RURALCO HOLDINGS LIMITED ACN 009 660 879

PRIVACY POLICY

This Privacy Policy sets out how Ruralco Holdings Limited ACN 009 660 879 and any subsidiary or associated entity and as trustee of any trust
(“Ruralco”) (referred to as “we”, “our”, or “us” in this policy) handles your personal information (including personal information collected via our website)
and how to contact us if you have any questions about our management of personal information. We are committed to protecting your privacy and
ensuring that our Privacy Policy complies with Australian Privacy Principles set out in the Privacy Act.

For information about our management of credit-related personal information, please see our Credit Reporting Policy.

We conduct regular reviews of our policies and procedures, and we may change our Privacy Policy from time to time. The most current version of our
Privacy Policy will be available on our website. A copy of our Privacy Policy is also available free of charge by contacting our Privacy Officer using
the contact details set out below. We will take reasonable steps to provide a copy of our Privacy Policy in the form requested.

Your use of our website is also subject to our Terms and Conditions of Use. You should note that other websites are made available on our website
through hyperlinks. Those websites are not subject to our Privacy Policy and you should review the privacy policies of each of those other websites
to assess whether they are suitable to you before using them.

By providing information to us after viewing this Privacy Policy you acknowledge and consent to our collection, use, and disclosure, of your personal
information as set out in this Privacy Policy.

What kinds of personal information do we collect and hold?

“Personal Information” is information or an opinion, in any form (whether true or not) about an individual or an individual who is reasonably
identifiable.

The kinds of personal information we collect and hold will vary depending on your dealings with us and the circumstances of collection. For example,
whether we collect personal information from you as a customer, guarantor, contractor, job applicant, supplier, or in some other capacity.

The kinds of personal information we collect and hold may include any of the following:

  • Your name, title, and residential or business address
  • Your occupation or employer
  • Your qualifications and career history
  • Your date of birth and other forms of identification (such as a driver’s licence)
  • Your telephone number and other contact details, including email addresses
  • Your Internet Protocol (IP) address and online passwords
  • Records of your communications and interactions with us
  • Records of your application to us as a potential employee or contractor
  • Records relating to your engagement, conduct, hours worked, and payment as a contractor
  • Details relating to your use of our products and services
  • Credit card or debit card information
  • Banking details
  • Your ABN and government related identifiers, such as tax file numbers
  • Information about the way you use our website

You do not have to give us your personal information. However if you choose not to give us your personal information we may be unable to provide
you with our products or services, grant credit terms to you, process or assess your application, finalise payment of products or services you have
ordered, deliver products you have ordered, or otherwise do business with you or an entity you are connected with.

Sensitive information

“Sensitive Information” includes information about your health, race, ethnic origin, and religious beliefs.

We will not generally collect sensitive information. However you may wish to provide us with sensitive information about you from time-to-time. For
example, if you are a contractor you may wish to provide us with information about your health in connection with an incident on one of our work sites.
If we do collect sensitive information about you we will only do so with your consent or where the collection is required or authorised by law.

Government related identifiers

“Government related identifiers” are identifiers such as driver’s licence numbers or tax file numbers. We do not collect, use, or disclose government
related identifiers unless they are reasonably necessary to verify your identity for our business purposes, or where the use or disclosure is required
or authorised by law. We do not adopt those identifiers to identify you or the information we may have collected about you.

Can you deal with us anonymously or by using a pseudonym?

You have the option of dealing with us anonymously or through the use of a pseudonym where it is practical to do so. For example, when you make
general enquiries with us about the type of products or services we supply, or when you provide us with feedback. If you choose to deal with us using
a pseudonym we will not link that pseudonym to your personal information.

However we may be unable to deal with you or an entity you are connected with if we cannot identify you. For example, we may not be able to supply
purchased goods or services to you without knowing your name and address. In some circumstances we may be required by law only to deal with an
individual who has identified themselves.

How do we collect your personal information?

We will collect your personal information from you directly whenever it is reasonable and practical to do so. There are a number of ways we may
collect your personal information, including when you:

  • Submit information through our website
  • Deal with us face-to-face, in writing (by letter, facsimile, or email), or by telephone
  • Participate in any of our events or promotions, or subscribe to any of our publications
  • Submit an application, quote, purchase order and/or service request to us
  • Visit our website (such as through the use of ‘cookies’ to record the way you use our website)
  • In the course of supplying products and service to you, or through our other dealings with you

Where we outsource our functions to third party service providers, those providers may also collect personal information from you on our behalf.
In some cases we may collect your personal information from publicly available records, our related bodies corporate, or non-related third parties.

The circumstances where we collect your personal information from third parties may include:

  • From your employer, in relation to products or services we supply to your employer as our contractor or as our customer
  • From an individual or entity who may be providing services to you as our contractor
  • From a third party who supplies us with products or services, including our suppliers, agents and advisors
  • From a third party (such as a trade referee or credit reporting body) to assist us in assessing your application for credit. For example, to
    verify the information you have provided to us or to assess your circumstances
  • Where we need information from your current or former employer to assist us in assessing your job application or expression of interest as
    a contractor
  • From a third party to assist us in locating or communicating with you
  • From a third party to otherwise assist us in supplying you with products or services

At all times we will ensure that your personal information is collected in a lawful and fair way, and that we comply with the Privacy Act and the
Australian Privacy Principles.

Collection of “cookies” and IP addresses

We use technology known as “cookies” when you visit our website to collect information about the session between your computer and our website.
A “cookie” is a small data file that will be stored on your computer hard drive or browser, recording the way you use our website. For example, cookies
may record which pages of our website you have looked at or the information you searched for. We may also create cookies to display information
and enable a “remember me” option to automatically log you in the next time you use our website. You can refuse all cookies by turning them off in
your browser, although this may mean you cannot access certain parts of the website.

Our system automatically collects the unique network address of your computer (generally known as an IP Address) so that our system can send
information to your computer. While it is possible to determine the general location of a computer from its IP address, an IP address is otherwise
anonymous. If you have an online account with us, we may collect and hold:

  • The IP address of each login attempt against your email account
  • Details of the log in request (such as the operating system and browser) so that we can better identify your system and improve our support
  • Details of the login request time, success time, and the reason for any failure to log in

We do not otherwise use your IP address to personally identify you.

The internet is not a secure method of transmitting information. Other than where we use Secure Socket Layer (SSL) technology (such as for the
transmission of credit card information), to the maximum extent permitted by law we cannot and do not accept responsibility for the security of
information you send to or receive from us over the internet, or for the unauthorised access or use of that information.

How do we manage unsolicited information?

If we receive any unsolicited personal information about you, which is not reasonably necessary for our business purposes, we will take steps to
destroy or permanently de-identify that information as soon as it is reasonable and practical for us to do so. However we may be unable to destroy or
de-identify unsolicited personal information if it would be unlawful for us to do so.

Why do we collect, hold, use, and disclose your personal information?

We will only collect, use, and disclose your personal information for the purposes disclosed to you at the time it is collected, or to which you have
consented, or as otherwise set out in this Privacy Policy.

We collect, use, and disclose personal information reasonably necessary for our business purposes and as required by law. Those purposes may
include:

  • Supplying our customers with products and services
  • Managing the supply of our products and services (including processing invoices, receipts and payments)
  • Managing relationships with our customers and stakeholders
  • Responding to enquiries about applications, accounts, and our products and services (including through our technical publications and
    catalogues)
  • Assessing credit applications and/or guarantees (which may involve disclosures to trade referees or credit reporting bodies for those
    purposes)
  • Conducting checks for credit worthiness and/or fraud
  • Assessing job applications or expressions of interest from potential contractors (which may involve verifying identity and/or work history for
    those purposes) and managing relationships with our contractors
  • Assessing and investigating insurance claims or risks
  • Dealing with complaints
  • Ensuring safety on our work sites
  • Conducting research, development, and marketing (including direct marketing)
  • Debt collection, confidential dispute resolution, legal proceedings, or otherwise establishing, exercising or defending a legal or equitable
    claim
  • Complying with legal and regulatory requirements. There are various Australian laws which require us to collect and/or disclose your
    personal information including the Personal Property Securities Act 2009 and laws governing State and Territory real property and security
    interests (for example, to register and search for security interests).

We may also use or disclose your personal information for another purpose related to the primary purposes set out above. For example, we may use
the information you have already given us to supply you with further products and services. However we will only use or disclose information for
another purpose with your consent or if you would reasonably expect us to do so.

When will we disclose your personal information to third parties?

We may disclose your personal information to our related bodies corporate and third parties for the purposes set out above. The third parties to whom
we may disclose your personal information include:

  • The manufacturers, suppliers, and contractors we use in our business
  • Insurers, assessors, and underwriters
  • Professional advisors and consultants (such as lawyers, accountants, and auditors)
  • Debt collectors
  • Your guarantors and security providers
  • Credit reporting bodies, credit providers and other information providers
  • Government and regulatory authorities (as required by law)
  • Website hosts
  • Organisations that assist us in research and development
  • Third party service providers to whom we outsource some of our functions

Use of third party service providers

We will disclose your personal information when we outsource certain of our functions to third party service providers. The functions we may
outsource include:

  • Managing the supply of our products and services (including processing invoices, receipts and payments)
  • Establishing credit accounts and managing the credit provided to our customers
  • Assessing credit applications and/or guarantees (which may involve disclosures to trade referees or credit reporting bodies for those
    purposes)
  • Responding to enquiries about applications, accounts, and our products and services
  • Conducting checks for credit worthiness and/or fraud
  • Debt collection

Where we disclose your personal information to our third party service providers we require those providers to comply with the Privacy Act and APPs.
Our third party service providers will not collect, use, or disclose your personal information for any purpose than our own, as set out in this Privacy
Policy.

Direct marketing

Direct marketing involves communicating with you directly for the purpose of promoting our goods and services to you. From time-to-time we may
use and disclose the personal information we hold about you to let you to let you know about special offers, promotions, and products and services
we think may be of interest to you. We will engage in marketing unless you tell us otherwise. However you can opt-out of receiving marketing
communications from us by contacting our Privacy Officer using the details set out below. We will ensure that your name is removed from our
marketing list in those circumstances. You also have the right to ask us to identify the source of the personal information we use or disclose for the
purpose of direct marketing.

We do not provide your personal information to other organisations for the purposes of direct marketing without your express consent.

Do we send your personal information overseas?

We are not likely to disclose your personal information to overseas recipients.

How do we store and protect your personal information?

We store personal information in both paper-based records and in electronic form (such as on computer servers) on our systems or the systems of
our service providers. We take all reasonable precautions to safeguard your personal information from misuse, interference and loss, and unauthorised
access, modification or disclosure, including:

  • Restricting access to personal information stored in our electronic and paper-based records
  • Using technology products to prevent unauthorised access to our electronic databases (such as industry standard firewalls)
  • Staff training, policies and procedures in relation to the use of our computers and management of personal information
  • Requiring all of our third party service providers to handle personal information in accordance with the Privacy Act and APPs

When we no longer need your personal information we will take reasonable steps to destroy or permanently de-identify that information.

How can you access your personal information?

We take all reasonable steps to ensure that the personal information we collect, use, and disclose is accurate, up-to-date, complete, and relevant. If
your personal details change at any time (such as your address or phone number) please contact our Privacy Officer.

Under the Privacy Act you have a right to access the personal information we hold about you, subject to some exceptions allowed by law. Factors
affecting your right to access include:

  • We reasonably believe that access would pose a serious threat to the life, health or safety of any individual, or to public health or safety
  • Access would have an unreasonable impact on the privacy of another individual
  • The request for access is frivolous or vexatious
  • The information relates to existing or anticipated legal proceedings between you and us, and would not be accessible by the discovery
    process
  • Access would prejudice our negotiations with you
  • Access would be unlawful
  • Denying access is required or authorised by or under an Australian law or a court/tribunal order
  • Access would prejudice appropriate action being taken in relation to enforcement related activities, unlawful activity or serious misconduct
  • The information relates to a commercially sensitive decision-making process

If you would like access to your personal information, please contact our Privacy Officer using the contact details set out below.

We will usually respond to requests for access to personal information within 30 days of receiving the request. If we refuse your request, we will give
you a written notice setting out the reasons for our refusal (except to the extent it would be unreasonable to do so) and the mechanisms available to
you to complain about the refusal.

We will not charge you for an access request, however we may charge you a reasonable fee for retrieving your information. We will inform you of any
fee and obtain your agreement to that fee before the information is provided to you. We will usually respond to requests for access to your personal
information within 30 days of receiving the request.

How can you request correction of your personal information?

We take all reasonable steps to ensure that the personal information we collect is accurate, up-to-date, complete, relevant, and is not misleading.
However if you believe that is not the case you have a right under the Privacy Act to request that we correct your personal information.

If you would like to do so, please contact our Privacy Officer using the contact details set out below.

We will usually respond to requests for correction of personal information within 30 days of receiving the request. If we refuse your request, we will
give you a written notice setting out the reasons for our refusal (except to the extent it would be unreasonable for us to do so) and the mechanisms
available to you to complain about the refusal. You may also request us to associate a statement with your information to the effect that you believe
the information is inaccurate, out-of-date, incomplete, irrelevant, or misleading, so that it is apparent to other users of the information.

We will not charge you for correcting personal information or for associating a statement with your personal information.

How can you contact our Privacy Officer or make a complaint?
If you have any questions regarding our Privacy Policy, or believe we have not complied with our obligations under the Privacy Act in relation to
your personal information and wish to make a complaint, please contact:

The Privacy Officer
By telephone: (02) 9688 8555

In writing: The Privacy Officer, Ruralco Holdings Limited ACN 009 660 879
Level 5, Building A, 26 Talavera Road, Macquarie Park NSW 2113

By email: privacy@ruralco.com.au

We will investigate any complaints and respond to you as soon as practicable. If you are not satisfied with the way your privacy-related complaint is
handled by us, you may refer your complaint to the Office of the Australian Information Commissioner (OAIC). Details of how to lodge a complaint
with the OAIC may be found at www.oaic.gov.au or by calling 1300 363 992.

JOIN OUR MAILING LIST