Holdco Holdings Pty Ltd (Company) and its related bodies corporate strive to protect Individuals’ privacy by complying with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs) which are in the Privacy Act. This Policy covers the collection, use, disclosure, and storage of Information and how it can be accessed and corrected.
Definitions
Individual means a natural person.
Information means Personal Information and/or Sensitive Information.
Personal Information means information or an opinion about an identified Individual, or an Individual who is reasonably identifiable:
(a) whether the information or opinion is true or not; and
(b) whether the information or opinion is recorded in a material form or not.
Sensitive Information means:
(a) information or an opinion about an Individual’s:
(i) racial or ethnic origin;
(ii) political opinions;
(iii) membership of a political association;
(iv) religious beliefs or affiliations;
(v) philosophical beliefs;
(vi) membership of a professional or trade association;
(vii) membership of a trade union;
(viii) sexual orientation or practices; or
(ix) criminal record,
that is also Personal Information; or
(b) health information about an Individual; or
(c) genetic information about an Individual that is not otherwise health information; or
(d) biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or
(e) biometric templates.
Information the Company collects
The kinds of Information the Company may collect includes the following:
- Name;
- Date of birth;
- Contact details (e.g. postal address, email address, phone number);
- Educational qualifications;
- Employment history;
- Payment / invoice details;
- Banking details;
- Details of complaints or enquiries made;
- Health information (e.g. fitness for work information, illness and injury information, drug and alcohol test results, disability information);
- Business information (e.g. in relation to contracts);
- Security information (e.g. times of entry and exit from sites and/or vehicles); and
- Criminal record information.
Individuals do not have to give the Company Information. The Company may be able to deal with an Individual anonymously or using a pseudonym in cases including where an individual makes a general enquiry of the Company. However, there may be circumstances where, if the Company cannot collect an Individual’s personal information or verify an Individuals’ identity, the Company will not be able to assist, deal with, transact with, or engage with an individual.
Who the Company collects Information from
Personal Information
The Company usually collects Personal Information from an Individual. However, it may collect Personal Information about an Individual from a third person. A person must not provide any Personal Information to the Company about another Individual if they do not have that Individual’s, or their legal guardian’s or representative’s, express consent to do so.
Sensitive Information
The Company only collects Sensitive Information from an Individual with their consent and where it is reasonably necessary for one or more of the Company’s functions or activities. However, the Company may collect Sensitive Information from someone other than the Individual where it is necessary to prevent a serious and imminent threat to life or health or safety (including public safety), or as otherwise required by law or a court or tribunal order, or another permitted situation exists under the Privacy Act.
How the Company collects Information
The Company may collect information from an Individual in the following ways, including:
- Over the phone;
- Via email;
- In interpersonal interactions;
- In an application for a role with the Company;
- By attendance at a Company event;
- By placing an order with the Company;
- By engaging in business with the Company;
- By making an enquiry or complaint to the Company;
- From CCTV footage; and
- From access systems.
Why the Company collects, holds and uses Information
The Company collects Information that is reasonably necessary for, or directly related to, one or more of its functions or activities. These include managing client relationships, contractual relationships, managing risk (e.g. in relation to security, safety, environment), recruitment processes, and to comply with legal obligations.
The Company may collect Information from Individuals for a number of reasons. These reasons include:
- To verify an Individual’s identity and/or contact details;
- To provide goods or services;
- To make or receive payments;
- To undertake recruitment functions;
- Where a court or tribunal requires it;
- Where a law, regulation or government mandate requires it;
- To manage occupational and work health and safety;
- To meet contractual obligations;
- To reply to enquiries, correspondence, or complaints; and
- A purpose disclosed at the time the Information was collected.
The Company will use an Individual’s Information where:
- The Individual consents to the use;
- It is used for the purpose it was collected; and
- Where it is required by law.
Who the Company discloses Information to
Depending on the dealings and Individual has with the Company, the Company may disclose an Individual’s Information to other people and organisations. These people and organisations include:
- the Company’s related bodies corporate;
- service providers;
- medical and health service providers;
- advisors and consultants; and/or
- the police, regulatory bodies or government agencies.
The Company does not send Information outside of Australia. However, some of the Company’s IT service providers are located overseas and the Company stores some information in cloud-based storage systems. Use of these IT and cloud-based storage systems may mean Information is disclosed overseas when it is necessary for the provision of these services.
How the Company holds and protects Information
The Company only keeps Information for as long as it requires it. This means that the Company usually only hold Information about an Individual for the duration of the relationship, unless the Company is required to retain the Information in accordance with legal obligations.
The Company takes reasonable steps to protect Information by seeking to ensure that Information about an Individual is kept confidential and secure, including by:
- appropriate physical security of the Company’s premises and databases/records;
- restricting access to only Company personnel who need the Information to provide services to an Individual; and
- using technological measures such as firewalls, passwords, multi-factor authentication, and endpoint protection.
The Company takes reasonable steps to keep Information secure, however this cannot be guaranteed due to the nature of the internet. The steps the Company takes, which are set out above, are designed to help ensure that Information is not accessed by unauthorised personnel, lost, or misused. If an Individual reasonably believes that there has been unauthorised use or disclosure of their Information, they should contact the Company, as set out below.
Accessing and Correcting Information
The Company seeks to ensure Individuals’ Information is accurate, complete and up to date.
If an Individual wants to access and/or correct any Information, they can make a request to hr@ssrail.com.au.
Depending on the nature of the request, the Company may reasonably charge an Individual for providing access to Information. If the Company intends to charge an Individual, it will let them know prior to proceeding with their request.
Complaints about Information
If an Individual wishes to complain about anything covered in this Policy or an APP, please contact hr@ssrail.com.au for assistance.
The Company takes complaints seriously and aims to resolve them fairly and promptly. If an Individual is not satisfied with the Company’s response or handling of a complaint, they can contact the Office of the Australian Privacy Commissioner (OAIC) at enquiries@oaic.gov.au. The OAIC’s other contact details can be found here: https://www.oaic.gov.au/about-the-OAIC/contact-us
Review of Policy
The Company will review this Policy from time to time to ensure it is in accordance with legal obligations. The Company reserves the right to amend this Policy at any time. The version on a Company website from time to time is the applicable Policy.