1.1. We collect personal information from customers (existing and prospective), employees (existing and prospective)
of customers, suppliers, contractors, shareholders, prospective employees and consumers, and other individuals for
various business and other purposes further listed in section 3.2 below. In this section, we explain the types of personal
information which we usually collect as well as how we collect this information.
1.2. The types of personal information Hysata will collect from you will depend on the circumstances in which that
information is collected. It may include:
(a) contact details (e.g. your name, address, email and phone details);
(b) information required for you to transact with us (e.g. place of work, position, authority to transact with us, etc.);
(c) information about your current and former employment (e.g. place of work, position, length of tenure, qualifications,
curriculum vitae, aptitude, performance reviews, psychological and medical testing results, and any other relevant human
resources information);
(d) information required for you to open a trading account with us or otherwise do business with us including bank
account details, information obtained through credit checks and any other relevant financial information;
(e) information on prior dealings with Hysata or our customers;
(f) any other information required as part of a recruitment process; and
(g) statistical information regarding the use of the Hysata website, including website users’ IP addresses, device ID, device
type, geo-location information, dates, browser type, times, and page locations of website users’ visits.
1.3. The types of personal information listed in section 1.2 above are not intended as an exhaustive list. We may
occasionally require you to provide personal information about other individuals (e.g. your authorised representatives etc).
In that case, you are expected to inform any such individuals whose personal information you provide to us that you are
providing their personal information to us and to advise them about this policy. We accept no responsibility for advising
any such individuals of the existence or content of this policy.
1.4. In the course of running our business, we do not usually collect sensitive information (including e.g. information about
a person’s race, ethnic origin, political opinions, health, religious or philosophical beliefs, sexual preferences, genetics or
criminal history). Where we do need to collect your sensitive information, we will only collect it with your consent and we
will only use it for the purpose for which you provided it.
2.1. In this section, we explain how we usually collect your personal information. We usually collect personal information
through:
(b) software platforms through which we provide services to customers;
(d) orders for products or services;
(e) employment applications;
(f) third party service providers;
(g) requests for brochures, to join a mailing list or to be contacted for further information about our products or services;
(h) provision of customer service and support;
(i) our shareholder registry;
(j) responses to surveys or research conducted by us or on our behalf; and
(k) publicly available materials;
2.2. If you do not provide us with the information we request, we may not be able to fulfill the applicable purpose of
collection, such as to supply products or services to you or to assess an application for employment.
2.3. Where practicable, we will collect personal information directly from you. From time to time we may be given
information by third party sources, including but not limited to:
(b) your representatives or advisers;
(c) our related entities and business partners; and
(d) third parties who assist us in any aspect of our business.
2.4. We may also collect your personal information from other parties where legally required to do so. If we receive
information about you from someone else, we will take reasonable steps to ensure you are aware that we have collected
personal information about you and the circumstances of the collection.
2.5. While we take reasonable steps to ensure that your personal information remains secure, many information security
risks do exist and we always recommend that you take appropriate steps to help safeguard your personal information from
such risks.
3.1. We will only use and disclose your personal information in accordance with Privacy Laws and this Privacy Policy.
3.2. Our main purposes for collecting, holding, using and disclosing personal information are the following:
(a) to verify your identity;
(b) to supply products or services to our customers;
(c) to obtain products and services from our suppliers;
(d) to respond to enquiries from existing or prospective customers seeking information about our products or services;
(e) to process and assess employment applications;
(f) to enforce agreements between you and Hysata;
(g) to undertake research and surveys and analyse statistical information;
(h) to conduct market research;
(i) to keep customers informed about our activities, products and services;
(j) to improve our products and services and develop new products and services (whether or not we supply these to you);
(k) to comply with legislative and our policy requirements including in relation to occupational health and safety and
environmental matters;
(l) to provide information to, and respond to queries from, shareholders; and
(m) to operate our business efficiently.
4.1. We generally explain at the time we collect personal information how we will use or disclose that information. We will
only use or disclose personal information for a purpose other than for which it was collected or a related purpose if you
have consented to such different use or disclosure or such use or disclosure is otherwise allowed by the Privacy Laws.
4.2. In carrying out our business, it may be necessary to share information about you with and between our related bodies
corporate and organisations that provide services to us (e.g. our alliance partners). We would not otherwise routinely
disclose personal information to another organisation unless:
(b) we believe it is necessary to provide you with a product or service which you have requested;
(c) it is necessary to protect the rights, property or personal safety of any of our customers, any member of the public or our
interests;
(d) the assets and operations of our business are transferred to another party as a going concern; or
(e) you have provided your consent.
5.1. We may use a range of service providers to help us maximise the quality and efficiency of our services and our business
operations. This means that individuals and organisations outside of Hysata, such as our legal, financial, accounting,
administrative and insurance service providers and mail houses, will sometimes have access to personal information held
by us and may use it on behalf of us. We require our service providers to adhere to strict privacy guidelines and not to keep
this information or use it for any unauthorised purposes.
6.1. We may disclose personal information outside of the jurisdiction from which it was collected. In the conduct of our
business, we transfer to, and hold or access personal information from, various countries including Australia, European
Union, United Kingdom and the United States. The privacy laws of those countries may not provide the same level of
protection as the privacy laws of the country from which the personal information was collected. However, this does not
change our commitments to safeguard your privacy and we will comply with all applicable laws relating to the cross-border
data disclosure.
7.1. Like most businesses marketing is important to our business’ success. We therefore, from time to time, send marketing
materials to current or prospective customers. We only do so in accordance with applicable laws or with your prior consent.
7.2. If you are receiving promotional information from us and do not wish to receive this information any longer, please
contact us at the address set out in section 12 below, asking to be removed from our mailing lists, or use the unsubscribe
facilities included in our marketing communications.
8.1. If at any time you want to know exactly what personal information we hold about you, you are welcome to request
access to your record by contacting us at the contact details listed in section 12 below. Our file of your information will
usually be made available to you within 14 days, though the Privacy Laws may envisage certain circumstances in which we
may not give you access to the personal information we hold about you (e.g. where we cannot give you access if it would
unreasonably affect someone else’s privacy or if giving you access poses a serious threat to someone’s life, health or safety).
8.2. If at any time you wish to change the personal information we hold about you because it is inaccurate or out of date,
please contact us at the contact details listed in section 12 below and we will amend this record. If you wish to have your
personal information deleted, please let us know in the same manner and we will take all reasonable steps to delete it unless
we need to keep it for legal reasons.
8.3. There is generally no cost for accessing the personal information we hold about you. However we may apply an
administrative charge for providing access in certain circumstances. Any such charge will be reasonable and we will advise
you of the charge and obtain your consent before providing you with access to your personal information.
9.1. If you have a privacy complaint against us (including, for example, if you think that we have failed to comply with the
Privacy Laws), you may use the contact details listed in section 12 below to notify us of your complaint. We will promptly
acknowledge and address all customer complaints. In most cases we will ask that you put your complaint in writing to us.
9.2. We will investigate any complaint and will use reasonable endeavours to respond to you in writing within a reasonable
period of time. If you are dissatisfied with the response that you receive from us, you may have the right to make a
complaint with a relevant regulator (in Australia, the relevant regulator is the Office of the Australian Information
Commissioner).
10.1. We will endeavour to take all reasonable steps to keep secure any information which we hold about you, and to
keep this information accurate, up to date and complete. Your information is stored on secure servers that are protected
in controlled facilities. We require our employees and data processors to respect the confidentiality of any personal
information held by us.
12.1. If you have any concerns or complaints about how we handle your personal information, or if you have any questions
about this policy, please contact us at
13.1. We operate in a dynamic business environment. Over time, aspects of our business may change as we respond to changing
market conditions. This may require our policies to be reviewed and revised. We reserve the right to change this Privacy Policy
at any time and notify you by posting an updated version of the policy on our website. If at any point we decide to use personal
information in a manner materially different from that stated at the time it was collected we will notify users by email or via a
prominent notice on our website, and where necessary we will seek the prior consent of our users.