SUPPLIER CODE OF CONDUCT

Introduction

This privacy policy applies to all users of this site and clients and contacts of the firm and its associated entities and suppliers. Protecting your privacy is important to us. This policy explains how we manage personal information within our organisation in accordance with Australian privacy law.

What types of personal information do we collect?

Information about Clients and Contacts

We may collect and hold the following kinds of personal information about you:

• contact information, such as your postal address, email address and telephone number;

• the name of your organisation and your position;

• details about your professional certificates, qualifications, licences or memberships;

• verification of identity (“VOI”) information, such as your name, date of birth, passport and driver’s licence number, birth certificate, marriage certificate or Medicare number; and

• banking details provided by your organisation to facilitate the debiting of fees.

How do we collect personal information?

We collect personal information about you in the following ways:

• When you give it to us. We collect information when you provide us with information. For example, this might happen when you’re setting up an account with us via our website or mobile applications, or where we ask you to provide certain personal information

• When you subscribe to our products or services. For example, if you subscribe to our report subscription service, we collect your email address and details of subscription.

• When you visit our offices. For example, we may require visitors to sign in before entering our office. We may on occasion and subject to consent, photograph or video people in our offices for marketing and promotional purposes.

• From third parties. In some cases, we may collect personal information from a third party, such as through your representatives, contractors who provide services to us, or third parties who refer you to us because they think you may be interested in our products or services.

Why do we collect and use personal information?

We use personal information that we collect about you for the following purposes:

• to verify your identity when you are dealing with us and to comply with VOI requirements;

• to provide reports to and /or communicate with stakeholders, including financial institutions, providers of lenders mortgage insurance, information brokers, legal practitioners, conveyancing firms, state revenue offices and land registries;

• to assess, maintain, upgrade and improve our products and services;

• to create new or enhanced products or services, and to notify you about those products or services;

• to answer your queries and requests;

• to comply with our legal and regulatory obligations; and

• to manage and resolve any legal or commercial complaints or issues.

We may from time to time use your personal information to send you marketing materials about products or services that we think you may be interested in (including in some cases products and services that are provided by a third party). You can opt-out of receiving marketing communications from us by contacting us at admin@redenbachlegal.com or following the “unsubscribe” link in the communication.

We may also use and disclose your information for other purposes if you ask or tell us to do so.

If we collect personal information about an individual from a third party, such as a bank, we endeavour to handle that information in a manner which is consistent with the third party's own privacy policy and which is consistent with the third party's own obligations under the Privacy Act. We will work with the third party organisation in order to address any security or related privacy issues which may arise in relation to personal information which they have provided to us. Ultimately, however, it remains the third party's responsibility to ensure that it is complying with the Privacy Act and its own privacy policies when dealing with us.

Who do we disclose personal information to?

We may share personal information about you with:

• your representative (e.g. lawyer or conveyancer);

• the land registries and revenue offices;

• service providers to government authorities (such as land registry operators);

• our staff who need the information to discharge their duties;

• our business partners, agents and service providers, including information brokers, VOI contractors, payment system operators and information technology service provides;

• professional advisers who we engage to provide advice on our business;

• government authorities who ask us to disclose that information, or to other people as required by law (including to identify potentially fraudulent property transactions or other unlawful activity).

Although we store all personal information on computer infrastructure located within Australia, your personal information may be available for access by participants in other countries (for example, to financial institutions with overseas processing arrangements). It is not practicable for us to specify in advance all of the countries from which your personal information may be accessed.

How do we store and secure your personal information?

We store personal information for as long as it is needed for the purpose for which it was collected or as required by law. We generally store the personal information that we collect in electronic databases, some of which may be held on our behalf by third party data storage providers. Sometimes we also keep hard copy records of this personal information in physical storage facilities. We use a range of physical and technical security processes and procedures to protect the confidentiality and security of the information that we hold, and we update these from time to time to address new and emerging security threats.

We also take steps to monitor access to and modification of your information by our staff, and ensure that our staff are aware of and properly trained in their obligations for managing your privacy.

It is possible that we, or our subcontractors, will use cloud technology in connection with the storage of other personal information, and it is possible that this may result in off-shore storage. It is not practicable for us to specify in advance which country will have jurisdiction over such off-shore activities. However, all of our subcontractors are required to comply with the Privacy Act in relation to the transfer or storage of personal information overseas.

How can you access and correct your information?

We take reasonable steps to ensure that any of your personal information which we hold is accurate, complete and up-to-date. These steps include promptly updating personal information when we are advised that the information has changed, checking our contact lists for accuracy, and providing individuals with a simple means to update their personal information.

If you want to access any of the personal information that we hold about you or to correct some aspect of it (e.g. because you think it is incomplete or incorrect), please contact us at admin@redenbachlegal.com. To protect the integrity and security of the information we hold, we may ask that you follow a defined access procedure, which may include steps to verify your identity. We may require you to meet our reasonable costs in actually providing you with access. We will inform you of this before proceeding. There may be cases where we are unable to provide the information you request, such as where it would interfere with the privacy of others or result in a breach of confidentiality. In these cases we will let you know why we cannot comply with your request.

If you consider that the information which we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, we will take reasonable steps to correct that information if you so request. We may be unable to correct information about you if doing so would be contrary to law or impact the integrity of a transaction.

Complaints

We try to meet the highest standards in order to protect your privacy. However, if you are concerned about the way in which we are managing your personal information and think we may have breached the Australian Privacy Principles, or any other relevant obligation, please contact our Privacy Officer at admin@redenbachlegal.com

Complaints must be lodged in writing. We will deal with the matter within a reasonable time and will keep you informed of the progress of our investigation.

If you make a complaint, we will respond within 2 working days to let you know who is responsible for managing your complaint. We will try to resolve your complaint within 10 working days. When this is not possible, we will contact you within that time to let you know how long we will take to resolve your complaint. We will investigate your complaint and where necessary, consult with other participants about your complaint. We will make a decision about your complaint and write to you to explain our decision.

If we have not responded to you within a reasonable time or if you feel that your complaint has not been resolved satisfactorily, you can contact us to discuss your concerns. You are also entitled to make a complaint to the Office of the Australian Information Commissioner (OAIC). Contact details can be found at the OAIC’s website: www.oaic.gov.au.

Changes to this policy

We may make changes to this policy from time to time, to take into account changes to our standard practices and procedures or where necessary to comply with new laws and regulations. The latest version of this policy will always be available on our website.

Contact details

If you need to contact us or want any further information from us on privacy matters, please contact our Privacy Officer at:

Email: admin@redenbachlegal.com