This Privacy Policy is current as of 6^th November 2023.

This Policy has been adopted by and applies to, each of the BoardRoom Group Australian companies¹ (hereinafter "BoardRoom", "we" or "us") . BoardRoom provides a comprehensive range of services to public companies (both listed and unlisted), managed investment schemes and trusts (both listed and unlisted),, proprietary limited companies and and some member-based organisations. In providing these services we collect information from and about you. This information is essential for us to deliver our services; if you choose not to provide it, we will not be able to provide our services to you.

As required by law, we comply with the Australian Privacy Principles contained in the Privacy Act 1988 (Cth). This Privacy Policy outlines how BoardRoom collects, manages, uses and safeguards your personal information. Protecting personal information provided to us is important and integral to our business philosophy and ethics.

By accessing the BoardRoom website (http://www.boardroomlimited.com.au), or by using our services, you are agreeing to be bound by the terms of this policy and by the Terms of Use.

BoardRoom provides the following services:

Securities registry management

• We maintain registers of securities, which includes maintaining registers of names and addresses of securityholders.
• We facilitate communications between issuers and securityholders.
• We facilitate payment of dividends and distributions to securityholders.
• We handle securityholder enquiries.

Employee equity plan management

• We administer employee equity plans on behalf of our clients.
• We facilitate communications between our clients and their employees in relation to employee equity plans.
• We facilitate payment of dividends and distributions to participants in an employee equity plan we administer.
• We handle enquiries from participants regarding the employee equity plans in which they participate.

Corporate secretarial and governance support

• We provide administrative support to incumbent corporate secretaries and governance professionals.
• BoardRoom staff can be named as company secretary for proprietary limited or public companies.
• We can undertake a review and, where applicable, make recommendations for improvement of, existing corporate secretarial and governance practices.

Payroll administration

• We provide a range of services in this area, from basic record keeping to processing employee payments.

In our capacity as a securities registrar, employee equity plan administrator, provider of company secretarial and governance services and payroll administrator, BoardRoom collects personal information including:

• name and address details;
• securityholding or plan participation details;
• securityholding balances;
• bank account details;
• tax file numbers;
• dates of birth;
• telephone numbers;
• email addresses;
• broker or advisor details;
• ID Documents; and
• Asset Documentation

We only collect personal information when we need it in order to provide our services. If you do not provide us with the information we need, we may not be able to provide services to you.

Personal information

In the course of maintaining securities registers and administering employee equity plans, we may receive personal information directly from securityholders or employee equity plan participants. This may be:

• during interactions with our customer service representatives
• on paper or electronic documents provided to us, such as application forms, advices of banking instructions or tax file numbers, or statutory declarations
• through our online internet-based facilities

We may also receive information from the following sources:

• issuers for who we provide security registrar or employee share plan administration services
• securities exchanges
• stockbrokers or financial advisors
• users of the internet-based facilities offered by BoardRoom
• clients who use our payroll administration services or the employees of those clients
• directors and/or other officers of companies to which we provide company secretarial services

The security, integrity, and confidentiality of your information is very important to us. Personal information we collect is stored in secure electronic databases which are managed by BoardRoom and, where applicable, on paper documents. Any information on paper documents is stored in secure, offsite storage facilities for a period of time determined by law or in accordance with our client's instructions.

The databases and offsite storage facilities are both located within Australia. BoardRoom has implemented technical, procedural and physical security measures that are designed to protect your information from misuse, interference and loss and from unauthorised access, modification or disclosure.

In addition to the measures noted above, BoardRoom has implemented policies which require employees to keep secure and confidential, any personal information they access as a result of their employment. BoardRoom also requires its employees to annually complete training in relation to privacy and information security.

We will not adopt as our own any identifiers (such as your Tax File Number) that you may provide to us.

The nature of the services we provide and the regulatory requirements applicable to some of the information we collect, does not allow us to enable the anonymisation of personal information we hold.

We use cookies and log files on our web portals to enhance their functionality. A cookie is a small text file that our websites may place on your computer to collect information such as your internet protocol address, your computer’s operating system, and the browser you are using. We use this information to monitor service usage and to optimise the delivery of our services to you. You may adjust your internet browser to disable cookies or to inform you when one is being used. If you choose to disable cookies, you may be unable to access certain areas of our website.

Sometimes our website contains links to external websites for convenience and information. These websites are not managed by BoardRoom and we cannot be responsible for their privacy practices. You should refer to the privacy policy of the provider of the external website for information concerning their privacy practices.

Providing services to you

Personal information is collected and used to provide additional services related to the initial purpose for which your personal information was collected. The services for which we require personal information include the following:

• maintaining security registers, which issuers of securities are obliged to maintain under the Corporations Act 2001 (Cth) ("Corporations Act")
• providing services related to registry and employee equity plan administration, including dividend and distribution payments and corporate communications
• providing services relating to voting management, including distribution of voting information, collection and recording of votes, and counting of votes
• facilitating BoardRoom's and our clients' compliance with legal and regulatory requirements.

Disclosing personal information

BoardRoom does not sell, trade, lease or rent personal information.

We may be required or authorised by law to disclose information to law enforcement agencies, government agencies, and courts. This may happen for a number of reasons, including to prevent or investigate an actual or suspected crime or fraud.

We may also disclose personal information to organisations with whom we have professional relationships, including:

• the issuer of the securities you hold
• regulatory authorities, including the ATO
• authorised security brokers or financial advisors
• external service providers, such as printers and mail houses, who assist BoardRoom in providing services

If, in accordance with the provisions of the Corporations Act, the issuer of the securities you hold (including where you hold securities as a participant in an employee equity scheme) approves, you may be sent marketing material in addition to general corporate communications. You may elect not to receive marketing material by contacting BoardRoom.

Cross border data transfers

Unless we are required to by law, BoardRoom will not disclose personal information to an overseas recipient. However, if requested by one of our clients, a related party of BoardRoom wherever situated (including in Hong Kong, Malaysia, Singapore and China) may use personal information that we have collected in order to assist us in providing services to the client who made the request.

Your rights if you are in the EU

As provided for in the General Data Protection Regulation, you have the right to access your data; to correct or rectify your data; to delete your data subject to applicable law; to have your data processed only in accordance with applicable law; to have copies of your data to be moved to another controller; to object to our processing your data otherwise than in accordance with the law; and to withdraw any consent to our processing your data at any time. Please contact our Privacy Office to exercise any of those rights.

You have the right to access, correct and update the personal information that we hold about you. To protect the privacy and integrity of our records, BoardRoom may require you prove your identity before we can disclose, correct or update personal information.

Some personal information may be stored in our archives. These are not current records. If you wish to request information from our archives, you may be asked to complete a personal information request form. We may charge you a fee for this service, but we will inform you at the time of your request if a fee is required.

For updates to name and address details related to participant-sponsored CHESS holdings, you must contact your sponsoring participant.

We may amend this Privacy Policy from time to time in order to take account of changes to legislation, or if we make changes to any of our practices that affect how we collect and store information. BoardRoom reserves the right to change this Privacy Policy at any time without notification to you.

If you have any questions or comments about our Privacy Policy or if you wish to make a complaint about how we have handled personal information about you, please contact BoardRoom’s Privacy Officer who will try to resolve the matter within ten (10) business days. If we are unable to resolve the matter within that time, we will contact you to let you know how long it will take to resolve the complaint or, if more appropriate, suggest the matter be referred to the Privacy Commissioner. BoardRoom’s Privacy Officer contact details are:

privacyofficer@boardroomlimited.com.au

or

¹ The BoardRoom Group Australia companies are Boardroom Holdings Australia Pty Ltd ACN 145 369 295, Newreg Pty Ltd ACN 125 082 804, Boardroom Pty Limited ACN 003 209 836 AFSL No. 533383, Boardroom (Victoria) Pty Limited ACN 110 851 333, Boardroom Financial Services Pty Limited ACN 136 781 443 AFSL No. 338301, Boardroom Integrate Pty Limited ACN 097 300 377, Boardworx Pty Ltd ACN 144 036 911, Corporate Counsel Pty Ltd ACN 118 343 687], and Registries Pty Limited ACN 002 936 496.