simPRO Software Pty Ltd (hereinafter, “the Company”) regards proper management of the protection of personal data to be a fundamental element in its business activities.

The Company herein sets forth its Personal Data Protection Policy in addition to pledging to comply with laws and other expectations pertaining to personal data protection.

All executives and employees of the Company shall abide by the Personal Data Protection Management System (encompassing the Personal Data Protection Policy as well as in-house systems, rules and regulations for personal data protection) devised in accordance with the Personal Data Protection Policy, and shall make thorough and on-going efforts to protect personal data.

1. Respect for Individuals and their Personal Data

The Company shall clearly stipulate the purposes for which personal data is to be used and shall employ appropriate methods to obtain and use personal data within the scope required to achieve these purposes in view of the nature and scale of the Company’s business operations. The Company shall not utilize an individual’s personal data beyond this scope without prior consent from the individual, and shall take measures to ensure that this principle is observed.

An individual’s personal data shall not be provided or otherwise disclosed to third parties except where consent has been obtained from the individual in question or when disclosure is legally mandated.

The Company shall promptly honour requests by individuals on the disclosure or amendment of their personal data, except when special procedures are stipulated by law.

2. Personal Data Protection System

The Company shall assign managers to oversee the protection and management of personal data and shall establish a Personal Data Protection System that clearly defines the roles and responsibilities of all Company personnel in protecting personal data.

3. Safeguarding of Personal Data

The Company shall implement and oversee all preventive and remedial measures necessary to prevent leakage, loss or damage of personal data in its possession.

Should the processing of personal data be outsourced to a third party, the Company shall conclude an agreement with that third party requiring the protection of personal data and shall instruct and supervise the third party to ensure that the personal data is handled properly.

4. Compliance with Laws, Government Guidelines and other Regulations on Personal Data Protection

The Company shall comply with all laws, government guidelines and other regulations governing the protection of personal data.

5. Complaints and Inquiries

The Company will respond to any complaints and inquiries in relation to the handling of personal data in an appropriate and timely manner.

6. Ongoing Improvement of Personal Data Protection Management System

The Company shall continually review and improve its Personal Data Protection Management System in line with changes in its business operations as well as changes in the legal, social, and IT environments in which it conducts its business operations.