Helping clients protect and recover value through proactive cyber risk identification and management, and rapid action in response to a breach.
Helping clients to manage risk and regulatory compliance and respond to incidents of financial crime.
Uncover, analyse and clarify facts at the centre of disputes, frauds and other sensitive commercial matters.
Providing advisory and accelerated implementation services to the public and private sector.
Assists clients to grow, protect and recover value in their real estate portfolios.
Working with organisations to stabilise the business or to recover value on behalf of stakeholders.
We are Asia-Pacific’s trusted advisers in cybersecurity, financial crime, forensic, performance improvement, real estate and restructuring.
Our reach is global with offices across Australia, New Zealand, Indonesia and Singapore.
KordaMentha staff are actively engaged in giving back to their communities.
KordaMentha (‘KordaMentha, ‘we’ or ‘our’) understands the importance of keeping any personal information we may receive about you secure and confidential.
KordaMentha may update this policy from time to time.
The following legislations and ancillary documents regulate how we can collect, store, manage, use, disclose and provide access to personal information in each country where we operate. These will be referred to collectively as ‘the relevant legislation’.
Privacy Act 1988 (Cth) (‘Privacy Act’) the relevant privacy principles under the Privacy Act
Personal Data Protection Act 2012 (‘PDP Act’)
Law 27 of 2022 regarding Personal Data Protection (‘PDP Law’)
Privacy Act 2020 (‘Privacy Act NZ’)
Information or an opinion, whether true or not and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
In Indonesia, under the Personal Data Protection Law, No. 27 of 2022, personal information is classified into two categories. General personal data includes full name; gender; nationality; religion; marital status; and/or combined personal data to identify a person. Specific personal data means data and information regarding health; biometric data; genetic data; criminal records; data of children; personal financial data; and/or any other data in accordance with the relevant laws and regulations.
KordaMentha collects personal information primarily for the purpose of providing our services and conducting our businesses. Any processing of personal data will be carried out only for lawful purposes. The duration of processing your personal data shall be the term of the services provided to you or for the duration of the engagement/agreement.
You are not required to provide your personal information to us. However, if you choose not to provide personal information to us where requested (or provide inaccurate or incomplete information or withdraw your consent for us to use your information), we may not be able to provide services to you or in the case of an external administration, deal with your claim.
By providing us with this information, you consent to KordaMentha using the information for its primary purpose.
Primary purposes where we may require your personal information:
KordaMentha will use the personal information for the primary purpose and potentially for a permissible secondary purpose.
KordaMentha will not sell your personal information to a third party without your consent. On external administrations, if the assets include a customer or marketing database (or similar holding personal information), the consent of the individuals will be requested prior to any sale of it to a third party.
KordaMentha collects personal information such as a person’s name, date of birth, address, telephone number, email address, driver’s licence details, passport details, tax file number, Australian business number, bank account details, investment information and employment information. The types of personal information which KordaMentha collects will be limited to what information is necessary for the primary purpose.
In circumstances limited to prospective employees or employees of corporations subject to external administrations, KordaMentha will collect sensitive information such as membership of a professional or trade association, membership of a trade union or a criminal record. In the case of prospective employees, your photo may be taken.
KordaMentha collects personal information by lawful and fair means and not in an unreasonably intrusive way. Generally, KordaMentha will collect this personal information directly from you.
Due to the scope of some engagements, we may collect personal information from our client. Our client will be required to confirm that the personal information is provided on the basis that it is either for the primary purpose for which it was initially collected, a permissible secondary purpose or with your consent.
There may be other occasions when we collect personal information about you or from other sources, such as from a publicly maintained record or from an information services provider, for example where we are required to verify your identity under anti money laundering legislation.
We may collect personal information when you:
In the case of externally administered companies, this information may come into our possession when appointed as external administrators to a company or an individual in accordance with the Corporations Act or Bankruptcy Act respectively.
The duration of processing your personal information shall be the term of the services provided to you or for the duration of the engagement, agreement or other primary purpose.
The retention period will vary according to the primary purpose and the requirements of the relevant legislation in the country where the personal information was collected. The retention period will start from the end of the engagement, during which the personal information will be archived. Any request for access by KordaMentha employees during the retention period will be assessed to ensure there is a genuine purpose for access.
Candidates who do not progress to employment with KordaMentha – if interviewed, 2 years from the end of the financial year in which the application was made. If not successful in reaching the interview stage, 1 year from the end of the financial year in which the application was made.
Client contacts and subscribers to marketing materials – confirmation will be sought annually that your personal information is to be retained. If you request your personal information to be deleted via the email address, [email protected], your email address will be retained to manage this request.
Financial Crime engagements – 7 years from date of final invoice
333 Capital engagements – 7 years from date of final invoice
Real Estate Advisory engagements – 7 years from date of final invoice
KordaMentha Property Funds – 7 years from date of final invoice or closure of fund
Controllerships – 7 years from Form 5603 End of Control return
Liquidations and Deeds of Company Arrangement – 5 years from Form 5603 End of Administration return
Schemes of Arrangement – 7 years from Form 5603 End of Administration return
Creditors’ Trust – 5 years from termination of trust
Other engagements – 5 years from date of final invoice
Liquidations and provisional liquidations – 5 years from date of dissolution
Other engagements – 5 years from cessation date of if not applicable, date of final invoice
Engagements – 10 years from end of financial year
Financial Crime engagements – 7 years from date of final invoice
Personal information contained in emails, files and apps are stored in various jurisdictions, depending on where the personal information is collected.
Australia and New Zealand
All emails, file data and apps used are stored in Australian datacentres.
Singapore and Jakarta
All emails, file data and apps used are stored in Singapore datacentres.
Under the relevant legislation, you have a right to access or change your personal information that is collected and held by KordaMentha.
If you would like to access or change the personal information KordaMentha holds about you, in the first instance, you should contact your KordaMentha contact if you have one. Otherwise, please contact us as outlined in Section 9.1.
Prior to actioning any change or access request, we will need to verify your identity and comply with our other procedures which are in place to prevent unauthorised access to personal information. We will take all reasonable steps to provide access or make the changes to your personal information within 30 days from your request.
KordaMentha will not normally charge you any fees or costs for access to your personal information, particularly when required under the relevant legislation to provide access or obtain a copy free of charge. Fees or costs may apply if providing you with access would require us to incur unreasonable retrieval or other out of pocket costs. We will notify you if any such fees or costs would be payable.
From time to time, we may need to disclose your personal information to a third party. The types of third parties to which we may disclose personal information include:
Any such disclosures will be made on a confidential basis and, where possible, will require the third party to comply with appropriate privacy obligations.
Some of the recipients to whom KordaMentha may disclose your personal information may be based overseas. KordaMentha will only disclose your personal information on receipt of your consent. Your personal information may be shared for business related purposes with our related entities, our agents and third party suppliers that are located in Australia, Singapore, Indonesia and Philippines. Any overseas recipients may not be bound by the relevant legislation in your country. In Australia, on granting your consent, you acknowledge that by consenting to KordaMentha disclosing your personal information to overseas recipients, Australian Privacy Principle 8.1 will not apply to the disclosure. This means that KordaMentha will not be required to take reasonable steps in the circumstances to ensure that the overseas recipient does not breach the Australian Privacy Principles in relation to that personal information and as a result KordaMentha may not be liable under the Privacy Act if the recipient does not act consistently with the Australian Privacy Principles. In Singapore and Indonesia, we will ensure that the recipient affords a standard of protection that is at least comparable to the protection under the PDP Act or the PDP Law respectively. In New Zealand, we will ensure that there are adequate protections in place or if adequate protections are not in place, we will seek your express permission.
KordaMentha takes all reasonable steps to protect the personal information we hold about you from misuse and loss and from unauthorised access, modification or disclosure. We have in place a number of data security, information security and other similar security policies and procedures. These policies and procedures are regularly reviewed to ensure they remain current and appropriate.
KordaMentha will seek to resolve any privacy complaints and will deal with privacy complaints as quickly as possible and in a respectful and confidential manner.
KordaMentha will investigate any privacy complaint you make and will inform you of the outcome of your complaint following the completion of the investigation.
In the event you are dissatisfied with the outcome of your complaint, you may refer the complaint to the relevant authority in your country.
Office of the Australian Information Commissioner
Lodge a privacy complaint with us | OAIC (https://www.oaic.gov.au/privacy/privacy-complaints/lodge-a-privacy-complaint-with-us)
Personal Data Protection Commission Singapore
PDPC | Report a Personal Data Protection Concern (https://www.pdpc.gov.sg/Complaints-and-Reviews/Report-a-Personal-Data-Protection-Concern)
To be advised by the Indonesian government
Privacy Commissioner Office of the Privacy Commissioner | Making a complaint to the Privacy Commissioner (https://www.privacy.org.nz/your-rights/making-a-complaint-to-the-privacy-commissioner/)
For further information or enquiries regarding your personal information, please contact as below:
Email: [email protected]
Phone: +61 3 8623 3333
Mail: GPO Box 2985, Melbourne Victoria 3001
ISO 27001 Certification
Modern Slavery Statement 2022