This Policy has been published to provide a clear and concise outline of how and when personal information is collected, disclosed, used, stored and otherwise handled by SMEC Holdings Limited and any of its subsidiaries and related entities (SMEC, we, our or us).  This Policy relates to personal information collected by any means and by any technology, including but not limited to information collected via our website at www.smec.com. SMEC is committed to protecting the privacy of visitors to our website, and the protection of any personal information provided to us. When you visit our website, you do so anonymously unless you voluntarily provide your personal information to us. We may use cookies or other means to collect statistics on visitors to our website (generally including country of location, pages visited etc.) in order to be as user-friendly, informative and personal as possible.

1.
Introduction

1.1
Our privacy assurance to you

(a)
Your privacy has always been important to us.  We respect your
right to be aware of who has information about you, what they are doing with it
and why, and who else they are sharing it with.

(b)
Our objective is to handle information responsibly and provide
you with some control over the way information about you is handled.

1.2
Overview

This privacy policy explains how
we manage personal information.  In particular it explains, in relation to that
personal information:

(a)
the kinds of personal information we collect and hold;

(b)
how we collect the personal information;

(c)
the purposes for which we collect, hold, use and disclose the
personal information;

(d)
how we store your personal information;

(e)
your rights to deal with the personal information held;

(f)
how complaints are dealt with; and

(g)
whether we are likely to disclose the personal information to
overseas recipients and the countries where those recipients are likely to be
located.

2.
The kinds
of personal information we collect and hold and how it is collected

We collect a variety of
personal information about individuals in a variety of ways.  For example, we
may obtain the information from the individual or from persons acting on the
individual’s behalf.  When it is possible and practical, we will collect the
information direct from the individual.  When it is not practical or reasonable
to do so we may collect the information from a third party.  We may also
collect information based on the individual’s interactions with us.

The main categories of
information we collect is as follows:

2.1
Information that is necessary for the provision of our
services

We ask for
and collect the following personal information about you to assist us in
providing our services, marketing our services and administering our business.
This information is necessary for the adequate performance of our services and
to allow us to comply with our legal obligations. Without it, we may not be
able to provide you with all the requested services.

(a)
Personal identification information (name, email address,
phone number etc)
. This will be collected if you submit your details
through a website enquiry or register for further information;

(b)
Communications with SMEC. When you communicate with SMEC
we will collect information about your communication and any information that
you choose to provide;

(c)
Payment
Information
. To engage our services we may require you to
provide certain financial information (like your bank account or credit card
information) in order to facilitate the processing of payments;

2.2
Information you choose to provide to SMEC

You may choose to provide us
with additional personal information in order to obtain a better experience
when using our services or to apply for a position or engagement with us. This
additional information will be processed based on our legitimate interest or
when applicable, your consent.

(a)
Employment history, academic record, professional memberships
and other information
. This may be provided through or supporting an
employment application or curriculum vitae, employment references or through SMEC’s E-Hire System;

(b)
Other Information. You may choose to provide us
information when you fill in a form, update or add information to you contact
details, respond to surveys, participate in promotions (such as conferences, seminars and surveys), communicate
with our employees and contractors, share your experiences with us or use any
part of our services;

(c)
Payment Information. You may provide us with certain
financial information (like your bank account or credit card information) in
order to process payments.

2.3
Information we collect from third parties

We may collect information, including personal information, that others provide about you, or obtain information from other sources and combine that with information we collect through the services. We do not control, supervise or respond for how the third parties providing your information process your personal information, and any
information request regarding the disclosure of your personal information to us should be directed to such third parties.

(a)
Third
Party Services
. If you link, connect, or login to our website or other online access related to our services with a third party service (e.g. Google, Facebook, LinkedIn), the third party service may send us information such as your registration, friends list, and profile information from that service. This information varies and is controlled by that service or as authorised by you via your privacy settings at that service.

(b)
Your
References
. If someone has provided an employment reference for
you this communication will be collected.

(c)
Background
Information
. To the extent permitted by applicable laws and
with your consent where required, we may obtain the local version of police,
background or registered sex offender checks. We may use your information,
including your full name and date of birth, to obtain such reports.

(d)
Referrals. If
you are referred to our services, the person who invited you may submit
personal information about you such as your email address or other contact
information.

(e)
Other
Sources
. To the extent permitted by applicable law, we may
receive additional information about you, such as demographic data or
information to help detect fraud and safety issues, from third party service
providers and/or partners, and combine it with information we have about you.
For example, we may receive background check results (with your consent where
required) or fraud warnings from service providers like identity verification
services for our fraud prevention and risk assessment efforts.

2.4
Information that we automatically collect

When you
use our services or our website, we automatically collect personal information
about the services you use and how you use them. This information is necessary
for the adequate performance of the contract between you and us, to enable us
to comply with legal obligations and given our legitimate interest in being
able to provide and improve the functionalities of our services and website.

(a)
Usage Information. We collect information about your
interactions with our website such as the pages or content you view, your
searches, and other actions on our website.

(b)
Cookies and Similar Technologies. We use cookies and other
similar technologies when you use our website, use any mobile app, or engage
with our online ads or email communications. We may collect certain information
by automated means using technologies such as cookies, web beacons, pixels,
browser analysis tools, server logs, and mobile identifiers. In many cases the
information we collect using cookies and other tools is only used in a
non-identifiable without reference to personal information. For example, we may
use information we collect to better understand website traffic patterns and to
optimise our website experience. In some cases, we associate the information we
collect using cookies and other technology with your personal information. Our
business partners may also use these tracking technologies on our website or
engage others to track your behaviour on our behalf. You can set your browser
not to accept cookies however it is possible that some of our website features
may not function as a result.

(c)
Pixels and SDKs. Third parties, including Facebook,
may use cookies, web beacons, and other storage technologies to collect or
receive information from our websites and elsewhere on the internet and use
that information to provide measurement services and target ads.

(d)
Payment Transaction Information. We collect information
related to any payment transactions through our website, including the payment
instrument used, date and time, payment amount, payment instrument expiration
date and billing postcode, PayPal email address, IBAN information, your address
and other related transaction details. This information is necessary for the
adequate performance of the services.

3.
The purposes
for which we collect, hold and use personal information

We may use, store and process personal
information for purposes permitted by law and which are reasonably necessary
for our business activities. These include:

3.1
To provide, improve and develop our services and business

We may use the personal
information to provide, improve, and develop the services and our business such
as to:

(a)
enable you to access and use the services and our website;

(b)
enable you to communicate with other our staff and service providers
where necessary;

(c)
operate, protect, improve, and optimise the services and website
and experience, such as by performing analytics and conducting research;

(d)
provide customer service;

(e)
send you service or support messages, updates, security alerts,
and account notifications;

(f)
if you provide us with your contacts’ information, we may process
this information:

(i)
to facilitate your referral invitations;

(ii)
send your requests for references;

(iii)
for fraud detection and prevention; and

(iv)
for any purpose you authorise at the time of collection;

(g)
to operate, protect, improve, and optimise the services and
website and experience, and personalise and customize your experience; and

(h)
enable your use of our enterprise products.

We process this personal
information for these purposes given our legitimate interest in improving our
services, our website and your experience with it, and where it is necessary
for the adequate performance of our obligations to you.

3.2
To meet staffing and recruitment needs

We may use
the personal information to assist us in meeting staffing and recruitment needs
such as to

(a)
to consider applications for roles and positions;

(b)
to notify you of employment opportunities aligned to your
qualifications, skills and experience (as provided to us in an online job
application;

(c)
for general employment purposes;

3.3
To provide, personalise, measure and improve our advertising
and marketing

We may use the personal
information to provide, personalise, measure, and improve our advertising and
marketing such as to:

(a)
send you promotional messages, marketing, advertising, and other
information that may be of interest to you based on your preferences (including
information about campaigns and services and social media advertising through
social media platforms such as Facebook or Google);

(b)
personalise, measure, and improve our advertising;

(c)
administer referral programs, rewards, surveys, sweepstakes,
contests, or other promotional activities or events sponsored or managed by us
or our third party partners;

(d)
conduct profiling on your characteristics and preferences (based
on the information you provide to us, your interactions with us and information
obtained from third parties) to send you promotional messages, marketing,
advertising and other information that we think may be of interest to you;

(e)
invite you to events and relevant opportunities.

We will process your personal
information for the purposes listed in this section given our legitimate
interest in undertaking marketing activities to offer you products or services
that may be of your interest.

3.4
To operate payment services

We may use the personal
information as part of services to facilitate payments such as to:

(a)
enable you to access and use the payment services;

(b)
detect and prevent fraud, abuse, security incidents, and other
harmful activity;

(c)
conduct security investigations and risk assessments;

(d)
conduct checks against databases and other information sources;

(e)
comply with legal obligations (such as anti-money laundering
regulations);

(f)
enforce the payment terms and other payment policies;

(g)
with your consent, send you promotional messages, marketing,
advertising, and other information that may be of interest to you based on your
preferences.

We will process this personal
information given our legitimate interest in improving the payment services and
its users’ experience with it, and where it is necessary for the adequate
performance of the services and to comply with applicable laws.

3.5
To create and maintain a trusted and safer environment

We may use the personal
information to create and maintain a trusted and safer environment such as to:

(a)
detect and prevent fraud, spam, abuse, security incidents, and
other harmful activity;

(b)
conduct security investigations and risk assessments;

(c)
verify or authenticate information or identifications provided by
you (such as to verify your employment history or compare your identification
photo to another photo you provide);

(d)
conduct checks against databases and other information sources,
including background or police checks, to the extent permitted by applicable
laws and with your consent where required;

(e)
comply with our legal obligations;

(f)
resolve any disputes and enforce our agreements with third
parties;

(g)
enforce our terms of service and other policies; and

We process this personal
information for these purposes given our legitimate interest in protecting our
business and the services we provide, to measure the adequate performance of
services and the relationship with you, and to comply with applicable laws.

You have
choices on the promotional messages that you choose to receive and can limit
the information that you provide to us. Participation in promotions and
marketing programs is voluntary and you can limit the communications that we
send to you. Please note however that even if you elect not to receive
marketing communications, we may still need to contact you with important
transaction information or alerts.

4.
How we
might share or disclose your personal information

4.1
Advertising and Social Media; Sharing with Your Consent

(a)
Where you have provided consent, we share your information,
including personal information, as described at the time of consent, such as
when you authorise a third party application or website to access your
information or when you participate in promotional activities conducted by us,
our partners or third parties.

(b)
Where permissible according to applicable law we may use certain
limited personal information about you, such as your email address, to share it
with social media platforms, such as Facebook or Google, to generate leads,
drive traffic to our websites or otherwise promote our products and services.
These processing activities are based on our legitimate interest in undertaking
marketing activities to offer you products or services that may be if your
interest.

(c)
The social media platforms with which we may share your personal
information are not controlled or supervised by us. Therefore, any questions
regarding how your social media platform service provider processes your
personal information should be directed to such provider.

(d)
Please note that you may, at any time ask us to cease processing
your data for these direct marketing purposes by opting out directly though the
original source of communication e.g Mailchimp or sending an e-mail to privacy@smec.com

4.2
Compliance with Law, Responding to Legal Requests, Preventing
Harm and Protection of our Rights

(a)
We may disclose your information, including personal information,
to courts, law enforcement, governmental authorities, tax authorities, or
authorised third parties, if and to the extent we are required or permitted to
do so by law or if such disclosure is reasonably necessary:

(i)
to comply with our legal obligations;

(ii)
to comply with a valid legal request or to respond to claims
asserted against us;

(iii)
to respond to a valid legal request relating to a criminal
investigation or alleged or suspected illegal activity or any other activity
that may expose us, you, or any other of our users to legal liability;

(iv)
to enforce and administer our terms of service or other
agreements;

(v)
to protect our rights, property or personal safety, or that of
our employees, or members of the public.

(b)
These disclosures may be necessary to comply with our legal
obligations, for the protection of your or another person’s vital interests or
for the purposes of our or a third party’s legitimate interest in keeping our
services and business secure, preventing harm or crime, enforcing or defending
legal rights, facilitating the collection of taxes and prevention of tax fraud
or preventing damage.

(c)
Where appropriate, we may notify you about legal requests unless:

(i)
providing notice is prohibited by the legal process itself, by
court order we receive, or by applicable law;

(ii)
we believe that providing notice would be futile, ineffective,
create a risk of injury or bodily harm to an individual or group, or create or
increase a risk of fraud upon our property.

In instances where we comply
with legal requests without notice for these reasons, we may attempt to notify you
about the request after the fact where appropriate and where we determine in
good faith that we are no longer prevented from doing so.

4.3
Service Providers

(a)
We use a variety of third-party service providers to help us
provide services related to our services and business. Service providers may be
located inside or outside of Australia.

(b)
For example, service providers may help us:

(i)
verify your identity or authenticate your identification
documents;

(ii)
check information against public databases;

(iii)
conduct background or police checks, fraud prevention, and risk
assessment;

(iv)
perform product development, maintenance and debugging;

(v)
allow the provision of the services through third party platforms
and software tools (e.g. through the integration with our APIs);

(vi)
provide customer service, advertising, or payments services; or
process, handle or assess insurance claims or other similar claims. These
providers have limited access to your personal information to perform these
tasks on our behalf and are contractually bound to protect the personal
information and only use the personal information in accordance with our
instructions.

(c)
We will need to share your information, including personal
information, in order to ensure the adequate performance of our contract with
you.

4.4
Corporate Affiliates

(a)
To enable or support us in providing the services and operating
our business, we may share your information, including personal information,
within our corporate family of companies (both financial and non-financial
entities) that are related by common ownership or control.

(b)
Additionally, we share your information, including personal
information, with our corporate affiliates in order to support and integrate,
promote, and to improve our services and those of our affiliates.

(c)
The SMEC Group of companies is an international group of
companies. We may disclose your personal information to personnel within SMEC
Group companies in the countries in which SMEC operates. When you (or your
authorised recruitment agency representative) volunteer personal information on
our website, you consent to us sharing your personal information within the
SMEC Group for the purpose which it was disclosed to us, or for a related
purpose which would be reasonably expected without your permission.

4.5
Business Transfers.

If we undertake or are
involved in any merger, acquisition, reorganisation, sale of assets,
bankruptcy, or insolvency event, then we may sell, transfer or share some or
all of our assets, including your information in connection with such
transaction or in contemplation of such transaction (e.g., due diligence). In
this event, we will notify you before your personal information is transferred
and becomes subject to a different privacy policy.

4.6
Aggregated Data.

We may also share aggregated
information (information about our users that we combine together so that it no
longer identifies or references an individual user) and other anonymized
information for regulatory compliance, industry and market analysis, research,
demographic profiling, marketing and advertising, and other business purposes.

4.7
Cross-border disclosure

(a)
Generally, we do not disclose personal information to overseas
recipients other than our corporate affiliates.  However, we may do so.  For
example, if the debtor is located overseas, we may need to send the client’s
personal information overseas so that we can collect the debt.  We may use
service providers located overseas.  In each case personal information is
provided to an overseas recipient when this is permitted by law.

(b)
The countries where the overseas recipients of personal
information may be located in New Zealand, United States, Canada, United
Kingdom, Austria, Belgium, Finland, France, Germany, China (including Hong
Kong), Ireland, Italy, Japan, Luxembourg, Malta, the Netherlands, Portugal,
Singapore, South Africa, Spain and Switzerland.

5.
How we
store your personal information

5.1
We generally retain your personal information for as long as is
necessary for the performance of our services and to comply with our legal
obligations.

5.2
We take all reasonable steps to keep the personal information we
hold secure and prevent unauthorised access or disclosure. These steps include
physical security and restrictions on access to electronic records. Our
employees are prohibited from using or disclosing personal information for
purposes unrelated to the purpose for which it was collected.

5.3
We restrict access to personal information collected on our
website to only those employees who need access to that information in order to
perform and discharge their duties. We may share personal information with
third parties. The type of third parties that we may disclose personal
information to include service providers who assist us in providing and
maintaining our website and who provide recruitment services to us.

6.
How can
you deal with your personal information?

6.1
Access

(a)
You may access personal information about you which we hold by
contacting our privacy contact officer (Privacy Officer) as follows:

Phone

02 9925 5555

E-mail:

privacy@smec.com

Mail:

Level 5/20 Berry St, North Sydney, NSW, Australia

(b)
If access is requested by contacting the
Privacy Officer, we will need to verify the individual’s identity before giving
access.

(c)
We will usually provide the requested personal information within
30 days of receiving the request.  There is no charge to make a request, but we
may levy an administration fee for providing access.  If there is a reason why
we do not make the requested personal information available, we will provide
our reason in writing.

6.2
Rectification, Erasure, Restricting Processing and
Transferring data

(a)
In certain circumstance and some jurisdictions, you have the
right to ask us to:

(i)
correct in accurate or incomplete personal information;

(ii)
erase your personal information;

(iii)
restrict the processing of your personal information;

(iv)
transfer the personal information that we have collected to
another organisation or directly to you;

(b)
To make these requests, please contact our Privacy Officer in
writing through the details listed above.

(c)
In certain situations, we may decide not to agree to a request to
correct personal information. These may include where:

(i)
access would create a serious threat to safety;

(ii)
providing access will have an unreasonable impact upon the
privacy of other individuals;

(iii)
denying access is required or authorised by law;

(iv)
the request is frivolous or vexatious;

(v)
legal proceedings are underway or otherwise anticipated;

(vi)
negotiations may be prejudiced by such access; or

(vii)
access would reveal a commercially sensitive decision making
process.

(d)
We will tell you in writing why we have not agreed to the
correction request in these circumstances.

(e)
Please note that if you request erasure of your personal information,
we may retain some of your personal information as necessary for our legitimate
business interests, such as fraud detection and prevention and enhancing safety
or to comply with our legal obligations. Because we maintain our records to
protect from accidental or malicious loss and destruction, residual copies of
your personal information may not be removed from out backup systems for a
limited period of time.

6.3
Objecting to Processing

(a)
In certain circumstances, you may have the right to object to our
processing of your personal information.

(b)
To make this request, please contact our Privacy Officer in
writing through the details listed above.

7.
How you
can make a complaint relating to privacy

7.1
If you believe that your privacy has been infringed, you are
entitled to complain. All complaints should initially be in writing and directed
to the Privacy Officer through the details provided above.

7.2
We will respond to your complaint as soon as possible, within 14
working days, to let you know who is responsible for managing your query.

7.3
We will try to resolve the complaint within 30 working days. When
this is not possible, we will contact you to provide an estimate of how long it
will take to handle the complaint.

7.4
While we aim to resolve your complaints at your first point of
contact if you are not satisfied with the decision you may make a complaint to
the Information Commission appropriate for your jurisdiction.

7.5
In Australia, complaints may be made to the Office of the
Australian Information Commissioner (the “OAIC”).  The contact details for the
OAIC are:

Telephone:

1300 363 992

Facsimile:

(02) 9284 9666

Website:

www.oaic.gov.au

Mail:

The Office of the Australian
Information Commissioner

GPO Box 2999

CANBERRA ACT 2601

 

7.6
In New Zealand, complaints may be made to the Office of the Privacy Commissioner (the “OPC”). The contact details for the OPC are:

Telephone:

0800 803 909

Website:

www.privacy.org.nz

Mail:

The Office of the Privacy Commissioner

PO Box 10 094

WELLINGTON 6143

 

8.
Acceptance
and changes to SMEC’s Privacy Policy

8.1
You acknowledge and accept that your use of the our website and
services indicates your acceptance of this Privacy Policy.

8.2
This is the current Privacy Policy. It replaces any other Privacy
Policy published on our website or otherwise provided to date.

8.3
We may, at any time, make amendments to the Privacy Policy by
publishing the new Privacy Policy on our website. You accept that by doing
this, we have provided you with sufficient notice of the amendments. It is your
responsibility to check the Privacy Policy each time you visit our website.