ARIS ZINC GROUP | PRIVACY POLICY

Policy Statement Aris Zinc Group, including its subsidiaries and related entities (“we”, “us”, or “our”), respects your right to privacy and is committed to safeguarding the personal information of individuals who interact with our website and services. This Privacy Policy outlines how we collect, use, store, disclose, and protect your personal information, in accordance with the Privacy Act 1988 (Cth) and relevant obligations in the Australian Information Security Manual (ISM).
Scope This Privacy Policy applies to personal information collected by Aris Zinc Group and its subsidiaries through:

• Our websites (including all pages and subdomains).
• Any related platforms, applications, or social media pages.
• Communications (e.g., email) and other direct interactions with us.

By using our website, submitting information, or otherwise engaging with Aris Zinc Group, you acknowledge that you have read and understood this Privacy Policy.
Definitions

• Personal Information: Information or an opinion, whether true or not, about an identified individual or an individual who is reasonably identifiable.
• Cookies: Small data files stored on your device to help our website recognise you, improve performance, or provide personalised content.

Collection of Personal Information
Information You Provide: We may collect personal information (e.g., name, email address, telephone number, organisation details) when you:  

• Submit an online enquiry.
• Register for updates or newsletters.
• Apply for a role within the company.
• Participate in surveys or questionnaires.
• Otherwise communicate with us directly.

• IP address and browser type.
• Pages viewed, links clicked, and navigation paths.
• Cookies and analytics tools that track usage patterns.

• Right to be informed about how your personal information is collected and processed.
• Right of access to request a copy of the personal information we hold about you.
• Right to rectification to request correction of inaccurate or incomplete personal information.
• Right to erasure (right to be forgotten), where applicable.
• Right to restrict processing of your personal information in certain circumstances.
• Right to data portability, where applicable.
• Right to object to specific processing activities.
• Right to object to automated decision-making, including profiling, where applicable.

To exercise any of these rights, you may submit a request using the contact details provided below. For security purposes, we may need to verify your identity before processing your request. We will respond to all valid requests in accordance with applicable data protection laws.
If a request is manifestly unfounded, excessive, or repetitive, we reserve the right to refuse the request or apply a reasonable administrative fee, as permitted by law.
Third-Party Sources: Occasionally, we may receive personal information from third-party service providers, affiliates, or publicly available records, always adhering to legal and contractual obligations.
Use of Personal Information We collect and use personal information for the following purposes:

• Service Delivery: To respond to enquiries, provide requested services or information, and manage client relationships.
• Marketing & Communications: To send newsletters, promotional material, or updates about our services, but only where you have opted in or otherwise authorised such communications.
• Recruitment: To process job applications and manage potential employment or engagement opportunities.
• Website Enhancement: To analyse and improve the user experience, ensuring our website remains relevant, secure, and user-friendly.
• Legal & Regulatory Compliance: To meet our obligations under Australian law, the Privacy Act 1988, and relevant security measures in the ISM.

We will not use your personal information for secondary purposes unrelated to the above, without your express consent, or unless otherwise permitted by law.

Storage and Security of Personal Information We take reasonable steps to ensure the security of personal information, in line with the Australian Information Security Manual (ISM) and other industry best practices. Measures may include:

• Secure Servers: Hosting data on servers with industry-standard security protocols.
• Access Control: Restricting access to authorised personnel with a legitimate business need.
• Encryption: Applying encryption techniques to sensitive data where feasible.
• Regular Audits: Conducting periodic security and privacy assessments to identify and address vulnerabilities.

Despite our efforts, no data transmission over the internet or electronic storage system can be guaranteed as completely secure. We therefore encourage you to take appropriate precautions when sharing information online.

Responsible use of Artificial Intelligence We use Artificial Intelligence (AI) and AI-enabled tools in a limited and purposeful way to support our services, including recruitment support, marketing and communications, internal productivity, and governance activities. AI is used to assist our teams and does not replace human judgement.
Where AI systems process personal information, we apply governance, risk management, and appropriate human oversight to promote responsible, fair, and transparent use. We do not rely solely on AI to make decisions that produce legal or similarly significant effects on individuals.
We apply controls to ensure that AI use aligns with privacy and security requirements, including data minimisation, access controls, vendor due diligence, and review of AI outputs by our staff. Where possible, we use de-identified or aggregated data and do not knowingly use personal information to train public AI models. If you have questions about our use of AI or wish to exercise your data protection rights in relation to AI-supported processing, you may contact us using the details provided in this Privacy Policy.

Disclosure of Personal Information Aris Zinc Group will not sell or rent your personal information. We may disclose personal information in the following circumstances:

• Subsidiaries & Affiliates: Within the Aris Zinc Group entities for consistent service and internal governance.
• Third-Party Service Providers: To trusted vendors (e.g., IT support, payment processors) who assist us in operating our website or business, under strict confidentiality obligations.
• Sub-processors: We may engage third-party service providers to process personal information on our behalf. A current list of our sub-processors is available here: [Sub-processor List].
• Legal Requirements: Where required or authorised by law, court orders, or government regulations.
• Business Transfers: If we merge, acquire, or are sold, personal information may be transferred as part of the transaction.

 Entity: ARIS ZINC GROUP PTY LIMITED and its related bodies corporate
Effective Date: 1 January 2026
Review Date: 30 June 2026
Approved By: Board / Director

To set out the terms governing access to and use of the ARIS ZINC GROUP website.

This policy applies to all users accessing any website operated by ARIS ZINC GROUP PTY LIMITED and its related entities.

By accessing this website, users agree to comply with these Terms & Conditions.

Users must not:

• Use the website for unlawful purposes
   
• Interfere with website security or functionality
   
• Reproduce, copy or distribute content without written consent
   

All intellectual property displayed on this website remains the property of ARIS ZINC GROUP or its licensors.

Information may be updated without notice.

To the extent permitted by law, ARIS ZINC GROUP excludes liability for any loss arising from use of this website.

Users are responsible for ensuring their use of the website complies with applicable laws.

Non-compliant use may result in restricted access and legal action where appropriate.

 Entity: ARIS ZINC GROUP PTY LIMITED and its related bodies corporate
Effective Date: 1 January 2026
Review Date: 30 June 2026
Approved By: Board / Director

To clarify the limitations of information provided on ARIS ZINC GROUP websites.

Applies to all information, materials and content published on Group websites.

All website content is provided for general informational purposes only.

Nothing on this website constitutes legal, financial, tax, ESG, engineering, health or other professional advice.

ARIS ZINC GROUP does not warrant that information is complete, accurate or current.

Users should obtain independent professional advice before relying on any information.

Users are responsible for assessing the suitability of information for their specific circumstances.

To the extent permitted by law, ARIS ZINC GROUP excludes liability for any loss arising from reliance on website information.

 Entity: ARIS ZINC GROUP PTY LIMITED and its related bodies corporate
Effective Date: 1 January 2026
Review Date: 30 June 2026
Approved By: Board / Director

To explain the use of cookies and tracking technologies on ARIS ZINC GROUP websites.

Applies to all visitors to Group-operated websites.

We may use:

• Essential Cookies (website functionality)
• Performance Cookies (e.g. Google Analytics)
• Advertising Cookies (e.g. Meta/Facebook Pixel and advertising tools)
• Functionality Cookies (user preferences)

Cookies are used to:

• Analyse traffic and performance
• Improve user experience
• Support marketing and advertising
• Maintain website security

Users may manage or disable cookies via browser settings. Disabling cookies may affect functionality.

The Group will use tracking technologies responsibly and in alignment with its Privacy Policy.

Cookie use complies with applicable Australian privacy laws.

 Entity: ARIS ZINC GROUP PTY LIMITED and its related bodies corporate
Effective Date: 1 January 2026
Review Date: 30 June 2026
Approved By: Board / Director

To demonstrate commitment to inclusive and accessible digital services.

Applies to all Group-operated digital platforms.

ARIS ZINC GROUP is committed to providing an accessible online experience for all users.

We aim to align with the Web Content Accessibility Guidelines (WCAG) 2.1.

Accessibility forms part of our broader ESG and governance commitments.

The Group will regularly review digital platforms to improve accessibility and usability.

Accessibility considerations will be incorporated into website design, development and updates.

 Entity: ARIS ZINC GROUP PTY LIMITED and its related bodies corporate
Effective Date: 1 January 2026
Review Date: 30 June 2026
Approved By: Board / Director

To outline the Group’s commitment to preventing modern slavery within operations and supply chains.

Applies to all Group operations, employees, contractors and suppliers.

ARIS ZINC GROUP does not tolerate modern slavery, forced labour or human trafficking.

We:

• Conduct supplier due diligence under ESG | GRC framework
• Assess supply chain and the associated risks
• Promote ethical procurement in accordance with RAP and ESG practices
• Encourage reporting of concerns through our supply chain and subcontractor agreements

If the Group meets the reporting threshold under the Modern Slavery Act 2018 (Cth), an annual statement will be published.

Management is responsible for implementing ethical procurement and monitoring risk exposure.

Non-compliance with this policy may result in termination of supplier or contractor relationships.

 Entity: ARIS ZINC GROUP PTY LIMITED and its related bodies corporate
Effective Date: 1 January 2026
Review Date: 30 June 2026
Approved By: Board / Director

To protect the intellectual property of ARIS ZINC GROUP.

Applies to all digital content, publications, branding, software and materials published by the Group.

All website content is owned by or licensed to ARIS ZINC GROUP and protected under Australian intellectual property law.

Content may not be copied, reproduced, modified or distributed without prior written consent.

Users must respect intellectual property rights when accessing Group content.

Unauthorised use may result in legal action.

 Entity: ARIS ZINC GROUP PTY LIMITED and its related bodies corporate
Effective Date: 1 January 2026
Review Date: 30 June 2026
Approved By: Board / Director

To formalise the Group’s commitment to Environmental, Social and Governance (ESG) principles/practices and effective Governance, Risk and Compliance (GRC) management.

Applies to all Group entities, operations and business activities.

We promote sustainable operations, emissions accountability and responsible ethical management.

We uphold diversity, ethical labour practices, inclusion and community engagement.

We maintain transparent governance structures, board oversight and internal controls.

We implement risk assessment processes and monitor compliance with applicable laws and regulatory obligations. GRC monitored in real time 24/7 via embedded digital platform with dashboard reporting and alerts.

The Board and executive leadership oversee ESG and GRC implementation across the Group.

Compliance monitoring forms part of ongoing governance review and reporting processes.