Privacy Policy

Effective Date: 1 July 2024

1. Introduction

We are committed to treating the personal information we collect in accordance with the Australian Privacy Principles (“APPs”) in the Privacy Act 1988 (Cth) (“the Privacy Act”). This Privacy Policy sets out how we, “Bio101” (in this Privacy Policy, “Bio101”, “us”, “we”, and “our”) collect and handle personal information. The term “personal information” shall have the same meaning as ascribed to it under the Privacy Act and the APPs – broadly speaking, personal information includes information, or opinions, that could identify an individual. What is personal information will vary, depending on whether a person can be identified or is reasonably identifiable in the circumstances.

We may need to update this Privacy Policy from time to time to reflect our current privacy practices or changes in the law, regulations and/or professional standards. When we make any changes to this Privacy Policy, we will post the updated policy on our website. We recommend that you check our website regularly for any update to our Privacy Policy.

This Privacy Policy should be read together with our letter of engagement, applicable terms and conditions, service agreements and/or our website (“Terms and Conditions”).

2. Personal Information

The types of personal information (or opinions) we collect must be reasonably necessary for one or more of our functions or activities under our engagement with you, which will depend on the nature of our engagement with you. Examples of such information may include:

(a) General identification information such as names, job title, occupation, and gender;

(b) Contact details such as address, email address, business address phone and mobile phone number and Internet Protocol (IP) address;

(c) Biographical information which may confirm your identity including your director identification number, date of birth, tax identification number, e-signatures, drivers licence and your passport number or national identity card details, country of domicile and/or your nationality, and your place of birth;

(d) Educational qualifications, employment history, employee records, salary and referee reports;

(e) Information relating to your financial situation such as income, expenditure, assets and liabilities;

(f) Other financial information such as credit card and bank account details, tax file number, shareholdings and details of investments (e.g. if you have shares, units, managed funds or other investments, details of dividend payments and distributions from managed funds, any investment gains or losses from the disposal of shares, units and rental properties, including associated income and expenditure);

(g) Details of superannuation and insurance arrangements; and

(h) Visa or work permit status and related information.

It may be necessary for us to collect some forms of sensitive information about you to provide the specific services to you under our engagement with you. Sensitive information includes (but is not limited to) information such as about a person’s race, sexual orientation, disability, ethnic origin, political opinions, health, religious or philosophical beliefs and criminal history. We will only collect and use sensitive information with your prior written consent, in accordance with applicable laws or in a de-identified aggregated manner.

3. Collecting Personal Information

Generally, we collect your personal information from you directly, for example, when we deal with you in person or over the phone, when you send us correspondence (including via email), when you complete a questionnaire, form or survey or when you subscribe to our publications or engage with our accounts or posts on social media and networking sites.

Where it is unreasonable or impractical to collect your personal information from you directly, we may collect your personal information from outside sources. These can include public information (including information available through ASIC or the ASX, public posts to social networking sites such as LinkedIn, or where we conduct background checks, including when requested on your behalf) and commercially available personal, identity, geographic and demographic information. Outside sources may also include information gained from a third party. For example, we may collect your personal information from your company or another intermediary, a previous employer, your referees, and your personal representatives.

We will notify you before, or as soon as possible after, we collect your personal information.

We may also collect your data automatically (for example, through cookies) that is not personal information. This data may include your type of device, IP address, operating system, type of internet browser and your use of our website. Further details are set out under “Cookies”.

4. Holding Personal Information

We hold personal information in both hard copy and electronic formats. In some cases, we engage third parties to store electronic data on our behalf. We make sure we take security measures to protect the personal information we hold (for example, restriction of access, firewalls, the use of encryption, passwords and digital certificates).

We also implement policies and processes which govern document retention. We seek to ensure that personal information is kept as current as possible, and that irrelevant or excessive data (including personal information) is deleted or made anonymous as soon as reasonably practicable after we cease to use that data under our engagement (for more information see information under “data retention” heading below). However, some personal information may be retained for varying time periods in order to comply with legal and regulatory obligations and for other legitimate business reasons.

5. Purpose for collecting, holding, using and disclosing personal information

We will only collect and use your personal information if it is collected by means which are lawful and fair under the circumstances and:

(a) If permitted under applicable laws, that the personal information is collected for a lawful purpose directly related to us providing our services within a reasonable scope; and/or

(b) The personal information collected is adequate and not excessive in relation to that purpose; and/or

(c) If required by applicable laws, where you have given consent.

A lawful purpose is when we have a business or commercial reason to use your personal information, so long as this use is not overridden by your own rights and applicable law.

The purposes for which your personal data may be used are as follows:

(a) To provide, improve and properly manage our products and services, including: o preparing a proposal for services we offer;

o providing the services we offer;

o developing new products and services;

o responding to requests or queries;

o verifying your identity;

o to conduct surveys; and

o seeking your feedback.

(b) To provide the services under the Terms and Conditions or any other contract;

(c) To maintain contact with our clients and keep them informed of our services, industry developments, seminars and other events;

(d) For administrative purposes, including: o processing payment transactions;

o charging and billing;

o detecting or preventing fraud;

o dealing with any complaints or feedback; and

o identifying breaches of our terms and conditions of engagement.

(e) For purposes relating to the employment of our personnel or our Clients’ personnel, contractors and sub-contractors including: o recruitment purposes such as pre-employment screening, contacting referees, processing applications, administering psychometric testing, assessment for suitability for future positions, background checks and ongoing analytic purposes such as ensuring we are reaching a diverse range of candidates; and

o providing internal services or benefits to our staff.

(f) For governance and compliance purposes including: o managing any quality, conduct or risk management issues including conflict of interest or independence (including auditor independence) obligations or situations;

o meeting regulatory obligations; and

o any other thing where we are required to or authorised by legislation or industry code, direction or standard to do so;

(g) To report and investigate complaints and prevent suspicious transactions, prohibited activities and other illegal activities including but not limited to fraud, bribery and money laundering;

(h) For development and analytics purposes to develop our expertise and know how, including: o for benchmarking purposes;

o development, analytics and business intelligence functions including web site trend and performance analysis;

o quality assurance; and

o other purposes related to our business; and

(i) For any other purpose you provide us with your personal information.

6. Sharing personal information

We may share your personal Information with, or transfer it to, the following parties:

(a) Any of your agents, advisers, or intermediaries you inform us about;

(b) Third parties we contract with to assist in delivering the services to you;

(c) Our professional advisors where it is necessary for us to obtain their advice or assistance, including lawyers, accountants, book keepers, tax advisors, IT or public relations advisors;

(d) Our bankers, insurers and insurance brokers;

(e) Our data storage providers and any other software providers that we require to perform our services, which may be in other jurisdictions;

(f) Third parties and their advisors if we consider selling all or part of our business to such third parties;

(g) Other parties including government or regulatory bodies (for example, the Australian Taxation Office, the Australian Securities Investment Commission, professional regulatory bodies, and the Australian Securities Exchange), professional or industry bodies or agencies, as part of an engagement or as required by or in accordance with any industry code or industry standard including foreign authorities or regulators relevant or applicable for the purposes of our provision of services; and

(h) Other parties when you ask us to do so or when you consent to that disclosure.

7. Transfer and processing of your personal information cross-border

We may transfer, store, or process your personal information in other jurisdictions. If we transfer your information to a jurisdiction which does not offer an equivalent level of protection to our jurisdiction, we will make sure reasonable safeguards and security measures are in place.

To protect your information we will:

(a) Use data security safeguards; and

(b) Use contractual confidentiality requirements in our agreements with third parties; and

(c) Make sure the jurisdiction we are transferring your information to has equivalent data protection laws or seek your consent to the transfer.

We will only transfer your information outside of Australia where:

(a) the jurisdiction we are transferring your information to, in our view, provides adequate protection for personal information; and/or

(b) we have entered into a suitable contract with the recipient; and/or

(c) you have consented to the transfer.

8. Marketing

Subject to your consent, we may use your personal information to send you, whether directly from us or through appointed agents or third parties, updates (by email, text message, telephone or post) about our services, including exclusive offers, promotions or new services or information we think may be relevant to you (e.g., a newsletter).

You have the right to opt out of receiving promotional or direct marketing communications at any time, including by using the ‘unsubscribe’ link in emails.

We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.

9. Quality and security of personal information

We will take reasonable steps to:

(a) ensure the information we collect, use, and/or disclose is accurate, up-to-date, complete and relevant; and

(b) protect it from misuse, interference, loss, unauthorised access, modification or disclosure.

When we no longer need your information, subject to any legal requirements to keep a record of or retain it, we will take reasonable steps to de-identify or destroy the information.

10. Access to personal information and corrections

General Access

Subject to limited exceptions set out in applicable laws and regulations, we will provide you with access to any information we hold about you on request within a reasonable time. You can reach out to us through our ‘Contact Information’ section to request your information.

Where there are costs associated with granting your general request for access, we may charge you a reasonable fee for providing you access to your information.

If we refuse to give you access to any information we hold about you, we will provide you with a notice setting out the reasons why, and how you may complain about the refusal.

Correction of Inaccuracies

If any of your details change or if you believe that any personal information Bio101 has collected about you is inaccurate you can contact us via our ‘Contact Information’ below and we will take reasonable steps to correct it in accordance with the requirements of the Privacy Act.

If we are otherwise made aware or become satisfied that information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, we will take reasonable steps to correct it in accordance with the requirements of the Privacy Act. Where we have disclosed the incorrect information, where lawful to do so we will notify the recipients of such incorrect information.

If we refuse to correct any information we hold about you, you may request we associate that information with a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading, and we shall take reasonable steps to do so.

We will not pass on any costs, or charge you any fees, for a request to correct information and/or associate a statement of incorrectness with the information.

11. Complaints

You can notify us of any complaint you may have about our handling of your personal information via our ‘Contact Information’ below. Following your initial contact, you may be asked to set out further details of your complaint in writing. We will endeavour to reply to you within a reasonable time of receiving your complaint and, where appropriate, will advise you of the general reasons for the outcome of the complaint.

While we hope that we will be able to resolve any complaints you may have without needing to involve third parties, if you are not satisfied with the outcome of your complaint, you can refer your complaint to the Office of the Australian Information Commissioner (“OAIC”) (please refer to details on the OAIC website at: www.oaic.gov.au).

12. Contact information

If you have any questions in relation to this Privacy Policy or our management of your personal information, including any of the requests you may make under the Privacy Act and above Privacy Policy, you can contact us by email at admin@bio101.com or at:

Bio101 Suite 201, 697 Burke Road

CAMBERWELL VIC 3124

13. Cookies

Our website uses cookies. Each type of web browser provides ways to restrict and delete cookies and the manufacturers of each web browser provide resources to assist you with monitoring, deleting and/or restricting cookies. The deletion or restriction of cookies may, however, hinder your access to certain aspects of this website.

14. Data retention

We will cease processing and using your personal information as soon as possible after you cancel or terminate any engagement with us, subject to keeping copies of your data:

(a) As reasonably necessary for archival purposes;

(b) For use in actual or potential dispute/s;

(c) To comply with applicable laws and regulations;

(d) To enforce any agreement we have with you;

(e) For protecting our rights, property, safety, or those of our employees; and/or

(f) For discharging any functions, obligations and responsibilities we may have.

We may store your information in our local servers and databases or use third party cloud vendors and data processors for as long as we are required to. We will have suitable contractual arrangements in place.

In most cases we will retain your information for a period of seven years from the termination of our agreement with you, in case any claims arise from our provision of services to you.