HENRY HAYMES PTY LTD

(“Haymes”)

PRIVACY POLICY

At Haymes, we recognise the importance of your privacy and understand your concerns about the security of the data you provide to us. Where we collect personal information and credit-related information from you or about you, we comply with the Australian Privacy Principles (“APPs”), the Credit Reporting Regime and the Credit Reporting Privacy Code (“CR Code”) as contained in the Privacy Act 1988 (Cth).

The APPs, the Credit Reporting Regime and the CR Code specifically detail how personal and credit information may be collected, used, disclosed, stored and destroyed, and how you may gain access to or make complaints about the personal and credit information held about you.

“Personal information” is information or an opinion about an identified individual, or about an individual who is reasonably identifiable.

“Sensitive Information”, a sub-set of personal information, is information or an opinion about specific matters, such as your professional or trade association membership, or trade union membership, etc.

“Credit Information” includes a range of information and matters relating to your personal credit history and credit worthiness. It also includes “Credit Eligibility Information”, which is information and assessments compiled based on your credit information.

This policy details how Haymes manages personal information, credit information and credit eligibility information about you, whether collected in person, in hard copy or online.

In the course of doing business, we endeavour to collect business information only. However, the collection of personal information and credit information in some instances is necessary or unavoidable.

What information we collect and hold

The kinds of personal information we collect from you or about you depend on the transaction you have entered into with us, the goods / services you or your organisation have contracted us to provide, and the goods / services you or your organisation are interested in.

The kinds of personal information that we commonly collect and hold from you or about you include: your name, address, phone, fax and mobile numbers, email address, date of birth, drivers licence details, bank account details, credit card details, gender, professional or trade association membership, occupation, education, demographic profile, next of kin including spouse and children’s names, social interests, photograph and video footage. When you browse our website or contact us electronically, our internet service provider also records: your server address, your top level domain name (for example, .com, .gov, .au etc), the date and time of your visit to the site, the pages you have accessed and the documents / files downloaded, the type of browser you are using, geographical tagging, session and persistent cookies, and statistical data.

We will collect credit information from you or about you, if:

• if you are a sole trader, a member of a partnership or an individual trustee, and you apply for a commercial credit account with us; or

• you are or propose to become a guarantor for someone else’s commercial credit account with us.

The kinds of credit information we commonly collect and hold from you or about you include: your name, alias or previous names, date of birth, gender, drivers licence details, current and 2 previous residential addresses, and name of your current employer.

We collect and hold information relating to your personal current credit liabilities, previous credit payments and defaults, current and previous Court proceedings and insolvency actions against you and information about your credit worthiness. This credit information may relate to both consumer and/or commercial credit.

We hold reports and information disclosed to us by a credit reporting body (such as Veda or Dun & Bradstreet). We also compile our own, internal credit file about you on the basis of such information. This information relates to an assessment of your personal credit worthiness.

How we collect and hold information

We aim to collect personal information only directly from you, unless it is unreasonable or impracticable for us to do so. For example, we collect personal information from you or about you from correspondence, application forms and contracts that you submit to us, telephone calls with us, from your activity on our website and other social media platforms, from promotional material, and from your participation in competitions.

However, in some instances we may receive personal information about you from third parties, such as buying groups of which you are a member.

You can be anonymous or use a pseudonym when dealing with us, unless:

• the use of your true identity is a legal requirement; or

• it is impracticable for us to deal with you on such basis.

We will collect credit information directly from you (eg. from credit account application forms that you submit to us). We will also collect credit information about you from specific requests that we make to credit reporting bodies. In some instances, we may receive credit information about you from other credit providers with whom you deal.

Credit eligibility information will be disclosed to us by credit reporting bodies in response to our request.

Why we collect, hold, use and disclose information

We collect, hold, use and disclose personal information from you or about you where it is reasonably necessary for us to carry out our business functions and activities. For example, we collect, hold, use and disclose your personal information as necessary to provide our goods and services to you or your organisation.

Our business works closely with a network of stockists. We routinely disclose your personal information to these third parties for them to assist us in carrying out our business functions and activities. We may also disclose your personal information to our online learning and training partners in specific circumstances.

We may collect sensitive information from you or about you where there is a legal requirement to do so, or where we are otherwise permitted by law. In all other situations, we will specifically seek your consent.

If we do not collect, hold, use or disclose your personal information, or if you do not consent, then we may not be able to answer your enquiry, complete the transaction you have entered into, or provide the goods / services that you or your organisation have contracted us to provide.

We also collect, hold, use and disclose your personal information for related purposes that you would reasonably expect, such as our administrative and accounting functions, fraud checks, providing you with information about other goods / services offered by us, marketing and promotions, trade competitions, market research, warranty claims, newsletter communications, statistical collation and website traffic analysis.

Where we wish to use or disclose your personal information for other purposes, we will obtain your consent.

Where we use your personal information for marketing and promotional communications, you can opt out at any time by notifying us. Opt out procedures are also included in our marketing communications.

We may also disclose your personal information to third parties (including government departments and enforcement bodies) where required or permitted by law.

Where you are an individual, sole trader, member of a partnership or individual trustee, we collect, hold, use and disclose credit information and credit eligibility information about you for the purposes of assessing your application for a commercial credit account with us, and for collecting overdue payments.

If you are a guarantor or proposed guarantor for someone else’s credit account, we collect, hold, use and disclose credit information and credit eligibility information about you for the purpose of assessing your suitability as a guarantor, and (if necessary) for enforcing the guarantee and collecting payments owed to us.

We will disclose credit information about you to credit reporting bodies for purposes related to assessing your credit worthiness, and reporting on payment defaults.

We may disclose credit eligibility information to other credit providers and to guarantors, where we have obtained your consent.

We may also disclose credit eligibility information to third parties (including debt collectors, government departments and enforcement bodies) where required or permitted by law.

How we hold and store information

Your personal information, credit information and credit eligibility information is held and stored on paper, by electronic means or both. We have physical, electronic and procedural safeguards in place and take reasonable steps to ensure that your personal information, credit information and credit eligibility information is protected from misuse, interference, loss and unauthorized access, modification and disclosure:

• Data held and stored on paper is stored in lockable filing cabinets and secure premises with monitored alarms.

• Data held and stored electronically is protected by internal and external firewalls, limited access via file passwords, and files designated read-only or no access.

• Data held and stored “in the cloud” is protected by internal and external firewalls, limited access via file passwords, and files designated read-only or no access. We also require our IT contractors and other third parties to implement privacy safeguards.

• Data stored or archived off-site is contained within secure facilities. We also require our storage contractors to implement privacy safeguards.

• Where we disclose data to third parties (including contractors and affiliated businesses located locally and overseas), our contractual arrangements with them include specific privacy requirements.

• Our staff receive regular training on privacy procedures.

Destruction and De-identification

We will retain your personal information, credit information and credit eligibility information whilst it is required for any of our business functions, or for any other lawful purpose.

We use secure methods to destroy or to permanently de-identify your personal information, credit information and credit eligibility information when it is no longer needed:

• Paper records are commonly sent for secure destruction.

• Electronic records are deleted from all locations, to the best of our ability, or encrypted and/or placed beyond use.

Overseas disclosure

We do not disclose your personal information, credit information or credit eligibility information to overseas recipients.

Requests for access and correction

We have procedures in place for dealing with and responding to requests for access to, and correction of, the personal information, credit information and credit eligibility information held about you.

In most cases, we expect that we will be able to comply with your request. However, if we do not agree to provide you access or to correct the information as requested, we will give you written reasons why. For further information, please see our Privacy Access, Correction & Complaints brochure or contact us at privacy@haymespaint.com.au.

To assist us to keep our records up-to-date, please notify us of any changes to your personal information.

Complaints and Concerns

We have procedures in place for dealing with complaints and concerns about our practices in relation to the Privacy Act, the APPs and the CR Code. We will respond to your complaint in accordance with the Privacy Act, the APPs or the CR Code (as applicable). For further information, please see our Privacy Access, Correction & Complaints brochure or contact us at privacy@haymespaint.com.au

Contact

Privacy Officer

Henry Haymes Pty Ltd

PO Box 167

WENDOUREE VIC 3355

Freecall: 1800 033 431

Freefax: 1800 801 892

Email: privacy@haymespaint.com.au

April 2014