top of page

Privacy Policy

Windmill Capital

​

Effective Date:  28/10/2025
Last Updated: 28/10/2025
​

1. INTRODUCTION

​

Windmill Capital ("we", "us", "our" or "the Firm") is committed to protecting the privacy and confidentiality of information entrusted to us by our clients and stakeholders. This Privacy Policy describes how we collect, use, disclose and safeguard personal and financial information in accordance with applicable privacy laws and regulations, including the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

​

Given the sensitive nature of investment banking services, we maintain the highest standards of data protection and confidentiality as fundamental to our fiduciary obligations.

​

2. SCOPE AND APPLICATION

​

This Privacy Policy applies to:

  • Prospective, current and former clients

  • Beneficial owners and authorized representatives

  • Counterparties and transaction participants

  • Service providers and professional advisors

  • Website visitors and digital platform users

  • Any individual whose personal information we collect in the course of our business

​

3. INFORMATION WE COLLECT

​

In providing investment banking, advisory and capital markets services, we collect and process various categories of information:

​

Personal Identification Information

  • Full legal name, date of birth, gender and nationality

  • Contact details including residential and business addresses, telephone numbers and email addresses

  • Government-issued identification documents (passports, driver's licenses, tax file numbers)

  • Professional credentials, qualifications and employment history

​

Financial Information

  • Bank account details and payment instructions

  • Investment portfolios, holdings and transaction history

  • Financial statements, tax returns and source of wealth documentation

  • Credit history and risk assessment data

  • Beneficial ownership structures and related party relationships

​

Transaction and Advisory Data

  • Details of mandates, engagements and advisory relationships

  • Transaction documents, term sheets and commercial agreements

  • Due diligence materials and confidential information memoranda

  • Valuation analyses, financial models and strategic recommendations

  • Communication records relating to advisory services

​

Technical and Usage Information

  • IP addresses, device identifiers and browser types

  • Website navigation patterns and platform usage analytics

  • Authentication credentials and access logs

  • Correspondence and communication metadata

​

4. HOW WE COLLECT INFORMATION

​

We collect information through:

​

  • Direct engagement during client onboarding and know-your-client (KYC) processes

  • Ongoing advisory mandates and transaction execution

  • Public records, regulatory filings and commercial databases

  • Third-party service providers including custodians, legal advisors and verification services

  • Digital platforms, encrypted communication channels and secure file-sharing systems

  • Professional networks and industry relationships

​

5. PURPOSE AND LEGAL BASIS FOR PROCESSING

​

We process personal information for legitimate business purposes including:

​

Client Service Delivery

  • Providing investment banking advisory, capital raising and strategic services

  • Executing transactions and managing mandates

  • Maintaining client relationships and delivering ongoing advisory support

​

Regulatory Compliance and Risk Management

  • Fulfilling anti-money laundering (AML) and counter-terrorism financing (CTF) obligations

  • Conducting customer due diligence and enhanced due diligence where required

  • Meeting reporting obligations under AUSTRAC, ASIC and other regulatory frameworks

  • Preventing fraud, market abuse and financial crime

​

Business Operations

  • Managing conflicts of interest and maintaining ethical walls

  • Maintaining accurate records and archives

  • Internal reporting, analytics and business development

  • Insurance, legal defense and professional indemnity matters

​

Legal Obligations

  • Responding to regulatory inquiries and investigations

  • Complying with court orders, subpoenas and lawful requests from authorities

  • Meeting contractual obligations to counterparties and stakeholders

​

6. INFORMATION SHARING AND DISCLOSURE

​

Windmill Capital does not sell, rent or trade personal information. We maintain strict confidentiality but may share information with:

​

Service Providers and Professional Advisors

  • Legal counsel, external auditors and compliance consultants

  • Technology providers for secure data hosting and communication platforms

  • Due diligence providers and verification services

  • Payment processors and financial institutions

​

Transaction Counterparties

  • In the context of mandated transactions, with buyer/seller counterparties, underwriters and syndicate participants

  • Subject to confidentiality agreements and strict need-to-know principles

​

Regulatory and Legal Authorities

  • When required by law or regulation

  • In response to valid legal process

  • To protect our rights, property or safety, or that of clients or third parties

​

Corporate Transactions

  • In the event of a merger, acquisition or sale of business assets, subject to continued confidentiality protections

​

All third-party service providers are bound by contractual confidentiality obligations and data protection requirements consistent with this policy.

​

7. DATA SECURITY AND PROTECTION

​

We implement comprehensive security measures including:

​

  • End-to-end encryption for all electronic communications and data transmission

  • Multi-factor authentication and role-based access controls

  • Secure physical and electronic storage with restricted access protocols

  • Regular security audits, penetration testing and vulnerability assessments

  • Staff training on data protection, confidentiality and information security

  • Incident response procedures and breach notification protocols

​

All employees and contractors are bound by strict confidentiality obligations extending beyond the term of their engagement.

​

8. DATA RETENTION

​

We retain personal information for as long as necessary to:

  • Fulfill the purposes for which it was collected

  • Comply with legal and regulatory retention requirements (typically seven years for financial records)

  • Defend legal claims and maintain professional indemnity insurance coverage

  • Maintain institutional knowledge for ongoing client relationships

​

Upon expiry of retention periods, information is securely destroyed through approved methods including shredding, degaussing or secure electronic deletion.

​

9. YOUR RIGHTS AND CHOICES

​

Subject to applicable law and regulatory obligations, you have the right to:

  • Access personal information we hold about you

  • Request correction of inaccurate or incomplete information

  • Request deletion of information where legally permissible

  • Object to processing or request restriction of processing

  • Receive information in a portable format

  • Withdraw consent where processing is based on consent

  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

​

To exercise these rights, please contact us using the details in Section 12. We will respond within 30 days of receipt of your request.

​

Important Limitations: Certain information cannot be deleted or modified due to regulatory retention requirements, ongoing regulatory investigations, legal proceedings or legitimate business needs. We will advise you of any limitations when responding to your request.

​

10. INTERNATIONAL DATA TRANSFERS

​

In providing cross-border advisory services and accessing global capital markets, personal information may be transferred to jurisdictions outside Australia. We ensure appropriate safeguards through:

  • Standard contractual clauses approved by relevant data protection authorities

  • Adequacy determinations by the Australian Information Commissioner

  • Explicit consent where required and appropriate

  • Transfer impact assessments for high-risk jurisdictions

​

11. UPDATES TO THIS PRIVACY POLICY

​

We review and update this Privacy Policy periodically to reflect changes in our practices, legal requirements or industry standards. Material changes will be communicated through:

  • Updated effective date at the top of this policy

  • Direct notification to active clients

  • Prominent notice on our website

​

Continued engagement with Windmill Capital following policy updates constitutes acceptance of the revised terms.

​

12. CONTACT INFORMATION

​

For questions, concerns or requests regarding this Privacy Policy or our data practices:

​

Privacy Officer
Windmill Capital
[Address]
[Phone]
[Email]
[Website]

​

Complaints and Escalation


If you are dissatisfied with our response, you may lodge a complaint with:

​

Office of the Australian Information Commissioner (OAIC)
GPO Box 5218, Sydney NSW 2001
Phone: 1300 363 992
Website: www.oaic.gov.au

bottom of page