Navantia Australia (NAUS) is bound by the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cth) (Privacy Act) when dealing with personal information about individuals. The APPs set out minimum standards about how NAUS can collect, use and manage your personal information.
This Policy details in general terms how NAUS collects, stores, uses and discloses personal information about individuals, and the rights that individuals have to access and correct the information NAUS holds about them. Employee records that are exempt from the operation of the APPs under the Privacy Act are not subject to this Policy.
In this Policy:
‘NAUS’, ‘we’, ‘our’ and ‘us’ means NAUS Pty Ltd and its related bodies corporate and their officers and employees; and personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not.
Collection of Personal Information
NAUS only collects personal information that is necessary for NAUS’s business functions or activities. This includes:
- Procuring goods and/or services from you and/or your organisation as a service provider to NAUS
- Engaging in commercial dealings with you and/or your organisation answering your enquiries and providing you with information you may have requested
- Complying with legislative requirements.
The types of personal information NAUS collects from you will depend on the nature of NAUS’s dealings with you, but generally includes (without limitation) names, addresses, contact details (such as telephone number, facsimile number and email address), and other information that may assist NAUS in conducting its business, meeting its legal obligations and addressing your queries.
NAUS may also collect various types of sensitive information which are reasonably necessary for NAUS’s business functions or activities, either with your consent or where permitted to do so under the Privacy Act or by law. Sensitive information is a particular category of personal information, and may include information about a person’s racial or ethnic origin, political opinions and associations, religious beliefs and affiliations, philosophical beliefs, membership of professional trade associations, membership of trade unions, criminal record and health information. In NAUS’s case, certain exemptions under state legislation permit the collection of sensitive information for employment and employment application purposes.
All personal information collected by NAUS will be collected by lawful and fair means, and not in an unreasonably intrusive way. In most cases, NAUS will collect your personal information directly from you. NAUS collects Personal Information about you when you use the NAUS website, make an enquiry with NAUS or enter into a contractual or employment relationship with NAUS. NAUS may, also collect personal information about you from third parties (for example, in connection with security clearance procedures).
If you do not provide all of the personal information requested by NAUS, then NAUS may not be able to answer your queries, provide you with the requested information, products or services or engage in commercial dealings with you.
Where it is practicable and lawful to do so, NAUS will enable you to interact with it anonymously or pseudonymously.
Information we may collect about you
NAUS may collect, use, store and transfer different kinds of personal information about you which we have grouped together broadly as follows:
- Identity Data includes first name, maiden name, last name, signature, username, employee number or similar identifier, title or role description. In some cases, we may also collect an image of you (including digital image or photograph) where required, for example for access at our various sites across Australia or use of our products or services.
- Contact Data includes email address, digital email signature, company/employer, company address, and telephone numbers.
- Profile Data includes your credentials, username and password, purchases, orders, interactions or enquiries made by you on your or your company’s behalf (e.g. if you are an individual business contact of NAUS), professional information, such as your role and qualifications, you or your company’s interests, preferences, affiliations, memberships, your purchasing influence and role, feedback and survey responses. We may also collect social media details and App ID details.
- Financial Data includes information about your banking references.
- Usage Data includes information about how you use our websites, applications, products and services, including audit logs.
- Technical Data includes information automatically collected from your device when you visit or use our websites, networks or application, such as internet protocol (IP) address, login data.
- Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences, including our events you may have attended or register to attend, and information provided to us at, or arising out of, these events.
We also collect, use and share aggregated, anonymous data, such as statistical data, for any purpose. Such data may be derived from personal information but is not considered personal information at law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data of our websites to calculate the percentage of users accessing a specific website feature.
In very limited circumstances, we may collect sensitive personal information about you. This includes details about criminal convictions and offences. In particular we may require this information in order to comply with export laws, or to allow access to security sensitive information, technologies or sites.
We will only collect and process such information in accordance with applicable laws, including by seeking your consent, or where a permitted general situation exists.
How your personal Information is Collected
Direct interactions: You may give us your personal information by filling in forms or by corresponding with us by mail, phone, email, through our websites or otherwise. This includes personal information you provide when you:
- Use our websites
- Create an account on our websites, portals, or any other applications or websites used to communicate with you, or provide products or services
- Exchange email, text, phone, chat and other electronic messages with us
- Download marketing or technical material
- Purchase or license (or intend to purchase or license) our products or services, including maintenance and support
- Sell or license (or intend/propose to sell or license) products and services to us
- Enter into other commercial and/or property transactions with us
- Subscribe to receive our publications or marketing
- Attend or register to attend sponsored events or other events at which we participate
- Provide a query or feedback
- Complete a survey or form (including the “contact us” form on our website or when you register a product for warranty purposes).
Third parties or publicly available sources: We may receive personal information about you from various third parties and public (open) sources, including information provided by a company in which you are a shareholder or officeholder, or from your employer, and information about you that is publicly available such as contact details, qualifications and social media details available on the world wide web.
You need to confirm separately the level of consents or other permissions you may have given to any third party to share your personal information with us.
Use and Disclosure
NAUS only uses personal information for the primary purpose of its collection (being the particular purpose or reason why the information was collected by NAUS). NAUS collects and holds personal information about you for the purpose of:
- Providing you and your company with goods and or services
- Answering your enquiries and providing you with information you may have requested
- Providing you (or your company) with information that NAUS considers relevant.
NAUS may disclose your personal information to:
- NAUS’s related bodies corporate;
- Other companies or individuals that assist NAUS in providing services or that perform functions on NAUS’s behalf, including (but not limited to) agents,
- Consultants and solicitors;
- The Australian Security Intelligence Organisation, Australian Police Force, Australian Federal Police and other organisations that have a role in Australian security clearance procedures; and
- Anyone else to whom you authorise NAUS to disclose your personal information.
NAUS will not provide your personal information to any party for the purpose of that party using your personal information to market, offer or sell their products to you.
Apart from using your personal information for the primary purpose described above, NAUS may also use your personal information for a related secondary purpose (or a directly related secondary purpose, in the case of your sensitive information) where you consent to that use, where NAUS considers you would reasonably expect NAUS to use or disclose it for that secondary purpose, or where otherwise permitted to do so under the Privacy Act.
In limited circumstances under the Privacy Act, NAUS may disclose personal information where:
- The use or disclosure of that information is required or authorised by or under an Australian law or a court/tribunal order
- NAUS reasonably believes the use or disclosure is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body
- NAUS reasonably believes the use or disclosure is necessary in taking action about a suspected unlawful activity (or serious misconduct) relating to NAUS’s functions or activities
- To lessen or prevent a serious threat to life, health or safety.
Access to Information
NAUS takes reasonable steps to ensure that the personal information it collects and holds is accurate, complete and up-to-date. Further, NAUS will also take reasonable steps to ensure that personal information it uses or discloses is accurate, complete, up to date and relevant.
You may request access to the personal information NAUS holds about you. Generally, NAUS will provide you with access, unless it considers that it is permitted under the Privacy Act (or another relevant Australian law, or a court or tribunal order) to withhold that personal information. If access is refused, NAUS will provide you with written reasons for that refusal.
All requests for access to personal information are to be made in writing addressed to NAUS’s Privacy Officer at the address shown below. NAUS may charge a fee for actioning your request for access to your personal information (but any such fee will be reasonable).
If you satisfy NAUS that any personal information it holds about you is inaccurate, incomplete, out-of-date, irrelevant or misleading, NAUS will take reasonable steps to amend that information and its records accordingly. Please let us know if any of your personal details change.
As a defence industry organisation, NAUS maintains strict security over its physical premises and electronic systems. Access to NAUS’s computer systems is limited by user identifiers, passwords and access restricted on a “need to know” basis. Access to all personal information within NAUS’s possession and control is strictly controlled.
NAUS takes reasonable steps to ensure that all personal information it holds is protected from loss, interference, misuse or unauthorised access, disclosure or modification. NAUS also takes reasonable measures to ensure that any personal information (including any unsolicited information) is destroyed or permanently de-identified if no longer needed for any purpose for which it was lawfully collected by NAUS.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements, or for any secondary purpose permitted by the APPs.
NAUS may disclose your personal information to an offshore recipient in foreign country (including foreign Governments or offshore defence or security organisations in connection with NAUS’s business operations with those countries, or organisations in those countries).
NAUS will take reasonable steps in the circumstances to ensure the offshore recipient does not breach the APPs in relation to your personal information, except where:
- NAUS reasonably believes the offshore recipient is subject to privacy laws in that foreign country consistent with the APPs, and you have access to mechanisms in that country for the enforcement of those privacy laws for the protection of your information
- NAUS is legally permitted or required to make that offshore disclosure
- NAUS informs you that it will not take reasonable steps in the circumstances to ensure the offshore recipient does not breach the APPs, and you consent to the disclosure
- the Privacy Act otherwise permits the offshore disclosure.
NAUS may also store and process personal information at offshore locations, including cloud database or computing facilities provided by third parties. By providing your personal information to NAUS, you consent to your personal information being disclosed offshore for this purpose.
Where NAUS does disclose personal information outside Australia, the countries in which those offshore recipients are likely to be located are in Spain.
Notification of data breaches
Notwithstanding the measures undertaken to protect privacy, NAUS acknowledges the possibility of data breaches occurring. A data breach is:
- An unauthorised access to personal information
- An unauthorised disclosure of personal information
- A loss of personal information (likely to result in unauthorised access or disclosure).
Where NAUS discovers or has reasonable grounds to suspect that a data breach has occurred, NAUS’s Privacy Officer will take appropriate action to address the issue, including:
- Prompt investigation of (including the extent of) any suspected data breach
- Containment of any actual breach and conduct of a preliminary assessment of the breach
- Evaluation of the risks associated with the breach, having regard to the nature of the personal information involved (including sensitivity and volume), the cause and extent of the breach and other matters affecting the likelihood of serious harm to the affected individuals arising:
- Notification of the data breach (where NAUS considers necessary) to the Office of the Australian Information Commissioner and affected individuals containing the information prescribed under the Privacy Act, where serious harm is likely to occur, and no remedial action can be taken to remove that risk
- Prevention or mitigation of future breaches.
NAUS does not adopt as its own identifier of an individual a Commonwealth or State government identifier (e.g. Tax File Number (TFN) or driver’s licence number). Other identifiers such as Australian Business Numbers (ABNs) may be used by NAUS for ordinary commercial purposes and for NAUS’s compliance with taxation laws such as Goods and Services Tax (GST) (but only for GST purposes).
NAUS cannot guarantee the privacy or security of personal information provided via the NAUS website, during the transmission process. Once that personal information is received, NAUS then takes take reasonable steps to protect your personal information as outlined in this Policy.
NAUS’s website may contain links to other websites. NAUS is not responsible for the privacy practices or the use and protection of your personal information on those sites.
Further Information about Privacy Law
More information about Privacy Act and the Australian Privacy Principles is available from the Office of the Australian Information Commissioner at www.oiac.gov.au.
NAUS may amend this Policy from time to time to reflect changes in the law, or its business functions or activities. A current version of the Policy will at all times be posted on NAUS’s website at www.navantia.com.au.
Alternatively, a copy may be requested from NAUS’s Privacy Officer at the details below.
All queries about NAUS’s dealings with your personal information, its compliance with the Privacy Act or any complaints about an alleged breach by NAUS of the Australian Privacy Principles must be made in writing to NAUS’s Privacy Officer at the contact details set out below. NAUS aims to respond to any such queries (or complaints) at first instance within 30 days of the date of receipt of the query (or complaint).
NAUS’s Privacy Officer can be contacted at:
Navantia Australia Pty Ltd
Level 2, 56 Pitt Street Sydney 2000
or on (02) 8273 4430 or by e-mail at PID@navantia.com.au