Clough Limited and its Related Bodies Corporate (as defined in the Corporations Act (Cth) 2001) (Clough) manages individual privacy and the security of personal information in accordance with the Privacy Act 1988 (Cth) as amended (the Privacy Law).
1. Purpose of Privacy Statement
The purpose of the Privacy Statement is to provide:
- (a) a framework that governs how Clough manages the collection, use, disclosure, protection and disposal of certain personal information to ensure Clough at all times complies with the Privacy Law; and
- (b) information to persons from whom Clough may collect certain personal information, as well as the public in general, regarding the information collection and handling practices of Clough.
2. What is Personal Information and What Personal Information does Clough Collect?
Personal information is any information or opinion about an identified individual, or an individual who is reasonably identifiable, whether or not the information or opinion is true or not and whether or not the information is recorded in a material form or not (Personal Information). Personal Information also includes Sensitive Information as defined in item 6 of this Privacy Statement below.
The type of Personal Information that Clough may collect is broad and will depend on the circumstances in question, but may include a person’s name, address, phone number, email address or other contact details, medical records, employment history, bank account details, photos, videos or details of membership to any association or organisation.
In relation to visitors to any Clough website, Clough may also collect certain electronic information as outlined in item 8 of this Privacy Statement below.
3. Collection and Holding of Personal Information
Clough only collects Personal Information that is reasonably necessary for it to perform its business functions and activities. All Personal Information Clough collects is collected, used, disclosed and otherwise treated in accordance with the law, including but not limited to the Privacy Law. Where possible, Clough collects Personal Information directly during the course of its relationship with individuals. Where this is not possible, Clough may also collect Personal Information by other means, such as where such information is given to Clough by the relevant individual.
Generally and where practicable, the primary purpose of the collection will be made clear to an individual before or at the time of collecting the individual’s Personal Information. A typical purpose for which Clough may collect Personal Information may include one or more of the following:
- (a) assessment of a potential employee or contractor’s suitability for a particular role;
- (b) sending information regarding an existing or potential employee or contractor to potential clients as part of a tender submission/bid;
- (c) seeking client approval to engage an employee or contractor or on-board an individual to a particular project;
- (d) monitoring, reviewing and assessing the performance of an employee or contractor of Clough;
- (e) otherwise contacting an employee, contractor or client of Clough;
- (f) ensuring the security and safety of all Clough personnel and property;
- (g) responding to a complaint or conducting an investigation;
- (h) statistical reasons, such as recording/monitoring demographics and complying with Australian participation obligations; and
- (i) ensuring the prompt payment of Clough contractors and employees.
If you do not want Clough to use, collect, disclose or access your Personal Information, please notify Clough at the time it requests your Personal Information.
4. Use and Disclosure of Personal Information
Primarily, Clough will use, hold and disclose Personal Information in connection with the supply of its products, services or information or otherwise for a legitimate business purpose, to the extent permitted by law, and for a purpose for which it was collected. Clough only uses and discloses Personal Information for a purpose other than its primary purpose, without the consent of the individual concerned, when disclosure is directly related to the primary purpose of collection.
As part of its primary purpose, Clough may be required to share Personal Information with other parties with which it conducts business, including but not limited to Clough’s existing or proposed:
- joint venture partners, affiliates and clients;
- service providers, such as recruitment agents, technology and security services;
- professional advisors including lawyers, auditors and accountants; and
- other contractors that assist Clough to provide its business.
Clough ensures that any disclosure is limited to what is necessary and allowed by the Privacy Law and/or any other law.
5. Related Body Corporate
Clough may disclose Personal Information to its Related Bodies Corporate. In this scenario, the Related Body Corporate must use such Personal Information for the original primary purpose for which Clough collected the information, or a related purpose, to the extent permitted by the Privacy Law and/or any other law.
6. Sensitive Information
Sensitive Information includes information about racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record, or health records.
Clough does not collect Sensitive Information without an individual’s consent, other than as permitted by the Privacy Law and/or any other law.
7. Anonymity and Pseudonymity
Wherever lawful and practicable, Clough respects the right of an individual to remain anonymous, or use a pseudonym, when dealing with Clough.
8. Website Privacy
(a) Access to website
When accessing Clough’s website, Clough may record and log information for statistical and security purposes. This information does not include any personally identifying information but may include a user’s server address and domain name, the operating system used, the date, time and duration of the visit, the pages accessed and the type of web browser used. Clough uses this information to analyse its site’s usage and performance and to refine and develop our site.
Clough does not warrant or make any representations with respect to the privacy policies or practices of operators of other websites where Clough provides a hyperlink to that website on Clough’s website.
9. Security of Personal Information
The security of Personal Information is of utmost importance to Clough. Clough takes all appropriate action and reasonable precautions to safeguard and protect Personal Information that its collects from loss, interference, misuse, unauthorised access, modification or disclosure.
Clough utilises a number of means to protect Personal Information including:
- external and internal premises security;
- maintaining and reviewing technology; and
- internal policies with respect to computer usage.
10. International/ Cross-Border Disclosure of Personal Information
Clough (including its joint venture partners, affiliates and clients) operates and conducts business in various international locations. An overview of Clough’s global operations and the countries in which it operates can be viewed at https://cloughgroup.com/what-we-do/regions.
Clough may be required to disclose Personal Information to parties who are not located in Australia or an external Territory (including but not limited to overseas clients, joint venture partners, affiliates) (Overseas Recipient) as part of Clough’s primary functions and activities, locations of which may include but are not limited to Papua New Guinea, United Kingdom, United States of America, the People’s Republic of China, Thailand, the Republic of Korea, the Republic of South Africa, Japan, Vietnam, Indonesia, Italy, Malaysia and Singapore.
Examples of the type of Personal Information that may be disclosed by Clough to Overseas Recipient’s, and the purposes for which Clough may use and disclose such Personal Information, may be found in Section 3 and Section 4 of this Privacy Statement above.
Clough will take such steps as are reasonable in the circumstances to ensure that an Overseas Recipient does not breach the Australian Privacy Principles in relation to the information.
Clough does not adopt, use or disclose any Commonwealth identifier as a means of identifying the Personal Information that we may have collected about an individual. A Commonwealth identifier is a Commonwealth Government or Commonwealth Government agency designated identification number such as Tax File Numbers or Medicare numbers.
12. Access and correction to personal information
Generally, Clough endeavours to comply with any reasonable request to detail our information handling practices. Sufficient steps are taken, in a general way, to outline the type of Personal Information Clough holds, for what purposes and how such information is collected, used and disclosed.
An individual may request access to any of the Personal Information that Clough holds about them. Clough will provide an individual with access to Personal Information pertaining to them following a reasonable request and upon the verification by Clough, to its reasonable satisfaction, of the identity of that individual. Clough will endeavour to handle all requests for access to Personal Information as quickly as possible. An individual may request access to, or seek the variation or amendment of, Personal Information on that individual that is held by Clough by contacting us at https://www.cloughgroup.com/contact or by email at email@example.com.
In some circumstances, Clough may refuse access to Personal Information where Clough is required or authorised to do so by law, including where the request for access may be regarded as frivolous or vexatious. If a request for access to Personal Information is denied, Clough will explain the reason for the denial.
Clough will also take appropriate action to correct any Personal Information which is deemed to be in accurate, incomplete or not up to date.
13. Copies of Privacy Statement
A copy of this Privacy Statement will be made available at all times on the Clough website at https://www.cloughgroup.com/privacy-policy/.
14. Variations to this Privacy Statement
This Privacy Statement will be reviewed at least every three years or otherwise in accordance with the Privacy Laws.
15. Complaints about Breach of Privacy
Complaints regarding Clough’s privacy management can be directed to https://www.cloughgroup.com/contact or firstname.lastname@example.org.
If you are not satisfied with the result of your complaint you can refer your compliant to the Office of the Australian Information Commissioner (OAIC) in writing by completing the online Privacy Complaint form on OAIC’s website at www.oaic.gov.au/privacy/making-a-privacy-complaint. Alternatively, you may send your completed Privacy Complaint form to:
Facsimile: +61 2 9284 9666
Sydney Office – GPO Box 5218 Sydney NSW 2001
Canberra Office – GPO Box 2999 Canberra ACT 2601
OAIC Enquiries line by telephone is 1300 363 992. Or if calling from outside Australia call: + 61 2 9284 9749.
16. Responsibilities within Clough
The Chief Executive Officer of Clough is accountable to the Clough’s Board of Directors for ensuring that this Privacy Statement is implemented throughout Clough’s operations.
Clough’s Legal Department is responsible for the management and implementation of this Privacy Statement.