Who is the issuer of this Policy?

Bookleaf Pty. Ltd. (ABN 29 385 212 665), as trustee for the Eden Unit Trust, trading as Holman Industries a wholly owned subsidiary of Reliance Worldwide Corporation (Aust.) Pty. Ltd.

What is this Policy?

We recognise and respect your privacy and data protection rights. We seek to manage your Personal Information in a fair, open and transparent way.

We are committed to the objectives of the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) (Privacy Act). Further, we also seek to apply the principles in the General Data Protection Regulation (GDPR) of the European Union (EU) to the extent that they apply (see the Schedule to this Policy).

The Policy has been prepared primarily to meet privacy and data protection standards under Australian law and, where applicable, and EU law.

What is the scope of this Policy?

This Policy describes our practices in connection with Personal Information including how and why we collect, use, store, secure, destroy, de-identify and disclose your Personal Information. Specifically, this Policy explains:

• the kinds of Personal Information we collect and hold;
• how we collect and hold Personal Information and obtain your consent;
• the primary and secondary purposes for which we collect, hold, use and disclose Personal Information;
• how you may access your Personal Information and correct it;
• how you may complain about a possible breach of privacy or data protection rights;
• when we may disclose Personal Information to an overseas entity and the countries in which these entities are likely to be located;
• who we may contract with internationally and international transfers of your Personal Information;
• how we manage your Personal Information if you use the Products.

The Policy is provided free of charge and you may request our Policy in a specific format. We will take reasonable steps to give you a copy in that format.

By visiting our website, using any of our products or otherwise providing your Personal Information to us, you agree to this Policy (and any updates) and you consent to our management of your Personal Information in accordance with this Policy and any other arrangements that apply between us.

What is Personal Information?

Personal Information is defined under the Privacy Act as being information or an opinion about an identified individual (e.g. a natural person), or an individual who is reasonably identifiable:

• whether the information or opinion is true or not; and
• whether the information or opinion is recorded in a material form or not.

Personal Information is focused on information relating to natural persons, not bodies corporate or business entities.

Does this Policy apply to general confidential information?

This Policy only applies to Personal Information. It does not apply to general confidential or commercially sensitive (e.g. contract terms, transactional information, customer information etc.), unless that information is Personal Information.

If information is both Personal Information and general confidential or commercially sensitive information of a client or customer, we will deal with that information in accordance the requirements of this Policy and any other confidentiality obligations to which we are bound.

What does Holman do?

We are a manufacturer and supplier of innovative engineering products for gardening and associated use. Many of our products, such as irrigation, watering, plumbing, garden lifestyle and garden lighting products, can be found in major hardware stores. Holman increasingly provides products which incorporate innovative and web-enabled technologies which collect, send and act on data obtained in the surrounding environments.

How is Personal Information Collected?

We will only collect Personal Information by lawful and fair means.

We collect your Personal Information in several ways, including but not limited to our websites, telephone, email, letter or facsimile, in person, publicly available information sources, cookies, apps, product reviews, online support tickets, product purchases and online tracking.

Is Personal Information collected from third parties?

In order to provide our services, we may collect Personal Information from third parties, including government agencies and business associates.

We will only collect Personal Information from third parties if:

• we are required or authorised by or under an applicable law, or a court/tribunal order, to collect the information from someone other than the individual concerned;
• it is unreasonable or impracticable to collect the information directly from the individual concerned; or
• it is provided to us in the course of us providing at least one of our functions and activities.

What types of Personal Information is collected?

In the course of carrying out our activities, we may collect a wide range of Personal Information.

The types of Personal Information that we collect will depend on the nature of your dealings with us. In order to provide our Products to you, we will ask you to provide the necessary Personal Information. If you do not provide your Personal Information, we may not be able to provide you with our Products.

We collect the following types of Personal Information in the following contexts:

• Account or profile data: When you register an account with us, we may collect your name and contact details, including but not limited to your email address, physical address, phone number, username, login credentials (including password) and credit card details. We do not retain credit card details on our servers.
• Online Order data: When you purchase a product online with us, we may collect your name and contact details, including but not limited to your email address, physical address, phone number, username, login credentials (including password) and credit card details. We do not retain credit card details on our servers.
• Product interaction: As you interact with our Products, we may also collect your nickname, profile picture, country code, language preference, time zone information.
• Feedback from you: When you provide us with feedback or suggestions through our Products and Online Support Tickets, we will collect your email address, mobile phone number and feedback content to address your problems and resolve device failures in a timely manner. Website reviews are conditional to approval based on email legitimacy. Email addresses deemed false or misleading will be marked as spam. Further, when you interact with our websites, we automatically collect usage data relating to visits, clicks, downloads, messages sent and received.
• Smart Device information: When you use our Products, you should be aware that we automatically collect device information, including but not limited to the Media Access Control (MAC) address of the hardware of your device, your Internet Protocol (IP) address, wireless connection information, operating system type and version, application version number, push notification identifier, log files and mobile network information. Further, when you connect your Smart Devices with our Products, we may collect the device name, device ID, online status, activation time, firmware version and upgrade information. You should be aware that depending on the Smart Device you elect to connect with our Products, we may collect different Personal Information reported by your Smart Devices. For example, watering timetable set ups for your Smart Device.
• App data: You should be aware that when you use our Apps, the system and exception log may be uploaded. System logs contain informational, error and warning details related to the Smart Device operating system. Reviewing this log may identify the cause of a problem or whether system processes are loading successfully. Exception logs capture errors whether the user sees them or not. When reviewing exception logs Apps may be modified to handle errors in a better or more efficient way.
• Location data: We may collect Personal Information about your real-time precise or non-precise geo-location when you use certain products, such as irrigation controllers.
• Employees: We may also collect Personal Information of our employees and staff, including names, genders, mailing or street addresses, email addresses, telephone and/or facsimile numbers, ages of birth, dates of birth, financial details (e.g. Tax File Numbers (TFN), credit card, bank account details) and third-party contact information (e.g. emergency contact information). The Privacy (Tax File Number) Rule 2015 is likely to apply to TFN collection.

This list above is not exhaustive. We may collect any other Personal Information that may be required in order to facilitate your dealings with us or which may be reasonably necessary to pursue our functions and activities.

Is Sensitive Information collected?

We do not ordinarily collect and use Sensitive Information. However, from time to time, we may collect Sensitive Information about individuals in the course of performing our activities.

We will only collect Sensitive Information if:

• the information is reasonably necessary for one or more of our activities or functions; and
• we have the individual’s consent to the collection.

Further, the APPs list circumstances that permit the collection of Sensitive Information about an individual without their consent. We only collect Sensitive Information without an individual’s consent if one or more of those circumstances applies.

Why is Personal Information collected?

We will only collect and hold Personal Information if it is reasonably necessary to pursue at least one of our functions or activities or its collection and storage are required or authorised by or under an Australian law or a court/tribunal order.

When is Sensitive Information collected?

Sensitive Information will only be collected and stored:

• with the consent of the individual concerned and when the information is reasonably necessary for us to carry out at least one of our functions or activities; or
• in the same circumstances permitted under the APPs.

For what purpose is Personal Information collected?

We may collect, hold, use, secure, destroy, de-identify and disclose your Personal Information for the following purposes:

• operating and managing our business as described above;
• providing you with the Products requested, including processing your account and provide data, device, usage and location information and Smart Device related information;
• communicating important information with you regarding changes to our terms, conditions, and policies and/or other administrative information;
• monitoring, improving and ensuring the functionality of the Products;
• analysing the efficiency of our operations;
• preventing and tracing fraudulent and/or inappropriate usage of Products;
• billing you in relation to any Products;
• recommending and/or refer you to third party suppliers or service providers;
• to brief and engage third party service providers to assist with maintenance, financial transactions, data analysis or with improving and/or optimising our product and service offering;
• improving and marketing our services, including providing you with marketing and promotional materials in relation to our Products;
• to send you messages, reminders, notices, updates, alerts and information requested by you or related to our Products;
• investigating and responding to your inquiries, complaints and providing assistance;
• processing online forms from our website;
• managing our relationships with suppliers, contractors and third parties;
• transactions, business dealings or regulatory relationships with governments or regulators;
• for personnel management, employment and recruitment;
• occupational health and safety activities and compliance;
• to protect our legal rights, pursue available remedies and limit our damages;
• to negotiate, agree and facilitate a transaction for the sale of our business, our assets or our shares, or to prepare for the same; and
• to enforce contracts; and
• complying with our legal, insurance and regulatory obligations in various jurisdictions in which we operate.

Generally, we will only use or disclose Personal Information for the purpose for which it was collected (Primary Purpose), including the purposes set out above.

In certain circumstances, we may be required or permitted by law or a court or tribunal to collect and retain certain Personal Information about you.

Can Personal Information be collected for a secondary purpose?

However, we may use or disclose Personal Information for secondary purposes if we receive your consent to do so, or without your consent, if:

• you would reasonably expect us to use your information for the secondary purpose; or
• otherwise in the same circumstances as permitted by the APPs.

For example, the APPs permit the use and disclose Personal Information for a secondary purpose without an individual’s consent if:

• the individual would reasonably expect the collector to use or disclose the information for a certain secondary purpose; and
• the secondary purpose is:
  • if the information is Sensitive Information – directly related to the Primary Purpose; or
  • if the information is not Sensitive Information – related to the Primary Purpose; or
• the use or disclosure of the information is permitted or authorised by or under an Australian law or a court/tribunal order, such as where disclosure of Personal Information:
  • will reduce or prevent a serious threat to life, health or safety; or
  • is in response to any unlawful activity.

How does this Policy apply to me?

By using our website and/or any of our Products (including software applications), you are impliedly consenting to us dealing with your Personal Information in accordance with this Policy.

Can I opt-out?

You have the right to opt-out of our collection and use of your Personal Information. Please contact us directly if you wish to withdraw your consent. You may opt-out of receiving marketing materials from us by contacting us using the details set out below or by using the opt-out facilities provided (e.g. an unsubscribe link).

Will my consent be required for my Sensitive Information?

We will seek express consent from you before collecting and dealing with your Sensitive Information.

Can my Personal Information be disclosed?

We may disclose Personal Information for the purposes described in this Policy to:

• our third-party service providers who perform certain business related functions for us, such as website hosting, data analysis, payment and credit card processing, infrastructure provision, IT services, customer support services, email delivery services and other similar services to enable those third parties to provide services to us;
• to our customers and other business partners who provide you, directly or indirectly, with your Smart Devices and/or networks and systems through which you access and use our websites, Apps and Products;
• to an affiliate or other third-party in the event of any corporate re-structure, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock – we will notify you via a notice on our website of any significant change in ownership and you retain the ability to opt out;
• to our officers, employees and other staff;
• to subsidiaries or affiliates (including their officers, employees and other staff) without our corporate group, to conduct business activities;
• professional advisers, consultants, dealers and agents;
• payment system operators;
• our existing or potential agents, business partners or partners;
• anyone to whom our assets or divisions (or any part of them) are transferred;
• any securities exchange in any location on which we may become listed;
• specific third parties authorised by you to receive information held by us;
• other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law; and/or
• as necessary and appropriate to comply with all applicable laws, regulations and legal processes.

Will my Personal Information be disclosed to persons overseas?

From time to time, circumstances may arise where there may be a need for us to disclose or transfer Personal Information to an overseas recipient or receive Personal Information from an overseas recipient. This may occur in a range of circumstances. For example:

• where data is being stored and accessed by way of cloud computing or where we correspond with professional advisors in various countries; or
• if and when our employees or contractors are travelling overseas.

Laws in these countries may differ from the country in which you live in.

We seek to carefully consider and where possible limit our overseas transfers of Personal Information and disclosures to jurisdictions with substantially similar privacy protections. However, you should be aware of the inherent risks of international transfers of Personal Information, particularly to jurisdictions which may have markedly different privacy protections to Australia. By using our website and/or any of our Products (including software applications), you consent to all overseas disclosures of Personal Information.

To which countries may my Personal Information be disclosed?

The countries which are likely to receive your Personal Information include, but are not limited to Australia, Germany, the United States of America and China.

Will overseas recipients need to comply with the APPs?

Before disclosing Personal Information to an overseas recipient, we will take such steps as are reasonable in the circumstances to ensure that the overseas recipient also adopts privacy procedures which materially comply with the APPs in relation to that information, unless the APPs would not require us to do so.

We will not be required to take the such steps if:

• we reasonably believe that:
  • the recipient of the information is subject to a law or a binding scheme that has the effect of protecting the information in a way that, overall, is at least substantially similar to the way in which the APPs protect the information; and
  • there are mechanisms that could be taken to enforce the law or binding scheme;
• both of the following apply:
  • we expressly inform the individual about whom the information relates that if they consent to the disclosure of the information, we will not be required to take such steps; and
  • after being so informed, the individual consents to the disclosure;
• the disclosure of the information is required or authorised pursuant to an Australian law or a court/tribunal order; or
• the APPs otherwise allow us to refrain from taking such steps, if they applied.

Do any third-party manufacturers of Products collect my Personal Information?

You should also be aware that some of the Products we may sell to you are produced/supplied by Tuya Inc., a company which has operations in China, the United States of America (California) and Germany.

Tuya Products may also collect your Personal Information. We do not control the collection and management of this Personal Information. You can find Tuya’s Privacy Policy at: https://auth.tuya.com/privacy?from=http%3A%2F%2Fiot.tuya.com%2F

To the extent permitted by law, we do not take any reasonability or liability for how Tuya or any third party which we do not control collects and deals with your Personal Information.

Can Personal Information be used for direct marketing?

We may, from time to time, use or disclose Personal Information for the purpose of direct marketing.

We may send you direct marketing communications and information about our services and products. This may take the form of emails, SMS, mail or other forms of communication, in accordance with the Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth).

We may use or disclose Personal Information (other than Sensitive Information) for direct marketing if:

• we collected the information from the individual concerned;
• the individual has consented to, or would reasonably expect us to, use or disclose the information for that purpose; and
• we provide the individual with a simple means by which they may easily request not to receive direct marketing communications from us, and they have not made such a request to us.

You expressly consent to us using your Personal Information to contact you for marketing purposes, via any mode of communication, in accordance with the Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth). We may also contact you about your opinion of current, potential or future products that may be offered by us.

Can I opt-out?

In this regard, you may opt-out of receiving marketing materials from us by contacting us using the details set out below or by using the opt-out facilities provided (e.g. an unsubscribe link).

Is Sensitive Information used for direct marketing?

If Personal Information is also Sensitive Information, we will not use or disclose the information for direct marketing without the consent of the individual concerned.

Does Holman sell Personal Information?

We do not sell, rent or lease our Personal Information to third parties.

Does Holman collect Personal Information over its website?

We may collect Personal Information about you when you use and access our website.

We may record certain information about your use of our website, such as which pages you visit, the time and date of your visit and the internet protocol address assigned to your device.

Does Holman use cookies?

Our website uses tracking technologies called “cookies” to monitor the pages accessed by you.

Cookies are small text files which are stored in the memory of or on your hard drive for record keeping purposes. We may use similar techniques, such as pixels, web beacons etc.

Cookies are used to personalise and customise webpages and services. Cookies can simplify the process of recording and maintaining your Personal Information. They are used to help us enhance the website and improve your online experience by storing your preferences during your visit to our website.

What does Holman cookies used for?

We may use cookies for the following reasons and in the following ways:

• remembering products that you add to your shopping basket during online purchasing;
• remembering information that you fill in on the various pages when paying or ordering so that you don’t have to fill in all your details repeatedly;
• remembering advertisements that you have seen on the website and tailoring those advertisements to your preferences (noting that you may still see advertisements on the website even if you disable cookies);
• tracking orders which are made as a result of advertisements on the website;
• passing on information from one page to the next, for instance if a long survey is being filled in or if you need to fill in many details for an online order;
• storing preferences such as language, location, the number of search results to be displayed etc.;
• storing settings for optimal video display, such as buffer size and your screen’s resolution details;
• reading your browser settings so that we can display our website optimally on your screen;
• locating misuse of our website and services, for example by recording several consecutive failed log-in attempts;
• loading the website evenly so that it remains accessible;
• offering the option of storing log-in details so that you don’t have to enter them every time;
• making it possible to place a reaction on our website and interacting with social media in conjunction with using our website; and
• gathering information about the behavior of visitors to our website, such as which pages are visited in which order, how often, for how long and whether visitors receive error messages.

Does the Holman website have links to third party pages?

Our website may contain links to websites operated by third parties.

Those links are provided for convenience and may not remain current or be maintained.

Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites, and do not have any control over or rights in those linked websites.

The privacy policies that apply to those other websites may differ from this Policy, so we encourage you to read them before using those websites.

Do third parties use cookies on the Holman website? Third parties may also store cookies on your computer during your visit to the Holman website. These indirect cookies are similar to direct cookies but are from different domains to the one you are visiting.

Third parties may also use information from cookies to tailor advertising to your preferences. Third parties may also combine information obtained via cookies on our website with other data about you on other websites.

Are Flash cookies used?

Flash cookies may also be used on our website.

These are files which are sent by a web server to a client when the browser requests content supported by Adobe Flash. Flash cookies are commonly used in website advertisements and videos.

Flash cookies may be removed by managing your Flash Player settings. Depending on the version of web browser and media player you use, you may be able to manage Flash cookies with your browser.

You also may manage Flash Cookies by visiting Adobe’s website (https://www.adobe.com/au/). Please be aware that restricting the use of Flash Cookies may affect the features available to you.

How do I manage my cookie performances?

In order to manage your cookie preferences, you may alter the cookie settings in your web browser settings at any time. You may accept all, or certain, cookies.

If you choose to opt out of cookies you may not be able to fully experience some features of our website. For example, you may have difficulties logging in or making online purchases.

Please be aware that we do not currently make use of a technical solution which would enable us to respond to your browser’s ‘Do No Track’ signals.

Can social media entities collect my Personal Information? We use the following social media channels at present:

• Facebook;
• Instagram;
• Twitter
• Pinterest;
• LinkedIn; and
• YouTube.

Social media entities may collect your Personal Information for their own purposes.

However, we do not have any influence over how these entities use your Personal Information.

You should review the privacy and cookie policies of any entity before you access or use their website or platform.

Is my Personal Information secured?

The security of your Personal Information is important to us. We take reasonable steps to protect your Personal Information from misuse, interference, hacking and loss, as well as unauthorised access, modification or disclosure.

However, security measures are not an absolute protection and there is an inherent risk of unauthorised access. To the extent permitted by law, we exclude legal liability for any harm or damage eventuating from security related incidents.

What steps are taken to secure Personal Information?

We use several physical, administrative, personnel and technical measures to protect your Personal Information.

Our third-party providers use commercially reasonable physical, administrative, and technical safeguards to preserve the integrity and security of your Personal Information. They also provide various security strategies to effectively ensure data security of user and device. With regards to:

• device access – proprietary algorithms are employed to ensure data security, access authentication and applying for authorisation.
• data communication – communication using security algorithms and transmission encryption protocols and commercial level information encryption transmission based on dynamic keys are supported.
• data processing – strict data filtering and validation and complete data audit are applied.
• data storage – all confidential information of users will be safely encrypted for storage.

Will I be notified if there is a data breach?

Depending on the circumstances, we may notify you, any affected individuals and, if required by applicable law, the relevant regulator, as soon as practicable after we become aware that there are reasonable grounds to believe that there has been an eligible data breach.

If it is impracticable to notify all affected individuals, and depending on the circumstances of the breach, we may publish a statement on our website and publicise the content or that statement.

We may not provide notice where it would be inconsistent with secrecy provisions or prejudice law enforcement actions. If we have taken sufficient remedial action in response to the eligible data breach, or if the regulator determines that notification is not required (if applicable), then we may not notify you of the breach.

What is an ‘eligible data breach’?

An “eligible data breach” under the Privacy Act is where there has been unauthorised access or disclosure, or loss of information where unauthorised access or disclosure is likely, and a reasonable person would conclude that this access or disclosure would likely result in serious harm to the related individuals.

Do I have a right to anonymity or to be referred to by a pseudonym?

When interacting with us, individuals may choose to remain anonymous or to use a pseudonym.

Are there any exceptions?

We may elect not to deal with the individual anonymously or pseudonymously if:

• we are required or authorised by or under an Australian law, or a court/tribunal order, to deal with you in accordance with your identity; or
• it is impracticable for us to deal with you in this way.

You acknowledge that if you do not provide identification, we may not be able to provide our services, contract with you or assist you.

How long will my Personal Information be retained?

We will hold your Personal Information for the minimum period necessary for the purposes set out in this Policy.

Is my Personal Information deleted/destroyed?

If we hold Personal Information about an individual which we no longer require, we will take reasonable steps to destroy the information or ensure that it is de-identified, unless prohibited by law or the APPs otherwise require us to avoid taking such steps.

If we are unable to destroy your Personal Information due to technical reasons, we will ensure that appropriate measures are put in place to prevent further use or identification of your Personal Information.

If you have a Holman Home account, and deactivate it, then we will aim to destroy or de-identify all Personal Information within seven to fourteen business days. However, if you login to your account before this date, your deactivation request will be cancelled.

If you do not use the Holman Home App or the associated device for a period of two years, then we will destroy or de-identify your Personal Information.

How will my Personal Information be maintained?

We will endeavour to take reasonable steps to ensure that the Personal Information that we collect is accurate, up-to-date and complete.

The reasonable steps described above that we may undertake include:

• ensuring that updated and the new Personal Information is promptly added to relevant existing records;
• reminding individuals to update their Personal Information when we engage with them; and/or
• with respect to Personal Information in the form of an opinion, we may take the following steps to verify the accuracy of the opinion:
  • checking that the opinion is a reliable source;
  • providing the opinion to individuals before we use or disclose it; and
  • clearly indicating on our record that the information is an opinion and identifying the individual who formed that opinion.

What do I do if my Personal Information is out-of-date?

If you think that the Personal Information that we hold about you might be out of date and needs to be corrected, please contact us using the details located at the end of this Policy.

Can I access my Personal Information?

You may request access to any of the Personal Information we hold about you. In most cases, a summary of your personal information will be freely available to you by contacting us. We may need to confirm your identity prior to taking further action, for security purposes.

Requests for access to your Personal Information will be handled within a reasonable period and we will endeavour to give you access to the information in the format and manner requested, if it is reasonable and practicable to do so.

We will endeavour to take reasonable steps to give access in a way that meets the needs of Holman and yourself, noting that access may be given using a mutually agreed intermediary.

Are there any exceptions to my right of access?

The APPs provide a list of situations in which access to an individual’s Personal Information may be denied. We may deny an individual access to their Personal Information in these circumstances.

Such situations include, but are not limited to where:

• where giving access would threaten life, health or safety of any individual or threaten public health or safety;
• granting access would have an unreasonable impact on the privacy of others;
• the information:
  • relates to existing or anticipated legal proceedings between the individual about who the information relates and us; and
  • would not be accessible by the process of discovery in those proceedings;
• access would reveal our intentions in relation to negotiations with the individual in such a way as to prejudice those negotiations;
• where giving access would reveal evaluative information generated in connection with a commercially sensitive decision-making process;
• granting access would be unlawful or where denying access is required or authorised by law;
• the request is frivolous or vexatious; and
• denying access would be likely to prejudice the taking of appropriate action in relation to the matter.

If we refuse to give access to the Personal Information in the circumstances required by the APPs, or if we refuse to give access in the manner requested, we will take such steps (if any) that are reasonable in the circumstances to give access in a way that meets our needs and the needs of the individual.

If we refuse to give access to Personal Information, we will provide a written notice setting out:

• the reasons for denying access to Personal Information (except where it would be unreasonable to provide the reasons);
• the mechanisms available to complain about the refusal; and
• any other matters prescribed by Australian privacy regulations.

Will I be charged to access my Personal Information?

We reserve the right to charge reasonable fees where requests for Personal Information contain complications or are resource intensive. A fee will not be excessive and will not apply to the making of the request.

Can I correct my Personal Information?

If, with regard to the purpose for which it is held, we are satisfied that Personal Information we hold is inaccurate, out-of-date, incomplete, irrelevant or misleading, or if the individual about whom the Personal Information relates makes a request, we will take reasonable steps to correct the information.

However, as a matter of practice, when we receive Personal Information, we will hold the information for a period before we consider whether it is inaccurate, out-of-date, incomplete, irrelevant or misleading (unless we are informed otherwise).

If we correct Personal Information at the individual requests, we will take reasonable steps to notify any third party to whom we previously disclosed the Personal Information, if it is not unlawful or impracticable for us to do so.

Further, you may request that we associate the information with a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading (Correction Statement). Where such a request is made, we will take reasonable steps to associate the correction statement with the Personal Information, so that it is apparent to the users of the Personal Information.

We will aim to respond to a request to correct information or associate a Correction Statement with the Personal Information within a reasonable period of the request being made.

Are there exceptions to my right to request a correction?

If we refuse to correct Personal Information in circumstances permitted by the APPs, we will provide a written notice setting out:

• the reasons for the refusal (except where it would be unreasonable to provide the reasons);
• the mechanisms available to complain about the refusal; and
• any other matter prescribed by the regulations.

Will I be charged for a correction?

We will not charge fees for requests for the correction of Personal Information or for associating a Correction Statement with the Personal Information.

How do I request to amend my Personal Information?

Requests for correction of Personal Information should be made in writing and send to us using the enquiries contact details set out below.

What happens if you receive unsolicited Personal Information?

If we receive Personal Information that we did not solicit, we will, within a reasonable period of receiving the information, determine whether we would have been permitted to collect the information in circumstances permitted by the APPs.

If we determine that we have received Personal Information that we are not permitted to collect under the APPs (and the information is not contained in a Commonwealth record), we will as soon as practicable and where it is lawful and reasonable to do so, destroy the information or ensure that it is de-identified.

If we determine that collection of the Personal Information is permitted under the APPs, we will ensure that the information is dealt with in a manner that complies with this Policy.

Can the Policy be changed?

We may change, update, revoke or replace the Policy from time to time by publishing changes to it on our website.

We may notify you via email or by means of a notice in a mobile application. We encourage you to periodically review the privacy policy on the website for the latest information about our privacy practices.

Your continued use of the website and/or our Products constitutes acceptance of any revised Policies.

How do I make a complaint?

If you wish to make a complaint about the way we have handled your Personal Information, you can contact us using the details set out below.

Please include your name, email address and/or telephone number and clearly describe your complaint. We will respond to you regarding your complaint within a reasonable period.

Who should I contact for enquiries?

For further information about the Policy or our practices, or to access or correct your Personal Information, or make a complaint, please contact us using the details set out below:

Holman Industries
11 Walter Drive
Osborne Park, Western Australia 6017
info@holmanindustries.com.au

Affiliate

in relation to a company or body corporate, means:

1. the holding company of that company or body corporate;
2. a subsidiary of that company or body corporate; and
3. a subsidiary of the holding company of that company or body corporate.

App

means a mobile software application developed by Holman that provides an end user with remote control or remote access to a Smart Device.

APPs

means the Australian Privacy Principles in Schedule 1 of the Privacy Act.

Collect

in relation to Personal Information or Sensitive Information (as the context requires), has the meaning given to that term in the Privacy Act, being the inclusion of that information in a record or generally available publication.

Consent

has the meaning given to that term in the Privacy Act, being the provision of either:

1. express consent given explicitly either in writing or orally; or
2. implied consent where a person’s consent can be inferred from their conduct or our conduct.

Where the capacity of individuals under the age of 18 cannot be practically or reasonably assessed on a case-by-case basis, we will presume that an individual aged 15 or over has the capacity to consent.

Holman, we, us or our

means Bookleaf Pty Ltd (ACN 009 036 202) as trustee for The Eden Unit Trust trading as Holman Industries (ABN 29 385 212 665) and, where the context requires, includes its Affiliates.

Personal Information

has the meaning given to that term in the Privacy Act, being information or an opinion about an identified individual, or an individual who is reasonably identifiable:

1. whether the information or opinion is true or not; and
2. whether the information or opinion is recorded in a material form or not.

Policy

means this Privacy Policy, as amended, updated or supplemented from time to time.

Privacy Act means the Privacy Act 1988 (Commonwealth of Australia).

Product means any one or more of the following:

1. Holman Mobile Application; and
2. any other Smart Device mobile software applications.

Sensitive Information

has the meaning given to that term in the Privacy Act, being:

1. 1. information or an opinion about an individual’s:
      1. racial or ethnic origin;
      2. political opinions;
      3. membership of a political association;
      4. religious beliefs or affiliations;
      5. philosophical beliefs;
      6. membership of a professional or trade association;
      7. membership of a trade union;
      8. sexual orientation or practices;
      9. criminal record,

that is also Personal Information;

1. health information about an individual;
2. genetic information about an individual that is not otherwise health information;
3. biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or
4. biometric templates.

Smart Device

means a device produced or manufactured by a hardware manufacturer which has a human-machine interface, the ability to transmit data, connects to a wireless network, including smart home devices.

you or your

means an individual whose Personal Information we mange.

What is the purpose of this Schedule?

This Schedule has been prepared for the purposes of ensuring our compliance with the GDPR, to the extent that it applies to us.

To whom does this Schedule apply?

This Schedule only applies to you only if you ordinarily reside in the European Union or European Economic Area.

How do the terms of this Schedule interact with the rest of the Policy?

The provisions of this Schedule prevail to the extent of any conflict or inconsistency with the other provisions of this Policy.

How will my Personal Data be dealt with?

The collection, use, processing, sharing, storage and disposal of your Personal Data is subject to this Policy.
Who is the Controller of my Personal Data? We will be the Controller of your Personal Data that is collected by or for us, that is processed by or for us, or that is stored by us.

How will my Personal Data be processed?

We will seek to ensure that your Personal Data is:

• processed in a lawful, fair and transparent manner; and
• only collected and processed for lawful purpose outlined in this Policy.

We may use automated processes using your Personal Data and your activity on the Holman Platform for the purposes of customising notifications or products and services provided to you. We may also use such data in automated processes for the purpose of providing more relevant services to our customers.

What are my rights to control how my Personal Data is handled?

Except to the extent we are prohibited from doing so under Australian law, you may:

• instruct us as to how we can use your Personal Data, including to restrict our use;
• object or withdraw your consent to our use (or any particular use) of your Personal Data;
• request that we provide you (in a portable format) with or send to a third party all Personal Data that we hold; and
• request that we delete your Personal Data.

Is my consent required for any use or handling of my Personal Data?

We will only process Personal Data about your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, biometric data (for example your fingerprints), or data concerning your health, sex life or sexual orientation with your consent or as otherwise permitted by law.

Will consent of a parent or guardian be sought?

We will seek the consent of a parent or guardian to collect the details of minors under the age of 16. This will not affect the validity of any contract in relation to a child.

consent

has the meaning given to that term in the GDPR, being in relation to a data subject, any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Controller

has the meaning given to that term in the GDPR, being the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data; where the purposes and means of such processing are determined by European Union or European Union member State law, the controller or the specific criteria for its nomination may be provided for by such law.

Personal Data

has the meaning given to that term in the GDPR, being any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

processing

has the meaning given to that term in the GDPR, being any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Processor

has the meaning given to that term in the GDPR, being a natural or legal person, public authority, agency or other body, which processes personal data on behalf of the Controller.

you or your

means a person whose Personal Data we have collected, have access to or process who ordinarily resides in the European Union or the European Economic Area.