Muswellbrook Pumped Hydro Pty Ltd (ABN: 65 661 980 749) as trustee for the Muswellbrook Pumped Hydro Trust (referred to below as MPH, we, our, us) is developing a pumped hydro project at Muswellbrook (Project) and is committed to protecting your privacy.

This privacy policy (Privacy Policy) sets out how we manage your Personal Information. In particular, this Privacy Policy sets out how we will manage any Personal Information that is disclosed, collected or otherwise handled in connection with:

• the MPH website (the Website);
• community stakeholder forums;
• interactions with landowners (in person and/or via email);
• our shareholders (AGL Group and Idemitsu Group); and
• our third party service providers and suppliers.

This Privacy Policy may change from time to time, and it is important that you review it regularly. You can always find the most up-to-date version of the policy on our website.

What Personal Information do we collect and hold?

Personal Information is defined in the Privacy Act 1988 (Cth) (Privacy Act) to mean information or opinion about an individual, or an individual who is reasonably identifiable (whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not).

We may collect and hold different kinds of Personal Information about you depending on the nature of your engagement with us. Such categories of Personal Information may include the following:

• Contact information: including your name, phone number, email address, date of birth and address;
• Payment information: including bank account details;
• Usage information: including information about how you use the Website; and
• any other Personal Information that you provide to us either directly or indirectly when interacting with MPH, including through community stakeholder forums, in person, via email, or when using the Website.

What Sensitive Information do we collect and hold?

Sensitive Information is defined in the Privacy Act to include Personal Information about your race or ethnic origin, political opinions or associations, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association or union, sexual orientation or practices, or criminal record information. Sensitive Information also includes information about your health or genetic background and biometric information.

We may collect and hold your Sensitive Information and use your Sensitive Information for reasons directly relevant to our relationship with you (for example, information shared in submissions made by community stakeholders in relation to the Project).

How do we collect your Personal Information?

We will collect Personal Information directly from you wherever it is reasonable and practical to do so and in circumstances where you interact with us.

We may collect Personal Information from you as a result of:

• your response to any community engagement surveys regarding the Project;
• your feedback provided at community stakeholder forums;
• interactions between yourself and our personnel (via email or in person); and
• your use and access of the Website.

We may also collect your Personal Information from third parties in addition to those referred to above, including:

• third parties who provide services to MPH; and
• via public sources.

How do we hold your personal information?

We generally hold Personal Information in electronic format, which we store either within our own internal systems and applications or using a third party stakeholder management system, third party data processors and data storage providers.

We may otherwise hold your Personal Information in hard copy form which is stored in our offices. We discuss the security of your Personal Information below.

Why do we collect, hold, use and disclose your Personal Information?

We collect, hold, use and disclose your Personal Information for a variety of reasons including in the most common circumstances listed below:

• to enable ongoing stakeholder engagement (both reactive and proactive) about the status of the Project;
• to capture community stakeholders’ perspectives about the Project;
• to send information and progress reports in relation to the Project;
• to invite community stakeholders to meetings as part of the development approval process;
• to contact you in relation to the development application processes and the Project generally;
• to generate internal reports on community sentiment towards the Project;
• to enter land-related transactions;
• to process and respond to a complaint or feedback you may have about the Project;
• to respond to various government bodies requests for the development or approval of the Project;
• if you have given consent for MPH use of the Personal Information for one or more other specific purposes; and
• where it is necessary to meet our obligations at law, for example:
  • for the preparation of documentation required during the planning and approval processes of the Project, as required under Federal and State mining, planning and energy related legislation (eg Planning Secretary’s Environmental Assessment Requirements Section 4.12(8) of the Environmental Planning and Assessment Act 1979 Part 8 of the Environmental Planning and Assessment Act 1979 (NSW).

Who may we disclose your Personal Information to?

We may disclose your Personal Information to various third parties.

These third parties may include:

• our shareholders (AGL Group or Idemitsu Group);
• federal, state and local government authorities for the development or approval of the Project;
• our third party service providers in connection with services that these parties perform for us;
• our lawyers, accountants, insurers and professional advisors including marketing organisations we work with;
• our agents or other affiliated companies (and their agents and others they rely on to provide their services);
• our installation, maintenance and fulfilment partners and other third party service providers, so they can make installations and maintain products and services that we offer;
• to comply with laws and assist government and law enforcement agencies.

Some of the service providers and cloud data storage providers used by MPH are located or operate outside of Australia. Where we need to, we send them information so that they can provide us services. The countries where our service providers may be located, and to which personal information is likely to be disclosed, include India, Indonesia, Fiji, Japan, Malaysia, New Zealand, the Philippines, South Africa, the USA, the UK and some member states within the European Union.

What if we can’t collect your Personal Information?

If you do not provide us with the Personal Information we need, some or all of the following may occur:

• we or any involved third parties may not be able to engage with you regarding the Project;
• you may not be able to request or receive updates regarding the status of the Project; and
• we may not be able to provide you with other relevant information.

Data security

We have put in place a range of electronic security and access measures to prevent your Personal Information from accidental or intentional misuse, interference and loss, as well as unauthorised access, modification or disclosure. In addition, we limit access to your Personal Information to employees, agents, contractors, shareholders, and other third parties who have a business need for access.

We train our staff on how to keep your information safe and secure. We use secure systems and environments to hold your information. We only keep your information for as long as we need it.

We have put in place procedures to deal with any suspected Personal Information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Access and correction of Personal Information

We take reasonable steps to ensure that the Personal Information we handle is accurate, complete and up-to-date. If you become aware of any errors in your Personal Information or, if you change your Personal Information, please let us know.

You can request access to any Personal Information we hold about you at any time. However please be aware that from time to time we may need to reject your request to access Personal Information we hold about you, if we believe such rejection to be necessary and to the extent allowed by law. To request access to any Personal Information that we may hold about you, please use the contact details at the bottom of this Privacy Policy. Depending on the nature of your request and where permitted by law, we may charge a small fee for complying with your request.

You may request us to amend any Personal Information we hold about you which you believe to be inaccurate, incomplete, or out of date. To request an amendment to any Personal Information that we hold about you, please use the contact details at the bottom of this Privacy Policy. If we do not agree to amend your Personal Information, you may request that we make a note of your requested correction with the information we hold about you.

If we do not provide you with access to any of your Personal Information, or do not correct any of your Personal Information, we will provide you with our reasons.

You may also contact us if you wish to obtain further information regarding our privacy practices and the way we handle your Personal Information.

For more information regarding privacy, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

Information retention

We are subject to legal and regulatory requirements in relation to the retention of information collected under this Privacy Policy. We aim to keep personal information only for as long as we need for our business or to comply with the law. When we no longer need personal information, we take reasonable steps to destroy or de-identify it. For more information in relation to these requirements, please contact us on our contact details set out at the bottom of this Privacy Policy or contact the OAIC, using the website referenced above.

Complaints

We take your privacy concerns seriously. If you have a complaint regarding our handling of your Personal Information or concerning our privacy practices, you may file a complaint which will be investigated by us. Please see our contact details set out at the bottom of this Privacy Policy. When investigating your complaint, we may need to contact you to request further information. Following your complaint, we will contact you with the result of our investigation as soon as possible.

In the unlikely circumstances we are unable to resolve your complaint to your satisfaction, you may refer your complaint to the OAIC at www.oaic.gov.au.

Cookies

When you use our website, we may collect certain information such as browser type, operating system, or information about the websites you visited. We may collect this information by the use of ‘cookies’ on our website. We use this information to help us monitor how visitors are using our websites and for the purposes referenced under the heading ‘Why do we collect, hold, use and disclose personal information?’.

A cookie is a small file that is stored on your device by a website. Cookies contain information which is readable by the website that issued the cookie to you and is commonly used to remember your details and preferences when you return to that website.

A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers and applications automatically accept cookies, but you can usually modify your browser settings or consent preferences to decline cookies, if you prefer. In some cases, disabling cookies may mean you will not be able to take full advantage of our website.

Contact us

If you have any questions about this Privacy Policy, our privacy practices or wish to make a complaint or request for access to, or correction of, to the Personal Information we hold about you, please contact us:

• by email: AGLCommunity@agl.com.au
• by phone: 1800 039 600
• by post at: AGL Community Complaints & Enquiries, Locked Bag 14120 MCMC, Melbourne VIC 8001