Privacy Policy

  • Home
  • /
  • Privacy Policy

Privacy Policy

Legal entity: Leotta & Co Property Pty Ltd
ACN / ABN: ACN 681 506 936 | ABN 56 681 506 936
Trading as: Leotta & Co
Address: 31 Edith Street, Innisfail QLD 4860
Phone: 07 4256 4000
Email: admin@leottaco.au

Website: www.leottaco.au Version: Version 2.0 | Last updated March 2026

This policy explains how Leotta & Co collects, uses, and protects your personal information. We are committed to handling it carefully, using it only for the purposes we describe, and keeping it secure. If you have any questions about how we handle your information, please contact us using the details in clause 15.

1. Introduction

Leotta & Co Property Pty Ltd, trading as Leotta & Co, is a real estate agency operating across the Cassowary Coast and its hinterland in Far North Queensland. We provide residential and commercial property management, sales, leasing, and associated services.

We are committed to handling personal information responsibly, transparently, and in accordance with applicable Australian privacy laws. This Privacy Policy explains what personal information we collect, how we use and protect it, and the rights of individuals in relation to their information.

This policy applies to all personal information collected in connection with our business activities, including through our website, digital platforms, and in-person interactions.

2. Legislative Framework

Our privacy practices are governed by the following legislation:

  • Privacy Act 1988 (Cth) — including the Australian Privacy Principles (APPs)

  • Notifiable Data Breaches scheme — Part IIIC of the Privacy Act 1988 (Cth)

  • Information Privacy Act 2009 (QLD) — applicable to interactions with Queensland government bodies including the RTA

  • Residential Tenancies and Rooming Accommodation Act 2008 (QLD) — including confidentiality obligations in domestic and family violence circumstances

  • Property Occupations Act 2014 (QLD) — record-keeping and disclosure obligations

  • Agents Financial Administration Act 2014 (QLD) — financial record obligations

  • Anti-Discrimination Act 1991 (QLD) — obligations in tenant selection

Where any provision of this policy conflicts with applicable legislation, the legislation prevails.

3. Personal Information We Collect

We collect personal information that is reasonably necessary for our business activities. The types of information we collect include:

Owners and Landlords

  • Full name, contact details, and address

  • Proof of identity and property ownership documents

  • Bank account details for rental disbursements

  • Tax file number or ABN (where required for financial reporting)

  • Property details, insurance information, and maintenance history

Tenants and Rental Applicants

  • Full name, date of birth, and contact details

  • Government-issued photo identification

  • Employment details, income information, and payslips

  • Rental history and references

  • Bank account details for bond refunds

  • Information about co-tenants and household occupants

  • Pet ownership details

Contractors and Suppliers

  • Business name, ABN, and contact details

  • QBCC licence number and licence class

  • Insurance certificates of currency

  • Bank account details for payment processing

Vendors and Buyers

  • Full name, date of birth, and contact details

  • Government-issued photo identification

  • Financial information relevant to the transaction including settlement arrangements

  • Property ownership documents and title information

  • Details of legal representatives and conveyancers

  • Tax file number or ABN where required for financial reporting

Inspection Attendees and Enquirers

  • Name and contact details collected at open homes and property inspections

  • Property enquiry and interest details

Website Visitors

  • Technical data including IP address, browser type, and pages visited

  • Information submitted via contact or enquiry forms

We collect only the information that is necessary for the purpose for which it is being collected. Where it is lawful and practicable, we collect personal information directly from the individual concerned.

4. How We Collect Personal Information

We collect personal information through the following methods:

  • Rental applications submitted via online platforms or in person

  • Open home and inspection sign-in registers

  • Email, phone, and written communications

  • Our website at www.leottaco.au

  • Our property management platform — PropertyMe

  • Our CRM platform — PropertyMe Grow CRM

  • Our maintenance management platform — Tapi

  • Our inspection platform — Inspection Express

  • Third-party application platforms

  • The Residential Tenancies Authority (RTA) and other regulatory bodies

  • Reference checks with previous landlords, agents, and employers

Open home sign-in data

Personal information collected on sign-in registers at open homes and inspections — including names and contact details — is collected for the purpose of following up on the specific property. Attendees are informed of this purpose at the time of collection. This information is stored securely in our CRM and is not shared with third parties without consent.

5. How We Use Personal Information

We use personal information only for the purposes for which it was collected, or for directly related purposes that individuals would reasonably expect. This includes:

Property Management

  • Managing tenancies, including rent collection, maintenance, and inspections

  • Communicating with landlords and tenants about property matters

  • Preparing and executing tenancy agreements and lease documents

  • Conducting routine, entry, and exit inspections

  • Arranging and managing maintenance and repairs

Leasing and Sales

  • Assessing and processing tenancy applications

  • Marketing rental and sales listings

  • Conducting property appraisals

  • Managing property sales transactions

Financial and Compliance

  • Processing rental payments, bond lodgements, and disbursements

  • Meeting obligations under the Agents Financial Administration Act 2014 (QLD)

  • Responding to regulatory enquiries from the RTA, OFT, or other bodies

  • Maintaining required records under applicable legislation

Sales Transactions

  • Preparing and executing sales authority agreements (Form 6 — Property Occupations Act 2014)

  • Conducting sales appraisals and market assessments

  • Marketing properties for sale across agreed platforms and portals

  • Presenting and communicating offers between vendors and buyers

  • Liaising with conveyancers, solicitors, financiers, and other parties to facilitate exchange and settlement

  • Meeting vendor disclosure obligations under the Property Occupations Act 2014

Communications and Marketing

  • Responding to enquiries and providing requested information

  • Sending service-related communications

  • Where consent has been given, sending marketing communications about our services, available listings, and property news

We do not use personal information for purposes unrelated to the above without first obtaining consent or as otherwise permitted by law.

6. Disclosure of Personal Information

We may disclose personal information to third parties where necessary for our business purposes or where required by law. Recipients may include:

  • Property owners and landlords — tenancy-related information relevant to their property

  • Tenants — information relevant to their tenancy

  • The Residential Tenancies Authority (RTA) — bond lodgements, dispute resolution, and required notifications

  • The Office of Fair Trading (OFT) — regulatory compliance

  • Licensed tradespeople and contractors — access information required to carry out authorised work orders

  • Legal advisers — where required for dispute resolution or legal proceedings

  • Tenancy database operators (e.g. TICA, National Tenancy Database) — only in accordance with the RTRA 2008 and Privacy Act 1988, and only after notifying the individual

  • PropertyMe and PropertyMe Grow CRM — our property management and CRM platforms

  • The Leotta & Co statutory trust account — sales deposits and settlement funds are held in our trust account in accordance with the Agents Financial Administration Act 2014 (QLD)

  • Tapi — our maintenance management platform

  • Inspection Express — our inspection platform

  • Cloud storage and software providers — subject to appropriate data protection agreements

  • Insurance providers — where relevant to a property or transaction

We do not sell personal information to third parties and do not disclose it for purposes unrelated to our services without consent, except as required by law.

Domestic and family violence — special confidentiality

Where a tenant discloses or indicates that they are experiencing domestic or family violence, their personal information — including contact details, forwarding address, and circumstances — will be kept strictly confidential. We will not disclose this information to any other party, including the property owner, without the tenant’s explicit consent. This obligation exists under the Residential Tenancies and Rooming Accommodation Act 2008 (QLD) and our general obligations under the Privacy Act 1988. All DFV matters are handled by the principal only and are not recorded in the standard property file.

7. Marketing Communications

We may contact individuals by email, SMS, phone, or other means to provide information about our services, available properties, and property market updates.

You may opt out of marketing communications at any time by:

  • Clicking the unsubscribe link in any marketing email

  • Completing the opt-out form at www.leottaco.au/contact

  • Calling our office on 07 4256 4000

Opting out of marketing communications does not affect our ability to send you service-related communications necessary for the management of your property or tenancy.

We comply with the Spam Act 2003 (Cth) in all electronic communications.

8. Data Security

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. Our security measures include:

  • Secure digital systems with access controls and password protection

  • Encrypted data storage and transmission where applicable

  • Role-based access — staff access only the information necessary for their role

  • Staff training on privacy obligations and secure information handling

  • Secure destruction of personal information when it is no longer required

  • Bank detail verification by phone before processing any new or changed supplier payment details

Where we engage third-party platforms (PropertyMe, Tapi, Inspection Express), we take reasonable steps to ensure those platforms maintain appropriate security standards. We recommend reviewing the privacy policies of those platforms directly.

9. Data Retention

We retain personal information only for as long as it is necessary for the purpose for which it was collected, or as required by law. Our retention schedule is as follows:

Record type Retention period Legislative basis
Property management records (tenancy agreements, inspection reports, correspondence) 5 years minimum POA 2014 / AFAA 2014
Trust account and financial records 5 years minimum AFAA 2014
Unsuccessful tenancy applications 30–90 days Privacy Act 1988 (Cth) APP 11
Sales transaction records 5 years minimum POA 2014
Identity documents (verified copies) Destroyed within 12 months of transaction completion or tenancy end Privacy Act 1988 (Cth) APP 11
Marketing contact lists Until opt-out or withdrawal of consent Privacy Act 1988 (Cth) / Spam Act 2003
Website analytics data As configured in platform settings Privacy Act 1988 (Cth)

When personal information is no longer required, it is securely destroyed or de-identified in accordance with our internal procedures.

10. Data Breaches

We maintain an internal data breach register and have procedures in place to identify, assess, contain, and respond to data breaches.

In the event of an eligible data breach under the Notifiable Data Breaches scheme (Part IIIC of the Privacy Act 1988 (Cth)), we will:

  • Contain the breach and assess the likely harm to affected individuals

  • Notify the Office of the Australian Information Commissioner (OAIC) as required

  • Notify affected individuals where the breach is likely to result in serious harm

  • Take remedial action to prevent recurrence

Examples of events that may constitute a data breach include: unauthorised access to our systems; loss of a device containing personal information; inadvertent disclosure of personal information to an incorrect recipient; and fraudulent access resulting from phishing or business email compromise.

Staff who become aware of a suspected data breach must notify the principal immediately. No public statement or disclosure to affected individuals will be made without the principal’s direction.

11. Website and Cookies

Our website at www.leottaco.au may collect technical data including IP addresses, browser type, device information, and pages visited. This information is used to improve website performance and user experience.

Our website may use cookies — small data files stored on your device. You may configure your browser to refuse cookies; however, this may affect the functionality of certain parts of the website.

We do not use website data to identify individuals without their consent, except where required by law.

Our website may contain links to third-party websites including realestate.com.au, Domain, and other platforms. We are not responsible for the privacy practices of those websites and encourage you to review their privacy policies directly. Once you leave our website, this policy does not apply.

12. Access and Correction

Individuals have the right to request access to the personal information we hold about them, and to request correction of information that is inaccurate, incomplete, or out of date.

To make an access or correction request, please contact us using the details in clause 14. We will respond within a reasonable timeframe and in accordance with the Australian Privacy Principles.

We may decline an access request in limited circumstances permitted by the Privacy Act 1988 (Cth), such as where providing access would pose a serious threat to safety or unreasonably impact another person’s privacy. Where we decline a request, we will provide written reasons.

There is no charge for making an access or correction request. We may charge a reasonable fee to cover the cost of providing access in complex cases — we will notify you of any applicable fee before proceeding.

13. Privacy Complaints

If you believe we have handled your personal information in a manner inconsistent with this policy or applicable privacy law, we encourage you to contact us first so we can attempt to resolve the matter directly.

To make a privacy complaint, please contact us using the details in clause 14. We will:

  • Acknowledge your complaint within 5 business days

  • Investigate the matter and respond with our findings within 30 days

  • Take appropriate remedial action where a breach is identified

If you are not satisfied with our response, you may escalate your complaint to:

  • Office of the Australian Information Commissioner (OAIC) — www.oaic.gov.au | 1300 363 992

  • Office of the Information Commissioner Queensland (OIC) — www.oic.qld.gov.au | 07 3234 7373

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. The current version will always be available on our website at www.leottaco.au.

Where changes are material, we will take reasonable steps to notify individuals whose information we hold. Continued use of our services following notification of changes constitutes acceptance of the updated policy.

15. Contact Us

For all privacy-related enquiries, requests, or complaints, please contact:

Privacy contact: David Leotta — Principal
Organisation: Leotta & Co Property Pty Ltd
Address: 31 Edith Street, Innisfail QLD 4860
Phone: 07 4256 4000
Email: admin@leottaco.au
Website: www.leottaco.au