PRIVACY POLICY

1. INTRODUCTION

1.1 This privacy policy applies to the General Petroleum Oil Tools Group, which, for the purpose of this
policy, is comprised of the following entities:

(a) General Petroleum Holdings Pty Ltd ACN 169 522 089;
(b) General Petroleum Managed Services Pty Ltd ACN 169 700 261; and
(c) F458 Holdings Pty Ltd ACN 158 816 392.

1.2 We supply the Oil and Gas industry with full and comprehensive access to a wide range of drilling,
production and completion equipment (Services).

1.3 In the course of our business, there are circumstances where we collect personal information. This
privacy policy has been developed to ensure that this information is handled appropriately.

1.4 We are committed to complying with the Privacy Act 1988 (Cth) (Privacy Act) in relation to all
personal information we collect. Our commitment is demonstrated in this policy. The Privacy Act
incorporates the Australian Privacy Principles which set out the way in which personal information
must be treated.

1.5 This privacy policy also incorporates our policy on managing credit information (see particularly
section 8 onwards).

Who does the privacy policy apply to?

1.6 This policy applies to any person for whom we currently hold, or may in the future collect, personal
information.

1.7 Generally, we only collect personal information about our customers and prospective employees.

What information does the privacy policy apply to?

1.8 This policy applies to personal information. In broad terms, ‘personal information’ is information or
opinions relating to a particular individual who can be identified.

1.9 Information is not personal information where the information cannot be linked to an identifiable
individual.

2. HOW DO WE MANAGE THE PERSONAL INFORMATION WE COLLECT?

2.1 We manage the personal information we collect in numerous ways, such as by:

(a) implementing procedures for identifying and managing privacy risks;
(b) implementing security systems for protecting personal information from misuse, interference
and loss from unauthorised access, modification or disclosure;
(c) implementing procedures for identifying and reporting privacy breaches and for receiving
and responding to complaints;
(d) appointing a privacy officer within the business to monitor privacy compliance;
(e) restricting access to personal information;
(f) having access to audit trails of information accessed; and
(g) allowing individuals the option of not identifying themselves, or using a pseudonym, when
dealing with us in particular circumstances.

2.2 We will take reasonable steps to destroy or permanently de-identify personal information if that
information is no longer needed for the purposes for which we are authorised to use it.

2.3 In limited circumstances, it may be possible for you to use a pseudonym or remain anonymous
when dealing with us (for example, when making a general enquiry with us). However, if you would
like to order a product or service from us, we will need your personal information in most instances
in order to supply you with the product or service.

3. WHAT KINDS OF INFORMATION DO WE COLLECT AND HOLD?

Personal information

3.1 We may collect and hold personal information about you, which may include:

(a) sensitive information (see below);
(b) contact information;
(c) financial information;
(d) gender;
(e) employment arrangements and history for prospective employees;
(f) tax file numbers;
(g) trade qualifications;
(h) information in publicly available company records about you;
(i) credit information;
(j) banking details; and
(k) any other personal information required to provide the Services for you.

Sensitive information

3.2 ‘Sensitive information’ is a subset of personal information and includes personal information that
may have serious ramifications for the individual concerned if used inappropriately.

3.3 The sensitive information we might collect and hold about you may include any of the following:
(a) membership of professional or trade associations; and
(b) membership of trade unions.

3.4 We will not collect sensitive information without the consent of the individual to whom the
information relates unless permitted under the Privacy Act.

4. HOW AND WHEN DO WE COLLECT PERSONAL INFORMATION?

4.1 Our usual approach to collecting personal information is to collect it directly from you.

4.2 We may also collect personal information in other ways, which may include:

(a) from our related entities,
(b) through referrals from individuals or other entities;
(c) from third party providers and suppliers; and
(d) from government bodies (such as the Australian Taxation Office and the Australian
Securities and Investment Commission).

5. HOW DO WE HOLD PERSONAL INFORMATION?

5.1 We generally hold personal information:

(a) physically at our premises (securely); and
(b) electronically:
(i) on secure online servers; and
(ii) on a private cloud.

5.2 We secure the personal information we hold in numerous ways, including:

(a) using security systems to access areas that contain personal information;
(b) using secure servers to store personal information;
(c) using unique usernames, passwords and other protections on systems that can access
personal information;
(d) holding certain sensitive documents securely; and
(e) regularly destroying documents that are no longer needed subject to legal obligations for
record keeping.

6. WHY DO WE COLLECT, HOLD, USE OR DISCLOSE PERSONAL INFORMATION?

6.1 We take reasonable steps to use and disclose personal information for the primary purpose for
which we collect it. The primary purpose for which information is collected is generally to provide
any of the Services.

6.2 In the case of potential employees, the primary purpose the information is collected is to assess
the individual’s suitability for employment.

6.3 Personal information may also be used or disclosed by us for secondary purposes which are within
your reasonable expectations and which are related to the primary purpose of collection.

6.4 For example, we may collect and use your personal information:

(a) to keep record of transactions to assist in future enquiries and enhance our customer
relationship with you;
(b) to process payments; and
(c) for delivery purposes.

6.5 We may disclose personal information to:

(a) our suppliers and partners (including logistic and delivery service providers);
(b) government bodies (such as the Australian Taxation Office);
(c) business support service providers (for example our software suppliers, debt collection
agencies, law and accounting firms or other consultants);
(d) any other third party we deem necessary in connection with providing you with the products
or services; and
(e) to our related entities.

6.6 Otherwise, we will only disclose personal information to third parties if permitted by the Privacy Act.

7. WILL WE DISCLOSE PERSONAL INFORMATION OUTSIDE AUSTRALIA?

We do not disclose personal information outside of Australia.

8. HOW DO WE MANAGE YOUR CREDIT INFORMATION?

What kinds of credit information may we collect?

8.1 In the course of providing products or services to you, we may collect and hold the following kinds
of credit information:

(a) your identification information;
(b) information about any credit that has been provided to you;
(c) your repayment history;
(d) information about your overdue payments;
(e) if terms and conditions of your credit arrangements are varied;
(f) if any court proceedings have been initiated against you in relation to your credit activities;
(g) information about any bankruptcy or debt agreements involving you;
(h) any publicly available information about your credit worthiness; and
(i) any information about you where you may have fraudulently or otherwise committed a
serious credit infringement.

8.2 We may also collect personal information which may affect your credit worthiness from other credit
providers, who have collected that information from a credit reporting body. The kinds of personal
information we collect may include any of those kinds of personal information outlined in section
3.1 of this policy.

How and when do we collect credit information?

8.3 In most cases, we will only collect credit information about you if you disclose it to us.
8.4 Other sources we may collect credit information from include:

(a) other individuals and entities via referrals; and
(b) suppliers and other creditors.

How do we store and hold the credit information?

8.5 We store and hold credit information in the same manner as outlined in section 5 of this policy.
Why do we collect the credit information?

8.6 Our usual purpose for collecting, holding, using and disclosing credit information about you is to
enable us to provide you with the requested product or service.

8.7 We may also collect the credit information:

(a) to process payments; and
(b) to assess eligibility for credit.
Overseas disclosure of the credit information

8.8 We do not disclose credit information outside of Australia.
How can I access my credit information, correct errors or make a complaint?

8.9 You can access and correct your credit information, or complain if you believe there has been a
breach of your privacy in the same manner as set out in section 9 of this policy.

9. HOW DO YOU MAKE COMPLAINTS AND ACCESS AND CORRECT YOUR PERSONAL INFORMATION OR CREDIT INFORMATION?

9.1 It is important that the information we hold about you is up-to-date. You should contact us if your
personal information changes.

Access to information and correcting personal information

9.1 You may request access to the personal information held by us or ask us for your personal
information to be corrected by using the contact details in this section.

9.2 Subject to section 9.4, we will grant you access to your personal information as soon as possible.

9.3 In keeping with our commitment to protect the privacy of personal information, we may not disclose
personal information to you without proof of identity.

9.4 We may deny access to personal information if:

(a) the request is unreasonable;
(b) providing access would have an unreasonable impact on the privacy of another person;
(c) providing access would pose a serious and imminent threat to the life or health of any
person; or
(d) there are other legal grounds to deny the request.

9.5 We may charge a fee for reasonable costs incurred in responding to an access request. The fee (if
any) will be disclosed prior to it being levied.

9.6 If the personal information we hold is not accurate, complete and up-to-date, we will take
reasonable steps to correct it so that it is accurate, complete and up-to-date, where it is
appropriate to do so.

Complaints

9.7 If you wish to complain about an alleged privacy breach, you must follow the following process:

(a) The complaint must be firstly made to us in writing, using the contact details in this section.
We will have a reasonable time to respond to the complaint.
(b) In the unlikely event the privacy issue cannot be resolved, you may take your complaint to
the Office of the Australian Information Commissioner.

Who to contact

9.8 A person may make a complaint or request to access or correct personal information about them
held by us. Such a request must be made in writing to the following address:

Privacy Officer: Chief Operating Officer
Postal Address: PO Box 333 Carina Qld 4152
Telephone number: 07 3390 5255
Email address: simonh@gpot.com.au

10. CHANGES TO THE POLICY

10.1 We may update, modify or remove this policy at any time without prior notice. Any changes to the
privacy policy will be published on our website.

10.2 This policy is effective September 2019. If you have any comments on the policy, please contact
the privacy officer with the contact details in section 9 of this policy