Norinchukin Australia Pty Limited ABN 57 617 251 617 (NAU) (or we or us) is a wholly owned non-bank subsidiary of The Norinchukin Bank. This Privacy Policy sets out how we will collect and manage personal information in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and its Australian Privacy Principles (APPs).
Under the Privacy Act, personal information is defined as:

"information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual, or an individual who is reasonably identifiable" (Personal Information).

We are committed to ensuring that any Personal Information you provide to us is appropriately protected.
We may change this Privacy Policy at any time by publishing the amended version on our website.

1. What Personal Information do we collect and hold?

In undertaking our project & asset finance lending business, we may collect Personal Information from you, including your:

• full name;
• contact details including your email address, telephone number and address;
• date of birth and age;
• job title (including if you are the contact person at an organisation we do business with);
• signature;
• how you use our website; and
• your location, Internet provider, computer hardware, browser type and operating system at the time of using our website.

If you apply for a job at NAU, we may also collect additional Personal Information such as your work and educational history and Personal Information associated with your Australian working rights.

2. How do we collect your Personal Information?

We may collect Person Information:

• over the phone or via teleconference;
• during face-to-face meetings;
• via general correspondence including via emails;
• using software like cookies to tell us how you use our website. A software cookie is a small block of data which is created whilst you use our website and stored within a web browser. Cookies can be turned off or cleared using your web browser settings.

3. What Personal Information do we collect and hold and how do we collect it pursuant to the 'Know Your Customer' procedures under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth)?

We collect Personal Information in addition to the Personal Information listed above (in paragraph 1) in the course of complying with the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CT Act).

Under the AML/CT Act, we are required to make sure you are who you claim to be and we must rely on reliable and independent documentation or electronic data including:

• original primary photographic identification documents (for example, a driver's licence, Australian passport, a government proof of age card issued in Australia, a foreign passport issued by a foreign government or the United Nations and a national identity card issued by a foreign government or the United Nations);
• original primary non-photographic identification documents (such as an Australian birth certificate, birth extract or citizenship certificate, a foreign birth certificate or citizenship certificate, a government issued concession card);
• original secondary identification documents (such as a notice form the Australian Taxation Office or other government agency, a municipal council rates notice or a utilities bill).

These documents include the following Personal Information (other than the information listed above in paragraph 1) which we may collect:

• the number of your licence, passport, proof of age card, identify card or concession card;
• your gender;
• place of birth;
• the full name of your parent(s).

The identification documents we collect to comply with the AML/CTF Act (such as a passport or national identification card) may also include information about your racial or ethnic origin which we may collect. Your racial or ethnic origin is 'sensitive information' which is a sub-set of Personal Information and is generally afforded a higher level of privacy protection than other Personal Information.

4. What are the purposes for which we collect, hold, use and disclose your Personal Information?

We may collect, hold and use Personal Information from you to:

• provide project and asset financing;
• respond to your enquiry, request or complaint; and
• comply with our requirements under the AML/CTF Act or other legislation.

We may disclose your Personal Information:

• to undertake data analytics (Google Analytics);
• if we are legally required to, for example, in accordance with our requirements under the AML/CT Act or pursuant to court orders; or
• where we have obtained your consent (and the consent will generally specify who we will disclose the Personal Information to and the purpose of the disclosure).

We may disclose your Personal Information to overseas recipients including to recipients located in Japan.

5. How do we hold your Personal Information?

NAU will take steps to appropriately protect your Personal Information including in computer systems operated for us by our service providers.

We may hold your Personal Information in both hardcopy and electronic form:

• We have put in place physical security mechanisms at secured premises to protect our hardcopy records which are kept in our Sydney office.
• Electronic records will be stored on an IT Server in Japan owned by NAU's parent company, The Norinchukin Bank. The IT Server in Japan is protected by physical safeguards. We also use third party service providers to host and store personal information, including in the cloud and using servers located overseas. We will use security applications to restrict access to Personal Information in electronic records, including using user logins and passwords to protect the data.

6. How can you contact NAU and access or correct my Personal Information?

You can generally access and request the correction of the Personal Information that we hold about you by contacting us using the below details.

• Email: planing_ga@nochu-au.com.au
• Telephone: 02-8922-5000
• Post: Level 29, 126 Phillip Street, Sydney, NSW 2000

You can contact us without identifying yourself or by using a pseudonym. However, if you do not identify yourself or provide your contact details, we may not be able to respond to your query.

7. How can you make a complaint about a breach of the APPs?

NAU takes the protection of your Personal Information very seriously. If you have a complaint about how we have collected, used, held or disclosed your Personal Information and/or if you believe that we have breached the Privacy Act or the APPs, please contact us immediately and we will work to resolve your complaint or concerns as soon as possible.

You can also lodge a complaint with Office of the Australian Information Commissioner by visiting its website, calling 1300 363 992 or emailing enquiries@oaic.gov.au although we encourage you to contact us first to resolve your complaint or concerns.