1. What does this policy cover?

We are committed to maintaining your confidence and trust to protect the personal data you provide to us or which we collect about you via our website www.lacimagroup.com or via any other method.

This policy describes how we collect, use, store, and protect your personal data, including, but not limited to, information obtained through your use of our website or interactions with us directly.

This policy does not apply to third-party websites or services that may be linked through our website.

In this privacy policy, “we”, “us”, “our” and “Lacima” means either or both Lacima Group Pty Limited ABN 54 097 353 994 of Suite 7.01, Level 7, 56 Pitt Street, Sydney 2000 Australia, as the owner and operator of this website and LG UK Pty Ltd, ABN 40 109 917 393, registered in England and Wales, Branch No: BR007759, Company No: FC 025449 of Suite 7.01, Level 7, 56 Pitt Street, Sydney 2000 Australia and Kemp House, 152 – 160 City Road, EC1V 2NX, United Kingdom.

For the purposes of applicable data protection law (including, the General Data Protection Regulation 2016/ 679 (the “EU GDPR“) and the UK General Data Protection Regulation (the “UK GDPR”), we are joint ‘data controllers’ of your personal data. When used in this privacy policy, “personal data” has the meaning given to that term in the EU and UK GDPR, or if the personal data we process is not subject to the EU or UK GDPR the term refers to “personal information” as defined in the Australian Privacy Act (1988) (Cth) (“Privacy Act”).

Where applicable, this policy should be read alongside Lacima’s Website Terms & Conditions which tell you about the terms on which you may access and use the website.

2. What personal data is collected?

We collect personal data necessary to provide our software and related services to clients, as well as for marketing purposes. Providing personal data is generally optional. However certain information, such as your name, contact details, and login credentials, may be required to access specific services, resources, or customer support available to licensed customers, and you will be unable to access those services, resources or customer support if you don’t provide us with the necessary personal data.

You may choose whether or not to receive electronic marketing communications from us. We will only send such communications where we have the appropriate consents to do so, to the extent required by applicable law.

2.1. Personal data collected from you:

We normally collect personal data directly from you during the course of our interactions. This may occur when you:

Communicate with us by telephone, letter, or email, including when making enquiries, providing instructions, or responding to our communications.
Meet with us in person, such as during business meetings, consultations, or events.
Purchase or use our products or services, including when entering into agreements or placing orders.
Complete forms on our website or via other secure web-based applications we use to deliver services, process transactions, or manage customer relationships.
Report a problem or request technical, customer, or account support.
Submit user-generated content, such as reviews, ratings, testimonials, or feedback.
Engage with us via social media platforms, including commenting on our posts, sending direct messages, or otherwise interacting with our content.

The personal data we collect and process may include, but is not limited to:

Identity Data – first name, last name, title, date of birth, gender, and any identifiers you provide in communications or forms.
Contact Data – email address, mailing address, billing address, delivery address, telephone numbers, and preferred contact methods.
Demographic Data – postcode, country of residence, and language preferences.
Professional Data – occupation, job title, department, location, employer/company name, areas of expertise, professional qualifications.
Technical Data – IP address, device identifiers, browser type, operating system, and information collected through cookies or similar technologies when you use our websites or online services.
Marketing and Communication Data – your preferences for receiving marketing communications from us and from our third parties, records of consents provided, and opt-out requests.
Survey and Feedback Data – responses to surveys, reviews, ratings, and feedback submitted to us.
Event and Interaction Data – details of attendance at our events, webinars, or training sessions, including registration details, dietary or accessibility requirements (where provided), and interaction logs.

2.2. Personal data collected about you:

Although we generally collect personal data directly from you, we also collect certain categories of personal data about you from other sources. In particular:

Publicly Available Sources – including public records, published information about you (e.g., job title, contact details, professional history, education), and other information made available through professional or commercial listings.
Automatically Collected Information – such as browser type and version, operating system, IP (Internet Protocol) address, browser settings, date and time of visits, and details of your interactions with our website or other web-based services we provide (e.g., training portals and webinar platforms).
Cookies and Similar Technologies – as described in the Cookies section of this policy.

We may combine personal data obtained from these sources with information you provide directly. This helps us maintain accurate records, expand and analyse our customer base, identify new business opportunities, deliver targeted advertising and tailored communications, promote events, and verify contact details.

We may request specific information from you for the purposes of verifying your identity and confirming your entitlement to access your personal data (or to exercise any of your other rights). This measure is necessary to ensure that personal data is not disclosed to any individual who does not have a lawful right to receive it. We may also contact you to request additional information relevant to your request, where necessary, to facilitate a prompt and compliant response.

3. How is your personal data used, and what is the legal basis for this use?

We collect, hold, use and disclose your personal data for the following purposes:

Purpose / Activity	Lawful Basis for Processing	Examples of Use	Type of Data
Contractual Necessity	As required to establish and fulfil performance of a contract with you.	Communicate with you and provide customer service and support services to licenced customers. Facilitate creation, management, and security of online accounts. Enable you to participate in surveys, feedback sessions, or customer programs.	Identity Contact Marketing and Communications data
Legitimate Interests	Necessary for our legitimate interests (provided your interests and fundamental rights do not override those interests).	Provide information you have requested from us. Receive services from you or the organisation that employs you. Undertake marketing activities such as: Send circulars, newsletters, and updates about initiatives, projects, products, and events. Notify you about similar products/services to those you have purchased or expressed interest in. Create customer insights from transactional and demographic segments for targeted marketing and market research. Creating user/customer insights based on demographic segments to drive targeted email direct marketing and also carrying out market research and surveys. Undertake research and development for future products and services. Facilitate creation and secure access to online accounts. Manage, operate, and improve online services (including enabling you to manage preferences) and customer journeys on the website. Monitor online feedback, reviews, and user-generated content to prevent, investigate, or report fraud, terrorism, misrepresentation, security incidents, or crime, in accordance with applicable law. Use data which concerns our company, group or partners in connection with legal claims, compliance, regulatory, and investigative purposes, including disclosure during legal processes or litigation. Communicate with you about our services, products, and updates. Investigate and handle any complaints about our privacy practices, website, or services.	Identity Contact Marketing and Communications Professional Data Technical
Legal Compliance	To ensure compliance with applicable laws and legal processes including, but not limited to, use in connection with legal claims, compliance, regulatory, tax, investigative purposes (including disclosure of such data in connection with legal process or litigation and to law enforcement agencies).	Comply with applicable laws, regulations, and legal processes. Respond to lawful requests from regulatory authorities or law enforcement. Use data for tax, compliance, regulatory, and investigative purposes, including disclosure in connection with legal processes or litigation. Meet record-keeping and reporting obligations required by law.	All personal data
Consent	Your consent where you have given your consent to Lacima during any online sign-up process, or where you have provided your details to us as part of an ongoing relationship with us and the marketing is directly related to that relationship and (where permissible under applicable laws) you have been given an opportunity to opt out. You can withdraw consent at any time. You will be able to opt-out of electronic direct marketing by clicking the unsubscribe link contained in the email itself and in all other cases by contacting us directly using the contact details provided below.	Send direct marketing via email, SMS, telephone, post, in-app messages, or online channels about products or services we believe may interest you. Track opening and click rates for marketing emails to assess engagement (only where you have not opted out). Deliver tailored advertising and promotional content based on your preferences and prior interactions.	Identity Contact Marketing and Communications
Other Legal Permissions		Any other processing permitted under applicable laws.	All personal data

You can obtain further information on the legitimate interests balancing exercises which we have carried out by contacting us using the contact details provided below.

IMPORTANT NOTE: the opening and click rates of any newsletters or other electronic direct marketing that we send to you are assigned to individual recipients. If you do not wish your personal data to be used in this way, then please click the unsubscribe link contained in the electronic direct marketing email itself and no future newsletters or other electronic direct marketing will be sent to you.

4. Minors

Visitors under 16 years of age are not permitted to subscribe to our services, use and/or submit their personal data on any of our website or applications. We do not knowingly solicit or collect personal data from visitors under 16 years of age. We encourage parents and guardians to spend time online with their children and to participate and monitor the interactive activities of their children.

5. Disclosure of Personal Data and Cross-Border Transfers

5.1. Sharing of your personal data

We will share your personal data with:

members of our group of companies being the Deutsche Börse Group (comprising Deutsche Börse, the ultimate parent of Lacima Group, and its group companies), Lacima Group Pty Limited, LG UK Pty Ltd and Lacima Group (US), Inc;
third party service providers, who will process it on our behalf for the purposes above. Such third parties include, but are not limited to, “mailing houses”, customer service operations, and marketing providers; and
government authorities and/or law enforcement officials if required for the purposes specified above in section 3, if mandated by law or if required for the legal protection of our own legitimate interests in compliance with applicable laws;

Where such data is shared with members of our group of companies or third parties, we will ensure appropriate safeguards are in place to protect your personal data.

We may also share your personal data as permitted or required by applicable laws.

5.2. Where will you send my data?

If the personal data we process is subject to the EU or UK GDPR, Lacima may transfer (including store) your personal data to countries outside of the EEA or UK, which may not provide the same level of protection as those countries within the EEA or UK, including to Australia. Where this is the case, and where the transfer is to a country or territory that is not subject to an adequacy decision by the EU Commission, Lacima has taken steps to ensure the personal data is adequately protected (e.g. by using EU Commission-approved standard contractual clauses (which have been implemented pursuant to Article 46 (2) of the GDPR)). If you have any questions about the mechanisms we have in place and / or would like to obtain a copy of them, please use the contact details set out below in section 11 of the privacy policy.

If the personal data we process is not subject to the EU or UK GDPR, Lacima may transfer (including store) your personal data to recipients in various countries, including the USA. It is not practicable to specify all of the precise countries, as this may vary depending on the circumstances and our practices over time.

6. Your rights

6.1. What rights do I have in relation to my personal data?

(i) For personal data processed by us that is subject to the EU or UK GDPR:

You are entitled to ask us:

for a copy of your personal data;
to correct your personal data (if it is inaccurate, incomplete or not up-to-date);
to ‘port’ your personal data (i.e. to transfer in a structured, commonly used and machine-readable format, to you or another data controller);
to erase your personal data; or
restrict its processing (i.e. processing will temporarily stop (save to the extent that personal data will continue to be stored)).

You also have rights to object to some processing that is based on our legitimate interests, and to processing for direct marketing purposes. Further, where we have asked for your consent to process your data, you are entitled to withdraw this consent as more fully described above.

These rights are limited in some situations – for example, where we can demonstrate that we have a legal requirement to process your personal data. In some instances, this may mean that we are able to retain data even if you withdraw your consent.

Where we require your personal data to comply with legal or contractual obligations, then provision of such data is mandatory: if such data is not provided, then we will not be able to manage our contractual relationship with you, or to meet obligations placed on us.

We hope that we can satisfy any queries you may have about the way we process your personal data. If you have any concerns about how we process your personal data, you can get in touch using the details set out below in section 11 of the privacy policy.

If you have unresolved concerns, you also have the right to complain to EU or UK data protection authorities. The relevant data protection authority will be the data protection authority of the country: (i) of your habitual residence; (ii) of your place of work; or (iii) in which you consider the alleged infringement has occurred.

(ii) For personal data processed by us that is not subject to the EU or UK GDPR:

Under the Privacy Act, you have the right to seek access to your personal data handled by us. You also have the right to ask us to update or correct your personal data when it is inaccurate, incomplete or out of date.

Except where we may refuse access to your personal data under the Privacy Act, we will, after receiving your written request, provide you with access to the personal data we hold about you.

If we refuse to provide you with access to all or any part of your personal data, or to provide you with access to all or any part of your personal data in the manner requested, we will provide you with written reasons for our refusal and inform you of any exceptions relied upon under the Privacy Act.

If you believe that personal data about you is inaccurate, incomplete, or out of date, or if you have any other queries about access and correction, please use us the contact details set out below in section 11 of the privacy policy.

7. Security and holding of personal data

Personal data is generally stored in electronic format on computing infrastructure used by us, which may include infrastructure provided by our third party service providers. Personal data may from time to time be held in hard copy format, but usually only on a temporary basis unless the hard copy records need to be kept for our record keeping purposes. We take reasonable steps to protect personal data from misuse, loss, unauthorised access, modification, or disclosure. Using a risk-based approach, we apply technical, organisational, and physical safeguards to maintain the confidentiality, integrity, and availability of data.

8. Data Processing and Retention

8.1. Data Processing

When we process personal data for marketing purposes or on the basis of your consent, we will continue to do so until you request that we stop. We may retain the data for a short period afterwards to allow us to implement your request. Consents are refreshed periodically to confirm that you still wish to receive communications from us. We also keep a permanent record of any request to stop direct marketing or data processing, to ensure your preferences are respected in the future.

When personal data is processed in connection with fulfilling a contract, we will retain it for the duration of the contract and for the applicable minimum period thereafter.

8.2. Data Retention

All records are retained for at least the minimum period required based on their type, purpose, and applicable legal or regulatory obligations.

9. Cookies

9.1. What cookies will be used on the website?

Our website uses first-party cookies (small files placed on your device) to distinguish you from other users. They enable us to meet our regulatory obligations and collect anonymous website information usage which helps us improve functionality and provide a high-quality browsing experience.

You can enable or disable cookies at any time through the options provided below.

Please note that disabling certain types of cookies may impact your experience on the website.

You can enable or disable cookies at any time through the options provided on the website.

More detail on how businesses use cookies is available here.

We offer certain services that are available only through the use of cookies. Generally, there are the following categories of cookies:

9.1.1. Strictly Necessary Cookies

These cookies are essential for the website to operate securely and reliably. They remember your preferences and enable essential embedded content or interactive elements (such as videos) to function correctly so cannot be disabled.

9.1.2. Performance Cookies

These cookies help us measure and understand how visitors use our website. They collect aggregated, anonymous information that allows us to analyse performance, identify areas for improvement, and enhance the overall user experience. We recommend enabling these cookies, as they provide valuable insights that help us improve our website.

9.2. Social media

Our website includes links for sharing content on social media. Clicking these links takes you to the external platform, where their respective privacy policies and cookies apply.

10. Changes to this policy

We may update this privacy policy from time to time. This policy was last updated on 12 January 2026.

Any changes we may make to this policy in the future will be posted on the website and, where appropriate, notified to you by email or otherwise. The changes will be also available in hard copy at our premises.

11. How to contact us

If you wish to gain access to your personal data or make a complaint about our breach of your privacy, or if you have any query on how your personal data is collected, stored or used, please find contact details below:

11.1. Contact outside of the EU and UK

If you are located outside of the European Economic Area (the “EEA“) (i.e. all 27 EU Member States plus Iceland, Liechtenstein and Norway) or the UK:
Telephone: +61 (02) 8320 7440
Fax: +61 (02) 9475 0984
Mail: Suite 7.01, Level 7, 56 Pitt Street Sydney 2000 Australia
Email: privacy@lacimagroup.com

11.2. Contact in the UK and EU

Under the UK GDPR we are required to provide a contact in the UK and under the EU GDPR we are required to provide a contact in the EU that will act as our representative should you wish to contact us with regards to how we handle your personal information.

You can contact our UK Representative to exercise your rights under the UK GDPR or our EU Representative to exercise your rights under the EU GDPR or to discuss any sort of data protection issue relating to our company.

Our UK Representative is:
European Energy Exchange AG
11 Westferry Circus
Canary Wharf
London E14 4HE
United Kingdom
Email: dataprotection@eex.com

Our EU Representative is:
European Energy Exchange AG
Augustusplatz 9
04109 Leipzig
Germany
Email: dataprotection@eex.com

12.Unsatisfied with our response to your complaint or enquiry?

If you are not satisfied with the manner in which we deal with any privacy complaint or query you may have, you can refer your complaint to the relevant data protection authority in your country of habitual residence, place of work, or place of the alleged infringement.

For Australia, you can contact the Office of the Australian Information Commissioner using the online complaint form available here or by:

Email: enquiries@oaic.gov.au
Mail: Office of the Australian Information Commissioner, GPO Box 5218, SYDNEY NSW 2001 Australia
Fax: 02 9284 9666

For the UK, you can contact the Information Commissioner’s Office, the UK supervisory authority for data protection issues (www.ico.org.uk).

If outside of Australia or the UK, you can contact the applicable supervisory body in your country.