Atlas Arteria Limited (ATLAX), Atlas Arteria International Limited (ATLIX) and their respective subsidiaries and affiliates (hereinafter collectively referred to as Atlas Arteria, we, our or us) recognise the importance of protecting your Personal Information.
This policy explains how we:
- collect, store and use your Personal Information in compliance with applicable data protection law, which may include the Privacy Act 1988 (Cth) (the Privacy Act), the General Data Protection Regulation (EU) 2016/679 (EU GDPR), the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (UK GDPR), as well as any privacy laws applicable in the countries where we operate; and
- manage your Personal Information, including our obligations and your rights in respect of our dealings with your Personal Information.
In this policy, ‘Personal Information’ means information or an opinion about an identified individual (whether true or not), or an individual who is reasonably identifiable, directly or indirectly, and any other information that is deemed Personal Information under applicable law.
2. GENERAL PRINCIPLES
To the extent required by applicable law, whenever we collect Personal Information, we will:
- provide timely and appropriate notice to you about our data practices;
- collect your Personal Information only for specified and legitimate purposes. The information we collect will be relevant, adequate and not excessive for the purposes for which it is collected;
- process your Personal Information in a manner consistent with the purposes for which it was originally collected or to which you have subsequently consented;
- take reasonable steps to ensure that your Personal Information is reliable for its intended use, accurate, complete, and, where necessary, kept up to date;
- not use your Personal Information for direct marketing purposes without giving you an opportunity to “opt-out”; and
- take appropriate measures, by contract or otherwise, to provide adequate protection for Personal Information that is disclosed to a third party or transferred to another country, including transfers within Atlas Arteria.
3. COLLECTION OF PERSONAL INFORMATION
3.1. How we collect Personal Information
We aim to collect Personal Information only directly from you unless it is unreasonable or impracticable to do so. For example, we may collect your Personal Information from you, when you request information from us, communicate with us through correspondence, email, over the phone or in face-to-face meetings, as well as from your activity on our website.
Sometimes we may collect Personal Information about you from other people or organisations. This may happen without your direct involvement. For example, we may collect Personal Information about you from other Atlas Arteria related bodies corporate; other organisations, or third-party social media platforms, such as “LinkedIn”.
Type of Personal Information we collect
The types of Personal Information we collect will vary depending on the purpose(s) for which it is collected. For example, in each of the instances above, we may collect your:
| || || |
Generally, we do not collect sensitive information about you, unless required or permitted by applicable laws or where you consent for us to do so.
‘Sensitive Information’ includes information relating to racial or ethnic origin; criminal history; political opinions or associations; religious or philosophical beliefs; sexual preferences; criminal record; trade union membership or associations; health or genetic information; and some aspects of biometric information.
If you do not provide us with your Personal Information, we may be unable to engage with you further in relation to the activities outlined above.
4. USE AND DISCLOSURE OF PERSONAL INFORMATION
4.1. The purpose for which Personal Information is collected, used and disclosed
We only collect Personal Information that is necessary to perform our business functions, such as:
- managing our relationship with you (including investors in and suppliers of Atlas Arteria);
- fulfilling our legal obligations under applicable laws and rules, such as those relating to Anti-Money Laundering and Counterterrorism Financing;
- managing your registration to an online or in-person Annual General Meeting or Investor Webinar/presentation; and
- enabling you to apply for employment with Atlas Arteria. Please refer to the Candidate Privacy Notices referred to above for information.
We only use and disclose Personal Information about you for the purpose for which it was disclosed to us, or where without your permission, for related purposes which should reasonably be expected.
Neither we, nor our service providers use or share any of the above-mentioned information for any purpose other than the administration of your relationship with Atlas Arteria or as otherwise disclosed when the relevant information was collected.
4.2 Direct marketing
If you have registered your interest, we may send you direct marketing communications and information about our Annual General Meeting or Investor Webinars and presentations that we think may interest you. This may take the form of an email, mail or another form of communication.
Where required by applicable law, we will only send you an email or other communication with your consent.
4.3 Disclosure to third parties
- third party suppliers and service providers (including providers for the operation, optimisation or promotion of our website and/or our business) for the purposes for which we have advised you that we are collecting it, and for related purposes that would reasonably be expected in the circumstances;
- anyone to whom our assets or businesses (or any part of them) may be transferred; or
- any other persons, including government agencies, regulatory bodies, courts, tribunals, law enforcement agencies, arbitrators, mediators or conciliators, as required, authorised or permitted by law (such as those relating to Anti-Money Laundering and Counterterrorism Financing).
4.4 Disclosure overseas
Atlas Arteria is headquartered in Australia but has subsidiaries and suppliers across the world. In the normal course of our business, your Personal Information may therefore be transferred to other regions than the region in which it was initially collected. We ensure that necessary and reasonable measures are in place to ensure that such transfer takes place in compliance with the APPs or other applicable data protection laws with similar effect.
5. STORAGE, RETENTION AND SECURITY OF PERSONAL INFORMATION
We may hold your Personal Information in physical and electronic records, at our premises and the premises of our service providers, which may include processing or storage in the cloud. This may mean in practice that this information is stored outside Australia. Where this occurs, we take steps to protect the security and integrity of your Personal Information.
We take reasonable steps to ensure the security of your Personal Information. We use security procedures and appropriate technology to protect your Personal Information from misuse, interference, and loss and from unauthorised access, modification or disclosure. However, data protection measures are never completely secure and, despite the measures we have in place, we cannot guarantee the security of your Personal Information.
Access to and use of Personal Information by Atlas Arteria staff is appropriately limited to prevent the misuse or unlawful disclosure of that Personal Information.
Other organisations providing services, such as our share registry provider, are required to safeguard the privacy of the Personal Information collected by or provided by us to them. Where the personal information we collect is no longer required, we will delete the personal information or permanently de-identify it.
Your Personal Information will be retained in line with legal and regulatory retention periods. At the end of any retention period, your Personal Information will either be securely deleted in its entirety or anonymised so that you can no longer be identified from the data.
6. DEALING WITH ATLAS ARTERIA ONLINE
When you visit our website, a small data file called a 'cookie' is stored on your internet enabled device. A ‘cookie’ is a packet of information placed on a user's computer by a website for record keeping purposes. Cookies are generally used on Atlas Arteria’s website to monitor traffic. We use tracking companies to gather anonymous information about how people are using Atlas Arteria’s website, this information includes time of visit, pages visited, and some system information about the type of computer you are using. We use this information to enhance the content and services offered on our website.
You can configure your browser to accept all cookies, reject all cookies, or notify you when a cookie is sent. Each browser is different, so check the "Help" menu of your browser to learn how to change your cookie preferences.
6.2. Third-party sites
Our website may contain links to other websites. When you access websites other than ‘’www.atlasarteria.com’’, please be aware that Atlas Arteria is not responsible for their privacy practices.
7. YOUR RIGHTS
7.1 Obtaining and handling your consent
We will seek to obtain your consent to collect and process your Personal Information where required by applicable law. Where the collection and processing of your Personal Information relies on your consent, you have the ability to revoke your consent for us to collect and use your Personal Information at any time, by contacting our Data Protection Officer who will respond to your request in accordance with all applicable legal obligations.
7.2. Your choice
You may opt-out of receiving marketing communications from us by contacting our Data Protection Officer using the details set out below, or by using the opt-out facilities provided in our communications (i.e. the unsubscribe link).
7.3. Update Personal information
We take reasonable steps to ensure that the Personal Information we hold is accurate, complete and up-to-date. You may contact us at any time if you think that any of the Personal Information we hold about you is inaccurate or incomplete and we will take reasonable steps to ensure that it is corrected.
You may request us to notify a third-party entity who also has access to your Personal Information through Atlas Arteria (for example, the security registry) that your Personal Information needs to be updated or amended.
7.4.Access to and correction of your Personal Information
You have the right to request access to or the correction of your Personal Information that we hold. In normal circumstances we will give you full access to that Personal Information within a reasonable timeframe. However, there may be some legal or administrative reasons to deny access. If access is denied, we will provide you with the reasons why. We may also need to verify your identity when you request your Personal Information.
Atlas Arteria can provide you with a copy of your Personal Information in electronic PDF, print out or a photocopy. Atlas Arteria will not charge you for the cost of providing this type of access to these current records.
7.5. Your rights if you are in the EEA or UK
If you reside in the EEA or the UK, you have a right to access, correct and erase the Personal Information we have collected about you as well as a right to data portability and the right to object to or limit the processing of your Personal Information, subject to any requirements and constraints set out in applicable data protection legislation.
To exercise these rights, please contact us using the details below. We reserve the right to request proof of your identity as well as the right to refuse requests which are clearly meant to cause nuisance or damage. If you are unsatisfied with how we handle your Personal Information or your rights, you are kindly requested to contact us via the details below.
8. MAKING A COMPLAINT
If you are dissatisfied with how we handle your Personal Information or unsure of your rights, please contact our Data Protection Officer in writing per details below and include your name, email address and/or telephone number and clearly describe your complaint.
We will acknowledge your complaint and respond to you regarding your complaint within a reasonable period of time.
If you feel that your complaint is not handled in a satisfactory manner, you may refer your complaint to the relevant data protection authority:
9. CONTACT DETAILS
Data Protection Officer (AUS)
Data Protection Officer (EU)
This privacy notice will be reviewed every 2 years. We may change this privacy notice from time to time by updating this document.