1. Overview
This privacy policy (Policy) applies to the activities of Emeco Holdings Limited (ACN 112 188 815) and its subsidiaries (together, Emeco).
This Policy explains how Emeco complies with the requirements of the Privacy Act 1988 (Cth) (the Act) in relation to the collection, storage, use and disclosure of personal information. This Policy does not apply to employee records which are generally excluded from the requirements of the Act.
2. Whose personal information does Emeco collect?
Emeco may collect personal information from individuals including:
- customers;
- business contacts, employees and contractors of its customers;
- contractors;
- suppliers;
- website users;
- shareholders; and
- employees and potential employees.
3. Why does Emeco collect personal information?
Emeco will only collect personal information when it is necessary for one or more of its business or operational purposes (primary purpose). These business or operational purposes may include:
- considering requests and inquiries for service solutions and making arrangements for rental, maintenance or sale of earthmoving equipment or provision of mining services;
- administering service solutions including assessing credit applications, setting up customer accounts, billing and collecting payment;
- recruiting employees and engagement of contractors and consultants;
- engaging service providers, suppliers or contractors; and
- to provide information about Emeco’s products and services that Emeco believes may be of interest to you.
In collecting personal information, Emeco will act lawfully and fairly. You may choose not to provide Emeco with the information requested. However, this may mean that Emeco is unable to provide you with services or information.
4. What type of personal information does Emeco collect?
Generally, the main types of information Emeco collects relates to potential employees and business contacts for customers and suppliers, such as employees or officers of customers and suppliers. The types of personal information collected includes:
- general identification and contact details such as name, address, email address and phone number;
- bank details, credit/debit card number and expiry date;
- financial details;
- credit information;
- tax file number;
- information about work history, qualifications and skills; and
- opinions of others (such as former employers, referees, etc.) about work performance (whether true or not).
Sensitive information
The Act protects sensitive information. ‘Sensitive information’ is a form of personal information and includes information or opinions about an individual’s racial or ethnic origin, political opinion, religious beliefs, sexual orientation or criminal record.
Where Emeco needs to collect sensitive information about you (including, among other things, information about health, medical history or specific conditions, criminal records and professional memberships), this information will only be collected with your consent or in other circumstances required or authorised by law. Sensitive information will only be processed by Emeco if such processing is necessary for the primary purpose for which it was obtained or is required or authorised by law (including occupational health and safety or equal opportunity laws and regulations).
5. How does Emeco collect personal information?
Emeco collects most personal information directly from individuals, such as when they engage with Emeco in relation to service requests for equipment rental, maintenance and sales, mining service or their shareholding in Emeco. The personal information collected may be provided on forms filled out by individuals, face to face meetings, e-mail messages, through Emeco’s website or telephone conversations. If you contact Emeco, Emeco may keep a record of that contact.
There may be other occasions when Emeco collects your personal information from other sources such as credit reporting agencies (in the case of customers and prospective customers), pre-employment service providers and public records including publicly available information on social media or similar sites. Generally, Emeco will only collect your personal information from such sources if it is not reasonable or impracticable to collect the personal information from you.
If Emeco receives unsolicited personal information (including sensitive information) about you, it will assess whether it could have collected the information in accordance with section 3 above and, if not, the information will be destroyed or de-identified.
6. How does Emeco use personal information?
Emeco may collect and use your personal information to:
- provide you with information or products and services that you have requested;
- conduct credit assessments;
- handle payments and credits;
- communicate with customers and suppliers about their accounts;
- respond to applications, questions, requests or complaints that you have made to Emeco;
- improve customer experience and undertake market research;
- if you are a shareholder, provide public information directly to you or otherwise communicate with you regarding your shareholding;
- if you have applied to work with Emeco, assess your application;
- investigate possible fraud and illegal activity;
- comply with laws, including assisting government agencies;
- conduct investigations as may be necessary in connection with Emeco’s business; and
- otherwise manage Emeco’s business.
Without the requisite personal information in the circumstances, Emeco may not be able to do these things. For example, it may not be able to deliver products or services requested, or respond to your questions.
7. Disclosing personal information
Emeco will only use and disclose personal information for the purpose for which it was collected. Emeco may use and disclose personal information for another purpose (secondary purpose) if the person to which the personal information relates has consented to the disclosure or the secondary purpose is related to the primary purpose and might reasonably be expected by that person. When Emeco does this, it takes steps to keep information safe.
The circumstances in which Emeco may disclose your personal information to another organisation are limited, but include:
- when Emeco believes it is necessary to provide you with a service which you have requested;
- when you have provided your consent, to credit assessment agencies;
- in the context of insurance investigations;
- to Emeco’s customers, where required in order to provide a specific service to that customer;
- to another Emeco entity, to the extent reasonably necessary for that entity to carry out supporting functions or activities; and
- third party service providers where required for the provision of a specific service.
Emeco may use or disclose personal information should it be required to do so by law or use or disclosure is permitted by the Act (including law enforcement or public safety).
Emeco also shares personal information with people and organisations that help it with its business, such as professional advisors, IT support, and corporate and administrative services including debt collectors. Emeco only does this where it is needed in order for those services to be provided. When Emeco does this, it takes steps to require its service providers to protect your information.
8. Emeco will not use your e-mail address for spam purposes
Emeco may contact you at the email or other address which you provide it in order to provide you with updated information about Emeco or its businesses.
If you are receiving information from Emeco and do not wish to continue receiving this information, please contact Emeco using the contact details in section 15 below.
9. Emeco’s website privacy practices
Emeco may use cookie technology on its website to provide information and services to website visitors. Cookies are pieces of information that a website transfers to a user’s computer hard disk for record keeping purposes and are a necessary part of facilitating online transactions. Most web browsers are set to accept cookies. Cookies are useful to determine the overall traffic patterns through Emeco’s website.
Any website visitor that does not wish to receive any cookies may set their browser to refuse cookies. This may mean that the visitor is unable to take full advantage of the services on the website.
10. You can access the information Emeco keeps about you
If at any time you want to know exactly what personal information Emeco holds about you, you may request access by contacting Emeco at the address in section 15 below. Before providing you any information, Emeco will need to confirm your identity. Emeco will try to make your information available within 30 days after you ask for it. If it is likely to take longer than 30 days, Emeco will contact you.
In some cases, Emeco can refuse access or only give you access to certain information. If Emeco refuses access to information, an explanation for the decision will be provided, along with the exceptions relied upon for refusing access.
Please contact Emeco if at any time you wish to change personal information held by it that is inaccurate or out of date. If Emeco considers it is not necessary to correct the information, you will be provided with an explanation. You can ask Emeco to include a statement that you believe its record about you is inaccurate, incomplete, misleading or out of date.
11. Anonymity
If lawful and practical to do so, you will have the option of not identifying yourself when dealing with Emeco. However, if you elect not to be identified, Emeco may be unable to provide you with services or information or address your query.
12. Making a privacy complaint
If you are concerned about how Emeco has handled your information, please contact Emeco and Emeco will try and take steps to address your concern. If you are not satisfied with how Emeco has handled your complaint, you can contact the Australian Privacy Commissioner.
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Phone:1300 363 992
Email: enquiries@oaic.gov.au
13. Storage and security of your personal information
Emeco stores personal information in various ways, including electronic and hard copy form. If no longer required, it will destroy or de-identify personal information. Emeco only keeps personal information for as long as it is needed.
The security of personal information is important to Emeco and, accordingly, reasonable steps are taken to keep secure and protected from unauthorised access, modification or disclosure, any information which Emeco holds about you.
Emeco uses a number of means to protect your personal information, including:
- training selected staff on how to keep your information safe and secure where those staff hold positions which require them to have access to personal information;
- security measures at external and internal premises that are designed to restrict access to personal information and ensure that your information is not capable of being seen or modified by unauthorised persons;
- regular review and testing of Emeco’s technology in order to improve the level of security; and
- physical controls to prevent access to Emeco’s offices by unauthorised persons.
Despite Emeco’s efforts, no security controls are 100% effective and it cannot ensure or warrant the security of personal information.
If there is a data breach, Emeco will deal with it without delay and take immediate steps to assess, remediate and if necessary make notifications in respect of any potential or actual breach.
Emeco currently operates across Australia however, at times, it may use international service providers or overseas infrastructure (such as data storage facilities). As such, some disclosures may occur outside the state or territory in which you reside and may, from time to time, include disclosures to related entities or service providers located overseas (which may include Chile, United Kingdom, the Philippines and Europe). Emeco will take reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles. However, Emeco may be unable to ensure the overseas recipient does not breach the Australian Privacy Principles in relation to your information. This may mean for information sent overseas you do not have the protections of, or any redress under, the Privacy Act. The overseas recipient may also not be subject to privacy obligations equivalent to those under the Privacy Act. By providing your personal information to Emeco, you consent to the disclosure, transfer, storage or processing of your personal information outside of Australia on this basis.
14. Handling of data breach
Emeco takes reasonable steps to protect the personal information which it holds from misuse, interference and loss; and, from unauthorised access, modification or disclosure.
A “data breach” is when personal information held by Emeco is lost or subjected to unauthorised access, modification, disclosure, or other misuse of interference. Examples of a data breach are when a device containing person information of customers is lost or stolen, Emeco’s database containing personal information is hacked or an entity mistakenly provides personal information to the wrong person.
If:
- there is unauthorised access to, or unauthorised disclosure of, personal information, and the access or disclosure would be likely to result in serious harm to any of the individuals to which the information relates; or
- personal information is lost in circumstances where unauthorised access to, or unauthorised disclosure of, the information is likely to occur, and if it did occur it would be likely to result in serious harm to any of the individuals to which the information relates,
then there has been an “eligible data breach” under the Act.
If Emeco has reasonable grounds to suspect that there may have been an eligible data breach in relation to personal information which it holds, Emeco will carry out a reasonable and expeditious assessment of whether there are reasonable grounds to believe that the relevant circumstances amount to an eligible data breach.
If, by reason of such assessment or otherwise, Emeco is or becomes aware that there are reasonable grounds to believe that there has been an eligible data breach in relation to personal information which it holds (or held), Emeco will comply with its notification requirements under the Act. This may mean that Emeco notifies individuals to whom the relevant information relates.
15. Who to contact?
If you have any queries relating to this Policy, or you have a problem or complaint, please contact the Company Secretary of Emeco Holdings Limited at:
Level 3
133 Hasler Road
Osborne Park WA 6017
Telephone: 08 9420 0222
Fax: 08 9420 0205
If you wish to make a complaint, please provide your contact details and information regarding the complaint. Emeco may need to contact you to obtain further information.
Complaints will be investigated and Emeco will provide the outcome of any investigation in writing.
Emeco will seek to resolve complaints as soon as practicable. If you are not satisfied with the outcome of your complaint, you can refer the complaint to the Office of the Australia Information Commissioner.
16. Future changes
Emeco reserves the right to change this Policy at any time and notify you by posting an updated version of the Policy on its website www.emecogroup.com. Any updated Policy will supersede all previous Policies.