Privacy Policy

Privacy Policy

Purpose

1.1 Background Precast Concrete Pty Ltd ACN 004 718 647 and its related bodies corporate1 (referred to as “Precast Concrete,” “we,” or “us”) recognize the importance of your privacy. This Privacy Policy outlines how we collect, manage, and use your personal information, including the information collected from you when you access the Precast Concrete website. We are committed to complying with the Privacy Act 1988 (Cth) and its requirements, including those incorporated by the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth), as well as the European Union General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR) when obtaining personal information from a citizen of a member state of the European Union.

1.2 Purpose of this Privacy Policy The purpose of this Privacy Policy is to: • Clearly communicate our personal information handling practices. • Enhance the transparency of our operations. • Provide individuals with a comprehensive understanding of the personal information we hold and how we manage it.

This Privacy Policy adheres to the 13 Australian Privacy Principles (APPs) set out in Schedule 1 of the Privacy Act. It explains how we collect, store, use, and disclose personal information, allows individuals to access and correct their information, and outlines the procedures for data breach notification. A plain English summary of the APPs is provided in Appendix 1.

Scope and Application This Privacy Policy applies to all employees of Precast Concrete who collect, hold, access, and correct personal and sensitive information on our behalf. It is relevant to any individual who discloses personal information to Precast Concrete.

Hierarchy of Documents This policy takes precedence over any Level 2 or 3 documents.

Policy

4.1 Personal Information Definition In this Privacy Policy, “personal information” refers to any information or opinion about an identified individual or an individual who is reasonably identifiable, regardless of whether the information is true or recorded in a material form.

4.2 Types of Personal Information Collected We may collect various types of personal information, including but not limited to: • Name, address, email address, telephone number, and birth date. • Profession, occupation, employment, and educational history. • Medical information, Tax File Number, bank account details, and superannuation account information. • Information provided through our website or during conversations with our representatives. • Information provided in surveys or visits by our representatives.

We may also collect anonymous or aggregated information that does not identify individuals.

4.3 Personal Information Collection Methods We collect personal information directly from individuals through various means, including: • Website interactions, email, telephone, online forms, and conversations with our representatives. • Personal and professional references, medical professionals, and third-party entities. • When individuals are involved in the provision of services to Precast Concrete.

4.4 Consequences of Not Providing Personal Information Failure to provide personal information may result in: • Inability to receive certain services or information. • Limited access to certain website features. • Inability to participate in surveys or receive our publications.

4.5 Purposes of Personal Information Collection, Use, and Disclosure We collect, hold, use, and disclose personal information for various purposes, including but not limited to: • Providing services, answering inquiries, and providing information about our services. • Developing new offers, products, and services to enhance our business. • Complying with laws and contractual obligations. • Conducting business processing functions, marketing, and research. • Providing access to our website and assessing its performance. • Responding to complaints and co-operating with governmental authorities.

4.6 Website Usage and Cookies Our website may use cookies to recognize users and track traffic patterns. We may also collect IP addresses for website analysis. For more information, refer to our Website Privacy Policy section.

4.7 Personal Information Disclosure We may disclose personal information to employees, contractors, service providers, customers, and other third parties for the purposes mentioned above. For more details, refer to our Privacy Policy section.

4.8 Direct Marketing We may send direct marketing communications about our services to individuals, providing an option to opt-out of such communications.

4.9 International Disclosure We may disclose personal information to overseas recipients in compliance with applicable laws and regulations.

4.10 Security and Data Quality We take reasonable measures to protect personal information from unauthorized access, loss, and disclosure.

4.11 Access and Correction of Personal Information Individuals may request access or correction of their personal information held by us. We will respond to such requests within a reasonable timeframe.

4.12 Complaints Procedure Individuals can raise privacy-related complaints with our Privacy Officer. We will investigate and resolve complaints promptly and transparently.

4.13 Contact Details For inquiries or concerns about our Privacy Policy or personal information, individuals can contact our Privacy Officer via email, phone, or mail.

4.14 Data Breach Notification We have procedures in place to address data breaches, including notifying affected individuals and regulatory authorities where required.

4.15 Additional Provisions for EU Residents For individuals located in the EU, additional provisions under the GDPR apply. These include rights to erasure, restrictions of processing, data portability, objection, and the right to complain.

4.16 Policy Breaches Breach of this policy may result in disciplinary action for employees, directors, and officers of Precast Concrete.

4.17 Changes to the Privacy Policy We may update this Privacy Policy to reflect new laws or technology. Any changes will be posted on our website.

Definitions

Term Definition

Australian Privacy Principles (APPs): The principles governing personal information handling under the Privacy Act 1988 (Cth).

Consent: Agreement provided freely, specifically, and unambiguously, indicating an individual’s wishes for personal information processing.

Data Breach: Unauthorized access, disclosure, or loss of personal information that may result in serious harm.

Data Controller: The entity responsible for determining the purposes and means of personal data processing under the GDPR.

Data Protection Officer (DPO): The individual responsible for GDPR compliance within the organization.

Eligible Data Breach: A data breach likely to cause serious harm to individuals, triggering the Notifiable Data Breach Scheme notification.

Employee: Broad definition including directors, officers, employees, contractors, or agents of Precast Concrete.

General Data Protection Regulation (GDPR): The EU legal framework governing the collection and processing of personal information.

Health Information: Personal data related to an individual’s physical or mental health, medical history, etc.

Notifiable Data Breach Scheme: Requirements for entities to notify individuals and the Australian Information Commissioner of eligible data breaches.

Loss: Accidental or inadvertent loss of personal information.

Office of the Australian Information Commissioner (OAIC): The national regulator for privacy and freedom of information.

Personal information or Data: Information or opinion identifying an individual or making them reasonably identifiable.

Privacy Officer: The appointed person responsible for privacy inquiries, complaints, and requests.

Processing: Any activity involving personal information, including collecting, storing, and using it.

Sensitive information: Information on specific characteristics, such as race, religion, health, or criminal record.

Serious Harm: Harm that may result in physical, psychological, emotional, financial, or reputational consequences.

Unauthorised Access/Disclosure: When personal information is made accessible or visible to outsiders without proper authorization.

We (us, our, ours) Precast Concrete

You (your, yours) Any individual disclosing personal information to Precast Concrete.

Responsibilities: The Board of Directors oversees policy compliance, and the CEO ensures its effective implementation. The Privacy Officer manages inquiries, complaints, and privacy-related issues.

Procedure: The Data Breach Procedure complements the Privacy Policy.

References Legislation: • Privacy Act 1988 (Cth) • Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth) • Spam Act 2003 (Cth) • Regulation EU (2016/679) – General Data Protection Regulation Policies: • Workplace Behaviour Policy • Fraud and Corruption Control Policy • Data Breach

Privacy Policy last updated on July 17, 2023.