This Privacy Policy deals with the collection, security, use and disclosure of personal information gathered by Celion Nexus Pty Ltd (ACN 693 798 597), a reporting entity registered with the Australian Transaction Reports and Analysis Centre (AUSTRAC) as an Independent Remittance Dealer (IND100917818-001). This Policy is issued pursuant to the Privacy Act 1988 (Cth) (Privacy Act) including the Australian Privacy Principles (APPs), and reflects Celion Nexus’s obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), as amended (including by the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 (Cth)) (the AML/CTF Act). Celion Nexus is committed to ensuring the confidentiality and security of any of your personal information that is disclosed to us, with particular emphasis on protecting the privacy and security of high net worth and ultra-high net worth individuals and their families.
This Policy applies to all clients, authorised agents, and transaction beneficiaries who engage Celion Nexus for remittance and settlement services. This Policy explains how Celion Nexus may collect, use, share and retain information about you and the choices you have in relation to the collection and use of your personal information in connection with the provision of remittance services.
You acknowledge that Celion Nexus is regulated by AUSTRAC under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), as amended (the AML/CTF Act), and that the collection and verification of personal information is a mandatory legal requirement before remittance services can be provided. The Privacy Act and Australian Privacy Principles apply to the handling of all personal information collected.
Any amendments to this Privacy Policy will be posted on our website.
Celion Nexus collects personal information through a variety of methods and contact points during its business. In some cases, we may also collect personal information through third parties or intermediaries.
The type of information collected may include the following, noting that certain categories are mandatory for AML/CTF compliance and cannot be waived:
Name, gender and date of birth;
Contact details (including for authorised representatives and key personnel);
Tax File Number and taxation records;
Business structure and corporate information (including ACN, ABN, and trustee details where applicable);
Source of wealth declaration and supporting information;
Transaction details including amount, currency, beneficiary details, and stated purpose; Beneficiary identification documents and relationship evidence (e.g. statutory declaration for family members, company extract for entity beneficiaries); When you visit our website, we may use ‘cookies’ or similar technologies to collect data. A cookie is a small file, typically of letters and numbers, downloaded onto a device when you access a website. Our website collects the following information from users:
your server address;
your top-level domain name (e.g., .com, .com.au, etc.)
the date and time of your visit to the site;
the pages you accessed;
the previous site you have visited; and
the type of browser you are using.
In addition, we may have to collect certain information about you where we are required to do so by law. This includes the AML/CTF Act and AUSTRAC rules, which require Celion Nexus to collect and verify personal information including identity documents, source of wealth declarations, and beneficiary details, to screen clients against sanctions, PEP, and adverse media databases, and to report certain transactions and suspicious matters to AUSTRAC. You acknowledge that Celion Nexus cannot provide remittance services without completing mandatory AML/CTF compliance checks.
Celion Nexus recognises that high net worth (HNW) and ultra high net worth (UHNW) individuals face unique privacy and security risks. We have implemented specific measures to protect our clients from these risks, including:
Wealth Profile Protection: We do not create, maintain, or share ‘wealth profiles’ or publicly identifiable information that could reveal the financial status, asset holdings, or investment activities of our clients. All client information is treated with the highest level of confidentiality and is accessible only on a strict need-to-know basis within our organisation.
Physical Security Considerations: We recognise that disclosure of certain information could impact the physical security of our clients and their families. We take particular care to:
- Avoid disclosure of residential addresses, travel schedules, or family member information unless absolutely necessary for service delivery;
- Restrict access to information that could be used to determine patterns of behaviour, locations, or routines;
- Implement enhanced security protocols for any information that could pose a security risk if disclosed; and
- Never share information about client whereabouts, property holdings, or family members with third parties without explicit consent.
Media and Public Disclosure: We will not disclose client information to media, public databases, or rich lists. We do not participate in wealth rankings, industry surveys that could identify individual clients, or any public relations activities that could compromise client privacy.
Discretion in Communications: All client communications are conducted with discretion. We use secure communication channels and avoid identifying clients by name in public forums, social media, or marketing materials without prior written consent.
The Privacy Act allows you to choose to remain anonymous or use a pseudonym in your dealings with Celion Nexus. For example, you may choose not to provide your name or contact details if making a general enquiry about our services. However, this option will not be available to you where we are required to verify your identity, which is a mandatory legal requirement for AML/CTF compliance purposes.
There may be instances where Celion Nexus comes into possession of personal information that it has not requested. If this occurs, we may be permitted to record or use this information if the information could have been collected through the ordinary course of our business for the purposes of providing you the remittance service. However, if the information would not have been collected through the ordinary course of our business for the purpose of providing the remittance services, we will destroy or de-identify it.
Personal information that is collected may be stored electronically or in hard copy. Such personal information may be held directly by us or by an administrator, or by a third party, which we have engaged to provide services.
We have implemented processes and systems to ensure that personal information is protected and used only for the purposes for which it was collected in accordance with the Australian Privacy Principle 11.1 - requirement to take reasonable steps to protect personal information.
We ensure that we have measures to handle data that we collect:
Database system access is controlled via secure access controls including password complexity, Multi-Factor Authentication (MFA).
Third party application security is reflected in outsourcing agreements to reflect relevant privacy law obligations which require the third parties to have adequate procedures to detect and respond to cyber security incidents;
Internal access to client records including government related identifiers such as tax file numbers and our databases is restricted based on employees’ roles and responsibilities;
Authorisation processes are in place for change in access;
Password encryptions and regular changes to passwords apply; and
Client records in hard copy format are secured and archived where appropriate.
Celion Nexus is required to hold personal information and transaction records for a minimum of seven years in accordance with the record-keeping obligations under the AML/CTF Act and the AML/CTF Rules. Records subject to this requirement include client identification records, source of wealth declarations, transaction records, screening results, and compliance decisions made in relation to each client and transaction. In cases where we are no longer required to maintain records, personal or sensitive information and we do not need to rely on the information, we will promptly and securely destroy or de-identify it. Where the records are held by a third party, we will take reasonable steps to ensure the personal information is destroyed or de-identified.
We collect, hold, and disclose your personal information for the following purposes:
as a necessary part of providing cross-border remittance and settlement services;
to verify your identity and satisfy mandatory AML/CTF customer due diligence obligations under the AML/CTF Act;
to screen your identity, beneficiary, and transaction details against sanctions, PEP, and adverse media databases;
to communicate with you regarding your transactions, compliance requirements, and service updates;
to comply with our legal and regulatory obligations, including AML/CTF requirements;
to help us understand the needs of our client base and enhance our service delivery; and
other purposes related to any of the above or as otherwise agreed with you.
We will only use your information for the purposes for which it was collected (primary purposes) or a purpose related to the primary purpose, if this use would be reasonably expected by you, or otherwise, with your consent.
We may disclose your information to necessary third parties who assist us to provide, manage and administer our remittance services. Information provided to third parties will be dealt with in accordance with that entity’s privacy policy, which must comply with the Privacy Act and Australian Privacy Principles. People we may disclose your information to include:
payment acquirers and banking partners involved in the settlement of your transaction;
professional advisers including lawyers, accountants, and auditors;
identity verification and screening service providers, including global sanctions and PEP screening platforms and jurisdictional screening providers;
our website host and software application providers;
AUSTRAC and other government authorities and regulators including the Australian Federal Police and relevant law enforcement agencies where required by law;
correspondent banks and payment infrastructure providers involved in processing or settling your transaction.
We will only disclose your personal information, including government related identifiers like tax file numbers to a third party if:
you have provided consent to the disclosure to us or the third party;
the disclosure is related to the purpose for which it was collected;
it is required by law or order of an Australian court or tribunal; or
exceptional circumstances apply, such as an imminent risk to health or safety.
The disclosure must only be information that relates to the primary purpose for which the information was collected.
We may need to share some of your information with organisations outside of Australia if we have service providers located overseas. We may also store your information in networked or electronic systems, such as the cloud. Because the cloud can be accessed from various countries through an internet connection, it may not always be practicable to know from which country your information is being accessed. If your information is stored in the cloud, disclosures may occur in countries other than Australia and we are legally responsible for any data losses and breaches.
We will not disclose information to an overseas recipient unless:
we have taken reasonable steps to ensure that the overseas recipient complies with the Australian Privacy Principles;
we have obtained consent from you; or
the disclosure is required or permitted by law.
Celion Nexus may from time to time provide you with information about services, regulatory updates, or other matters relevant to your remittance relationship with us. All communications are conducted with discretion. You may opt out of non-essential communications at any time by contacting our Privacy Officer using the details provided in this Policy. Note that certain communications relating to AML/CTF compliance, transaction status, or regulatory obligations cannot be opted out of as they form part of our legal obligations.
You are entitled to have access to and seek correction of any personal information that we may hold about you. We require that requests for access to or to update or correct your personal information, be in writing, outlining the details of your request. Such requests should be addressed to the Privacy Officer via the details provided in this Policy.
We will take appropriate steps to verify your identity (or verify that you act as an authorised agent of the individual or entity concerned) before granting a request to access your personal information.
We will respond to your request for access to your personal information within a reasonable time after you make the request and if access is granted, access will be provided within 30 days from your request. We will, on request, provide you with access to your personal information or update or correct your personal information, unless we are lawfully prohibited from granting such a request. A few examples of data request prohibitions include where:
giving access would be unlawful;
we are required or authorised by law or a court/tribunal order to deny access; or
giving access is likely to prejudice one or more enforcement related activities conducted by an enforcement body.
Where your request for access is accepted, we will provide you with access to your personal information in a manner, as requested by you, providing it is reasonable to do so.
Your request for correction will be dealt with within 30 days, or such longer period as agreed by you. If we deny your request, we will provide you with a written notice outlining reasons for the refusal and the process for making a complaint about the refusal to grant your request.
Upon accepting a request for correction of your personal information, we will take all steps that are reasonable in the circumstances, having regard to the purpose for which your information is held, to correct your personal information.
If you believe that we have breached a term of this Policy or the Privacy Act, you may submit a complaint. Any written complaint can be emailed or posted to us using the contact details set out below. You must include your contact details for us to contact you regarding your complaint.
Our Privacy Officer will consider your complaint and respond as soon as reasonably possible, but not more than 30 days from receiving the complaint.
If you are unsatisfied with the outcome of your complaint you may refer your complaint to the Office of the Australian Information Commissioner.
If you wish to:
gain access to your personal information; or make a complaint about a breach of this policy; or
contact us with a query about how your information is collected and/or used; or contact us regarding any other matter concerning this Policy, you may speak directly with our staff who will do their best to try to resolve your issue. Alternatively, you can write to us or send us an email so that our Privacy Officer can consider the matter. We will respond to you as soon as reasonably possible.
If you do not wish to receive direct marketing communications from us, please contact our Privacy Officer via the details below. Our contact details are as follows:
Privacy Officer contact: nexus@celioncapital.com
Postal address: The Privacy Officer, Celion Nexus Pty Ltd, Level 17, Chifley Tower, 2 Chifley Square, Sydney, NSW 2000, Australia.
For more information on privacy see the Office of the Australian Information Commissioner’s website at: www.oaic.gov.au.