Privacy Policy

Longina Phillips Designs Pty Ltd | ABN 75 003 523 564 | ACN 003 523 564

At Longina Phillips Designs Pty Ltd (ABN 75 003 523 564, ACN 003 523 564)(hereafter, LPD, We, Our, or Us) we respect your privacy and are committed to protecting your privacy when you interact with us, our website longinaphillips.com, our products and services, or when you access third party services using our software.

We are committed to privacy protection and confidentiality of personal information and comply with the Australian Privacy Principles (APPs) as contained in the Privacy Act 1988 (Cth). We also align our practices with the major global privacy frameworks that apply to our clients — including the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act as amended by the CPRA, and equivalent laws in other US states, Brazil (LGPD), Canada (PIPEDA andQuebec Law 25), New Zealand, Singapore, Japan, and the United Arab Emirates. Section 9 sets out the specific rights that may apply to you depending on where you are based.

We require our suppliers to comply with the APPs and equivalent protections, to safeguard personal information (including any sensitive information) that our suppliers collect, hold or disclose while interacting with you using our software, products or services. This policy applies to personalvinformation and not to de-identified information collected by us to improve our products and services, or our interactions with you.

1. What kind of personal information do we collect and hold?

For registered users of our website(s) or related software application(s) (including mobile device apps), platform, processes and services, including underlying forms, databases, algorithms and processes (collectively, Our Services), we collect identity, address and contact information. We may also collect information that allows us to:

• deliver products and services to you, including information to register and authorise a user to use our software to access (use, view or interact with) third party content and other registered users of Our Services;

• administer and manage Our Services (including design services, training and education, and improving delivery of Our Services through the collection of usage information or use of cookies); or

• communicate with users of Our Services.

For users who use Our Services to operate a business, we will also collect information on your employees, contractors or agents who use Our Services. This may include information about occupation, job titles or positions held within your organisation or areas of responsibility.

2. How do we collect and hold personal information?

We will collect information directly from users by electronic means — for example, during a user registration process. Users may also be able to register (by providing the required information) by email or phone.

Users may be required to access third party services through our software for the purpose of completing or effecting a transaction (for example, a payment gateway provider or delivery services provider) or for another permitted purpose. In this case, personal information (for example, contact details, name) may be shared with the third party service provider, and the third party service provider may collect further personal information (for example, financial information) to provide the required service(s) to the user. LPD is not responsible for meeting the privacy obligations of third party service providers in relation to information that they collect, and users should check third party terms of service relating to privacy.

3. Why do we collect, hold and use personal information?

We will collect, hold and use personal information (for example, contact information, occupation) for the purpose of user registration, for the efficient delivery of Our Services (including effecting transactions between buyers and sellers), and for us to communicate with users within Our Services.

We will never provide personal information to a third party for third party marketing purposes. Personal information may be shared with third party service providers, to the extent required to deliver a service requested or required by a user (for example, shipping or to effect a payment). Where relevant for compliance with laws and regulations, we may also collect, hold and use personal information such as occupation or profession, or other information as required for delivery of our products and services.

LPD may sell, transfer or otherwise share some or all of its assets, including LPD membership information and personal information, in connection with a merger, acquisition, reorganisation, sale of assets or in the event of bankruptcy.

Lawful bases (GDPR, UK GDPR, LGPD and similar frameworks). Where GDPR, UK GDPR, Brazil's LGPD or an equivalent regime applies, we rely on the following lawful bases for processing your personal information: (a) performance of a contract with you; (b) compliance with a legal obligation; (c) our legitimate interests in running, securing, and growing our business, including protecting our intellectual property; and (d) your consent, where required. You may withdraw consent at any time without affecting the lawfulness of processing carried out before you withdrew it.

4. Artificial intelligence and automated processing

We use artificial intelligence tools — including, but not limited to, Anthropic's Claude — as part of how we operate Our Services. This section explains where and how AI is involved so you can make an informed decision about working with us.

4.1 Where we use AI

• Sales and account management — drafting and refining outbound emails, summarising client conversations, preparing meeting notes, and assisting with proposals and licensing communications.

• Customer support — drafting responses to enquiries, helping our team locate prior correspondence, and producing summaries of long email threads.

• Marketing — drafting marketing copy, social media posts, blog content, newsletter content, and content for The Print School where relevant. Final outputs are reviewed by a human before publication.

• Internal operations — summarising and tagging documents, helping with research, generating reports from our own data (for example, sales reports and design performance), and triaging admin tasks.

• Website and marketplace improvements — analysing patterns in anonymised usage data to improve discoverability, navigation, and how we present designs.

4.2 What we do and do not share with AI providers

• A human at LPD is always responsible for the final decision in any sales, pricing, or licensing

matter. AI tools assist; they do not make binding decisions on our behalf.

• Where we use AI tools to process correspondence or documents, we use providers that contractually commit not to train their models on our inputs, or we configure the tools to

that effect where the option is available.

• We do not provide AI tools with full payment card numbers, government identification numbers, or other sensitive credentials.

• Where personal information is included in content we process with AI, we limit it to what is necessary for the task. Where possible we de-identify or redact personal information before processing.

4.3 Future AI tools

The AI landscape is evolving quickly. We may add, change, or replace the AI tools we use from time to time. Where a new tool involves a materially different way of processing your personal information, we will update this policy and, where required by law, seek your consent. By continuing to use Our Services after we publish an updated version of this policy, you acknowledge the categories of AI use described in this section.

4.4 Your rights in relation to automated processing

We do not currently use AI to make decisions about you that produce legal or similarly significant effects without human involvement. If we ever introduce solely automated decision-making of that kind, we will tell you in advance and, where required by GDPR, UK GDPR, Brazil's LGPD, Quebec's Law 25, or other applicable laws, give you the right to request human review.

5. Google Analytics and other analytics tools

We use Google Analytics to collect and analyse usage data to improve Our Services. Where you are a registered user, we may pass anonymised (hashed) identifiers such as email addresses to Google Analytics solely for the purpose of cross-device measurement and analytics. No personal information is shared in readable form.

Google Analytics is provided by Google LLC, which is based in the United States. Google may process this data on servers outside Australia, including in the United States and the European Union. Google publishes its own privacy notices that explain how it handles this information.

We may also use other analytics, attribution, and advertising measurement tools (for example, Meta Pixel, LinkedIn Insight Tag, or similar) where they help us understand how clients find and use Our Services. Where we add a new tool that materially changes how data is collected, we will update this policy. Where required by law in your region, we will ask for your consent before placing non-essential analytics or advertising tools.

You can opt out of Google Analytics by installing the Google Analytics opt-out browser add-on, by disabling cookies in your browser, or by using your browser's tracking-protection features.

6. Security and storage

LPD stores personal information in electronic form. All reasonable steps are taken to protect personal and other confidential information from misuse, loss or unauthorised access, modification or disclosure. Some of the ways this is done include:

• using third party technology infrastructure providers that provide a secure environment and access control for confidential information, and that LPD reasonably believes is subject to a law, or binding scheme, that has the effect of protecting the information in a way that, overall, is at least substantially similar to the way in which the Australian Privacy Principles protect information;

• only allowing access to personal information where the individual seeking access hassatisfied our identification requirements;

• maintaining a variety of physical, electronic, and procedural safeguards to protect against unauthorised access to our systems and limiting access to those systems to authorised personnel. For example, we use Secure Sockets Layer (SSL) protocols and encryption technologies.

We will not use or disclose personal information without consent, unless permitted or required to do so by law or for the purposes of legal advice, audit, or the administration and management of our business (including service-monitoring).

If we become aware of a data breach that is likely to result in serious harm, we will notify affected individuals and the relevant regulator as required by the laws that apply (including the Notifiable Data Breaches scheme in Australia, the 72-hour notification rule under GDPR and UK GDPR, and equivalent rules elsewhere).

7. Trans-border data flows

We operate and communicate with organisations throughout Australia and overseas. Therefore some personal or confidential information may be disclosed or stored outside Australia, including in the United States, the United Kingdom, the European Economic Area, Canada, Singapore, and other jurisdictions where our service providers operate. LPD will only disclose information to an organisation in a country which has a substantially similar privacy regime, or where we have put appropriate safeguards in place. For example:

• From the EEA or the UK: Standard Contractual Clauses approved by the European Commission or the UK Information Commissioner, or reliance on adequacy decisions where they exist.

• From Brazil: International Data Transfer Agreements as required under LGPD.

• From Canada: contractual protections consistent with PIPEDA and Quebec Law 25.

• From other regions: equivalent contractual or organisational measures.

You can request a copy of the safeguards we use by contacting us using the details in Section 11.

8. Can I access or correct my personal information?

If you want to access your personal information, you need to make a request to us in writing. You will need to satisfy our identification requirements. You can contact us at the email address below.

If the information was gathered within 12 months from the date the request is received, we will provide it within 5 working days from that date. If the information was gathered prior to 12 months ago, we may require up to 2 weeks to provide it to you.

If you want to correct an error or update your personal information, please write to us asking us to amend the information. We will amend your personal information at the earliest available opportunity and confirm the change with you. Alternatively, you can correct any errors or update personal information by editing your profile via our websites.

You may also contact us to submit a request that we make no further use of your information. We will use commercially reasonable efforts to honour all requests within a commercially reasonable time.

We may retain an archived copy of your records as required by law or for legitimate business purposes.

9. Your rights — global

Depending on where you are based, you may have additional rights beyond those described in Section

8. Where any of these rights apply to you, you can exercise them using the contact details in Section

11. We will respond within the timeframes required by the law that applies to you.

9.1 European Union and United Kingdom (GDPR, UK GDPR)

• Access, correction, deletion, restriction, objection, portability, and the right to withdraw consent.

• The right not to be subject to solely automated decisions with legal or similarly significant effects.

• The right to complain to your local supervisory authority, or in the UK to the Information Commissioner's Office at ico.org.uk.

9.2 United States — California (CCPA/CPRA)

• Right to know what personal information we collect, use, disclose, and (if applicable) sell or share.

• Right to delete personal information, subject to legal exceptions.

• Right to correct inaccurate personal information.

• Right to limit use and disclosure of sensitive personal information.

• Right to opt out of the sale or sharing of personal information. We do not sell personal information or share it for cross-context behavioural advertising as those terms are defined under the CCPA/CPRA.

• Right to non-discrimination for exercising any of these rights.

You may use an authorised agent to make a request on your behalf. We will verify your request before

responding.

9.3 United States — other state laws

If you are a resident of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, or another US state with a comprehensive privacy law, you have similar rights to access, correct, delete, and obtain a portable copy of your personal information, and to opt out of targeted advertising, sale of personal information, and certain profiling. We extend the CCPA/CPRA rights described above to residents of these states where they apply.

9.4 Brazil (LGPD)

• Right to confirm processing, access, correct, anonymise, block, or delete your personal data.

• Right to data portability.

• Right to withdraw consent.

• Right to information about public and private entities with which we have shared your data.

• Right to complain to the Brazilian Data Protection Authority (ANPD).

9.5 Canada (PIPEDA and Quebec Law 25)

• Right to access and correct personal information.

• Right to withdraw consent, subject to legal or contractual restrictions.

• Quebec residents: rights to data portability, to be informed of automated decisions, and to request human review.

• Right to complain to the Office of the Privacy Commissioner of Canada or, in Quebec, the Commission d'accès à l'information.

9.6 New Zealand

• Rights of access and correction under the Privacy Act 2020.

• Right to complain to the Office of the Privacy Commissioner.

9.7 Singapore (PDPA)

• Right to access, correct, and withdraw consent for the use of your personal data.

• Right to complain to the Personal Data Protection Commission.

9.8 United Arab Emirates (UAE Federal Decree-Law No. 45 of 2021)

• Right to access, correct, restrict, port, and delete your personal data.

• Right to object to automated processing and direct marketing.

9.9 Japan (APPI)

• Right to request disclosure, correction, and cessation of use of your personal information.

• Right to complain to the Personal Information Protection Commission.

9.10 Other regions

If you are based in a region not specifically listed here and you have rights under your local privacy law, we will honour those rights to the extent required by that law. Contact us and we will respond.

10. Cookies and similar technologies

We and our service providers use cookies and similar technologies on Our Services to keep you signed in, remember your preferences, understand how Our Services are used, and improve performance.

Some cookies are strictly necessary for Our Services to function; others are used for analytics, personalisation, and marketing. Where required by law in your region — for example, the EU ePrivacy Directive, UK PECR, Brazil's LGPD, or specific US state laws — we will ask for your consent before placing non-essential cookies. You can manage cookies through your browser settings at any time. Blocking some cookies may affect how Our Services work for you.

11. Complaints and how to contact us

If you believe we have breached the APPs or a relevant, registered APP code (if any), or your rights under any other privacy law that applies to you, you should write to us including full details of the alleged breach. We will review the situation and advise you of our assessment.

Your complaint should be addressed to:

Longina Phillips Designs Pty Ltd (ABN 75 003 523 564, ACN 003 523 564)

Attention: Privacy Officer

Suite 2 / 425 Elizabeth Street, Surry Hills NSW 2010, Australia

Email: info@longinaphillips.com

If you are not satisfied with our response, you may also complain to the privacy regulator in your region — for example, the Office of the Australian Information Commissioner (oaic.gov.au), the UK Information Commissioner's Office (ico.org.uk), your local EU supervisory authority, the California Privacy Protection Agency, the Brazilian Data Protection Authority (ANPD), or the equivalent body in your country.

12. Changes to this policy

We may update this policy from time to time. The version published on our website is the current version. Where we make material changes — including adding new AI tools or analytics tools that change how we process your information — we will update the "Last updated" date and the version number at the top of the policy, and we will ask you to accept the updated policy the next time you sign in to Our Services.

13. Your acceptance of this policy

By clicking Accept, creating an account, signing in, or otherwise using Our Services, you confirm that you have read and agree to this Privacy Policy as it stands at the time of your acceptance. We record your acceptance, including the date and time, the version of the policy you accepted, and a record sufficient to identify your account, so that we can demonstrate compliance with the laws thatapply to us. We may also record the IP address used to give that acceptance, for the same purpose.

If you do not agree with this Privacy Policy, please do not create an account or continue to use Our Services. You can contact us at info@longinaphillips.com to discuss alternatives, including manual processing where it is reasonably practicable for us to provide a service to you outside Our Services.

Where we make material changes to this policy, we will ask you to re-accept it the next time you sign in. If you decline, your ability to use some or all of Our Services may be limited until you accept, or we may need to end your account.