COLLECTION AND USE OF INFORMATION
We only collect information if it is necessary for one of our functions or activities. The type of information we collect will depend on the reason for collection. Generally the types of information we collect include name, contact details and records of communications with us. The Group collects information in the following circumstances:
- Job applicants – if you are applying for a role within the Group, we will require your name, address, contact details, qualifications, career history, referee names and as well as some limited health information and government identifyers. We collect this information directly from you and from organisations that provide recruitment related services to us.
- Contractors, suppliers or prospective contractors – where we are procuring goods and services we may collect information including names, addresses, telephone numbers or email addresses and financial information (such as bank account details). Where the suppliers or prospective suppliers are providing procurement services to our businesses, we may require you to provide us with information including names, addresses, telephone numbers, email addresses and financial information (such as credit history details) for the purpose of accounts establishment, invoicing and receivables. This information is collected for business-related purposes but contains some limited personal Information on the people we deal with. This information is collected directly from the contractor.
From time to time, we may also collect limited Personal Information including names and contact details about:
- Visitors, contractors and suppliers who come onto any of our sites in case of emergency;
- People who work for our customers;
- People involved in or through organisations that we support or sponsor;
- People who correspond with us, including through our Web Site and LinkedIn
Generally, we collect the above information directly from the individual. You are not required to provide your Personal Information, but we may be unable to provide services to you or enter into an employment or contractual relationship with you should you chose not to. We also collect information from our Web Site using cookies, server logs and Google Analytics. When you visit a Group site to read, browse or download information, our system will record/log your IP address (the address which identifies your computer on the internet and which is automatically recognised by our web server), date and time of your visit to our site, the pages viewed and any information downloaded. This information will only be used for the purpose of site analysis and to help us offer you improved online service. We may automatically collect non-Personal Information about you such as the type of Internet browsers you use or the site from which you linked to our Web Sites. You cannot be identified from this information and it is only used to assist us in providing an effective service on our Web Sites. Our Web Site may contain links to other Web Sites and those third party Web Sites may collect Personal Information about you. We are not responsible for the privacy practices of other businesses or the content of Web Sites that are linked to our Web Site. The Group encourages users to be aware when they leave the site and to read the privacy statements of each and every web site that collects personally identifiable information. We may use Personal Information for the primary purpose for which it is collected, or for purposes related to the primary purpose where it would reasonably be expected that we would use the information in such a way, or in other limited circumstances set out in the Privacy Act. We collect, hold and use Personal Information to:
- Correspond with people who have contacted us and deal with feedback;
- Recruit and assess potential employees;
- Enable third party service providers to provide us and our related companies with services such as information technology, auditing, legal advice, printing and mailing services, and services relating to our group employee share plan;
- Provide services to and manage our related companies;
- Correspond with people regarding our corporate sponsorships; and
- Maintain and update our records.
DISCLOSURE OF INFORMATION
We may disclose Personal Information to companies within the Group as necessary or appropriate for the conduct of our business activities. To the extent permitted under the Privacy Act, the Group may disclose Personal Information in connection with the following purposes:
- External service providers who provide its business services;
- In the event of a proposed sale, merger, reorganisation, or other similar event relating to a Group business or entity;
- As we consider is required, authorised or permitted under law (for example, disclosure to courts, law enforcement agencies, government, regulatory or competent authorities or bodies); and
- To protect the rights and safety of its employees or other third parties.
Specific third parties we may disclose Personal Information to include:
- Group companies;
- Our service providers and professional advisors, including IT service providers, auditors , legal advisors, mail houses, and to share plan management services;
- Financial institutions and potential investors;
- Organisations we support or sponsor:
- Government Agencies: and
SECURITY AND STORAGE
We hold Personal Information electronically and in some cases, hard copy form, both at our own secure premises and with the assistance of our service providers. We take all reasonable steps to ensure that the Personal Information that we hold is protected from misuse, and unauthorised access by ensuring that this information is held on secure servers in controlled facilities. To mitigate any misuse of or unauthorised access to the Personal Information, the information stored within our computer systems and in hard copies can only be accessed by those entrusted with authority and/or computer network password sanctions. We may use cloud computing solutions or data storage located overseas in which case information may be stored, under our control, on computer servers located outside of Australia. Please see the section below for more information about overseas disclosures. Should Personal Information be delivered by our Web Site it will be password-protected so that only you have access to your Personal Information. We recommend that these passwords are not divulged to anyone. We also recommend that you sign out of our Web site and close the browser window when you have completed using the services of the site. If we no longer require the Personal Information and are not required to retain it by law, we take steps to de-identify or securely destroy the Personal Information.
CROSS BORDER DISCLOSURES
The Group is based in Australia and the United States and discloses Personal Information in these countries. We may also use services provided from third party service providers or certain cloud services which may be located in another country. These countries are currently unascertainable. We take reasonable steps to ensure that all personal information disclosed offshore is managed in accordance with the Australian Privacy Principles. Pursuant to the Australian Privacy Principles, the Group may disclose Personal Information we have collected about you to an overseas recipient, such as overseas service providers, only if:
- You provide informed consent to the disclosure; or
- The disclosure is required or authorised by or under an Australian Law or a court/tribunal order; or
- The Group has taken reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles; or
- The Group reasonably believes that the recipient is subject to a law or binding scheme imposing privacy protections that are substantially similar to the Australian Privacy Principles and that there are mechanisms you can access to enforce those protections.
ACCESS TO AND CORRECTION OF PERSONAL INFORMATION
The Group is committed to maintaining accurate, timely, relevant and appropriate information about our customers, clients and web-site users. So long as your request for your Personal Information is in accordance with the Australian Privacy Principles, then we will give you access to that information. Your initial queries should be directed to a member of the local HR team or by emailing firstname.lastname@example.org. Inaccurate information can be corrected if we receive a request to this effect from you. Please note that the Group can attempt to correct information if the information held is inaccurate, out of date, incomplete, irrelevant or misleading. The Group will take reasonable steps to notify any third parties, to whom the information was previously disclosed, of any correction. If we refuse to provide you with access or correct the Personal Information held about you by us then we will provide reasons for such refusal. We reserve the right to charge an appropriate fee or request reimbursement for reasonable costs associated with retrieving, copying or providing access to the Personal Information (to the extent permissible under the Privacy Act). There is no such fee associated with correcting inaccuracies in Personal Information.