1. Introduction

This privacy policy sets out how Qube Holdings Limited and its related companies and trusts (“Qube“, “we” or “us” “our“) collect, use, store, disclose and manage your personal information in accordance with applicable privacy laws in Australia and New Zealand (together, “Privacy Legislation“).

In Australia, Privacy Legislation includes the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) set out in Schedule 1 to that Act.

In New Zealand, Privacy Legislation includes the New Zealand Privacy Act 2020 and the Information Privacy Principles (IPPs) set out in that Act, and the New Zealand Biometric Processing Privacy Code (2025) issued pursuant to that Act.

This Privacy Policy applies to all Qube companies operating in Australia and New Zealand unless a Qube company has adopted a separate privacy policy.

We are committed to protecting your personal information and to meeting our obligations under Privacy Legislation.

2. What is personal information?

Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether recorded in a material form or not.

Personal information may include, for example, an individual’s name, address, telephone number, email address and occupation. Information or opinions collected by Qube are considered personal information if they identify you or make you reasonably identifiable.

There are sub-classes of personal information that attract a greater degree of protection, including sensitive information (which includes health information). Sensitive information is addressed below.

3. When do we collect personal information?

This policy may apply to you if you are a visitor to our sites, a contractor who works with us (for example as a driver of one of our vehicles), a Qube security holder, a job seeker, if you interact with us online or visit our website, or if you do business with us.

We may collect information from you where:

  • you provide it as part of any commercial dealings or interactions you may have with Qube (including as representative of a business);
  • you have provided it as a Qube security holder;
  • you visit our site locations, for business purposes or otherwise;
  • you work with us as a contractor (or an employee of a contractor);
  • you apply for a job with us; or
  • you use, or have any interaction with, Qube’s website.

We may also capture images of you in public via CCTV cameras placed on or in the vehicles we operate, where you otherwise do not have a relationship with us (refer further below regarding CCTV use). 

4. What personal information do we collect?

General

Qube will only solicit and collect personal information that is reasonably necessary for one or more of our legitimate functions or activities.

The information we collect about you depends on our relationship with you and how and why you interact with us. It may also depend on the products, services or information that you provide to or receive from us.

We may collect the following types of personal information:

  • your name, date of birth and gender;
  • contact details including your physical address, mailing address, email address and telephone number;
  • information to verify your identity such as your driver licence number;
  • if you are involved in an incident, details about the involvement of you and other people in the incident, witness and incident statements, CCTV footage of the incident, medical information and information from medical consultants and other consultants and third parties;
  • information including your image collected via our CCTV systems;
  • biometric information, including thumbprints and images of your face;
  • if you use mobile applications developed by us or log in to wireless facilities provided in a Qube-managed site, details relating to your use of the mobile application or wireless facility;
  • if you use Qube-supplied computers or other devices:
    • information collected through your use of those computers or other devices; and
    • your device ID, device type, geo-location information, computer and connection information, statistics on page views, traffic to and from the website, IP address and standard web log information;
  • if you hold Qube securities, information relating to you and your security holding;
  • if you interact with us as a client or otherwise do business with us:
    • your bank account and credit card details;
    • any information provided in prospective suppliers’ tenders and proposals (which may, for example, include personal biographies/CVs) and customers’ applications for credit;
    • your preferences for particular products, services or facilities when you tell us what they are;
    • information relating to your Qube client log-in account, including your password, username and contact details;
    • any information you provide to us through customer surveys from time to time;
  • any additional information relating to you that you provide to us directly through our website or indirectly through the use of our website, social media, online presence or otherwise. This information may include information regarding what web pages you access; and
  • any other personal information that may be required in order to facilitate our dealings with you.

Prospective employees

If you are applying for a job with Qube as a prospective employee, we may obtain additional personal information from you, including:.

  • current salary;
  • your employment history and references;
  • third party verification checks to confirm aspects of your application relevant to the job you are applying for;
  • aspects of your medical and health information relevant to the job you are applying for; and
  • any other information you provide as part of the recruitment process (including information contained in any uploaded cover letter and CV).

Employee Records

If you are a current or former employee of Qube, our treatment of your employee records will be described in your employment agreement and other related Qube policies and procedures. If you are a current or former employee of Qube, please contact a representative from Qube’s human resources team if you have any queries regarding your employee records.  

Sensitive Information

Sensitive information means information about your racial or ethnic origin, political affiliations, immigration status, religious or philosophical views, trade union membership or associations, sexual orientation and practices, criminal record, health or genetic information and some aspects of biometric information (which includes fingerprints and images of your face).

Qube generally collects sensitive information (particularly health and medical information, and biometric information) with the express consent of the individual where it is reasonably necessary in our dealings with a particular individual. Qube may also collect sensitive information where required or permitted by law to do so without consent.

Our use of facial recognition technology is expanded upon further below.

5. How is personal information collected?

General

Qube will collect personal information by lawful and fair means and, where reasonable and practicable, from the individual directly. Where this is not reasonable or practical, information may be collected by lawful means from secondary sources such as government agencies, service providers and publicly available sources.

Some of the ways personal information can be collected are via:

  • your access and use of our websites, Wi-Fi services or mobile applications and your interactions with our online or digital content;
  • your communications with us, including emails, letters, conversations or other correspondence between you and our representatives;
  • contractual documents, tenders and proposals;
  • customers’ purchase orders;
  • entry procedures for attendees visiting our sites;
  • footage collected from CCTV systems at our sites or in or from the vehicles we operate;
  • fingerprint or thumbprint scanning;
  • third party sources, law enforcement agencies and other government entities personal contacts, referrals and publicly available sources;
  • if you are involved in an incident – witness reports, CCTV footage, medical and other consultants and third parties;
  • a recruitment process for prospective employees; and
  • onboarding of contract workers.

Prospective Employment

If you apply for a job or position with us we may collect information from you (including your name, contact details, working history and relevant records checks), from any recruitment consultant, your previous employers, your referees and others who may be able to provide information to us to assist in our decision on whether or not to make you an offer of employment.

Personal information may also be disclosed during interviews, site attendances, pre-employment medicals, drug and alcohol testing.

6. Purposes for collection and use of personal information

Personal information will only be used or disclosed for the purposes for which we collected it, and for secondary purposes closely related to the primary purposes in circumstances where you would reasonably expect such use or disclosure.  

General

If you interact with us as a visitor to our sites, as a security holder or as a client, or if you otherwise do business with us, we may collect, store, use and disclose your personal information (as relevant):

  • to provide or receive products and services to or from you;
  • to provide information and inform you of updates on Qube and our products and services;
  • to provide you with access to protected areas of our website;
  • to assess the performance of our website and to improve, optimise and protect its operation;
  • to conduct business processing functions, including administrative, marketing, planning, product or service development, auditing, technology, data-processing, security and safety, legal, accounting, business consulting, delivery, banking, payments, quality control, research and archiving.
  • to facilitate and manage your Qube securities holding with Qube (see section on our share registries below);
  • for security, safety and risk management purposes including incident investigation, loss prevention, claims management and litigation;
  • for marketing purposes (refer further below);
  • to comply with any law, rule, regulation, determination, decision or direction of a regulator, or in co-operation with any governmental authority of any country; or
  • for any reason notified to you at the time of collection of the information;

We may also use personal information:

  • for secondary purposes closely related to a primary purpose in circumstances where you would reasonably expect such use or disclosure;
  • where permitted or required by law. This might include circumstances involving:
    • reducing or preventing a threat to the health or safety of individuals or the public;
    • when we suspect unlawful activity and we investigate or report the matter to the relevant authorities. This may include disclosure about visits to our sites;
    • complying with legislative obligations such as obligations under anti-money laundering legislation;
    • complying with a subpoena, a warrant or other order of a court; or
    • in connection with legal proceedings.

Prospective Employees

The personal information you provide will be managed and used for the primary purpose of considering employment or internship positions with Qube and undertaking the recruitment process. Personal information may be used in a variety of ways, including but not limited to:

  • considering and managing your employment applications;
  • matching your details with job vacancies and managing information held about you for that purpose; and
  • providing you with information and content that you may request or which we think may be of interest to you, including information relating to employment opportunities (provided you consent to the sending of such information).

Qube may disclose the personal information you provide to Qube’s human resources personnel, hiring managers and to recruitment consultants for the purposes above. 

Business Analytics

We may, from time to time, process your personal information so as to put it in a form from which your identity is not reasonably ascertainable (“de-identified information”). This is not regarded as “personal information” for the purposes of Privacy Legislation. We use such de-identified information for analytic purposes and may disclose that information to others for our business purposes.

7. CCTV, facial recognition, and fingerprints

CCTV at Qube sites and in public

Qube uses CCTV surveillance systems to monitor and record activity at selected Qube controlled and operated sites. The cameras monitor indoor and outdoor areas. They may also capture footage of some public spaces.

Qube also uses CCTV on vehicles that it operates. This CCTV may capture your image if you are a driver or passenger in those vehicles. It may also capture your image if you are a bystander in the vicinity of one of our vehicles or located along the vehicles transport route.

CCTV collects personal information in the form of images that can identify you. This is personal information but is not sensitive information (unless it is used for facial recognition – see below).

We only use CCTV footage to personally identify you for the purposes of security, ensuring a safe and secure working environment, risk management, loss prevention, regulatory and incident investigation, and to comply with relevant laws. We may use the information to investigate incidents and report on safety.

Facial Recognition

Qube uses facial recognition technology (FRT). This involves us collecting, via CCTV, a digital image of an individual’s face and using FRT technology to generate a biometric template (or “faceprint”). The faceprint is then compared against a database of other existing faceprints to verify or identify the individual.

Qube may use FRT by taking a photo of you during a work or site induction process, or upon your first entry to our sites. FRT-enabled CCTV cameras are then located at entry points to our facilities and also at points within those facilities. We may capture images of any individual that passes those points, including contractors and third party visitors.

Qube uses FRT for purposes including:

  • compliance with laws (including those relating to border control and the Australian and New Zealand Defence Force);
  • fulfilling contractual requirements;
  • fulfilling licensing requirements (e.g. for customs purposes);
  • Security and safety-related purposes; and
  • Automated processes for managing site access for approved personnel.

“Raw” photo or video footage of an individual’s face collected by CCTV is biometric information. If it is not used for FRT or to generate a faceprint it is just “regular” personal information (because it identifies the individual). However, if it is to be used for facial recognition it will also be sensitive information, which requires your consent for collection. Qube will therefore obtain your consent before collecting any CCTV footage that will be used for facial recognition. This may occur during a work or site induction process

Fingerprints

Qube may collect fingerprints from individuals who are contracted to work with Qube. The fingerprints are converted into a “biometric template”, which is then used to validate future fingerprint scans for those individuals. They are used for the purpose of monitoring time spent by contractors at Qube sites.

Copies of the fingerprints themselves are deleted after the biometric template is created.

The biometric template is sensitive information, and Qube will obtain your consent if we collect your fingerprints. This may occur during a work or site induction process.

8. Refusal to provide personal information

    You may decide not to provide some personal information. If so, Qube will attempt reasonably to accommodate this but may be unable to:

    • provide or receive some or all of the requested products or services to or from you;
    • provide you with information about products and services;
    • permit you to enter or access our sites or secure areas of our premises;
    • contract with or do business with you;
    • tailor the content of our websites or mobile applications to your preferences, so that your experience of the websites or mobile applications may not be as enjoyable or useful; or
    • accept or process your application for employment.

    9. When and who Qube discloses personal information

    General disclosure

    • third parties to whom Qube has outsourced various functions, including but not limited to contractors or service providers for the purposes of operation of our website or our business, custodians, IT systems administrators, mailing houses, couriers, payment processors, electronic network administrators, debt collectors, insurers, insurance and securities brokers, real estate agents, marketing agents, travel agents, claims management services, injury management service providers, property management, surveying and valuation service providers and professional advisors such as accountants, lawyers and business advisors;
    • providers of share registry services (see further below);
    • regulatory authorities or government agencies or bodies where required by law; and
    • other parties where we have your consent.

    We may also otherwise disclose personal information with your consent.

    Where we have disclosed personal information to a third party, we take contractual steps to protect its confidentiality, privacy and security, including clauses that require the third party to deal with your personal information in accordance with our instructions and applicable privacy regulation.

    Qube security-holders

    Qube has outsourced its share registry function for its securities to Computershare Investor Services (Computershare). If you are a Qube security holder, we may share your personal information with Computershare so that Computershare may manage your Qube securities.

    Computershare has its own privacy policy covering its own collection, use, storage, disclosure and management of personal information. You may obtain a copy of Computershare’s privacy policy at https://www.computershare.com/au/privacy-policies or by contacting Computershare at:

    • Email: [email protected]; or
    • Post: Privacy Officer, Computershare Investor Services Pty Limited, Yarra Falls, 452 Johnston Street, Abbotsford, Victoria 3067, Australia; or
    • Phone: +61 1300 850 505 (free call within Australia) or + 61 (0)3 9415 4000 (outside Australia).

    You may contact Computershare if you have a query or complaint about privacy in relation to your Qube securities holding or would like details of your personal information in your capacity as a security-holder. For your protection, Computershare may only disclose personal information to you if their internal identity verification procedures are satisfied. If your security holding is sponsored by a broker, you may not be able to update your personal information directly with Computershare and you may need to contact your broker to do this. If you are not satisfied by the response from Computershare, you should contact Qube’s Privacy Officer (see section 13 below).

    Related entities

    Each member of the Qube group may disclose your personal information to other members of the Qube group (including overseas entities and the Qube trusts), as necessary or appropriate for the efficient management of our workforce, record-keeping and conduct of our business activities.

    Sale of business

    If it is contemplated that any member of the Qube group, or any of their businesses or assets, are to be sold, we may provide personal information to prospective purchasers (and their advisers) on a confidential basis as part of the due diligence process.

    If another company acquires the shares in Qube, or any member of the Qube group, that company will possess the personal information collected by us and will assume the rights and obligations regarding your personal information as described in this policy.

    10. Disclosure of personal information outside Australia or New Zealand

    While principally based in Australia and New Zealand, Qube has a number of related companies operating overseas, in South-east Asia. Qube may share personal information with members of the Qube group who are located in Singapore, Papua New Guinea, Malaysia, India and China.

    In addition, we may also use service providers with offices located overseas. These include service providers, agents, contractors and suppliers which service Qube’s overseas related companies. We use these service providers only as reasonable or necessary to perform our business functions.

    Other countries may afford different levels of privacy protection to that available under Australian and New Zealand law. If your personal information is located overseas, it may be accessible by the law enforcement, government, regulatory or national security authorities of the relevant country.

    Qube takes reasonable steps (including through contractual measures) to ensure that any third party overseas recipient (including any companies in the Qube group) deals with such personal information in a manner that is consistent with Privacy Legislation and this policy.

    11. Direct marketing communications

    If you consent, Qube and/or third party service providers we engage may send you direct marketing communications and information about:

    • products, services and special promotions that we consider may be of interest to you;
    • offers or promotions based on how you use our products and services; or
    • third party products and services (including offers and discounts we may have negotiated for our customers) we think may interest you, if you’ve chosen to receive this information.

    These communications may be sent in various forms as consented to by you, including by telephone, post, email, SMS or any other form of electronic communication, in accordance with Privacy Legislation and the Spam Act 2003 (Cth) in Australia and the Unsolicited Electronic Messages Act 2007 in New Zealand.

    You may opt-out of receiving marketing communications from Qube and/or our third-party service providers at any time by contacting the sender using the details set out in the communication, or by using the opt-out facilities provided in the marketing communication (e.g. an unsubscribe link). If you opt-out using the opt-out details provided in a marketing communication, we will ensure that you are removed from the relevant distribution list.

    12. Security of information

    Storage and security

    Your personal information may be transferred to and stored within documents and materials we create. This may be stored in electronic form in our internal company databases, email systems or in written form in hard copy files.

    Qube places importance on ensuring the security of all personal information we collect. We take reasonable steps, including both technical and organisational measures, to protect your personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure. We use a number of physical, digital, administrative, personnel-related, organisational and technical measures:

    • In relation to electronic storage, these measures include encryption, firewalls and data access controls, where records are auditable;
    • In relation to hard copy storage, these include physical security measures and site access controls;
    • Training of personnel on privacy practices and procedures;
    • Requirements on third party providers to comply with information security requirements and applicable laws.

    We may also use third party data storage providers to store personal information. Our contracts with the third party providers require them to implement equally stringent security measures and to comply with Privacy Legislation.

    Personal information used for facial recognition and thumbprints are stored by our FRT providers in Australia and New Zealand.

    Notifiable Data Breaches

    The Notifiable Data Breaches Scheme in Australia requires Qube to notify the OAIC and affected individuals where there has been an eligible data breach in relation to the individual’s personal information.

    In New Zealand, a breach is considered notifiable to the New Zealand Privacy Commissioner if it is likely to cause serious harm to individuals.

    Qube Logistics (Vic) Pty Limited, as a responsible entity for a critical infrastructure asset, also has reporting obligations under the Security of Critical Infrastructure Act 2018 (Cth) to notify the Australian Cyber Security Centre in accordance with that Act.

    Qube has developed a Personal Information Data Breach Response Plan to facilitate Qube’s compliance with notification requirements under the Privacy Legislation

    Retention of data

    We will take reasonable steps to permanently de-identify or destroy personal information when it is no longer required for any purpose for which it was collected. However, we may retain adequate records for as long as necessary for legal, accounting, insurance or prudential purposes.

    Regarding personal information used for facial recognition:

    • All data, including metadata, is stored and encrypted in disparate cloud systems for 60 days on our FRT provider’s Australian platform;
    • Information for stored identities (including photographs and biometrics/faceprints) is destroyed within 60 days after Qube choses to delete it;
    • Biometric and photographic data of each activity is automatically destroyed after 60 days; and
    • Video footage is retained on average for 15 days.

    13. Access and correction of personal information

    You may seek access to access or correct the personal information Qube holds about you. To do so, please contact our Privacy Officer in writing using the details below:

    • Email: [email protected]; or
    • Post: Privacy Officer, Qube, Level 27, 45 Clarence Street, Sydney NSW 2000.

    We will generally grant you access to personal information if you request it, but we may refuse to do so if we are permitted or required by law to do so. If this happens we will give you written reasons for the refusal. We will process requests for access within a reasonable time.

    Qube will take reasonable steps to ensure that the personal information held by us about you is accurate, up-to-date, complete and relevant. If you believe that it is not, then you may request that we amend it. In some unusual cases, we may not agree that there are grounds for amendment. If that happens, we will add a note to the personal information stating that you disagree with it.

    Generally, we will not charge you to act on your request for access. However, we may charge an appropriate fee or seek reimbursement for reasonable costs associated with access, for example, to cover the costs of retrieving or copying the information. We will not charge for making any corrections to your information.

    The information we provide will be personal to you only. We reserve the right to redact or withhold information to the extent it relates to, identifies, or is the personal information of, another person. We will provide you with the reason if we refuse to provide you with full access to, or permit correction of, the personal information we hold about you.

    Depending on the nature of your request, we may ask you to complete an enquiry form and/or provide us with further information in order to verify your identity.

    14. Making a privacy-related complaint

    Please contact our Privacy Officer in writing if you wish to make a privacy-related complaint involving Qube, including in relation to a claimed breach by Qube of Privacy Legislation, or about our handling of your personal information (including in relation to a request). Please see contact details of our Privacy Officer above in section 13. Please provide your name, email address and/or contact number and details of your complaint.

    Qube will investigate and we will contact you, usually in writing, to advise you of the outcome and invite a response. If we receive a response from you, we will assess it and advise if Qube has changed its view.

    If you are unsatisfied with the outcome, we will provide you with information about the further steps you can take.

    Alternatively, you may refer the matter to:

    15. Cookies

    Like many other website operators, we use cookies on our website. A cookie is a small file that a website uses to identify you when you come back to the site, and which stores details about your use of the site. A cookie can collect information (such as a user ID) that the website uses to track the pages you have visited. We do not use the information stored in those cookies to collect personal information about you. A cookie cannot read data on your hard disk or read cookie files created by other websites.

    Qube’s website uses cookies to track user traffic patterns. We use them to improve your experience when you revisit the website and to enable you to access secure areas of our Site.  

    You can set your browser to notify you when you receive a cookie (thereby providing you with the opportunity to either accept or reject it). You can also choose to disable all cookies by adjusting the privacy settings (ie turning them off) in your browser.

    We handle personal information collected by cookies in the same way that we handle all other personal information as described in this privacy policy.

    16. Third Party Links

    Our websites and mobile applications may contain links to websites operated by third parties. Those links are provided for your convenience and may not remain current or be maintained. We are not responsible for the privacy practices of, or any content on, any linked websites and have no control over or rights in such websites. The privacy policies that apply to such websites may differ from this privacy policy.

    17. Currency of this policy

    This policy was last revised in June 2026.

    From time to time, we may amend it to reflect changes in privacy regulation and Qube’s policies, operations and procedures. We will update the Privacy Policy on Qube’s website if it has been changed.