1. Introduction

Australian Strategic Materials Ltd and its subsidiaries (ASM, we, our or us) are committed to protecting the privacy of individual’s personal information. This Privacy Policy (Policy) sets out the principles that ASM will follow in collecting, using, holding, disclosing and otherwise dealing with personal information.

This Policy applies to individuals, including customers, investors and service providers from whom we collect, use, hold, disclose, or otherwise deal with their personal information.

‘Personal information’ is any information or an opinion about an identified individual or an individual who can be reasonably identified from the information or opinion. Information or an opinion may be personal information regardless of whether it is true.

ASM is bound by the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs) contained in the Privacy Act. In some circumstances, ASM is also bound by the Republic of Korea’s Personal Information Protection Act (PIPA).

2. Collection of Personal Information

ASM collects personal information about an individual in a number of ways, including:

• when an individual interacts with ASM in person, including over the phone;
• when an individual interacts with ASM electronically, such as visiting the ASM website;
• from third parties e.g. recruitment agencies, third party websites, service providers;
• from candidates applying for jobs and employees;
• from visitors to our sites; and
• from contractors and suppliers in order to facilitate entry into and performance of contracts.

Examples of the types of personal information ASM may collect and hold includes:

• Identification information – such as names, gender, job title, photographs and dates of birth;
• Contact details – such as residential and business addresses, email addresses and telephone numbers;
• Recruitment related information – including identification and contact information, location, qualifications, employment history, interests, roles you are interested in, resumes, details of references, interview notes, results of any psychometric tests and background checks (including criminal records checks), pre-employment medical test results, your work visa and other information to verify your identity and right to work;
• Business information from contractors, customers and suppliers – information about goods and services ordered, acquired or supplied, payment information (such as bank account details), information from customer or general inquiries, feedback and complaints;
• Website information – information about how you access, use and interact with the ASM website such as the location from which you have come to the site and the pages you have visited, access times and location; and technical data, which may include IP address, the types of devices you are using to access the website, device attributes, browser type, language and operating system;
• Employee details (only to the extent required by law) – employment type, job and position, employee number, start date, work schedule, personal and emergency contact details, wages/ salary, membership of a professional or trade association or trade union, leave, details of disciplinary action and training, taxation, banking or superannuation affairs and payment information and employment medical test results; and
• Other information – this includes information about access to and attendance at ASM’s premises and assets, details about the use of ASM’s assets and other information provided voluntarily to ASM.

ASM will only collect personal information where that information is reasonably necessary for one or more of ASM’s functions or activities or in accordance with law.

ASM will take reasonable steps to ensure that the personal information collected, used or disclosed by it is complete and up to date. ASM will collect personal information directly from individuals unless it is unreasonable or impractical to do so.

Your options

Where reasonably possible, individuals will have the option to interact with ASM anonymously or using a pseudonym. However, for most of your interactions with ASM, the collection of personal information will be required for us to adequately perform our functions.

3. Why does ASM collect, hold and use your personal information?

ASM collects, holds and uses personal information to operate our business, other related purposes and to comply with our legal obligations.

The purposes which we collect, hold and use personal information include:

• Managing our relationship with you – to provide you with goods and services, quality assurance, improve our products and services and communicating with you e.g. to respond to your queries or complaints, or if we need to tell you something important;
• Business-related purposes – such as negotiating, entering into and performing contracts with customers, suppliers and third parties, managing business relationships, performing obligations under real estate leases and licences and internal operations;
• Shareholder relations – communicating with shareholders, undertaking share transactions and managing our relationship with shareholders;
• Recruitment purposes – to contact potential candidates and receive, process and consider job applications;
• Employment purposes – to manage our employment relationship with you;
• Marketing and public relations purposes – analysing visitors to the ASM website and preparing business analytics, preparing and distributing newsletters and investor communications, identifying and telling you about other products or services that we think may be of interest;
• Safety and security – monitoring access and use of our premises and assets (including ASM’s IT systems) for health and safety and/or security purposes;
• Website administration and internal operations – this includes troubleshooting and data analysis; and
• Legal obligations – to comply with our legal obligations and assist government and law enforcement agencies or regulators and responding to potential or actual litigation.

ASM may collect, hold and use your personal information for any other purposes for which you have provided your consent or if there is another lawful basis for doing so. You can make choices about your information. See section 8 for more information.

If ASM does not collect personal information, it will affect our ability to perform our functions.

Sensitive Personal Information

‘Sensitive information’ is a subset of personal information that includes information or an opinion about an individual’s racial or ethnic origin, political opinions or associations, religious or philosophical beliefs, trade union membership or associations, sexual orientation or practices, criminal record, health or genetic information and biometric information.

ASM may collect, hold and use your sensitive information where:

• you have provided separate explicit consent; or
• if permitted by law, including under the Privacy Act and PIPA.

Cookies

ASM uses cookies on its website. A cookie is a small text file that the website may place on your device to store information, which helps a website remember information about your visit. Cookies can make it easier to visit a site again and may make the site more useful for you. ASM may use persistent (which remain after a browser is closed) and sessional (which do not remain after the browser is closed) cookies. You may refuse to use cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of the website.

Other websites

We may provide links to other websites or materials through the ASM website.  ASM is not responsible for the content of those websites and when using those links, the privacy policy applicable to each site applies and not this Policy.

4. How does ASM store and hold personal information?

ASM stores most personal information in computer systems and databases operated by either us or our external service providers. Those databases are located in Australia, South Korea and the United States of America. Some information about you is recorded in paper files that we store securely.

We use internal processes and security measures to protect the personal information we hold from misuse, interference or loss, and from unauthorised access, modification or disclosure. These measures include:

• requiring employees to comply with risk management policies, IT security protocols and keep information secure; and
• monitoring and regularly reviewing our practises against our own policies.

We may also use third parties to store and process your personal information, but only when that party agrees to comply with this Policy or if they have appropriate security measures.

Where your information is stored outside of the jurisdiction in which it was collected, we put in place appropriate contractual arrangements and technical controls, in compliance with applicable law, to ensure that your information remains protected.

5. Who does ASM disclose your personal information to, and why?

ASM may share your personal information (which could potentially include sensitive personal information) within the ASM corporate group to the extent it is required for the purposes set out in this Policy. This may include sharing information with ASM corporate group members in countries other than where the information was originally collected, as ASM has operations in Australia and South Korea.

ASM may also share your personal information (which could potentially include sensitive personal information) outside the ASM corporate group to:

• third party service providers ASM uses for its business (e.g. IT services, HR services, marketing, printing and shipping/logistics services);
• people you have authorised to communicate with us on your behalf (e.g. recruiters, labour firms, medical practitioners and health care providers for the purposes of workers compensation claims);
• prospective purchasers of all or part of ASM’s business or shares;
• ASM’s professional advisers (e.g. lawyers, financial advisers and accountants);
• law enforcement agencies, government authorities or others where required by law; and
• others where you have consented, or we are otherwise permitted to disclose the information under the Privacy Act or PIPA.

If ASM needs to disclose personal information to third parties, we will take steps to ensure the disclosure is permitted at law.

For detailed information on third parties who receive personal information from ASM and who process personal information in the course of performing work, please refer to Appendix A.

ASM will disclose personal information in accordance with the applicable laws. Depending on your location, who we disclose your personal information to may differ. Please refer to Appendix B for specific provisions which apply to the PIPA in South Korea.

6. When will ASM destroy the personal information it holds?

We take appropriate steps to ensure that we process and retain personal information based on the following principles:

• As required under law, a contract, or with regard to our statutory obligations.
• Only for as long as necessary for the purpose for which it was collected, or processed or for longer if required under any contract or applicable law, subject to appropriate safe guards.

7. Does ASM use personal information for marketing?

In accordance with the relevant law, ASM will use your personal information to offer you products and services we believe may interest you, unless you tell us not to. These products and services may be offered by ASM or a member of the ASM corporate group. These communications may be through post, email, text or phone.

You may opt out of future electronic marketing communications by following the opt-out instructions provided in the relevant message.

8. Your rights

Access to and correction of your personal information

You may access or request correction of the personal information that ASM holds about you using the contact details set out below. There are some circumstances in which we are not required to give you access to your personal information, as further set out in the APPs and PIPA.

You may object to ASM collecting your personal information or withdraw your consent for ASM to process your information.  As stated in section 2, this may mean that ASM is unable to interact with you or perform its relevant functions.

There is no charge for requesting access to your personal information, but we may require you to meet our reasonable costs in providing you with access (such as photocopying costs or costs for time spent on collating large amounts of material).

ASM will respond to your requests to access, correct and, where relevant, delete, or suspend the processing, of your personal information in a reasonable time and will take all reasonable steps to ensure that the personal information we hold about you remains accurate, up-to-date, complete, relevant and not misleading.

ASM will deal with Data Subject Rights requests in accordance with the applicable laws. Depending on our role as either a controller or processor, the process for enabling Data Subject Rights may differ. Please refer to Appendix B for specific provisions which apply to the PIPA in South Korea.

9. Complaints

If you have a complaint about the way in which ASM has handled any privacy issue, including your request for access or correction of your personal information, you should contact ASM using the contact details set out below.

ASM will consider your complaint and determine whether it requires further investigation. We will notify you of the outcome of this investigation and any internal investigation.

If you remain unsatisfied with the way in which we have handled a privacy issue, you may contact the Office of the Australian Information Commissioner at https://www.oaic.gov.au/, or the authority with jurisdiction over data protection laws in your country/jurisdiction.

10. Contact details

If you have any questions, comments, requests or concerns, please contact our Privacy Officer using one of the following methods:

Attention: ASM Privacy Officer

Postal Address: PO Box 768, West Perth WA 6872

Telephone: 08 9200 1681

E-mail address: info@asm-au.com

11. Amendments to this Privacy Policy

We may update this Policy from time to time. Revised versions of this Policy will be published on our website and will apply to our collection, use and processing of personal information from the date of publication.

Appendix A – Third Parties Provided Personal Information from ASM

Supplier	Purpose	Retention Period
Adobe	Website and application analytical services	Term of contract
Microsoft	Website and application analytical services	Term of contract
Lastpass	Password and email services	Term of contract
IT-Concept	Outsourcing of employee IT management	Term of contract
SAI360	Risk management system	Term of contract
Xero	Accounting software	Term of contract
ApprovalMax	Invoice processing	Term of contract
Mailchimp	Marketing platform	Term of contract

Appendix B – South Korea – PIPA

The following table sets out the legal basis applicable to each purpose of personal information processing and use.

Purpose of personal information processing	Basis for use
To provide our products	Contract Performance Legitimate Interest (to allow us to perform our obligations and provide services to you) For sensitive personal data: Consent
To provide customer support	Contract Performance Legitimate Interest (to allow us to correspond with you in connection with our products) Legal Obligation
To conduct market, consumer and other research	Legitimate Interest (to ensure that we understand our customers’ requirements)
To comply with our legal obligations and for health, safety and security purposes	Legal Obligations Legal Claims Legitimate Interest (to cooperate with law enforcement and regulatory authorities) For sensitive personal data: legal claims, vital interests
To ensure website content is relevant	Legitimate Interest (to allow us to provide you with the content and services on our website)

The main legal grounds for us to use your personal information are as follows:

• Consent: where you have provided us with consent to use your information.
• Contract performance: where we need to collect and handle your personal information in order to provide you with products.
• Legal obligation: where we need to use your personal information to comply with obligations at law.
• Vital interests: where we need to process your personal information to protect the vital interests of you or another natural person (for example where you require urgent help in an emergency).
• Public interests: where we need to process your personal information to act in the public interest.
• Legitimate interests: where we have a legitimate interest in using your information, which outweighs any prejudice to your data protection rights.

The main legal grounds for us to use your sensitive personal information are as follows:

• Consent: where you have provided us with consent to use your information.
• Vital interests: where we need to process your personal information to protect the vital interests of you or another natural person (for example where you require urgent help in an emergency).
• Legal claims: where we need your personal information to establish, exercise or defend any legal claims.

Retention Period

ASM retains personal information for differing periods depending on the specific need to hold the information. Personal information will be destroyed without delay once the purpose of collection and use of personal information is achieved. ASM may retain personal information for a reasonable period of time in connection with any regulatory or contractual record keeping requirements, customer complaints or damages and potential claims or disputes.

Destruction of personal information

After the purpose of collecting and using personal information has been achieved, it will be stored for a certain period of time and then destroyed in accordance with our policies and related laws.

Personal information printed on paper is shredded, and personal information stored in electronic form is deleted so that it cannot be accessed.

Children’s personal information and rights of legal representative and how to exercise them

If ASM collects personal information from children under the age of 14, provides information already collected to a third party, or uses it beyond the scope of consent, we require the consent of a legal representative. If this applies to you, you can register your information only with the consent of your legal representative.

The legal representative of a child under the age of 14 may request to view, correct, withdraw, or withdraw consent to the child’s personal information. If such a request is made, we will take necessary action without delay after confirming whether the legal representative is the same person.

Customers and legal representatives can view or modify their registered personal information or that of children under the age of 14 at any time.

If a customer requests correction of an error in personal information, the personal information will not be used or provided until the correction is completed.

Companies who we disclose your personal data to

Name	Location	Information held	Purpose	Retention
Pacific Labor	Daejeon, South Korea	All information necessary for payroll and four major insurances (name, resident registration number, date of employment/departure, family members, salary amount, four major insurance premiums)	Outsourcing of employee payroll and four major insurances	Duration of employment
IT-Concept	Seoul, South Korea	All information necessary for IT management (date of employment/departure, name, e-mail, position, department, contact information)	Outsourcing of employee IT management	Duration of employment
Korea Workers’ Compensation & Welfare Service	Cheongju, South Korea	All information related to the four major insurances (name, resident registration number, date of employment/departure, family members, salary amount, four major insurance premiums)	Statutory welfare (four major insurances)	Duration of employment