PRIVACY POLICY

MANAGEMENT OF PERSONAL INFORMATION

Welcome to GAN's Privacy Policy. At GAN, we recognise the importance of your privacy and understand your concerns about the security of the personal information you provide to us. We comply with the Australian Privacy Principles (APPs) as contained in the Privacy Act 1988 (Cth). The APPs detail how personal information may be collected, used, disclosed, stored and destroyed, and how an individual may gain access to or make complaints about the personal information held about them.

“Personal information” is information or an opinion about an identified individual, or about an individual who is reasonably identifiable.

“Sensitive information”, a sub-set of personal information, is information or an opinion about an individual’s racial or ethnic origin, political opinions, political association membership, religious beliefs or affiliations, philosophical beliefs, professional or trade association membership, trade union membership, sexual orientation or practices or criminal record, and includes health information and genetic information.

This Privacy Policy details how GAN manages personal information about you.

What personal information we collect and hold

The kinds of personal information we collect from you or about you depend on the transaction you have entered into with us, the goods and services you or your organisation have contracted us to provide, and the goods and services you or your organisation are interested in.

The kinds of personal information that we commonly collect and hold from you or about you include: your name, address, phone and fax numbers, email address, credit card and banking details, professional or trade membership details.

How we collect and hold personal information

We aim to collect personal information only directly from you, unless it is unreasonable or impracticable for us to do so. For example, we may collect personal information from you through our email enquiry form online, letters, newsletter subscriptions, emails, account set up, enquiries and contracts for the purchase of our goods and services and participation in any marketing events and competitions we run.

We may also receive personal information about you from third parties, including our business affiliates and trade associations, and the informal credit checks we undertake where appropriate with other trade suppliers.

You can be anonymous or use a pseudonym when dealing with us, unless:

• the use of your true identity is a legal requirement; or

• it is impracticable for us to deal with you on such basis.

Why we collect, hold, use and disclose personal information

We collect, hold, use and disclose personal information from you or about you where it is reasonably necessary for us to carry out our business functions and activities. For example, we collect, hold, use and disclose your personal information as necessary to administer or complete a transaction relating to a purchase of our goods and services by you, for administration and accounting purposes associated with providing you with our goods and services, undertaking informal credit checks with trade suppliers, for statistical and data collection purposes (i.e. to identify geographical locations where our customers are installing our goods), to lodge an entry on the PPSR (where applicable), providing you with information about other goods and services offered by us, marketing and promotions, market research, newsletter communications and website traffic analysis. This disclosure includes disclosure between GAN stores across Australia and may in the future include disclosure to related entities that form part of the GAN group.

Personal information about you is used by our employees and sub-contractors in transit for the purposes of delivering GAN goods and services. Personal information in transit may be loaded onto mobile phones, laptops or retained in physical form. Physical and electronic files consist of name, address, site photographs and phone number only.

Generally, we do not collect sensitive information other than information relating to any professional or trade memberships you may hold. We may collect other sensitive information from you or about you where there is a legal requirement to do so, or where we are otherwise permitted by law. In all other situations, we will specifically seek your consent.

If we do not collect, hold, use or disclose your personal information, or if you do not provide your consent, then we may not be able to answer your enquiry, complete the transaction you have entered into, or provide the good and services that you or your organisation have contracted us to provide.

Where we wish to use or disclose your personal information for other purposes, we will obtain your consent.

Where we use your personal information for marketing and promotional communications, you can opt out at any time by notifying us. Opt out procedures are also included in our marketing communications.

We disclose personal information relating to your name, address, telephone number and email address to sub-contractors who carry out installation work for GAN. We may also disclose your personal information to third parties (including government departments and enforcement bodies) where required or permitted by law.

How we hold and store personal information

Your personal information is held and stored on paper, by electronic means or both. We have physical, electronic and procedural safeguards in place for personal information and take reasonable steps to ensure that your personal information is protected from misuse, interference, loss and unauthorised access, modification and disclosure. Our staff members receive regular training on privacy procedures.

Destruction and de-identification

We will retain your personal information whilst it is required for any of our business functions, or for any other lawful purpose.

We use secure methods to destroy your personal information when it is no longer needed.

Overseas disclosure

Our business is Australian owned and operated. Should GAN become affiliated with an overseas organisation, we will not disclose your personal information to that overseas recipient unless:

• it is necessary to complete the transaction you have entered into, including retaining such historical information for our business; and

• you have provided consent; or

• we believe on reasonable grounds that the overseas recipient is required to deal with your personal information by enforceable laws which are similar to the requirements under the APPs; or

• it is otherwise permitted by law.

We store electronic personal information using a database server located in the US.

Requests for access and correction

We have procedures in place for dealing with and responding to requests for access to, and correction of, the personal information held about you.

In most cases, we expect that we will be able to comply with your request. However, if we do not agree to provide you access or to correct the information as requested, we will give you written reasons for our decision. For further information, please contact us at privacy@gan.com.au.

To assist us to keep our records up-to-date, please notify us at privacy@gan.com.au of any changes to your personal information.

Complaints and concerns

We have procedures in place for dealing with complaints and concerns about our practices in relation to the Privacy Act and the APPs. We will respond to your complaint in accordance with the relevant provisions of the APPs. For further information, please contact us at privacy@gan.com.au.

Contact

GAN's Privacy Officer

Gardens At Night (Aust) Pty Ltd

1316 Malvern Road

MALVERN VIC 3144

Telephone: 03 9824 4937

Email: privacy@gan.com.au