1. PURPOSE

IGO Limited (IGO or the Company) and IGO group companies (the Group) are committed to respecting the privacy of personal information of any individuals who deal with IGO and to complying with the Australian Privacy Principles contained in the Privacy Act 1998 (Privacy Act).

In summary, personal information is information or an opinion about an identifiable individual.

This Privacy Policy explains how IGO will collect, hold, use and disclose your personal information. It also sets out how you may contact IGO, or to request access to or correction of personal information that IGO holds about you.

This Privacy Policy does not apply to personal information collected, or otherwise obtained, by IGO in relation to current and former employees and which relates directly to the employment relationship that exists, or existed, between IGO and its current and former employees.

In this Privacy Policy, references to ‘IGO’ or ‘we’ or ‘us’ means IGO Limited (ABN 46 092 786 304) and all of its group companies.

2. WHAT PERSONAL INFORMATION DOES IGO COLLECT AND HOLD?

The types of personal information that IGO collects will depend on the nature of your dealings with us. We may collect personal information from you when you:

• visit or use our website
• visit our offices or sites
• apply, or register your interest for, employment with IGO
• apply for, or enquire about applying for, IGO securities
• have business dealings with us (for example as one of our joint venture partners, customers, suppliers, agents, contractors, advisers, financiers, investors or as a regulator, industry association or stakeholder we deal with); or
• attend an IGO presentation (such as an investor presentation).

Examples of personal information we collect include:

• identification data – such as your name, gender and job title
• contact details – such as your home and business address, email address, telephone number and fax number
• recruitment-related information – such as your name, email address, location, telephone number, qualifications, employment history, interests, types of roles you are interested in, your work application form and resume or If you progress through the interview process, we may also collect interview notes, references, academic transcripts, results of any psychometric and medical tests and vaccination status and background checks (including criminal records checks), your work visa and other information to verify your identity and right to work
• website usage information – information we collect when you use our website, such as server log information (your IP address, browser type, operating system, browserlanguage, time zone, access times and any referring addresses, documents downloaded) and location information
• other information – this includes information about access and attendance to IGO premises and physical assets (such as security records about times of entry and exit, and information collected through CCTV), details about your use of our assets, communications with you (including concerns raised by you or any feedback or survey responses that you provide to us) and other information you voluntarily provide to

We do not collect personal information that we do not need. Please note that, while we seek to minimise the personal information we collect, if you do not provide us with the personal information we request, we may not be able to provide you with the services and other assistance you seek.

In most circumstances, it is impractical for people to communicate with us anonymously. We need to identify you to assist you effectively. However, in circumstances where it is lawful and practicable to do so, we will provide you with the option of not identifying yourself, or using a pseudonym, when communicating with us.

3. SENSITIVE PERSONAL INFORMATION

Some types of personal information are more private than others (which may include information about someone’s racial or ethnic origin, political opinions, religious beliefs or affiliations, health or medical conditions (including vaccination status), genetic information, biometric information, sexual orientation, criminal record, trade-union membership and political association membership). This type of information is called ‘sensitive personal information’.

IGO will not ask to collect sensitive personal information about you unless it is needed for company purposes and we will always seek your prior explicit consent.

4. HOW WE COLLECT YOUR PERSONAL INFORMATION

IGO will primarily collect personal information from you directly, such as when you subscribe to email alerts on our website or request information from us (including by correspondence, by telephone and fax, by email, and via our website). In some cases, we may also collect personal information about you from third parties (such as recruitment agencies). If we do, we will take reasonable steps to ensure that you are aware of this collection.

5. ONLINE PRIVACY ISSUES

Users of the IGO website should be aware that cookies may be stored on your computer (‘computers’ includes personal computers, laptops, smart tablets and smart phones). A ‘cookie’ is a short text file that may be stored on a computer when a website is visited. These cookies do not collect or track any personal data or information about individuals, however they may be used by IGO to review how our website is used so that IGO may enhance the accessibility of its website. IGO will not use cookies or other tracking data to circulate advertising or promotional material.

By using our website and not opting-out of cookies, you consent to our use of cookies in accordance with the terms of this Privacy Policy.

Most web browsers are set by default to accept cookies. However, if you do not wish to receive cookies you may set your browser to either prompt or refuse cookies (including IGO’scookies). If you use your browser settings to block all cookies, you may not be able to access and/or use all or parts of our website.

6.  HOW WE USE YOUR PERSONAL INFORMATION

IGO only collects personal information which is necessary for its functions and activities as a business. This includes managing our contractual relationships, recruitment, monitoring access to our website, managing safety and security risks, and complying with our legal obligations. We also collect sensitive personal information where you have provided your consent or where it is necessary for us to comply with our legal obligations.

7. WHY WE NEED YOUR PERSONAL INFORMATION

The purposes for which we process your personal information will depend on the type of information collected and the context in which it was collected. However, the primary purposes for which we process personal information include:

• managing our relationship with you – this includes providing you with information or services, improving our products and services and communicating with you
• business-related purposes – this includes negotiating, managing, and fulfilling our contracts with customers, suppliers and third parties; managing business relationships; administering real estate leases and licences; managing accounts and records; supporting corporate social responsibility activities; resource planning and workforce management; activities and operations; internal investigations; and debt administration;
• marketing and public relations purposes – this includes analysing the characteristics of visitors to our website (to prepare analytics and profiling for business intelligence purposes and to personalise your experience on our website) and managing our email alerts and communications
• recruitment-related purposes – this includes considering you for career opportunities with IGO and inviting you to participate in recruitment activities and events
• managing safety and security risks – this includes managing and monitoring access and use of our premises and sites, safety and security at our sites (including through the use of CCTV), and our IT environment (including monitoring electronic communications) and the health of those on our sites
• website administration – this includes troubleshooting, data analysis, testing, research, statistical and survey purposes
• managing shareholder relationships – this includes for the purposes of undertaking share transactions, dividend payments and communications with shareholders; and
• legal obligations – this includes meeting obligations imposed under law; responding to lawful requests from governments and public authorities; and responding to potential or actual litigation.

We may also collect and process your personal information for any other purposes which you have consented to or if there is another lawful basis for doing so.

If we do not collect your personal information, it may affect our ability to perform these functions.

8.  SECURITY OF YOUR PERSONAL INFORMATION

IGO takes reasonable steps to ensure the security of your personal information. Our premises are in secure buildings with access restricted to pass card holders. Our IT systems are password protected and we conduct regular audit and data integrity checks. We frequentlyupdate our anti-virus software to protect our systems (and the data contained in those systems) from computer viruses. In addition, all IGO employees are required, as a condition of employment, to treat personal information held by IGO as confidential.

We will only keep personal information for as long as is necessary for the purposes described in this policy or as otherwise required by law.

9. JOB APPLICANTS

If you are a job applicant, and your application is unsuccessful, we may retain your personal information for the purpose of considering you for other roles within IGO. We are not obligated to retain your personal information for this purpose and may delete your personal information at any time following an unsuccessful application.

You may request that we update or delete your personal information from our database at any time. You can do this by managing your profile on our job vacancy website.

We will not deactivate your account on our job vacancy website, unless you request that we do so. You will still be able to log-in to the website and apply for other roles.

10. DISCLOSURE OF YOUR PERSONAL INFORMATION

IGO does not sell, rent or trade personal information about you to or with third parties. Personal information may be disclosed outside of IGO in the circumstances described below:

• to third party services providers appointed by IGO, including our professional advisors, accountants, insurers, lawyers, auditors, contractors, website and data hosting providers, technology service providers, advertising partners and persons who perform services for us (in which case IGO takes reasonable steps to ensure such third parties keep your personal information confidential and do not use or disclose your personal information for any purpose other than providing those services to us)
• in the unlikely event that IGO or its assets are or may be acquired by a third party, personal information may be provided to that third party and their advisors
• to third parties where you consent to disclosure; and
• where required or authorised by law g., where requested by government authorities.

11. CROSS-BORDER DISCLOSURE OF PERSONAL INFORMATION

IGO is based in Australia, so your personal information will be processed in Australia. However, we may send your personal information to organisations or persons located overseas, for example where IGO engages external information technology service providers who store data overseas. If we disclose personal information to a third party in a country which does not have equivalent privacy laws to Australia, we will take reasonable steps to ensure that the overseas recipient does not breach the Privacy Act. In particular, we will not send your personal information overseas unless:

• we reasonably believe that the recipient of the information is subject to a law that protects information in a way that is substantially similar to the way in which the Privacy Act protects personal information, and
• there are mechanisms that you can access to enforce that protection of the law; or
• you have consented to the

12. YOUR RIGHTS AND CHOICES

Under the Privacy Act, you have the right to:

• seek access to personal information we hold
• ask us to update or correct your personal information when it is inaccurate, incomplete or outdated; and
• opt-out of receiving direct marketing communications from

If you wish to access the personal information that IGO holds about you or you believe that personal information about you is inaccurate or outdated, or if you have any other queries about access and correction, please contact our Chief Legal Officer using the contact details set out at the end of this Privacy Policy.

IGO asks that as much detail as possible is provided with a request and notes that IGO may need to verify the identity of someone making a request. IGO may not be required by law to provide access or to correct personal information. If that is the case, we will provide you reasons for that decision.

12.1          Raising concerns about how we deal with personal information

If you are concerned about how we are dealing with your personal information, or suspect that your rights have been breached, then you may have the right to raise your concerns with the Australian Privacy Commissioner.

Before raising a complaint with the Commissioner, we recommend that you first contact us so we can address your concerns as quickly as possible. We will make a record of your complaint and will deal with it as quickly as we can while keeping you informed of progress. Even if we are not able to address your concern, we can provide further information about how you can contact a relevant data protection authority. For more information, please contact the IGO Chief Legal Officer.

13. CONTACT DETAILS

If you have any questions, concerns or feedback about this Privacy Policy, please contact the Chief Legal Officer at:

IGO Limited, PO Box 496, South Perth, WA 6951; or Email: contact@igo.com.au, attention: Chief Legal Officer

This Privacy Policy will be updated as necessary by the IGO Board of Directors to ensure it remains consistent with the Privacy Act and IGO’s information handling practices.

Updates

We may update the contents of this Privacy Policy from time to time by publishing the updated version on IGO’s website. By dealing with IGO, you acknowledge that you have understood and accept the contents of this Privacy Policy, including any changes made to this statement by IGO from time to time.