We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act) and the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth). The NPPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information.
A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Federal Privacy Commissioner at www.privacy.gov.au.
What is Personal Information and whose information do we collect?
Personal Information is information or an opinion that identifies an individual. Examples of Personal Information we collect include names, addresses, email addresses, phone and facsimile numbers.
Fortescue collects Personal Information from a range of individuals in the context of its day to day business activities, including Personal Information from:
- users of Fortescue websites;
- industry association representatives;
- representatives of our suppliers, contractors, customers and business partners;
- job applicants; and
How we collect Personal Information
This Personal Information is obtained in many ways including correspondence, by telephone and facsimile, by email, via our websites, from your website, from media and publications, from other publicly available sources, from cookies and from third parties. We don’t guarantee website links or policies of authorised third parties.
How we use your Personal Information
Using our websites
When you use our websites, Fortescue collects certain basic information that is sent by your browser to our websites. This includes information such as your IP address, browser type, operating system, language, time zone setting, access times and any referring website addresses.
We use various technologies including cookies, internet tags, web beacons and logs in order to improve and manage our sites. We do not use them to serve adverts or other promotional materials. Fortescue may use and combine such passively collected information to improve our websites, customise them based on your preferences, compile and analyse statistics and trends and otherwise administer and improve our websites for your use. Fortescue may also disclose this de-identified information to third parties.
Fortescue may collect a range of information in a business context, such as your name, gender, job title, photographic identification, email address, home address and other contact details, details of your business and other interests, experience and/or academic and professional qualifications, third party references, communications with you (including notes from meetings), financial and payment information, and information collected from clearance questionnaires and/or interviews.
Fortescue uses information collected from you for business-related purposes, including negotiating, concluding and performing contracts, administering real estate leases and licences, recruitment, conducting clearance procedures, managing accounts and records, communicating with you and third party contacts (including responding to your inquiries and sending information and materials you have requested via mailing lists), supporting corporate social responsibility activities, legal, regulatory and internal investigations and debt administration.
Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.
- Sensitive information will be used by us only:
- For the primary purpose for which it was obtained
- For a secondary purpose that is directly related to the primary purpose
- With your consent; or
- Where required or authorised by law.
Where reasonable and practicable to do so, we will collect your Personal Information only from you. However, in some circumstances we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.
Disclosure of Personal Information
Your Personal Information may be disclosed in a number of circumstances including the following:
- To related companies of Fortescue
- To third parties appointed by Fortescue, including our professional advisors, accountants, insurers, lawyers, auditors, contractors, website and data hosting providers, technology service providers, advertising partners and persons who perform services to us (in which case Fortescue uses reasonable steps to ensure such third parties keep your Personal Information confidential and do not use or disclose your Personal Information for any purpose other than the purpose of providing those services to us)
- Where you have consented, to carefully selected third party partners so that they may inform you of offers, promotions, products and services
- In the unlikely event that Fortescue or its assets are or may be acquired by a third party, Personal Information may be provided to that third party and their advisors
- Third parties where you consent to the use or disclosure
- Where required or authorised by law
- Some of our related entities or other third parties to whom we may disclose your personal information, may be located in countries outside Australia or may hold your data on servers located outside of Australia. In the case of our related entities, we may disclose your personal information to our related bodies corporate located in countries including Indonesia, Papua New Guinea, Democratic Republic of Congo, Brazil, Namibia, New Zealand, Argentina, Paraguay, Chile, United States of America, Russia, Jordan, Kenya, Ethiopia, Cameroon and Afghanistan.
Security of Personal Information
Your Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorized access, modification or disclosure.
When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Information. However, most of the Personal Information is or will be stored in client files which will be kept by us for a minimum of 7 years.
Accessing your Personal Information
You may access the Personal Information we hold about you to update and/or correct it, subject to certain exceptions. In most cases, a summary of your personal information will be freely available to you by contacting our Privacy Officer (details below). For more detailed requests for access to personal information (for example, access to information held in archives) Fortescue may charge a fee to cover the cost of retrieval and the supply of this information to you.
All requests for access to personal information will be handled as quickly as possible and we will endeavour to process any request for access within 30 days after receiving it. Some requests for access may take longer depending upon the nature of the personal information being sought. Please note that we are not always required to provide you with access to your personal information on request. If we deny your request for access to your Personal Information, we will explain why.
In order to protect your Personal Information we may require identification from you before releasing the requested information.
Maintaining the quality of your personal information
It is important to us that your Personal Information is up to date. We will take reasonable steps to make sure that your Personal Information is accurate, complete and up-to-date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.
Links provided on our websites
Our websites contains links to other Fortescue and third-party websites. Before disclosing your personal information on any other websites, we advise you to examine the privacy statements of those websites. Fortescue takes no responsibility for the privacy practices or the content of any third party websites.
This Policy may change from time to time and is available on our website.
Fortescue’s Privacy Officer will review your complaint and contact you if they require further information regarding your complaint. Reasonable endeavours will be made to ensure your complaint is reviewed and resolved within 30 days of receipt and otherwise in accordance with the Act. Resolution of your complaint may be delayed if we are unable to contact you.
If Fortescue’s Privacy Officer is not able to resolve your complaint, or if you are not happy with the explanation or resolution proposed, you may request that your complaint be escalated internally within Fortescue to an appropriate person for further assessment (the “Manager”). The Manager will review your complaint and may, if they deem appropriate, propose an alternative resolution or suggest that you pursue alternative avenues for your complaint. The Manager may also contact you to attempt to resolve your complaint or to seek additional information.
The Manager will use reasonable endeavours to review your complaint within 30 days of your referral and otherwise in accordance with the Act. Resolution of your complaint may be delayed if we are unable to contact you.
If you are not satisfied with an outcome following the above process, you may wish to speak to the Office of the Australian Information Commissioner (they can be contacted via email at firstname.lastname@example.org
For any queries or complaints, please email
Fortescue’s Privacy Officer.