1. What does this policy cover?

We are committed to maintaining your confidence and trust to protect the personal data you provide to us or which we collect about you via our website www.lacimagroup.com or via any other method. This policy describes how we use, store and protect your personal data, including but not limited to data from your use of our website.

In this privacy policy, “we”, “us”, “our” and “Lacima” means either or both Lacima Group Pty Limited ABN 54 097 353 994 of Suite 7.01, Level 7, 56 Pitt Street, Sydney 2000 Australia, as the owner and operator of this website and LG UK Pty Ltd, ABN 40 109 917 393, registered in England and Wales, Branch No: BR007759, Company No: FC 025449 of Suite 7.01, Level 7, 56 Pitt Street, Sydney 2000 Australia and Kemp House, 152 – 160 City Road, EC1V 2NX, United Kingdom.

For the purposes of applicable data protection law (including, the General Data Protection Regulation 2016/ 679 (the “EU GDPR“) and the UK General Data Protection Regulation (the “UK GDPR”), we are joint ‘data controllers’ of your personal data. When used in this privacy policy, “personal data” has the meaning given to that term in the EU and UK GDPR.

Where applicable, this policy should be read alongside Lacima’s Website Terms & Conditions which tell you about the terms on which you may access and use the website.

Further information about how we collect and process your personal data as well as your rights in relation to your personal data is detailed in our Privacy FAQ annexed to this Policy.

2. What personal data is collected?

We collect personal data that is required for providing software and services to our clients. We also collect personal data for marketing purposes.

Providing personal data is usually optional; however, in order to provide you with access to some of our services and other resources such as to provide support to our licenced customers, providing certain personal data (e.g., contact information and name, log-in details) is necessary in order to receive these services and resources. You may choose whether or not to receive electronic marketing communications from us and we will only send you such communications where we have the appropriate consents to do so (to the extent required by applicable law).

2.1. Personal data collected from you:

We normally collect your personal data directly from you. For example, we collect personal data when you deal with us over the telephone, send us correspondence by letter, or email, when you have contact with us in person, when you transact with us, when you fill in forms on the website or on other web based applications we use in our interaction with you, report a problem to us, submit user-generated reviews or ratings to us, and engage in any social media with us. The categories of personal data we collect, include, but not limited to:

Personal Identification Information: such as, your name, and title;
Contact Information: such as, email address, mailing address and telephone number;
Demographic Information: such as, postcode; and
Your marketing preferences, including any consents you have given us.

2.2. Personal data collected about you:

Although we generally collect personal data directly from you, we also collect certain categories of personal data about you from other sources. In particular:

From Others:
- From a marketing event organisation;
- Publicly maintained records; and
- Financial and / or transaction details from payment providers in order to process a transaction.
Automatically Collected Information: such as, web browser type and version, operating system, the website you came from and exit to, your IP (Internet Protocol) address, your browser settings, the date and time of your visits, and details regarding your interaction with the website (including which pages or resources on the website you access) or other web based services that we provide you with access to or invite you to use for example for training and webinar purposes; and
Cookies Information: in accordance with the Cookies section below.

3. How is your personal data used, and what is the legal basis for this use?

We use your personal data for the following purposes:

(i) Contractual Necessity: As required to establish and fulfil a contract with you, for example: communicating with you and providing customer services.

(ii) Legitimate Interests: As required by us to pursue our own legitimate interests, in particular:

to provide you with information that you have requested from us;
to receive services from you or the business which employs you;
to undertake marketing activities such as;
- to provide you with circulars, and newsletters to keep you regularly informed about ongoing initiatives and upcoming projects and any future updates or news about products and events.
- to notify you about similar products and/or services that you may be interested in that are similar to those you have previously purchased or shown an interest in purchasing from us;
- creating user / customer insights based on transactional behaviour segments to drive targeted direct marketing; and
- creating user / customer insights based on demographic segments to drive targeted email direct marketing and also carrying out market research and surveys;
undertake research and development for future products and services;
facilitating the creation of, and securing, online registered accounts;
managing, operating and improving online registered services (incl. enabling you to manage your marketing preferences), and customer journeys on the website;
monitoring any online feedback/reviews to prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime, in accordance with applicable law;
we will use data in connection with legal claims which concern our company, group or partners, compliance, regulatory and investigative purposes as necessary (including disclosure of such data in connection with legal process or litigation);
communicating with you; and
investigating and handling any complaints received from you about our privacy practices, our website, or our services.

You can obtain further information on the legitimate interests balancing exercises which we have carried out by contacting us using the contact details provided below.

(iii) Legal Compliance: To ensure compliance with applicable laws and legal processes including, but not limited to, use in connection with legal claims, compliance, regulatory, tax, investigative purposes (including disclosure of such data in connection with legal process or litigation and to law enforcement agencies).

(iv) Consent: Subject to the following, we will send you direct marketing by email, SMS, telephone, post, in-App and online about Lacima services which we think may be of interest to you. This will only be sent where you have given your consent to Lacima during any online sign-up process, or where you have provided your details to us as part of an ongoing relationship with us, and the marketing is directly related to that relationship and (where permissible under applicable laws) you have been given an opportunity to opt out. You will be able to opt-out of electronic direct marketing by clicking the unsubscribe link contained in the email itself and, in all other cases, by contacting us directly using the contact details provided below.

IMPORTANT NOTE: the opening and click rates of any newsletters or other electronic direct marketing that we send to you are assigned to individual recipients. If you do not wish your personal data to be used in this way, then please click the unsubscribe link contained in the electronic direct marketing email itself and no future newsletters or other electronic direct marketing will be sent to you.

(v) Legal Permission: As otherwise permitted by applicable laws.

4. Minors

Visitors under 16 years of age are not permitted to subscribe to our services, use and/or submit their personal data on any of our website or applications. We do not knowingly solicit or collect personal data from visitors under 16 years of age. We encourage parents and guardians to spend time online with their children and to participate and monitor the interactive activities of their children.

5. Who will your personal data be shared with, and where?

We will share your personal data with:

members of our group of companies being the Deutsche Börse Group (comprising Deutsche Börse, the ultimate parent of Lacima Group, and its group companies), Lacima Group Pty Limited, LG UK Pty Ltd and Lacima Group (US), Inc;
third party service providers, who will process it on our behalf for the purposes above. Such third parties include, but are not limited to, “mailing houses”, customer service operations, and marketing providers; and
government authorities and/or law enforcement officials if required for the purposes specified above in section 3, if mandated by law or if required for the legal protection of our own legitimate interests in compliance with applicable laws;

Where such data is shared with members of our group of companies or third parties, we will ensure appropriate safeguards are in place to protect your personal data.

We may also share your personal data as permitted or required by applicable laws.

6. Security

We take reasonable steps to help ensure the security of your personal data and protect it from misuse, interference, and loss, and from unauthorised access, modification, or disclosure.

7. Cookies

7.1. What cookies will be used on the website?

The website uses (first party and third party) cookies (small files placed on website users’ hard drive) to distinguish you from other users of the website. This helps us to provide you with a high-quality experience when you browse the website and also allows us to improve the website. We use cookies to analyse the flow of information; customize the services, content and advertising; measure promotional effectiveness; and promote trust and safety.

We don’t have access to the cookies which third parties place on the website; other than allowing them to be served. Such third parties have their own privacy policies which we encourage you to review.

More detail on how businesses use cookies is available here: (www.allaboutcookies.org).

We offer certain services that are available only through the use of cookies. Generally, there are the following categories of cookies:

7.2. Strictly Necessary Cookies

Some cookies are essential for the operation of the website. For example, some cookies allow us to identify registered users and ensure they can access the website. If a registered user opts to disable these cookies, the user may not be able to access all of the content of the website.

7.3. Performance Cookies

Other cookies may be used to analyse how users use the site and to monitor site performance. This allows us to provide a high quality experience by customising the offering and quickly identifying and fixing any issues that arise. For example, performance cookies may be used to keep track of which pages are most popular and to determine why some pages are receiving error messages.

7.4. Functional cookies

This category of cookies enables our websites to store information the user has already entered (such as user ID, language selection, or the user’s location), in order to offer improved, personalized functions to the user. Functional cookies are also used to enable requested functions such as playing videos and to make a user’s decision to block or disable a certain function (e.g. web analysis) – “opt-out cookies”.

7.5. Cookies for marketing purposes

This category of cookies is used to offer more relevant content to users, based on their specific interests. They are also used to limit the display frequency of an ad and to measure and control the effectiveness of advertising campaigns. They register whether users have visited a website or not, and which contents were used. This information may possibly also be shared with third parties, such as advertisers, for example. These cookies are often linked to the functions of third-party websites.

7.6. Social media

Social media cookies allow users to share what they’ve been doing on the website on social media. These cookies are not within our control. Please refer to the respective social media privacy policies for how their cookies work.

7.7. Web analytics

Our website uses Matamo for analytics. It is cookie-less so does not set a cookie within your browser. It enables us to capture general information on website usage including devices and browsers used including language settings, keywords and page views and location.

8. Changes to this policy

We may update this privacy policy from time to time. This policy was last updated on 06 December 2023.

Any changes we may make to this policy in the future will be posted on the website and, where appropriate, notified to you by email or otherwise. The changes will be also available in hard copy at our premises.

9. How to contact us

If you wish to gain access to your personal data or make a complaint about our breach of your privacy, or if you have any query on how your personal data is collected, stored or used, please find contact details below:

9.1. Contact outside of the EU and UK

If you are located outside of the European Economic Area (the “EEA”) (i.e. all 27 EU Member States plus Iceland, Liechtenstein and Norway) or the UK:
Telephone: +61 (02) 8320 7440
Fax: +61 (02) 9475 0984
Mail: Suite 7.01, Level 7, 56 Pitt Street Sydney 2000 Australia
Email: privacy@lacimagroup.com

9.2. Contact in the UK and EU

Under the UK GDPR we are required to provide a contact in the UK and under the EU GDPR we are required to provide a contact in the EU that will act as our representative should you wish to contact us with regards to how we handle your personal information.

You can contact our UK Representative to exercise your rights under the UK GDPR or our EU Representative to exercise your rights under the EU GDPR or to discuss any sort of data protection issue relating to our company.

Our UK Representative is:
European Energy Exchange AG
11 Westferry Circus
Canary Wharf
London E14 4HE
United Kingdom
Email: dataprotection@eex.com

Our EU Representative is:
European Energy Exchange AG
Augustusplatz 9
04109 Leipzig
Germany
Email: dataprotection@eex.com

10.Unsatisfied with our response to your complaint or enquiry?

If you are not satisfied with the manner in which we deal with any privacy complaint or query you may have, you can refer your complaint to the relevant data protection authority in your country of habitual residence, place of work, or place of the alleged infringement.

For Australia, you can contact the Office of the Australian Information Commissioner using the online complaint form available here or by:

Email: enquiries@oaic.gov.au
Mail: Office of the Australian Information Commissioner, GPO Box 5218, SYDNEY NSW 2001 Australia
Fax: 02 9284 9666

For the UK, you can contact the Information Commissioner’s Office, the UK supervisory authority for data protection issues (www.ico.org.uk).

If outside of Australia or the UK, you can contact the applicable supervisory body in your country.

11. ANNEX – Privacy FAQs

11.1. What rights do I have in relation to my personal data?

(i) EU (EEA)/UK Citizens:

You are entitled to ask us:

for a copy of your personal data;
to correct your personal data (if it is inaccurate, incomplete or not up-to-date);
to ‘port’ your personal data (i.e. to transfer in a structured, commonly used and machine-readable format, to you or another data controller);
to erase your personal data; or
restrict its processing (i.e. processing will temporarily stop (save to the extent that personal data will continue to be stored)).

You also have rights to object to some processing that is based on our legitimate interests, and to processing for direct marketing purposes. Further, where we have asked for your consent to process your data, you are entitled to withdraw this consent as more fully described above.

These rights are limited in some situations – for example, where we can demonstrate that we have a legal requirement to process your personal data. In some instances, this may mean that we are able to retain data even if you withdraw your consent.

Where we require your personal data to comply with legal or contractual obligations, then provision of such data is mandatory: if such data is not provided, then we will not be able to manage our contractual relationship with you, or to meet obligations placed on us.

We hope that we can satisfy any queries you may have about the way we process your personal data. If you have any concerns about how we process your personal data, you can get in touch using the details set out above in section 9 of the privacy policy.

If you have unresolved concerns, you also have the right to complain to EU or UK data protection authorities. The relevant data protection authority will be the data protection authority of the country: (i) of your habitual residence; (ii) of your place of work; or (iii) in which you consider the alleged infringement has occurred.

(ii) Non-EU (EEA)/UK Citizens:

Under the Privacy Act 1988 (Cth) (“Privacy Act”), you have the right to seek access to your personal data handled by us. You also have the right to ask us to update or correct your personal data when it is inaccurate, incomplete or out of date.

Except where we may refuse access to your personal data under the Privacy Act, we will, after receiving your written request, provide you with access to the personal data we hold about you.

If we refuse to provide you with access to all or any part of your personal data, or to provide you with access to all or any part of your personal data in the manner requested, we will provide you with written reasons for our refusal and inform you of any exceptions relied upon under the Privacy Act.

If you believe that personal data about you is inaccurate, incomplete, or out of date, or if you have any other queries about access and correction, please use us the contact details set out above in section 9 of the privacy policy.

11.2. How long will you hold my data?

Where we process personal data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We will refresh any consents on a regular basis to check you still wish to hear from us. We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data indefinitely so that we can respect your request in future.

Where we process personal data in connection with performing a contract, we keep the data for the duration of the contract that you have with us plus a minimum of 5 years thereafter.

11.3. Where will you send my data?

Lacima may transfer (including store) your personal data to countries outside of the EEA or UK, which may not provide the same level of protection as those countries within the EEA or UK, including to Australia.

Where this is the case, and where the transfer is to a country or territory that is not subject to an adequacy decision by the EU Commission, Lacima has taken steps to ensure the personal data is adequately protected (e.g. by using EU Commission-approved standard contractual clauses (which have been implemented pursuant to Article 46 (2) of the GDPR)). If you have any questions about the mechanisms we have in place and / or would like to obtain a copy of them, please use the contact details set out above in section 10 of the privacy policy.