Privacy Policy

1. Purpose

Ergomazing Pty Ltd trading as Trust Culture is committed to protecting personal information and managing it
in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

Where not otherwise legally required to do so, Trust Culture voluntarily complies with the Australian Privacy
Principles as a matter of governance and professional practice.

This policy outlines how personal information is collected, used, disclosed, stored and protected in connection
with our services and website.

2. Scope

This policy applies to personal information collected by Ergomazing Pty Ltd trading as Trust Culture in the course of:

• Delivering training and consultancy services
• Managing client relationships
• Operating our website
• Engaging workers and contractors
• Conducting marketing activities

This policy applies to clients, website users, participants and other individuals whose personal information we collect.

Where lawful and practicable, individuals may interact with us anonymously or using a pseudonym.

3. Legislative framework

We manage personal information in accordance with:

• The Privacy Act 1988 (Cth)
• The Australian Privacy Principles

A copy of the Australian Privacy Principles is available from the Office of the Australian Information Commissioner at
www.oaic.gov.au.

4. Collection of personal information

Personal information is information or an opinion about an identified individual or an individual who is reasonably identifiable.

The types of personal information we may collect include:

• Name
• Contact details
• Organisation and job title
• Training participation details
• Feedback and survey responses
• Billing or payment information

We collect personal information through:

• Direct communication
• Website contact forms
• Email correspondence
• Training registrations
• Client-provided participant lists
• Feedback forms
• Publicly available sources

Where reasonable and practicable, personal information is collected directly from the individual.

Sensitive information, as defined under the Privacy Act, will only be collected with consent or where required or authorised by law.

5. Use of personal information

We collect and use personal information for purposes including:

• Delivering training and consultancy services
• Responding to enquiries
• Managing contractual obligations
• Maintaining records
• Improving service quality
• Marketing communications, where permitted by law

You may opt out of marketing communications at any time.

6. Disclosure of personal information

Personal information may be disclosed:

• With your consent
• To service providers who assist in delivering our services
• Where required or authorised by law
• To regulatory authorities where legally obligated

We do not sell personal information.

7. Use of digital platforms and AI tools

We use secure digital systems to support service delivery and administration, including cloud-based storage and workforce management platforms.

We do not input confidential or personally identifiable client information into publicly accessible AI platforms without appropriate safeguards.

Where third-party service providers are engaged, we take reasonable steps to ensure they maintain appropriate privacy and security standards.

8. Overseas disclosure

Some digital platforms used by Trust Culture may store data on servers located outside Australia.

Where personal information is disclosed overseas, we take reasonable steps to ensure the recipient does not breach the Australian Privacy Principles
in relation to that information.

9. Security of personal information

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure.

Security measures include:

• Secure cloud-based storage systems
• Access controls and password protection
• Restricted access to authorised personnel
• Periodic review of data handling practices

While reasonable steps are taken, no method of electronic transmission or storage is completely secure.

10. Retention and destruction

Personal information is retained only for as long as necessary to fulfil the purpose for which it was collected, or as required by law or contract.

Client records and training documentation may be retained for a minimum of seven years, unless a longer period is required.

When personal information is no longer required, we take reasonable steps to securely destroy or de-identify it.

11. Access and correction

You may request access to personal information we hold about you and request correction if it is inaccurate, incomplete or out of date.

Requests must be made in writing. We may require proof of identity before releasing information.

We will respond within 30 days or such period as required by law.

A reasonable administrative fee may apply for providing copies.

12. Notifiable data breaches

In the event of an eligible data breach, Trust Culture will assess the incident and, where required, notify affected individuals and the Office of the
Australian Information Commissioner in accordance with the Notifiable Data Breaches scheme.

13. Complaints

Complaints regarding privacy should first be directed to Trust Culture in writing so that we may attempt resolution.

We will investigate complaints and respond within a reasonable period.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner.

14. Review and updates

This policy is reviewed annually or earlier where required due to legislative changes or operational developments.

The current version is published on our website.