We are bound by the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) (Privacy Act). This policy has been drafted in order to comply with the APPs.
What personal information do we collect?
- Gold Fields Australia will only collect personal information if it is reasonably necessary to pursue at least one of our functions and activities in the course of operating our business as a gold producer. In support of our core business of gold mining, we also carry out the following related functions and activities:
- human resource activities, including recruitment, performance management, training and development, succession planning, and payroll and associated taxation and superannuation payment and reporting activities;
- security services, occupational health, wellbeing and safety activities;
- procurement and supply chain activities;
- corporate administration;
- property management, including accommodation/camp activities;
- transportation activities; and
- stakeholder relations and engagement activities
- The personal information that we collect varies with the functions and activities that we engage in, but (without limitation) may include:
- contact information: including names, date of birth, titles, email addresses, residential addresses, and telephone numbers;
- tax file numbers, banking details and superannuation information;
- information received from prospective employees that is potentially relevant to employment at our organisation (see paragraph 3 below);
- historical and current medical information, including details of any claims brought under any relevant workers compensation scheme;
- performance reviews and assessments, development plans and career aspirations;
- details of complaints/grievances that we receive; and
- such other information that we are required or authorised by or under an Australian law, or a court/tribunal order, to collect and keep
3. In the course of carrying out recruitment activities, we may collect information regarding your educational and/or trade qualifications, skills, authorisations, career history, interests, hobbies and job interests and such other information as may be routinely included within a curriculum vitae. We may also collect personal information during standard pre-employment checks, such as National Police Clearance/CrimTrac checks, health checks and psychometric testing.
4. From time to time, we may collect sensitive information about you in order to conduct our activities. However, we only collect sensitive information if:
- the collection is reasonably necessary for one or more of our activities or functions; and
- we have your consent to the collection; or
- an exception applies (see paragraph 5 below).
5. The APPs list a number of circumstances that permit the collection of sensitive information about you without your consent. We only collect sensitive information without your consent if one or more of those circumstances applies.
6. The sensitive information that we collect may include:
- racial or ethnic origin, which may be recorded on the visas of some of our prospective international employees;
- union affiliations, which provide us with background information regarding our staff;
- religious beliefs or affiliations, which are only collected to the extent that they may impact on medical issues of our staff;
- health information, which we collect to ensure the wellbeing of our staff; and
- criminal records, which we collect both as part of our standard pre-employment checks, and during the course of employment (in relation to certain positions).
How do we collect and store personal information?
Collection of personal information
7. We will only collect personal information if it is reasonably necessary for us to carry out our functions and activities, and only by lawful and fair means that is not unreasonably intrusive.
8. In most cases, we will collect personal information directly from you. However, we may also collect personal information through the following means:
- publications and written correspondence, including newspapers, magazines, journals, letters, emails and SMS;
- telephone conversations, including reference checks;
- CCTV video and audio recordings; and
- social media, including (but not limited to) Facebook, Twitter and LinkedIn.
9. If you supply us with personal information of a third party, such as a spouse, family member, colleague or friend, we accept that information on the condition that you have all the rights required from that third party to provide that personal information to us to use for our functions and activities.
10. In order to carry out our activities, we may collect personal information from third parties, including nominated referees, former employers, recruitment agencies, skills and qualification verification agencies, and medical practitioners.
11. We will only collect personal information from third parties if:
- we are required or authorised by or under an Australian law, or a court/tribunal order, to collect the information from someone other than the individual concerned; or
- it is unreasonable or impracticable to collect the information directly from you.
Storage of personal information
12. We store hardcopy documents containing personal information in secured facilities.
13. Electronic documents are stored with security measures and protocols implemented to ensure the security and confidentiality of the documents and the personal information contained in them
14. Where documents and personal information are stored in cloud-based systems (for example SuccessFactors), we ensure that we first identify the location of all servers, with a preference given to in-country hosting services. In all cases, we ensure that all providers of cloud-computing services have appropriate security measures in place.
Purposes for which we collect, hold, use and disclose personal information
15. As described in paragraph 1 above, we may collect and hold personal information if it is reasonably necessary to pursue at least one of our functions or activities in the course of our business as a gold producer, or if its collection and storage is required or authorised by or under an Australian law, or a court/tribunal order.
16. As described in paragraphs 4 and 5 above, we may collect and hold sensitive information that is reasonably necessary for us to pursue at least one of our functions and activities in the course of our business as a gold producer. Further, unless the APPs permit otherwise, we will only collect and hold your sensitive information if we have received your consent to do so.
17. Gold Fields Australia is part of the global Gold Fields group, with further offices and/or operations/projects located in South Africa, Ghana, Peru, Chile, the Netherlands, the Isle of Man, the United States of America, Canada and the Philippines.
18. We may share some personal information with different international offices within the Gold Fields group. For example, personal information may be distributed when our Australian employees undertake training programs and/or secondments at other operations/projects within the Gold Fields group. Personal information may also be distributed during the course of the Gold Fields talent review. See further information about this at paragraphs 51-55.
19. Generally, we will only use or disclose personal information for the purpose for which it was collected (the primary purpose). For example, if we collect your personal information for the purpose of corporate administration, we will generally only use and disclose that information for that purpose.
20. From time to time, we may use or disclose personal information for secondary purposes if we receive your consent or if the APPs otherwise permit us to do so. The APPs permit us to use and disclose personal information for a secondary purpose without your consent if:
- you would reasonably expect us to use or disclose the information for a secondary purpose that is:
(i) if the information is sensitive – directly related to the primary purpose; or
(ii) if the information is not sensitive – related to the primary purpose; or
- the use or disclosure of the information is permitted or authorised by or under an Australian law or a court/tribunal order.
- For example, if we collect your personal information for the primary purpose of corporate administration and you later make some form of complaint against us, we may use that personal information for the secondary purpose of investigating your complaint.
- From time to time, we may need to disclose personal information to third parties to carry out our functions and activities, including the following:
- local and international consulates and/or government immigration departments regarding work visas, immigration agents and credit reporting agencies;
- government organisations such as the Australian Taxation Office or ASIC;
- Gold Fields’ nominated corporate superannuation provider (currently Plum), and to any other third party provider nominated by you;
- Gold Fields’ nominated corporate private healthcare provider (currently NIB), or to any other private healthcare provider nominated by you;
- Investec, in relation to any shares granted and held by you under relevant payment and incentive programmes;
- insurers (and their advisors) regarding applicable employee policies in place (e/g life/TPD), and/or in relation to insured incidents which occur in the workplace;
- training and development providers, including occupational psychologists or other professionals qualified to undertake psychometric or other assessments;
- consultants to conduct qualification and trade checks (whether on a national or international basis);
- accommodation/camp services providers;
- travel services providers, including travel/booking agents and flight providers;
- third parties (including, but not limited to the Chamber of Minerals and Energy) conducting site access or assured role checks;
- service providers undertaking surveys (for example the Climate Survey), or polling (for example voting on the Enterprise Agreement) on behalf of Gold Fields;
- software and data management providers in relation to the hosting and processing of employment information (for example SuccessFactors); and
- other contractors; and
- third party advisors, such as external lawyers.
- Our website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie, about your use of our website (including your IP address), will be transmitted to and stored by Google on servers in the United States.
- Google uses this information to evaluate your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.
Notification of collection
- At or before the time we collect personal information about you (or, if that is not practicable, as soon as practicable after), we will take such steps as are reasonable in the circumstances to notify you of the following information (“Collection Information”):
- our identity and contact details;
- that we have collected the personal information;
- if the collection of the personal information is required or authorised by or under an Australian law or a court/tribunal order – the fact that the collection is so required or authorised;
- the purpose for collecting the personal information;
- the main consequences (if any) for you if we do not collect all or some of the personal information;
- the organisations, or types of organisations, to which we usually disclose personal information of that kind;
- whether we are likely to disclose the personal information to overseas recipients, and if so, the countries in which such recipients are likely to be located (if practicable to do so).
- Circumstances may arise where it would be reasonable for us not to provide you with notice of all or some of the Collection Information. For example, this may be reasonable where:
- you are aware that personal information is being collected, the purpose of the collection and other matters relating to the collection;
- we collect personal information about you on a recurring basis over a short period of time in relation to the same matter, and you are aware (or reasonably ought to be aware) that a separate notice will not be issued for each instance of collection; and
- notification would be inconsistent with a legal obligation, such as legal professional privilege.
Anonymity and pseudonymity
- When interacting with us, circumstances may arise where you choose to remain anonymous or to use a pseudonym. In particular, you may interact with us anonymously or pseudonymously when using our climate surveys, confidential Tip-off Line, or the Employee Assistance Programme. However, we may elect not to deal with you anonymously or pseudonymously if:
- we are required or authorised by or under an Australian law, or a court/tribunal order, to deal with you in accordance with your identity; or
- it is impracticable for us to deal with you in this way.
- In some circumstances, it may not be possible for us to provide a service without the knowledge of your identity.
Receipt of unsolicited personal information
- If we receive personal information that we did not solicit, we will, within a reasonable period of receiving the information, determine whether we would have been permitted to collect the information pursuant to the APPs.
- If we determine that we have received personal information that we would not have been permitted to collect pursuant to the APPs (and the information is not contained in a Commonwealth record), we will as soon as practicable and where it is lawful and reasonable to do so, destroy the information or ensure that it is de-identified.
- If we determine that we would have been permitted to collect the personal information pursuant to the APPs, we will ensure that the information is dealt with in a manner that complies with the APPs.
Quality of personal information
- We will endeavour to take reasonable steps to ensure that the personal information that we collect is accurate, up-to-date and complete. Further, we will endeavour to take reasonable steps to ensure that the personal information that we use or disclose is, having regard to the purpose of our use or disclosure, accurate, up-to-date, complete and relevant.
- The reasonable steps described above that we may undertake include:
- ensuring that updated and new personal information is promptly added to relevant existing records;
- reminding you to update your personal information when we engage with you;
- providing self-service options to update some of your own personal information that is held by us;
- with respect to personal information in the form of an opinion, we may take the following steps to verify the accuracy of the opinion:
- checking that the opinion is from a reliable source;
- providing the opinion to you before we use or disclose it;
- clearly indicating on our record that the information is an opinion and identifying the individual who formed that opinion.
Security of personal information
- We will take such steps as are reasonable in the circumstances to protect personal information that we hold from:
- misuse, interference and loss; and
- unauthorised access, modification or disclosure.
- If we hold personal information about you which we no longer require, we will take reasonable steps to destroy the information or ensure that it is de-identified (unless our compliance with the APPs or another law requires us to avoid taking such steps).
Access to personal information
- Requests for access to your personal information should be made in writing and addressed to the Privacy Officer. The Privacy Officer may be contacted at:
Telephone: +61 8 6316 4003 / +61 8 9211 9252
- Upon request of your personal information, we will, within a reasonable period of the request being made, give access to the information in the manner requested (if it is reasonable and practicable to do so), subject to exceptions set out in the APPs.
- The APPs provide a list of situations in which we may deny you access to your personal information. These situations include where:
- granting access would have an unreasonable impact on the privacy of others;
- the information relates to existing or anticipated legal proceedings, and would not be accessible by the process of discovery in those proceedings;
- granting access would reveal our intentions in relation to negotiations with you in such a way as to prejudice those negotiations;
- granting access would be unlawful; and
- granting access would be likely to prejudice the taking of appropriate action in relation to suspected unlawful activity or serious misconduct.
- If we refuse to give access to personal information in accordance with the APPs, we will provide a written notice setting out:
- the reasons for denying access to personal information (except where it would be unreasonable to provide such reasons);
- the mechanisms available to complain about the refusal; and
- any other matters prescribed by the regulations.
- Generally, we will not charge fees for giving access to personal information. However, we reserve the right to charge reasonable fees where requests for personal information contain complications or are resource intensive.
Correction of personal information
- Requests for correction of your personal information should be made in writing and addressed to the relevant Privacy Officer at the contact details provided in paragraph 36 above.
- If, with regard to the purposes for which it is held, the Privacy Officer is satisfied that the personal information we hold is inaccurate, out-of-date, incomplete, irrelevant or misleading, or if you make a request, we will take reasonable steps to correct the information. However, as a matter of practice, when we receive personal information, we will hold the information for a period of 5 years before we consider whether it is inaccurate, out-of-date, incomplete, irrelevant or misleading (unless we are informed otherwise).
- If we correct your personal information, we will take reasonable steps to notify any third party to which we have previously disclosed the information, if you request and it is not unlawful or impracticable for us to do so.
- If we refuse to correct your personal information in accordance with the APPs, we will provide a written notice setting out:
- the reasons for the refusal (except where it would be unreasonable to provide the reasons);
- the mechanisms available to complain about the refusal; and
- any other matter prescribed by the regulations.
- If we refuse to correct your personal information in accordance with the APPs, you may request that we associate the information with a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading. Where such a request is made, we will take reasonable steps to associate the statement so that it is apparent to the users of the personal information.
- We will aim to respond to any request regarding the correction of your personal information within 30 days of the request being made.
- We will not charge fees for requests for the correction of your personal information or for associating the statement with the personal information.
- If you believe that we have breached the APPs in any way in relation to your personal information, you may make a written complaint to the Privacy Officer.
- The Privacy Officer will review the complaint, consider our conduct in relation to the complaint and the requirements of the APPs, and will consider appropriate action. The Privacy Officer will inform you of his or her decision within 30 days of receiving the complaint.
- If you are unhappy with the Privacy Officer’s decision, an appeal may be made to the Information Officer. In this event, the Privacy Officer will present its findings to the Information Officer, who will then make a decision as to appropriate action. The Privacy Officer will keep you informed during this process. If you are unhappy with the Information Officer’s determination, you may make a complaint to the Office of the Australian Information Commissioner.
Disclosure to overseas recipients
- Circumstances may arise where we may need to disclose personal information to overseas recipients. As mentioned in paragraph 16 above, Gold Fields Australia is part of the Gold Fields group, which has offices in South Africa, Ghana, Peru, Chile, Canada, the Netherlands, the Isle of Man, the United States of America and the Philippines.
- As part of our global operations, we may share some of your personal information with other entities within the Gold Fields group, and to third parties outside of the Gold Fields group.
- Before disclosing personal information to any overseas recipient (whether within or outside the Gold Fields group), we will take such steps as are reasonable in the circumstances to ensure that the overseas recipient also complies with the APPs in relation to that information, unless the APPs do not require us to do so.
- We will not be required to take the steps described in paragraph 54 above if:
- we reasonably believe that:
- the recipient of the information is subject to a law or a binding scheme that has the effect of protecting the information in a way that, overall, is at least substantially similar to the way in which the APPs protect the information; and
- there are mechanisms that could be taken to enforce the law or binding scheme; or
- both of the following apply:
- we expressly inform you that if you consent to the disclosure of the information, we will not be required to take the steps described in paragraph 54 above; and
- after being so informed, you consent to the disclosure; or
- the disclosure of the information is required or authorised pursuant to an Australian law or a court/tribunal order; or
- the APPs otherwise allow us to refrain from taking the steps described in paragraph 54 above.
|“collect”||Personal information is only collected if it is included in a record or generally available publication.|
|“consent”||This means express consent or implied consent.|
|“health information”||This refers to:
(a) information or an opinion about an individual, that is also personal information, about:
(i) the health (including fitness for work) or a disability (at any time) of an individual; or
(ii) an individual’s expressed wishes about the future provision or health services to him or her; or
(iii) a health service provided, or to be provided, to an individual; or
(b) other personal information collected to provide, or in providing, a health service; or
(c) other personal information about an individual collected in connection with a donation, or intended donation, by the individual of his or her body parts, organs or body substances; or
(d) genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual.
|“personal information”||This refers to information or an opinion about an identified individual, or an individual who is reasonably identifiable:
(a) whether the information or opinion is true or not; and
(b) whether the information or opinion is recorded in a material form or not.
|“sensitive information”||This refers to:
(a) information or an opinion (that is also personal information) about an individual’s racial or ethnic origin;
(b) political opinions;
(c) membership of a political association;
(d) religious beliefs or affiliations, philosophical beliefs;
(e) membership of a professional or trade association;
(f) membership of a trade union;
(g) sexual orientation or practices; or
(h) criminal records.
Sensitive information can also refer to health information, genetic information, biometric information and biometric templates.
Underscored by a common goal of creating shared benefits to those associated with our efforts, it means our people, the ecosystems in which we operate, and the rapport we have with our local and indigenous communities, is of the highest respect.