SignOnSite

1. Overview

Thank you for using SignOnSite, a platform that enables automatic site visitor registration and other safety and compliance capability for construction sites. Your privacy is important to us and we are committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) (Privacy Act), which includes the Australian Privacy Principles (APPs) and any related privacy codes.

This Policy outlines how we collect, use, disclose and store your personal information and lets you know how you can access that information. This Policy applies to our obligations when handling information in Australia.

Please read this Policy carefully and contact us using the details below if you have questions. 2. Consent

By providing personal information, you consent to us collecting, using, storing and disclosing your personal information in accordance with this Policy or as required or permitted by law.

If you continue using our services, then we will treat your use as your consent to us handling your personal information in accordance with this Policy.

3. What kinds of personal information do we collect and hold?

The type of personal information we collect depends on the circumstances of its collection and the nature of your dealings with us.

If you are a worker, this information may include:

(a) your name, address, contact details and date of birth;

(b) any photos that you upload;

(c) your device ID, device type and information, geo-location information, Internet Protocol (IP) address and standard web log information;

(d) site locations you attend and the times you are there;

(e) details of licences relating to construction, such as Permits to Work;

(f) employments details and qualifications;

(g) Certificate of Currency details; and

(h) information contained in any communications between you and us.

For the avoidance of doubt, we don’t track your specific location within the site following your initial sign on.

If you are a customer, we may collect the following information:

(a) your name, address and contact details;

(b) business registration details, such as your Australian Business Number; and

We may collect some sensitive information from both workers and customers. This includes health information, for example when there is a health or safety incident on site, and trade union or

This Policy was last updated in March 2021

other professional associations or memberships. If you consent to providing us with this information, we will only use it for the following purposes relating to our provision of services and to enable you to use our platform.

For general users, we may collect information when your use our platform. This may include information:

(a) provided in communications we have with you; and

(b) about your access and use of our platform, including browser session data, device and network information, statistics on page views, acquisition sources, search queries, browsing behaviour and information gathered through internet cookies.

If you choose not to provide information as requested, it may not be practicable for us to service your needs. For example, it will not be possible for you to create a profile if you want to remain anonymous or use a pseudonym. We sometimes receive unsolicited personal information. In circumstances where we receive unsolicited personal information we will usually destroy or de-identify the information as soon as practicable if it is lawful and reasonable to do so unless the unsolicited personal information is reasonably necessary for, or directly related to, our functions or activities.

4. Why do we collect your personal information?

We collect your personal information primarily to provide you with our services and enable your use of our platform.

Some ways we use your personal information are:

(a) for the purpose for which the personal information was originally collected, including recording site attendance and communicating with you in case of an emergency on site;

(b) to identify and interact with you;

(d) to comply with any legal requirements, including any purpose authorised or required by an Australian law, court or tribunal; and

(e) for any other purpose for which you give your consent.

In relation to the personal information of customers or prospective staff members seeking employment at SignOnSite, we collect personal information for purposes including to:

(a) enable us to carry out our recruitment functions;

(f) correspond with you;

(g) fulfil the terms of any contractual relationship; and

(h) ensure that you can perform your duties.

5. How we collect your personal information?

You give it to us

We collect personal information directly from you when you:

(a) use our services;

(b) set up a profile with us;

This Policy was last updated in March 2021

We collect it

We may also collect your personal information from third parties including:

(a) your employer or the principal contractor;

(b) service providers;

(e) referrals who may have referred you to us; and

(f) organisations with whom we have an agreement to share information with.

We will generally obtain consent from the owner of personal information to collect their personal information. Consent will usually be provided in writing; however, sometimes it may be provided orally or may be implied through a person’s conduct. We endeavour to only ask for your personal information if it is reasonably necessary for the activities that you are seeking to be involved in.

6. Disclosing your personal information

We may disclose your personal information to the following third parties:

(a) your employer or the principal contractor;

(b) to our business or commercial partners, including the owners of any app or platform for which you have subscribed through us or in connection with us;

(d) third parties and contractors who provide services to us, including customer enquiries and support services, IT service providers, data storage, web-hosting and server providers, marketing and advertising organisations (see section 7), payment processing service providers;

(e) third parties to collect and process data, such as Intercom, Amazon Web Services and Google Analytics; and

(f) any third parties authorised by you to receive information held by us.

If you are a customer, we may also disclose your information to payment system operators and debt-recovery functions.

We may also disclose your personal information if we are required, authorised or permitted by law.

We may send information to third parties that are located overseas. These third parties are located in the United States of America, although this list may change from time to time. Disclosure is made to the extent that it is necessary to perform our functions or activities.

7. Using your personal information for direct marketing

From time to time, and in support of our future development and growth, we may use your personal information to contact you to promote and market our products and services exclusively. eg. SignOnSite may email you to let you know about new app features, but we do not allow, endorse or condone any of our affiliated third parties marketing to you based on your relationship with SignOnSite.

You can opt-out from being contacted by SignOnSite for direct marketing purposes by contacting us at marketing@signonsite.com.au or by using the unsubscribe facility included in each direct marketing communication we send. Once we receive a request to opt out from receiving marketing information, we will stop sending such information within a reasonable amount of time.

This Policy was last updated in March 2021

8. Security

We take all reasonable steps to protect personal information under our control from misuse, interference and loss and from unauthorised access, modification or disclosure. We hold your personal information electronically in secure databases operated by our third-party service providers.

We protect the personal information we hold through encryption, [list other security measures e.g. encryption / firewalls and login password protocols / secure and access-controlled premises / monitoring staff access / auditing / network segregation for sensitive information store electronically].

While we take reasonable steps to ensure your personal information is protected from loss, misuse and unauthorised access, modification or disclosure, security measures over the internet can never be guaranteed.

9. Accessing or correcting your personal information

If you would like to access your personal information, please contact us using the details below. In certain circumstances, we may not be able to give you access to your personal information in which case we will write to you to explain why we cannot comply with your request.

We try to ensure any personal information we hold about you is accurate, up-to-date, complete and relevant. If you believe the personal information we hold about you should be updated, please contact us using the details below and we will take reasonable steps to ensure it is corrected if appropriate.

10. Destroying or de-identifying personal information

We destroy or de-identify personal information when we no longer need it, unless we are otherwise required or authorised by law to retain the information.

11. Making a complaint

If you believe your privacy has been breached or you have a complaint about our handling of your personal information, please contact us using the details below.

We take privacy complaints seriously. If you make a complaint, we will respond within 2 business days to acknowledge your complaint. We will try to resolve your complaint within 30 days. When this is not reasonably possible, we will contact you within that time to let you know how long we will take to resolve your complaint.

We will investigate your complaint and write to you to explain our decision as soon as practicable.

If you are not satisfied with our decision, you can refer your complaint to the Office of the Australian Information Commissioner by phone on 1300 363 992 or online at www.oaic.gov.au.

12. Changes

We may, from time to time, amend this Policy. Any changes to this Policy will be effective immediately upon the posting of the revised Policy on our website. By continuing to use the services following any changes, you will be deemed to have agreed to such changes.

13. Contact us

All questions or queries about this Policy and complaints should be directed to: Privacy Officer

Email: privacy@signonsite.com.au

This Policy was last updated in March 2021