Privacy Notice

Privacy Policy – Foreman Corporation Pty Ltd Trading As Foreman Tobacco
Last updated: 14 February 2025


1. Purpose of policy
1.1. Foreman Corporation Pty Ltd (ABN 97 673 545 689) and its related entities
(we, us, our) values your privacy. This Policy sets out how your personal
information is collected, used, and disclosed (Policy).

1.2. The Websites and Apps covered by this Policy include:
a) www.foremancorporation.com.au

1.3. From time to time, the current version will always be available at www.foremancorporation.com.au.
If we change this Policy in any material way, we will post a notice on our
Websites and Apps (as relevant) along with the updated Policy. We may also
contact you via your contact information we hold on file, for example by email
or some other equivalent measure. You may also obtain a copy of the current
version of our Policy by contacting us at any time.

1.4. We encourage you to read this Policy each time you deal with us so that you
are aware of any changes made to it.

1.5. In this Policy, we use the term:
a) ‘physical customers’ to refer to individuals who visit us at our consumer
retail stores, whether or not they receive goods and services from our
consumer retail stores;
b) ‘online customers’ to refer to individuals who use our Websites and Apps
to view our goods and services, and who receive goods and services from
us via our retail Website and Apps;
c) ‘commercial customers’ to refer to individuals who purchase commercial
and wholesale goods and services from us or who borrow commercial
plant and equipment from us, and individuals at businesses who purchase
commercial and wholesale goods or services from us;

d) ‘suppliers’ to refer to individuals who provide us with goods or services,
and individuals at businesses who provide us with goods or services;
e) ‘participants’ to refer to individuals who participate in competitions we hold
or attend events we hold;
f) ‘members’ to refer to individuals who join any of our membership programs
or clubs;
g) ‘users’ to refer to individuals who subscribe to our newsletters, engage
with us on social media platforms, or who enquire about our goods and
services via electronic means; and
h) ‘applicants’ to refer to individuals who apply for employment or other
engagement with us.

1.6. In some circumstances, you may belong to more than one of these groups,
and multiple sections of this Policy will then apply to you.

2. What is Personal Information, and what do we collect?
2.1. Personal Information is any information or opinion about you that identifies
you or is capable of identifying you, even if the information is not true, and
whether or not it is in physical form (Personal Information).

2.2. Sensitive Information is a subset of Personal Information and includes
information or opinion about such things as an individual; racial or ethnic
origin, political opinions, membership of a political association, religious or
philosophical beliefs, membership of a trade union or other professional
body, criminal record or health information, and biometric information (that is,
data derived from your physical characteristics, such as a fingerprint) and
biometric templates (that is, a stored digital template of biometric information,
such as a fingerprint or retina scan).

2.3. The kinds of Personal Information we collect about you depends on our
relationship with you, and we limit the information we collect to what is
reasonably necessary for one or more of our functions or activities.
Generally, we will collect your name, commentary or opinion about you, and

other information relevant to providing you with the information, goods and
services you or someone on your behalf are seeking.

2.4. If you are a physical customer: we may also collect CCTV images and audio
of you, your vehicle and your vehicle’s registration number. We will only
collect your name and contact details if you provide them to us in relation to a
query or complaint. Identifiable transaction details are collected by third party
payment gateways and are not stored by us. We may collect Sensitive
Information from you in the form of a biometric template of your face,
collected via CCTV images and used in conjunction with facial recognition
technology.

2.5. If you are an online customer: we may also collect your contact details, email
address, payment details, delivery address and instructions, details related to
your online shopping experience, and information about your use of our
Website and Apps and the device you are using (including numbers that
identify your device, IP address, geographic location of your IP address, and
of your device where that is relevant to the goods, services and information
we are providing, cookie information, and user preferences). You may
choose to enable or disable information you share with us via the Website or
App in your browser or device settings. Disabling the sharing of some
information may affect your ability to use certain features of the Website or
App, and your user experience generally.

2.6. If you are a commercial customer: we may also collect your contact details,
ABN (if applicable), business name, information about your role, and your
date of birth and drivers licence (for sole trader and partnership borrowers of
our equipment, for the purpose of registering our security interest on the
PPSR).

2.7. If you are a supplier: we will also collect your contact details, ABN, business
name, bank account details (for payment of your invoices), and information
about your role.

2.8. If you are a participant: we will generally only collect your name and contact
details, however some competitions, surveys, market research and events
we run require us to collect additional information about you, for example,
participating in events with catering may require you to provide us with your
dietary requirements. We will notify you at the time if we need to collect more
information, and the reasons for collecting it.

2.9. If you are a member: we will also collect your contact details, information
contained in your membership application, and information related to your
member interactions with us.

2.10. If you are a user: we may also collect your email address, social media
account name and contact details, any images or videos shared with us via
social media, details of your enquiries and feedback, and information about
your interaction with us through social media.

2.11. If you are an applicant: depending on your potential or actual position
with us, we will also generally collect your Personal Information contained
within an application and CV/resume, employment history, personal
information derived from a reference, personal information derived from an
interview, personal information derived through testing (including
psychometric or aptitude testing), licences and other certificates and
qualifications, and information included in a passport, birth certificate, visa or
other documentation demonstrating your right to work in Australia.

2.12. We support your ability to make decisions about the Personal
Information you provide to us, however if you choose not to provide us with
the information requested, or it is incomplete or inaccurate, we may not be
able to provide you with the information, goods and services you are seeking.
If you are an applicant, refusal to provide personal information may mean we
are unable to process your application.

3. How we collect Personal Information
3.1. We will generally collect Personal Information directly from you when you
interact with us, such as in person, by email, by phone, by enquiry or
feedback form, or via our Website and Apps, social media channels,
interviews (via any method), any of our standard forms (including application
forms, membership forms, etc), contract negotiation, our employment and
engagement application process, our surveys (where applicable), registration
and attendance at our events, facilities and accommodation, or any other
means when you provide us with your Personal Information.

3.2. We may also need to collect Personal Information about you from third
parties from time to time where it is necessary for us to do so and it is
unreasonable or impractical to collect directly from you, where you have
consented to us doing so, or where we are otherwise required to or
authorised to by law. Those third parties include:
a) if you are a supplier or commercial customer: publicly available records
such as the Australian Securities Investment Commission, Australian
Business Register, Australian Financial Security Authority (PPSR), and
land titles offices;
b) if you are a physical customer or online customer: third party payment
gateways, law enforcement agencies, and licence plate recognition
providers;
c) if you are an online customer or user: technology service providers and
social media platforms;
d) if you are an applicant: referees when they provide references, academic
institutions or training and certification providers, providers of licence and
background-checking services, recruiters and other service providers who
assist in the engagement process, and other publicly available sources
such as social media platforms.

3.3. Except as otherwise permitted by law, we only collect Sensitive Information
about you if you consent to the collection of the information and if it is

reasonably necessary for the performance of our functions and activities.
Consent may be implied by the circumstances existing at the time of
collection – for example, if you enter one of our physical stores where signs
prior to your entry indicate that CCTV is in use, and that facial recognition
technology is in use. There may also be circumstances under which we may
collect Sensitive Information without your consent, as required or authorised
by law.

3.4. When we collect information from you, we will take reasonable steps to
inform you about the purposes for collection, the main consequences if you
don’t provide the requested information, the other entities to which we usually
disclose the information, and whether we are likely to disclose your
information to overseas recipients.

3.5. If you provide us with Personal Information about someone else, you must
ensure that you are authorised to disclose that information to us and that,
without us taking any further steps required by applicable privacy laws, we
may collect, store, use and disclose such information for the purposes
described in this Policy. Where we request you to do so, you must assist us
with any requests by the individual to access or update the Personal
Information you have collected from them and provided to us.

4. How we store and protect Personal Information
4.1. We store your Personal Information in different ways, including in paper and
electronic form. We take all reasonable measures to ensure your Personal
Information is stored on secure servers (which may be based in Australia or
overseas) in a manner that reasonably protects it from interference, misuse
and loss and from unauthorised access, modification or disclosure, including
electronic and physical security measures, including:
a) limiting access to the Personal Information we collect about you;
b) only providing access to personal information once proper identification
has been given;
c) imposing confidentiality requirements on our employees; and

d) requiring third party providers to have acceptable security measures to
keep Personal Information secure.

4.2. When we no longer need your Personal Information for the purpose for which
we collected it, we will take reasonable steps to destroy or permanently de-
identify your Personal Information. However, most of the Personal
Information is or will be stored and kept by us for a minimum of seven years
(unless legislation requires us to destroy or permanently de-identify it
sooner).

4.3. Despite the reasonable steps we take to secure your Personal Information, if
you provide any Personal Information to us via our Website, Apps and online
services (including email) or if we provide Personal Information to you by
such means, the privacy, security and integrity of your Personal Information
cannot be guaranteed during its transmission unless we have indicated
beforehand that a particular transaction or transmission of information will be
protected (for example, by encryption).

5. Why we collect, hold, use and disclose Personal Information
5.1. The Personal Information we collect and hold about you depends on your
interaction with us and our relationship with you. Generally, we will collect,
use, and hold your Personal Information if it is reasonably necessary for or
directly related to the performance of our functions and activities, and:
a) to facilitate our internal business operations, including:
i. establishing our relationship with you;
ii. maintaining, managing and developing our relationship with you and
communicating with you in the ordinary course of that relationship
(including responding to enquiries, information requests, feedback or
complaints);
iii. updating your Personal Information, including destroying or de-
identifying it when it is no longer required;
iv. fulfilling our legal requirements;

v. analysing our goods and services and customer and supplier needs
with a view to developing new or improved goods, services, and
business operations;
vi. conducting market research, monitoring use of our goods and services,
and creating aggregated de-identified data about use of our goods and
services, Website and Apps;
vii. contacting you to ask about your experiences with, or impressions of,
our products or services, or to provide a testimonial for us (where
applicable);
viii. if you are an online customer or user: streamlining and personalising
your experience within our Website and Apps, tailoring our information,
goods and services for you, and remarketing (targeting online
advertising and direct marketing to you based on your use of our
Website and Apps);
ix. if you are an applicant: considering your application;

b) to provide you with information about other goods and services that we or
our related entities and other affiliated organisations offer that may be of
interest to you. You may unsubscribe from our mailing/marketing lists at
any time by using the unsubscribe feature on any emails we send, or
otherwise by contacting us in writing. We do not use your Sensitive
Information for direct marketing purposes; and

c) for any other purpose identified at the time of collection.

5.2. We may use Personal Information for secondary purposes where it would be
reasonable to expect us to do so, and that secondary purpose is related (or
directly related in the case of Sensitive Information) to the primary purpose
set out above.

6. Who we disclose Personal Information to
6.1. We generally disclose your Personal Information for the purposes for which it
was collected (set out above). We may disclose Personal Information about
you to:

a) our related entities within the Foreman Corporation;
b) our employees, contractors, consultants, and volunteers who require the
information to assist us with the purposes for which it was collected;
c) government departments and agencies where required by law;
d) third party service providers who assist us in operating our business and
providing information, resources, goods and services to you or someone
else on your behalf (including marketing campaign providers, market
research providers, mail processing providers, printers, IT and technology
service providers, recruitment providers, and professional advisers such
as lawyers, accountants, and auditors);
e) third parties to whom you have agreed we may disclose your information
and where the information was collected from you (or from a third party on
your behalf) for the purposes of passing it on to the third party; and
f) any other entity as otherwise required or authorised by law, including
regulatory bodies.

6.2. We may also disclose Personal Information for secondary purposes where it
would be reasonable to expect us to do so, and that secondary purpose is
related (or directly related in the case of Sensitive Information) to the primary
purpose.

6.3. Where we disclose Personal Information to a third party service provider, we
take reasonable steps to ensure these service providers have appropriate
security for your Personal Information and use it only for the purposes for
which it was collected.

6.4. We may expand or reduce our business, and this may involve the sale and/or
transfer of control of all or part of our business. Personal Information, where it
is relevant to any part of the business for sale and/or transfer, may be
disclosed to a proposed new owner or newly controlling entity for their due
diligence purposes, and upon completion of a sale or transfer, will be
transferred to the new owner or newly controlling party to be used for the
purposes for which it was provided.

7. Overseas disclosure
7.1. We are assisted by a variety of external service providers to operate our
business and to provide you or someone else on your behalf with the
information, resources, goods and services sought. Some of these service
providers may be located overseas, and while there are too many to
expressly name, they include Microsoft located in the United States.
7.2. We take reasonable steps to ensure these service providers have
appropriate security for your Personal Information and use it only for the
purposes for which it was collected.

8. Third party websites and advertising
8.1. Our Websites, Apps, and online services (including email messages we send
to you) may contain links to other websites maintained by a third party (other
services). Other services may link to our websites and online services. If you
click on a link to another site maintained by a third party they are no longer
subject to this Policy. We are not responsible for the privacy practices of the
organisations that operate those other services, and by providing such links
we do not endorse or approve the other services. We have no responsibility
for linked websites owned or operated by a third party and provide them
solely for your information and convenience. We specifically disclaim
responsibility for their content, privacy practices and terms of use, and we
make no endorsements, representations or warranties about their accuracy,
content, or thoroughness. Your disclosure of personal information to third
party websites is at your own risk.

8.2. We may allow third parties to use cookies or other tracking technologies to
collect non-personal information about your use of our Websites and Apps,
including your IP address, pages viewed and conversion information. This
information may be used, among other purposes, to deliver advertising
targeted to your interests and to better understand the usage and visitation of
our Websites, Apps, and other websites tracked by these third parties. This
Policy does not apply to, and we are not responsible for, third party “cookies”
or other tracking technologies. We encourage you to check the privacy

policies of advertisers and/or ad services to learn more about their privacy
practices.

9. How you can access and correct Personal Information
9.1. You may access the Personal Information we hold about you, subject to
certain exceptions. If you wish to access your Personal Information, please
contact us via the below:
i. Email: info@foremancorporation.com.au
ii. Phone: 1800 975 018

9.2. We endeavour to respond within 30 days, but will otherwise respond within a
reasonable period. We may decline a request for access to personal
information in circumstances prescribed by the Privacy Act, and if we do, we
will give you a written notice that sets out the reasons for the refusal (unless it
would be unreasonable to provide those reasons), including details of the
mechanisms available to you to make a complaint.

9.3. We will not charge any fee for your access request but may charge an
administrative fee for providing a copy of your Personal Information. We will
notify you in advance of any applicable fees.

9.4. In order to protect your Personal Information, we will require identification
from you before releasing the requested information.

9.5. If you believe the information we hold about you is incomplete, not up to date,
or is inaccurate, please advise us as soon as practicable. We will take
reasonable steps to correct the information if we agree that it is incomplete,
out of date, or inaccurate. We endeavour to process any request within 30
days.

9.6. If we refuse to correct your Personal Information, we will give you a written
notice that sets out our reason for our refusal (unless it would be
unreasonable to provide those reasons), including details of the mechanisms
available to you to make a complaint.

10. Complaints
10.1. If you have any queries or concerns about our Privacy Policy, or the
way we handle your Personal Information, or you wish to make a complaint
about a breach of the Privacy Act or this Policy, please contact us using the
details above and we will take reasonable steps to investigate the complaint
and respond to you.