Seeing Machines Employee, Officer, Director & Applicant Privacy Notice

Introduction

Seeing Machines Limited and its wholly-owned subsidiaries (Seeing Machines) respect the privacy of individuals and are committed to protecting and managing the Personal Data we collect in accordance with this Privacy Notice, relevant data protection legislation, our contracts, and our stakeholder’s expectations.

For the purpose of this Privacy Notice, “Personal Data” means any information, including an opinion (whether true or not), about an individual whose identity is identified or can reasonably be identified. Examples of Personal Data are: names; home addresses, including email addresses; referees reports; photos and video images; and telephone numbers or other individual contact information.

References in this Privacy Notice to “Seeing Machines”, “we”, “us”, and “our” are references to the Seeing Machines entity responsible for the processing of your Personal Data, which generally is the Seeing Machines entity that collects your Personal Data.

Purpose

This Privacy Notice provides information on the types of Personal Data we obtain, how we may use that Personal Data, how we may share it and your rights regarding our processing of that Personal Data. In addition, this Privacy Notice also outlines the measures we take to protect the Personal Data we obtain.

This Privacy Notice applies to all Personal Data of past, current and potential employees, officers and directors obtained by Seeing Machines or our employees as a result of their work.

Collection & Use of Personal Data

In running our business, we collect Personal Data directly from employees, officers, directors and applicants, but may also collect Personal Data from other sources, such as an applicant’s former employer/entity; an intermediary, such as a recruitment agency; or publicly available sources, such as social media. The categories of Personal Data that may be collected is identified in table 1 below.

Table 1: Categories of Personal Data that May Be Collected

Categories of Personal Data	Applicants	Directors, Officers and Employees	Former Directors, Officers and Employees
Name and contact details.	√	√	√
Name of emergency contacts and their details.		√	√
Remuneration, such as current or former employment salary and/or equity information.	√	√	√
Copies of employment contracts, and other records relating to terms and conditions of employment.		√	√
Taxation and superannuation details.		√	√
Banking information necessary to pay salary and wages.		√	√
Records relating to salary, employment conditions, working hours, attendance and leave.		√	√
Records of travel and work-related expenses.		√	√
Information about educational and employment background.	√	√	√
Copies of academic qualifications.	√	√	√
Information about work eligibility, including nationality, country of residence, and visa and immigration status.	√	√	√
Proof of Australian citizenship and/ work eligibility, such as copies of work visa.		√	√
CV and any attached supporting documentation to a resume.	√	√	√
Background check information, such as employment references or police checks.	√	√	√
Relevant information regarding health and/or disability to enable workplace adjustments.	√	√	√
Medical certificates (relating to an employee or a someone that they are caring for) or health related information supplied by an employee or their medical practitioner.		√	√
Other documents or certificates relating to leave (e.g. evidence relating to community service or a jury duty summons).		√	√
Information relating to employees’ training and development.		√	√
Details of financial and other interests for the purpose of managing perceived or potential conflicts of interest or related matters.		√	√
Information about an employee’s performance.		√	√
Photos for identification purposes.		√	√
System information, including user profiles, and information as to your interactions with those systems.		√	√

Purpose of Collection

We will only collect and use Personal Data for the purpose for which it was obtained. These purposes include, but are not limited to:

• managing recruitment processes and assessing applicants;
• engagement, transfer or promotion of employees, officers and directors;
• to perform our employer functions under law, such as meeting our workplace health and safety obligations;
• remuneration, payroll, taxation, and superannuation purposes;
• to administer and operate ICT systems and related policies and procedures;
• management of benefits, conditions, entitlements and related procedures;
• education, training and professional development;
• career development (including providing references), appraisals, succession planning, and performance management;
• the management of grievances and disciplinary procedures;
• business protection, including ensuring the security of our premises and systems, guarding against potential fraud or infringement of intellectual property, cyber-attack and other interference;
• to meet our governance obligations, as an entity trading on the Alternative Investment Market (AIM), a sub-market of the London Stock Exchange (LSE);
• operation of our business, such as disclosure of business contacts to our clients; and
• to assess compliance with regards to appointment or employment contracts, policies, and relevant legislation.

Sharing Personal Data

We may share Personal Data, as described in Table 1, with third parties:

• in order to fulfil our employer obligations, such as notifying relevant entities about commencement or cessation of an employee or payment of salary (e.g. the Australian Taxation Office or relevant superannuation entity);
• including our distributors and clients, to enable them to contact individuals, such as contact details for our sales staff;
• including our project partners to enable them to liaise with individuals about research or the provision of products and services;
• with written consent, to a new employer, for example if providing a reference;
• with written consent, to financial institutions, real estate agents and credit providers;
• with written consent, publicly or to a limited audience for marketing, promotion, tradeshow or media purposes, such as information about our executive which is published on our website;
• including contracted third-parties that collect or process Personal Data on our behalf, such as those who provide us recruitment support or services;
• for scientific research to enhance, improve, or modify our products and services or to help develop new products and services;
• in order to meet our governance obligations as an entity trading on the AIM, such as notifications about services contracts with directors as required by Schedule 4 of the AIM Rules for Companies; and
• including authorised third parties in connection with our business activities, such as external auditors, insurers, or any organisation that might be appointed in respect to a merger or sale of our business.

We may also share the Personal Data, as described in Table 1, with another entity in order to comply with our obligations under relevant jurisdictional law. We will do this: when the law requires it; at the direction of a government authority; in responding to an emergency, declared by a relevant State, Territory, Federal or National Government; for national security, law enforcement or litigation purposes; or in the event we sell or transfer all or a portion of our business or assets.

We will not share or sell Personal Data with unaffiliated third parties for any other purpose, unless explicit consent is submitted by the data subject.

Retention of Personal Data

We retain the Personal Data, as described in Table 1, for a period of 7 years for the purposes outlined in this Privacy Notice, unless a different retention period is required by jurisdictional law. If a person objects to us processing their Personal Data, we will remove it from our systems, unless we have a valid justification to hold on to it, such as to resolve a dispute or comply with our obligations under jurisdictional law.

Personal Data Protections

Personal Data is principally held in electronic databases maintained within Seeing Machines’ computer network. We maintain appropriate administrative, technical and physical safeguards designed to protect your Personal Data against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use, consistent with this Privacy Notice and relevant data protection legislation. We use the following mechanisms to protect Personal Data:

• Active Management of Data Access – only those who need access to Personal Data in order to provide or support the provision of our products or services or the operation of our business, have access to that data, with both physical and IT access restricted for different users based on user/access rights models;
• Secure Log On and Access – our IT systems utilise strength-tested passwords and unique identifiers and our premises have secure key card access;
• Logging – within our IT systems, there is tracking of certain activities, based on specific user roles and the activities;
• IT System Maintenance – our IT systems are constantly monitored and maintained, with telemetry in place to track upgrades and bugs;
• IT System Protections – our systems use industry standards to protect Personal Data and we rely on those systems security to protect your data, with most systems including protection from and monitoring for malicious software;
• Physical Protections – archived data is stored within secure on-site servers;
• Contractual Restrictions – use of data by third parties, such as our contracted IT system providers, is limited to the allowable uses set out in contracts and as governed by relevant data protection legislation; and
• Training and Approvals – our employees who access Personal Data have been made aware of data protection and privacy requirements, with key employees being authorised and receiving specialist training. In addition, all employees have signed confidentiality agreements.

We use reasonable organisational, technical, and administrative procedures designed to protect Personal Data. Unfortunately, no system, data transmission or storage mechanism can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify privacy@seeingmachines.com.

Cross Border Transfers

We primarily collect and process the Personal Data, as described in Table 1, in Australia, European Economic Area (EEA) and the United States. However, as we operate globally, Personal Data may be collected in any country where we operate. It may therefore be stored and accessed in those countries. This Personal Data is collected and transferred pursuant to and in accordance with relevant data protection legislation (including, without limitation, the GDPR and any national laws implementing the GDPR).

When we transfer Personal Data to a country outside of your home country, we may use a variety of legal mechanisms authorised by law, including the European Commission approved Standard Contractual Clauses pursuant to the GDPR, United Kingdom Information Commissioner Office approved International Data Transfer Addendum to the European Commission’s Standard Contractual Clauses, or other data transfer agreements.

Some countries may not require the same level of protection for Personal Data as the country in which the Personal Data was collected. However, we maintain consistent data protection processes globally, similar to the requirements imposed under the GDPR and the Privacy Act.

Personal Data Rights

With your assistance, we aim to ensure that the Personal Data we collect and process, is accurate, up-to- date, complete and relevant. In addition to the rights granted under jurisdictional laws, employees, officers, directors and applicants have the following rights with regards to their Personal Data:

• Opt-out of our use of Personal Data
  Individuals may withdraw consent for us to process their data so long as it does not impede our capacity to meet our legal obligations under relevant jurisdictional law.
• Delete Personal Data
  You can ask us to erase or delete all, or some, of your Personal Data, so long as it does not impede our capacity to meet our employer or legal obligations under relevant jurisdictional law.
• Change or correct Personal Data
  You can ask us to correct your Personal Data, so long as it does not impede our capacity to meet our employer or legal obligations under relevant jurisdictional law.
• Object to, or limit or restrict use of Personal Data
  You can ask us to stop using all or some your Personal Data (for example, if we have no legal right to keep using it) or to limit our use of it (for example, if the information about you is inaccurate), so long as it does not impede our capacity to meet our employer or legal obligations under relevant jurisdictional law.
• Right to access Personal Data
  You can also ask us for a copy of your Personal Data in machine readable form if you reside in a country that provides this right as a matter of law.

Individuals may exercise these rights by writing to us:

via e‐mail at privacy@seeingmachines.com or

via mail at:
Att: Privacy & Data Protection Officer
Seeing Machines Limited
80 Mildura Street,
Fyshwick, ACT, 2609,
Australia

Notifiable Data Breaches

We actively manage any suspected, actual or likely data breaches. We have put in place a data breach response plan and procedure as required by relevant legislation. Our employees must operate in accordance with these and our other data protection policies and procedures.

A data breach occurs when there is unauthorised access, transmission, copying, alteration, loss, storage, disclosure, or misuse of Personal Data. An action that prevents access to Personal Data on either a temporary or permanent basis, such as ransomware incidents, may also be considered a data breach under relevant data protection laws. Such data breaches may be as a result of malicious or criminal behaviour, system fault, human error or another factor.

We will notify affected individuals and relevant supervisory authorities of a data breach as required under relevant data protection legislation. Any notification of a data breach will be in accordance with the relevant data protection legislation.

Contacting Us

For further information about privacy, to lodge a complaint or exercise your Personal Data rights, please contact us:

via e‐mail at privacy@seeingmachines.com or

via mail at:
Att: Privacy & Data Protection Officer
Seeing Machines Limited
80 Mildura Street,
Fyshwick, ACT, 2609,
Australia

In the event of a complaint, you may also contact the relevant supervisory authority in your country.

Updates To This Notice

We reserve the right to change this Privacy Notice from time to time. Any changes to this Privacy Notice will become effective when we post the revised Privacy Notice on our website.

Notice to California Residents

SEEING MACHINES CALIFORNIA CONSUMER PRIVACY STATEMENT FOR EMPLOYEES, OFFICERS, DIRECTORS & APPLICANTS

This California Consumer Privacy Statement supplements the Seeing Machines Employee, Officer, Director & Applicant Privacy Notice and applies only to California employees, officers, directors and applicants that is intended to address the applicable notice requirements of the California Consumer Privacy Act 2018 (the “CCPA”). Nothing in this Statement is intended to contradict or limit the applicability of the information provided in the Seeing Machines Employee, Officer, Director & Applicant Privacy Notice.

Collection and Disclosure

During the prior 12-month period, we may have:

• Collected the following categories of personal information about you:
  • identifiers such as a real name, alias, postal address, unique personal identifier (such as a device identifier; cookies, beacons, pixel tags, mobile ad identifiers and similar technology; telephone number and other forms of persistent or probabilistic identifiers), online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, and other similar identifiers;
  • signature, physical characteristics or description, state identification card number, education, bank account number, credit card number, debit card number, and other financial information;
  • characteristics of protected classifications under California or federal law, such as race, colour, national origin, religion, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, genetic information, disability, citizenship status, and military and veteran status;
  • Internet and other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding your interaction with websites, applications or advertisements;
  • geolocation data;
  • audio, electronic, visual, and similar information;
  • professional or employment-related information;
  • education information; and
  • inferences drawn from any of the information identified above to create a profile about you reflecting your preferences, characteristics, psychological trends, predispositions, behaviour, attitudes, intelligence, abilities, and aptitudes.
• Collected personal information about you from the following categories of sources:
  • Directly from you. For example, from forms you complete or services we provide you.
  • Indirectly from you. For example, from your actions on our websites or from information your computer or mobile device transmits when interacting with our website or mobile applications, among other things.
  • Third parties. For example, staffing and recruiting agencies with whom we contract for services and when we perform employee background screenings.
• Collected personal information about you for the following business or commercial purposes (in addition to the purposes outlined in the Seeing Machines Employee, Officer, Director & Applicant Privacy Notice):
  • performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing advertising or marketing services, providing analytics services, or providing similar services;
  • auditing related to a current interaction with you and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance;
  • short-term, transient use, including, but not limited to, the contextual customisation of ads shown as part of the same interaction;
  • detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity;
  • debugging to identify and repair errors that impair existing intended functionality;
  • undertaking internal research for technological development and demonstration; and
  • undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us.

For enquiries related to this Statement, you may contact us by sending a request in writing:

via e‐mail at privacy@seeingmachines.com or

via mail at:
Att: Privacy & Data Protection Officer
Seeing Machines Limited
80 Mildura Street,
Fyshwick, ACT, 2609,
Australia