Privacy Policy

1 PURPOSE OF OUR POLICY
1.1 AirAgri Pty Ltd ACN 606 172 285 (we, us or our) has adopted this Privacy Policy to
ensure that we have standards in place to protect the Personal Information that we
collect about individuals that is necessary and incidental to:
(a) Providing the system and services that we offer; and
(b) The normal day-to-day operations of our business.
1.2 This Privacy Policy follows the standards of both:
(a) The Australian Privacy Principles set by the Australian Government for the handling
of Personal Information under the Privacy Act 1988 (Cth) (Privacy Act); and
(b) The regulations and principles set by the European Union’s General Data Protection
Regulation (GDPR) for the handling of Personal Data.
1.3 By publishing this Privacy Policy we aim to make it easy for our customers and the
public to understand what Personal Information we collect and store, why we do so,
how we receive, obtain, store and/or use that information, and the rights of control an
individual has with respect to their Personal Information in our possession.

2 WHO AND WHAT THIS POLICY APPLIES TO
2.1 Our Privacy Policy deals with how we handle “personal information” and “personal
data” as it is defined in the Privacy Act and the GDPR respectively (Personal
Information).
2.2 We handle Personal Information in our own right and also for and on behalf of our
customers and users.
2.3 Our Privacy Policy does not apply to information we collect about businesses or
companies, however it does apply to information about the people in those
businesses or companies which we store.
2.4 The Privacy Policy applies to all forms of information, physical and digital, whether
collected or stored electronically or in hardcopy.
2.5 If, at any time, an individual provides Personal Information or other information about
someone other than himself or herself, the individual warrants that they have that
person’s consent to provide such information for the purpose specified.
2.6 We consider the protection of privacy of children very important. We do not knowingly
collect personal data from children under the age of 16 without obtaining parental
consent. If an individual is under 16 years of age, then they should not use or access
the service at any time or in any manner. If we learn that Personal Information has
been collected on the service from persons under 16 years of age and without
verifiable parental consent, then we will take the appropriate steps to delete such
information.
3 THE INFORMATION WE COLLECT
3.1 In the course of business it is necessary for us to collect Personal Information. This
information allows us to identify who an individual is for the purposes of our business,
share Personal Information when asked of us, contact the individual in the ordinary
course of business and transact with the individual. Without limitation, the type of
information we may collect is:
(a) Personal Information. We will collect personal details such as an individual’s name,
and may collect personal details such as location, date of birth and other information
defined as “Personal Information” in the Privacy Act that allows us to identify who the
individual is;
(b) Contact Information. We do collect information such as an individual’s email
address, telephone number, and may collect information such as an individual’s third-
party usernames, residential, business and postal address and other information that
allows us to contact the individual;
(c) Financial Information. We may collect financial information related to an individual
such as any bank or credit card details used to transact with us and other information
that allows us to transact with the individual and/or provide them with our services;
(d) Technical Information. We collect the IP Addresses of users accessing our
systems, the actions of users on our website and other digital information created by
an individual’s use of our online systems.
(e) Statistical Information. We may collect information about an individual’s online and
offline preferences, habits, trends, decisions, associations, memberships, finances,
purchases and other information for optimization and statistical purposes; and
(f) Information an individual sends us. We may collect any personal correspondence
that an individual sends us, or that is sent to us by others about the individual’s
activities.
3.2 We may collect other Personal Information about an individual, which we will maintain
in accordance with this Privacy Policy.
3.3 We may also collect non-Personal Information about an individual such as
information regarding their computer, network and browser. Where non-Personal
Information is collected the Australian Privacy Principles and the GDPR do not apply.

4 HOW INFORMATION IS COLLECTED
4.1 Most information will be collected in association with our SaaS farm management
digital platform(AirAgri). However we may also receive Personal Information directly
from individuals through enquiries and general dealing, from sources such as
advertising, an individual’s own promotions, public records, mailing lists, contractors,
staff, recruitment agencies and our business partners. In particular, information is
likely to be collected as follows:
(a) Registrations/Subscriptions. When an individual registers for a service, account,
connection or other process whereby they enter Personal Information details in order
to receive or access something;
(b) Uploads. When an individual uploads or imports any documents, materials or other
information into AirAgri that contains Personal Information;
(c) Supply. When an individual supplies us with goods or services;
(d) Contact. When an individual contacts us in any way;
(e) Access. When an individual accesses us physically we may require them to provide
us with details for us to permit them such access. When an individual accesses us
through the internet we may collect information using cookies (if relevant – an
individual can adjust their browser’s setting to accept or reject cookies) or analytical
services; and/or
(f) Pixel Tags. Pixel tags enable us to send email messages in a format customers can
read and they tell us statistical information including but not limited to whether mail
has been opened.
4.2 As there are many circumstances in which we may collect information both
electronically and physically, we will endeavour to ensure that an individual is always
aware of when their Personal Information is being collected.
4.3 Where we obtain Personal Information without an individual’s knowledge (such as by
accidental acquisition from a client), we will either delete/destroy the information, or
inform the individual that we hold such information, in accordance with the Australian
Privacy Principles and the GDPR.
5 WHEN PERSONAL INFORMATION IS USED & DISCLOSED
5.1 In general, the primary principle is that we will not use any Personal Information other
than for the purpose for which it was collected other than with the individual’s
permission. The purpose of collection is determined by the circumstances in which
the information was collected and/or submitted.
5.2 We will only process Personal Information when we can identify a lawful basis to do
so. It is always our responsibility to ensure that we can demonstrate which lawful
basis applies to the particular processing purpose.
5.3 The most common lawful bases relied upon are:
(a) Consent: we will only rely upon express, clear and informed consent. Any consent
provided may specify and/or restrict the purpose, and can be withdrawn at any time
without penalty. We will keep a record of when and how we got consent from an
individual.
(b) Legitimate interests: we will only rely upon an identifiable legitimate interest where we
can demonstrate that the processing of Personal Information is necessary to achieve
it by balancing it against the individual’s interests, rights and freedoms. We will keep
a record of our legitimate interests assessments.
5.4 We will retain Personal Information for the period necessary to fulfil the purposes
outlined in this Privacy Policy unless a longer retention period is required or permitted
by law.
5.5 If it is necessary for us to disclose an individual’s Personal Information to third parties
in a manner compliant with the Australian Privacy Principles and the GDPR in the
course of our business, we will inform you that we intend to do so, or have done so,
as soon as practical.
5.6 We will not disclose or sell an individual’s Personal Information to unrelated third
parties unless the prior written consent of the individual is obtained.
5.7 Information is used to enable us to operate our business, especially as it relates to an
individual. This may include:
(a) The provision of goods and services between an individual and us;

(b) Verifying an individual’s identity;
(c) Communicating with an individual about:
i Their relationship with us;
ii Our goods and services;
iii Our own marketing and promotions to customers and prospects;
iv Competitions, surveys and questionnaires;
(d) Investigating any complaints about or made by an individual, or if we have reason to
suspect that an individual is in breach of any of our terms and conditions or that an
individual is or has been otherwise engaged in any unlawful activity; and/or
(e) As required or permitted by any law (including the Privacy Act).
5.8 The individual shall have the right to object at any time to the processing of their
Personal Information for direct marketing purposes, which includes profiling to the
extent that it is related to such direct marketing. If we receive such a request, we will
stop the processing of Personal Information for direct marketing purposes
immediately without charge or penalty.
5.9 There are some circumstances in which we must disclose an individual’s information:
(a) Where we reasonably believe that an individual may be engaged in fraudulent,
deceptive or unlawful activity that a governmental authority should be made aware of;
(b) As required by any law (including the Privacy Act); and/or
(c) In order to sell our business (in that we may need to transfer Personal Information to
a new owner).
5.10 We may utilise third-party service providers to communicate with an individual and to
store contact details about an individual. These service providers may be located
outside of Australia. Otherwise, we will not disclose an individual’s Personal
Information to any entity outside of Australia.
6 OPTING “IN” OR “OUT”
6.1 An individual may opt to not have us collect and/or process their Personal
Information. This may prevent us from offering them some or all of our services and
may terminate their access to some or all of the services they access with or through
us. They will be aware of this when:
(a) Opt In. Where relevant, the individual will have the right to choose to have
information collected and/or receive information from us (for clarity, consent must
involve an unambiguous positive action to opt in); or
(b) Opt Out. Where relevant, the individual will have the right to choose to exclude
himself or herself from some or all collection of information and/or receiving
information from us.
6.2 If an individual believes that they have received information from us that they did not
opt in or out to receive, they should contact us using the details as set out in section
11 below.

7 THE SAFETY & SECURITY OF PERSONAL INFORMATION
7.1 We may appoint a Data Protection Officer to oversee the management of this Privacy
Policy and compliance with the Australian Privacy Principles, the Privacy Act and the
GDPR. This officer may have other duties within our business and also be assisted
by internal and external professionals and advisors.
7.2 We will take all reasonable precautions to protect an individual’s Personal Information
from unauthorised access. This includes appropriately securing our physical facilities
and electronic networks.
7.3 We use encryption to store and transfer Personal Information. Despite this, the
security of online transactions and the security of communications sent by electronic
means or by post cannot be guaranteed. Each individual that provides information to
us via the internet or by post does so at their own risk. We cannot accept
responsibility for misuse or loss of, or unauthorised access to, Personal Information
where the security of information is not within our control.
7.4 We are not responsible for the privacy or security practices of any third party
(including third parties that we are permitted to disclose an individual’s Personal
Information to in accordance with this policy or any applicable laws), unless otherwise
required by the Privacy Act and the GDPR. The collection and use of an individual’s
information by such third parties may be subject to separate privacy and security
policies.
7.5 If an individual suspects any misuse or loss of, or unauthorised access to, their
Personal Information, they should let us know immediately.
7.6 We are not liable for any loss, damage or claim arising out of another person’s use of
the Personal Information where we were authorised to provide that person with the
Personal Information.
7.7 Where there is a breach of security leading to the accidental or unlawful destruction,
loss, alteration, unauthorised disclosure of, or access to, Personal Information, then:
(a) We will immediately establish the likelihood and severity of the resulting risk to wider
rights and freedoms of natural persons;
(b) If we determine there is a risk from the security breach, then we will immediately
notify the relevant supervisory authority and provide all relevant information on the
particular breach, and by no later than 72 hours after having first become aware of
the breach;
(c) If we determine there is a high risk from the security breach (a higher threshold than
set for notifying supervisory authorities), we will immediately notify the affected
individuals and provide all relevant information on the particular breach without undue
delay.
7.8 We will document the facts relating to any security breach, its effects and the
remedial action taken, and investigate the cause of the breach and how to prevent
similar situations in the future.

8 HOW TO ACCESS, UPDATE AND/OR REMOVE INFORMATION
8.1 Subject to the Australian Privacy Principles and the GDPR, an individual has the right
to request from us the Personal Information that we have about them, and we have
an obligation to provide them with such information as soon as practicable, and by no
later than 28 days of receiving the written request. The individual is free to retain and
reuse their Personal Information for their own purposes. We may be required to
transmit the Personal Information directly to another organisation if this is technically
feasible.
8.2 If an individual cannot update their own information themselves, we will correct any
errors in the Personal Information we hold about an individual within 28 days of
receiving written notice from them about those errors, or two months where the
request for rectification is complex.
8.3 It is an individual’s responsibility to provide us with accurate and truthful Personal
Information. We cannot be liable for any information that is provided to us that is
incorrect.
8.4 Where a request to access Personal Information is manifestly unfounded, excessive
and/or repetitive, we may refuse to respond or charge an individual a reasonable fee
for our costs incurred in meeting any of their requests to disclose the Personal
Information we hold about them. Where we refuse to respond to a request, we will
explain why to the individual, informing them of their right to complain to the
supervisory authority and to a judicial remedy without undue delay and at the latest
within 28 days.
8.5 We may be required to delete or remove all Personal Information we have on an
individual upon request in the following circumstances:
(a) Where the Personal Information is no longer necessary in relation to the purpose for
which it was originally collected and/or processed;
(b) When the individual withdraws consent;
(c) When the individual objects to the processing and there is no overriding legitimate
interest for continuing the processing;
(d) The processing of the Personal Information was otherwise in breach of the GDPR;
(e) The Personal Information has to be erased in order to comply with a legal obligation;
and/or
(f) The Personal Information is in relation to a child.
8.6 We may refuse to delete or remove all Personal Information we have on an individual
where the Personal Information was processed for the following reasons:
(a) To exercise the right of freedom of expression and information;
(b) To comply with a legal obligation for the performance of a public interest task or
exercise of official authority.
(c) For public health purposes in the public interest;
(d) Archiving purposes in the public interest, scientific research historical research or
statistical purposes; or
(e) The exercise or defence of legal claims.
9 COMPLAINTS AND DISPUTES
9.1 If an individual has a complaint about our handling of their Personal Information, they
should address their complaint in writing to the details below.
9.2 If we have a dispute regarding an individual’s Personal Information, we both should
first attempt to resolve the issue directly between us.
9.3 An individual shall have the right to seek a judicial remedy where he or she considers
that his or her rights under the GDPR have been infringed as a result of the
processing of his or her Personal Information in non-compliance with the GDPR. Any
proceedings should be commenced in New South Wales, Australia, where we are
established.
9.4 If we become aware of any unauthorised access to an individual’s Personal
Information we will inform them at the earliest practical opportunity once we have
established what was accessed and how it was accessed.

10 CONTACTING INDIVIDUALS
10.1 From time to time, we may send an individual important notices, such as changes to
our terms, conditions and policies. Where such information is materially important to
the individual’s interaction with us, they may not opt out of receiving these
communications.
11 CONTACTING US
11.1 All correspondence with regards to privacy should be addressed to:
Data Protection Officer
AirAgri Pty Ltd
privacy@airagri.com.au
You may contact the Data Protection Offer via email in the first instance.

12 ADDITIONS TO THIS POLICY
12.1 If we decide to change this Privacy Policy, we will post the changes on our webpage
at https://www.airagri.com.au/. Please refer back to this Privacy Policy to review any
amendments.
12.2 We may do things in addition to what is stated in this Privacy Policy to comply with
the Australian Privacy Principles and the GDPR, and nothing in this Privacy Policy
shall deem us to have not complied with the Australian Privacy Principles and the
GDPR.