Privacy Policy

Policy Statement

Gold Corporation (trading as The Perth Mint ABN 98 838 298 431) (us, we, our) is committed to protecting the privacy of your (you, your) personal data (Personal Data). Please read this privacy policy (Policy) to learn what we are doing with your Personal Data, how we protect it, and what privacy rights you may have under applicable data protection and privacy laws, such as the Commonwealth Privacy Act 1988 (Privacy Act), including the Australian Privacy Principles, and the Privacy Amendment (Notification of Data Breaches) Act 2017, the European Union General Data Protection Regulation 2016 (GDPR), the California Consumer Privacy Act 2018 (CCPA) and any other applicable data protection legislation (Privacy Law).

What is covered by this Policy?

This Privacy Policy applies to all persons making use of our website or one of our products or services. More specifically this Privacy Policy addresses data subjects (which includes both individuals and households) whose Personal Data we collect as outlined later in this Policy.

This Privacy Policy applies to how we collect, hold, use, and disclose Personal Data. It provides information on how we deal with your Personal Data as customers or visitors to our website and in relation to the use of our products and/or services. By making use of our website or one of our products or services, you consent to us using your Personal Data in accordance with this Privacy Policy.

For specific processing activities we may also provide you with additional “Collection Notices” prior to collecting and processing your data based on the requirements of the applicable Privacy Law. Where required, Collection Notices will be provided at the time of collection and are also available for reference on our website.

What is not covered by this Policy?

Human resources personal data

This Privacy Policy does not apply to the handling of Personal Data relating to:

• Prospective, current, and past Gold Corporation employees
• Board members
• Peers
• Agents
• Vendors, third party suppliers and contractors who provide services to Gold Corporation.

The handling of this personal data is covered by Gold Corporation's People and Culture Privacy Policy available here.

Information which does not constitute Personal Data

Information is not considered Personal Data if it is not maintained in a manner that:

• identifies;
• relates to;
• describes;
• is reasonably capable of being associated with; or
• could be reasonably linked, directly or indirectly, with a particular individual.

This Policy will not apply to our processing of that information.

What can you find in this Policy?

This Policy tells you, among other things:

• What Personal Data we collect about you, how we obtain it and who we share it with.
• For what purposes we use that Personal Data.
• Direct marketing and opting out.
• The legal bases for processing your Personal Data.
• How long we keep your Personal Data.
• Your rights about the Personal Data we collect about you and how you can exercise those rights.
• How we protect your Personal Data.
• How to contact us.

What Personal Data we process, how we obtain it and Third Parties that we share data with

We collect Personal Data as reasonably necessary to allow us to:

• conduct our business;
• provide products and services to our customers;
• improve our products and services; and
• provide access to our website.

We may also collect and use information and Personal Data to fulfil administrative functions associated with the provision of our services and products, for example:

• entering into contracts with you or third parties;
• managing our relationship with customers and suppliers;
• responding to requests for information and other general enquiries;
• processing customer transactions;
• maintaining and growing our customer base;
• marketing our products and services; and
• to meet certain contractual, legal, or regulatory obligations.

The table below describes the categories of Personal Data we may have collected about you.

If we are unable to collect Personal Data we reasonably require, we may not be able to provide you with our products or services.

We will not collect additional categories of Personal Data without informing you.

We may transfer your Personal Data to Third Parties overseas. We will only transfer your Personal Data to overseas third parties in compliance with requirements of Privacy Law and if needed we will make sure that appropriate safeguards are in place. These safeguards may include, according to applicable Privacy Law:

• We have taken reasonable steps to ensure that the overseas third party does not breach Privacy Law relevant to us.
• The overseas recipient is bound by a similarly stringent privacy protection regime.
• You have provided your consent.
• The Standard Contractual Clauses as approved by the European Commission under Article 46.2 of the General Data Protection Regulation 2016.

When you use our products and services, certain third parties may collect Personal Data about your online activities such as analysing your use of our website, which may involve the use of cookies.

Other disclosures of your Personal Data

We may disclose your Personal Data:

• to the extent required by law. If we must disclose your Personal Data to governmental/law enforcement officials, we may not be able to ensure that those officials will maintain the privacy and security of your Personal Data;
• if we transfer all or some of our company’s business interests, assets, or both, during a corporate restructuring;
• to our subsidiaries, but only if necessary for business purposes, as described in the section above; or
• to organisations we engage with to assist us in complying with our legislative obligations.

For what purposes do we use your Personal Data?

We will use and/or disclose your Personal Data for the purpose it was originally collected, for other purposes which you consent to, or as required or permitted by law. We may process or disclose your Personal Data for purposes including:

• providing you with high quality service;
• providing quotes on our products and services;
• setting up and identifying customer accounts;
• processing purchases or transactions;
• fulfilling product and service requests;
• complying with our legal and regulatory obligations;
• understanding your needs so that we may provide you with the most suitable products;
• managing our user and customer base, including communicating with our users and customers for information and marketing purposes; or
• if you place an order for delivery, we will disclose your information to a carrier to facilitate the shipment. Depending on the nature of the shipment, the carrier may contact you or send you notifications to inform you of matters relating to the shipment.

Direct marketing and opting out

We may use your information for direct marketing purposes, such as:

• providing you with news;
• promotions and special offers;
• presenting other information which we think you may find interesting; or
• communicating with members of our mailing lists, such as the one on this website.

You can opt out of receiving marketing material by using the unsubscribe capability in email communications, by completing the unsubscribe form on our website available here, or by contacting our Privacy Officer. 

If you opt out of receiving marketing material, we will still contact you to provide you with essential information relating to services we provide to you as legally required.

We do not sell, rent, lease, loan, trade or otherwise divulge the addresses on our lists to third parties or any unauthorised personnel. We comply with the Spam Act 2003 (Cth) and best practice guidelines in relation to the contents of commercial electronic messages.

Lawful bases for processing

We must have a valid reason to use your Personal Data. This is called the "lawful basis for processing".

When we act as a data controller, we may process your Personal Data based on:

• your consent;
• the need to perform a contract with you;
• our legitimate interests or those of a third party, such as our interest in marketing our products and services;
• the need to comply with binding legal obligations imposed on us by applicable laws and regulations; or
• any other ground, as required or permitted by law.

When we rely on legitimate interests as a lawful basis of processing, you have the right to ask us more about how we decided to choose this legal basis. To do so, please contact our Privacy Officer.

Where we process your Personal Data based on your consent, you may withdraw it at any time. However, this will not affect the lawfulness of our processing before you withdrew your consent. It will also not affect the validity of our processing of Personal Data performed on other lawful grounds.

Where we receive your Personal Data as part of providing our products or services to you to fulfil a contract, we require such Personal Data to be able to carry out the contract. Without that necessary Personal Data, we will not be able to provide our products and services to you.

How long we keep your Personal Data

We will retain your Personal Data for as long as is necessary to fulfil the purpose for which we collected your Personal Data and any other permitted linked purpose in compliance with our data retention policies. For example, we will retain and use your Personal Data to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our legal agreements and policies.

If your Personal Data is used for more than one purpose, we will retain it until the purpose with the longest retention period expires.

Use of cookies, websites and applications

Like many companies, we use cookie technology on our website. For more information about our use of cookies, please see our cookie notice.  

Our websites contain links to other web pages and/or applications. We are not responsible for the privacy policy and contents of such web pages nor their policies regarding the collection, storage, use and disclosure of your Personal Data. We recommend you refer to the relevant web pages and encourage you to always read the applicable privacy policy or notice of the linked website before using it.

Data integrity and security

We are strongly committed to keeping your Personal Data safe and to protect the information that we hold from unauthorised processing. Unauthorised processing includes:

• misuse;
• interference;
• loss;
• unauthorised access;
• exfiltration;
• theft;
• modification; and
• destruction.

The steps we take to secure the Personal Data we hold include security (such as encryption, firewalls, anti-virus software, login, and password protection), secure office access, personnel security, and training and workplace policies.

Despite the reasonable steps we will take to secure your Personal Data, there is a risk that breaches may occur. We have established procedures in place to investigate whether a data breach has occurred and if notification or other action is required under Privacy Law.

If you reasonably believe that there has been unauthorised use or disclosure of your Personal Data, please contact our Privacy Officer.

What Privacy Rights do you have?

You have specific rights regarding your Personal Data which may differ under specific jurisdictions. Please review Appendix A of this Policy to understand the specific Privacy Rights you might have and how to exercise them. 

Contact our Privacy Officer

If you have any queries about the Personal Data that we hold about you or the way we handle that Personal Data, please contact our Privacy Officer at the contact details provided below:

Verification of your identity and verification of authority

To correctly respond to your privacy rights requests, we need to confirm that you made the request and may ask for more information. If you are submitting a request on behalf of somebody else, we will need to verify your authority to act on behalf of that individual.

Privacy of children

Our website and services are not directed at, or intended for direct use by, children under the age of eighteen (18). We do not knowingly collect Personal Data directly from children under the age of eighteen (18). Parents or Guardians using our website or services on behalf of a child under the age of eighteen (18) must review and accept the terms outlined in this Privacy Policy.

Changes to this Policy

We may at any time vary the terms of this Privacy Policy to reflect changes, including to privacy legislation, technological changes, company policy and customer feedback. If we make any material change to this Privacy Policy, we will post the revised Privacy Policy to this web page. We will also update the last modified date. By continuing to use our website and/or one of our products or services after we post any of these changes, you accept the modified Privacy Policy.

Last modified: May 2024

Appendix A – Privacy Rights

Your Rights under the Privacy Act 1988

Under the Privacy Act 1988, you have specific rights regarding your Personal Data that we collect and process.

Access, accuracy and correction

You have the right to request access to your Personal Data that we hold. You also have the right to request its correction if it is inaccurate, incomplete or out of date. We will take reasonable steps to give access to the information or correct it, subject to any exemptions allowed under the Privacy Act 1988.

To access any of your privacy rights please contact our Privacy Officer.

If you are not satisfied by our response, you may acquire further information regarding privacy from the Office of the Australian Information Commissioner using the following contact details:

Response timing and format

We will confirm the receipt of your request within ten (10) business days. If we are required to verify your identity, we will contact you to describe our identity verification process. Please allow us up to thirty (30) days from the day received for us to reply to your request. We will send our written response by mail or electronically, at your option.

If we cannot satisfy a request, we will notify you in writing explaining our decision and your options to make a complaint.

We will not charge a fee for processing or responding to your requests. However, we may charge a fee if we determine that your request is excessive, repetitive, or manifestly unfounded. In those cases, we will tell you why we made that determination and provide you with a cost estimate before completing your request.

Your Rights under the General Data Protection Regulation 2016

Under the General Data Protection Regulation 2016, you have specific rights regarding your Personal Data that we collect and process.

Right to know what happens to your Personal Data

You have the right to obtain from us all information regarding our data processing activities that concern you such as:

• How we collect and use your Personal Data.
• How long we will keep it.
• Who it will be shared with.

We are informing you of how we process your Personal Data with this Privacy Policy.

Right to know what Personal Data we have about you

If we process your Personal Data, you will have the right to request access to (or to update or correct) that Personal Data. This means that you have the right to ask us to confirm whether or not we process your Personal Data, and, where that is the case, obtain a copy of or access to your Personal Data and other related information such as:

• The categories of your Personal Data that we process.
• The categories of sources for your Personal Data.
• Our purposes for processing your Personal Data.
• Where possible, the retention period for your Personal Data, or, if not possible, the criteria used to determine the retention period.
• The categories of third parties with whom we share your Personal Data.
• The specific pieces of Personal Data we process about you in an easily-sharable format.
• The categories of parties that received your Personal Data from us.
• If we rely on legitimate interests as a lawful basis to process your Personal Data, the specific legitimate interests.
• The appropriate safeguards used to transfer Personal Data from the European Economic Area (EEA) to a third country, if applicable.

Under some circumstances, we may deny your access request. In that event, we will respond to you with the reason for the denial.

Right to change your Personal Data

You can also ask us to correct, without undue delay, anything that you think is wrong with the Personal Data we have about you, and to complete any incomplete Personal Data.

Right to delete your Personal Data

You may ask for your Personal Data to be deleted. Sometimes we can delete your information, but other times it is not possible for either technical or legal reasons. If that is the case, we will consider if we can limit how we use it. We will also inform you of our reason for denying your deletion request.

Right to ask us to limit how we process your Personal Data

You may also have the right to ask that we limit/restrict our processing of your Personal Data (e.g., if you ask us to only use or store your Personal Data for certain purposes). You have this right in certain circumstances, such as where you have reason to believe the data is inaccurate or the processing activity is unlawful.

Right to ask us to stop using your Personal Data

You have the right to object to our processing of your Personal Data. We will always strive to fulfil your request. However, please note that there are occasions when doing so may not be possible, like when the law tells us we cannot do that, or where we need your Personal Data to complete the transaction for which we collected the Personal Data.

Right to withdraw your consent

If we requested your consent to process your Personal Data, you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of our processing before you withdrew your consent. It will also not affect processing performed on other lawful grounds.

Right to port or move your Personal Data

You may also have the right to “data portability”, which means that you may have the right to ask us to provide you with a copy of your Personal Data. If you exercise this right, we will provide you with a copy of your Personal Data in a structured, commonly used, and machine-readable format.

To exercise any of your privacy rights please contact our Privacy Officer. You may also contact our Data Protection Officer for matters relating to the processing of Personal Data.

Our Data Protection Officer's contact details are:

European Union Representative Contact Details

United Kingdom representative contact details

If you are not satisfied by our response, you may acquire further information regarding privacy from or lodge a complaint with a data protection regulator in the Member State of the European Union or in the UK depending on your habitual residence, place of work, or the alleged violation of the GDPR.

Response timing and format

We will confirm the receipt of your request within ten (10) business days. If we are required to verify your identity, we will contact you to describe our identity verification process. Please allow us up to one (1) month to respond from the day we your request. If we require more time, we will inform you of the reason and request an extension period (of up to an additional two (2) months) in writing. We will send our written response by mail or electronically, at your option.

If we cannot satisfy a request, we will notify you in writing explaining our decision and your options to make a complaint. For data portability requests, we will choose a format to provide your Personal Data that is readily useable and should allow you to transmit the information from one entity to another entity without difficulty.

We will not charge a fee for processing or responding to your requests. However, we may charge a fee if we determine that your request is excessive, repetitive, or manifestly unfounded. In those cases, we will tell you why we made that determination and provide you with a cost estimate before completing your request.

Your Rights under the California Consumer Privacy Act 2018

United States residents have specific rights regarding their personal information. This section describes your rights under the California Consumer Privacy Act 2018 and explains how to exercise those rights.

Access to personal information

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months such as:

• The categories of personal information we’ve collected about you.
• The categories of sources for the personal information we’ve collected about you.
• Our business or commercial purpose for collecting or selling that personal information.
• The categories of third parties with whom we share that personal information.
• The specific pieces of personal information we’ve collected about you (this is also called a data portability request).
• If we have disclosed your personal information to any third parties for a business purpose over the past 12 months, we will identify the categories of personal information shared with each category of third- party recipient.

Deletion request rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions under the CCPA. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

In specific cases we may deny your deletion request. For example, we may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

• Complete the transaction for which we collected the personal information, provide a good or service that you requested, or otherwise perform our contract with you.
• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
• Debug products to identify and repair errors.
• Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
• Comply with a legal obligation.
• Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

To exercise any of your privacy rights please contact our Privacy Officer.

Authorised agents

You may appoint an authorized agent to exercise any of the rights above on your behalf, if the authorized agent is a natural person or a business entity registered with the Secretary of State of California. To appoint an authorized agent, you must also sign a written declaration giving the authorized agent permission to act on your behalf or you can appoint an agent via a power of attorney.

To verify that your authorized agent acts on your behalf, we will ask for this written permission from your agent or for the power of attorney. We will deny a request from an authorized agent that does not submit proof that they have been authorized by you to act on your behalf. In case you provided your authorized agent with a written permission, we will require that you also verify your identity and we may also ask you to directly confirm with us that you gave the authorized agent permission to submit the request.

Response timing and format

We will confirm the receipt of your request within ten (10) business days. If we are required to verify your identity, we will contact you to describe our identity verification process. Please allow us up to forty-five (45) days to respond from the day we received your request. If we require more time, we will inform you of the reason and request an extension period (of up to an additional forty-five (45) days) in writing. We will send our written response by mail or electronically, at your option.

If we cannot satisfy a request, we will notify you in writing explaining our decision and your options to make a complaint. For data portability requests, we will choose a format to provide your Personal Data that is readily useable and should allow you to transmit the information to another entity without difficulty.

We will not charge a fee for processing or responding to your requests. However, we may charge a fee if we determine that your request is excessive, repetitive, or manifestly unfounded. In those cases, we will tell you why we made that determination and provide you with a cost estimate before completing your request.

Personal information sales and sharing

The Perth Mint does not sell your personal information (as defined in the CCPA) in the conventional sense (i.e. for money). Like several companies, we do however, use services of third-party vendors and service partners that help deliver interest-based advertisements to you. As part of this process, we may share personal information to these vendors and partners for their use as they assist us with the delivery of interest-based advertisements. This information may be obtained through cookies and similar information stored on your web browsers, advertising identifiers on your mobile devices, and/or the IP address on your devices when you visit our website. Making such personal information (such as online identifiers or browsing activity) available to our vendors and partners to use outside of our direction may be considered “sharing” personal information under the CCPA.

However, you can choose to opt-out of, and not to allow, certain types of cookies, which may impact your experience of our website and the services we are able to provide:

• Please click on our cookie banner to confirm your choices. Click on the various category headings to change your preferences (e.g. the targeting cookies). You cannot opt-out of Strictly Necessary Cookies as they are developed and deployed in order to ensure the proper functioning of our website. To find out more about our cookie practices, you can review our Cookie Notice available here.
• You can also alter the configuration of your browser to reject certain types of online tracking technologies. You can set up Do Not Track (“DNT”) or Global Privacy Control (“GPC”), or manage your cookies using your browser settings. For more information on GPC, please visit: https://globalprivacycontrol.org/#download. For information about how to turn on DNT in Chrome, read here: https://support.google.com/chrome/answer/2790761?hl=en&co=GENIE.Platform%3DDesktop. For information about how to manage and delete cookies in your browser, please visit: https://www.aboutcookies.org/how-to-manage-and-delete-cookies. Please note, however, that our Website does not have the capability to respond to “DNT” or “GPC” signals received from web browsers at this time.
• At any time, you can opt out of receiving direct marketing material by emailing our Privacy Officer.

Non-discrimination

We will not discriminate against you for exercising any of your privacy rights. Unless permitted by the relevant privacy laws, we will not:

• Deny you goods or services.
• Charge you different prices or rates for goods or services.
• Provide you a lower level or quality of goods or services.