Privacy Policy

CHQM8 Group Pty Ltd ACN 625 029 432 and its related entities (including but not limited to SmsM8 and TicketM8 (CHQM8, we, us or our) deals with information privacy in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) set out in the Privacy Act. We also comply with the Spam Act 2003 (Cth) which imposes restrictions on sending emails, mobile phone text messages (SMS), multimedia messaging (MMS) and instant messaging (iM) and other electronic messages of a commercial nature. Where necessary, we are compliant with the GDPR. We provide a professional, reliable and cost-effective SMS marketing service for the sending and/or receiving of messages (service).

We may at any time, add additional services and/or products to our service. The specific terms and engagement of our services and/or products are dealt with separately to this policy and are handled in direct consultation with our respective Customers. The protection of privacy of those using our services is very important to us. This Privacy Policy has been adopted to ensure that we have standards in place to protect and safeguard the Personal Information that we collect about individuals and/or businesses that are necessary to provide the system and services that we offer and the day-to-day operations of our business.

By accessing and using our website and other electronic platforms and/or engaging our services, whether directly or indirectly, you accept this policy and consent to us tracking, using and collecting your Personal Information. If you are under 16 years of age, you must have (and warrant to the extent permitted by law to us that you have) your parent/legal guardian’s permission to access and use the website and other electronic platforms and/or engage our services, whether directly or indirectly and that your parents/guardian have consented to you providing us with your personal information. You do not have to provide personal information to us, however, if you do not, it may affect your use of this website and other electronic platforms and/or or the products and/or services offered on or through it. What is Personal Information and why do we collect it? Personal Information is information or an opinion that identifies an individual. Examples of Personal Information we collect include: names, addresses, email addresses, phone and facsimile numbers. This Personal Information is obtained in many ways including but not limited to interviews, correspondence, by telephone and facsimile, by email, via our website (or any other websites created by us), from your website, from media and publications, from other publicly available sources, from cookies, web beacons and from third parties.

We don’t guarantee website links or policies of Customers, or other authorised third parties. We collect your Personal Information for the primary purpose of providing our services to you, providing information to our Customers and marketing. We may also use your Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure. You may unsubscribe at any time by contacting us. When we collect Personal Information we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.

Where reasonable and practicable to do so, we will collect your Personal Information only from you if you are:

▪ an individual accessing our site and services;

▪ an individual representative of any business, company, firm or other organisaiton who are our prospective and current Customers (Customers), our prospective and/o current suppliers (Suppliers) and/or our prospective and current investors and/or partners;

▪ a visitor and user of our sites, including but not limited to our websites, social media pages and/or software applications;

▪ a subscriber to any marketing, updates or other online communications; and

▪ a guest, invitee or attendee to any event, seminar or program hosted by us.

The Policy extents to Personal Information collected on all our platforms, portals , sites and social media pages as well as personal information provided to us by any Third Parties including but not limited to our Customers and Suppliers to enable us to provide our services to them effectively and efficiently so that they can promote their services to you, Third Party Information This Privacy Policy does not apply to our Customers’ own personal information collection practice or their use of any personal information collected by them.

We are not responsible for the content of privacy policies of our Customers or other Third Parties’ websites or their respective privacy practices.

If you are a client/user from one of our Customers, we may store your contact information (name, postal address, telephone numbers, fax number, and email address) when you enter that information online either through our website or Customers portal, website, or other platform. Sensitive Information Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual’s racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information. Sensitive information will be used by us only:

• For the primary purpose for which it was obtained

• For a secondary purpose that is directly related to the primary purpose

• With your consent; or where required or authorised by law.

Disclosure of Personal Information Your Personal Information may be disclosed in several circumstances including the following:

• Third parties where you consent to the use or disclosure; and

• Where required or authorised by law.

Security and Storage of Personal Information

▪ Storage Your Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorized access, modification or disclosure. We may retain Personal Information and/or data processed by us in providing our messaging services to our Customers for the period of time required to successfully complete our obligations we are contracted to provide or as otherwise required to comply with all legal obligations, including requirements to retain certain metadata for 2 years under the Telecommunications (Interception and Access) Act 1979 (Cth). When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Information.

▪ Security We take all reasonable steps to protect the Personal Information we hold and ensure it is handled with strict privacy safeguards.

You acknowledge that security of information is dependent on the security of the technology you use to communicate with us. We cannot guarantee the security of any information that is transmitted to or by us over the Internet. We and you recognize that the internet is not a completely secure medium for communications and the exchange of any information over it is carried out at your own risk .

We will not be held responsible or liable to any damages which you or others may suffer as a result of any confidentiality breach. Although we take all necessary steps and measures to safeguard against any unauthorized disclosure of information, we cannot guarantee you that all information collected will not be disclosed in a manner that is inconsistent with this Privacy Policy. Access to your Personal Information Access to Personal Information stored by us is restricted. Specified Customer and Technical Support Personnel have limited access for the intended purpose of performing the messaging services that we are contracted to complete and to address any customer queries arising out of the performance of those services. You may access the Personal Information we hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access your Personal Information, please contact us in writing. We will not charge any fee for your access request but may charge an administrative fee for providing a copy of your Personal Information. To protect your Personal Information, we will require identification from you before releasing the requested information.

Maintaining the Quality of your Personal Information It is an important to us that your Personal Information is up to date. We will take reasonable steps to make sure that your Personal Information is accurate, complete and up-to-date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you. GDPR Compliance All aspects of this Privacy Policy apply, regardless of European Union or United Kingdom residency.

However, for the purpose of the EU General Data Protection Regulation (GDPR) we wish to clarify and confirm that any information that we collect about you in, we will only collect, use and/or share the Personal Information where we have legal authority do this. For the purposes of GDPR, when providing our service to Customers we act as a processor. Services provided by us are strictly under Customer contracts, instructions (Controllers) and in accordance with the relevant laws governing our services and company. For the purpose of the GDPR, our Customers are the Controllers and “control” the Personal Information they supply to us. We simply process their supplied information on their instructions. Personal Information and/or data processed by us may include source and destination telephone number(s) and may include other personal data depending on the Customers message content. Personal Information and/or data is stored securely and locally within Australia. We acknowledge the rights that are granted to EU residents under the GDPR and will ensure that those rights are actioned on request.

Any EU resident seeking to exercise a right in respect of their personal data should contact us. We are committed to ensuring the integrity and security of all Personal Information and any person making a request regarding their Personal Information will be required to provide satisfactory evidence as to their right to do so (i.e. proof of identity and EU residency). Direct Marketing We may use your Personal Information from time to time to let you know about our products and services, offers, competitions that we feel may be of interest to you.

We may contact you by SMS, email, post or telephone or any other form of communication. Direct marketing by us will be limited and will be done reasonably and proportionate to the level of interest or relevance to you. We will always act in accordance with your instructions and preferences of any direct marketing activity with you and will action your instructions and preferences as soon as reasonably practical. In addition to acting in accordance with your instructions, we confirm that we will only engage in direct marketing activities permitted under the relevant laws and jurisdiction governed by your location. You can ask us to stop direct marketing at any time. You can specify if you would like us to stop all forms of marketing or just a particular type.

Policy Updates We reserve the right to amend this policy from time to time, without notice to you, to com ply with legal requirements and the way we operate our business. It is up to the user to check our pages regularly for the latest version of our Privacy Policy which is always available on our website.

Privacy Policy Complaints and Enquiries If you have any queries or complaints about our Privacy Policy, please contact us directly at:

E: M: +61 422 245 587

You have the right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your Personal Information. However, we ask and would appreciate that in the first instance you try and attempt to resolve any issues with us directly.