PURPOSE OF THIS POLICY
This Policy applies to:
- APP as collectors and users of personal information, and
- APP directors, officers, employees, consultants, contractors acting as representatives or agents of APP, as well as external parties (such as customers, service providers, shareholders and job applicants) who provide personal information to APP.
SOURCES OF LEGAL OBLIGATIONS
The sources of legal obligations behind this Policy include Australia’s Privacy Act 1988 (Cth) and the Australian Privacy Principles contained in that Act, and privacy laws in the countries in which APP conducts business.
To the extent that the applicable laws of a country in which APP operates conflict with or impose a higher standard than this Policy, the applicable laws must be complied with.
WHAT SORT OF INFORMATION DO WE COLLECT?
We collect information, including personal information about you that is relevant to our business relationship with you or your employer. For example, we may collect an individual's name, contact details, information about our interaction with them and other relevant details that will assist in our business dealings and associated business development. However, we will endeavour to advise you where it is possible for you to deal with us on an anonymous basis.
If you apply to work for us as an employee or seek to provide your services as a contractor we may require you to undergo a pre-placement health assessment which will involve the collection of sensitive information, including health information. We may also engage third parties to conduct background checks.
In some cases, APP may be required by law to collect certain personal information. If we do not collect your personal information, we may not be able to process your application provide you with services, or deal with you.
EMPLOYEE RECORDS EXEMPTION
In certain countries, for example Australia, personal information regarding current or former employees that relates to their employment may be exempted from the requirements of the relevant privacy laws. To the extent permitted by law, APP may rely on these exemptions.
HOW DO WE COLLECT PERSONAL INFORMATION?
We usually collect personal information about you when you are in contact with us, including over the telephone, when you send us correspondence (e.g. by letter, facsimile or email) or when you have contact with us in person.
We may also collect personal information that you submit to our website such as resumes and email addresses. If you provide us with a resume or similar employment related materials, we will use that information for the purpose of processing and responding to your application for employment and may retain that information in order to consider you for other positions with us as they become available.
Where practical, we will collect your personal information from you directly. However, we may also collect your personal information from a third party. For example, we may collect personal information through our interactions with third parties with whom we do business, such as clients who use our services and contractors or suppliers we engage to assist us in the provision of those services. We may also collect your personal information from referees you have nominated in any job application.
HOW DO WE USE PERSONAL INFORMATION?
DO WE DISCLOSE PERSONAL INFORMATION TO OTHERS?
We may transfer or disclose personal information to the following parties ('Third Parties'):
- Other companies within Broadspectrum and Ferrovial and their employees
- External service providers, such as contractors, consultants (including information technology consultants) or suppliers who we engage in the provision of our services as data processors and auditors, taxation and legal advisers. These third parties are only permitted to use the information for the services or function for which they have been engaged, and are required to have in place reasonable safeguards for protecting personal information
- Regulatory bodies, government agencies and law enforcement bodies, and
- Other parties as permitted or required by law.
We may also transfer personal information in connection with a merger or sale involving all or part of APP or as part of a corporate reorganisation or share sale or other change in corporate control, including a bankruptcy.
In using and storing your personal information and/or in disclosing your personal information to the Third Parties or otherwise providing any of the Third Parties with access to your personal information, we may be required to transfer your personal information to jurisdictions other than the jurisdiction in which you reside. When permitted or required by law, your personal information may be stored, accessed, maintained and/or processed by us and our external service providers, who may be located in: Australia, Canada, Chile, the People’s Republic of China, India, the Republic of Nauru, New Caledonia, New Zealand, Papua New Guinea, the Republic of the Philippines, Qatar, the Kingdom of Spain, United Arab Emirates, the United Kingdom of Great Britain and Northern Ireland and/or United States of America.
WHAT DO WE DO TO KEEP PERSONAL INFORMATION SECURE?
We take reasonable and appropriate steps, and require our service providers to take reasonable and appropriate steps, to protect personal information from misuse, loss and unauthorised access, modification or disclosure using physical, electronic and procedural safeguards. To keep electronic information secure, we use a range of security measures, such as restricting access to users who have a valid username and password.
IS THE PERSONAL INFORMATION UP-TO-DATE?
We endeavour to make sure that the personal information which we hold is accurate, complete and up-to- date. If we are notified that the information we hold is not accurate, complete or up-to-date, we will take steps to validate the information and ensure that it is corrected, if necessary, or note the requested changes to the information.
If you believe that the personal information that we hold about you is incorrect, incomplete or inaccurate you may request amendment of it by contacting our Privacy Officer in writing at the email address on page four of this Policy.
If we do not make the correction sought, you may request that there be an attachment to the information that states the correction was sought but not made.
WHAT DO WE DO WITH PERSONAL INFORMATION WHEN IT IS NO LONGER NEEDED?
We take steps to destroy or de-identify personal information that is no longer needed for the purposes for which it was collected if we are no longer required by law to retain it, using secure methods to destroy or de-identify the information.
We will also take steps to destroy or delete your personal information if we receive written notification from you withdrawing your consent to our storing and processing of such information or requesting that we destroy or delete such information where we are not otherwise required by law to retain your personal information.
DO WE ALLOW ACCESS TO PERSONAL INFORMATION?
In most circumstances we allow an individual to access the personal information we hold about them. However, access may be denied where we are permitted or required by law to deny access to such information.
If we refuse to provide you with access to your personal information, we will generally provide you with reasons for the refusal.
If we do not hold the personal information you request, you will generally be informed in writing.
WHAT IS OUR PROCEDURE FOR HANDLING PRIVACY INQUIRIES OR COMPLAINTS?
Privacy Officer, APP Corporation
We aim to resolve any enquiries promptly. We may charge external parties a fee to cover the reasonable costs incurred by us in providing you with access to your personal information, such as photocopying, administration and postage costs.
If you make a complaint you will need to provide our Privacy Officer with sufficient details about your complaint in addition to any supporting evidence or information. We will contact you if we require any further information from you and will notify you in writing of the outcome of the Privacy Officer's investigation. If you are not satisfied with the Privacy Officer's determination, you can contact us to discuss your concerns or contact the Australian Privacy Commissioner via www.oaic.gov.au.
TRAINING AND COMMUNICATION
APP regularly communicates this Policy to Employees across APP through established communication channels. Employees will also receive regular training on supporting this Policy in the scope of their employment with APP.
CONSEQUENCES FOR BREACH OF THIS POLICY
Breach of this Policy:
- Could expose a person to civil or criminal liability;
- Will be regarded by APP as serious misconduct which may lead to disciplinary action, including termination of employment or contract; and
- Could expose APP to fines or financial penalties for breach of privacy laws.
REVIEW OF THIS POLICY
The Broadspectrum Group Executive, Legal and Governance is responsible for keeping this Policy up to date, a formal review will take place every two years, and the Board is responsible for approving this Policy.