Privacy Policy

1. Information We Collect

1.1 Information You Provide

When you register for an account, subscribe to our services, or contact us, we may collect:

• Identity and contact details: Name, email address, phone number, job title, and company name
• Company information: ABN, registered address, company type, and verification documents
• Account preferences: Mineral watchlists, notification settings, and communication preferences
• Payment information: Billing details processed securely through our payment provider (we do not store full card numbers)
• Notice Board content: Information you submit when posting buy/sell notices or responding to opportunities

It is not possible for you to use a pseudonym for us to provide you with our services, as we verify company identities for the integrity of our B2B marketplace.

1.2 Information Collected Automatically

When you use our platform, we automatically collect:

• Browser type and version
• IP address and approximate location
• Pages visited, features used, and time spent on the platform
• Device information and operating system
• Referring URL and search terms

We use this information to analyse platform usage, improve our services, and ensure security.

1.3 Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. See our Cookie Policy for details on the types of cookies we use and how to manage your preferences.

2. How We Use Your Information

We collect, use and process your information to:

• Provide our services: Deliver pricing data, forecasts, corporate directory access, and Notice Board functionality
• Manage your account: Process subscriptions, authenticate your identity, and verify your company
• Facilitate B2B connections: Enable secure messaging and opportunity matching between verified members
• Communicate with you: Send service updates, market briefings, price alerts, and respond to enquiries
• Improve our platform: Analyse usage patterns, develop new features, and enhance user experience
• Ensure security: Detect and prevent fraud, unauthorised access, and other security incidents
• Comply with legal obligations: Meet regulatory requirements and respond to lawful requests

2.1 Lawful Basis for Processing (GDPR)

For users in the European Union, we process your personal data based on:

• Contract performance: Processing necessary to provide our subscription services
• Legitimate interests: Platform security, fraud prevention, and service improvement
• Legal compliance: Meeting regulatory and legal obligations
• Consent: Marketing communications (which you can withdraw at any time)

3. Direct Marketing

Unless you direct us otherwise, we may use your information to send you:

• Weekly market briefings and price updates
• New feature announcements
• Industry insights and research

You can opt out of marketing communications at any time by:

• Clicking "unsubscribe" in any marketing email
• Updating your preferences in your Account Settings
• Contacting us at privacy@mineralsplatform.com

4. Sharing Your Information

4.1 Within PCMP

Staff members at PCMP can access your information only when necessary to provide you with our services or support.

4.2 With Third Parties

We may share your information with:

• Service providers: Cloud hosting (AWS Sydney), payment processing, email delivery, and analytics services that help us operate the platform
• Verified members: When you post on the Notice Board or initiate a connection, relevant contact information is shared with the other party
• Professional advisers: Lawyers, auditors, and consultants bound by confidentiality obligations
• Regulatory bodies: When required by law or in response to valid legal requests

We never sell your personal information to third parties for their marketing purposes.

4.3 International Transfers

Your data is primarily stored in Australia (AWS Sydney region). We may transfer data to service providers in the United States, European Union, and other jurisdictions. When we do, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Data processing agreements with all third-party processors
• Verification that recipients maintain adequate security standards

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred to the acquiring entity. We will notify you of any such change and any choices you may have regarding your information.

5. Data Security

We are committed to ensuring your information is secure. We implement:

• Encryption: All data transmitted via HTTPS/TLS; sensitive data encrypted at rest
• Access controls: Role-based access, multi-factor authentication for staff, principle of least privilege
• Infrastructure security: Firewalls, intrusion detection, regular security assessments
• Staff policies: Confidentiality agreements, security awareness training, background checks
• Incident response: Documented procedures for detecting, reporting, and responding to security incidents

While we take all reasonable steps to protect your information, no system is completely secure. By using our services, you acknowledge the inherent risks of transmitting information over the internet.

6. Data Retention

We retain your personal information for as long as necessary to:

• Provide our services and maintain your account
• Comply with legal and regulatory obligations
• Resolve disputes and enforce our agreements

When we no longer need your information, we securely delete or de-identify it in accordance with NIST 800-88 guidelines.

Typical retention periods:

• Active account data: Duration of subscription plus 2 years
• Transaction records: 7 years (tax and legal requirements)
• Server logs: 12 months
• Marketing preferences: Until you unsubscribe or delete your account

7. Your Rights

7.1 Access

You have the right to request access to the personal information we hold about you. We will respond within 30 days. There is no fee for standard requests; complex requests may incur a reasonable charge (we will advise you in advance).

7.2 Correction

If you believe information we hold is inaccurate, incomplete, or out-of-date, you can update it directly in your Account Settings or contact us to request correction.

7.3 Deletion

You can request deletion of your personal information. We will comply unless we need to retain it for legal, regulatory, or legitimate business purposes. Account deletion can be initiated in your Account Settings or by contacting us.

7.4 Data Portability (GDPR)

EU users can request a copy of their data in a structured, commonly used format (JSON or CSV).

7.5 Objection and Restriction (GDPR)

EU users can object to certain processing activities or request restriction of processing in specific circumstances.

7.6 Withdraw Consent

Where we process your data based on consent, you can withdraw that consent at any time. This does not affect the lawfulness of processing before withdrawal.

To exercise any of these rights, contact us at privacy@mineralsplatform.com or write to the address below.

8. Closing Your Account

When you close your account, we will:

• Remove your active profile and Notice Board postings
• Retain transaction and billing records as required by law
• Delete or anonymise remaining data within 90 days

There may be latency in deleting information from backups, which are retained for disaster recovery purposes.

9. Third-Party Links

Our platform may contain links to external websites. We are not responsible for the privacy practices of these sites and recommend you review their privacy policies before providing any personal information.

10. Children's Privacy

Our services are designed for business professionals and are not directed at individuals under 18 years of age. We do not knowingly collect personal information from children.

11. Making a Privacy Complaint

If you have concerns about how we handle your personal information:

1. Contact us using the details below. We will acknowledge your complaint within 7 days and assign a contact person.
2. We will investigate and aim to resolve your complaint within 30 days. If we need more time, we will keep you informed.
3. If you are not satisfied with our response, you can escalate to external bodies (see below).

External Dispute Resolution

Australia: Office of the Australian Information Commissioner (OAIC)
Phone: 1300 363 992 | Web: www.oaic.gov.au

European Union: You may lodge a complaint with your local Data Protection Authority.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Posting a notice on our platform
• Sending an email to registered users
• Updating the "Last updated" date at the top of this page

We encourage you to review this policy periodically.

13. Contact Us