PRIVACY POLICY

CSR Group Privacy Policy

CSR Group Privacy Policy

Introduction

CSR is committed to protecting your privacy. This policy applies to the CSR Group, being CSR Limited ACN 000 001 276 and its related bodies corporate, collectively “we” “us” and “CSR” and it sets out how we collect, use and manage personal information.

CSR’s privacy obligations are governed in Australia by the Privacy Act 1988 (Cth) and the Australian Privacy Principles and in New Zealand by the Privacy Act 2020 (Privacy Laws).

What personal information does CSR collect?

The types of personal information that we may collect will depend on the nature of the interaction with you, but may include:

  • name and date of birth;
  • contact details including address, email address and telephone number;
  • if you apply for employment with us, details regarding your employment history, educational qualifications, information derived from background checks, current employment and income details;
  • identification document details including passport and driver’s licence;
  • bank account or other payment details;
  • credit related personal information;
  • images from video surveillance;
  • network and device data such as IP address; and
  • other personal information you provide to us.

How does CSR collect personal information?

The way we collect information depends on the nature of the interaction with you. We will usually collect personal information directly from you, for example you may:

  • access one of our websites;
  • submit a contact form via one of our websites;
  • subscribe to receive communications from us;
  • place an order with us;
  • apply for credit terms with us;
  • apply for employment with us;
  • share your personal information with the CSR customer services team or other CSR representative;
  • undertake a customer survey or provide feedback; or
  • otherwise communicate with us.

We may also collect personal information about you from third parties, for example from:

  • publicly available sources;
  • recruitment agencies, referees and pre-employment screening check providers;
  • your representatives; and
  • credit reporting bodies.

How does CSR use personal information?

Other than as permitted under the Privacy Laws, CSR will only use your personal information for the purpose for which it was collected, which may include:

  • to provide products or services to you;
  • to administer and manage those services and products including charging, billing, delivery and collecting debts;
  • to provide you with information, products or services that you request from us;
  • to maintain relationships with suppliers, contractors and other service providers;
  • to verify your identity;
  • to maintain and update our records;
  • to perform our business functions;
  • for analytic and statistical purposes;
  • to monitor our sales of products and services and for quality control purposes;
  • to monitor and measure the use of our websites or apps;
  • to undertake product recalls or withdrawals;
  • to assess credit worthiness and provide credit;
  • to provide information to and communicate with our shareholders;
  • to comply with legal obligations and protect our lawful interests;
  • to assist us in ensuring security, health and safety and customer protection in our stores; and
  • any other purpose made known to you at the point of collection.

You do not have to provide personal information, but if CSR cannot collect your personal information then we may not be able to provide you with the information, goods or services you have requested.

Shareholder personal information

CSR collects personal information of its shareholders to fulfil legal obligations associated with trading as a publicly listed company. CSR’s share registry is managed by Computershare Investor Services Pty Limited, and its privacy policies are available via https://www.computershare.com/au/privacy-policies.

Does CSR send marketing material?

Where CSR has your consent, or is permitted by the Privacy Laws to do so, we may use and disclose your personal information to send direct marketing material about our products and services, or other matters we consider may be of interest to you.

If you wish to opt out from receiving marketing material from CSR you can use the unsubscribe function in the electronic message or contact the Privacy Officer using the details below.

Who does CSR disclose personal information to?

We may disclose your personal information to companies within the CSR Group, third parties engaged by CSR and our business partners who assist us to perform our business functions including providing information, goods or services to you. We may disclose to:

  • our employees, consultants, temporary workers or other representatives;
  • payment processors;
  • logistics providers;
  • professional advisers such as bankers, solicitors, business advisors and auditors;
  • service providers who provide operational services to CSR or who help provide our services to you, such as accounting, consumer analysis, archiving, cloud storage and processing, debt collection, data processing and data analysis, information broking, insurance, marketing and consumer analysis, telecommunications, research, fraud detection and monitoring, website, information technology or other relevant services;
  • credit reporting bodies;
  • government agencies or regulatory bodies;
  • third parties in connection with the sale or some or all of our business; and
  • any other party whom you authorise us to disclose your personal information to.

We may also disclose your personal information to comply with legislative and regulatory requirements or in connection with law enforcement requirements or as otherwise required or permitted by law.

Does CSR disclose personal information overseas?

Some third parties that we disclose your personal information to may be located in a country outside of your own country. The countries in which the personal information you provide to us may be held include Australia, New Zealand, the United States of America, and Europe. We will not disclose your personal information to an overseas recipient without taking reasonable steps to ensure that the overseas recipient will not breach the Privacy Laws.

Use of cookies and links to third party sites

Our websites use cookies. Cookies are pieces of information stored on an individual’s computer and are used for customising site information to improve user experience and for tracking user navigation. CSR recommends the use of cookies, however you can change the settings on your web browser to turn off cookies or to notify you when cookies are being used.

CSR’s websites may contain links to websites operated by third parties. CSR is not responsible for the content, or privacy policy, of third party sites.

Storage and security

CSR has implemented and maintains appropriate physical, electronic and administrative safeguards to protect personal information from loss, misuse, alteration, theft, unauthorised access or unauthorised disclosure. Once CSR no longer requires personal information held, we will take reasonable steps to destroy or de-identify the personal information.

How you can access and correct personal information

In most cases, you may obtain access to or correct any personal information which CSR holds about you.

To make a request to access information CSR holds about you, please contact our Privacy Officer in writing using the contact details below, noting the personal information you are requesting access to. We may need to verify your identity. CSR may charge a reasonable administrative fee in connection with your request to access information, in which case we will advise you of this fee upfront and obtain your consent before we proceed.

CSR takes reasonable steps to ensure that the personal information it holds is accurate and up to date and in most cases will take reasonable steps to correct personal information that is inaccurate. Please contact our Privacy Officer if your personal information changes using the contact details below.

If CSR denies any requests for access to, or correction of, personal information, CSR will provide a written explanation. If you object, you may make a complaint in the manner described in the Complaints section below.

Complaints

If you consider that any action taken by CSR breaches this policy or the Privacy Laws, you can make a complaint by contacting us by one of the methods set out below. We take privacy complaints seriously and will act promptly in response to a complaint.

If your concerns are not resolved to your satisfaction in Australia you may complain to the Office of the Australian Information Commissioner (www.oaic.gov.au) and in New Zealand you may complain to the Office of the Privacy Commissioner (www.privacy.org.nz).

Updates to this policy

This privacy policy may be reviewed and revised from time to time, and revisions will be effective upon the revised policy being made available on this site.

How to contact CSR

If you have any queries about this policy, complaints about CSR’s handling of your personal information or wish to access or update your personal information which CSR holds, please contact CSR’s privacy officer at info@csr.com.au, or you can write to:

CSR Privacy Officer
CSR Limited
Locked Bag 1345
North Ryde BC NSW 1670
Australia

Reviewed and updated: December 2022