Introduction
ATCO Australia Pty Ltd ACN 091 033 546
ATCO Gas Australia GP Pty Ltd ACN 151 245 779
ATCO Power Australia (Karratha) Pty Ltd ACN 132 830 043
ATCO Australia Services Pty Ltd ACN 067 295 238
Source Energy Co Pty Ltd ACN 611 435 208
ATCO Australia Pumped Hydro Pty Ltd ACN 636 877 104
ATCO Gas Australia Pty Ltd ACN 089 531 975
Osborne Cogeneration Pty Ltd ACN 072 027 331
(each referred to as ATCO, we, us or our), has a Privacy Practice to provide individuals about whom we collect or receive Personal Information (generally users of our website and services) with information about how we collect, hold and use that Personal Information.
If you wish to make any inquiries regarding this Privacy Practice, please contact ATCO’s Privacy Officer:
Manager Risk & Compliance
81 Prinsep Road
JANDAKOT WA 6164
Phone: +61 8 6163 5000
Email: compliance@atco.com
We may, from time to time, review and update this Privacy Practice, including taking into account new laws, regulations and technology. All Personal Information held by us will be governed by our most recent Privacy Practice, posted on our website.
What personal information do we collect and hold?
"Personal Information" is information or an opinion, whether true or not and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained. Personal Information collected may include (but is not limited to) the following:
- Name, postal, residential address and/or service address
- Email address;
- Australian Business Number;
- Date of birth;
- Contact details including telephone numbers (landline and mobile);
- Gender;
- Occupation and employment details;
- Payment details;
- Any feedback that you give us; and
- Information that we collect for marketing purposes, such as your areas of interest and other information you provide to us.
- Credit and financial information, including assets, income and superannuation details;
- Bank account and credit information details;
- Tax file number;
- Product and service-related information concerning the products and services that we provide to, or receive from, you, [including with respect to the service, maintenance and repair of such products];
- Business relationship information, including information related to your agreements, preferences, advisors and decision-makers; and
- Customer relationship information such as customer service requests and feed-back and information requested or provided by or from you.
What sensitive information do we collect about you?
We may also collect sensitive information about you including but not limited to, information about your health, including for example, your COVID-19 vaccination status or exemption status or booster vaccination status or booster exemption status (Sensitive Information).
Unless required by law, we will only collect Sensitive Information with your consent. We will only disclose your Sensitive Information to our related entities (including other members of the ATCO Group) (Related Entities) or other third parties where required to comply with any law, disclose that information to our Related Entities for reporting on legal, regulatory or other compliance matters or as otherwise required for storage in accordance with this Privacy Practice.
Other than as specified in this clause, your Sensitive Information will be treated the same as other Personal Information under this Privacy Practice.
What information do we collect via our website?
We will not collect any Personal Information about users of our website except when they knowingly provide it (for example, when you fill out an online form) or as otherwise described below.
Click Stream Data
When you visit and browse our website, our website host may collect information for statistical, reporting and maintenance purposes.
The information collected by our website host is used to administer and improve the performance of our website and will not be used to identify you. The information may include:
- Number of users visiting our website and the number of pages viewed;
- Date, time and duration of a visit;
- IP address of your computer; and
- Path taken through our website.
Cookies
Cookies are small text files that are transferred to a user's computer hard drive by a website for the purpose of storing information about a user's identity, browser type or website visiting patterns. Cookies may be used on our website to monitor web traffic, for example the time of visit, pages visited and some system information about the type of computer being used. We use this information to enhance the content and services offered on our website.
Cookies are sometimes also used to collect information about what pages you visit and the type of software you are using. If you access our website or click-through an email we send you, a cookie may be downloaded onto your computer's hard drive.
Cookies may also be used for other purposes on our website but in each case none of the information collected can be used to personally identify you.
You can configure your browser to accept all cookies, reject all cookies, or notify you when a cookie is sent. Each browser is different, so check the "Help" menu of your browser to learn how to change your cookie preferences.
If you disable the use of cookies on your web browser or remove or reject specific cookies from our website or linked sites, then you may not be able to gain access to all of the content and facilities in those websites.
When and why we collect personal information
We collect your Personal Information to allow us to conduct our business functions, market and sell our products and services.
We may collect your Personal Information when you:
- Provide the information to us;
- Work with us as an employee, as temporary or agency staff, a consultant, one of our contractors or an employee of one of our contractors;
- Visit our website (see Section 1);
- Buy or use our products or services;
- Request information about us, our products or our services;
- Provide feedback;
- Fill in a form on our website; or
- Where we are required or authorised by law to do so.
We may also collect Personal Information about you via third parties (i.e. other organisations); however, we will only collect your Personal Information in this way if it is unreasonable or impractical to collect this information directly from you and if we are otherwise permitted to do so.
How we store personal information
We store Personal Information electronically and in hard copy depending on how the data was collected.
Any Personal Information that is collected via our website or which is held on our computer systems is protected by safeguards including physical, technical (firewalls, SSL encryption, etc.) and procedural methods.
Personal Information held in hard copy form is kept to a minimum and secured in locked safes and cabinets when not in use.
Some Personal Information is stored with third parties with whom we do business, including providers of information technology infrastructure, such as cloud storage and other cloud services. We have strict privacy and confidentiality arrangements in place with those parties. We aim to keep all Personal Information secure at all times and only make it available to those at ATCO who require it to perform their job.
We do not collect Sensitive Information or financial information about our users via our website.
If we find that we have no further need for your Personal Information we may remove it from our systems and destroy all record of it.
How is your personal information used?
We use the Personal Information we collect about you for our business functions and activities, which may include the following:
- To communicate with you and provide you with information, products or services you have requested;
- Assist customers by providing them with information and support;
- Personalise and customise your experiences with our website;
- To manage and administer any account you may hold with us;
- To promote and market our products and services to you or provide you with information that we believe may be of interest to you;
- To personalise and customise your experiences on our website;
- To help us research the needs of our customers and to market our products and services with a better understanding of your needs and the needs of customers generally;
- To conduct research for the purposes of improving existing products or services or creating new products or services;
- To process a job application submitted by you;
- To allow us to provide advertising material to you regarding us, our clients, and other business partners;
- Share your Personal Information with our Related Entities, business partners and selected third parties;
- To respond to any queries or complaints you may have;
- To respond to any reports or communications you make to us;
- To protect us against error, fraud, theft and damage to our goods and property;
- To enable us to undertake our environmental, health and safety activities including incident planning, response and investigation; and
- To enable us to comply with applicable laws, regulatory and other compliance requirements (for example we may collect Personal Information to satisfy the obligations imposed on us by various regulatory bodies or agencies to follow procedures mandated by such bodies or agencies in respect of our business and the provision of our products and services).
We may collect and use your Personal Information for other purposes not listed above. If we do so, we will make it known to you at the time we collect or use your Personal Information.
By accessing our website, requesting or using our services, working with us or otherwise providing your Personal Information to us, you consent to our disclosure and use of that Personal Information for the purposes noted above or otherwise stated in this Privacy Practice.
We do not otherwise disclose your Personal Information without your permission, unless the disclosure is:
- In accordance with this Privacy Practice or any agreement you enter into with us;
- Required or authorised by law, including without limitation the Australian Privacy Principles under the Privacy Act 1988 (Cth); or
- Made with your consent.
To whom we disclose your personal information
Depending on the nature of your engagement with us, we may disclose your Personal Information to our Related Entities, to third parties that provide products and services to us or through us, or to other third parties including:
- Australian Securities and Investment Commission (ASIC);
- WorkCover;
- The Economic Regulation Authority of Western Australia (ERA);
- EnergySafety; or
- Relevant external ombudsman, complaints handling or dispute resolution scheme operators).
We may also disclose your Personal Information to our website host or software application providers in certain limited circumstances, for example when our website experiences a technical problem or to ensure that it operates in an effective and secure manner.
Personal Information may be disclosed to our Related Entities in Canada where it will be used or stored solely for the purposes described in this Privacy Practice. We may also store your Personal Information, including Sensitive Information, with providers of information technology infrastructure that is located in other countries, such as our data centres. Other than these disclosures, we are unlikely to disclose your Personal Information to a person based outside of Australia. If we do so, we will use reasonable endeavours to ensure that your Personal Information is in our effective control at all times, and such disclosure would only be for the purposes for which we will use and disclose your Personal Information as described in this Privacy Practice. If we disclose your Personal Information to a person overseas and it is not in our effective control, we will use reasonable endeavours to ensure that the overseas person does not breach the Australian Privacy Principles.
Unless otherwise specified in this Privacy Practice, we or our website host will not disclose any of your Personal Information to any other organisation unless the disclosure is made with your consent, required by law, or is otherwise permitted by law (including the Australian Privacy Principles).
What if you don't want to provide us with your personal information?
If you choose not to provide your Personal Information to us for the purposes set out in this Privacy Practice, we may not be able to undertake certain activities such as providing you with requested information, products or services or allowing you to work with us.
What we do when we get information we didn't ask for
Where we receive unsolicited Personal Information, we will check whether that Personal Information could have been collected by us from you on the basis that it is reasonably necessary for, or directly related to, one or more of our functions and activities.
If it is, we’ll handle this information the same way we do with other information we seek from you.
If not, we’ll ensure the information is destroyed or de-identified if it is lawful and reasonable to do so.
What happens when we no longer need your personal information?
We’ll only keep your information for as long as we require it for our purposes. We’re also required to keep some of your information for certain periods of time under law.
When we no longer require your information, we’ll ensure that we take reasonable steps to destroy your information or ensure that it is de-identified.
Using your personal information for marketing purposes
We may also use your Personal Information for sending you information, including promotional material, about us or our products and services, as well as the products and services of our related entities and third parties, now and in the future. Such marketing activates may be via direct mail, email, SMS and MMS messages.
You can contact us using the details specified above if you do not want to receive marketing information from us, and we will stop sending it to you.
Accessing and updating your personal information
You are entitled to access Personal Information that we hold about you. If you request access to your Personal Information, in ordinary circumstances we will give you full access to your Personal Information. However, there may be some legal or administrative reasons to deny access. If we refuse your request to access your Personal Information, we will provide you with reasons for the refusal.
A request for access can be made by contacting our Privacy Officer using the details provided in the introduction of this Privacy Practice.
We take all reasonable steps to ensure that any Personal Information we collect and use is accurate, complete and up-to-date. To assist us in this, you need to provide true, accurate, current and complete information about yourself as requested, and properly update the information provided to us to keep it true, accurate, current and complete. Please contact us in any of the ways specified in the introduction if you believe that the Personal Information is inaccurate or incomplete, and we will use all reasonable efforts to correct the information.
What to do if there has been a data breach
ATCO takes reasonable steps to protect the Personal Information which it holds from misuse, interference and loss; and, from unauthorised access, modification or disclosure.
A “data breach” is when Personal Information held by ATCO is lost or subjected to unauthorised access, modification, disclosure, or other misuse of interference. Examples of a data breach are when a device containing person information of customers is lost or stolen, ATCO’s database containing Personal Information is hacked or an entity mistakenly provides Personal Information to the wrong person.
If:
- there is unauthorised access to, or unauthorised disclosure of, Personal Information, and the access or disclosure would be likely to result in serious harm to any of the individuals to which the information relates; or
- Personal Information is lost in circumstances where unauthorised access to, or unauthorised disclosure of, the information is likely to occur, and if it did occur it would be likely to result in serious harm to any of the individuals to which the information relates,
then there has been an “eligible data breach” under the Australian Privacy Act 1988.
If ATCO has reasonable grounds to suspect that there may have been an eligible data breach in relation to Personal Information which it holds, ATCO will carry out a reasonable and expeditious assessment of whether there are reasonable grounds to believe that the relevant circumstances amount to an eligible data breach.
If, by reason of such assessment or otherwise, ATCO is or becomes aware that there are reasonable grounds to believe that there has been an eligible data breach in relation to Personal Information which it holds (or held), ATCO will comply with its notification requirements under the Australian Privacy Act 1988. This may mean that ATCO notifies individuals to whom the relevant information relates.
What to do if you have a question, problem, or complaints about our use of your personal information or this privacy practice
If you feel that your privacy has not been respected or that we have conducted ourselves inconsistently with this Privacy Practice, or for any other queries in relation to this Privacy Practice, please contact the relevant Privacy Officer noted in the introduction.
We will investigate your queries and complaints within a reasonable period of time (usually within 30 days) and will notify you of the outcome of our investigation.
If you are not satisfied with our response you may request that your query or complaint is referred to be dealt with under our internal complaints handling procedures.
In the event that the matter cannot be resolved, you may also address your query or complaint to the Office of the Australian Information Commissioner:
1. by phone: 1300 363 992
2. using the online Enquiry form
3. in writing: GPO Box 5218, Sydney, NSW 2001.