Privacy Statement

This Privacy Statement explains how ASX Limited and its related bodies corporate (ASX) collects, handles, uses and discloses ‘personal information’ for the purposes of applicable privacy laws, and outlines the rights of individuals in relation to that information. It applies to personal information collected directly and indirectly by ASX in the course of carrying out its business functions and activities, including operating licensed financial markets and clearing and settlement facilities, provision of technology and data products and services, delivery of education and engagement programs and general corporate operations, as further described below.

 

Why ASX handles personal information

ASX collects, holds, uses and discloses personal information for lawful purposes related to the performance of its business functionsand activities, including:

  • delivering services to investors, listed entities, issuers, participants and other stakeholders (for example, issuing CHESS statements, managing listings
    processes or responding to market enquiries)
  • providing customer support and managing enquiries and feedback (for example, logging and resolving cases through customer support systems)
  • meeting legal, regulatory and compliance obligations (for example, reporting to regulators, maintaining audit records or responding to law enforcement
    requests)
  • managing recruitment, employment, engagement, payroll and workforce related matters (for example, onboarding staff, managing benefits and maintaining employment records)
  • conducting education, engagement and consultation activities (for example, running webinars, stakeholder consultations and industry surveys)
  • supporting business continuity, incident management and security (for example, maintaining contact details for crisis communications or monitoring access to systems)
  • undertaking analytics, research and service improvement activities (for example, analysing aggregated survey responses to improve services)
  • communicating about ASX products, services and events, where permitted by law and subject to individuals being able to opt-out.

ASX may use artificial intelligence and automated tools to support its operations. Where these tools involve personal information, ASX applies appropriate controls and human oversight to ensure compliance with privacy laws and internal policies, including the use of collection notices.

Back to top

 

Whose personal information does ASX handle?

The main categories of individuals ASX collects personal information about include:

  • investors and security holders
  • representatives of listed entities, issuers, participants and registries
  • subscribers and users of ASX products and services
  • employees and contractors, job applicants and candidates
  • suppliers, vendors and service providers
  • participants in ASX education programs, events, webinars and games
  • visitors to ASX premises
  • users of ASX websites, portals and digital platforms
  • other individuals we interact with in the ordinary course of business.

Back to top

 

What personal information does ASX collect?

ASX collects a range of personal information, depending onthe nature of its relationship with an individual and the purpose for which theinformation is collected, including:

·       Basic business data, such as name, business email address, business phone number and job title (for example, collected from representatives of listed entities,
participants, suppliers or staff for operational and regulatory engagementpurposes)

·       Basic private data, such as personal email address, personal phone number, home address, date of birth and emergency contact details (for example, collected from employees during onboarding, from candidates during recruitment, or from investors when responding to enquiries)

  • individual financial data, such as bank account details, tax file numbers, tax residency details and superannuation details (for example, processed for payroll and superannuation).
  • IT and usage data, such as IP addresses, device identifiers, system access logs, website usage information and cookies (for example, generated through use of
    ASX systems, platforms and websites)
  • recordings and images, such as voice recordings of telephone calls, video recordings of meetings, webinars or events, photographs and CCTV footage at ASX premises (for example, for training, verification, safety or compliance purposes)
  • marketing and communications data, such as communication preferences and expressed interest in ASX products, services or events (for example, collected in forms or event registrations)
  • opinions, feedback and enquiries, including survey responses and qualitative feedback (for example, collected through ASX surveys, consultation processes or customer support channels)
  • sensitive information, in limited circumstances and where permitted by law, such as health information, background check information, criminal history checks for director or staff suitability assessments or other sensitive attributes (for example, dietary requirements for events).

Where lawful and practicable, individuals may interact with ASX anonymously or using a pseudonym.

Back to top

 

Further information for investors

If you are an individual investor (holder) on ASX, some of your personal information is collected and held in CHESS, ASX’s clearing andsettlement system.

This may include:

  • your registration details, such as your name, address and residency status (domestic, foreign or mixed), which are provided to ASX by your sponsoring participant and are required to establish and maintain your holding
  • your Holder Identification Number (HIN), which is issued by ASX when your CHESS account is created and is used to identify your holdings
  • details of the financial products you hold in CHESS
  • optional contact details, such as your email address (where you elect to receive electronic communications)
  • your bank account details, where optionally provided, which ASX passes to issuers to enable electronic payment of distributions.

If you are an issuer‑sponsored holder, ASX may receive your Securityholder Reference Number (SRN) and holding balance where required to support the transfer or conversion of your holding into CHESS.

Back to top

 

How does ASX collect personal information?

ASX collects personal information through a range of channels, reflecting the breadth of its activities and stakeholderinteractions, including:

  • directly from individuals, such as when they complete forms, register for events, respond to surveys, apply for roles, contact ASX by phone or email, or interact
    with ASX platforms and services
  • from third parties, such as recruitment agencies, background checking providers, sponsoring participants, registries, insurers or professional service providers
    (for example, resumes submitted by recruitment firms or background checks conducted by external providers)
  • from publicly available or professional sources, where appropriate and lawful (for example, business contact details obtained through professional engagement or
    market participation).

When ASX collects personal information directly from individuals, ASX generally provides a collection notice at or before the time of collection. Collection notices explain matters such as the purpose of collection, the types of personal information collected, how the information may be used or disclosed, and how individuals can access or correct their personal information.

Collection notices may be provided through online forms, registration pages, surveys, onboarding documents, event materials, or other communications, depending on the context in which personal information is collected.

Where required by law or where appropriate in the circumstances, ASX seeks an individual’s consent before collecting, using or disclosing personal information. This may include, for example, obtaining express consent for background checks, participation in surveys, marketing communications, or the collection of sensitive information.

Where ASX sends marketing or promotional communications, individuals may opt out at any time by using the unsubscribe function included in those communications or by updating their preferences through applicable ASX platforms.

Back to top

 

Disclosure of personal information

ASX may disclose personal information to other partieswhere required or permitted by law, including:

  • ASX service providers, such as technology, hosting, mailing, payroll, insurance or incident management providers that assist ASX in delivering its services
  • regulators and law enforcement agencies, where required or authorised by law (for example, ASIC, the RBA or the ATO)
  • participants, issuers and registries, for market operation, clearing, settlement and investment related purposes
  • professional advisers, auditors and governance bodies, to support legal, audit and oversight functions.

Some ASX related bodies corporate, service providers, registries and technology partners are located outside Australia. As a result, personal information may be disclosed to, or stored in, overseas locations where this is necessary to support ASX’s business operations and service delivery.

Countries in which personal information may be disclosed or stored include, but are not limited to, the United States, the United Kingdom, India and other jurisdictions in which ASX service providers, registries or related bodies corporate operate. Overseas disclosures typically occur where ASX uses global service providers for functions such as information technology hosting, software platforms, data analytics, payroll or insurance processing, incident management, or customer communications.

When ASX discloses personal information overseas, ASX takes reasonable steps to ensure that the overseas recipient handles the information in a manner consistent with applicable Australian privacy laws.

Back to top

 

Data quality, security and retention

ASX will take reasonable steps to ensure that the personal information it holds is accurate, complete and up to date. ASX maintains technical, physical and organisational security measures designed to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. These measures are reviewed and updated from time to time.

Personal information will be retained having regard to the purpose for which it was collected and applicable legal or regulatory requirements, and in accordance with applicable ASX policies. Where personal information is no longer required, ASX will take reasonable steps to destroy or permanently de‑identify the information, unless retention is otherwise permitted or required by law.  ASX will also take reasonable steps to destroy unsolicited personal information that does not serve an appropriate purpose, unless retention is required by law or a regulatory obligation.

Back to top

 

Cookies and online technologies

ASX uses cookies and similar technologies across its websites, portals and digital platforms to support functionality, security and, where permitted, analytics, personalisation and advertising activities. Use of cookies may vary depending on the specific ASX website or platform.

 

What are cookies?

Cookies are small text files stored on an individual’s device by their web browser when visiting a website. Cookies may be set by ASX (first‑party cookies) or by third parties whose services are used on ASX websites (third‑party cookies). Cookies may be:

  • session cookies, which are deleted when a browser session ends
  • persistent cookies, which remain on a device until they expire or are deleted.

Most cookies do not directly identify an individual. In limited circumstances, information collected through cookies may be linked with other information held by ASX, as described in this Privacy Statement.

 

Types of cookies used by ASX

ASX uses the following categories of cookies on relevant websites:

Strictly necessary cookies (always active)
Required for the operation, security and integrity of ASX websites and services, including authentication, fraud prevention and system functionality. These cookies cannot be disabled.

Analytics/performance cookies
Used to collect aggregated, de‑identified information about how users interact with ASX websites, including page visits and navigation patterns, to support performance monitoring and service improvement.   

Functional cookies
Enable enhanced functionality and personalisation, such as remembering preferences or recognising returning devices. These may be set by ASX or third‑party service providers.

Targeting cookies
Used to deliver and measure the effectiveness of marketing and advertising, including across third‑party platforms. These may involve third‑party partners who set cookies and share information with ASX.

 

Consent and cookie management

Strictly necessary cookies are always active and do not require consent.

For other types of cookies, ASX seeks consent where required by law. Individuals can:

  • choose which optional cookies to accept via cookie consent tools available on relevant ASX websites
  • update or withdraw their preferences at any time using “Manage cookie settings”.

Individuals can also manage cookies through their browser settings; however, doing so may affect the functionality of certain services.

 

How cookie information is used

Information collected through cookies is generally aggregated and not used to identify individuals. ASX does not combine cookie data with other information it holds
to identify individuals unless:

  • the individual has consented
  • ASX is required or authorised by law (including regulatory requests)
  • it is necessary to investigate or resolve system or security issues
  • it is otherwise permitted under applicable law.

 

Platform-specific use of cookies

The use of cookies varies across ASX platforms. For example:

  • secure portals may use session cookies to authenticate users and maintain active sessions;
  • some platforms may use optional cookies to recognise devices where users select functionality such as “remember this device”; and
  • certain websites may not use cookies where no authentication or tracking functionality is required.

 

Further information

Further details about cookies used on specific ASX websites, including up‑to‑date cookie lists, are available through the cookie settings tools on those websites.

Back to top

 

Feedback and enquiries

Individuals may request access to, or correction of, personal information ASX holds about them, in accordance with applicable privacy laws. Depending on the nature of the information and how it is maintained, individuals may need to update their information directly through the relevant ASX system, service or third‑party provider.

For CHESS-related personal information, ASX does not generally update or amend records directly. Such information is maintained by your broker/trading platform who may use a sponsoring participant. Individuals seeking to request access to or update CHESS-related details must contact their broker/trading platform directly.

For personal information held by ASX outside of CHESS, individuals may contact ASX to request access or corrections, or to obtain guidance on how to do so.

ASX collects and manages feedback and enquiries through approved channels, including online forms and other designated contact mechanisms. Access to this information is restricted to authorised personnel and may be aggregated or de-identified for reporting and service improvement purposes.

If an individual makes a privacy complaint, ASX will acknowledge and investigate the matter in accordance with applicable privacy laws. Where an individual is not satisfied with ASX’s response, they may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

Back to top

 

How to contact us

Privacy enquiries and requests should be submitted via the webform available on the ASX website - Contact Us page.

 

Alternative contact methods

By mail By telephone
ASX Privacy Office
ASX Limited
Level 27, 39 Martin Place
Sydney NSW 2000
131 279

Back to top

 

Updates to this Privacy Statement

This Privacy Statement will be reviewed from time to time as required. We reserve the right to update this Privacy Statement from time to time to reflect changes in the law or technology or business practices. It is your responsibility to review the updated Statement.

Last updated: July 2026

Back to top