Privacy Policy

Your privacy is important to us

1. PURPOSE

1.1 PURPOSE

Pilbara Minerals Limited and its subsidiaries (together, Pilbara Minerals or we/us) are committed to protecting the privacy of individuals’ personal information in accordance with the Privacy Act 1998 (Cth) (Privacy Act).

This Privacy Policy (Policy) sets out the principles that Pilbara Minerals will follow in collecting, using, holding, disclosing, and otherwise managing Personal Information. It sets out rights in relation to personal information and how you can contact us.

This Policy does not apply to information collected, or otherwise obtained by Pilbara Minerals in relation to current and former employees and which relates directly to the employment relationship that exists, or existed, between us and our current and former employees.

1.2 WHO DOES THIS POLICY APPLY TO?

All directors, officers and employees of Pilbara Minerals must comply with this Policy.

2. COLLECTION OF PERSONAL INFORMATION

2.1 WHAT IS PERSONAL INFORMATION?

Personal information is information or an opinion about an identified individual or an individual who is reasonably identifiable, whether true or not and whether the information or opinion is recorded in a material form or not.

2.2 HOW WE COLLECT PERSONAL INFORMATION

Pilbara Minerals may collect personal information from you in a variety of ways, including when you work with us, apply for a position, attend our operational sites, use our website, invest in us, or have business dealings with us (e.g., customers, suppliers, contractors, investors and the like), and/or when you attend a company presentation (e.g., annual investor presentation).

Where possible, we collect personal information directly from you. This may occur when you interact with Pilbara Minerals in person, over the telephone or electronically (e.g. via websites, apps, social media posts, chats, telephone, emails and or SMS) or as otherwise permitted by law.

From time to time, we may also collect personal information about you from other sources. For example, we may collect information:

  • from your employer, where your employer is a contractor engaged by us and you may be mobilised to our mine site;
  • from your former employer or other nominated reference as part of pre-employment checks;
  • from publicly available sources; or
  • from credit reporting agencies or other third

If we collect personal information about you from someone else, we will take reasonable steps to ensure that you are made aware that we have collected the information.

2.3 UNSOLICITED INFORMATION

From time to time, we may receive personal information that we have not requested (unsolicited personal information).

If we receive unsolicited personal information, we will consider if we could have collected that information directly from the relevant individual.

If we determine that:

  • we could have collected the personal information had it been requested, we may store, use and disclose that information in accordance with this Policy; or
  • we could not have collected the personal information had it been requested, we will take reasonable steps to destroy or de-identify it as soon as practicable if it is lawful and reasonable to do
2.4 EXAMPLES OF INFORMATION WE MAY COLLECT

Examples of the kinds of personal information that Pilbara Minerals may collect and hold could include:

  • name;
  • gender;
  • date of birth;
  • contact details (such as phone number, fax number, home address or email address);
  • photographic identification (e.g., drivers’ licence or passport);
  • employment history and academic qualifications;
  • licences and permits;
  • payroll information including banking, superannuation and tax details;
  • credit card information;
  • health information; and
  • any other information (including background checks) to verify your identity or right to

We may collect information about you when you access our website (www.pilbaraminerals.com.au). This can include (but may not be limited to) the following:

  • website usage information (server logs, your IP address etc);
  • date and time of your visit;
  • pages accessed and information downloaded;
  • name, email address and contact

Pilbara Minerals does use cookies and IP address tracking to administer its website and generally improve its content and service offering. You may set your browser to refuse cookies if you wish, although this may affect your browsing experience.

2.5 ANONYMITY AND PSEUDONYMITY

In most circumstances, it is impractical for people to communicate with us anonymously. However, where possible and practical, we will provide you with the option of not identifying yourself or using a pseudonym when communicating with us.

2.6 SENSITIVE INFORMATION

Sensitive information is a subset of personal information and is defined as:

  • information or an opinion (that is also personal information) about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, or criminal record;
  • health information about an individual;
  • genetic information (that is not otherwise health information);
  • biometric information that is to be used for the purpose of automated biometric verification or biometric identification, or,
  • biometric

We only collect sensitive information where you have consented to the collection and it is reasonably necessary for one or more of our functions or activities.

3.  USE OR DISCLOSURE PERSONAL INFORMATION

3.1 HOW WE USE YOUR PERSONAL INFORMATION

Pilbara Minerals uses personal information to carry out its business functions and activities, to comply with regulatory obligations and in connection with investigations or claims.

Sometimes we will ask for your express consent to use certain types of personal information and, where we do so, you may have the right to withdraw that consent.

We may collect, use and store personal information for the legitimate business interests of Pilbara Minerals, including:

  • facilitating our internal business and mining operations, work management and maintenance of proper business records;
  • authenticating your identification to protect and maintain the security and safety of Pilbara-owned or operated premises, sites, systems, assets and people;
  • maintaining our relationships with our employees, contractors, customers, and suppliers;
  • managing safety and security risks (including using CCTV), and our IT systems (including monitoring of electronic communications);
  • managing shareholder relationships inclusive of the purposes of undertaking share transactions, dividend payments and maintaining ongoing communications with our shareholders;
  • engaging in business sales or acquisitions or joint ventures;
  • investigating or responding to any incidents, complaints or grievances; or
  • to the extent that we are required or authorised to do so by

3.2 DISCLOSURE OF PERSONAL INFORMATION

Pilbara Minerals will only disclose your personal information for:

  • the primary purpose for which it was collected;
  • any related purpose for which it would reasonably be expected to be used or disclosed;
  • a purpose required or permitted by law; or
  • a purpose for which you have provided

Examples of instances where we may disclose personal information about you to third parties include disclosure to providers of services to Pilbara Minerals, government agencies, regulatory authorities, related bodies corporate of Pilbara Minerals and our professional advisers.

3.3             DISCLOSURE TO OVERSEAS RECIPIENTS

Some of our service providers, including data storage and technology service providers, may be located or use locations outside of Australia. Where we are required to disclose information to a Third Party in a country which does not have substantially similar legal protections for personal information, we will take reasonable steps to ensure that:

  • the overseas recipient does not do anything that would breach the Privacy Act were they located in Australia; and
  • that information is protected in a similar manner to which it would otherwise have been under the Privacy
3.4 GOVERNMENT IDENTIFIERS

A government identifier of an individual is one that has been assigned by the government (e.g. a tax file number). Subject to certain exemptions under the Privacy Act, Pilbara Minerals will not disclose identifiers assigned by government agencies or use those identifiers to identify your personal information.

4. STORAGE, SECURITY AND DESTRUCTION OF PERSONAL INFORMATION

4.1 STORAGE AND SECURITY

We will take reasonable steps to ensure the security of the personal information that is collected such that the personal information that we hold is protected from misuse, interference, loss, and from unauthorised access, modification and/or disclosure.

As a company we store and retain information both in electronic and hard copy format.

We have implemented strict controls within our IT systems that restrict access to information databases, maintain our security firewalls and intrusion detection systems, and where applicable, encrypt our data.

No information that is transmitted over the internet can be guaranteed to be 100% secure. We will strive to protect users’ personal information however we cannot guarantee or warrant the security of information transmitted over the internet and users do so at their own risk.

If you have concerns about transmitting information over the internet, you should contact our Privacy Officer to arrange a suitable alternative.

4.2 DESTRUCTION OR DE-IDENTIFICATION

We will retain your data in line with good record-keeping practices. The relevant time period for retention of your information is determined in accordance with relevant legal and regulatory requirements, the purpose for which your personal information was collected, limitation periods for any claims that might arise and industry practice guidelines.

Pilbara Minerals will take reasonable steps to ensure that personal information it holds that is no longer necessary for the disclosed purpose is destroyed or permanently de-identified, subject to any legal obligation to keep the personal information for any required period.

Personal information held in hard copy is shredded or disposed of through secured access recycling bin collection services.

Where possible, personal information held in electronic form will be ‘santised’ from the relevant hardware to completely remove the stored personal information. Where hardware cannot be sanitised, reasonable steps will be taken to destroy the personal information in another way.

Where it is not possible to irretrievably destroy personal information held in electronic format, we take reasonable steps to de-identify the personal information or put it beyond use.

5. ACCESS TO AND CORRECTION OF PERSONAL INFORMATION

At the request of an individual, Pilbara Minerals will, in most circumstances, provide access to any personal information that is being held by Pilbara Minerals about that individual. We will endeavour to do this within 30 days of the request.

There are certain circumstances where Pilbara Minerals will not provide an individual access to such personal information in accordance with the Privacy Act. These circumstances include where providing access would have an unreasonable impact to the privacy of others, where providing access would reveal commercially sensitive information about the organisation or where providing access would be unlawful.

We take reasonable steps to ensure that the information is up to date and complete. However, if you believe the information we hold about you is inaccurate or incomplete, you may request that we correct it.

An individual can seek access to, and update or correct, any personal information that is being held by us about that individual by contacting the Privacy Officer directly in writing.

6. BREACH

Any breach of this Policy will be regarded as a serious matter and may result in, for employees, contractors and consultants, disciplinary action, including termination, or for Third Parties, appropriate legal action in accordance with Pilbara Minerals’ rights under the Privacy Act.

Under the Notifiable Data Breach scheme, Pilbara Minerals must notify affected individuals and the Office of the Australian Information Commissioner (OAIC) about an eligible data breach.

An eligible data breach occurs when:

  • there is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, that an organisation or agency holds;
  • this is likely to result in serious harm to one or more individuals; and
  • the organisation or agency hasn’t been able to prevent the likely risk of serious harm with remedial

7. QUERIES OR COMPLAINTS

Should you have any queries or complaints relating to this Policy, you should direct them in writing to our Privacy Officer, who can be contacted at privacy@pilbaraminerals.com.au .

All complaints will be investigated by an appropriately qualified representative of Pilbara Minerals. We will endeavour to resolve your complaint as quickly as possible. We will notify you of the outcome of the investigation, including how we propose to resolve your complaint and what, if any, corrective measures we will implement.

If you are not satisfied with our handling of your complaint, you may lodge a complaint with the OAIC. For more information about doing so, visit http://www.oaic.gov.au/privacy/making-a-privacy-complaint.

8. POLICY REVIEW

This Policy will be reviewed by the Board every two years and amended as required. This policy was last reviewed on 19 June 2024.