SOFM Privacy Policy

Privacy Policy

SOFM Pty Ltd recognises the importance of protecting the privacy of individuals and are committed to managing personal information in an open and transparent way, in accordance with the Privacy Act 1988 (Cth) (the Act), as amended by the Privacy and Other Legislation Amendment Act 2024 (Cth), and the 13 Australian Privacy Principles (APPs). This Privacy Policy explains how we collect, hold, use and disclose your personal information, the purposes for which we do so, and your rights in relation to that information.

1. What personal information do we collect and hold?

We may collect the following types of personal information:

• name
• mailing or street address
• email address
• telephone number
• age or date of birth
• profession, occupation, or job title
• details of the services you have purchased from us or enquired about, together with any additional information necessary to deliver those services and respond to your enquiries
• any additional information relating to you that you provide to us directly or indirectly through our websites, online presence, our representatives, or otherwise

How do we collect and hold your personal information?

We collect your personal information directly from you unless it is unreasonable or impracticable to do so. We may collect personal information through:

• your access and use of our website
• conversations between you and our representatives
• when you complete a survey or other form

We may also collect personal information from third parties, including customers, credit reporting agencies, law enforcement agencies, and other government entities, where this is permitted by the Act.

Personal information we collect is stored by us and by third party service providers who provide data storage and hosting services to us. For more information on how we protect your personal information, please refer to the Security section below.

What happens if we cannot collect your personal information?

If you do not provide us with the personal information described above, some or all of the following may occur:

• we may not be able to provide the requested services to you, either to the same standard or at all
• we may not be able to provide you with information about services that may be of interest to you
• we may be unable to tailor the content of our websites to your preferences.

2. Sensitive Information

We will only collect sensitive information about you where you have consented, or where collection is otherwise permitted under the Act. Sensitive information will be used and disclosed only for the purpose for which it was collected or a directly related secondary purpose, unless you agree otherwise or where required or permitted by law.

3. Cookies

A cookie is a small text file stored on your device that helps us understand how visitors use our website. We use cookies to measure traffic patterns, determine which areas of our website have been visited, and analyse transaction patterns in aggregate so that we can improve the user experience. Our cookies do not collect personal information. If you do not wish to receive cookies, you can configure your browser to refuse them, though this may affect your ability to use some features of our website.

4. For what purposes do we collect, hold, use and disclose your personal information?

We collect personal information so that we can perform our business activities and functions and provide the best possible quality of service to our clients.

We collect, hold, use and disclose your personal information for the following purposes:

• to provide services to you and to send communications requested by you
• to answer enquiries and provide information or advice about existing and new services
• to assess and improve the performance of our website
• to conduct business processing functions, including providing personal information to our related bodies corporate, contractors, service providers, or other third parties as necessary
• for administrative, marketing (including direct marketing), planning, service development, quality control, and research purposes
• to update our records and keep your contact details current
• to process and respond to any complaint made by you

to comply with any law, rule, regulation, or lawful and binding determination, decision, or direction of a regulator, or in cooperation with any governmental authority.

Your personal information will not be shared, sold, rented, or disclosed other than as described in this Privacy Policy.

5. To whom may we disclose your information?

We may disclose your personal information to:

• our employees, contractors, and service providers for the purposes of operating our website and business, fulfilling your requests, and providing services to you — including web hosting providers, IT systems administrators, mailing houses, couriers, payment processors, data entry service providers, electronic network administrators, debt collectors, and professional advisors such as accountants, solicitors, business advisors, and consultants
• suppliers and other third parties with whom we have commercial relationships, for business, marketing, and related purposes
• any organisation for any authorised purpose with your express consent.

6. Direct Marketing Materials

We may send you direct marketing communications and information about our products and services that we consider may be of interest to you. These communications may be sent in various forms, including mail, SMS, and email, in accordance with applicable marketing laws, including the Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth). If you indicate a preference for a method of communication, we will endeavour to use that method wherever practical.

You may opt out of receiving marketing communications from us at any time by contacting us using the details below, or by using the opt-out facilities provided in the marketing communications. We will promptly action your request and remove your name from our mailing list.

We do not provide your personal information to other organisations for the purposes of direct marketing without your consent.

7. How can you access and correct your personal information?

You may request access to any personal information we hold about you at any time by contacting us using the details below. Where we hold information that you are entitled to access, we will endeavour to provide you with a suitable means of doing so (for example, by mailing or emailing it to you). We may charge a reasonable fee to cover our administrative costs in providing access, but we will not charge for simply making the request or for correcting your personal information.

There may be circumstances in which we are unable to grant access — for example, where doing so would unreasonably impact the privacy of another individual, or where access would be unlawful. If we refuse access, we will provide you with written reasons for the refusal and information about how to complain.

If you believe that personal information we hold about you is incorrect, incomplete, or inaccurate, you may ask us to correct it. We will consider your request and, if we do not agree that correction is warranted, we will note your disagreement on the record.

Under the Act, we are required to respond to access and correction requests within a reasonable period and, in most cases, within 30 days.

8. Notifiable Data Breaches

We are subject to the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Act. If a data breach is likely to result in serious harm to any of the individuals whose information is involved, we are required to notify both the affected individuals and the Office of the Australian Information Commissioner (OAIC). Recording Law

We maintain internal procedures for detecting, assessing, and responding to data breaches. If you believe your personal information held by us has been compromised, please contact our Privacy Officer using the details below as soon as possible.

9. What is the process for complaining about a breach of privacy?

If you believe that your privacy has been breached, please contact us using the contact information below and provide details of the incident so that we can investigate and respond to your concerns.

We will treat your complaint confidentially. Our representative will contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline how they may be resolved. We will aim to resolve complaints in a timely and appropriate manner.

If you are not satisfied with our response, you may also lodge a complaint with the OAIC at www.oaic.gov.au or by calling 1300 363 992.

10. Do we disclose your personal information to anyone outside Australia?

We may disclose personal information to third party suppliers and service providers located overseas for some of the purposes listed in the ‘To whom may we disclose your information?’ section above. This is currently limited to our data hosting and IT

service providers, where some information may be stored in Asia Pacific (APAC) datacentres located in Singapore and Hong Kong.

Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure the recipient does not breach the APPs in relation to that information, including seeking contractual commitments from overseas recipients to handle personal information in a manner consistent with Australian privacy law. Where we disclose personal information on the basis that an overseas recipient will comply with the APPs, we bear accountability under the Act for any breach of the APPs by that recipient. Security BoulevardICLG

11. Security

We take reasonable steps, including technical and organisational measures, to protect the personal information we hold from misuse, interference, and loss, and from unauthorised access, modification, or disclosure, in accordance with APP 11. Personal information may be held in electronic or hard copy form and is destroyed or de-identified when it is no longer needed for the purposes for which it was collected. Office of the Australian Information Commissioner

As our website is linked to the internet, we cannot guarantee the security of information transmitted online and any such transmission is at your own risk. We also cannot guarantee that information you supply will not be intercepted while being transmitted over the internet.

12. Links

Our website may contain links to third party websites. We make no representations or warranties in relation to the privacy practices of any third party website and are not responsible for the privacy policies or content of those sites. Third party websites are responsible for informing you about their own privacy practices.

13. Contacting us

If you have any questions about this Privacy Policy, or concerns or a complaint regarding the treatment of your personal information or a possible breach of your privacy, please use the contact link on our website or contact our Privacy Officer using the details below.

Please contact our Privacy Officer at:

Privacy Officer SOFM Pty Ltd

Post: Level 1, 397 Clarendon Street, South Melbourne Vic 3205

Tel: +61 (03) 9999 7413

Email: privacy@sofm.com.au

14. Changes to our Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or in applicable law. Any updated version will be posted on our website. We encourage you to review this policy periodically.