Data Aggregation & De-Identification Policy

1. Introduction and Purpose

1.1 Purpose of This Policy

This Data Aggregation and De-Identification Policy (“Policy”) establishes the standards, processes, and safeguards MoneyMind Profile Pty Ltd ABN 33 672 152 073 (“MoneyMind Profile,” “we,” “us,” or “our”) employs when creating, using, and sharing aggregated and de-identified data derived from our Services.

1.2 Our Commitment

MoneyMind Profile is committed to:

• Privacy by Design — Building privacy protections into our data aggregation processes from the outset
• Data Minimization — Collecting and processing only the data necessary for legitimate purposes
• Transparency — Being clear about what data we aggregate, how we use it, and with whom we share it
• Strong De-Identification — Applying rigorous technical measures to prevent re-identification
• Continuous Improvement — Regularly reviewing and enhancing our practices to reflect evolving privacy standards

1.3 Strategic Value

Aggregated and de-identified data provides significant value to:

• Our Business — Enabling product improvements, research, and innovation
• The Industry — Contributing to better understanding of financial behaviour and risk profiling
• Society — Advancing financial literacy and evidence-based policy development
• Our Customers — Providing benchmarking insights and industry comparisons

This value must be balanced against the fundamental right to privacy, which this Policy is designed to protect.

2. Scope and Application

2.1 What This Policy Covers

This Policy applies to all aggregated and de-identified data created from:

• End-User Data — Personal information about clients of Subscribing Organizations (financial advisors' clients) that is processed through our Services
• Customer Data — Information about our Subscribing Organizations and their authorized users
• Usage Data — Information about how the Services are used
• Generated Data — Outputs, analyses, and insights created through our Services

2.2 What This Policy Does NOT Cover

This Policy does not govern:

• Personal Information in Identifiable Form — Governed by our Privacy Policy and Data Processing Agreement
• Confidential Business Information — Governed by confidentiality agreements
• Internal Operations Data — Not intended for external use or commercialization

2.3 Relationship to Other Policies

This Policy should be read in conjunction with:

• MoneyMind Profile Privacy Policy
• Terms of Use (Section 12: Data Aggregation)
• Data Processing Agreement
• Information Security Policy
• Acceptable Use Policy

In the event of any conflict, the Terms of Use and Data Processing Agreement shall prevail, except where this Policy imposes more stringent privacy protections.

2.4 Geographic Scope

This Policy applies to data aggregation activities in all jurisdictions where we operate:

• Australia — Complies with the Privacy Act 1988 (Cth) and Australian Privacy Principles
• United Kingdom — Complies with UK GDPR and Data Protection Act 2018
• United States — Complies with CCPA/CPRA and applicable state privacy laws

3. Definitions

• “Aggregated Data” — data that has been combined from multiple sources or individuals and presented in summary form such that individual data subjects cannot be identified. Aggregated Data is considered non-personal information under applicable privacy laws.
• “Anonymization” — the process of irreversibly transforming Personal Information such that individuals can no longer be identified, directly or indirectly, by any means reasonably likely to be used.
• “Data Controller” (or “Business”) — an entity that determines the purposes and means of processing Personal Information.
• “Data Minimization” — the principle of collecting and processing only the Personal Information that is adequate, relevant, and limited to what is necessary for specified purposes.
• “De-Identified Data” — data from which all direct identifiers have been removed and to which technical safeguards have been applied to prevent re-identification. De-identified data may include pseudonymized data.
• “Direct Identifier” — any data element that directly identifies an individual, including but not limited to: full name, email address, phone number, physical address, Social Security number, driver's license number, account number, IP address (in some contexts), device identifiers linked to personal information.
• “End-User” — a client of a Subscribing Organization whose Personal Information is processed through our Services.
• “Indirect Identifier” (or “Quasi-Identifier”) — data that, when combined with other data, could potentially identify an individual, such as: age, gender, occupation, geographic region, dates (birth, transaction, activity), demographic characteristics.
• “Personal Information” (or “Personal Data”) — any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with an identified or identifiable natural person.
• “Pseudonymization” — the processing of Personal Information such that it can no longer be attributed to a specific individual without the use of additional information (the “key”), which is kept separately and subject to technical and organizational measures to prevent re-identification.
• “Re-Identification” — the process of matching de-identified or pseudonymized data back to the specific individual to whom it relates.
• “Sensitive Personal Information” — includes Personal Information revealing: racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health information, sex life or sexual orientation, and in some jurisdictions, financial account information, Social Security numbers, and precise geolocation.
• “Services” — MoneyMind Profile software, applications, tools, and related services.
• “Statistical Disclosure Control” — techniques applied to data to prevent the disclosure of information about individuals while preserving data utility.
• “Subscribing Organization” — a financial advisory firm, wealth management company, or individual financial advisor that uses our Services to profile and serve their clients.

4. Our Commitment to Privacy

4.1 Privacy-First Approach

We design our data aggregation processes with privacy as a foundational principle, following the framework of “Privacy by Design and by Default”:

Privacy by Design:

• Privacy protections are embedded into our systems and processes from the outset
• We anticipate privacy risks and build safeguards proactively
• Privacy is a core business requirement, not an afterthought

Privacy by Default:

• The strictest privacy settings apply automatically
• No action is required by individuals to protect their privacy
• Only necessary data is processed for each specific purpose

4.2 Data Minimization Principle

We adhere strictly to data minimization:

• We collect only the minimum data necessary for aggregation purposes
• We retain source data only as long as necessary for de-identification and aggregation
• We delete source Personal Information promptly after aggregation is complete
• We limit the granularity of aggregated data to what is necessary for its intended purpose

4.3 Purpose Limitation

Aggregated data is used only for the purposes disclosed in this Policy, our Privacy Policy, our Terms of Use (Section 12), and specific disclosures to Subscribing Organizations. We do not use aggregated data for purposes incompatible with these disclosures without obtaining appropriate consent or providing additional notice.

4.4 Accountability and Responsibility

We take full responsibility for ensuring de-identification techniques are effective, preventing re-identification of individuals, maintaining the security of aggregation processes, training personnel on privacy requirements, and conducting regular audits and assessments.

5. Types of Data Processing

5.1 When We Act as Data Controller

We are the data controller (business) for aggregated data created from Customer usage and activity data (how Subscribing Organizations use our Services) and aggregate industry research conducted with explicit participant consent. In these scenarios, we determine the purposes and means of aggregation and are responsible for compliance with applicable privacy laws.

5.2 When We Act as Data Processor

When Subscribing Organizations use our Services to profile their clients, we act as a data processor (service provider) for End-User Personal Information. In this role, we may aggregate End-User data only as permitted by our Data Processing Agreement. Subscribing Organizations retain primary control over their clients' data. Our Terms of Use (Section 12.1–12.3) provide contractual authorization to aggregate End-User data across multiple Subscribing Organizations, use de-identified aggregated data for service improvement, research, and product development, and share aggregated data with third parties (subject to this Policy's protections).

5.3 Source Data Categories

We aggregate data from behaviour profile data (questionnaire responses, financial personality assessments, behavioral traits, decision-making patterns), risk profile data (risk capacity assessments, risk tolerance scores, financial goals), demographic data (age ranges, geographic regions, occupation categories, income and asset bands, life stage indicators), financial data (portfolio asset allocation data, asset class preferences), and usage and interaction data (feature utilization, questionnaire completion rates, report generation frequency).

6. De-Identification Standards and Techniques

6.1 De-Identification Framework

We employ a multi-layered de-identification framework based on industry best practices. Our approach follows the “De-Identification Triangle” principle: Remove Direct Identifiers (strip all data elements that directly identify individuals) and Generalize Indirect Identifiers (transform quasi-identifiers to reduce specificity).

6.2 Removal of Direct Identifiers

Before any aggregation, we remove all direct identifiers including full names, email addresses, phone numbers, physical addresses, account identifiers and user IDs, IP addresses, device identifiers (MAC addresses, IMEI, advertising IDs), biometric data, web cookies or persistent identifiers linked to personal information, and any other unique identifiers that could directly identify individuals. Mandatory deletion occurs before data enters aggregation processes, with audit logs to verify complete removal.

6.3 Generalization of Indirect Identifiers

Indirect identifiers (quasi-identifiers) are generalized to prevent re-identification through combination. Specific ages are converted to age ranges (e.g., 25–34, 35–44, 45–54). Geographic data is reduced to metropolitan area, state, or region, with city-level data only for cities with population > 100,000. Specific dates of birth are reduced to month/year or year only. Income and asset values are converted to broad bands (e.g., $50,000–$100,000), with top-coding applied to highest values to prevent identification of high-net-worth individuals.

6.4 Advanced De-Identification Techniques

The following techniques may be used depending on the use case and data sets being aggregated:

Noise Addition (Differential Privacy): Random statistical noise added to datasets to prevent inference attacks, calibrated to maintain data utility while protecting privacy, ensuring inclusion or exclusion of any single individual does not significantly affect results.

Data Suppression: Rare or unique combinations of attributes are suppressed entirely; outliers removed to prevent identification of exceptional cases.

Data Swapping: Values of sensitive attributes swapped between records to break linkages; applied selectively to maintain overall statistical properties.

Rounding and Binning: Continuous variables rounded to reduce precision; values grouped into bins or categories; applied consistently across all records.

Pseudonymization is used when we need to track entities over time without identifying them. Random identifiers replace direct identifiers, with keys kept separately under strict security controls. Pseudonymized data is still considered Personal Information under GDPR/UK GDPR and is used only for intermediate processing; final aggregated outputs are fully anonymized. Anonymization is irreversible — aggregated data in its final form is fully anonymized, no longer considered Personal Information under applicable laws, and cannot be reversed using any reasonable means.

7. Aggregation Methodologies

7.1 Aggregation Process Overview

Our aggregation process follows a rigorous six-stage workflow: (1) Data Extraction — source data identified and extracted with minimal footprint; (2) Pre-Processing — direct identifiers removed immediately, data quality checks performed; (3) De-Identification — techniques from Section 6 applied systematically with automated and manual checks; (4) Aggregation — statistical aggregation with thresholds applied; (5) Validation — re-identification risk assessment and compliance checks; (6) Approval and Release — Privacy Officer or CTO approves, source Personal Information deleted.

7.2 Statistical Aggregation Methods

We use descriptive statistics (counts, frequencies, means, medians, modes, standard deviations, percentiles, confidence intervals), trend analysis (time-series aggregates — monthly, quarterly, annually), benchmarking (industry averages, percentiles, peer group comparisons, normalized scores), segmentation (cluster analysis, segment profiles), and modeling (predictive models trained on de-identified datasets, with outputs validated to ensure no individual identification).

7.3 Geographic Aggregation

Geographic data is aggregated at the region/state/postal/ZIP code level as default, or at country level for international comparisons.

7.4 Cohort Analysis

Cohorts (groups) may be created for analysis, defined by shared characteristics (e.g., “self-control or optimism behavioral characteristics”). Tracking is at cohort level only, with no individual tracking, and cohort definitions broad enough to prevent identification.

8. Use Cases for Aggregated Data

8.1 Internal Business Uses

Internal uses include product development and improvement (identifying feature usage, understanding user needs, developing new tools, optimizing user experience), research and innovation (studying financial behavior and decision-making, developing improved risk profiling, creating industry insights), quality assurance (monitoring system performance, benchmarking service delivery), and business analytics (internal reporting, board and investor reporting, financial planning, strategic decision-making).

8.2 Customer-Facing Uses

Customer-facing uses include benchmarking and insights (providing industry benchmarks to Subscribing Organizations, showing how their clients compare to peer groups, delivering insights to improve business practices), training and education (educating financial advisors on behavior profiling best practices, providing fully anonymized case studies), and marketing and thought leadership (publishing industry reports and white papers, presenting at conferences, demonstrating product value).

8.3 Third-Party Commercial Uses

Subject to the safeguards in Section 13, we may commercialize aggregated data through licensing to research institutions (academic researchers, think tanks, policy institutes), financial services firms (investment managers, fund managers, wealth management institutions), data analytics companies (market intelligence firms, business intelligence platforms, consulting firms), and media and publishers (financial news organizations, industry publications, educational uses).

8.4 Prohibited Uses

We do NOT use aggregated data for discriminatory purposes (making decisions that discriminate based on protected characteristics), targeting individuals, employment decisions (hiring, firing, or promoting based on aggregated data), surveillance (monitoring or tracking specific individuals), or any harmful purposes.

9. Governance and Oversight

9.1 Privacy Officer Responsibility

Our Privacy Officer has overall responsibility for implementing and maintaining this Policy, approving aggregation projects and methodologies, conducting or overseeing re-identification risk assessments, reviewing third-party data sharing agreements, investigating privacy incidents related to aggregated data, and reporting to senior management on compliance.

9.2 Data Aggregation Review Committee

For significant aggregation projects, we may convene a Data Aggregation Review Committee comprising the Privacy Officer (Chair), Chief Technology Officer or delegate, Data Scientist or Analytics Lead, and Legal Counsel or Compliance Officer. The Committee reviews proposed aggregation projects, assesses privacy risks and benefits, approves methodologies and techniques, monitors ongoing aggregation activities, and recommends policy updates.

9.3 Approval Process

Standard aggregation (internal use, low risk) is reviewed and approved by the CTO and Privacy Officer with quarterly reporting to management. Enhanced aggregation (commercial use, third-party sharing) requires formal proposal to the Data Aggregation Review Committee with risk assessment and Committee approval. High-risk or sensitive data requires senior management approval and may require external privacy expert consultation.

9.4 Documentation Requirements

All aggregation activities must document: purpose, data sources, methodology, risk assessment, approval evidence, safeguards, retention periods, and distribution plans. Documentation is retained for audit and compliance purposes for at least 7 years.

9.5 Training and Awareness

Personnel involved in data aggregation must complete Privacy Awareness Training (annual), De-Identification Training, Role-Based Training (for data scientists, analysts, and engineers), and Policy Training. Training records are maintained and reviewed annually.

10. Technical and Organizational Safeguards

10.1 Access Controls

We apply the principle of least privilege (access to source Personal Information limited to personnel with legitimate need, role-based access controls, regular access reviews). Segregation of duties ensures personnel conducting aggregation do not have direct access to identifiable data in production systems, with extraction, de-identification, and approval performed by different individuals. All aggregation activities are logged and monitored, with logs retained for at least 3 years.

10.2 Secure Environments

Data is encrypted in transit (TLS 1.2+) and at rest with regular key rotation. Source Personal Information is securely deleted after aggregation using multiple overwrite passes to prevent recovery, with certificate of destruction for physical media.

10.3 Technical Safeguards in Software

We use automated de-identification tools to detect and remove direct identifiers, algorithms to apply generalization, suppression, and noise addition, query logging and monitoring for suspicious patterns, and dynamic data masking for development and testing environments.

10.4 Network and Infrastructure Security

Security measures include firewalls protecting aggregation systems, intrusion detection and prevention systems, 24/7 security monitoring, SIEM, security scanning and penetration testing, and secure software development lifecycle.

11. Data Quality and Validation

11.1 Data Quality Principles

High-quality aggregated data requires high-quality source data: accuracy (verified and validated before aggregation), completeness (missing data handled appropriately), consistency (standardized definitions and formats), and timeliness (data aggregated from current, relevant time periods).

11.2 Validation Procedures

Pre-aggregation validation includes data integrity checks, identification and handling of outliers, detection of duplicate records, and reconciliation with source systems. Post-aggregation validation includes comparison to historical trends and cross-validation with alternative data sources. Privacy validation includes automated scans for residual identifiers, identification risk assessment, and compliance with minimum thresholds.

11.3 Handling Data Quality Issues

Missing data is handled through exclusion of incomplete records (with documentation) or imputation using statistical methods (if appropriate and disclosed). Outliers are identified using statistical methods and removed or capped to prevent identification. Errors are corrected at source where possible, with documentation of data quality limitations.

11.4 Documentation of Limitations

Aggregated data products include documentation of data sources and collection methods, time periods, known limitations, and exclusions and filters applied.

12. Transparency and Disclosure

12.1 Transparency Commitments

This Policy is publicly available on our website. Our Privacy Policy and Terms of Use clearly disclose our aggregation practices to Subscribing Organizations. The Data Processing Agreement specifies permitted aggregation activities. Subscribing Organizations are responsible for notifying their clients via MoneyMind Profile's inbuilt Privacy Policy feature.

12.2 What We Disclose

In our Privacy Policy we disclose: general description of aggregation practices, types of data aggregated, purposes for aggregated data use, categories of third-party recipients, and confirmation that aggregated data is de-identified and does not identify individuals. To Subscribing Organizations we provide description of aggregation methodologies, de-identification standards and techniques, examples of aggregated data uses, and how aggregated data benefits the Services and industry. To third-party recipients we provide contractual prohibitions on re-identification, description of permitted and prohibited uses, and technical specifications and data limitations.

12.3 Limitations of Disclosure

We do NOT disclose proprietary algorithms and methodologies (trade secrets), specific technical implementation details that could enable re-identification, details that would compromise the security of our systems, or information that would reveal individual Subscribing Organizations' data or business practices.

12.4 Requests for Information

Subscribing Organizations may request additional information about how their data contributes to aggregated datasets, examples of aggregated data products, and confirmation of compliance with this Policy. End-Users should direct questions to their financial advisor, as we process their data only on behalf of Subscribing Organizations. Regulators may request information about our aggregation practices in accordance with applicable law.

13. Third-Party Sharing and Commercial Use

13.1 Categories of Third-Party Recipients

We may share Aggregated Data with: research institutions (universities, think tanks, industry research firms), financial services firms (investment managers, fund managers, banking and wealth management institutions, financial technology companies), consulting and advisory firms (management consultants, strategy and analytics firms, technology consultants), media and publishers (financial news organizations, industry publications, educational authors), and government and regulatory bodies (where required by law or for policy development and research).

13.2 Licensing and Commercial Arrangements

Types of arrangements include one-time data licenses, subscription-based access to aggregated datasets, custom aggregation services, and co-development partnerships. Aggregated data may be licensed for fair market value reflecting the value of insights, not underlying Personal Data. All third-party recipients must contractually agree to: use Aggregated Data only for specified purposes, not attempt to re-identify individuals, not combine data with other sources to identify individuals, implement appropriate security measures, not redistribute without consent, acknowledge MoneyMind Profile as the source (where appropriate), and indemnify MoneyMind Profile for any unauthorized use or re-identification attempts.

13.3 Prohibited Third-Party Uses

Third parties are contractually prohibited from: re-identification (attempting to identify specific individuals or combining datasets to reverse de-identification), harmful uses (discriminating against individuals, making credit/employment/insurance decisions, surveillance), unauthorized distribution (selling or distributing without consent, publishing in forms that could enable re-identification), and competitive use (developing competing products, reverse engineering MoneyMind Profile's methodologies).

13.4 Due Diligence and Vetting

Before sharing Aggregated Data we conduct reputation review (assessment of recipient's data protection practices, review of past incidents, verification of legitimate business purpose), legal and compliance review (privacy policies, applicable data protection law compliance, adequate security measures), contractual framework (execution of data license agreement, use restrictions), and ongoing monitoring (periodic compliance reviews, investigation of suspected misuse, termination of access for violations).

13.5 Attribution and Citation

When we require attribution for publication of research findings, public presentations, or incorporation into third-party products, the format should read:

Attribution is waived for internal business use not visible to external parties, background research and analysis, and competitive intelligence (if permitted under license).

14. Rights and Limitations

14.1 Individual Rights Regarding Aggregated Data

Before Aggregation (Personal Information): End-Users have full rights under applicable privacy laws (GDPR, CCPA, Privacy Act 1988), including rights to access, correct, delete, restrict or object to processing, data portability, and automated decision-making rights.

After Aggregation (De-Identified Data): Once data is aggregated and de-identified, it is no longer attributable to specific individuals. Individual rights under privacy laws generally do not apply. Opt-out or deletion requests cannot “un-aggregate” data already incorporated into Aggregated Data.

14.2 Opt-Out Limitations

End-Users may request (through their Subscribing Organization) that their future data not be included in aggregation. This request will be honored going forward but cannot retroactively remove already-aggregated data. Once Personal Information has been de-identified and aggregated, it cannot be “un-aggregated” or removed. Deletion requests apply only to identifiable Personal Information, not Aggregated Data.

14.3 Access and Correction Rights

End-Users may request access to and correction of their Personal Information through their Subscribing Organization before aggregation. After aggregation, End-Users cannot access Aggregated Data about “themselves” because Aggregated Data does not identify specific individuals and reflects statistical patterns across many individuals.

14.4 Deletion Rights and Limitations

Deletion does NOT apply to Aggregated Data because it does not identify specific individuals, removing one individual's contribution would not materially change the aggregate, de-aggregation is technically infeasible, and Aggregated Data is owned by MoneyMind Profile.

Example: 1,000 End-Users contribute risk tolerance data → Aggregated data shows “65% of users aged 45–54 have moderate risk tolerance” → One End-User requests deletion → Their identifiable Personal Information is deleted → Aggregated statistic remains (now based on 999 users, result: “65% of users aged 45–54…”) → No material change to Aggregated Data → No feasible way to identify and remove that one person's contribution.

14.5 Objection and Restriction Rights

Under GDPR Article 21, individuals may object to processing based on legitimate interests. However, aggregation is conducted after de-identification when data is no longer Personal Data, and MoneyMind Profile's legitimate interest in aggregation is balanced against privacy through rigorous de-identification. Objection rights apply to Personal Information processing, not to use of already-de-identified Aggregated Data.

14.6 How to Exercise Rights

For End-Users: Contact your financial advisor or the Subscribing Organization that collected your Personal Information; they are responsible for facilitating your privacy rights.

For Subscribing Organizations: Contact info@moneymindprofile.com to request information about aggregation practices.

15. Compliance and Legal Framework

15.1 Applicable Laws and Regulations

This Policy is designed to comply with data protection and privacy laws in all jurisdictions where we operate:

Australia: Privacy Act 1988 (Cth), Australian Privacy Principles (APPs), Notifiable Data Breaches scheme, and OAIC guidance.

United Kingdom: UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018, ICO Anonymization Code of Practice.

European Union: General Data Protection Regulation (GDPR) 2016/679, Article 29 Working Party Opinion 05/2014 on Anonymisation Techniques, EDPB guidance.

United States: California Consumer Privacy Act (CCPA) as amended by CPRA, other state privacy laws (Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA), FTC guidance on de-identification, and NIST Special Publication 800-188.

Financial Services Regulations: ASIC requirements, FCA data protection requirements (UK), and SEC and FINRA guidance on data handling (US).

15.2 De-Identification Standards

Our de-identification practices meet or exceed standards established by international standards (ISO/IEC 29100:2011, ISO/IEC 29101:2018, ISO/IEC 20889:2018), regulatory guidance (ICO Anonymisation Code of Practice, Article 29 Working Party Opinion, OAIC Guide to De-identification, NIST SP 800-188, HIPAA Safe Harbor), and academic and industry standards (k-anonymity, l-diversity, t-closeness, differential privacy, IAPP and Future of Privacy Forum best practices).

15.3 When Data is Considered “De-Identified”

GDPR/UK GDPR (Recital 26): Data is anonymous if “the data subject is not or no longer identifiable” and re-identification is “not reasonably likely to occur” using all means reasonably likely to be used.

CCPA Section 1798.140(h): Data is de-identified if it cannot reasonably identify, relate to, describe, be capable of being associated with, or be linked to a particular consumer, and the business has implemented technical safeguards, business processes, and a prohibition on re-identification.

Privacy Act 1988 (Australia): Information is de-identified if it is no longer about an “identifiable individual” — i.e., an individual who is reasonably identifiable.

Our Standard: We apply stringent requirements across all jurisdictions to ensure global compliance.

15.4 Risk-Based Approach

We apply a risk-based approach considering risk factors (sensitivity of underlying Personal Information, availability of external data that could enable re-identification, sophistication of potential attackers, consequences of re-identification) and risk mitigation (higher-risk data receives stronger de-identification, ongoing monitoring of re-identification risks, periodic re-assessment of de-identification effectiveness).

15.5 Compliance Monitoring

Internal audits conducted annually include review of aggregation processes and data products, testing of de-identification effectiveness, verification of compliance, and assessment of new re-identification risks. Third-party audits include periodic review by privacy and data protection experts, penetration testing, and certification against relevant standards (ISO, SOC 2). We cooperate with data protection authorities (OAIC, ICO, DPAs), respond to regulatory inquiries, and implement recommendations from regulators.

15.6 Accountability and Documentation

We maintain comprehensive records of aggregation projects and methodologies, de-identification techniques applied, risk assessments and mitigation measures, third-party sharing agreements, complaints and incidents, and changes to this Policy and practices. Records are retained for at least 7 years and are available to regulators upon request.

16. Review and Updates

16.1 Policy Review Schedule

This Policy is reviewed and updated annually by the Privacy Officer and Data Governance Committee in response to changes in applicable laws or regulations, regulatory guidance or enforcement actions, new re-identification techniques or risks, incidents or complaints, significant changes to aggregation practices, and introduction of new data types or uses.

16.2 Notification of Changes

For material changes (new uses of Aggregated Data, changes to de-identification standards, new third-party sharing arrangements), we will update this Policy with a revised Effective Date and notify Subscribing Organizations via email to the primary account contact (at least 30 days before effective date), in-platform notification, and notice in monthly newsletter or product updates. Subscribing Organizations are responsible for reviewing changes, updating their own privacy policies if necessary, and notifying End-Users if required by applicable law. Minor updates (clarifications, corrections, formatting) may be made without notice, provided they do not substantively change rights.

16.3 Feedback and Complaints

To provide feedback or raise concerns, email info@moneymindprofile.com with the subject line “Data Aggregation Policy Feedback.” We commit to acknowledging receipt within 5 Business Days, investigating all complaints thoroughly, and responding substantively within 30 days.

Complaint process: (1) Email us with details; (2) We confirm receipt; (3) Privacy Officer reviews; (4) Written response with findings; (5) Escalation if unsatisfied to Australia: OAIC (www.oaic.gov.au), UK: ICO (www.ico.org.uk), US: State Attorney General or FTC (www.ftc.gov).

16.4 Continuous Improvement

We continuously improve our aggregation and de-identification practices by tracking developments in privacy-enhancing technologies, participating in industry forums and working groups, implementing new de-identification techniques as they emerge, upgrading systems to support stronger privacy protections, and providing regular training for data scientists and analysts.

17. Contact Information

For Questions About This Policy:

Attn: Privacy Officer — Data Aggregation
MoneyMind Profile Pty Ltd
Email: info@moneymindprofile.com

Appendix — Glossary of Key Terms

(Comprehensive definitions are provided in Section 3; this glossary offers quick reference.)

• Aggregated Data — De-identified data combined from multiple sources, not identifying individuals
• Controller / Business — Entity determining purposes and means of data processing
• Data Subject / Consumer — Individual whose Personal Data is processed
• De-Identified Data — Data stripped of direct identifiers and protected against re-identification
• Direct Identifier — Data element directly identifying an individual (name, email, SSN, etc.)
• End-User — Client of a Subscribing Organization whose data may be processed
• Indirect Identifier / Quasi-Identifier — Data that combined with other data could identify someone (age, ZIP code, etc.)
• k-Anonymity — Each record is indistinguishable from at least k-1 others
• Personal Information / Personal Data — Information identifying or identifiable to an individual
• Processor / Service Provider — Entity processing data on behalf of a Controller
• Pseudonymization — Replacing identifiers with artificial identifiers (reversible with key)
• Re-Identification — Matching de-identified data back to specific individuals
• Sensitive Personal Information — Data revealing race, health, religion, sexual orientation, etc.
• Statistical Disclosure Control — Techniques preventing disclosure about individuals in aggregated data
• Subscribing Organization — Financial advisory firm licensing MoneyMind Profile Services

Document Version 1.0 · Effective Date: 30 January 2026