How ASX collects personal information?
ASX collects personal information through a range of channels, reflecting the breadth of its activities and stakeholder interactions, including:
- directly from individuals, such as when they complete forms, register for events, respond to surveys, apply for roles, contact ASX by phone or email, or interact with ASX platforms and services
- from third parties, such as recruitment agencies, background checking providers, sponsoring participants, registries, insurers or professional service providers (for example, resumes submitted by recruitment firms or background checks conducted by external providers)
- from publicly available or professional sources, where appropriate and lawful (for example, business contact details obtained through professional engagement or market participation).
When ASX collects personal information directly from individuals, ASX generally provides a collection notice at or before the time of collection. Collection notices explain matters such as the purpose of collection, the types of personal information collected, how the information may be used or disclosed, and how individuals can access or correct their personal information.
Collection notices may be provided through online forms, registration pages, surveys, onboarding documents, event materials, or other communications, depending on the context in which personal information is collected.
Where required by law or where appropriate in the circumstances, ASX seeks an individual’s consent before collecting, using or disclosing personal information. This may include, for example, obtaining express consent for background checks, participation in surveys, marketing communications, or the collection of sensitive information.
Where ASX sends marketing or promotional communications, individuals may opt out at any time by using the unsubscribe function included in those communications or by updating their preferences through applicable ASX platforms.
Disclosure of personal information
ASX may disclose personal information to other parties where required or permitted by law, including:
- ASX service providers, such as technology, hosting, mailing, payroll, insurance or incident management providers that assist ASX in delivering its services
- regulators and law enforcement agencies, where required or authorised by law (for example, ASIC, the RBA or the ATO)
- participants, issuers and registries, for market operation, clearing, settlement and investment related purposes
- professional advisers, auditors and governance bodies, to support legal, audit and oversight functions.
Some ASX related bodies corporate, service providers, registries and technology partners are located outside Australia. As a result, personal information may be disclosed to, or stored in, overseas locations where this is necessary to support ASX’s business operations and service delivery.
Countries in which personal information may be disclosed or stored include, but are not limited to, the United States, the United Kingdom, India and other jurisdictions in which ASX service providers, registries or related bodies corporate operate. Overseas disclosures typically occur where ASX uses global service providers for functions such as information technology hosting, software platforms, data analytics, payroll or insurance processing, incident management, or customer communications.
When ASX discloses personal information overseas, ASX takes reasonable steps to ensure that the overseas recipient handles the information in a manner consistent with applicable Australian privacy laws.
Data quality, security and retention
ASX will take reasonable steps to ensure that the personal information it holds is accurate, complete and up to date. ASX maintains technical, physical and organisational security measures designed to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. These measures are reviewed and updated from time to time.
Personal information will be retained having regard to the purpose for which it was collected and applicable legal or regulatory requirements, and in accordance with applicable ASX policies. Where personal information is no longer required, ASX will take reasonable steps to destroy or permanently de‑identify the information, unless retention is otherwise permitted or required by law. ASX will also take reasonable steps to destroy unsolicited personal information that does not serve an appropriate purpose, unless retention is required by law or a regulatory obligation.
Cookies and online technologies
ASX uses cookies and similar technologies across its websites, portals and digital platforms to support functionality, security and, where permitted, analytics, personalisation and advertising activities. Use of cookies may vary depending on the specific ASX website or platform.