Privacy Policy

1.0 BACKGROUND

The Company is committed to complying with the provisions of the Privacy Act that relate to how entities handle Personal Information.

This Policy explains how we handle Personal Information relating to individuals, whether or not they are customers, so as to ensure we meet our obligations under the Privacy Act. By providing us with your Personal Information, you consent to us collecting, holding, using and disclosing your Personal Information in accordance with this Policy.

2.0 TERMINOLOGY

In this Policy the expressions “we”, “us” and “our” are a reference to the Company.

The expressions “you” and “your” refer to each and every individual whose personal information we may handle from time to time.

Any reference to us assuming an obligation under the Privacy Act or other privacy legislation can be interpreted as a reference to us also procuring our sub-contractors to undertake a reciprocal obligation to the extent relevant.

A list of defined terms is set out below:

a) Company refers to Keolis Downer Pty Ltd ACN 165 343 680, its subsidiary companies, operating divisions and business units;
b) Personal Information means information or an opinion about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion, including symbolic identifiers such as citizenship and immigration status; and
c) Privacy Act means the Privacy Act 1988 (Cth).

3.0 PROTECTING PERSONAL INFORMATION

3.1 Types of Personal Information Collected

We only collect, use or disclose an individual’s Personal Information to the extent that this is reasonably necessary for one or more of our functions or activities.

This includes the following kinds of information:

a) contractor information, namely:
(i) contact information including an individual’s name, address, date of birth, next of kin, and emergency contact;
(ii) copies of, or information from, identification documentation including a drivers’ licence, birth certificate and passport;
(iii) information relating to an individual’s payments, salary or wages (including group certificates, PAYG summaries, bank account details, tax file numbers and certain credit information (including garnishee orders on wages));
(iv) information relating to an individual’s employment with the Company (including leave details, medical records, performance information (including employee appraisals and discipline), training information, licences and qualifications); and
(v) information about whether an individual is Aboriginal or Torres Strait Islander. Please note that we only collect this last category of information when it is supplied voluntarily to us;
b) prospective employee and contractor information, namely:
(i) contact information including an individual’s name, address, telephone number and email address;
(ii) pre-employment information including date of birth, gender, Tax File Number, driving licences, vehicle registrations, curriculum vitae, resume, evidence of academic and operational qualifications / licences / certificates, company details, company number, pre-employment medical results, passport details, immigration status, drug, alcohol and other medical testing, psychometric testing / skills testing, reference checks, confirmation of professional memberships;
(iii) certain sensitive information, for example information relating to race and ethnicity, that may be provided at the pre-employment stage on an optional basis; and
(iv) where relevant and/or required by law information obtained through criminal history checks, credit/bankruptcy checks, directorship searches and company checks;
c) prospective or existing customer and supplier contact information including an individual’s name, role title, address, company and company number, telephone number and email address;
d) personal information held by a customer or business partner and provided to us for the purpose of providing a service to them or to their customers;
e) site visitor information, including an individual’s name, company, signature, and other basic identifying information.; and
f) incident witness information, including an individual’s name, personal address, telephone number, email address and signature.

3.2 Method of Collection

Our preference is to collect Personal Information about an individual directly from that individual unless it is unreasonable or impracticable for us to do so. However, we may collect Personal Information from third parties during job recruitment processes for example from your nominated referees and/or through police or background checking processes.

Personal Information will generally be collected from you in person, over the phone, through written communications (either on paper or electronic) or by you completing forms or answering questions on our website.

3.3 Provision of Third Party Information

By consenting to this Policy, you confirm that, in any instance where you provide us with the Personal Information of a third party, you have:

a) obtained the consent of that individual to our collection of the individual’s Personal Information and our use of that Personal Information in accordance with this Policy; and

b) prior to obtaining the consent of that individual, made all reasonable efforts to provide them with a copy of this Policy or advised the third party that a current copy of this Policy can be found on the Company’s website.

3.4 Purposes of Collection

Purposes for which we may collect Personal Information include, but are not limited to:

a) to consider job applications and whether to employ an individual;
b) to retain an individual as a contractor;
c) to interview and consider an individual as a prospective employee or contractor;
d) to engage with a potential customer or supplier;
e) for complaints handling or data analytics purposes; and
f) for any other purpose permitted by law.

3.5 Use and disclosure

We will generally use and/or disclose Personal Information for the primary purpose of collection and reasonably related secondary purposes, unless you consent to another use or an exception under the Australian Privacy

Principles or Privacy Act applies.

A secondary purpose might include:

a) business improvement programs;
b) disclosure of gender metrics for statutory reporting purposes;
c) disclosure of prospective contractor/employee personal information to a customer or client database in order to allow them to assess the suitability of the candidate to perform work for the client or customer while contracted to the Company; and
d) disclosure to maintenance personnel or other third party contractors (including outsourced and cloud service providers) who may be unable to avoid accessing Personal Information in the course of providing technical or other support services to our Company.

Contractor information may from time to time be provided to:

a) clients or customers for which the contractors will, or already, perform work while contracted to the Company for the purpose of providing the them with transparent information regarding the resources provided to the client or customer by the Company; and
b) third party analysts, consultants or IT service providers, for the purpose of creating aggregated financial or business reports for the Company, migrating data, upgrading systems and implementation.

3.6 Access, Correction and Further Information

We will take such steps as are reasonable to ensure that the Personal Information which we collect remains accurate, up to date and complete.
We will provide you with access to your Personal Information held by us unless we are permitted under the Privacy Act to refuse to provide you with such access.

Please contact us via the details below if you:

a) wish to have access to the Personal Information which we hold about you;
b) consider that the Personal Information which we hold about you is not accurate, complete or up to date; or
c) require further information on our Personal Information handling practices.

Triniti Business Campus
39 Delhi Road
North Ryde NSW 2113
AUSTRALIA
E: communications@keolisdowner.com.au

Privacy Officer: Peter Tompkins

There is no charge for requesting access to your Personal Information but we may require you to meet our reasonable costs in actually providing you with access.

If you consider that the Personal Information which we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, we will take reasonable steps, consistent with our obligations under the Privacy Act, to correct that information if you so request.

We will respond to all requests for access and/or correction within a reasonable time.

3.7 Storage

Typically, we will store Personal Information in hard copy and electronic form.

Personal Information may be sent offshore to related bodies corporate, as permitted by the Privacy Act and this Policy. Additionally, we may engage third party providers to host Personal Information, which may result in off-shore storage of Personal Information in countries including France, Singapore, Japan, New Zealand, the Netherlands, North America, the United Kingdom and the United States. We may also engage third party maintenance or support providers in relation to the transfer or storage of Personal Information overseas. The Company takes reasonable steps to ensure that any third party providers with access to your personal information in Australia or Overseas are required to comply with either, or a combination of:

a) this Policy;
b) the Privacy Act 1998 (Cth);
c) the U.S.-EU Safe Harbor Framework;
d) the U.S.-Swiss Safe Harbor Framework;
e) the Personal Information Protection and Electronic Documents Act (Canada); and/or
f) another law, or binding scheme that protects Personal Information in a way that, overall, is at least substantially similar to the way in which the Australian Privacy Principles protect Personal Information and provides mechanisms for individuals to take action to enforce the protection of the law or binding scheme.

3.8 Security

We will take reasonable steps to:
a) protect the Personal Information held by us from misuse, interference and loss;
b) protect the Personal Information held by us from unauthorised access, modification or disclosure; and
c) destroy or permanently de-identify Personal Information once we no longer require it for our business purposes.

3.9 Openness

From time to time, we may change our Policy on how we handle Personal Information or the types of Personal Information which we hold. Any changes to our Policy will be published on our website and you are encouraged to check the website regularly for updates. You may obtain a copy of our current Policy from our website or by contacting us on the details listed above.

3.10 Complaints

If you have a complaint about the way in which we have handled any privacy issue, including your request for access or correction of your Personal Information, you should advise us via the contact details set out above.

If you remain unsatisfied with the way in which we have handled a privacy issue, we suggest you approach an independent advisor or contact the Office of the Australian Information Commissioner (www.oaic.gov.au) for guidance on alternative courses of action which may be available.