1. Purpose

The purpose of the Policy is to ensure that all personal, employee, client and business information handled by the Company is managed ethically, lawfully, and in accordance with:

• The Fair Work Act 2009 (Cth)
• The National Employment Standards (NES)
• The Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs)
• Human Rights and Equal Opportunity Principles; and WorkSafe Australia guidelines regarding the safe and respectful management of information.

The Company is committed to protecting the privacy of employees, clients, and stakeholders, and to ensuring confidentiality in all business operations.

2. Scope

This Policy applies to all employees, contractors, consultants, and temporary workers of the Company. It covers all forms of personal and confidential information — whether oral, written, electronic, or visual — obtained in the course of employment or business operations.

3. Policy Statement

The Company values trust, integrity, and respect. Protecting private and confidential information is essential to maintaining ethical standards, legal compliance, and the wellbeing of our employees and clients.

All employees are required to handle information responsibly and must not access, use, share, or disclose any confidential or personal information unless authorised or legally required to do so.

Failure to comply with this Policy may result in disciplinary action, up to and including termination of employment, and, where applicable, legal proceedings.

4. Legislative Framework

This Policy is guided by the following legislation and principles:

• The Fair Work Act 2009 (Cth)
• The National Employment Standards (NES)
• The Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs)
• Equal Opportunity Act 2010 (Vic) and equivalent state-based laws
• Australian Human Rights Commission Act 1986 (Cth)
• Work Health and Safety Act 2011 (Cth)
• WorkSafe Australia – Code of Practice: Managing the Work Environment and Facilities

5. Definitions

Personal Information: Information or an opinion (whether true or not) about an individual whose identity is apparent or can reasonably be ascertained — e.g., name, address, employment records, or contact details.

Confidential Information: Any information belonging to the Company, clients, or employees that is not publicly available and that provides a competitive, commercial, or operational advantage.

Sensitive Information: Includes health information, criminal history, racial or ethnic origin, political opinions, or membership of professional or trade associations.

6. Principles of Privacy and Confidentiality

The Company commits to the following principles:

1. Fairness and Transparency Information will be collected, used, and stored fairly and transparently, consistent with the Australian Privacy Principles (APPs).
2. Lawful Purpose Information will only be collected for legitimate business, legal, or employment-related purposes.
3. Respect and Human Rights Handling of information will uphold the Human Rights Principles of privacy, dignity, and respect for all individuals
4. Equality and Non-Discrimination Information will never be used to discriminate against individuals based on gender, race, disability, religion, or other protected attributes under Equal Opportunity laws
5. Work Health and Safety Information management will ensure the safety and psychological wellbeing of employees in accordance with WorkSafe Australia standards.

7. Employee Responsibilities

All employees are required to:

• Sign and adhere to a Confidentiality Agreement as a condition of employment;
• Maintain strict confidentiality regarding all business, client, and personnel information
• Protect confidential documents and data from unauthorised access or disclosure;
• Use information only for legitimate business purposes; and
• Immediately report any suspected data breach or unauthorised disclosure to their manager or Human Resources.

Employees who are unsure of their obligations must seek guidance from their manager or HR before sharing any information.

8. Handling Confidential Information

Employees must take reasonable precautions to protect confidential and personal information, including but not limited to:

• Discussing confidential matters only with authorised personnel who have a legitimate business need to know;
• Avoiding discussions about work or clients in public spaces; Securing all confidential materials in access restricted and password-protected systems;
• Ensuring that computer screens and documents are not visible to unauthorised persons;
• Using encrypted or secure systems when transmitting sensitive information electronically;
• Supervising visitors to ensure they do not access confidential material;
• Shredding or securely disposing of physical documents no longer required; and
• Being mindful of wearable devices or digital assistants that may record or transmit information inadvertently

9. Examples of Confidential Information

Examples of confidential or sensitive information include, but are not limited to:

• Client personal or business data;
• Employee pay and personnel details;
• Financial information and accounting records
• Company strategies, tenders, and proposals;
• Proprietary systems, software, and trade secrets;
• Marketing and business development plans;
• Product formulas or manufacturing processes;
• Inventions, intellectual property, and creative works;
• Legal correspondence or investigations; and
• Conversations, emails, or records containing confidential content.

10. Use and Disclosure of Information

Personal and confidential information may only be used or disclosed:

• For legitimate business purposes consistent with the purpose for which it was collected;
• When required by law, court order, or regulatory authority;
• With the individual’s consent; or
• When necessary to protect the safety, rights, or property of the Company, its employees, or clients

Unauthorised use or disclosure of such information is strictly prohibited.

11. Data Storage and Security

The Company ensures that all information is securely stored and protected against loss, misuse, or unauthorised access.

• Electronic information is stored in password-protected systems with restricted access.
• Physical records are stored in secure cabinets or rooms accessible only to authorised personnel.
• Confidential information transmitted electronically must be encrypted or sent via secure channels.
• Personal data will be retained only for as long as necessary to meet legal, operational, or contractual requirements.

12. Breach of Confidentiality or Privacy

Breach of this Policy includes:

• Unauthorised disclosure or sharing of confidential information;
• Accessing confidential information without legitimate need;
• Failure to secure personal or Company data; or
• Using confidential information for personal gain.

Such breaches may result in disciplinary action, including termination of employment, and may lead to civil or criminal liability under the Privacy Act 1988 (Cth).

13. Work Health and Safety Considerations

Maintaining confidentiality also supports a psychologically safe and respectful workplace under WorkSafe Australia Principles.

Employees must handle sensitive information — especially relating to health, personal status, or disciplinary matters — discreetly and empathetically to prevent emotional or psychological harm.

14. Equal Opportunity and Non-Discrimination

The Company ensures that confidential information is never used to discriminate against employees or clients based on protected characteristics under the Equal Opportunity Act 2010 (Vic) or the Fair Work Act 2009 (Cth). Any discriminatory misuse of private or confidential data will be treated as serious misconduct

15. Reporting Concerns

Employees who become aware of:

• A potential breach of confidentiality;
• Misuse of private information; or
• Unauthorised data access or sharing

must report the matter immediately to their Manager, Human Resources, or the Executive Management Team.
Reports will be investigated confidentially and without retaliation.

16. Review and Amendment

Any amendments must be approved by the Executive Management Team to ensure ongoing compliance with privacy, employment, and safety legislation.

17. References

• Fair Work Act 2009 (Cth)
• National Employment Standards (NES)
• Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs)
• Work Health and Safety Act 2011 (Cth)
• Equal Opportunity Act 2010 (Vic) and related state legislation
• Australian Human Rights Commission Act 1986 (Cth)
• WorkSafe Australia – Code of Practice: Managing the Work Environment and Facilities

Client Privacy — Addendum to Privacy and Confidentiality Policy

This section is an addendum to SLP’s Privacy and Confidentiality Policy and shouldbe read alongside it. It applies specifically to personal information collected from, oron behalf of, client organisations and their nominated contacts. Candidate privacy isgoverned separately by our Candidate Privacy Policy, available on our career site.

Date of publication: [DATE] Revision: 1 Approved by: Executive Management Team

1. What personal information do we collect from clients?

In the course of delivering our services, we may collect personal information relatingto client contacts, including but not limited to:

• Name, job title, and business contact details (email address, phone number)
• Information shared during the engagement, such as organisational structure,personnel details, or internal business information relevant to the delivery ofservices
• Billing and invoicing information
• Communications between the client contact and SLP, including emails andnotes from meetings or calls

2. Why do we collect it?

Client information is collected solely for legitimate business purposes, including:

• Delivering and managing the services outlined in our client agreements
• Communicating with client contacts about their engagement with SLP
• Administering billing, invoicing, and business operations
• Meeting our legal and contractual obligations

3. Who do we share it with?

Depending on the nature and scope of services engaged, client contact informationmay be processed by one or more of our authorised third-party service providers,including but not limited to platforms supporting project management, emailcommunications, learning management, and workflow automation. These providersare engaged to support the delivery of our services and are not permitted to use yourinformation for their own purposes.

Not all providers will be used in every client engagement. The platforms used willdepend on the specific services being delivered.

We do not sell, rent, or trade client personal information to any third party.

4. How long do we keep it?

Client contact information is retained for the duration of the client relationship and fora reasonable period thereafter to meet legal, contractual, and operationalrequirements. We do not apply a fixed deletion schedule to client data. Information isremoved in the following circumstances:

• A client notifies us of a personnel change — the former contact’s informationis deleted and replaced with the updated contact’s details
• A client makes a specific written request for their information to be deleted

Where our service providers automate data flows between platforms (for example,via workflow automation tools), those flows are configured and controlled by SLPand operate only within the scope of the purposes described above.

5. Your rights

In accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles(APPs), client contacts have the right to:

• Request access to the personal information SLP holds about them
• Request correction of information that is inaccurate, incomplete, or out of date
• Request deletion of their personal information (subject to any legal orcontractual obligations requiring retention)

To exercise any of these rights, or to raise a privacy concern, please contact:
Greg Gladman, Managing Director
Email: greg@saleslp.com
If you are not satisfied with our response, you may lodge a complaint with the Officeof the Australian Information Commissioner (OAIC) at oaic.gov.au.

6. Legislative framework

This addendum is governed by the following legislation:

• Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs)
• Anti-Discrimination Act 1991 (Qld)
• Australian Human Rights Commission Act 1986 (Cth)

7. Review and amendment

This addendum will be reviewed no later than October 2026, or sooner if SLP’s technology stack or service offering changes materially. Any amendments must be approved by the Executive Management Team.