We take privacy seriously and are committed to ensuring the protection of personal and sensitive information. To do this, we have established several safeguards, protocols, and processes to help us establish and maintain that commitment.  Furthermore, we are bound by the Australian Privacy Principles (“APP”) contained in the Privacy Act 1988 (as amended) (“Australian Act”) in Australia; and by the Information Privacy Principles (“IPP”) contained in the Privacy Act 2020 in New Zealand (“New Zealand Act”) and other applicable privacy and data protection laws.

This policy applies to THE TRUSTEE FOR SECURE MEASURE UNIT TRUST (ABN 29 734 661 094) (“Secure Measure”, “we”, “our”, “us”). We may update this policy from time-to-time and any updates to this policy become effective when published on our website.

By interacting with Secure Measure, you agree that we can use information about you in accordance with this policy and any other arrangements that apply between us.  If you have any questions or concerns, please contact us.

The Type of Information We Collect About You

This varies depending on your interactions with us, whether you are an employee, contractor, new or existing customer and the types of products, services, or offerings you require.  If you do not provide certain information that we may need from you, we may not be able to provide you with the services, products or offerings that are tailored to your needs.

The information we collect, and hold includes:

Information About You

• Identifiers such as name, date of birth, username, password or contact details, or documents that verify an identity such a driver’s license.

• Company names and relevant individual details of that company including email, ABN, address, and phone number.

• Information about the services, products, and offerings you have with us or our business partners.

• Financial and credit information.

• Employment information and information about educational background.

• Information about interests, preferences, opinions, or comments you have made to us.

In limited circumstances under the Australian Act, we may need to collect certain sensitive information about you, such as information about health, race, ethnicity, political views, criminal history or biometric information (e.g. voiceprint or fingerprint).  We’ll always get express consent as outlined under the Australian Act before we collect this information (except if the collection is required by law).

We may also need to collect personal information about other individuals from you.  We rely on you to get their consent before you provide us with this personal information.  Alternatively, when you apply for a job or position with us, we may collect certain information from you (including name, contact details, working history and relevant record checks) or from any recruitment consultant, previous employers and others who may be able to provide information to us to assist in our decision on whether or not to make you an offer of employment or engage you under a contract.

Information About How You Use Our Services, Products, And Offerings

Information relating to browsing or viewing history, habits, and preferences (including via our website apps, or online presence). This includes browser or device information such as location information, IP addresses, cookie IDs, advertising IDs and other unique identifiers, as well as content and service metrics.  For more information, please see our Cookie Policy.

How We Collect Personal and Sensitive Information

Directly From You

When you:

• Interact with us over the phone, in writing, in person or online (including via our apps, websites or social media).

• Attend our events, participate in our surveys, or go to our offices.

Automatically Through the Use of Our Products, Services, or Offerings

• When you interact with our websites, mobile sites, apps, electronic communications, we, or our service providers may use cookies and other similar technologies to collect information about you.  For more information, including what options you have to manage cookies, please read our Cookie Policy.

• When you enquire as to a potential purchase in our business (and vice versa).

From Other Sources

• People with permission from you to give us your personal information.

• Recruitment agencies, professional associations, registration body, previous employers, or referees.

• Third party websites and social media platforms that collect and disclose information about you (including via the use of cookies and similar technologies) such as Google or Facebook.

• Business directories, open data sources, public social media posts, or government agencies such as the Australian Bureau of Statistics.

• Credit reporting bodies such as Equifax and Illion.

• Service providers that work with Secure Measure, like companies that help us provide services, products and offerings to you, or identity and fraud checking services, or analytics and advertising- related services (including ad-serving/targeting platforms).

• Our business partners and companies related to Secure Measure.

How We Use Personal and Sensitive Information

Administration And Business Operations

• Providing our products, services, or offerings (and those of our business partners), communicating with you, managing accounts, and billing, and delivering customer or technical support.

• Developing, operating, and improving our offerings, product, service, and business processes.

• Security and verification purposes.

• Conducting internal investigations, including in relation to fraud and crime. Debt recovery purposes, such as assigning a debt you owe us.

• Employment-related purposes (e.g. verifying work experience, work rights status, undertaking criminal history checks, or any other background checks when you apply for a job with us).

• Delivery, provision, installation or repair and maintenance of our products, services, and offerings.

Marketing

• Communicating with you to market services, products, and offerings we think might interest you (including those from our selected partners).

• Developing services, products and offerings that may be of interest to you.

• Communicating with you when you have previously expressed an interest in our services, products, or offerings.

• Conducting competitions or trade promotions, including with selected partners.

Analytics & Insights

• Deriving insights about you and who you interact with to identify market segments, market services, products, and offerings, or carry out market research.

• Assessing the effectiveness of our marketing campaigns to optimise our marketing spend and to personalise our products, services, and marketing messages.

• Analysing audience ratings information and anonymous viewing and/or browsing data to understand how you and others engage with our services, products, and offerings (including our content services).

• Supplementing, matching and analysing information about you with information from third party sources (e.g. from Facebook or Google) to learn more about preferences and interests and to create aggregated market segments.

• We may de-identify information about you to use and share with our business partners. This information may be combined with other demographic information or anonymous identifiers, to develop aggregated insights to improve our products, services and offerings to our customers.

Relevant Advertising

Delivering targeted advertising or other content which might interest you via websites, apps, online services and content services, including through the use of third-party service providers such as ad-serving/targeting platforms.

Compliance

Using personal and sensitive information as otherwise required or permitted by law.

When We Share Personal and Sensitive Information

We share personal information with our business partners, clients, and selected third parties for the purposes outlined above, including:

• Our third-party suppliers and service providers (including providers for the operation of our websites and/or our business or in connection with providing our products and services to you, or as part of an employment recruitment, administration, screening and selection process).

• Our analytics and advertising-related organisations.  This includes providers of ad- serving/targeting platforms and third-party proprietary measurement software, such as OzTAM and Nielsen.

• Our professional advisers, dealers, and agents.

• Our clients or potential clients relevant to the particular business engagement that the individual, employee, potential employee, or contractor is conducting with Secure Measure.

• Our sponsors or promoters of any competition that we conduct via our services.

• Our debt recovery number agents and credit reporting bodies, such as Equifax and Illion.

• Companies who collect information and data from cookies and other similar technologies.

• Companies working with us to prevent or investigate unlawful activity (particularly fraud and identity theft).

• Our employees, contractors, and companies related to Secure Measure.

• Advertisers of third-party services, products, and offerings for the purpose of selling or providing relevant advertising on our websites, and other online services.

When we share personal information, we put measures in place to ensure this information is kept confidential, used securely and only used for the purposes outlined above.  We will not otherwise sell or share information that directly identifies you with any third-party for commercial purposes unless you give us express consent.

However, for commercial purposes, we may de-identify personal information and share it so that our business partners may combine it with other information.  We share this so that our business partners can provide analytical services and anonymised and aggregated insights to their customers and to us.  These insights are about groups of individuals, and not about any one individual.  We have in place safeguards, protocols, and processes to ensure that our clients are not able to re-identify these insights, and they also undertake not to re-identify these insights.

For example, we may de-identify information about customer characteristics and movements to a business customer so they can develop anonymised and aggregated insights and offer services, products and offerings based on these insights for transport planning purposes.

We also share personal information:

• To comply with our legal obligations in response to warrants, subpoenas or similar lawful requests for this information (including from credit reporting bodies).

• For the purpose of a transfer, sale or restructure of some or all of our assets or business.

• With government and regulatory authorities and law enforcement agencies, as required or authorised by law.

In some cases, we may share personal information with organisations (including some Singtel Group companies, service providers and third parties) located overseas for the purposes listed above.  If we do send personal information overseas, we make sure that this transfer is in accordance with all applicable data protection and privacy laws, and we undertake to ensure that the overseas recipient undertakes to put arrangements in place to protect personal information.

Privacy Options

To manage communication preferences, you may opt-out of receiving marketing materials from us by contacting us using the details set out below or by using the opt-out facilities provided (for example, an unsubscribe link).

If you would like to manage the way we use browser or device information for relevant advertising, please follow the steps outlined in our Cookie Policy.

How We Secure & Protect Personal and Sensitive information

We take the protection and security of personal and sensitive information seriously.  We’ll continue to review and improve our security measures to ensure personal information remains protected.

Some of the measures we currently take include:

• Destroying or de-identifying any personal information when we no longer need it.

• Using firewalls, virus scanning and access logging tools and encrypting data to protect against unauthorised access to data and our network.

• Using secure work environments and workflow systems to prevent unauthorised access and copying of personal and Sensitive information.

• Managing access privileges to ensure that only those who really need it can see personal and sensitive information.

• Ongoing training and security reviews.

Links

Our website may contain links to websites operated by third parties.  Those links are provided for convenience and may not remain current or be maintained.  Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites, and have no control over or rights in those linked websites.  The privacy policy that applies to those websites may differ substantially from our Privacy Policy, so we encourage you to read them before using those websites.

How To Access, Correct and Delete Your Personal and Sensitive Information

You can contact Secure Measure via the ‘Connect’ page on our website (https://www.securemeasure.com.au/connect) if you wish to request access to, or update your personal or sensitive information (including any credit information) we hold about you.

If you ask us to provide access to other personal information, we’ll usually give you access once we have verified your identity.  We’ll acknowledge your request within 7 days, and provided that you tell us specifically what you wish to access, we’ll usually be able to provide it to you within 30 days of receipt of your request.

If you request access to records which are not current or your request is otherwise complex, it may take longer to locate those records and we may charge you a reasonable administrative fee for the cost of providing access.  If there is a charge, we’ll let you know beforehand so you can decide whether to proceed.

If we can’t give you access to your personal information or if it is not appropriate to make the changes you request, we’ll contact you to explain why.

If we agree that your personal information needs to be corrected, we will do so within a reasonable period of time.  If we agree that our records of your credit information need to be corrected, and we’ve previously disclosed that information to a CRB or other third party, we’ll tell them what must be corrected.  However, if we cannot correct your personal information or it is not appropriate for us to make the changes you request, we’ll contact you to let you know why.

In some cases, you may be able to request a deletion of your personal information held by Secure Measure.  However, it is worth noting that your personal information cannot always be deleted, particularly if we are legally obliged to hold it.  If we cannot delete your information, we’ll contact you to explain why.

How To Contact Us

If you have a question regarding this policy, a complaint about how we handle personal and sensitive information, or wish to make an access request, you can contact us by:

• Website: Secure Measure via the ‘Connect’ page on our website (https://www.securemeasure.com.au/connect)

• Letter addressed to: PO BOX A2572, South Sydney, NSW 1235, Australia

If you make a complaint, we’ll acknowledge receipt and aim to investigate and respond to you within 30 days or earlier (and as required by law).  If we can’t resolve the complaint, you may contact the Office of the Australian Information Commissioner (https:/www.oaic.gov.au/about- us/contact-us/)