RETJA PRIVACY POLICY

Retja Pty Ltd (ACN 667 503 200) (Company, “we”, “us”, “our”) respects your privacy. We are committed to ensuring all information we collect or hold is handled respectfully and in accordance with relevant privacy las including the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs). This policy explains how and why we collect, use, hold and disclose your personal information together with your rights to access and correct that information or make a complaint about our handling of personal information.

You consent to us collecting, holding, using and disclosing your personal information in accordance with this policy.

1. What is personal information?

Personal information is any information or an opinion about an identified individual or an individual who can be reasonably identified from the information or opinion. Information or an opinion may be personal information regardless of whether it is true.

2. What personal information do we collect and hold?

The Company will only collect personal information from individuals as required to conduct our business operations. This includes when individuals use our website, apply for a position, work with us, invest in us or engage with us in other ways.

Generally, the types of personal information we collect will include name, contact details and records of communications with us including your history of purchases and use of our products and services and details of enquiries or complaints you make.

In addition, we collect personal information relating to job applicants: employment and academic histories, the names of referees and in some cases, limited health information based on testing undertaken by or for us. We will collect this information directly from organisations that provide recruitment related services to us and from third parties who provide job applicants with professional or personal references.

We will also collect personal information, including names and contact details about:

(a) people involved in or through organisations that we support or sponsor;

(b) our suppliers: this information is collected for business-related purposes but contains some limited personal information contact details of the people that we deal with;

(c) people who correspond with us, including through our website, in which case we may keep a copy of that correspondence and relevant contact details;

(d) people who request information updates about us through our website mailing list;

We may collect information about how you access, use and interact with the website. We do this by using a range of tools such as Google Analytics, Jetpack and Yoast. This information may include:

(a) the location from which you have come to the site and the pages you have visited;

(b) technical data, which may include IP address, the types of devices you are using to access the website, device attributes, browser type, language and operating system; and

We use cookies on the website. A cookie is a small text file that the website may place on your device to store information. We may use persistent cookies (which remain on your computer even after you close your browser) to store information that may speed up your use of our website for any of your future visits to the website. We may also use session cookies (which no longer remain after you end your browsing session) to help manage the display and presentation of information on the website. You may refuse to use cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of the website.

3. Why do we collect, hold and use your personal information?

We may use personal information for the primary purpose for which it is collected (e.g. provision of our services, including administration of our services) or for secondary purposes which are related (or directly related to the case of sensitive information) to the primary purpose.

We collect, hold and use your personal information so that we can:

(a) comply with our legal obligations and assist government and law enforcement agencies or regulators;

(b) communicate with, and comply with our legal obligations to, our shareholders, and to process payments to them;

(c) enable third party service providers to produce us and our related companies with services such as information technology, auditing, legal advice, printing and mailing services, and services related to our share register;

(d) correspondence with people who have contacted us, and deal with feedback;

(e) provide services to, and manage, our related companies;

(f) correspond with people regarding our corporate sponsorships;

(g) consider applications from prospective employees or contractors;

(h) maintain and update our records;

(i) conduct or participate in investigations or due diligence;

(j) facilitate transactions involving the Company or any of our affiliates;

(k) improve our marketing and communication process and practices;

(l) provide you with products and services, and manage our relationship with you;

(m) contact you, for example, to respond to your queries or complaints, or if we need to tell you something important; and

(n) identify and tell you about other products or services that we think may be of interest to you.

Where appropriate, we will confirm your express consent before collecting such information.

If you do not provide us with your personal information, we may not be able to provide you with our services, communicate with you or respond to your enquiries.

4. How do we collect your personal information?

We will collect your personal information directly from you whenever you interact with us.

We may collect information from third parties such as LinkedIn – for instance, information about job applicants is collected in the manner set out above.

5. How do we store and hold personal information?

We store most information about you in computer systems and databases operated by either us or our external service providers.

We implement and maintain processes and security measures to protect personal information which we hold from misuse, interference or loss, and from unauthorised access, modification or disclosure. Processes including taking steps to restrict access to databases, maintaining firewalls, encrypting data, using secure servers in controlled facilities and only allowing access by those entrusted with authority and computer network passwords. We also require all employees to comply with information security policies and attend training. In addition, we monitor and regularly review our practices against industry best practice.

We will also take reasonable steps to destroy or de-identify personal information once we no longer require it for the purposes for which it was collected or for any secondary purpose permitted under the APPs.

However, the internet is not a secure environment and no computer system is perfectly secure. Although all care is taken, we cannot guarantee the security of information provided to us. This means that there is always a risk that your personal information may be accessed or used without authorisation.

6. Who do we disclose your personal information to, and why?

We may transfer or disclose your personal information to any member of our organisation or related companies.

We may disclose personal information to external service providers (including IT service providers, auditors, legal advisors, mail houses and our share registrar) so that they may perform services for us or on our behalf.

We may also disclose your personal information to others where:

(a) we are required or authorised by law to do so;

(b) to buyers or potential buyers of this company in the event that we seek to sell the Company;

(c) you may have expressly consented to the disclosure or the consent may be reasonably inferred from the circumstances; or

(d) we are otherwise permitted to disclose the information under the Privacy Act.

If the ownership or control of all or part of our assets or business changes, we may transfer your personal information to the prospective or new owner.

7. Do we disclose personal information to overseas recipients?

We do not disclose your personal information to recipients which are located outside Australia.

8. Do we use your personal information for marketing?

We will use your personal information to offer you products and services we believe may interest you, but we will not do so if you tell us not to. These products and services may be offered by us, our related companies, our other business partners or our service providers.

Where you receive electronic marketing communications from us, you may opt out of receiving further marketing communications by following the opt-out instructions provided in the communication.

9. Access to and correction of your personal information

You may access or request correction of the personal information that we hold about you by contacting us. Our contact details are set out below. We may need to verify your identify before giving you access to your personal information. There are some circumstances in which we are not required to give you access to your personal information (for example, where a legal exemption applies).

There is no charge for requesting access to your personal information, but we may require you to meet our reasonable costs in providing you with access (such as photocopying costs or costs for time spent on collating large amounts of material).

We will respond to your requests to access or correct personal information in a reasonable time and will take all reasonable steps to ensure that the personal information we hold about you remains accurate and up to date.

10. Your rights under the EU GDPR

We welcomed the General Data Protection Regulation (GDPR) of the European Union (EU) as an important step forward in streamlining data protection globally. Although we do not operate an establishment within the EU, we intend to comply with the data handling regime laid out in the GDPR in respect of any personal information of data subjects in the EU that we may obtain.

Under the GDPR, as a data subject you have the right to:

(a) access your data;

(b) have your data deleted or corrected where it is inaccurate;

(d) withdraw consent to having your data processed;

(e) have your data provided in a standard format so that it can be transferred elsewhere; and

(f) not be subject to a decision based solely on automated processing.

(Data Subject Rights).

We have processes in place to deal with Data Subject Rights requests. Our actions and responsibilities will depend on whether we are the controller or processer of the personal data at issue. Depending on our role as either a controller or processor, the process for enabling Data Subject Rights may differ, and are always subject to applicable law. Please refer to the contact details section of this policy if you would like to make a Data Subject Rights request or have a specific need for assistance with a Data Subject Rights request.

11. Complaints

If you have a question about our policy or wish to make a complaint about the way in which we have handled any privacy issue, including your request for access or correction of your personal information, you should contact us in writing. Our contact details are set out below.

We will consider your complaint promptly and determine whether it requires further investigation. We will notify you of the outcome of this investigation and any subsequent internal investigation.

It is our intention to use our best endeavours to resolve any complaints to your satisfaction. However, if you remain unsatisfied with the way in which we have handled a privacy issue, you may approach an independent advisor or contact the Office of the Australian Information Commissioner (OAIC) for guidance on alternative courses of action which may be available.

Office of the Australian Information Commissioner

Phone: 1300 363 992

Mail: GPO Box 5218  SYDNEY NSW 2001

Website: www.oaic.gov.au

12. Contact details

If you have any questions, comments, requests or concerns, please contact us at:

email@raindropme.com (08) 8981 8612  GPO 681 Darwin NT 0801

13. Cookie policy

A cookie is a small file, stored on a user’s hard drive by a website. Its purpose is to collect data relating to the user’s browsing habits. You can choose to be notified each time a cookie is transmitted. You can also choose to disable cookies entirely in your internet browser, but this may decrease the quality of your user experience.

We use the following types of cookies on our site https://www.raindropme.com/ (Site):

(a) Functional cookies: Functional cookies are used to remember the selections you make on our Site so that your selections are saved for your next visits;

(b) Analytical cookies: Analytical cookies allow us to improve the design and functionality of our Site by collecting data on how you access our Site, for example data on the content you access, how long you stay on our Site, etc; and

(c) Targeting cookies: Targeting cookies collect data on how you use the Site and your preferences. This allows us to personalise the information you see on our Site for you.

14. Children

We do not knowingly collect or use personal data from children under 16 years of age. If we learn that we have collected personal data from a child under 16 years of age, the personal data will be deleted as soon as possible. If a child under 16 years of age has provided us with personal data their parent or guardian may contact our privacy officer.

15. Changes to this policy

From time to time, we may change our policy on how we handle personal information or the types of personal information which we hold. Any changes to our policy will be published on our website.

You may obtain a copy of our current policy from our website https://www.raindropme.com / or by contacting us at the contact details above.