E XD Pty Ltd T/A Atelier (ABN 51 627 664 162) (we, us or our), understands that protecting your personal information is important. This Privacy Policy sets out our commitment to protecting the privacy of personal information provided to us, or collected by us, when interacting with you.

This Privacy Policy takes into account the requirements of the Privacy Act 1988 (Cth) and the Australian Privacy Principles, as well as the New Zealand Privacy Act 2020 and the Information Privacy Principles. In addition to the Australian laws, individuals located in the European Union or European Economic Area (EU) may also have rights under the General Data Protection Regulation 2016/679 and individuals located in the United Kingdom (UK) may have rights under the General Data Protection Regulation (EU) 2016/679) (UK GDPR) and the Data Protection Act 2018 (DPA 2018) (together, the GDPR). Appendix 1 outlines the details of the additional rights of individuals located in the EU and UK as well as information on how we process the personal information of individuals located in the EU and UK.

Personal information: is information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is identified or reasonably identifiable.

The types of personal information we may collect about you include:

Personal information is any information or an opinion about an identified individual or an individual who can be reasonably identified from the information or opinion. Information or an opinion may be personal information regardless of whether it is true.

• Identity Data including your name, age, profession.
• Contact Data including your telephone number, address and email.
• Financial Data including bank account and payment card details (through our third party payment processor, who stores such information and we do not have access to that information).
• Transaction Data including details about payments to you from us and from you to us and other details of products and services you have purchased from us or we have purchased from you.
• Technical and Usage Data when you access any of our websites, platforms or emails, details about your internet protocol (IP) address, login data, browser session and geo-location data, statistics on page views and sessions, device and network information, acquisition sources, search queries and/or browsing behaviour, access and use of our website (including through the use of Internet cookies or tracking pixels), and communications with our website.
• Interaction Data including information you provide to us when you participate in any interactive features, including surveys, contests, promotions, activities or events.
• Marketing and Communications Data including your preferences in receiving marketing from us and our third parties and your communication preferences.
• Professional data including where you are a worker of ours or applying for a role with us, your professional history such as your previous positions and professional experience, or whether you hold required authorisations or licences.
• Sensitive information is a sub-set of personal information that is given a higher level of protection. Sensitive information means information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation or practices, criminal records, health information or biometric information. We do not actively request sensitive information about you. If at any time we need to collect sensitive information about you, unless otherwise permitted by law, we will first obtain your consent and we will only use it as required or authorised by law.

We collect personal information in a variety of ways, including:

• when you provide it directly to us, including face-to-face, over the phone, over email, or online;
• when you complete a form, such as registering for any events or newsletters, or responding to surveys;
• when you use any website we operate (including from any analytics and cookie providers or marketing providers. See the “Cookies” section below for more detail on the use of cookies);
• from third parties;
• from publicly available sources.

We have set out below, in a table format, a description of the purposes for which we plan to collect, hold, use and disclose your personal information

Personal information: We may disclose personal information to:

• our employees, contractors and/or related entities;
• IT service providers, data storage, web-hosting and server providers;
• marketing or advertising providers;
• professional advisors, bankers, auditors, our insurers and insurance brokers;
• payment systems operators or processors;
• our existing or potential agents or business partners;
• if we merge with, or are acquired by, another company, or sell all or a portion of our assets, your personal information may be disclosed to our advisers and any prospective purchaser’s advisers and may be among the assets transferred;
• courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;
• courts, tribunals, regulatory authorities and law enforcement officers, as required or authorised by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights;
• third parties to collect and process data, such as analytics providers and cookies; and
• any other third parties as required or permitted by law, such as where we receive a subpoena.

Australian Residents

Where we disclose your personal information to third parties, those third parties may also store, transfer or access personal information outside of Australia.. We will only disclose your personal information overseas in accordance with the Australian Privacy Principles.

New Zealand Residents

Where we disclose your personal information to third parties, those third parties may store, transfer or access personal information outside of New Zealand, which may not have an equivalent level of data protection laws as those in New Zealand. Before disclosing any personal information to an overseas recipient, we will comply with Information Privacy Principle 12 and only disclose the information if:

• you have authorised the disclosure after we expressly informed you that the overseas recipient may not be required to protect the personal information in a way that, overall, provides comparable safeguards to those in the Privacy Act 2020;
• we believe the overseas recipient is subject to the Privacy Act 2020;
• we believe that the overseas recipient is subject to privacy laws that, overall, provide comparable safeguards to those in the Privacy Act 2020;
• we believe that the overseas recipient is a participant in a prescribed binding scheme;
• we believe that the overseas recipient is subject to privacy laws in a prescribed country; or
• we otherwise believe that the overseas recipient is required to protect your personal information in a way that, overall, provides comparable safeguards to those in the Privacy Act 2020 (for example pursuant to a data transfer agreement entered into between us and the overseas recipient).

Your choice: Please read this Privacy Policy carefully. If you provide personal information to us, you understand we will collect, hold, use and disclose your personal information in accordance with this Privacy Policy. You do not have to provide personal information to us, however, if you do not, it may affect our ability to work with you as a customer or supplier of our business.

Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.

Restrict and unsubscribe: To object to processing for direct marketing/unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.

Access: You may request access to the personal information that we hold about you. An administrative fee may be payable for the provision of such information. Please note, in some situations, we may be legally permitted to withhold access to your personal information. If we cannot provide access to your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal. If we can provide access to your information in another form that still meets your needs, then we will take reasonable steps to give you such access.

Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to promptly correct any information found to be inaccurate, out of date, incomplete, irrelevant or misleading. Please note, in some situations, we may be legally permitted to not correct your personal information. If we cannot correct your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal.

Complaints: If you wish to make a complaint, please contact us using the details below and provide us with full details of the complaint. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take in response to your complaint. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (if you are an Australian resident), or the Office of the New Zealand Privacy Commissioner (if you are a New Zealand resident).

We are committed to ensuring that the personal information we collect is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures, to safeguard and secure personal information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.

While we are committed to security, we cannot guarantee the security of any information that is transmitted to or by us over the Internet. The transmission and exchange of information is carried out at your own risk.

We may enable you to post reviews, comments, photos and other user-generated content. Any content you choose to submit will be accessible by anyone, including third parties not associated with us. We have no control over how others may use or misuse information you make publicly available. We are not responsible for the privacy, security or accuracy of any user-generated content you choose to post or for the use or misuse of that information by any third parties.

We may use cookies, tracking pixels and similar technologies on our website and in our emails from time to time. Cookies are text files placed in your computer's browser to store your preferences. Tracking pixels are tiny, invisible images (typically the size of one pixel) embedded in web pages or emails. Cookies and tracking pixels, by themselves, do not tell us your email address or other personally identifiable information. However, they do recognise you when you return to our online website and allow third parties to cause our advertisements to appear on your social media and online media feeds as part of our retargeting campaigns. If and when you choose to provide our online website with personal information, this information may be linked to the data stored in the cookie or collected by tracking pixels. Unlike cookies, tracking pixels do not store any information on your device, but instead send information to our servers when the pixel is loaded.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies.

You can block tracking pixels by using ad-blocking or privacy-focused browser extensions. Some email providers allow you to block images by default, which can prevent tracking pixels in emails from loading.

However, if you use your browser settings to block all cookies (including essential cookies) and tracking pixels you may not be able to access all or parts of our website and you may not receive personalised content.

Google Analytics: We may use Google Analytics Advertising Features. We and third-party vendors may use first-party cookies (such as the Google Analytics cookie) or other first-party identifiers, and third-party cookies (such as Google advertising cookies) or other third-party identifiers together. These cookies and identifiers may collect Technical and Usage Data about you.

You can opt-out of Google Analytics Advertising Features including using a Google Analytics Opt-out Browser add-on found here. To opt-out of personalised ad delivery on the Google content network, please visit Google’s Ads Preferences Manager here or if you wish to opt-out permanently even when all cookies are deleted from your browser you can install their plugin here. To opt out of interest-based ads on mobile devices, please follow these instructions for your mobile device: On android open the Google Settings app on your device and select “ads” to control the settings. On iOS devices with iOS 6 and above use Apple’s advertising identifier. To learn more about limiting ad tracking using this identifier, visit the settings menu on your device.

To find out how Google uses data when you use third party websites or applications, please see here

Facebook/Meta Analytics: We may use tools provided by Meta, such as the Meta Pixel, advanced matching, and Conversions API. These allow us to measure ad performance and deliver ads that may be relevant to you on Meta platforms based on your activity on our website/app. You can control whether we can join data from third party partners with your Meta account for ads by adjusting your preferences within Meta's settings. You can disconnect this data from your Meta account by changing your settings for Off-Facebook activity. For more information, please see Meta's Privacy Policy here

Our website may contain links to other party’s websites. We do not have any control over those websites and we are not responsible for the protection and privacy of any personal information which you provide whilst visiting those websites. Those websites are not governed by this Privacy Policy.

Overview: We may use artificial intelligence and machine learning technologies, including AI Technologies provided by third parties (AI Technologies) in our business operations and the provision of our Services. We will only use AI Technologies when legally permitted and necessary for our business operations.

How we use AI Technologies: We may use AI Technologies for the following purposes:

• to assist in providing our services to you;
• to conduct analysis and processing;
• to generate and modify content and coding;
• to improve and optimise our services and operations;
• to automate certain processes and communications, such as routine tasks;
• to personalise your experience with our services;
• for quality assurance purposes; and
• to assist with customer support and queries.

Data Protection and Security: Where we use service providers who provide AI Technologies to us, we will take reasonable steps to ensure that such service providers handle your personal information according to privacy law, including by ensuring that we have contracts in place requiring the service provider to protect personal information.

We will not input your personal information into any platform provided by an AI Technology service provider which then trains its model based on that information. We understand you will not manually input your personal information as part of use of the service.

Your Rights and our Commitments: We will treat information generated or inferred by the AI Technologies about individuals as personal information and you maintain all rights over your personal information as outlined in this privacy policy, regardless of whether AI Technologies are used in processing. When using AI Technologies with your personal information:

• Transparency and control: we will inform you when AI Technologies are being used to make decisions that may significantly affect you. We will implement processes to verify the accuracy of AI-generated outputs and we will take reasonable steps to maintain human oversight and review of significant AI-generated decisions. Our staff are trained to understand the limitations of AI systems and verify outputs before they are relied upon; and
• Security: we implement appropriate technical and organisational measures to ensure that our use of AI Technologies maintains the security and integrity of your personal information. This includes regular testing and monitoring of AI outputs for accuracy and reliability; and
• Risk mitigation: We regularly assess and document the risks associated with our use of AI Technologies in processing personal information and implement appropriate mitigation measures. This includes ongoing monitoring of AI Technologies and regular reviews of their performance and impact.

If you are a resident of California, the processing of your personal data by us is likely to be subject to the California Consumer Privacy Act (CCPA) which provides you with certain enhanced privacy rights which should be read in conjunction with this Privacy Policy.

As a resident of California, the CCPA says that you have the right:

1. to know what Personal Information has been collected, used, and disclosed by us over the prior 12 months;
2. to delete Personal Information held by us, subject to certain exceptions;
3. to opt-out of sale of Personal Information. Consumers are able to direct a business that sells Personal Information to stop selling that information. Children under the age of 16 must provide opt in consent, with a parent or guardian consenting for children under 13; and
4. to non-discrimination in terms of price or service when a consumer exercises a privacy right under CCPA

We do not sell Personal Information to third parties. We do permit third parties to collect information for the business purposes described in this Privacy Policy.

California's "Shine the Light" law (Civil Code Section § 1798.83) also permits California residents to request certain information regarding our disclosure of their Personal Information to third parties for their direct marketing purposes.

To exercise one of the above rights or to find out further information about how we handle your Personal Information, please contact the Data Protection/Privacy Officer via services@atelier.co using the email subject line 'California Resident Privacy Request'.

We may, at any time and at our discretion, vary this Privacy Policy by publishing the amended Privacy Policy on our website. We recommend you check our website regularly to ensure you are aware of our current Privacy Policy.

E XD Pty Ltd T/A Atelier (ABN 51 627 664 162)

Email: legal@atelier.co