Privacy Policy

The information we collect will depend on who you are and the nature of your dealings with us. The types of personal information we may collect include:

• your contact and identification details such as: your name, address, date of birth, telephone number, email address, and other identity information from any documents you offer as proof of your identity (for example, driver’s licence details or passport);
• transactional information you provide when dealing with us (for example, bank account details and Tax File Number);
• personal information you provide when you commence a client relationship with us, including in application forms for our products (the types of information that may be collected are set out in the first point above);
• personal information you provide when you apply for employment at Stara or when you are employed by us, including information collected through the onboarding process and employee surveys. Sensitive information collected may include gender, nationality, ethnic origin, languages spoken, dietary needs and health information (such as immunisation status)
• any correspondence between you and us; and
• any other personal information you provide when you make an inquiry, request information or otherwise correspond with us

Stara collects your personal information to enable us to provide our products and services, process job applications, support employment, administer our business and comply with our legal obligations. In particular, Stara may collect personal information in order to:

• determine your requirements and so provide you with appropriate information about our products and services;
• process any communication you send us (which includes answering any queries and dealing with any complaints or feedback you have); Cyber Security Risk Management Policy Page 1 Stara Investment Management Limited
• conduct internal research to improve the way we interact and communicate with you;
• comply with our legal obligations including the obligation we have to identify our customers before dealing with them (for example, under the Anti-Money Laundering and Counter Terrorism Financing Act 2006 (Cth));
• get in contact with you should we need to;
• do anything which you authorise or consent to us doing; or
• take any action we are required or authorised by law to take. If you do not provide us with your personal information, it may not be possible for us to provide you with the products or services you have requested or to take any of the above steps. Where it is lawful and practical to do so, we may allow you to deal with us anonymously.

If possible, we always try to collect personal information directly from you when you deal with us (for example, when you make an enquiry, correspond with us, or apply for, use or access any of our products or services). We may also obtain your personal information from third parties we deal with (for example, your financial advisers, our contracted service providers or any other organisation acting on behalf of Stara). We may also collect personal information from third parties you refer to us. If we do so, we will assume that you have made that third party aware of the referral and the purpose(s) of the collection, use and disclosure of the relevant personal information.

We use your personal information to assist us in conducting our business and providing you with investment products and services. This includes to:

• keep in contact with you (where you have requested us to do so) and provide you with any information you have requested;
• process any communications you send us (including answering any queries and dealing with any complaints or feedback you have);
• inform you of investment opportunities or to provide information about investment products and services which we think might be of interest to you;
• properly identify you;
• maintain any business relationship we have with you including as an investor;
• help us develop, manage and improve services to our customers;
• do anything you authorise or consent us to do; and
• take any action or communicate with you where we are required or authorised by law to do so.
• If you apply for a role with us or are employed by us, your personal information will be confidentially stored and we may use your information to report various employment demographics to regulators, industry bodies and to shareholders. We may disclose your personal information to: Cyber Security Risk Management Policy Page 2 Stara Investment Management Limited
• our business associates, referral partners, agents and other entities for purposes which are related to our purposes for collecting your personal information;
• other organisations with whom we have alliances or arrangements for the purposes of promoting our respective products or services;
• our professional advisers, contractors, or other service providers we engage to carry out, or advise on, our functions and activities;
• your nominated financial adviser;
• any other entity to which we are required or authorised by law to disclose such information (for example, law enforcement agencies and government agencies); and
• with your consent, express or implied, to others.

Overseas disclosures and transfers We may send your personal information to our related bodies corporate and third-party service providers to whom we outsource certain functions, such as email functions, who may be located overseas, including in New Zealand, India, the United States of America, Ireland and the United Kingdom. Our technology service providers may also store your personal information overseas, but only to the extent required to securely back-up data. When we disclose your information overseas, we are required to take measures to ensure your information is treated in accordance with the standards that apply in Australia except in rare cases (for example, where we are required by law to disclose your information overseas) or where we obtain your consent not to take these measures.

We or the above third parties may also use your personal information to provide you with information about our products and services. You may request not to receive marketing material from us at any time by contacting us (details below). If you tell us you no longer wish to receive marketing or promotional material from us, we will not send you any such material. If you change your mind in the future and wish to receive marketing or promotional material from us, please contact us.

As a general rule, if third parties have received your personal information, their handling of your personal information will be governed by their privacy notices and policies. In some cases, it may also be necessary for you to contact the relevant organisations to whom we have provided your personal information to notify them of your decision.