Privacy Policy

1. Introduction

 1.1 From time to time Ascot Mill Consultants, a legal subsidiary of The Tullius Group Pty Ltd (“the Company “) is required to collect,

hold, use and/or disclose personal information relating to individuals (including, but

not limited to, its customers, contractors, suppliers and employees) in the performance

of its business activities.

1.2 This document sets out the Company’s policy in relation to the protection of personal

information, as under the Privacy Act 1998  (Cth) the (“Act “) and the Australian

Privacy Principles (“APP “).

1.3 The APPs regulate the handling of personal information.

2. What is personal information?

2.1 Personal information means information or an opinion (including information or an

opinion forming part of a database), whether true or not, and whether recorded in a

material form or not, about an individual whose identity is apparent, or can reasonably

be ascertained, from the information or opinion.

3. Employee records

 3.1 This policy does not apply to the collection, holding, use or disclosure of personal

information that is an employee record.

3.2 An employee record is a record of personal information relating to the employment

of an employee. Examples of personal information relating to the employment of the

employee include, but are not limited to, health information and information about the

engagement, training, disciplining, resignation, termination, terms and conditions of

employment of the employee. Please see the Act for further examples of employee

records.

4. Kinds of information that the Company collects and holds

 4.1 The Company collects personal information that is reasonably necessary for one or

more of its functions or activities.

4.2 The type of information that the Company collects and holds may depend on your

relationship with the Company. For example:

(a) Candidate:  if you are a candidate seeking employment with the Company,

the Company may collect and hold information including your name,

address, email address, contact telephone number, gender, age, employment

history, references, resume, medical history, emergency contact,

taxation details, qualifications and payment details.

(b) Customer:  if you are a customer of the Company, the Company may collect

and hold information including your name, address, email address,

contact telephone number, gender and age.

(c) Supplier:  if you are a supplier of the Company, the Company may collect

and hold information including your name, address, email address, contact

telephone number, business records, billing information, information

about goods and services supplied by you.

 (d) Referee:  if you are a referee of a candidate being considered for employment

by the Company, the Company may collect and hold information

including your name, contact details, current employment information

and professional opinion of candidate.

4.3 Sensitive information:  the Company will only collect sensitive information where

you consent to the collection of the information and the information is reasonably

necessary for one or more of the Company’s functions or activities. Sensitive information

includes, but is not limited to, information or an opinion about racial or ethnic

origin, political opinions, religious beliefs, philosophical beliefs, membership of

a trade union, sexual preferences, criminal record, health information or genetic information.

5. How the Company collects and holds personal information

 5.1 The Company must collect personal information only by lawful and fair means. The

Company will collect personal information directly from you if it is reasonable or

practicable to do so.

5.2 The Company may collect personal information in a number of ways, including without

limitation:

(a) through application forms;

(b) by email or other written mechanisms;

(c) over a telephone call;

(d) in person;

(e) through transactions;

(f) through our website;

(g) through surveillance camera;

(h) by technology that is used to support communications between us;

i) through publically available information sources (which may

include telephone directories, the internet and social media

sites);

ii) direct marketing database providers;

5.3 When the Company collects personal information about you through publicly available

information sources, it will manage such information in accordance with the

APPs.

5.4 At or before the time or, if it is not reasonably practicable, as soon as practicable after,

the Company collects personal information, the Company must take such steps

as are reasonable in the circumstances to either notify you or otherwise ensure that

you are made aware of the following:

(a) the identity and contact details of the Company;

 (b) that the Company has collected personal information from someone other

than you or if you are unaware that such information has been collected;

(c) that collection of personal information is required by Australian law, if it is;

(d) the purpose for which the Company collects the personal information;

(e) the consequences if the Company does not collect some or all of the

personal information;

(f) any other third party to which the Company may disclose the personal

information;

(g) the Company’s privacy policy contains information about how you may

access and seek correction of personal information held by the Company

and how you may complain about a breach of the APPs; and

(h) whether the Company is likely to disclose personal information to overseas

recipients, and the countries in which those recipients are likely to

be located.

5.5 Unsolicited personal information  is personal information that the Company receives

which it did not solicit. Unless the Company determines that it could have

collected the personal information in line with the APPs or the information is contained

within a Commonwealth record, it must destroy the information to ensure it

is de-identified.

6. Purposes for which the Company collects, holds, uses and/or discloses personal

information

 6.1 The Company will collect personal information if it is reasonably necessary for one

or more of its functions or activities.

6.2 The main purposes for which the Company may collect, hold, use and/or disclose

personal information may include but are not limited to:

(a) recruitment functions;

(b) customer service management;

(c) training and events;

(d) surveys and general research; and

(e) business relationship management.

6.3 The Company may also collect, hold, use and/or disclose personal information if you

consent or if required or authorised under law.

6.4 Direct marketing:

(a) The Company may use or disclose personal information (other than sensitive

information) about you for the purpose of direct marketing (for example,

advising you of new goods and/or services being offered by the

Company).

 (b) The Company may use or disclose sensitive information about you for

the purpose of direct marketing if you have consented to the use or disclosure

of the information for that purpose.

(c) You can opt out of receiving direct marketing communications from the

Company by contacting the Privacy Officer in writing or if permissible

accessing the Company’s website and unsubscribing appropriately.

7. Disclosure of Personal Information

 7.1 The Company may disclose your personal information for any of the purposes for

which it is was collected, as indicated under clause 6 of this policy, or where it is

under a legal duty to do so.

7.2 Disclosure will usually be internally and to related entities or to third parties such as

contracted service suppliers.

7.3 Before the Company discloses personal information about you to a third party, the

Company will take steps as are reasonable in the circumstances to ensure that the

third party does not breach the APPs in relation to the information.

7.4 Cross-border disclosure of personal information:

(a) The Company is likely to disclose personal information to overseas recipients.

(b) Before the Company discloses personal information about you to an

overseas recipient, the Company will take steps as are reasonable in the

circumstances to ensure that the overseas recipient does not breach the

APPs in relation to the information.

(c) The countries in which overseas recipients are likely to be located include:

i) United Kingdom, United States of America, China, Hong

Kong, Russia, Taiwan, and countries within the European

Union

8. Access to personal information

 8.1 If the Company holds personal information about you, you may request access to

that information by putting the request in writing and sending it to the Privacy Officer.

The Company will respond to any request within a reasonable period, and a charge

may apply for giving access to the personal information.

8.2 There are certain circumstances in which the Company may refuse to grant you

access to the personal information. In such situations the Company will give you

written notice that sets out:

(a) the reasons for the refusal; and

(b) the mechanisms available to you to make a complaint.

9. Correction of personal information

 9.1 If the Company holds personal information that is inaccurate, out-of-date, incomplete,

irrelevant or misleading, it must take steps as are reasonable to correct the

information.

9.2 If the Company holds personal information and you make a request in writing addressed

to the Privacy Officer to correct the information, the Company must take

steps as are reasonable to correct the information and the Company will respond to

any request within a reasonable period.

9.3 There are certain circumstances in which the Company may refuse to correct the

personal information. In such situations the Company will give you written notice

that sets out:

(a) the reasons for the refusal; and

(b) the mechanisms available to you to make a complaint.

9.4 If the Company correct personal information that it has previously supplied to a third

party and you request us to notify the third party of the correction, the Company will

take such steps as are reasonable to give that notification unless impracticable or

unlawful to do so.

10. Integrity and security of personal information

 10.1 The Company will take such steps (if any) as are reasonable in the circumstances

to ensure that the personal information that it:

(a) collects is accurate, up-to-date and complete; and

(b) uses or discloses is, having regard to the purpose of the use or disclose,

accurate, up-to-date and complete.

10.2 The Company will take steps as are reasonable in the circumstances to protect the

personal information from misuse, interference, loss and form unauthorised access,

modification or disclosure.

10.3 If the Company holds personal information, it no longer needs the information for any

purpose for which the information may be used or disclosed, the information is not

contained in any Commonwealth record and the Company is not required by law to

retain the information, it will take such steps as are reasonable in the circumstances

to destroy the information or to ensure it is de-identified.

11. Anonymity and Pseudonymity

 11.1 You have the option of not identifying yourself, or using a pseudonym, when dealing

with the Company in relation to a particular matter. This does not apply:

(a) where the Company is required or authorised by or under an Australian

law, or a court/tribunal order, to deal with individuals who have identified

themselves; or

(b) where it is impracticable for the Company to deal with individuals who

have not identified themselves or who have used a pseudonym.

 11.2 However, in some cases if you do not provide the Company with your personal information

when requested, the Company may not be able to respond to your request

or provide you with the goods or services that you are requesting.

12. Complaints

 12.1 You have a right to complain about the Company’s handling of your personal information

if you believe the Company has breached the APPs.

12.2 If you wish to make such a complaint to the Company, you should first contact the

Privacy Officer in writing. Your complaint will be dealt with in accordance with the

Company’s complaints procedure and the Company will provide a response within

a reasonable period.

12.3 If you are unhappy with the Company’s response to your complaint, you may refer

your complaint to the Office of the Australian Information Commissioner.

13. Privacy Officer contact details

 13.1 The Company’s Privacy Officer can be contacted in the following ways:

(a) Telephone number: +61(0)7 31213294

(b) Email address: admin@tullisgroup.com

(c) Postal address: Level 36, Riparian Plaza, 71 Eagle Street, Brisbane,

QLD, 4000