Privacy Policy

Introduction

Koolie Communications Pty Ltd (ABN [84 637 710 788]) (“Koolie Communications”, “we”, “us”, or “our”) is committed to protecting the privacy and security of the personal information we collect and handle in the course of our business.

This Privacy Policy explains how we collect, hold, use, disclose and protect personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). It applies to all personal information handled by Koolie Communications, including information collected through our website, in the course of delivering our services, and from prospective customers, employees, subcontractors and suppliers.

2. What personal information we collect

The kinds of personal information we collect and hold depend on the nature of our dealings with you. Personal information we may collect includes:

Customers and prospective customers

• Name, job title, and the organisation you represent

• Business contact details (email, phone, postal address)

• Site and project details required to deliver our services

• Commercial and contractual information

• Records of communications and enquiries

Employees and job applicants

• Name, contact details, date of birth, emergency contacts

• Tax File Number, superannuation details, and banking information for payroll

• Employment history, qualifications, licences, and references

• Right-to-work documentation

• Performance, training and disciplinary records

• Workplace health and safety records, including injury and incident reports

Subcontractors and suppliers

• Business name, ABN, and contact details

• Insurance, licensing and accreditation details

• Bank details for payment processing

• Site personnel details required for inductions and access

Site visitors and personnel

• Name, organisation and contact details for site sign-in and induction

• Health and safety information relevant to site access

• CCTV and access control records where Koolie Communications operates monitored sites

We do not generally collect sensitive information (as defined in the Privacy Act) unless it is reasonably necessary for our functions and you have consented, or another exception under the Privacy Act applies. Where we collect health information for workplace safety purposes, we do so in accordance with the Privacy Act.

3. How we collect personal information

Wherever practicable, we collect personal information directly from the individual concerned. We may collect personal information through:

• Direct interaction (in person, by email, phone, video conference, or in writing)

• Forms submitted via our website or other digital channels

• Tender, contract and onboarding processes

• Recruitment processes, including from recruitment agencies and referees

• Site sign-in systems and access control records

• Our customers, where they provide information about their personnel for the purposes of a project

Where we collect personal information about you from a third party, we will take reasonable steps to ensure you are made aware of the matters required by the APPs.

4. Why we collect, hold, use and disclose personal information

We collect, hold, use and disclose personal information for purposes related to our business activities, including:

• Providing telecommunications, networking, security, and integrated communications services to our customers

• Quoting, contracting, invoicing and managing customer relationships

• Managing our workforce, including recruitment, employment, payroll and workplace safety

• Engaging and managing subcontractors and suppliers

• Complying with our contractual, legal and regulatory obligations

• Meeting our obligations under work health and safety, taxation, superannuation, workers compensation and similar laws

• Communicating with you about our services, projects and updates

• Improving our services, systems and business operations

• Investigating, preventing and responding to incidents, complaints and disputes

We will only use or disclose personal information for the primary purpose for which it was collected, or for a related secondary purpose you would reasonably expect, unless you have consented or another exception under the Privacy Act applies.

5. Who we disclose personal information to

We may disclose personal information to:

• Our employees, contractors and related entities within the Comtex group, on a need-to-know basis

• Customers and head contractors, where required to deliver a project

• Subcontractors and suppliers engaged to assist us in delivering services

• Professional advisors, including legal, accounting, insurance and consulting providers

• Service providers who support our business (IT, cloud, payroll, recruitment, communications, marketing)

• Regulators, government agencies and law enforcement, where required or authorised by law

• Any party to whom disclosure is required, authorised or permitted under the Privacy Act or other applicable law

6. Overseas disclosure

Some of the cloud-based service providers we use to support our business operations (including for email, document storage, project management, accounting and customer relationship management) may store or process personal information outside Australia, including in the United States and other jurisdictions where their data centres are located.

Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure the recipient handles the information in a manner consistent with the APPs.

7. How we store and secure personal information

We hold personal information in a combination of secure electronic systems and physical records. We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification and disclosure, including through:

• Access controls and authentication, including multi-factor authentication on critical systems

• Encryption of data in transit and at rest where appropriate

• Network and endpoint security controls

• Regular backups and tested restoration processes

• Staff training on privacy and information security

• Contractual controls with our service providers and subcontractors

• Physical security at our premises

We retain personal information only for as long as it is reasonably required for the purposes for which it was collected, or as required by law. When personal information is no longer required, we take reasonable steps to destroy or de-identify it.

8. Data breach notification

Koolie Communications maintains a Data Breach Response Plan to identify, contain, assess and respond to data breaches.

If we become aware of a data breach that is likely to result in serious harm to any individual whose personal information is involved, we will assess the breach within the timeframe required by the Privacy Act and, where the breach is an Eligible Data Breach under the Notifiable Data Breaches scheme, we will notify:

• The Office of the Australian Information Commissioner (OAIC) as soon as practicable

• Affected individuals as soon as practicable, with information about the breach and steps they can take

9. Accessing and correcting your personal information

You have the right to request access to personal information we hold about you, and to request that we correct any personal information that is inaccurate, out of date, incomplete, irrelevant or misleading.

To make a request, please contact us using the details in Section 12. We will respond to your request within a reasonable period and provide access in the manner you have requested, where reasonable and practicable. There is generally no charge for making a request, although we may charge a reasonable fee to recover the cost of providing access in some circumstances.

We may decline a request for access or correction in limited circumstances permitted under the Privacy Act. If we do, we will provide written reasons and information about how you can complain.

10. Our website

Our website may use cookies and similar technologies to support functionality, analyse usage and improve user experience. You can set your browser to refuse cookies, although some parts of the website may not function correctly as a result.

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites, and we encourage you to review their privacy policies before providing any personal information.

11. Complaints

If you believe we have breached the Privacy Act or the APPs, or you are concerned about how we have handled your personal information, you can make a complaint to us using the contact details in Section 12.

We will acknowledge your complaint promptly and aim to investigate and respond within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• Website: www.oaic.gov.au

• Phone: 1300 363 992

• Post: GPO Box 5288, Sydney NSW 2001

12. How to contact us

Privacy enquiries, access and correction requests, and complaints should be directed to our Privacy Officer:

Privacy Officer

Koolie Communications Pty Ltd

Unit 1 426 Marion st Condell Park

Phone: 1300 669 440

13. Updates to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. The current version is available on our website. We encourage you to review this Privacy Policy periodically.

— End of Privacy Policy —