Privacy Policy

The CM Group Privacy Policy

Effective date:31st day of August 2024

Thank you for using the bauxite index services（ “the service”）. At The CM Group.net Pty Ltd (“CM Group”, “we”, “us”), we respect your privacy. Our registered office is at PO Box 789, Glenelg, SA 5045, Australia. We are a company registered in Australia, with Australian Business Number 69 089 166 512. This privacy and data policy (“Privacy Policy”) describes our practices with respect to the information we collect when you interact with our website (www.thebauxiteindex.com) (the “Website”), Our Application (BPI Calc, Bauxite Price Index Calculator) and other online properties. Together the Website, the mobile App, the desktop App and other online properties are referred to as “CM Group Services”.

If you have any questions or comments about this Privacy Policy, please contact us at Email：info@cmgroup.net

                                                                   

Purpose

The Privacy Policy explains the basis on which personal data or personal information (collectively “personal data”) will be collected, used, processed, and disclosed by us or on our behalf. Where we decide the purpose or means for which personal data you supply through the CM Group and the service are processed, we are the “data controller” or “business.”

Please read this Privacy Policy carefully as it contains important information about the following:

1.What personal data we may collect about you;

2.How we will use personal data we collect about you;

3.Whether we will disclose your details to anyone else; and

4.Your choices and rights regarding the personal data we or our service providers maintain;

5. The Site’s cookie policy.

This Privacy Policy applies in addition to the terms and conditions of our Site. By expressly consenting to this Privacy Policy, you confirm you have read, understand, and consent to the collection, use, processing, and disclosure of your personal data in accordance with this Privacy Policy and understand that, in jurisdictions where it is available, the CM Group also relies on other lawful basis for the foregoing as more fully set out below. If you do not agree with our Privacy Policy, your choice is not to use the CM Group Services. The CM Group Services may contain hyperlinks to services owned and operated by third parties. These third-party services may have their own privacy policies that govern their collection of your personal data, and we recommend that you review them. We do not accept any responsibility or liability for the privacy practices of such third-party services and your use of these is at your own risk.

GDPR

For users in the European Union, we adhere to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, known as the General Data Protection Regulation (the “GDPR”). For users in the United Kingdom., we adhere to the GDPR as enshrined in the Data Protection Act 2018.

Personal Data We Collect

When you register for the bauxite index account, we will need your email. You can further refine and populate your profile with additional information. If you use certain functions available within the services, we will process your information to provide these functions. We only collect data that helps us achieve the purpose set out in this Privacy Policy. We will not collect any additional data beyond the data listed below without notifying you first.

We may also collect the following data when you perform certain functions on our Site:

1.Registration data and log in data.

Your name, IP address, account identifier, mobile number, company, region, country, Industry, location as determined by your currently registered mobile number, email address used to register the account and date of registration.

Legal Basis (Relevant Jurisdictions only):

Necessary to perform our contract with you to create your profile and provide the services.

Purpose of processing：

• to set up your account and facilitate your log in;
• to facilitate your use of the features;
• to enforce our terms, conditions, and policies;
• to communicate with you to notify you about changes;
• to provide you with personalize user support;
• to develop new and improve existing services as well as the tools we use to detect account violations and enhance the safety and quality of accounts;
• to provide language and location customization;
• to protect any rights, property or safety of ours, our affiliate companies, or other users of

the CM Group; and

• to administer the service and for troubleshooting, data analysis, testing, research, security,

fraud-detection, account management, and survey purposes.

Retention Period：Registration data is retained until your account is deleted. Log in data is retained for a period of 3 months from the date of such log in.

2. Information for additional account security (if you choose to secure your account)：

Password, Managed Devices.

Legal Basis (Relevant Jurisdictions only): Necessary to perform our contract with you to provide and secure your account.

Purpose of processing：To provide additional security for your account.

Retention Period： Until you request removal of the information or your account is deleted, whichever is earlier.

3.Log Data is information that may automatically collected when you use the service, including:

• device attributes, such as your mobile carrier and network-related information, your device version and re-settable identifiers, configuration information made available by your mobile app or desktop or web browser, and your IP address;
• information about your viewing history, such as the news visited and details of other content accessed or requested by you;

Legal Basis (Relevant Jurisdictions only): It is in our legitimate interest to ensure the security of our services, manage registrations and improve our services.

Purpose of processing：For troubleshooting, data analysis, testing, research, security, fraud detection, and account management.

Retention Period：Permanently deleted 3 months from the date of collection.

4. Payment card information–parental/guardian consent. In order to comply with laws protecting children, payment card information of a parent/guardian is collected to verify parental/guardian consent where a Child attempts to create an account, and the payment card information is verified via a third-party payment processing service. After a verification request has been performed by the third-party payment processing service, we only retain the date of verification and hashed payment card number.

Legal Basis (Relevant Jurisdictions only): We process this data in accordance with our obligations under applicable laws.

Purpose of processing：To verify parental/guardian consent where a Child attempts to create an account.

Retention Period：Until the parent/guardian or user requests removal of the payment card information and only if the user has reached the age of majority under relevant local laws.

How We Use Personal Data

We use your information to provide the service to you, allow you to communicate with other users, allow you to use the features available on the service, and to improve and support your experience. If you are a parent or guardian who has granted permission for your child to use the service then we retain the contact information you have provided to ensure we can validate any requests or queries you may have in relation to your child’s account. Data collected on our Site or on our APP will only be used for the purposes specified in this Privacy Policy or indicated on the relevant pages of our Site. We will not use your data beyond what we disclose in this Privacy Policy.

Who We Share Personal Data With

We do not share your information with third parties, except where we need to in order to provide the service (e.g., SMS service providers, payment service providers) or if we are instructed to by a court, authority or compelled by law. We use these third-party services solely to process or store your information for the purposes described in this Privacy Policy. Any third party with whom we share user data is required to provide the same or equal protection of user data as stated in this Privacy Policy. We will not transfer your Personal Information to third parties except as specified below, or where you consent to such transfer. Only where necessary will we share your information with selected recipients, including:

• related group companies. We share your Personal Information within our group of companies, and these related group companies may only use your Personal Information in accordance with this Privacy Policy. These related group companies include Tencent Cloud, and Stripe for the purposes of providing the service to you, assisting us in carrying out the purposes set out under the “How do we use your information?” section above, and carrying out our obligations and enforcing our rights under the Terms of Service or this Privacy Policy;
• service providers. We engage service providers to supply services to support or improve the service. These include SMS, payment card processing and verification, web service, device service, location, customer service, account data labeling and safety assurance (where applicable) and content delivery service providers. These service providers are required to provide the same or equal protection of user data as stated in this Privacy Policy and are prohibited from retaining, using, or disclosing your information except as necessary to provide services to us;

third party services. When you:

• log in to the service using third party authentication services;
• share content from the service to third party services;
• share content on the service from third party services;

Where We Process Your Personal Data

Our servers are located in Australia. We also have support, engineering and other teams that support the provision to you, located around the world (including China and Guinea), who will have access to your information, and may have incidental access to certain of your information, for example, in order to fix technical issues that you report. Rigorous internal control measures are in place to strictly limit access to your data by designated personnel.

How Long We Store Your Personal Data

How long we retain information for depends on the type of information – for example, log-in data is retained for up to two years from the date the data is collected. We do not retain your information for longer than the time period prescribed by law. You will be notified if your data is kept for longer than this period.

How We Protect Your Personal Data

We are committed to maintaining the privacy and integrity of your Personal Information no matter where it is stored or accessed. We protect your Personal Information through the use of information security and access policies that limit unauthorized access to our systems, and technological protection measures such as encryption that ensure confidentiality of your Personal Information during transmission and in storage.

Although we will implement and maintain reasonable measures to protect your Personal Information, please note that as any transmission of information via the internet is never completely secure.

How You Exercise Your Rights Over Your Data

Depending on where you live, you may have special rights over your data and how we can use it. These include how you can access the data, erase the data, restrict how your data can be used, object to our use, and get a copy of your information. Under the Australian Privacy Principles（APPs）,you have the following rights: Access to personal information; Correction of personal information.

You have the right to request access to your Personal Information we hold about you, how we use it, and who we share it with. We may not be able to provide you with certain Personal Information if providing it to you would interfere with another person’s rights (e.g. where providing the Personal Information we hold about you would reveal information about another person).

You also have the right to correct that information if it is inaccurate or incomplete.

You can access and correct your Personal Information by logging into your account at any time. If you want us to correct your Personal Information that you are unable to correct using your account, please contact us.

Where we agree to correct your Personal Information, we will use reasonable steps to inform any third party to whom we have disclosed the relevant Personal Information so that they can rectify the Personal Information too.

JURISDICTION-SPECIFIC ADDENDA

If you are a user located (as determined by your currently registered mobile number) outside of Australia, in Europe, China, Brazil, California, Canada, Chinese Taiwan, Hong Kong SAR, Indonesia, Japan, Macau SAR, Malaysia, Mexico, Philippines, Russia, Serbia, Singapore, South Korea, Sri Lanka, Thailand, Türkiye, United Arab Emirates, United Kingdom or Vietnam etc, there are additional jurisdictional-specific terms that apply to you. You can see these by visiting the SUPPLEMENTAL TERMS

Overseas Recipients

We take reasonable steps to ensure that third party recipients of your Personal Information located outside Australia handle your Personal Information in a manner that is consistent with Australian privacy laws. However, you acknowledge that we do not control, or accept liability for, the acts and omissions of these third-party recipients.

Children

The minimum age to use our website is 18 years of age (or such applicable age of majority under relevant local laws of the user, called children). We do not knowingly collect or use personal data from children under 18 years of age. If we learn that we have collected personal data from a child under 18 years of age, the personal data will be deleted as soon as possible. If you are under the age of 18, you undertake that you have the consent of your parent or legal guardian to register an account on and use the service.

Do Not  Track  Notice

Do Not Track (DNT”)is a privacy preference that you can set in certain web browsers. We do not track the users of our Site over time and across third party websites and therefore do not respond to  browser-initiated DNT signals. We are not responsible for and cannot guarantee how any third parties who interact with our Site and your data will respond to DNT signals.

Cookie Policy

A cookie is a small file, stored on a user’s hard drive by a website. Its purpose is to collect data relating to the user’s browsing habits. You can choose to be notified each time a cookie is transmitted. You can also choose to disable cookies entirely in your internet browser, but this may decrease the quality of your user experience.

Modifications

This Privacy Policy may be amended from time to time in order to maintain compliance with the law and to reflect any changes to our data collection process. When we amend this Privacy Policy we will update the “Effective Date” at the top of this Privacy Policy. We recommend that our users periodically review our Privacy Policy to ensure that they are notified of any updates. If necessary, we may notify users by email of changes to this Privacy Policy, as appropriate, before the change becomes effective.

Complaints

If you are dissatisfied with our response to your request for access to, or correction of, your Personal Information or your privacy complaint in respect of your Personal Information, you may contact the Office of the Australian Information Commissioner (Telephone +61 1300 363 992 or email enquiries@oaic.gov.au).

Contact Information

If you have any questions, concerns or complaints, you can contact our data protection officer, Jason You at:

Email: Jason.you@cmgroup.net

Tel: +61 8 8294 7261

Address: PO Box 789, Glenelg, SA 5045, Australia

 

SUPPLEMENTAL TERMS – JURISDICTION-SPECIFIC ADDENDAM

Effective: 2024-08-31

If you are a user located in （E.g.: Europe, China, Brazil, California, Canada, Hong Kong SAR, India, Indonesia, Japan, Macau SAR, Malaysia, Mexico, Philippines, Russia, Serbia, Singapore, South Korea, Sri Lanka, Taiwan (China), Thailand, Turkey, United Arab Emirates, United Kingdom or Vietnam), the terms set out below under the name of your jurisdiction apply to you in addition to the terms set out in our Privacy Policy.

We have provided translations of the Privacy Policy, but in the event of any conflict between the local language version and the English version, unless otherwise prescribed by applicable law, the English version shall prevail.

 

1-The Privacy Policy Addendum for General Data Protection Regulation (GDPR)

This Privacy Policy Addendum for GDPR (this “Addendum for GDPR”) shall apply to the processing, including the collection, use, retention, and disclosure, by The CM Group.net Pty Ltd (hereinafter referred to as the “CM Group,” “we,” “our,” or “us”) of any information relating to an identified or identifiable natural person (“Personal Data”). This Addendum for GDPR is supplemental to and forms part of the   and is applicable only to the processing of Personal Data of our customers who use our Services (as defined below) and are located in the European Economic Area (the “EEA”) or the United Kingdom (the “UK”). In case of any conflict between the terms of the Privacy Policy and this Addendum for GDPR, the terms of this Addendum for GDPR shall prevail.

Although the Company is not actively targeting persons within the EEA or the UK, they are not blocked from using certain services offered by the Company (the “Services”). Protecting their privacy are our primary concern.

1. Description of Our Activities

The CM Group’s commercial activity consists in providing you with access to bauxite news, prices and trends. Stay informed on the latest updates in the worldwide bauxite industry.

2. Definitions and Interpretation

• In this Addendum for GDPR, unless the context otherwise requires:
• a reference to a document is a reference to that document as modified or replaced from time to time.
• a reference to a person shall include any company, corporation or any corporate body wherever incorporated.
• words importing the singular shall be treated as importing the plural and vice-versa.
• unless expressly stated otherwise, any heading, caption or section title contained in this Addendum for GDPR is inserted only as a matter of convenience and in no way defines or explains any section or provision hereof.

3. Data Controller, Data Protection Officer, and Representatives

The CM Group incorporated under the laws of Australia, is the legal entity responsible for the collection and processing of your Personal Data. You can contact us at:

• Email: info@cmgroup.net
• Tel: +61 8 8294 7261
• Address: PO Box 789, Glenelg, SA 5045, Australia

4. Categories of Personal Data Collected and Processed

4.1. Categories of Personal Data Collected

The categories of your Personal Data we collect are set forth in “Personal Data We Collect” of the Privacy Policy .

4.2. Possible Consequences of Refusal to Provide Your Personal Data

A number of the personal data we collect from you are required to enable us to fulfil our contractual duties to you or to others. Other items may simply be needed to ensure that our relationship can run smoothly. Depending on the type of Personal Data in question and the grounds on which we may be processing it, should you decline to provide us with such data, we may not be able to fulfil our contractual requirements or, in extreme cases, may not be able to continue providing the Services. When providing personal data is legally or contractually required, or necessary to enter into a contract with us, we will bring it to your attention.

5. Purposes and Legal Basis of Processing

Notwithstanding “Personal Data We Collect” in the Privacy Policy, we shall only use personal data of customers located in the EEA or the UK for the following purposes. For the details of the purposes, please see the Privacy Policy.”

5.1 Purposes of Processing and Legal Basis of Processing

For the provision, improvement, and development of the Services：

• The processing is necessary to perform our obligations under a contract with you or to take steps, at your request, prior to entering into such contract; or
• The processing is necessary for our legitimate interests of promoting our economic activities and effectively providing the Services, as those will allow us to generate profits and to attract new customers.

For the prevention of unauthorized use of the Services：

• It is necessary to exercise our officially vested authorities; or
• The processing is necessary for our legitimate interests to protect us and our customers from possible damages from the unauthorized use.

6. Withdrawal of Your Consent

Please note that you have at any time the right to withdraw your consent with regard to the processing for which your consent is legal basis. To exercise this right, please contact us using the contact details provided in “3. Data Controller, Data Protection Officer, and Representatives.”

Upon the withdrawal of your consent, we will cease the processing unless we determine that there is an alternative legal basis to justify our continued processing of your Personal Data, in which case we will inform you of this alternative legal basis. The withdrawal of your consent shall however not affect the lawfulness of processing based on your consent before its withdrawal.

7. Age Limit

Notwithstanding “Children” in the Privacy Policy, the Services shall only be used by persons of 18 years old or older in case the persons are located in the EEA or the UK.

8. Keeping Your Personal Data Up-to-Date

You shall ensure that all Personal Data you directly provide to us are accurate, complete, true, and correct and shall keep such data up-to-data by reporting or registering to the Services any updates in a timely manner. Your failure to do so may result in your disadvantages such as being unable to use the Services. The Company is not responsible for any such disadvantages.

9. Your Rights

9.1 General

You have certain right regarding your Personal Data as described in 9.2 and 9.3 below. To exercise such rights outlined in this section, you can contact us using the contact details provided in “3. Data Controller, Data Protection Officer, and Representatives.” When sending us a request, please make clear which right you are exercising with regard to which of your Personal Data. Please also note that we may keep a record of your communications to help us resolve any issues arising in relation to your request.

Please be aware that your rights are not absolute, and it remains that, in accordance with applicable data protection laws, your rights may be withheld. In such event, we will provide you with the reasons for not complying with your request.

We will process your request as soon as reasonably practicable and provide you with information on actions taken without undue delay and in any event within one month of receipt of your request. This period may be extended by a further two months where necessary, taking into account the complexity and number of your request. In this event, we will inform you of any such extension within one month of the receipt of your request, together with the reasons for the delay.

In the event that we decide to not comply with your request or has not processed your request within the aforesaid time frame, you can lodge a complaint with the national supervisory authority (see below) and you can seek a judicial remedy against our decision.

9.2. Your Right to Access, Rectification, Erasure, Restriction of Processing and Data Portability

You have, if applicable and within the limits of applicable data protection laws, the right to request access to your Personal Data, to seek the rectification or erasure of your Personal Data, to request the restriction of the processing.

In addition, you have, within the limits of applicable data protection laws, the right to receive the Personal Data you have submitted to the Company in a structured, commonly used and machine-readable format and to transmit such Personal Data to another controller without hindrance. We will, where applicable and technically feasible, transmit your Personal Data directly to the data controller of your choice.

9.3. Your Right to Object

If applicable in accordance with applicable data protection legislation, you have the right to object, on grounds relating to your particular situation, at any time, to our processing of your Personal Data, unless:

(a) there exist compelling legitimate grounds for such processing which override your interests, rights and freedoms; or
(b) the processing is necessary for the establishment, exercise or defense of legal claims.

Notwithstanding the foregoing, please be aware that you have the right to object at any time to processing of your Personal Data for direct marketing purposes.

9.4. Your Right to Lodge Complaint with Supervisory Authority

You have the right to lodge a complaint with a supervisory authority, in particular in the country of your residence, your place of work or of the place of the alleged violation.

10. International Transfers of Personal Data

The CM Group servers are located in Australia, meaning that your Personal Data will be initially collected and stored in Australia.

When the Company transfer Personal Data without the adequate decision, the Company will enter into standard data protection clauses approved by the European Commission or international data transfer agreement approved by Information Commissioner’s Office to protect your Personal Data whenever it is being transferred between entities located outside of the EEA or the UK. For requesting further information about the international transfer, including requesting a copy of the documents used to protect Personal Data, please contact us using the contact details provided in “3. Data Controller, Data Protection Officer, and Representatives.”

11. Disclosure and Sharing of Personal Data

The categories of recipients of your Personal Data are set forth in “Who We Share Personal Data With” “How Long We Store Your Personal Data” of the Privacy Policy. In addition, The CM Group may disclose your Personal Data to the service providers such as SMS service provider, payment gateways or payment processors in order to complete your operation and service.

12. Security of Personal Data

The Company protects your Personal Data by using appropriate administrative, technical and organizational security measures to reduce the risks of loss, theft, misuse, unauthorized access, disclosure, destruction and alteration of your Personal Data.

13. Storage of Your Personal Data

Without prejudice to the Company’s right to further process your Personal Data for purposes that are not incompatible with the initial purpose, and subject to the Company’s own legal and regulatory obligations, the Company retains your Personal Data only for as long as necessary to fulfil the purposes described in this Addendum, or as required by applicable laws including the laws of Japan. The criteria used to determine our storage periods include: (i) the length of time we have an ongoing relationship with you; (ii) whether there is any legal obligation to which we are subject; and (iii) whether there is a need in order to perform a contract to which you are a party.

When the storage of your Personal Data becomes no longer necessary, the Company shall proceed to the erasure of your Personal Data in a secure manner.

14. Updates to Privacy Policy and Addendum for GDPR

The Company reserves the right to revise, change, modify, update, supplement, add or remove portions of the Privacy Policy and this Addendum for GDPR (together, the “Privacy Documentation”), at any time, in an exercise of its sole discretion. When the Company makes such changes to the Privacy Documentation, the Company will notify such changes to you by making the amended Privacy Documentation available on the Company’s website and mobile application (“amended Privacy Documentation”). It is your responsibility to review the amended Privacy Documentation.

Your continued use of the Services subsequent to the notification of such changes, or the absence of any objection thereto within thirty days from the date the amended Privacy Documentation have been made available on the CM Group website and mobile application, constitutes your acknowledgement of the amended Privacy Documentation.

15. Merger/Corporate Acquisition

If the Company merges with another company or entity, of whatsoever form, or is partially or entirely acquired by such company or entity, such company or entity shall have access to all your Personal Data in the Company’s possession. Without prejudice to the right to update the present Addendum for GDPR, such company or entity shall be bound by this Addendum for GDPR.

16. Inquiries

If you have any questions or concerns about the Privacy Policy or this Addendum for GDPR or seek additional information about our processing of your Personal Data, you can contact us using the contact details provided in “3. Data Controller, Data Protection Officer, and Representatives.”

 

2-Singapore Privacy Policy Addendum

By clicking “accept”, you consent to the collection, use and disclosure of your Personal Information, for the purposes set out in the section “How we use personal data“ in the Privacy Policy, and which we will process as an “Organization” as defined under the Personal Data Protection Act 2012.

Our designated data protection officer for the purposes of compliance with the Personal Data Protection Act 2012 can be contacted at info@cmgroup.net.

Access

You have the right to access your Personal Information, how we use it, and who we share it with. You can access the Personal Information you have made available as part of your account by logging into your account. If you believe we hold any other Personal Information about you, please contact us at info@cmgroup.net.

Correction

You have the right to correct any of your Personal Information that is inaccurate. You can access the Personal Information we hold about you by logging into your account. If you believe we hold any other Personal Information about you and that information is inaccurate, please contact info@cmgroup.net.