Privacy Policy

1. INTRODUCTION

We are committed to protecting your privacy. This policy explains how we collect, use, store and share your personal information. This policy applies to all of your interactions with Cryer Malt and United Malt Group Limited and its relevant entities, except for job applications or other situations where a separate privacy policy is provided, communicated or made available to you.

2. WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA?

Barrett Burston Malting Co Pty Ltd trading as “Cryer Malt” (company number 050 142 526) is responsible for your personal data.

Cryer Malt’s registered office is at Level 28, 175 Liverpool Street, Sydney, NSW 2000, Australia (“we”, “us”, “our”). Cryer Malt forms part of the United Malt Group of Companies, whose ultimate parent is United Malt Group Limited (company number 140 174 189), whose registered office is Citigroup Centre, Level 18, Suite C, 2 Park Street, Sydney NSW 2000, Australia.

Your information will be controlled by Cryer Malt.

If you have any questions in relation to this policy or generally how your personal data is processed by us please contact the General Manager by letter addressed to: Privacy Delegate, Cryer Malt New Zealand, PO Box 10321, Dominion Road, Auckland 1446, New Zealand; or by email at [email protected]

3. WHICH PERSONAL DATA DO WE COLLECT?

The personal data we collect may include:

• General information, such as your name and contact details (including your postal address, business address, telephone number, fax number, mobile phone number and e-mail address)
• Payment and identity verification information, such as bank account details to facilitate payments, date of birth, passport details, drivers licence details, credit card details if you use that as a payment method, and related billing information.
• Publicly available information, such as company and personal searches, and credit agency reports.
• General business information processed in a contractual relationship with Cryer Malt, which is voluntarily provided by you.
• Details of when you visit any of our premises, such as your vehicle registration details, and select biometric data such as CCTV footage and on-site security imaging.

Each time you visit our websites we may also automatically collect information and personal data about your computer for system administration including, where available, Internet Protocol (IP) address used to connect your computer to the internet, MAC addresses, traffic data, location data, your login information, time-zone setting browser type and version, browser plug-in types and versions, operating system and platform, weblogs, cookies and other communication data, and the resources that you access.  We do this to help us analyse how users use the websites (including behaviour patterns and the tracking of visits across multiple devices), to establish more insights about our website users and to assist us in managing your account and improving your online experience. Please see our cookies policy for further information about what information may be automatically collected when you visit our websites https://cryermalt.com/cookie-policy-en.

Please note that we may combine personal data we receive from other sources with personal data you give to us and personal data we collect about you.

Special Categories of Personal Data

Certain personal data falls into ‘special categories of personal data’, such as data regarding your race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purposes of uniquely identifying a person, data concerning your health (including mental and physical health), or data concerning your sex life or sexual orientation.

We do not collect Special Category data of customers, suppliers or advisors whether existing or prospective.  There may be circumstances where Special Category data is collected from prospective employees. Prospective employees should refer to the Candidate Privacy Statement on our careers page for further information.

Personal Data of Children

We do not knowingly collect information from children, and we do not use our website to knowingly solicit personal information from or market to children. If we learn that someone under age 18 has provided personally identifiable information through one of our Sites, we will use reasonable efforts to remove that information from our systems.

4. HOW DO WE COLLECT YOUR PERSONAL DATA?

We collect some of your information directly from you, either through information that you give to us, or information that we collect during your visits to our website or premises, or through your communications with us. We also obtain some information from other third parties, including reference checks.

5. FOR WHICH PURPOSES WILL WE USE YOUR PERSONAL DATA?

The main purpose for which we use your information is to provide you with the information, goods and services that you request from us or you supply to us.

We will also use your information:

• to accept goods and services from you, or provide you with goods and services as requested by you;
• to manage, improve and facilitate our business operations;
• to manage and administer our relationship with you;
• for research about our customers, suppliers and vendors behaviour, and our products and services;
• to administer our websites and social media;
• to provide customer support;
• to comply with our statutory and regulatory obligations, and to monitor and assess compliance with our policies and procedures (e.g. anti-bribery and corruption, disclosure obligations);
• as part of our efforts to keep our sites safe and secure (e.g. the use of CCTV at our premises);
• to manage and resolve legal or insurance requirements, claims or disputes involving you or us;
• to provide you with information that you request from us or which we feel may be of interest to you, including direct marketing communications (for direct marketing communications see section 6, Consent).

6. WHAT IS OUR LEGAL BASIS FOR USING YOUR PERSONAL DATA?

Necessary for the entry into or performance of a contract

When you enter into a transaction with us, a contract between you and us will have been entered into. In order for us to fulfil our obligations under such contract (e.g. to allow you to place an order for goods or services, or for you to supply goods or services to us), we will need to collect, process and share (as further detailed below) your personal information. Failure to provide the requisite personal information when placing your order and financial information on entering into the transaction or objecting to this type of processing / exercising your deletion rights will unfortunately mean we cannot provide our goods or services to you, or you supply goods or services to us.

Legitimate business interests

We have a legitimate interest in processing your information as:

• we will both benefit from the provision of goods and services;
• we both benefit from the effective operation of our websites;
• we will both benefit from the ability to enforce or apply rights under any contract between us;
• we are required to ensure health and safety at our premises and have a legitimate interest in ensuring any processes are effective;
• we have a legitimate interest in ensuring the security of our premises, and in assisting with the prevention and detection of crime;
• we have a legitimate interest in processing your information in connection with any mergers, acquisitions, or reorganisations of our business, in which case some of your information may be shared with a prospective buyer or otherwise but only so far as is strictly necessary for the purposes of such sale or administration;
• we would be unable to provide our goods and services without processing your information.

We may also pass your personal information to members of our group and other third parties, which is also for our legitimate business interests (see section 7).

We consider that it is reasonable for us to process your personal data for the purposes of our legitimate interests outlined above, as we process your personal data only so far as is necessary to achieve the purpose outlined in this privacy policy, and the processing of your personal data does not unreasonably intrude on your privacy.

Consent

We may also process your personal data for the following purposes when you have given us your consent:

• communicating with you through means which you have approved, to keep you up to date on our products and services, company announcements, events and news;
• customer surveys, marketing campaigns, market analysis, competitions, and promotional activities or events;
• collecting information about your preferences so we can personalise the quality of our communications and interactions with you.

With regard to direct marketing communications, we will, where legally required, only engage in such communications where you have consented to receive it.  You will have the opportunity to “opt out” at any time if you no longer wish to receive direct marketing communications from us.   You have the right to withdraw your consent to processing of this nature at any time by emailing us at [email protected].

Compliance with legal obligations

There are situations where United Malt is subject to a legal obligation and needs to use your personal information to comply with that obligation.

7. WHO DO WE SHARE YOUR DATA WITH?S

We may share your information with the other United Malt Entities (as listed in Appendix A).  As a global malt business, we share your information with other United Malt Entities for the purposes outlined in section 5 above.

We may also use a number of carefully selected third parties to supply us with products and services, such as (but not limited to) supply chain operators, IT providers, auditors, insurers, credit check providers, reference check providers, consultants, advisers and legal advisors.  We will only share your information with these suppliers where it is necessary for them to provide us with the services we need.  We do not share your information with third parties for marketing purposes.  We may also share your information in connection with any mergers, acquisitions, or reorganisations of our business, in which case some of your information may be shared with a prospective buyer or otherwise of our business.

We may also share your information in response to a valid, legal request from a Government or law enforcement agency, or with third parties such as the police, regulatory authorities, or law courts to protect our people, rights, interests and property, or to otherwise comply with a legal or regulatory obligation.

8. TRANSFERRING YOUR PERSONAL DATA ABROAD

Your personal information may be sent to and stored by us and third parties in countries outside of where you are located (which could include countries that do not provide the same level of protection as the laws of your home country), and outside the European Economic Area and the United Kingdom. We may transfer your information abroad for the purposes listed in section 5 above. This may involve your information being transferred to United Malt Entities based in Australia and the United States (which are countries the European Commission does not deem to have adequate security in place) and to Canada, New Zealand and the United Kingdom (which are countries the European Commission deems to have adequate security in place). In addition, we may transfer your personal information to parties in countries outside the country where you are located to provide services to us. Where we transfer information outside of the European Economic Area or the United Kingdom, we will ensure that such transfers are subject to appropriate or suitable safeguards as required by the General Data Protection Regulation (EU) 2016/679 or other relevant laws.

9. RETENTION OF YOUR PERSONAL DATA

We will only retain your personal information for the period necessary to fulfil the purposes outlined in this Policy, or otherwise legally required or permitted.  Data retention periods vary depending on location.  This may be up to 7 years, unless a longer or shorter retention period is required or permitted by law.

We will also retain your personal information if it is required by United Malt Entities to assert or defend legal claims, until such time that the claims have been settled or the relevant retention period has expired.

10. SECURITY OF YOUR PERSONAL DATA

The personal information we hold on you may be stored electronically or in hard copy. We have put in place reasonable physical, technical, and organisational measures to safeguard the information we hold. Such measures include, but are not limited to: system access restrictions and authentication, firewall and virus protection systems, and physical security systems.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to us; any transmission is at your own risk.

If you have reason to believe that your interaction with us is no longer secure please immediately notify us of the problem by contacting us at [email protected]. In the unlikely event that we believe the security of your personal information in our possession or control may have been compromised, we may seek to notify you of that development. If such a notification is appropriate, we will endeavour to do so as promptly as possible under the circumstances.

You are reminded if you have an account with the Cryer Malt websites, you are responsible for maintaining the strict confidentiality of your account password, and you are responsible for any activity under your account and password. It is your sole responsibility to control the dissemination and use of your password, control access to and use of your account, and notify us when you wish to cancel your account. We will not be responsible for any loss or damage arising from your failure to comply with this obligation.

11. WHAT RIGHTS DO YOU HAVE?

You may have one or more of the following rights concerning the personal information we hold about you, depending on which United Malt Entities process your personal information and your location:

• to be informed about the collection and use of your personal information;
• to ask whether we process your personal information and request a copy of it;
• to ask us to rectify any inaccurate or incomplete personal information of yours we hold;
• to ask us to erase or delete your personal information;
• to ask us to restrict or block the processing of your personal information (for example if you think the information we hold on you is incorrect);
• to receive a copy of your personal information, or have your personal information transferred to another third party, in a structured, commonly used and machine-readable format;
• depending on the legal basis for using your information, to object to our processing of your personal information;
• to not be subject to automated decisions;
• to withdraw your consent where we rely on your consent to process your personal information;
• to ask us not to sell your personal information (see section 14 below).

If you wish to do any of the above, please send an email to [email protected].  In some instances, we may be unable to carry out your request, in which case we will write to you to explain why.

12. WHAT IF YOU HAVE A COMPLAINT?

If you have any concerns regarding our processing of your personal information, or are not satisfied with our handling of any request made by you, or would otherwise like to make a complaint, please contact our Privacy Delegate, Cryer Malt New Zealand, PO Box 10321, Dominion Road, Auckland 1446, New Zealand; or by email at [email protected] so that they can do their very best to sort out the problem.

You can also raise your complaint with the relevant privacy regulator:

Australia

Office of the Australian Information Commissioner

www.oaic.gov.au  or  +61 1300 363 992  or  [email protected]

New Zealand

Office of the Privacy Commissioner

www.privacy.org.nz  or  +64 0800 803 909

13. OTHER WEBSITES

Our websites may, from time to time, contain links to and from the websites of third parties.  If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies or your use of those websites.

14. CREDIT REPORTING (AUSTRALIA)

Cryer Malt may provide certain goods and services to customers on commercial credit terms.  Cryer Malt may need to handle personal information about customer credit worthiness in connection with those arrangements. This section applies in relation to that sort of personal information (“credit-related personal information”).  Other sections of this Policy are particularly pertinent to this section, such as dealing with your rights, complaints, transferring your information abroad and how United Malt collects and holds personal information.  There may be cases where Cryer Malt is subject to further obligations under the Privacy Act 1988 (Cth) and to the extent applicable, the Privacy (Credit Reporting) Code (collectively, the “Privacy Law”), and this Policy is not intended to limit or exclude those obligations.

If you apply for customer credit with Barrett Burston Malting Co Pty Ltd (trading as ‘Cryer Malt’), or you will be guaranteeing the obligations of a credit applicant, we may request a credit report about you from a credit reporting body (“CRB”). Credit reports contain credit related personal information about you, and we use these reports to assess your application and ability to repay credit. To obtain these reports, Cryer Malt will disclose credit related personal information so that the CRB can accurately identify you.

We may, to the extent permitted under the Privacy Law collect, hold and disclose any types of credit-related personal information about a person, including:

• name, sex, date of birth, driver’s licence number, employer name and three most recent addresses;
• the fact that the person has applied for credit and the amount and type of credit limit;
• confirmation of previous information requests to CRBs made by other credit providers, mortgage insurers and trade insurers;
• details of the person’s credit providers;
• start and end dates of credit arrangements and certain terms and conditions of those arrangements;
• permitted payment default information, including information about related payment arrangements and subsequent repayment;
• information about serious credit infringements (e.g. fraud);
• information about adverse court judgments;
• publicly available information about the person’s credit worthiness;
• certain insolvency information from the National Personal Insolvency Index;
• any credit score or credit risk assessment indicating a credit reporting body’s or credit provider’s analysis of your eligibility for credit.

Where we have collected credit-related information about you from a CRB, we may use that information to produce our own assessments and ratings in respect of your credit worthiness.

Cryer Malt may exchange credit-related personal information with CRBs as may be permitted under the Privacy Law to:

• assist CRBs to maintain information about you to provide to other credit providers in order for credit assessments to be undertaken;
• assess a credit application made by you or an application to be a guarantor;
• manage credit;
• create assessments and ratings of your credit worthiness.

The CRBs to which we may disclose credit-related personal information are:

Dun and Bradstreet (Australia) Pty Ltd

Level 24, 201 Elizabeth Street, Sydney NSW 2000

Phone: 1300 734 806

Web: www.dnb.com.au

QBE Insurance (Australia) Limited

Level 7, 2 Park Street, Sydney, NSW 2000

Phone: 133 723

Web: www.qbe.com.au

National Credit Insurance (Brokers) Pty Limited

Level 2, 165 Grenfell Street, Adelaide, SA 5000

Phone: 1800 882 820

Web: www.nci.com.au

Veda Advantage Information Services & Solutions Limited

Level 15, 100 Arthur St, North Sydney, NSW 2000

Phone: 1300 850 211

Web: www.mycreditfile.com.au

Under the Privacy Law, you have the right to request CRBs not to:

• use your credit-related personal information to determine your eligibility to receive direct marketing from credit providers; and
• use or disclose your credit-related personal information, if you have been or are likely to be a victim of fraud.

15. CHANGES TO THIS PRIVACY POLICY

This policy was issued on 23 March 2020 and an update was made on 24 Feb 2023. We reserve the right to update this Policy if it is deemed necessary, and we will publish the updated Policy on our website.

Appendix A – United Malt Entities