ILG PRIVACY POLICY

---

The Independent Liquor Group Distribution Co-Operative Ltd
The Independent Liquor Group (Suppliers) Co-Operative Limited

Privacy Policy

1.1 Protecting Your Privacy

We take seriously our responsibility for protecting your privacy and the confidentiality of your personal information.

As part of our business we provide a number of services. To properly provide these services it is necessary for us to collect, store and use personal information.

Personal Information is information about and which identifies individuals. It includes information obtained from any source and it will include anything about credit worthiness, standing history and capacity, which under and in accordance with the Privacy Act 1988 (Cth) (Act), may lawfully be exchanged.

Since we commenced business in 1975, we have been collecting and storing such information. You can trust us to handle your personal information in a manner compliant with the Act.

We continue to improve and revise the security and accessibility of personal information we collect and store as new technologies are developed.

We only deal with personal information in the ways described in this policy and the Act.

1.2 Our Privacy Policy

This policy applies to:

• The Independent Liquor Group Distribution Co-Operative Ltd; and
• The Independent Liquor Group (Suppliers) Co-Operative Limited

(We, us, our).

Our address is Locked Bag 8013 Penrith NSW 2751

This policy is current as at June 2018. We may vary this policy from time to time. Any updated policy will be published on our website at www.ilg.com.au/privacy.

1.3 Personal Information Collected

General Personal Information

The type of information we collect depends on how you use our services as well as the type of relationship we have with you and may include your name, contact details, tax file number, Australian Business Number (ABN), date of birth, financial details, (such as credit card or bank account numbers), business transaction details, credit records and transaction history.

Sensitive Personal Information

We do not generally collect information that is sensitive personal information. Sensitive personal information includes information about a person's race, ethnic origin, political opinions, health, religious or philosophical beliefs and criminal history. If we request sensitive personal information we are subject to strict requirements in relation to it including to only collect and use sensitive information with consent and for the purposes for which it was collected or otherwise in accordance with applicable law such as the Act.

Third Party Personal Information

You might also need to provide us information about other persons (e.g. a referee). If so you represent that, if at any time you supply us with their personal information, you are authorised to do so and you agree to inform that person who we are, that we will use and disclose their personal information as set out in this policy, and that they can gain access to their personal information.

You further acknowledge and agree we may send that person a notice we have collected and hold that person's personal information.

1.4 How We Collect Personal Information

Except where specifically mentioned in this policy, we collect personal information from you directly. For example, we may collect personal information when you apply for membership, open an account, deal with us over the telephone, send us a letter, visit our web site, or when you contact us in person.

We may need to source information about you from a third party; for example, a credit reporting agency. Wherever possible this will be done with your authorisation or where this is not possible we will inform you when such information is collected

1.5 Use and Disclosure

Typically we will use information collected for the purposes that you have provided it or for a related secondary purpose.

For example, where you provide information in an application for:

• membership, we will use this information for:
  • our register of members and shareholders
  • the provision and offer of membership services.
• a financial product or service, we will use this information to create, administer and maintain a financial service relationship.

In addition to the examples above you agree we may hold and use the personal information you provide, for the purposes (as relevant) of:

• considering any other application you may make to us;
• complying with legislative and regulatory requirements;
• performing administrative functions, including accounting, risk management, record keeping, archiving, systems development, credit scoring and staff training;
• managing our rights and obligations in relation to external payment systems;
• conducting market or customer satisfaction research;
• developing, establishing and administering alliances and other arrangements with other organisations in relation to the promotion, administration and use of our respective products and services;
• developing and identifying products and services that may interest you; or
• providing you with information about other products and services.

If we request personal information and you choose not to or you cannot provide us with that information, we may be unable to accept or continue your membership or to provide you with the relevant services you have requested or need.

1.6 Confidentiality

Subject to any permitted or required disclosures under the Act or as expressly set out in this policy, we will keep confidential all personal information we hold about you.

1.7 Disclosure to Third Parties

Credit Reporting

You agree if you make an application for credit or if you act as a guarantor in respect of credit, we may provide, then in assessing the application (or if relevant in assessing whether to accept you as a guarantor), we may seek and obtain personal information about you from a credit reporting agency, financial institution and may give your personal information to a credit reporting agency or a financial institution.

Third Party Service Providers

Wherever our business is outsourced to third parties, personal information provided to these parties remains our property and is only used for the specific purpose for which it is supplied or a purpose related to that specific purpose as permitted under the Act.

Examples of third parties to whom we may disclose personal information you provide include:

• credit reporting agencies;
• financial institutions;
• our agents, suppliers, contractors and external advisers whom we engage from time to time to carry out, or advise on, our functions and activities;
• regulatory bodies, government agencies, law enforcement bodies and courts;
• any person who introduces you to us;
• other organisations with whom we have alliances or arrangements for the purpose of promoting our respective products and services, and any agents used by us and our business partners in administering such an arrangement or alliance;
• anyone supplying goods or services to you in connection with a facility you have applied for;
• debt collecting agencies;
• external payment systems operators;
• an organisation proposing to fund the acquisition of or acquire, any interest in any obligation you may owe us (whether under a loan, guarantee or security), that organisation's agents, persons involved in assessing the risks and funding of the acquisition and, after acquisition, the purchaser and any manager;
• any person to the extent necessary, in our view, in order to carry out any instruction you give to us;
• our related bodies corporate for the marketing of their products and services;
• your agents and contractors, including your legal adviser and your financial adviser;
• your executor, administrator, trustee, guardian or attorney;
• your referees;
• your insurers or prospective insurers and their underwriters; or
• your sureties and guarantors and prospective sureties and guarantors.

Overseas Disclosure

In some cases we may disclose your information to organisations based outside of Australia in order to provide our services to you.

Wherever possible, we deal with such third parties who are bound by the provisions of the Act and Australian Privacy Principles (APP). If this is not possible we will make every reasonable effort to verify that they would otherwise comply with the APP's or we reasonably believe they are subject to laws or contractual obligations which effectively uphold the principles for the handling of personal information that are substantially similar to the APP's.

1.8 Direct Marketing

From time to time we will use the personal information we collect from you to inform you of products and services that we consider may be of interest to you.

If you do not wish to receive direct marketing information you can tell us at any time by contacting our Privacy Officer or using the unsubscribe function in the relevant electronic communication.

1.9 Tax File Number and ABN

We use and disclose these numbers only for the purposes required by law.

1.10 If you think the information we hold about you is incorrect or you want to update it.

We rely on the accuracy of the information you provide to us. If you believe or know that information we hold about you is incorrect, out of date or incomplete, please contact us and we will make all reasonable efforts to correct the information.

1.11 Security and Storage of your Personal Information

We take all reasonable precautions to protect your personal information from loss, unauthorised access, modification and unauthorised disclosure. Personal information about your accounts and membership is only accessible by you and by those who are authorised to access it. Only authorised persons have access to your personal information and only for approved purposes. Your personal information can only be amended and deleted by authorised means.

Records that we hold containing your personal information may be in hardcopy documents or electronic data.

Hardcopy documents are secured on our premises and at archive sites by locks and security systems. Electronic data stored on our computers is protected by applicable industry standard computer and network security products, including firewalls, encryption, virus software, as well as user identities and passwords.

Our website uses the appropriate technological industry standards to ensure proper security however, no data transmission over the Internet can be guaranteed to be totally secure.

1.12 Access to your Personal Information

You may request access to the personal information we hold about you by contacting our Privacy Officer at the details in 1.14.

We will provide you with such access wherever possible and within a reasonable time.

We may apply a reasonable fee for such access, to cover our costs of meeting your request for access.

We ask that any request is stated as clearly as possible and adequately identifies the personal information you are seeking.

We are not obliged to provide you access to personal information where:

• Providing access would pose a serious and imminent threat to the life or health of any individual.
• Providing access would have unreasonable impact on the privacy of other individuals.
• The request for access is frivolous or vexatious.
• The information sought relates to existing or anticipated legal proceedings between you and us and that information would not be accessible by the process of discovery in those proceedings.
• Providing access would be unlawful.
• Denying access is required or authorised by or under law.
• Providing access would be likely to prejudice an investigation of possible unlawful activity.

If we deny your request for access, we will, where permitted by law, provide you with reasons for that denial.

1.13 Resolving Privacy Issues

If you believe we have failed to observe the privacy of your personal information, you can register your concern or complaint with our Privacy Officer. We will respond as soon as possible and usually within 2 working days, to let you know the person in our organisation who will be responsible for investigating the matter. If we are unable to resolve the matter within 10 working days we will contact you to let you know its progress and status and when we expect the matter to be resolved.

1.14 How to Make a Complaint or Enquiry

To register a complaint or concern or to answer your questions relating to this Privacy Policy you can contact our Privacy Officer:

• by phone on +612 96758400; or
• email at privacyofficer@ilg.com.au.