explicit consent, as required by the Privacy Act 1988 (Cth).

HOW WE COLLECT PERSONAL INFORMATION

 

We may collect personal information directly from you when you:

  1. apply for or use our services;

  2. submit an enquiry through our website;

  3. access or use the Client Portal (including login and security activity logs); or

  4. communicate with us (for example, by email, phone, messaging services such as WhatsApp, or SMS).

We may also collect personal information from third parties where permitted by law, such as:

  1. identity verification and screening providers (including document verification, sanctions, PEP and other compliance checks);

  2. government agencies and public registers; and

  3. other databases and sources permitted by law.

Where practicable, we will provide notice of collection at or before the time we collect personal information. Where this is not practicable, we will provide notice as soon as reasonably practicable, including the purpose of collection, the types of recipients we may disclose to, and how you can access and correct your information.

WHY DO WE COLLECT THIS INFORMATION

 

We may collect, use and disclose personal information for the following purposes:

  1. To Create a Better Experience for Our Clients: The collection of data will allow us to update and create new services that will better meet our client’s needs. At Signafi, we endeavour to create a more personalised experience for our clients.

  2. To Protect Our Clients: The collection of transaction information will allow us to identify any suspicious activity that may lead to fraud or loss of funds.

  3. To Comply with Regulatory Requirements: We provide a designated service and are registered with Australian Transaction Reports and Analysis Centre AUSTRAC) as required under Australian law. We also align our internal processes with international regulatory standards. Therefore, we treat the services offered by Signafi as subject to both Australian and international regulatory obligations which require us to collect your personal information. Information collected will be used to maintain compliance with applicable Know Your Customer (KYC), Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) obligations and any other applicable regulatory requirements. Some of the information that is required to be collected pursuant to these regulations include personal identification information, personal usage information, financial information and employment information.

  4. To Enforce our Internal Processes: It is important for Signafi to regulate its services and its customers relating to the prevention and mitigation of any potentially prohibited activities, enforcing our agreements with third parties and violations of our internal processes. For these purposes, it is essential for Signafi to collect user data.
    If Signafi is unable to process user information for these reasons, the consequence is the termination of your engagement as we cannot perform our services in accordance with our terms.

  5. Maintain your Registration as a Client: This will allow you to access your engagement safely and securely whenever and wherever you are.

  6. Ensure Quality Control: We store user information for quality control and staff training to ensure we provide users with accurate information.

  7. Additional Service Offerings: We use information relating to your usage of Signafi to provide better suggestions of our service offerings which may suit your needs and requirements. Should we provide you with marketing information in relation to any of the Signafi services, you have the right to opt out by clicking on the unsubscribe button in the email or contacting us at compliance@signafi.com.

  8. To Provide and Maintain the Client Portal: The collection of data allows us to provide secure access to the Client Portal, display your portfolio, and facilitate the management of your account, including viewing deposits, withdrawals, and transaction history.

 

WHO WE SHARE YOUR INFORMATION WITH

We may use and disclose personal information we collect to the categories of recipients set out below, as reasonably necessary to provide our services and as permitted or required by law:

  1. Professional advisors and service providers we engaged to help deliver our services to clients, such as experts, accountants, law firms, enforcement agencies and other associated professionals;

  2. Any person you authorise, or where you have expressly consented to the disclosure;

  3. Signafi’s associated commercial and business partners, such as related organisations, distribution partners and business agents acting on our behalf;

  4. Technology and operational providers necessary to run our services and Client Portal, such as cloud hosting, data storage, identity verification and payment providers, who are subject to privacy and security obligations, some of which may be located overseas including in jurisdictions such as Germany and other countries in which our service providers operate;

  5. Regulators, courts, government agencies and law enforcement, where we are required or authorised by Australian law to disclose information, including in response to a subpoena, court order, warrant, regulatory request or other lawful notice;

  6. Prospective counterparties in connection with corporate or commercial transactions (such as mergers, acquisitions, restructures, financings or asset sales), including due diligence, subject to appropriate confidentiality protections;

  7. The person making an enquiry, and any parties directly involved, where reasonably necessary to respond, investigate, or resolve the matter; and

  8. Any other recipients or purposes permitted under the Privacy Act 1988 (Cth).

 

Where we disclose your personal information to an overseas recipient, we will take reasonable steps to ensure that the recipient handles the information in accordance with the Australian Privacy Principles (for example, by imposing contractual obligations to maintain privacy and security standards equivalent to those required in Australia). In certain circumstances permitted by the Privacy Act 1988 (Cth), we may not be responsible for the acts or practices of an overseas recipient.

HOW WE PROTECT YOUR INFORMATION

Signafi considers our user privacy to be of great importance. That is why we have implemented multiple security measures to ensure that client data is secure, free from unauthorised access, alteration, disclosure, and destruction. For example, we implement the following security measures:

  1. Security procedures within our offices;

  2. Technological security measures in relation to the Client Portal such as two-factor authentication;

  3. IT security procedures including password protection and firewalls; and

  4. Mandatory confidentiality guidelines for all staff within the business.

 

Signafi takes reasonable steps to protect your personal information using administrative, technical and physical safeguards (such as encryption and firewalls). However, no system is completely risk-free. You are responsible for keeping your login credentials confidential and notifying us promptly if you suspect unauthorised access or a security incident affecting your account.

 

In the unlikely event of a data breach involving your personal information that is likely to cause serious harm, we will comply with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth). This includes promptly assessing the incident, and where required, notifying both you and the Office of the Australian Information Commissioner (OAIC).

COOKIES (Website/Browser)

Cookies are small files used to recognise your device and store information about website usage. Most browsers automatically accept cookies, but you can change your settings to refuse cookies. Refusing cookies may affect website functionality.

We and our authorised third parties may use cookies and similar technologies (including analytics and security tools) to understand how visitors use our website, improve performance and user experience, and help protect our services. Through these technologies, we may collect information such as your browser type, operating system, IP address and usage data, which we generally use in aggregated form to analyse and improve our website and services.

AUTOMATICALLY COLLECTED DATA (Services/ Client Portal)

When you use our services or access the Client Portal, certain information is collected automatically as part of providing a secure online service and meeting compliance requirements. This includes server and security logs such as IP address, device and browser signals, timestamps, authentication and access events (including failed logins and 2FA activity), and audit logs of actions within the Client Portal. We use this information to operate and secure our services, detect suspicious activity, troubleshoot issues and improve performance.

OBTAINING INFORMATION THROUGH THIRD PARTY SOURCES

Signafi may obtain personal information about you from third parties where permitted by law to verify your identity, perform AML/CTF customer due diligence (including sanctions and PEP screening), and prevent fraud. These sources may include identity verification and screening providers, official government records and public registers, and regulated commercial databases used for compliance screening.

WHY WE SHARE PERSONAL INFORMATION WITH OTHER PARTIES

Signafi does not sell your personal information and does not rent it for marketing purposes. We may share your personal information only in the circumstances set out below, where reasonably necessary to provide our services, operate our business, or where permitted or required by law:

  1. We may share your information with third-party identity verification and screening providers to verify your identity and help prevent fraud and financial crime (including by checking relevant public records). These providers may store and process your information for the purpose of providing verification and screening services to Signafi.

  2. Signafi may share your information with service providers we engage to support our operations (such as accountants, lawyers and technology providers). These providers are required to handle personal information in accordance with confidentiality, privacy and security obligations.

  3. We may share your information with financial institutions which Signafi has partnered with to process payments.

  4. We may share your information with companies or entities involved in a purchase, merger, restructure or similar transaction affecting Signafi, including as part of due diligence. Any successor entity will be expected to handle personal information in a manner consistent with this Privacy Policy.

  5. We may share your information with law enforcement officials or other entities when required to do so under applicable law.

  6. We may share your information with law enforcement, officials, or other third parties when we are compelled to do so by a subpoena, court order, or similar legal procedure, or when we believe in good faith that the disclosure of personal information is necessary to prevent physical harm or financial loss, to report suspected illegal activity or to investigate violations of our User Agreement or any other applicable policies.

HOW WE PROTECT AND STORE PERSONAL INFORMATION

Signafi may hold sensitive information in our facilities or service providers located worldwide. This includes information accessed or stored through the Client Portal. We take reasonable steps to protect personal information through physical, electronic and procedural safeguards appropriate to the nature of the information and applicable legal requirements.

No system is completely risk-free, and Signafi cannot guarantee that loss, misuse, unauthorised acquisition, or alteration of your data will not occur. You are responsible for keeping your account credentials confidential and notifying us promptly if you suspect unauthorised access. We also cannot ensure the security of information transmitted by internet or wireless channels (including email, phone, messaging services such as WhatsApp or SMS) once it leaves your device or network. If you believe your information is no longer secure, please contact us using the details at the end of this Privacy Policy.

We retain personal information for as long as necessary to provide our services and to comply with legal and regulatory obligations, including record-keeping obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth). Generally, this means we will retain records for at least seven years after your relationship with us ends. After the required retention period, we will securely destroy or de-identify personal information unless it is subject to a legal hold, investigation or other legitimate business need.

PERSONAL INFORMATION RIGHTS

Under the Privacy Act 1988 (Cth), you have the right to request access to the personal information we hold about you and to request correction of any information that is inaccurate, out of date, incomplete, irrelevant or misleading. In certain circumstances permitted by law, we may refuse access or correction, in which case we will provide you with written reasons for the refusal and information about how you may complain. If you wish to exercise any of these rights, please contact us as set out below.

HOW YOU CAN ACCESS OR CHANGE PERSONAL INFORMATION

You may request access to, or correction of, your personal information by contacting us at compliance@signafi.com.

If your account is closed or terminated, Signafi will retain your account information for at least seven years to meet regulatory and compliance obligations and to help detect and prevent fraud including attempts to avoid controls by closing an account. When your account is closed or terminated, your information will not be used for marketing purposes but may continue to be used and disclosed as required to comply with legal, regulatory, risk management, or record-keeping obligations.

GENERAL DATA PROTECTION REGULATIONS (GDPR) and UK GDPR

Because Signafi accepts clients who may be located in the European Economic Area (EEA) and the United Kingdom, the GDPR and UK GDPR may apply to certain processing of personal data. Where these laws apply, we will process personal data only where a lawful basis exists, which may include:

  1. Performance of a contract (e.g. to deliver our services to you);

  2. Compliance with legal obligations (e.g. anti-money laundering requirements);

  3. Legitimate interests (e.g. maintaining security of our platform and improving our services); and

  4. Consent (where we rely on your explicit consent, e.g. for certain marketing or sensitive information).

If we rely on consent and you withdraw it, we will cease the relevant processing unless we have another lawful basis to continue. Withdrawal of consent will not affect the lawfulness of processing carried out before the withdrawal. If we have another lawful basis to process certain data, we may continue that processing as permitted by law. Signafi has taken steps to align its practices with the General Data Protection Regulation, including providing information about data retention and how you may exercise your privacy rights.

Where GDPR/UK GDPR applies (and subject to applicable law and exemptions), you may have the following rights:

1.               Right to withdraw consent

You may withdraw your consent at any time where we rely on consent to process your personal information.

2.               Right of access

You may request confirmation as to whether we process your personal data and, where that is the case, to request access to that personal data and certain related information in accordance with applicable data protection laws.

 

This information will be provided without undue delay and will generally be free of charge. However, we may charge a reasonable fee where permitted by law, including where a request is manifestly unfounded or excessive. Access may be refused or limited where providing it would adversely affect the rights and freedoms of others or where otherwise permitted by law.

3.               Right to rectification

You may request Signafi update any of your personal information that you believe incorrect or inaccurate.

4.               Right to Erasure

You may request erasure of your personal data in certain circumstances, including where it is no longer necessary for the purposes for which it was collected, where processing is based on consent and you withdraw consent (and no other lawful basis applies), or where you object and there are no overriding legitimate grounds for processing. This right is not absolute and may be limited where we are required to retain information (for example, to comply with legal obligations).

5.               Right to Data Portability

Where applicable, you may request a copy of your personal data in a structured, commonly used and machine-readable format, and ask us to transfer it to another controller where technically feasible, unless doing so would adversely affect the rights and freedoms of others.

6.               Right to Restriction of Processing

You may request that we restrict (i.e. temporarily limit) our processing of your personal information where one of the following applies:

(a) you contest its accuracy (while we verify it);

(b) processing is unlawful and you prefer restriction instead of erasure;

(c) we no longer need the data but you require it to establish, exercise or defend legal claims; or

(d) you have objected to processing (while we consider whether we have compelling grounds to continue).

 

7.               Right to be Informed Regarding Lifting Restriction

Where processing has been restricted, we will inform you before the restriction is lifted, where required.

8.               Notification of Erasure, Rectification and Restriction

When required, we will communicate any rectification or erasure of your personal information or restriction of processing to each recipient to whom your personal information has been disclosed, unless this proves impossible or involves disproportionate effort. We will inform you about those recipients if you request this information.

9.               Right to Object to Processing

Where the processing of your personal information is based on consent, contract or legitimate interests you may object, at any time, to the processing of your personal information as permitted by applicable law. We may continue processing where permitted, including where necessary for the establishment, exercise or defence of legal claims or where other exceptions apply.

10.            Automated Individual Decision-Making and Profiling

You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal or similarly significant effects, except where permitted under applicable data protection laws.

INTERNATIONAL PRIVACY RIGHTS (WHERE APPLICABLE)

Signafi provides its services from Australia and is primarily governed by the Privacy Act 1988 (Cth) and the Australian Privacy Principles. Where you are located outside Australia, additional privacy rights or requirements may apply under the laws of your jurisdiction. These rights vary by location and may include rights to access, correct, delete, restrict, or object to certain processing.

 

If you believe Signafi has infringed your rights, we kindly request that you contact us first so we can attempt to resolve the matter. Please contact us at compliance@signafi.com. We will acknowledge receipt of your complaint, investigate the matter and provide a written response. We aim to respond within 30 calendar days of receiving your complaint. If more time is required due to the complexity of the matter, we will notify you.

 

If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC):

  • Website: www.oaic.gov.au

  • Phone: 1300 363 992

  • Mail: GPO Box 5288, Sydney NSW 2001

CONTACT US

If you have any questions or enquiries about this Privacy Policy or how we collect or use your personal information (including information accessed or stored through the Client Portal), please contact us at compliance@signafi.com.

bottom of page