Skip to content

Privacy Policy

Carrara Capital Privacy Policy for clients, suppliers and other third parties.

A reference to Carrara Capital or ‘we’ or ‘us’ in this Policy means Carrara Capital Pty Ltd as a Corporate Authorised Representative (CAR No 1297181) of Carrara Investment Management Pty Ltd (ABN 67 637 149 387) (AFSL 526072).

1. What is the purpose of this document?

Carrara Capital is bound by the Privacy Act 1988 (Cth), its Amendment (Enhancing Privacy Protection) Act 2012 (Cth), its Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth) (together, the Privacy Act), and the EU General Data Protection (GDPR) and will protect your personal information in accordance with the Australian Privacy Principles and the GDPR. These govern how we can collect, use, hold and disclose your personal information, and how we respond when a data breach (including cyber and data security breaches), is likely to result in serious harm to any individuals whose personal information is involved in the breach.

In most circumstances, we are a ‘data controller’, which means that we are responsible for deciding how we hold and use personal information about you and explaining it clearly to you. However, when we send information about events or press releases to you on behalf of our clients, we are a “data processor” on behalf of our clients. This notice covers both scenarios.

If you would like more information about where we are a data processor and who the relevant data controller is in this scenario, please contact us at
This notice applies to users of our website, individuals at clients and suppliers, prospective clients, analysts, investors, political stakeholders, brokers and journalists (you). It is important that you read this notice, together with any other transparency notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using this information. We reserve the right to update this transparency notice at any time and it is up to you to check that you have read the most up-to-date transparency notice.

If you have any queries about this transparency notice or how we handle your personal information, please contact:

2. Third party links

Our website may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third party websites and are not responsible for their transparency statements. When you leave our website, we encourage you to read the privacy or transparency notice of every website you visit.

3. How do we collect information about you?

We collect personal information directly from you when you visit our website or communicate with us directly. We collect personal information about you indirectly from our clients, suppliers or other market contacts. We may collect information about you from public sources, including social media sites such as LinkedIn.

4. What information do we hold?

We collect, store and use your personal information including: your name; contact details including email address, address, telephone number; job title and location; biographical information; and other information to maintain our relationship with you. We use a range of security measures to protect the personal information we hold. Any unsolicited personal information we may collect will be promptly destroyed.

5. What is the legal basis for us to use your personal information?

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances;

  • where we need to perform an agreement we have entered into with you;
  • where we need to comply with a legal obligation; and
  • where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. Our legitimate interests are to: ensure the smooth running of our business; provide tailored advice and services to our clients; and manage our relationships with and for our clients.

6. For what purposes do we use your personal information?

6.1 We may use your personal data for the following purpose:

  • to carry out obligations arising from any contracts between: us and you; with clients; with suppliers; or with third parties;
  • to communicate with you, including to provide you with information or services;
  • to invite you to events and briefings that we run for our clients;
  • where it is necessary for our clients’ business or our business; and
  • if you browse our website, our analytics tool collects your IP address. We use this to identify the city or country where you are browsing our website to help us learn more about our audiences.

7. Do we use or disclose personal information for marketing?

We may use your personal information to offer you products that we believe may interest you. We will not do this if you tell us not to. If you don’t want to receive marketing offers from us please contact us at

8. Change of purpose

We only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will inform you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent in compliance with the above rules, where this is required or permitted by law.

9. Data sharing

We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.

Where we share information with other data controllers, they are responsible to you for their use of your information and compliance with the law.

We may share your personal data with third party service providers who act on our behalf, such as IT services providers. This notice also covers third party service providers we may engage with.

All our third party service providers and other entities in our group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third party service providers to use your personal information for their own purposes.

10. Data security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We have put in place procedures to deal with any suspected data security breach and will inform you and any applicable regulator of a suspected breach where we are legally required to do so.

11. Data breach

In accordance with the Notifiable Data Breaches Scheme under the Privacy Act and Article 33 of the GDPR, you will be notified by us if your personal information is involved in a data breach that is likely to result in serious harm. We will provide you with recommendations in response to the breach. We will also notify the Australian Information Commissioner of any eligible data breaches.

12. How long do we use your information for?

We only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

13. Your rights in connection with personal information?

You have the right to object to any use of your personal data which is not necessary for the performance of a contract between you and us, unless we have there are compelling legitimate grounds which override your interests, or we are acting under a legal obligation.

You also have the right to restrict the processing of your personal data (in limited circumstances), access, amend, erase or receive a copy of your personal data in a portable form to the extent permitted by law.

If you would like to make a complaint, please contact us at You have the right to contact a data protection authority if you have unresolved complaints. In Australia, you can make a complaint to the relevant regulator, the Office of the Australian Information Commissioner, through:

To exercise any of the above rights, please contact We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights).