Privacy policy

1.1 Commitment

Central to the success of Touch Networks Pty Ltd (“Touch Networks” or “the Company”) is
the Company’s commitment to its partners and customers. Touch Networks recognises that
Personal Information is important to such parties and that they have a right of control over
their information. Touch Networks honours without reservation its obligation to respect and
protect the privacy of the Personal Information of individuals with whom it deals.
Unless consent is provided to act otherwise, the following policies shall govern how Touch
Networks handles Personal Information.

1.2 General

This Privacy Policy sets out the approach which Touch Networks will take in relation to the
treatment of Personal Information. It includes information on how Touch Networks collects,
uses, discloses and keeps secure, individuals' Personal Information. In addition, it covers
the way in which Touch Networks makes the Personal Information it holds available for
access to and correction by the individual.

1.3 Standards

Refer to the Privacy Act for legislative information.

1.4 Collection of information

Touch Networks shall not collect or monitor any Personal Information without consent,
unless collection and monitoring of Personal Information is necessary for the following
reasons:

• because it is required by law; or
• in order to provide its partners and customers with a service that they have requested
  from Touch Networks; or
• in order to protect the rights or property of Touch Networks, or a partner or customer of
  Touch Networks, or any member of the public; or

in order to lessen a serious threat to a person's health or safety.

In addition, Touch Networks may receive Personal Information from the operation of the
various Touch Electronic Service Delivery Systems. The type and extent of the information
collected will vary according to the services provided by each ESDS. In all cases, Touch
shall only collect and retain information relevant to a partner’s or customer’s use of the ESDS.

1.5 Using and disclosing personal information

The Personal Information which individuals provide Touch Networks may be used for a
number of purposes connected with the Company’s business operations, which include:

• processing an order placed by a customer;
• providing a customer with Products and/or Services requested;
• billing a customer or administering a customer’s account;
• dealing with requests, enquiries or complaints and other customer care related activities;
• carrying out market and product analysis and marketing our products and services
  generally;
• contacting a customer about Touch Networks’ products and services;
• registering a customer’s details and allocating or offering the customer rewards, discounts or other benefits; and
• carrying out any activity in connection with a legal, governmental or regulatory requirement on Touch Networks or in connection with legal proceedings, crime or fraud
  prevention, detection or prosecution.

In addition, Touch Networks may use a customer’s Personal Information for purposes
related to those described above which would be reasonably expected by the customer.

Touch will not use or disclose any Personal Information without consent unless the usage
and disclosure of the Personal Information is necessary for the following reasons:

• because Touch Networks is required by law to do so; or
• in order to provide partners and customers with a service which they have requested; or
• in order to protect the rights or property of Touch Networks, or a partner or customer, or any member of the public; or
• in order to lessen a serious threat to a person's health or safety.

Touch will not:

• trade, sell, license or use Personal Information collected through an ESDS for commercial marketing purposes; or
• use Personal Information collected through an ESDS for purposes unrelated to the services offered by the ESDS; or
• use a customer’s Personal Information for purposes other than described above unless Touch Networks has the consent of the customer, or where there are specified law
  enforcement or public health and safety reasons; or

1.6 Storage and security of Personal Information

Touch Networks will take all reasonable steps to ensure that Personal Information which it

collects, uses or discloses is accurate, complete, up-to-date and stored in a secure
environment protected from unauthorised access, modification or disclosure.
The Personal Information is stored on secure servers if in digital format, or in locked areas if
in hardcopy format: these repositories are protected in controlled facilities. In some cases
these facilities may be overseas. Touch Networks employees and data processors are
obliged to respect the confidentiality of any Personal Information held by Touch Networks.
However, security of communications over the Internet cannot be guaranteed, and therefore
absolute assurance that information will be secure at all times cannot be given. Touch
Networks will not be held responsible for events arising from unauthorised access to
Personal Information.

1.7 Individual’s right to access

Individuals have the right to review the information that may be recorded on Touch
Networks’ database. Each individual’s Personal Information may be reviewed by contacting
Touch Networks (details below).

Upon an individual’s request, Touch Networks will provide access to his or her Personal
Information, except in certain prescribed circumstances, including emergency situations,
specified business imperatives and law enforcement or other public interests.
Personal Information contained on Touch Networks’ database may be amended by
contacting Touch Networks on its details below. Similarly, an individual may make a request
for his or her Personal Information to be deleted from Touch Networks’ database. Upon
such a request, Touch Networks will take all reasonable steps to delete the Personal
Information, except where it is required by law not to do so.

1.8 Employees

Touch Networks will ensure that its employees are required to read this policy, and to
acknowledge that they have done so.

1.9 Changes in policy

Touch reserves the right to modify this privacy policy at any time. Notification of any such
changes to this privacy policy will be posted on the Touch Networks corporate website. It is
recommended that partners and customers of Touch Networks frequently check for updates
made to the privacy policy.

1.10 More information

If you have any queries about this privacy policy, please contact Touch Networks as follows:

Email: privacy@touchnetworks.com.au
Telephone: +613 9018 6824.

For more information about privacy issues in Australia, visit the Australian Federal Privacy
Commissioner's website at ‘http://www.privacy.org.au’.

2 Glossary

Electronic Service Delivery Systems or ESDS means an electronic system created by
Touch Networks that may collect Personal Information during the course of providing a
service to a partner or customer.

Personal Information means information or an opinion (including information or an opinion
forming part of a database), whether true or not and whether recorded in a material form or
not, about an individual whose identity is apparent, or can reasonably be ascertained from
the information or opinion, which is in the possession of Touch Networks.
Privacy Act means the Privacy Amendment (Private Sector) Act 2000.