Privacy Policy for STEELX

Updated 5 July 2018

This Privacy Policy (Policy) applies to:

· Steelx Pty Ltd ACN 122 464 233, its subsidiaries and related bodies
corporate and its brands (collectively referred to in this document as “we”
“our” or “us” or as the context requires otherwise);

· any software application for mobile devices (Application
) that we operate.

This Policy sets out the types of personal information that we usually
collect, the purposes for which we collect it, to who we disclose it, how
we hold and keep it secure, and your rights in relation to your personal
information, including how to complain and how we deal with complaints.
This Policy should be read together with our website Terms and Conditions
and any location specific legal notice. Our businesses and websites operate
from Australia and this Policy provides information in accordance with our
obligations under the Privacy Act 1989 (Cth).

In this Policy,

  • personal information
    means any information about an individual from which that individual
    can be identified or reasonably identified. It does not include
    information that has been de-identified (anonymous data).
  • Privacy Act
    means the Privacy Act 1988 (Cth) and includes the Australian Privacy
    Principles (APPs) and applicable privacy regulations.
  • Services
    means any products and services that we offer or provide, including but
    not limited to rural steel building solutions, the design, construction
    and sale of sheds, garages, patios, carports, workshops, horse stables,
    industrial steel building kits, kit homes and commercial shed
    construction.

1. Your acknowledgement and consent

By visiting our website, enquiring about or purchasing any Services, or
providing us with your personal information (either directly or allowing
another person to do so on your behalf), you acknowledge and agree that the
personal information we collect about you will be collected and handled in
accordance with this Policy. If you do not agree with any part of this
Policy, you must not provide your personal information to us.

If you do not provide us with your personal information, or if you withdraw
any consent we are required by applicable law to have in order to process
the information you have given us, this may negatively affect our ability
to provide Services to you.

2. Personal information that we collect

We only collect personal information that is necessary for the dealings you
have with us, for example:

(a) when you request a quote for Services, establish or access an account,
order Services from us, conduct certain types of transactions such as
cheque purchases or refunds, or otherwise enquire about the Services we may
require you to provide us with contact information including your name,
address, telephone number or email address and financial information (such
as credit card details).

(b) If you contact us with your opinion, feedback or questions in relation
to our Services, we may keep a record of that correspondence.

(c) when you submit your name and e-mail address to sign up for our website
mailing list.

(d) if you apply for a job vacancy with us or via any third party
recruitment service we use, we will collect your CV and other application
information required to allow us to assess your application and to retain
for human resources purposes.


(e) when you register your interest or apply for a franchise
opportunity, you will need to submit your contact details, employment
and relevant business experience to allow us to consider your
suitability as a potential franchisee and (if suitable) progress a
franchise agreement and associated dealings with you.

3. Special types of information we may collect

When required, we may collect the following types of information from you:

(a) financial information: we may via our website or
through our sales facilities which is used by us solely to facilitate the
transaction and bill you for the Services. Financial information we collect
from you is strictly confidential and held on secure servers in controlled
facilities.

(b) sensitive information: we generally do not collect any
sensitive information unless it is reasonably necessary for our functions
or activities and you have explicitly consented. The circumstances in which
we may collect sensitive information may include during recruitment, when
we may need to collect details of an applicant’s health and disability or
information about immigration status.

4. Dealing with us Anonymously or using a pseudonym

Where possible and lawful, you may interact with us anonymously or using a
pseudonym. For example, if you contact us with a general question we will
not record your name unless we need it to adequately handle your question.

However, for many of our functions and activities we usually need your
name, contact information and other details.

5. Purpose of collecting personal information

We may collect your personal information for the following purposes:

(a) to confirm your identity;

(b) contacting you about product or Service you have enquired about or
ordered;

(c) to provide Services to you, including processing payment, arranging
delivery, or ongoing customer service;

(d) notifying you about special offers, products or services available from
us or our participating partners, whether the notice comes from us directly
or via a third party advertising service;

(e) business planning, product development and research development;

(f) understanding the types of people who are interested in the Services
and developing measurement, marketing and analytics measures to assist in
marketing the Services to those people;

(g) fulfilling any mandatory reporting obligations required by applicable
law, including communication with and notifying you where a notifiable data
breach has occurred in relation to your personal information;

(h) to assess your application for a role with us and to take references;

(i) any related secondary purpose which we believe you would reasonably
expect when we collected your personal information or as a result of our
ongoing relationship with you;

(j) any purpose for which you have consented;

(k) any purpose for which we are required or authorised by applicable law;
and

(l) to respond to and manage inquiries, complaints, feedback and claims,
defend our legal interests and investigate and protect against fraud, theft
and other illegal activities.

6. Disclosure of personal information

We will only disclose personal information to persons outside our business
in the circumstances set out in this Policy or as otherwise notified to you
at the time of collection of the information.

If we merge with or are acquired by another entity, your personal
information may be transferred to that entity as a part of the merger or
acquisition. In addition we may use or disclose personal information held
about you where you have consented to such use or disclosure or where such
use or disclosure is required under or authorised by law, or where we
reasonably believe that the use or disclosure is necessary for prevention,
investigation, prosecution and punishment of crimes or wrongdoings or the
preparation for or conduct of proceedings before any court or tribunal or
the implementation of the orders of a court or tribunal by or on behalf of
an enforcement body.

7. Cross border disclosure

We may disclose personal information to overseas recipients, who are
located in places such as New Zealand and other countries or jurisdictions
depending on the nature of the services those recipients provide to us (for
example to arrange our suppliers in New Zealand to supply you with a
product or service that you have requested in New Zealand, or for those
suppliers to supply you if you are part of our New Zealand franchise
network).

8. direct marketing and your consent / opting out

We may use your personal information to identify a product or service that
you may be interested in or to contact you about (for example an event or
promotion in your region). We may with your consent where required by
applicable law, use the contact details you have provided to contact you
from time to time whether by phone, email SMS or post to tell you about new
products or services and special offers that we believe may be of interest
to you.

You can withdraw your consent to receiving direct marking communications
from us at any time by unsubscribing from the mailing list (by clicking
‘unsubscribe’ in any email from us), by contacting us on the details at the
end of this Policy or by using any unsubscribe facility available in the
electronic communication you receive (where available).

9. Credit Card information

We sometimes use third parties to process sales paid for via credit card,
for example PayWay API (operated by Westpac Banking Corporation ABN 33 007
457 141) or PayPal Australia Pty Limited ABN 93 111 195 389 ( Payment Gateway).

Where we use a Payment Gateway to process a payment via credit card, we do
not directly hold any payment information other than a billing address and
a contact email on the website servers. In accordance with the Payment
Gateway policies, we may be able to view credit card details, however, we
will only use such information for the purposes of credit card
verification, transaction approval or to provide a refund. Any information
collected by the Payment Gateway may be used in accordance with the Payment
Gateway privacy or other policies and is beyond our control. To view the
Payment Gateway policies please refer to

https://www.westpac.com.au/privacy/

and

https://www.paypal.com/au/webapps/mpp/ua/privacy-full

.

10. Security and Storage

We place great importance on the security of all information associated
with our customers, clients and contractors. We take all reasonable and
appropriate steps (including organisational and technological measures) to
protect your personal information from loss, misuse and interferences, as
well as unauthorised access, modification or disclosure.

Where we store your information depends on what interaction you have had
with us. These include:

(a) electronic databases, including those for processing customer enquiries
or feedback;

(b) email databases for marketing communications; and

(c) paper based forms.

Please keep in mind that no data transmission over the Internet is
guaranteed to be secure. We will take all reasonable steps to protect your
information or personal details, however we cannot ensure or warrant the
security of any information or personal details you provide to us. These
activities are conducted at your own risk.

We only keep your personal information for as long as it is required for
the purpose for which it was collected or as otherwise required by
applicable laws. If we no longer need to hold your personal information for
any reason, we will take reasonable steps to de-identify or destroy that
information. These steps may vary depending on the nature of the
information, the way it was collected and how it was stored.

11. Data breaches

The Privacy Act requires us to notify affected individuals and the Privacy
Commissioner about ‘eligible data breaches’. An eligible data breach occurs
when the following criteria are met:

(a) there is unauthorised access to or disclosure of personal information
we hold (or information is lost in circumstances where unauthorised access
or disclosure is likely to occur);

(b) the access, disclosure or loss is likely to result in serious harm to
any of the individuals to whom the information relates; and

(c) we are unable to prevent the likely risk of serious harm with remedial
action.

If it is not clear whether a suspected data breach meets these criteria, we
will investigate and assess the breach to determine whether the breach is
an ‘eligible data breach’ that requires us to notify the affected
individuals. This is to ensure you are notified if your personal
information is involved in a data breach that is likely to result in
serious harm. Even if the criteria are not met, we may decide it
appropriate to notify you anyway as part of our commitment to taking
privacy seriously.

12. Spam

Spam is an electronic message that is both unsolicited and commercial in
nature. We confirm:

(a) we have crafted an internal policy to educate our staff and implement
clear guidelines and rules on commercial electronic messages;

(b) you are free to unsubscribe from any mailing list to which you have
previously subscribed, either by using the opt-out facility provided in the
message or by contacting our Privacy Officer;

(c) we will not use address-harvesting software for any reason.

To assist us in combating spam, we ask you to:

(d) if you receive an unauthorised commercial or offensive message which
appears to originate from our email address, please assume that it has been
sent in error and notify our Privacy Officer immediately;

(e) ensure that you unsubscribe from any of our mailing lists if you decide
you no longer wish to receive commercial messages from us or our contracted
third parties; and

(f) if you do subscribe to any of our mailing lists, please notify us of
any change to your contact details.

13. Cookies

Most commercial websites use cookies. Cookies are data that a website
transfers to an individual’s browser and are stored in their hard drive,
and are used to track your ongoing access to and use of the website.

We use cookies, web beacons and measurement software and tools on our
website and so do our services providers and third parties such as our
analytics, advertising or ad serving partners. We use and disclose the
information collected through the use of cookies, web beacons and
measurement software and tools in accordance with this Privacy Policy. This
includes using the information to report statistics, analyse trends,
administer our Services, diagnose problems and target and improve the
quality of our Services.

We may combine our cookies, information collected through the cookies and
web beacons on our website with other information and use analytics
services to provide better or more relevant services and advertising to you
on our or third party websites.

If you would prefer not to receive cookies, you can alter your security
settings on your web browser to disable cookies or to warn you when cookies
are being used. However this may mean you may not be able to take advantage
of all features of the website.

14. Website and online software data

Every time you use our website, information may be collected by us or on
our behalf via services such as Google Analytics. This includes information
such as:

(a) your server IP address and domain name of your internet service
provider;

(b) the type of browser and operating system you use;

(c) pages accessed; and

(d) the date and time of your visit;

(e) any address of a recurring site and any other website you are about to
visit; and

(f) the information you submit regarding payment particulars, including
credit card details which are captured by our online software and database.

This information is used to provide statistical reporting on the use of our
website, including the frequency and duration of visits, and which web
pages you have accessed on our website.

15. Disposal of personal information

We only keep your personal information for as long as it is required for
the purpose for which it was collected or as otherwise required by law. If
we no longer need to hold your personal information for whatever reason, we
will take reasonable steps to de-identify or destroy that information.
These steps may vary depending on the nature of the information, the way it
was collected and how it was stored.

16. Changes to this Policy

We may revise this Policy from time to time as we add new features or as
laws change that may affect our website and our business. When we make
changes to our privacy policy, they are reflected on this page. Any revised
Policy will apply both to information we already have about you at the time
of the change, and any personal information created or received after the
change takes effect. We encourage you to refer back to this Policy
regularly to review any amendments. You can obtain historical versions of
this Policy by contacting us on the details shown in this Policy.

17. Access to and Correction of Personal Information

We are committed to maintaining accurate, timely, relevant and appropriate
information about the individuals whose personal information we hold. We
will endeavour to ensure that the personal information collected from you
is up to date, accurate and complete.

You may request access to or correction of your personal information we
hold about you at any time by contacting our Privacy Officer on the details
shown in this Policy.

We will need to verify you. Subject to any applicable exceptions or
requirements, we will provide you with access to the personal information
you request within reasonable time and usually within 28 days. If we decide
to refuse your request we will tell you why in writing and how to complain.

18. Complaints

If you have a concern, question or complaint about this Policy or your
privacy, your complaint should be in writing to our Privacy Officer using
the details shown in this Policy. We will need to verify you, respond to
you within a reasonable period of time to acknowledge your complaint and
inform you of the next steps we will take in dealing with your complaint.
If you are not satisfied with our response, you may complain directly to
the Office of the Australian Information Commissioner (OAIC) via the OAIC website: www.OAIC.gov.au.

19. CONTACTING Us

If you require further information regarding this Policy, please contact
our Privacy Officer on the following details:

Privacy Officer

P.O. Box 411

Varsity Lakes QLD 4227

Email: privacy@steelx.com.au

Phone: 07 5657 8819

For more information about privacy issues in Australia and protecting your
privacy, visit the Office of the Australian Information Commissioner’s
website: www.OAIC.gov.au.