Privacy Policy – ScrapTrade.com.au

ScrapTrade.com.au (“we,” “our,” or “ScrapTrade”) values your privacy. This Privacy Policy explains how we collect, use, store, and protect personal and business information when you use our website, app, or related services. By accessing our platform, you agree to this policy.

PRIVACY POLICY

ScrapTrade.com.au

Effective Date: 1 February 2026

Last Updated: 1 April 2026

1. INTRODUCTION

1.1 Our Commitment to Privacy

ScrapTrade.com.au (Mobeius Technologies Pty Ltd having ABN:49693656932) (“we”, “us”, “our”, or “ScrapTrade”) is committed to protecting your privacy and complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy explains how we collect, use, disclose, store, and protect your personal information.

1.2 Scope

This Privacy Policy applies to:

• a) All users of the ScrapTrade.com.au website and mobile applications (“Service”);
• b) All personal information collected through the Service;
• c) Information collected offline in connection with the Service;
• d) Third-party service providers acting on our behalf.

1.3 Agreement

By using the Service, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy. If you do not agree, please do not use the Service.

1.4 Updates to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last Updated” date. Material changes will be notified via email or prominent notice on the Service. Your continued use after changes constitutes acceptance.

2. DEFINITIONS

“Personal Information” means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether recorded in material form or not.

“Sensitive Information” means personal information about an individual’s racial or ethnic origin, political opinions, membership of political associations, religious or philosophical beliefs, sexual orientation or practices, criminal record, health information, genetic information, or biometric information.

“APP Entity” means an organization with an annual turnover of more than $3 million, or that trades in personal information, or that provides a health service or is a contracted service provider for a Commonwealth contract.

“Credit Information” includes information about credit applications, credit history, and credit worthiness.

“User” means any person or entity that accesses or uses the Service.

3. INFORMATION WE COLLECT

3.1 Personal Information Collected Directly

We collect the following personal information directly from you:

Account Registration Information:

• – Full legal name (individual or business name)
• – Australian Business Number (ABN) or Australian Company Number (ACN)
• – Trading name (if different from legal name)
• – Email address
• – Telephone number(s) (mobile and landline)
• – Physical business address
• – Postal address (if different)
• – Date of birth (for identity verification)

License and Verification Information:

• – Scrap metal dealer license number
• – Second-hand dealer license number
• – Other relevant permits and registrations
• – Proof of identity documents (driver’s license, passport)
• – Business registration documents
• – Professional certifications

Financial Information:

• – Bank account details (BSB and account number)
• – Credit card or payment card information (processed by third-party payment processors)
• – Billing address
• – Payment history
• – Transaction records
• – Tax File Number (TFN) or Australian Business Number (where required for tax reporting)

Transaction Information:

• – Listing details (materials, quantities, grades, prices)
• – Purchase and sale records
• – Communication with other users
• – Delivery and collection details
• – Inspection reports
• – Dispute records

Profile Information:

• – Business description
• – Services offered
• – Operating locations
• – Trading hours
• – Profile photograph or business logo
• – Preferences and settings

Communication Information:

• – Messages sent through the Service
• – Email correspondence
• – Support tickets and inquiries
• – Feedback and reviews
• – Survey responses

3.2 Information Collected Automatically

When you use the Service, we automatically collect:

Device Information:

• – IP address
• – Device type and model
• – Operating system and version
• – Browser type and version
• – Unique device identifiers
• – Mobile network information

Usage Information:

• – Pages visited and features used
• – Time and date of visits
• – Referring and exit pages
• – Search queries
• – Click-stream data
• – Session duration
• – Interaction with listings and content

Location Information:

• – Geographic location (with your consent)
• – Approximate location based on IP address
• – GPS coordinates (for mobile app users who grant permission)

Cookies and Tracking Technologies:

• – Cookies (session and persistent)
• – Web beacons
• – Pixel tags
• – Local storage
• – Analytics data

3.3 Information from Third Parties

We may collect personal information from:

Identity Verification Services:

• – Government databases for license verification
• – Credit reporting agencies
• – Identity verification providers
• – Background check services

Business Information Services:

• – ASIC business registers
• – ABN Lookup
• – Credit reference agencies
• – Industry associations

Social Media and Public Sources:

• – Information from your social media profiles (if you link accounts)
• – Publicly available business information
• – Online reviews and ratings
• – Public records

Other Users:

• – Reviews and ratings about you
• – Reports of policy violations
• – Dispute information
• – References and testimonials

3.4 Information We Do Not Intentionally Collect

We do not intentionally collect Sensitive Information as defined by the Privacy Act 1988 (Cth) unless:

• a) You voluntarily provide it;
• b) It is reasonably necessary for our functions or activities;
• c) We have your explicit consent;
• d) It is required or authorized by law.

If you provide Sensitive Information, you consent to our collection and use of that information for the purposes disclosed in this Privacy Policy.

4. HOW WE USE YOUR PERSONAL INFORMATION

4.1 Primary Purposes

We collect and use your personal information for the following primary purposes:

Service Provision:

• – Creating and managing your account
• – Facilitating listings and transactions
• – Processing payments and refunds
• – Providing customer support
• – Delivering requested services and features
• – Personalizing your experience

Verification and Security:

• – Verifying your identity and credentials
• – Confirming license validity
• – Preventing fraud and unauthorized access
• – Detecting and preventing illegal activity
• – Protecting against security threats
• – Investigating policy violations

Communication:

• – Responding to inquiries and requests
• – Sending transactional notifications (account, listings, transactions)
• – Providing customer support
• – Sending administrative messages
• – Resolving disputes

Legal Compliance:

• – Complying with legal obligations under Australian law
• – Responding to lawful requests from authorities
• – Meeting regulatory requirements (AML/CTF, tax, licensing)
• – Enforcing our Terms and Conditions
• – Protecting our legal rights

4.2 Secondary Purposes

With your consent or as permitted by law, we may also use your personal information for:

Marketing and Promotions:

• – Sending promotional emails and newsletters (with consent)
• – Informing you about new features and services
• – Providing targeted advertising
• – Conducting marketing campaigns
• – Sending industry news and updates

Analytics and Improvement:

• – Analyzing usage patterns and trends
• – Improving Service functionality and performance
• – Developing new features and services
• – Conducting research and surveys
• – Creating anonymized statistical data

Business Operations:

• – Managing business relationships
• – Training staff
• – Quality assurance
• – Risk management
• – Business planning and strategy

4.3 Direct Marketing

We may use your personal information to send direct marketing communications about:

• a) Our services and features;
• b) Industry news and trends;
• c) Promotional offers and discounts;
• d) Events and webinars;
• e) Partner services (with consent).

Your Rights:

• – You can opt-out of marketing communications at any time
• – Use the unsubscribe link in emails
• – Contact us directly to update preferences
• – We will not charge you for opting out
• – We may still send transactional and administrative messages

Our Obligations:

• – We will only send marketing if we have consent or an existing relationship
• – We will clearly identify ourselves
• – We will provide an easy opt-out mechanism
• – We will honor opt-out requests within a reasonable timeframe

5. DISCLOSURE OF PERSONAL INFORMATION

5.1 Disclosure to Other Users

To facilitate transactions, we disclose certain information to other users:

Sellers May See (about Buyers):

• – Name and business name
• – Contact information (as provided for the transaction)
• – Profile information
• – Transaction history and ratings
• – Messages sent through the platform

Buyers May See (about Sellers):

• – Name and business name
• – Contact information (as provided in listings)
• – Business location
• – Profile information
• – Listings and pricing
• – Ratings and reviews
• – License information (where publicly available)

Control:

You can control what information is visible in your profile settings, subject to minimum disclosure requirements for transaction completion.

5.2 Disclosure to Service Providers

We disclose personal information to third-party service providers who perform services on our behalf:

Payment Processors:

• – Processing credit card and bank transactions
• – Managing payment accounts
• – Fraud detection and prevention

Cloud Hosting and Storage:

• – Amazon Web Services (AWS) – Australia region
• – Microsoft Azure – Australia region
• – Data storage and backup services

Identity Verification:

• – ID verification services
• – License verification providers
• – Credit checking agencies
• – Background check services

Communication Services:

• – Email service providers (e.g., SendGrid, Mailchimp)
• – SMS providers
• – Customer support platforms

Analytics and Marketing:

• – Google Analytics
• – Marketing automation platforms
• – Advertising networks
• – Survey tools

Professional Advisors:

• – Legal counsel
• – Accountants and auditors
• – Business consultants
• – Insurance providers

Other Service Providers:

• – IT support and maintenance
• – Security services
• – Logistics and delivery services
• – Document management

Service Provider Obligations:

All service providers are contractually required to:

• – Use personal information only for specified purposes
• – Protect personal information with appropriate security
• – Not disclose to unauthorized parties
• – Comply with Australian privacy laws
• – Delete or return information when no longer needed

5.3 Disclosure for Legal Reasons

We may disclose personal information when required or authorized by law:

Legal Obligations:

• – Court orders and subpoenas
• – Search warrants
• – Statutory demands for information
• – Regulatory investigations
• – Tax and revenue authorities

Law Enforcement:

• – Police investigations
• – Anti-money laundering reporting
• – Counter-terrorism financing obligations
• – Suspicious activity reporting
• – Fraud investigations

Legal Proceedings:

• – Defending legal claims
• – Enforcing our rights
• – Protecting the rights and safety of others
• – Investigating policy violations

5.4 Business Transfers

If ScrapTrade is involved in a merger, acquisition, sale of assets, bankruptcy, or reorganization, your personal information may be transferred as part of that transaction. We will:

• a) Notify you via email and prominent notice on the Service;
• b) Provide information about the acquiring entity;
• c) Explain any changes to privacy practices;
• d) Offer choices regarding continued use of your information.

5.5 With Your Consent

We may disclose your personal information to other parties with your explicit consent:

• a) Partner organizations for joint offerings;
• b) Industry associations for membership benefits;
• c) Research organizations for industry studies;
• d) Public listings or testimonials (with permission).

5.6 Aggregated and De-identified Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you:

• a) Industry statistics and trends;
• b) Market research and analysis;
• c) Academic research;
• d) Business reporting;
• e) Service improvement.

Such data is not considered personal information under the Privacy Act.

5.7 Overseas Disclosure

Some of our service providers may be located overseas or store data in offshore facilities. Personal information may be disclosed to entities in:

Common Jurisdictions:

• – United States (cloud hosting, analytics, payment processing)
• – European Union (software services)
• – Singapore (regional data centers)
• – Other countries where service providers operate

Your Rights:

When we disclose personal information overseas:

• – We take reasonable steps to ensure overseas recipients comply with Australian privacy laws or equivalent protections
• – You may not be able to seek redress under the Privacy Act
• – You may not be able to seek redress in the overseas jurisdiction
• – We remain accountable for overseas disclosures

Your Consent:

By using the Service, you consent to disclosure of your personal information to overseas recipients as described above.

APP 8.1 Exception:

Where we take reasonable steps to ensure overseas recipients do not breach the APPs, we rely on the APP 8.1 exception to take responsibility for the overseas recipient’s handling of personal information.

6. DATA QUALITY AND SECURITY

6.1 Data Quality (APP 10)

We take reasonable steps to ensure that personal information we collect is:

• a) Accurate and up-to-date;
• b) Complete and relevant;
• c) Not misleading.

Your Responsibility:

You are responsible for providing accurate information and updating it when circumstances change. You can update your information through your account settings or by contacting us.

6.2 Security Measures (APP 11)

We implement reasonable administrative, technical, and physical security measures to protect personal information from:

• a) Misuse, interference, and loss;
• b) Unauthorized access, modification, or disclosure;
• c) Data breaches and cyber threats.

Technical Security:

• – Encryption of data in transit (SSL/TLS)
• – Encryption of data at rest
• – Secure authentication mechanisms
• – Regular security updates and patches
• – Firewalls and intrusion detection systems
• – Access controls and monitoring

Administrative Security:

• – Staff training on privacy and security
• – Background checks for employees
• – Confidentiality agreements
• – Access restrictions based on role
• – Regular security audits
• – Incident response procedures

Physical Security:

• – Secure data center facilities
• – Restricted physical access
• – Environmental controls
• – Backup and disaster recovery systems

6.3 Data Retention

We retain personal information only as long as necessary for:

• a) The purposes for which it was collected;
• b) Legal and regulatory requirements;
• c) Resolving disputes and enforcing agreements;
• d) Legitimate business purposes.

Retention Periods:

• – Account information: Duration of account plus 7 years
• – Transaction records: 7 years (tax and regulatory compliance)
• – Financial records: 7 years
• – Communication records: 3 years or until resolved
• – Marketing data: Until consent is withdrawn plus 2 years
• – Legal hold data: Until legal matters are resolved

Secure Disposal:

When personal information is no longer needed, we securely delete or de-identify it using:

• – Secure deletion methods
• – Overwriting techniques
• – Physical destruction of media
• – De-identification processes

6.4 Data Breach Response

In the event of an eligible data breach under the Notifiable Data Breaches (NDB) scheme:

Our Response:

• – We will assess the breach within 30 days
• – Determine if the breach is likely to result in serious harm
• – Notify affected individuals and the Office of the Australian Information Commissioner (OAIC) if required
• – Provide information about the breach, types of information involved, and recommended steps
• – Take remedial action to prevent future breaches

Your Actions:

If notified of a breach, you should:

• – Follow our recommended steps
• – Change passwords immediately
• – Monitor accounts for suspicious activity
• – Consider credit monitoring if financial information was involved
• – Contact us with questions or concerns

6.5 Limitations

Despite our security measures:

• a) No internet transmission is completely secure;
• b) We cannot guarantee absolute security;
• c) You use the Service at your own risk;
• d) You are responsible for maintaining the security of your account credentials.

7. ACCESS AND CORRECTION (APP 12 & 13)

7.1 Your Right to Access

You have the right to request access to the personal information we hold about you. We will provide access unless:

• a) Providing access would pose a serious threat to life, health, or safety;
• b) Providing access would have an unreasonable impact on others’ privacy;
• c) The request is frivolous or vexatious;
• d) The information relates to existing or anticipated legal proceedings;
• e) Providing access would be unlawful;
• f) Denying access is authorized by law;
• g) Providing access would prejudice enforcement activities;
• h) Providing access would reveal our commercially sensitive decision-making processes.

How to Request Access:

Submit a written request to privacy@scraptrade.com.au including:

• – Your full name and contact details
• – Verification of your identity
• – Specific information you wish to access
• – Preferred format for receiving information

Our Response:

• – We will respond within 30 days of receiving your request
• – We will provide the requested information or explain why access is denied
• – We may charge a reasonable fee for complex or voluminous requests
• – We will provide information in a format you request where reasonable

7.2 Your Right to Correction

You have the right to request correction of personal information that is:

• a) Inaccurate;
• b) Out-of-date;
• c) Incomplete;
• d) Irrelevant;
• e) Misleading.

How to Request Correction:

• – Update information directly through your account settings
• – Contact us at privacy@scraptrade.com.au with correction requests
• – Provide evidence supporting the correction where relevant

Our Response:

• – We will respond within 30 days
• – We will correct the information or explain why we refuse
• – If we refuse, you may request we associate a statement with the information
• – We will notify third parties of corrections where reasonable and practicable
• – We will not charge for correction requests

7.3 Associated Statements

If we refuse to correct information and you disagree, you may request that we associate a statement with the information claiming it is inaccurate, out-of-date, incomplete, irrelevant, or misleading.

8. ANONYMITY AND PSEUDONYMITY (APP 2)

8.1 Option to Remain Anonymous

Where practicable, we will give you the option to:

• a) Not identify yourself; or
• b) Use a pseudonym.

When Anonymity is Possible:

• – Browsing public listings (not logged in)
• – General inquiries
• – Some survey responses
• – Public feedback

When Anonymity is Not Practicable:

We require identification when:

• – Creating an account
• – Listing materials for sale
• – Making purchases
• – Processing payments
• – Verifying licenses and credentials
• – Complying with legal obligations (AML/CTF, tax reporting)
• – Protecting against fraud
• – Enforcing Terms and Conditions

8.2 Pseudonyms

You may use a business name or trading name instead of your legal name in some contexts, but we require:

• a) Your legal name for account registration and verification;
• b) Your ABN/ACN for business entities;
• c) Proof of authority to use the business name.

9. COOKIES AND TRACKING TECHNOLOGIES

9.1 What Are Cookies

Cookies are small text files stored on your device when you visit websites. We use cookies and similar technologies to:

• a) Remember your preferences and settings;
• b) Authenticate your login sessions;
• c) Analyze Service usage and performance;
• d) Deliver relevant advertising;
• e) Prevent fraud and improve security.

9.2 Types of Cookies We Use

Essential Cookies:

• – Required for Service functionality
• – Enable account login and authentication
• – Remember your session
• – Provide security features
• – Cannot be disabled without affecting Service functionality

Functional Cookies:

• – Remember your preferences (language, location)
• – Customize your experience
• – Provide enhanced features
• – Can be disabled in settings

Analytics Cookies:

• – Track how you use the Service
• – Measure performance and errors
• – Understand user behavior
• – Improve Service quality
• – Can be disabled in settings

Advertising Cookies:

• – Deliver relevant advertisements
• – Measure ad effectiveness
• – Frequency capping
• – Target based on interests
• – Can be disabled in settings

9.3 Third-Party Cookies

We use third-party services that may set cookies:

Google Analytics:

• – Usage analytics and reporting
• – Privacy policy: https://policies.google.com/privacy

Facebook Pixel:

• – Advertising and conversion tracking
• – Privacy policy: https://www.facebook.com/privacy

Payment Processors:

• – Fraud detection and prevention
• – See respective privacy policies

9.4 Managing Cookies

You can control cookies through:

Browser Settings:

• – Block all cookies
• – Accept only essential cookies
• – Delete existing cookies
• – Configure cookie preferences

Our Cookie Settings:

• – Access through website footer
• – Choose cookie preferences
• – Update preferences at any time

Note:

Disabling essential cookies may prevent you from using certain Service features.

9.5 Do Not Track

Some browsers offer “Do Not Track” (DNT) signals. Currently, we do not respond to DNT signals as there is no industry standard for handling them.

10. CHILDREN’S PRIVACY

10.1 Age Restrictions

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18.

10.2 Parental Notice

If we become aware that we have collected personal information from a person under 18 without parental consent, we will:

• a) Delete the information as soon as practicable;
• b) Terminate any associated account;
• c) Notify the parent or guardian if contact information is available.

10.3 Parental Rights

If you are a parent or guardian and believe your child has provided personal information to us, please contact us immediately at privacy@scraptrade.com.au.

11. YOUR PRIVACY RIGHTS

11.1 Summary of Rights

Under Australian privacy law, you have the right to:

• a) Access your personal information;
• b) Correct inaccurate or incomplete information;
• c) Request deletion of your information (subject to legal obligations);
• d) Restrict processing in certain circumstances;
• e) Object to processing for direct marketing;
• f) Opt-out of marketing communications;
• g) Complain to us or the OAIC about privacy concerns;
• h) Remain anonymous where practicable.

11.2 Exercising Your Rights

To exercise your rights:

By Email: privacy@scraptrade.com.au

By Mail:

Privacy Officer
ScrapTrade.com.au
cs@scraptrade.com.au

Include:

• – Your full name and contact details
• – Verification of your identity
• – Clear description of your request
• – Any supporting documentation

Response Time:

We will respond within 30 days of receiving a valid request.

11.3 Verification

To protect your privacy, we may require verification of your identity before processing requests. Acceptable verification includes:

• a) Government-issued photo ID;
• b) Recent utility bill or bank statement;
• c) Other documentation confirming your identity.

11.4 Fees

We will not charge fees for most requests. However, we may charge a reasonable fee for:

• a) Complex or voluminous access requests;
• b) Manifestly unfounded or excessive requests;
• c) Repeated requests for the same information.

We will notify you of any fees before processing your request.

12. COMPLAINTS AND DISPUTES

12.1 How to Complain

If you believe we have breached your privacy rights or Australian privacy laws, please contact us:

Privacy Officer

Email: cs@scraptrade.com.au

Include in Your Complaint:

• – Your contact details
• – Description of the privacy concern
• – When and how the breach occurred
• – Impact on you
• – What you would like us to do
• – Any relevant documentation

12.2 Our Complaints Process

Step 1 – Acknowledgment (5 Business Days):

We will acknowledge receipt of your complaint within 5 business days.

Step 2 – Investigation (30 Days):

We will investigate your complaint thoroughly, which may include:

• – Reviewing relevant records and systems
• – Interviewing staff members
• – Consulting with legal advisors
• – Assessing compliance with privacy laws

Step 3 – Response (30 Days):

We will provide a written response within 30 days, including:

• – Our findings
• – Whether we uphold the complaint
• – Remedial action taken or proposed
• – Your right to escalate to the OAIC

Step 4 – Resolution:

If you are satisfied with our response, the matter is resolved. If not, you may escalate to the OAIC.

12.3 Office of the Australian Information Commissioner (OAIC)

If you are dissatisfied with our response, or if we fail to respond within 30 days, you may lodge a complaint with the OAIC:

Website: www.oaic.gov.au

Phone: 1300 363 992

Email: enquiries@oaic.gov.au

Mail:

Office of the Australian Information Commissioner
GPO Box 5288
Sydney NSW 2001

The OAIC can:

• – Investigate your complaint
• – Attempt conciliation
• – Make determinations
• – Seek enforceable undertakings
• – Impose penalties for serious breaches

13. INTERNATIONAL DATA TRANSFERS

13.1 Data Storage Locations

Your personal information may be stored and processed in:

• a) Australia (primary storage);
• b) United States (cloud services, analytics);
• c) Singapore (regional backups);
• d) European Union (service providers).

13.2 Cross-Border Disclosure

When transferring personal information overseas, we:

• a) Take reasonable steps to ensure recipients comply with Australian privacy laws or equivalent standards;
• b) Use contractual clauses requiring privacy protections;
• c) Assess the privacy laws of destination countries;
• d) Implement appropriate safeguards.

13.3 Your Consent

By using the Service, you consent to international transfers as described in this Privacy Policy.

13.4 Accountability

We remain accountable for personal information disclosed to overseas recipients and take reasonable steps to ensure they handle information in accordance with the APPs.

14. CHANGES TO THIS PRIVACY POLICY

14.1 Right to Modify

We reserve the right to modify this Privacy Policy at any time to reflect:

• a) Changes in our practices;
• b) Changes in applicable laws;
• c) Technological developments;
• d) Business requirements.

14.2 Notification of Changes

We will notify you of material changes by:

• a) Posting the updated Privacy Policy on our website;
• b) Updating the “Last Updated” date;
• c) Sending email notification to registered users;
• d) Displaying prominent notices on the Service.

14.3 Your Options

If you disagree with changes to this Privacy Policy:

• a) You may close your account;
• b) You may withdraw consent for specific uses;
• c) You may contact us to discuss concerns.

Continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

15. CONTACT INFORMATION

15.1 Privacy Officer

For all privacy-related inquiries, requests, or complaints:

Privacy Officer

ScrapTrade.com.au
ABN: 49 693 656 932

Email: cs@scraptrade.com.au

Office Hours:

Monday to Friday: 9:00 AM – 5:00 PM AEST
(Excluding NSW public holidays)

15.2 General Inquiries

For general questions about the Service:

Email: cs@scraptrade.com.au

16. ADDITIONAL INFORMATION FOR SPECIFIC USERS

16.1 Business Account Holders

If you register a business account:

• a) You represent that you have authority to provide employee/contractor information;
• b) You are responsible for obtaining necessary consents from individuals whose information you provide;
• c) You must inform individuals about this Privacy Policy;
• d) You must comply with APPs regarding employee information.

16.2 European Users

While this Privacy Policy primarily addresses Australian privacy law, if you are in the European Union, you may have additional rights under the General Data Protection Regulation (GDPR), including:

• a) Right to data portability;
• b) Right to be forgotten;
• c) Right to restrict processing;
• d) Right to object to automated decision-making.

Please contact our Privacy Officer to exercise GDPR rights.

16.3 California Users

California residents may have additional rights under the California Consumer Privacy Act (CCPA). Please contact our Privacy Officer for information about CCPA rights.

17. SPECIFIC INFORMATION HANDLING PRACTICES

17.1 Credit Information

If we collect credit information (as defined by the Privacy Act), we will handle it in accordance with Part IIIA of the Privacy Act and the Credit Reporting Privacy Code.

Collection:

We may collect credit information for:

• – Assessing creditworthiness for payment terms
• – Identity verification
• – Fraud prevention

Disclosure:

We may disclose credit information to:

• – Credit reporting bodies
• – Credit providers
• – Debt collectors
• – Our service providers

Your Rights:

You may request access to and correction of credit information we hold.

17.2 Government Identifiers

We will not use government-related identifiers (such as driver’s license numbers, passport numbers, or tax file numbers) as our own identifiers for individuals.

We may collect government identifiers for:

• – Identity verification required by law
• – Compliance with AML/CTF obligations
• – Tax reporting requirements

17.3 Health Information

We do not generally collect health information. If you voluntarily provide health information (e.g., in relation to workplace safety), we will:

• a) Only use it for the purpose provided;
• b) Protect it with enhanced security;
• c) Not disclose it without your consent except as required by law;
• d) Delete it when no longer needed.

18. COMPLIANCE WITH AUSTRALIAN PRIVACY PRINCIPLES

This Privacy Policy is designed to comply with the 13 Australian Privacy Principles:

• – Open and transparent management of personal information
• – Anonymity and pseudonymity
• – Collection of solicited personal information
• – Dealing with unsolicited personal information
• – Notification of collection
• – Use or disclosure of personal information
• – Direct marketing
• – Cross-border disclosure of personal information
• – Adoption, use or disclosure of government related identifiers
• – Quality of personal information
• – Security of personal information
• – Access to personal information
• – Correction of personal information

ACKNOWLEDGMENT

By using the Service, you acknowledge that you have read, understood, and agree to this Privacy Policy.

Last Updated: 1 April 2026

Version: 1.0