Privacy Policy

PURPOSE

This Policy outlines the principles adopted by Hive & Wellness Australia Pty Ltd (HWA) to protect the personal information of individuals in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

HWA is committed to handling personal information in a lawful, fair, and transparent manner. We will take all reasonable steps to ensure that any personal data we collect, use, hold, or disclose is managed in accordance with applicable Australian privacy laws and regulatory requirements.

COLLECTION OF PERSONAL INFORMATION

HWA collects personal information that is reasonably necessary for our functions, services, and compliance obligations. We are committed to collecting this information lawfully, fairly, and transparently, and to protecting the rights of individuals whose data we hold.

We will inform individuals of the purposes of collection and, where required, seek their consent—unless an exception under the Privacy Act 1988 applies (e.g. where collection is required or authorised by law or necessary for the performance of a contract).

HWA may collect information in the following ways:

1. Types of Personal Information We Collect

The types of personal information we collect and hold may include (but are not limited to):

  • Name
  • Date of birth
  • Residential or postal address
  • Email address or telephone number
  • Financial details (e.g. bank account information, if you are a supplier or shareholder)
  • Tax File Number or ABN, where required by law
  • Information about your interactions with our services (e.g. purchase history or enquiry records)

In the context of stakeholder engagement, we may collect information as follows:

  • Consumers – name and contact details (e.g. email address, phone number)
  • Beekeepers – name, address, ABN, and banking information for payment purposes
  • Suppliers and trade customers – representative’s name, employer, job title, and contact information
  • Prospective employees – full name, contact details, employment history, education, referee information, and next of kin details (for emergency purposes)
  • Shareholders – name, address, shareholding information, tax file number, and banking details for dividend processing

2. How We Collect Personal Information

We collect personal information directly from you when you:

  • Interact with us in person, by phone, email, facsimile or mail
  • Submit information through our website or online forms
  • Apply for employment or provide us with documentation during recruitment
  • Engage with our services, participate in promotions, or submit feedback
  • Attend meetings or communicate with us through social media platforms

We will only collect personal information by lawful and fair means, and not in an unreasonably intrusive way.

3. Collection from Third Parties

On occasion, HWA may collect personal information about you from third parties, including:

  • Recruitment agencies or referees (for job applicants)
  • HWA’s share registry service provider (for shareholders)
  • Publicly available sources such as business directories or professional websites
  • Online job platforms or career portals where we advertise vacancies

We take reasonable steps to ensure that any personal information received from third parties is collected with appropriate consent and handled in accordance with this policy.

4. Anonymous or Pseudonymous Use

Where lawful and practical, individuals may choose to interact with us anonymously or by using a pseudonym (e.g, when making a general enquiry through our website). However, in some cases, we may not be able to provide certain products or services without identifying information.

5. Website Cookies and Online Tracking

Our website uses cookies to enhance user experience and gather usage analytics. A cookie is a small text file placed on your device that enables us to recognise repeat visitors, remember preferences, and improve website functionality.

Cookies may collect information such as: IP address, browser type, operating system, referring website, pages visited and time spent on site, date and time of access.

You can control how cookies are handled by adjusting your browser settings to block, delete, or warn about cookies. Refer to your browser’s help menu for more information.

6. Ethical Collection Practices

HWA is committed to ethical sourcing and responsible data collection in alignment with our obligations under the ETI Base Code, and applicable international labour standards. We apply additional care when collecting information from vulnerable individuals, including migrant workers, young workers, or those in temporary or non-standard arrangements. All information is collected with due respect for privacy, human dignity, and data minimisation principles.

PURPOSES FOR WHICH WE COLLECT & USE PERSONAL INFORMATION

HWA collects, holds, uses and discloses personal information only where it is reasonably necessary for our business operations, legal obligations, or other legitimate interests. We are committed to ensuring that personal information is only used for the purposes for which it was collected or for purposes that a reasonable person would expect. The purposes for which we hold, use and disclose information include:

1. Business Operations & Customer Engagement

  • Providing our products and services to consumers and trade customers
  • Responding to enquiries, complaints, or feedback
  • Administering promotions, competitions, or surveys
  • Communicating updates or service information to customers

2. Internal Administration & Improvement

  • Conducting internal planning, research, reporting, and product development
  • Improving our website, systems, and customer experience
  • Performing data analytics to inform business decisions

3. Legal & Financial Compliance

  • Fulfilling obligations to shareholders and processing payments (e.g. dividends)
  • Complying with applicable laws, regulations, and reporting obligations
  • Managing risk, fraud prevention, and insurance claims
  • Assessing potential business acquisitions or partnerships

4. Human Resources & Recruitment

  • Managing recruitment and assessing job applicants
  • Facilitating onboarding, emergency contact registration, and employment screening

HWA will not use or disclose your personal information for any purpose other than those reasonably expected, unless you have given consent or we are required or permitted to do so by law.

If you do not wish to receive marketing communications from HWA, you may opt out at any time by contacting the Privacy Officer. We will honour all such requests and ensure you are not contacted for promotional purposes unless you have expressly consented to it.

HOW WE USE & DISCLOSE PERSONAL INFORMATION

HWA uses and discloses personal information solely for the purposes outlined in this Policy, or for other purposes that are reasonably expected, with your consent, or where required or authorised by law. We take appropriate steps to ensure that personal information is only shared with trusted third parties who are bound by obligations of confidentiality and data security.

We may disclose personal information to the following third parties:

1. Service & Technology Providers

  • IT support, hosting, and cloud service providers
  • Software application vendors and digital communication platforms

2. Professional & Regulatory Partners

  • Legal counsel, auditors, and regulatory consultants
  • Insurers or government authorities, where required

3. Financial & Operational Functions

  • Share registry operators
  • Payment processors and financial institutions
  • Logistics and delivery service providers

4. Business Transactions

  • If HWA undergoes a sale, merger, restructure, or business transition, personal information may be disclosed to relevant parties involved, subject to confidentiality undertakings.

We undertake due diligence when engaging third-party service providers and take reasonable steps to ensure their privacy and ethical standards align with our commitments under the Privacy Act 1988 and the ETI Base Code.

HOW WE STORE & PROTECT INFORMATION

HWA takes the security and integrity of personal information seriously. We store personal information in secure physical and electronic formats, either at HWA premises, in secure off-site archives, or with trusted cloud service providers under binding contractual obligations.

1. Storage of Personal Information

Personal information is retained only as long as necessary to fulfil the purpose for which it was collected, or to meet legal and regulatory obligations. Our systems include:

  • On-site servers and secure physical storage
  • Cloud-based platforms hosted by reputable third-party vendors
  • Internal databases with user authentication and access controls

2. Protection of Personal Information

HWA applies a layered approach to information security, including both technical and procedural safeguards:

2.1 Technical Controls

  • Encryption of data in transit and at rest
  • Role-based access with multi-factor authentication
  • Secure firewalls, intrusion detection, and malware protection

2.2 Organisational Controls

  • Access restricted to authorised personnel on a need-to-know basis
  • Regular audits, monitoring, and staff privacy training
  • Strict protocols for the secure destruction or de-identification of data when no longer required

While we take all reasonable steps to protect personal information, no data transmission over the internet can be guaranteed to be entirely secure. If a data breach occurs, HWA will respond promptly in accordance with our Data Breach Response Plan and notify affected individuals in line with the Notifiable Data Breaches scheme under the Privacy Act 1988.

OVERSEAS DISCLOSURE

While HWA does not intentionally disclose personal information to overseas recipients, some third-party service providers (such as cloud storage or email platforms) may host data on servers located outside Australia. HWA conducts due diligence to ensure such providers meet Australian privacy standards, including compliance with APP 8 regarding cross-border disclosures.

ACCESS & CORRECTION

We will take all reasonable steps to ensure any personal data we collect, use or disclose is up to date and accurate.  If you believe personal information we hold about you is not up to date or accurate, you may ask us to correct it by contacting the Privacy Officer and we will take reasonable steps to amend the information if we agree with the change.  If we disagree with your view, we will provide the reasons for our decision (unless it is unreasonable to do so) and the avenue to make a complaint. If we decline to correct your personal information as requested, you may ask us to include a statement with the record indicating that you dispute its accuracy. We will take reasonable steps to add this statement so it is linked to the relevant information.

You may ask us to provide you with details of the personal information we hold about you, and copies of that information.  Requests for information should be made to the Privacy Officer: Annette Zbasnik, Company Secretary ([email protected]).  If we provide you with copies of the information you have requested, we may charge you a reasonable fee to cover the administrative costs of providing you with that information.

DATA CONFIDENTIALITY & RECORDS MANAGEMENT

HWA recognises its legal and ethical obligations to manage personal, health, and sensitive information in a secure, accurate, and accountable manner throughout the information lifecycle. This includes creation, use, storage, access, archiving, and secure disposal of records.

In accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs)—particularly APP 6 (Use and Disclosure), APP 10 (Quality), APP 11 (Security), and APP 13 (Correction)—HWA must ensure that personal and health information is:

  • Collected lawfully and with informed consent (APP 3 and 5)
  • Used only for the purpose for which it was collected or as required/authorised by law (APP 6)
  • Stored securely to prevent unauthorised access, interference, loss or disclosure (APP 11)
  • Kept accurate, up to date and complete (APP 10)
  • Available to individuals who request access or correction (APP 12 and 13)

This applies to all formats of information, including physical files, electronic records, emails, databases, case notes, medical certificates, and audio-visual recordings.

1. Confidentiality of employee & health records

Personal and health-related records about employees must be stored and handled with the highest level of confidentiality, especially in the context of injury management and workers’ compensation claims, return-to-work planning, mental health or psychological support documentation, medical assessments, vaccinations, or disability-related accommodations

These records must be accessible only to authorised personnel (e.g. RTW Coordinators, National Safety Manager, People & Culture), and not disclosed without legal authority or employee consent.

2. Retention & Disposal of Records

HWA will retain records in line with statutory and operational requirements. This includes Mandatory Retention Periods:

  • Injury and RTW records: Retained for a minimum of 25 years from the date of injury or finalisation of the claim, as per the Workers’ Compensation and Rehabilitation Regulation 2014 (QLD) and equivalent state legislation.
  • Hazardous chemical exposure records (if applicable): Must be kept for 30 years, under WHS Regulations.
  • Training and induction records: Usually retained for at least 7 years, unless linked to an incident or investigation.
  • Employment contracts, performance, grievance or disciplinary records: Retained for 7 years after employment ends, in line with Fair Work obligations and limitation periods.

3. Secure Storage & Disposal

  • Records are stored:
    • In locked cabinets or secure archives (for physical records)
    • On encrypted servers or access-controlled systems (for digital records)
  • At the end of the retention period, records will be:
    • Securely destroyed (e.g. shredding, digital wiping), or
    • Permanently de-identified, where long-term trends are to be retained for analytics

4. Employee Access & Transparency

Employees have the right to request access to their personal information, and to seek correction if they believe it is inaccurate or outdated. Any corrections or challenges to records will be handled in line with APP 13 and HWA’s internal procedures, including the right to request a note of dispute be attached.

PRIVACY COMPLAINTS & ENQUIRIES

HWA is committed to addressing all privacy-related concerns promptly, respectfully, and without retaliation. Individuals have the right to raise questions, concerns, or formal complaints regarding the way we handle personal information.

You may contact the Privacy Officer Annette Zbasnik, Company Secretary ([email protected]) to:

  • Request more information about this policy
  • Raise a concern about how your personal information has been collected, used, or disclosed
  • Make a complaint about a potential privacy breach

You may choose to make your enquiry or complaint on an anonymously basis. However, we may ask you to identify yourself if required by law or if anonymity makes it impractical to investigate or respond appropriately.

When lodging a complaint, please include:

  • Your contact details (if not anonymous)
  • A description of the concern or incident
  • Any relevant supporting documents or timeline

We aim to acknowledge all complaints within 5 business days and to resolve them within 30 days where possible. If a complaint is complex or requires further investigation, we will keep you informed of the progress and anticipated resolution timeline.

If you are not satisfied with our response, you may escalate the complaint to the:

Office of the Australian Information Commissioner (OAIC)
Website: www.oaic.gov.au
Phone: 1300 363 992