Your personal information is important to us
Under the Privacy Act, personal information is information or an opinion about an individual, or an individual who is reasonably identifiable, whether true or not and whether recorded in material form or not.
Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information, as well as biometric information.
What information we collect and why we collect it
The types of personal information we collect may include your name, contact details, your interests relevant to our business and relationships and records of your communications and interactions with us. Some of this information may include sensitive information, including health information, and will only be used for compliance with applicable laws and regulations, including workplace and equal opportunity laws. We set out below further details of the type of personal information we collect and handle for different parts of our business operations.
Business and investor relationships – we collect personal information, typically business contact information, for our dealings with prospective and existing customers, investors, suppliers and joint venture partners.
Community relationships – we collect personal information, typically contact details, from individuals with whom we engage in relation to the local communities where we conduct our business. For some activities, such as cultural and heritage surveys or sponsorship arrangements, we may collect health information and age, and bank account details, where we are making payments to you in this context.
Human resources – we collect personal information about potential recruits, employees and contractors for recruitment and managing human resources including information concerning qualifications, skills, experience, character, screening checks (including reference, background, directorship, financial probity, identity, eligibility to work, and vocational suitability), employment history, training, contracts and terms and conditions, staff benefits, emergency contact details, performance, conduct, use of our IT resources, payroll matters, leave and taxation, banking or superannuation affairs.
In some circumstances, as necessary and where appropriate and with consent, we collect sensitive information from potential recruits, employees and contractors, such as health and criminal record information for screening checks, health information for managing health and safety issues and, information about professional or trade association or union membership used for human resources purposes.
Security and safety – we collect personal information, typically contact information for visitors to our site, images and audio from surveillance technology such as closed circuit television, and where necessary and where appropriate health information relating to health and safety management and site incidents, for managing safety and security at our sites.
How we collect your personal information
We collect personal information directly from you and from third parties such as the businesses for which you work, your representatives, our suppliers, our joint venture partners, other group companies, government agencies, and public sources (including the internet).
Purposes for which we collect, hold and use personal information
We collect and handle personal information to help us conduct our business and to provide products or services to you or the organisations for whom you work, including for:
- developing coal resources;
- supplying and marketing coal services;
- the provision of information in relation to the products and services we provide;
- communicating and managing our relationships with stakeholders and communities, including our personnel, business and community contacts;
- recruiting, training and managing personnel;
- protecting our lawful interests; and
- facilitating actual and potential investments in our business and acquisitions, and disposals of our business.
We may not be able to do these things without your personal information. For example, we may not be able to communicate with you or consider your application for employment.
Some of our collection and handling of personal information is also required or authorised by other laws, for example the Fair Work Act, Superannuation Guarantee (Administration) Act, Income Tax Assessment Act and other tax laws, Corporations Act, occupational health and safety acts, and workers compensation acts.
Visitors to our website and emails
A cookie is a piece of information that allows our system to identify and interact more effectively with your browser. The cookie helps us to maintain the continuity of your browsing session and remember your details and preferences when you return. You can configure your web browser software to reject cookies however some parts of our website may not have full functionality in that case.
Our website may also detect and use an individual's IP address or domain name for internal traffic monitoring and capacity purposes or to otherwise administer the website. No personal information is obtained, rather the patterns of usage of visitors to the website may be tracked for the purposes of providing improved service and content based on aggregate or statistical review of user site traffic patterns.
Please note, as email communication is not secure, any personal information you send via email is done so at your own risk. Once we receive your email, we take reasonable steps to protect the security of any personal information it contains, as required by law.
We may disclose personal information to various third parties. These include our joint venture partners for oversight of their investment or services to us, companies for which you work, your representatives, and our suppliers including providers of archival, auditing, accounting, business development and investment, legal, business consulting, banking, payment, debt collection, delivery, data processing, data analysis, document management, market research, health and safety, insurance, recruitment, staffing, website and technology services.
We may also disclose personal information to our related companies for services they provide to us, for oversight of our operations and where it is of relevance to their own operations.
We may disclose your personal information to recipients that are outside Australia, such as our related companies in China, and as we may use offshore servers for the purposes of data storage and other technology services. Some of our technology suppliers are located in Canada.
How we hold your personal information - storage and security
We take a range of steps to keep personal information protected from loss, misuse or unauthorised access, modification or disclosure. Depending on the circumstances, these measures may include staff authentication, access controls, encryption, records management protocols and secure premises. We store personal information in both physical and electronic form, sometimes with the assistance of third parties such as specialist data hosting providers.
Access and correction
Subject to some exceptions allowed by law, you can request access to any personal information that we hold about you at any time. To request access please contact us using the details provided below. Depending on the complexity of your request, a small charge may be applicable where permitted by law.
Our aim is to ensure that your personal information is accurate, complete and up to date. Please contact us if the personal information you have provided us changes, or you are aware that any personal information we hold is not correct. We will use all reasonable efforts to correct the data.
If you have any concerns about how we have handled your personal information, you may contact us.
All complaints should initially be in writing and directed to the contact details below. We will investigate your issue, notify you of our response and will keep records of our investigation and resolution. If you are not satisfied with the manner in which we have dealt with your complaint, you may contact the Office of the Australian Information Commissioner whose contact details are available at www.oaic.gov.au.
Phone +61 2 8583 5300
Address Level 18, Darling Park Tower 2，201 Sussex Street, Sydney, NSW 2000
Policy version 2.0, last revised 18 December 2019
Addendum (Hong Kong)
- the Privacy Act are instead to be construed as references to the Personal Data (Privacy) Ordinance (the PDPO) unless the context requires otherwise; and
- “personal information” are instead to be construed as the “personal data” that is the subject of the PDPO. For these purposes, personal data can include any data relating directly or indirectly to a living individual from which it is practicable to directly or indirectly ascertain the identity of the individual.
Purposes for which we collect, hold and use personal data
The following additional purpose for which we collect and handle Hong Kong personal data to help us conduct our business is added:
- direct marketing of our products and services.
- distribution and dissemination of company reports, distribution details, company meeting information and other relevant company material.
- communicating with shareholders related to shareholdings in the company.
In relation to Hong Kong personal data, we may additionally disclose your personal data to recipients that are outside Hong Kong, such as our group companies in Australia and China.
Access and correction
In addition to requesting access to your personal data, subject to some exceptions allowed by law, you can also request that your Hong Kong personal data is corrected at any time. We will correct any data that we are satisfied is inaccurate within 40 calendar days of receiving your request, and comply with our other applicable obligations under the PDPO.
If you request access to your Hong Kong personal data, if we hold the relevant personal data, we will supply a copy of the requested data within 40-calendar days of receiving the request in accordance with the PDPO. We will tell you within the same 40-calendar day period if we do not hold the personal data.
We will also inform you of the fee (if any) to be charged to you for a data access or correction request within the same 40-calendar day period.