CSR respects the privacy of individuals. This policy outlines the way we manage personal information that we collect or that is provided to us. It applies to CSR Limited and Australian companies in the CSR group (CSR, we, us).
Why does CSR collect personal information?
CSR is major manufacturer and supplier of building materials and has a substantial investment in aluminium smelting. We collect personal information about people we deal with and others, where relevant, in order to operate our businesses. As a publicly listed company, we also maintain records of our shareholders. Collecting personal information is also necessary in some circumstances to meet our legal obligations.
What kind of personal information does CSR collect and how does CSR collect it?
CSR generally collects and holds personal information about:
• our employees;
• contractors who provide services to CSR;
• our customers;
• our suppliers;
• our shareholders;
• job applicants; and
• other people who may come into contact with CSR or one of CSR’s businesses.
The type of information we collect varies, depending on the purpose, and may include (but is not limited to) your name, address, contact details, organisation, identification, positions held, payment details, credit information and marketing information.
This information may be obtained by way of forms filled out, information provided in person or by telephone, email or online by the individuals themselves, or from a public source or third party (for example, referees, other CSR companies, your organisation, your representatives and information service providers). For additional information about our handling of personal information we collect through our web sites, please see the Security and Privacy Statement on the relevant site.
How do we use personal information and to whom may we disclose it?
In general, CSR collects, uses and discloses personal information to:
• provide products or services that have been requested;
• maintain relationships with suppliers, contractors and other parties;
• verify your identity and personal information;
• maintain and update our records;
• provide ongoing information and marketing communications about CSR products and services to CSR customers and prospective customers by telephone, email, online and other means as permitted by law, unless they opt out; and
• comply with legal obligations and protect our lawful interests.
We may not be able to do these things without your personal information. For example, we may not be able to respond to your enquiries or provide you a product or service you have requested.
We may also collect, use and disclose your personal information in connection with:
• reasonable information requests from courts, government bodies and lawyers
• suspected fraud, misconduct and unlawful activity, and
• any sale or potential sale of any part of our business.
CSR uses the personal information it collects about CSR shareholders to fulfil its legal obligations and to keep its shareholders informed of CSR’s progress. We are required or authorised to collect shareholder personal information under certain laws including the Taxation Administration Act and the Corporations Act, and we are also required to make limited shareholder details available to members of the public on request. CSR’s share registry is managed by Computershare Investor Services Pty Limited (Computershare). Computershare’s privacy policies are available via www.computershare.com.au.
Depending on the product or service concerned, personal information may be disclosed to:
• other divisions or organisations within CSR;
• service providers and specialist advisers to CSR who have been contracted to provide CSR with administrative, archival, auditing, accounting, customer contact, legal, business consulting, banking, payment, debt collection, delivery, data processing, data analysis, information broking, research, investigation, website, technology or other services;
• insurers, credit providers, courts, tribunals and regulatory authorities as agreed or authorised by law;
• credit reporting or reference agencies or insurance investigators; or
• a person authorised by an individual.
Some of the third parties described above may be located in New Zealand and other countries. While those third parties will often be subject to confidentiality or privacy obligations, they may not always follow the particular requirements of the Privacy Act.
Generally, we require that organisations outside CSR who handle or obtain personal information as service providers to CSR acknowledge the confidentiality of this information and undertake to comply with the Principles.
How do we handle credit-related personal information?
While we do not provide credit to consumers, we sometimes handle personal information from credit reporting bodies (CRBs) and certain other consumer credit-related personal information as described below (Credit-Related Personal Information) in the context of commercial credit arrangements. For example, information about an individual’s consumer credit worthiness may be handled where we provide commercial credit accounts to sole traders, or individuals such as directors provide personal guarantees in relation to commercial credit accounts.
We may collect and hold the following types of Credit-Related Personal Information, both in relation to your arrangements with us and those with third parties such as other credit providers:
• name, sex, date of birth, driver’s licence number, employer and three most recent addresses;
• confirmation of previous information requests about you to CRBs made by other credit providers and credit insurers;
• details of previous credit applications, including the amount and type of credit and credit limit;
• details of current and previous credit arrangements, including credit providers, start/end dates and certain terms and conditions;
• permitted payment default information, including information about related payment arrangements and subsequent repayment;
• information about serious credit infringements (e.g. fraud);
• information about adverse court judgments and insolvency;
• publicly available information about your credit worthiness;
• any credit score or credit risk assessment indicating a CRB’s, credit provider’s or our analysis of your eligibility for consumer credit; and
• any other types of Credit-Related Personal Information about you permitted under the Privacy Act.
We may disclose Credit-Related Personal Information to CRBs to assist the CRBs to maintain information about you to provide to other credit providers for credit assessments. We may collect Credit-Related Personal Information from CRBs for purposes including, to the extent permitted by law, to assess your application for credit or to be a guarantor, manage your credit/guarantee, assign debts and collect overdue payments. We may also exchange Credit-Related Personal Information with debt buyers, credit insurers and other credit providers.
The CRBs we use may include:
• Dun & Bradstreet, Level 7, 479 St. Kilda Road Melbourne 3004, www.dnb.com.au, , 1300 734 806
• Veda, PO Box 964 North Sydney 2059, www.mycreditfile.com.au, 1300 762 207
• Experian, GPO Box 1969, North Sydney NSW 2060, www.experian.com.au, 1300 784 134
• Tasmanian Collection Service, 29 Argyle Street, Hobart, www.tascol.com.au, , (03) 6213 5555
You have the right to request CRBs not to:
• use your Credit-Related Personal Information to determine your eligibility to receive direct marketing from credit providers; and
• use or disclose your Credit-Related Personal Information, if you have been or are likely to be a victim of fraud.
How do we manage personal information?
CSR trains its employees who handle personal information to respect the confidentiality of that information and the privacy of individuals.
How do we store personal information?
CSR is required by the Principles to safeguard the security and privacy of your information, whether you interact with us personally, by telephone, mail, over the internet or other electronic medium. This includes an obligation to take reasonable steps to protect the personal information we hold from misuse, loss, unauthorised access, modification or disclosure. The steps we take depend on the circumstances but may include measures such as firewalls, passwords, encryption, locked filing cabinets and building access restrictions.
We hold information in physical and electronic records at our own premises and with the assistance of our service providers. The Principles also require CSR not to store personal information longer than necessary and to take reasonable steps to destroy that personal information or remove details which may identify individuals.
How do we keep personal information accurate and up-to-date?
CSR takes reasonable steps to ensure that the personal information it holds is accurate and up-to-date. We encourage you to contact CSR as soon as possible in order to update any personal information we hold about you. CSR contact details are set out below.
Can you check and update the personal information about you that is held by us?
You may obtain access to or correct any personal information which CSR holds about you, unless one of the exceptions in the Principles applies.
To make a request to access or correct information CSR holds about you, please contact CSR in writing at the address set out below. CSR will require you to verify your identity and to specify what information you require. We will provide reasons if we deny any requests for access to or correction of personal information. CSR may charge a fee to cover the cost of providing access including locating, retrieving, reviewing and copying any material requested. Where we decide not to make a requested correction to your personal information and you disagree, you may ask us to make a note of your requested correction with the information.
What if you have a complaint?
For information about privacy generally, or if your concerns are not resolved to you satisfaction, you may contact the Office of the Australian Information Commissioner at www.oaic.gov.au and on 1300 363 992.
How do you contact us?
If the particular CSR business or activity is unable to deal with a privacy complaint to your satisfaction, please contact the CSR Building Products Privacy Officer or the CSR Property Privacy Officer (as relevant) by e-mail, phone, facsimile or post as set out below:
CSR Corporate Headquarters Locked Bag 1345 North Ryde BC NSW 1670 Australia
Telephone: (02) 9235 8000 Facsimile: (02) 8362 9013
Updates to this Policy
Reviewed and updated: July 2016