Privacy Policy

Last updated: January 2026

About Us

Cheviot Investment Management Pty Ltd (ACN 693 886 047) is a corporate authorised representative of Aussie Capital Compliance Pty Ltd (ACN 675 271 262) under Australian Financial Services Licence No. 564458. Through our related entities, Cheviot Financial Services 1 Pty Ltd (ACN 693 885 639) and Cheviot Financial Services 2 Pty Ltd (ACN 693 885 684), we provide private equity investment services to wholesale and sophisticated investors.

We are committed to protecting your privacy. We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles. References to "Cheviot", "we", "us" or "our" include Cheviot Investment Management and its related entities.

This privacy policy should be read in conjunction with our internal Privacy and Confidentiality Policy, Cyber Security Policy and Records Retention Policy, which form part of our Compliance Policy Suite. Where this public-facing policy does not address a specific procedural requirement, the terms of our internal policies will prevail.

What We Collect

Depending on your relationship with us, we may collect:

  • Identity and contact details — name, address, email, phone number, date of birth and identification documents (e.g. driver's licence or passport)
  • Investor qualification details — information to verify your status as a wholesale or sophisticated investor, including financial details, investor classification certificates and declarations
  • Financial information — bank account details, tax file numbers, superannuation details and information about your investments or commitments
  • Professional background — employment history, qualifications, business affiliations and other background details gathered during due diligence
  • Transactional and operational information — records of contributions, distributions, capital calls, notices and communications with you
  • Technical data — IP address, browser type, device identifiers and website usage information

We do not ordinarily collect sensitive information (e.g. health or biometric data) unless required by law or directly relevant to an investment or employment process.

We only collect personal information where it is required or permitted by law or reasonably necessary for our operations. We do not collect more than we need.

How We Collect

We collect information by lawful and fair means. We may obtain information:

  • Directly from you — through subscription or application forms, due diligence questionnaires, KYC/AML documentation, website registration, meetings or events, or communications with us
  • From our affiliates, service providers and advisers — fund administrators, custodians, registrars, brokers, legal advisers, accountants and due diligence providers
  • From public sources — company registers, credit reporting agencies, court records and media
  • Automatically — through cookies, pixels and analytics when you visit our website

Before collecting your personal information, we will where practicable provide you with a collection notice explaining why the information is required, how it will be collected, whether consent is needed, the potential consequences of not providing the information, how long we will keep it, your rights and obligations, and whether the information may be disclosed overseas. In exceptional circumstances (e.g. where we are required to collect information urgently to comply with a legal requirement), we will provide notice as soon as reasonably practicable after collection.

How We Use Your Information

We use personal information to:

  • Assess your eligibility to invest and process applications
  • Conduct KYC/AML checks and verify your identity
  • Manage your investments, including capital calls, distributions and investor communications
  • Conduct due diligence on investment opportunities
  • Comply with legal and regulatory obligations, including AML/CTF, tax reporting (FATCA, CRS) and ASIC requirements
  • Send you market updates and investment opportunities (you can opt out anytime)
  • Improve our services and website
  • Maintain records as required by law

If we collect information for a purpose not listed above, we will tell you at the time and obtain your consent where required.

Technology and Automated Systems

We may use technology tools and automated systems to support our operations. Our use of such technology aligns with our internal policies and Australia's regulatory framework.

How we use technology

We may use automated systems to assist with:

  • Document analysis, summarisation and drafting
  • Research and due diligence processes
  • Data analysis and reporting
  • Administrative tasks and workflow automation
  • Communication drafting and review

Safeguards

When automated systems are used in connection with personal information, we apply the following safeguards:

  • Human oversight — automated systems may support but never replace human judgment. Any technology-assisted decisions with legal, financial or regulatory implications are subject to human validation
  • Anonymisation — where practicable, personally identifiable information is anonymised before automated processing
  • Accuracy review — we review outputs from automated systems for accuracy
  • Security — automated systems and their outputs are subject to the same encryption, access controls and security measures as other personal information
  • Documentation — technology-assisted decision-making processes are documented to ensure they are understandable and justifiable

Your rights regarding automated decision-making

  • You will be informed when automated systems are used to assist in decisions that significantly affect your rights or interests
  • You can request human review of any technology-assisted decision
  • On request, we will provide reasonable information about how automated systems are used in our operations, subject to confidentiality, security and intellectual property considerations

Australian regulatory framework

In Australia, the Privacy Act 1988 (Cth) and Australian Privacy Principles apply to personal information used in automated systems, including both inputs and outputs. The Privacy and Other Legislation Amendment Act 2024 introduced additional disclosure obligations where automated decision-making could significantly affect an individual's rights or interests.

We monitor developments in technology governance and adapt our practices accordingly.

Who We Share Information With

We may disclose your information to:

  • Aussie Capital Compliance Pty Ltd — our AFSL licensee, for compliance and supervisory purposes
  • Service providers — fund administrators, custodians, registry providers, auditors, tax advisers, brokers, legal counsel and IT providers
  • Members of the Cheviot group — our subsidiaries, directors, officers, employees and consultants
  • Business partners — co-investors and transaction counterparties, to the extent necessary to progress a transaction
  • Regulators — ASIC, AUSTRAC, the ATO and equivalent overseas authorities as required by law
  • Technology service providers — where automated tools are used, personal information may be processed by third-party technology providers, subject to appropriate data protection agreements
  • Other parties — with your consent

We require service providers to handle personal information securely and only for authorised purposes. We do not sell or rent your personal information.

Overseas Disclosure

We may transfer personal information to recipients outside Australia, including where our funds are domiciled, where our affiliates operate, or where our IT and cloud providers (including technology service providers) host data. When we do, we take reasonable steps to ensure the recipient protects your information in accordance with the Australian Privacy Principles. This may involve contractual safeguards or ensuring the recipient's data protection regime affords comparable protections.

If you do not want your information disclosed internationally, contact our privacy officer to discuss your options.

Cookies

Our website uses cookies and similar technologies to improve your experience, remember your preferences and analyse how visitors use the site. Cookies are small data files placed on your device that enable the website to recognise repeat visits and provide analytics.

You can control cookies through your browser settings, though some features may not work properly if you disable them.

Our website may contain links to third-party sites. We are not responsible for their privacy practices.

Direct Marketing

In highly unlikely or rare causes, we may use your contact details to send you marketing communications about our funds, events and investment opportunities. We will only do so in accordance with applicable laws, and we will always provide a way to opt out.

You can opt out anytime by clicking "unsubscribe" in our emails or contacting our privacy officer. Opting out will not affect communications necessary for administering your investment or required by law.

Security

We take reasonable steps to protect your information from misuse, interference, loss and unauthorised access. Our safeguards include:

  • Access controls and monitoring — restricting access on a need-to-know basis, using multi-factor authentication where appropriate, and monitoring access logs
  • Physical security — clear-desk policies, tidy meeting rooms, building access controls with cards or keys issued only to authorised persons
  • Encryption and secure storage — encrypting data in transit and at rest, secure off-site backups, reputable cloud providers
  • Staff training — training employees and contractors on privacy, confidentiality and responsible technology practices
  • Regular reviews — periodic security reviews, vendor assessments, oversight by our Compliance Officer and Cyber Security Officer

Access to personal information is monitored through system-based access controls and logs.

Data Breach Management

We maintain procedures to manage privacy incidents and comply with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988. All personnel must report suspected breaches promptly.

Any breach or suspected breach involving personal information will be assessed to determine if it constitutes a Notifiable Data Breach. Assessments will generally be completed within 30 days.

Where a Notifiable Data Breach is identified, we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as soon as practicable, ideally within 72 hours of becoming aware of the breach.

We do not take adverse action against anyone who reports a breach in good faith.

Retention

We retain personal information for as long as necessary to fulfil the purposes for which it was collected and to comply with legal requirements. Standard retention periods include:

  • Financial and taxation records: 7 financial years
  • AML/CTF and KYC records: 7 years after the relationship ends
  • Transaction records: 7 years after the transaction
  • Investor registers: 7 years after termination
  • Simple contracts: 7 years after expiry or termination
  • Deeds: 12 years after expiry or termination

When personal information is no longer required, we securely destroy or de-identify it.

Your Rights

You have the right to:

  • Access — request a copy of the personal information we hold about you
  • Correct — ask us to update information that is inaccurate or incomplete
  • Complain — raise concerns about how we have handled your information
  • Request human review — ask for human review of any technology-assisted decision that significantly affects you

We will respond to access and correction requests within 30 days. We may need to verify your identity first.

In some circumstances, we may refuse access (for example, if it would unreasonably interfere with another person's privacy or breach confidentiality). Where we refuse, we will provide written reasons.

Complaints

If you have concerns about how we have handled your personal information, please contact us. We will acknowledge your complaint promptly and respond within 30 days.

If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

Contact Us

For privacy enquiries, access requests or complaints:

Privacy Officer
Cheviot Investment Management Pty Ltd
Level 1, 55 Collins Street, Melbourne VIC 3000
Email: enquiries@cheviot.com.au

Licensee
Aussie Capital Compliance Pty Ltd
47 Alexander Avenue, Campbelltown SA 5074
Email: compliance@aussiecapitalcompliance.com.au

If your query specifically concerns our role as an authorised representative, we may consult with Aussie Capital Compliance or refer you to their compliance team.

Changes to this Policy

We may update this policy from time to time to reflect changes in law, our business practices or technology. Changes will be posted on this page with an updated effective date. For material changes, we will notify you directly.

Your continued engagement with us after the effective date signifies your acceptance of the updated policy.