Privacy Policy

Nuspec Consulting Pty Ltd ("Nuspec", "we", "us", or "our") respects the integrity of all personal information provided to us. This Privacy Policy outlines how we manage personal information held about our clients, potential clients, contractors, employees and others. We comply with the Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs).

Personal information is collected to: • Conduct our business operations • Provide and market our C-Map ITR quality control services • Deliver customer support and technical assistance • Process payments and manage subscriptions • Meet our legal and regulatory obligations • Improve our services and develop new features If we do not collect the required personal information, or if information provided is incomplete or inaccurate, we may not be able to provide our services, or the services may be compromised.

Personal information may be collected and held about: • Current and potential clients and their employees • Business partners and their representatives • Suppliers, contractors, and their workers • Prospective employees and job applicants • Website visitors and app users • Anyone who contacts us for information or support

Depending on the nature of the relationship, the type of personal information we collect includes, but is not limited to: • Name, title, occupation, and company details • Contact information (address, phone, email) • Payment and billing information • Technical information (IP address, device information, usage data) • Account credentials and security information • C-Map ITR quality control data and project information • Communication records and support interactions • Employment-related information for job applications • Marketing preferences and interaction history For our C-Map ITR platform users, we may also collect: • Quality control inspection data • Project location and site information • Photos and documentation uploaded to the platform • Mobile device location data (when permission is granted) • Application usage analytics and performance data

Personal information is collected through various means: • Direct provision via forms, applications, and registrations • Face-to-face meetings, interviews, and consultations • Phone conversations and email correspondence • Our website and mobile applications • Third-party sources (with appropriate consent) • Business cards and networking events • Integration with other systems and platforms When information is collected from a third party, we ensure they are authorized to provide the information and that relevant consents have been obtained.

Our website and mobile applications may collect information through: Website Analytics: • Cookies and similar technologies to analyse website traffic • User behaviour and navigation patterns • Device and browser information • Referral sources and search terms Mobile Applications: • Device information and operating system details • Application usage and performance data • Location data (only when explicitly permitted) • Crash reports and error logs Cookies and Tracking: We use cookies to enhance user experience and analyse site usage. You can modify your browser settings to decline cookies, though this may limit website functionality. Our hosting providers may also use analytics tools to help us improve our services.

We use and disclose personal information for the primary purpose for which it was collected, related secondary purposes, and other circumstances authorized by the Privacy Act. Primary uses include: • Providing C-Map ITR quality control services • Processing subscriptions and payments • Technical support and customer service • Account management and administration • Service improvements and updates Secondary uses include: • Marketing relevant services and updates • Internal business analysis and reporting • Compliance with legal obligations • Fraud prevention and security measures

We may disclose your personal information to: • Other members of the Nuspec organisation • Third-party service providers who assist in delivering our services • Cloud hosting providers and data storage services • Payment processors and financial institutions • Professional advisors (lawyers, accountants, auditors) • Government agencies and regulatory bodies as required by law • Anyone else with your explicit consent All third parties are required to protect personal information in accordance with our privacy standards and applicable laws. Specific circumstances for disclosure: • With your explicit consent • For operational purposes related to service delivery • To fulfill the primary purpose for which information was collected • Where disclosure is required or permitted by law • To prevent serious threats to health, safety, or security • For fraud prevention and investigation

Our website and applications may contain links to third-party websites and services. We have no control over these external sites and are not responsible for their privacy practises or content. This Privacy Policy does not govern information collected by third parties. We recommend reviewing the privacy policies of any external websites or services before providing personal information. Exercise caution when sharing information on third-party platforms.

We implement comprehensive security measures to protect personal information: Technical Safeguards: • Encryption of data in transit and at rest • Secure cloud infrastructure with access controls • Regular security assessments and updates • Multi-factor authentication for administrative access • Automated backup and disaster recovery systems Administrative Safeguards: • Staff training on privacy and security requirements • Access controls limiting information to authorized personnel • Regular review of security policies and procedures • Incident response and breach notification procedures Data Retention: When personal information is no longer required, we will securely delete or de-identify it. However, some information may be retained to comply with legal obligations, resolve disputes, or maintain business records as required by law.

You have the right to: • Access your personal information held by us • Request correction of inaccurate or incomplete information • Update your contact details and preferences • Request deletion of your information (subject to legal requirements) To exercise these rights, contact our Privacy Officer using the details below. For security purposes, we may require evidence of your identity before providing access or making changes. There may be circumstances where we cannot provide access to all personal information, as permitted under the Australian Privacy Principles. In such cases, we will provide a written explanation of our decision.

Our services may involve storing or processing personal information outside Australia: Cloud Storage: We use reputable cloud service providers whose facilities may be located internationally. While these providers maintain strong security standards, overseas recipients may not be subject to privacy obligations equivalent to Australian Privacy Principles. Third-Party Services: Some service providers we use may be located overseas. Foreign laws may compel disclosure of personal information to overseas authorities. Your Consent: By using our services, you consent to international data transfers as described. If you withdraw consent, we may not be able to provide certain services. Accountability: If overseas recipients handle information in breach of privacy principles, you may not be able to seek redress under Australian law, and we may not be accountable under the Privacy Act for their actions.

Some information we collect may be classified as 'sensitive information' under privacy law, including: • Security credentials and access codes • Proprietary business information • Confidential project data • Workplace safety and compliance records Sensitive information is used and disclosed only for the purpose for which it was provided or directly related secondary purposes, unless you agree otherwise or in limited circumstances required by law.

Our services are designed for business use and are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it promptly. Parents or guardians who believe their child has provided personal information to us should contact our Privacy Officer immediately.

This Privacy Policy is reviewed regularly to ensure compliance with changing laws and business practises. Updates will be posted on our website with the revision date. Significant changes that affect how we handle personal information will be communicated to users through appropriate channels, including email notifications for registered users. Continued use of our services after policy updates constitutes acceptance of the revised terms.

For privacy-related questions, concerns, or requests, please contact our Privacy Officer: Email: administration@nuspec.com.au Phone: +61 448 425 454 Mail: Administration, Nuspec Consulting Pty Ltd PO Box 123, Sydney, NSW 2000, Australia For general information about privacy rights not specific to Nuspec, visit the Office of the Australian Information Commissioner at oaic.gov.au. Complaints Process: If you believe we have breached privacy principles, please contact us first to resolve the matter. If unsatisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner.