Purpose of this policy
This Policy applies to:
- Broadspectrum as collectors and users of personal information, and
- Broadspectrum directors, officers, employees, consultants and contractors, as well as external parties (such as customers, service providers, shareholders and job applicants) who provide personal information to Broadspectrum
Sources of legal obligations
The sources of legal obligations behind this Policy include Australia’s Privacy Act 1988 (Cth) and the Australian Privacy Principles contained in that Act, and privacy laws in the countries in which Broadspectrum operates.
What sort of information do we collect?
We collect information, including personal information about you that is relevant to our business relationship with you or your employer. For example, we may collect an individual's name, contact details, information about our interaction with them and other relevant details that will assist in our business dealings and associated business development. However, we will endeavour to advise you where it is possible for you to deal with us on an anonymous basis.
If you apply to work for us as an employee or seek to provide your services as a contractor we may require you to undergo a pre-placement health assessment which will involve the collection of sensitive information, including health information. We may also engage third parties to conduct background checks. If you become our employee, the personal information provided to us during the recruitment process will become part of your employee record and this policy will not apply to the extent that we use the information in relation to your employment with us.
In some cases, we may be required by law to collect certain personal information.
If we don't collect your personal information, we may not be able to fulfil your request, process your application or provide our services.
How do we collect personal information?
We usually collect personal information about you when you are in contact with us, including over the telephone, when you send us correspondence (e.g. by letter, facsimile or email) or when you have contact with us in person.
We may also collect personal information that you submit to our website such as resumes and email addresses. If you provide us with a resume or similar employment related materials, we will use that information for the purpose of processing and responding to your application for employment and may retain that information in order to consider you for other positions with us as they become available.
Where practical, we will collect your personal information from you directly. However, we may also collect your personal information from a third party. For example, we may collect personal information through our interactions with third parties with whom we do business, such as clients who use our services and contractors or suppliers we engage to assist us in the provision of those services. We may also collect your personal information from referees you have nominated in any job application.
How do we use personal information?
We use personal information to enable us to provide operational, maintenance and asset management services, recruitment purposes, to communicate with our shareholders, to respond to your inquiries, for business development including of existing and prospective customers, website improvement and marketing purposes including undertaking data analytics, research and sending you electronic marketing communications where you have consented to receiving such communications, and for other purposes as described in this policy. You may opt out of receiving marketing communications from us at any time, by following the opt out instructions provided in such marketing communications. We will not use your personal information for any other purpose unless you consent to such use by us, such uses as are disclosed to you when we collect the information or as otherwise permitted or required by law.
Do we disclose personal information to others?
We may transfer or disclose personal information to the following parties ('Third Parties'):
- Other companies within the Broadspectrum group and their employees
- External service providers, such as contractors, consultants (including information technology consultants) or suppliers who we engage in the provision of our services as data processors and auditors, taxation and legal advisers. These third parties are only permitted to use the information for the services or function for which they have been engaged, and are required to have in place reasonable safeguards for protecting personal information
- Regulatory bodies, government agencies and law enforcement bodies, and
- Other parties as permitted or required by law.
We may also transfer personal information in connection with a merger or sale involving all or part of Broadspectrum or as part of a corporate reorganisation or share sale or other change in corporate control, including a bankruptcy.
In using and storing your personal information and/or in disclosing your personal information to the Third Parties or otherwise providing any of the Third Parties with access to your personal information, we may be required to transfer your personal information to jurisdictions other than the jurisdiction in which you reside. Your personal information may be stored, accessed, maintained and/or processed by us and our external service providers in Australia, Canada, Chile, China, India, Nauru, New Caledonia, New Zealand, Papua New Guinea, Philippines, Qatar, UAE and/or United States of America.
What do we do to keep personal information secure?
We, and our service providers, take reasonable steps to protect personal information from misuse, loss and unauthorised access, modification or disclosure using physical, electronic and procedural safeguards. To keep electronic information secure, we use a range of security measures, such as restricting access to users who have a valid username and password.
Is the personal information up-to-date?
We endeavour to make sure that the personal information which we hold is accurate, complete and up-to-date. If we are notified that the information we hold is not accurate, complete or up‑to‑date, we will take steps to validate the information and ensure that it is corrected, if necessary, or note the requested changes to the information.
If you believe that the personal information that we hold about you is incorrect, incomplete or inaccurate you may request amendment of it by contacting our Privacy Officer in writing at the email address on page four of this Policy.
If we do not make the correction sought, you may request that there be an attachment to the information that states the correction was sought but not made.
What do we do with personal information when it is no longer needed?
We take steps to destroy or de-identify personal information that is no longer needed for the purposes for which it was collected and we are no longer required by law to retain it, using secure methods to destroy or de‑identify the information.
We will also take steps to destroy or delete your personal information if we receive written notification from you withdrawing your consent to our storing and processing of such information or requesting that we destroy or delete such information where we are not otherwise required by law to retain your personal information.
Do we allow access to personal information?
In most circumstances we allow an individual to access the personal information we hold about them. However, access may be denied where we are permitted or required by law to deny access to such information.
If we refuse to provide you with access to your personal information, we will provide you with reasons for the refusal.
If we do not hold the personal information you request, you will be informed in writing.
What is our procedure for handling privacy inquiries or complaints?
Privacy Officer, Broadspectrum
We aim to resolve any enquiries promptly. We may charge external parties a fee to cover the reasonable costs incurred by us in providing you with access to your personal information, such as photocopying, administration and postage costs.
If you make a complaint you will need to provide our Privacy Officer with sufficient details about your complaint in addition to any supporting evidence or information. We will contact you if we require any further information from you and will notify you in writing of the outcome of the Privacy Officer's investigation. If you are not satisfied with the Privacy Officer's determination, you can contact us to discuss your concerns or contact the Australian Privacy Commissioner via www.oaic.gov.au.
Training and Communication
Broadspectrum regularly communicates this Policy to Employees across Broadspectrum through established communication channels. Employees will also receive regular training on supporting this Policy in the scope of their employment with Broadspectrum.
Consequences for breach of this Policy
Breach of this Policy by Employees:
- could expose such person to civil liability (a financial penalty and liability for damages);
- will be regarded by Broadspectrum as serious misconduct which may lead to disciplinary action, including termination of employment or contract; and
- could expose Broadspectrum to fines or financial penalties for breach of privacy laws.
Review of this Policy
The Executive General Manager Compliance and Group Company Secretary is responsible for keeping this Policy up to date. A formal review of this Policy will occur every two years or earlier as a result of changes in law or regulation.
This Policy will be submitted for review by the Risk, Audit and Compliance Committee of Broadspectrum, who will make recommendations to the full Board. The Board is responsible for approving this Policy.
This Policy should be read in conjunction with Broadspectrum’s other policies including: