CSR Group Privacy Policy
CSR respects the privacy of individuals. This policy outlines the way we manage personal information that we collect or that is provided to us. It applies to CSR Limited and Australian companies in the CSR group (CSR,we,us).
CSR is bound by the Australian Privacy Principles applicable to private sector organisations under the Privacy Act 1988 (Cth). In summary, the Principles apply to 'personal information' (or an opinion) relating to an individual that can be used to identify that individual. CSR sometimes handles personal information relying on exemptions under the Privacy Act, for example in relation to employee records. Where there is any inconsistency, we may rely on those exemptions despite what this privacy policy was.
Why Does CSR Collect Personal Information?
CSR is a major manufacturer and supplier of building materials. We are also a large sugar produce and have a substantial investment in aluminium smelting. We collect personal information about people we deal with and others, where, relevant, in order to operate our businesses. As a publicly listed company, we also maintain records of our shareholders. Collecting personal information is also necessary in some circumstances to meet our legal obligations.
What Kind of Information Does CSR collect and how does CSR collect it?
CSR generally collects and holds personal information about:
- our employees;
- contractors who provide services to CSR;
- our customers;
- our suppliers;
- our shareholders;
- job applications; and
- other people who may come into contact with CSR or one of CSR's businesses
We may not be able to do these things with you personal information. For example, we may not be able to respond to your enquiries or provide you a product or service you have requested.
We may also collect, use and disclose your personal information in connection with:
CSR uses the personal information it collections about CSR shareholders to fulfil its legal obligations and to keep its shareholders informed of CSR's progress. We are required or authorised to collect shareholder personal information under certain laws including the Taxation Administration Act and the Corporations Act, and we are also required to make limited shareholder details available to members of the public on request. CSR's share registry is managed by Computershare Investor Services Pty Limited (Computershare). Computershare's privacy policies are available via www.computershare.com.au.
Depending on the product or service concerned, personal information may be disclosed to:
Some of the third parties described above may be located in New Zealand and other countries. While those third parties will often be subject confidentiality or privacy obligations, they may not always follow the particular requirements of the Privacy Act.
Generally, we require that organisations outside CSR who handle or obtain personal information as service providers to CSR acknowledge the confidentiality of this information and undertake to comply with the Principles.
How Do We Handle Credit-Related Personal Information?
While we do not provide credit to consumers, we sometimes handle personal information from credit reporting bodies (CRBs) and certain other consumer credit-related personal information as described below (Credit-Related Personal Information) in the context of commercial credit arrangements. For example, information about an individual’s consumer credit worthiness may be handled where we provide commercial credit accounts to sole traders, or individuals such as directors provide personal guarantees in relation to commercial credit accounts.
We may collect and hold the following types of Credit-Related Personal Information, both in relation to your arrangements with us and those with third parties such as other credit providers:
We may disclose Credit-Related Personal Information to CRBs to assist the CRBs to maintain information about you to provide to other credit providers for credit assessments. We may collect Credit-Related Personal Information from CRBs for purposes including, to the extent permitted by law, to assess your application for credit or to be a guarantor, manage your credit/guarantee, assign debts and collect overdue payments. We may also exchange Credit-Related Personal Information with debt buyers, credit insurers and other credit providers.
The CRBs we use may include:
You have the right to request CRBs not to:
Please see other sections of this Privacy Policy for further details about how we collect and hold personal information, disclosures (including to other countries) of personal information, and access, correction and complaint rights and procedures. In some cases, we are subject to further obligations under the Privacy Act regarding Credit-Related Personal Information, and this Privacy Policy is not intended to limit or exclude those obligations. Additional privacy consents and notifications may also apply for our credit-related services.
How Do We Manage Personal Information?
CSR trains its employees who handle personal information to respect the confidentiality of that information and the privacy of individuals.
How Do We Store Personal Information?
CSR is required by the Principles to safeguard the security and privacy of your information, whether you interact with us personally, by telephone, mail, over the internet or other electronic medium. This includes an obligation to take reasonable steps to protect the personal information we hold from misuse, loss, unauthorised access, modification or disclosure. The steps we take depend on the circumstances but may include measures such as firewalls, passwords, encryption, locked filing cabinets and building access restrictions.
We hold information in physical and electronic records at our own premises and with the assistance of our service providers. The Principles also require CSR not to store personal information longer than necessary and to take reasonable steps to destroy that personal information or remove details which may identify individuals.
How Do We Keep Personal Information Accurate and Up-To-Date?
CSR takes reasonable steps to ensure that the personal information it holds is accurate and up-to-date. We encourage you to contact CSR as soon as possible in order to update any personal information we hold about you. CSR contact details are set out below.
Can You Check and Update the Personal Information About You That Is Held By Us?
You may obtain access to or correct any personal information which CSR holds about you, unless one of the exceptions in the Principles applies.
To make a request to access or correct information CSR holds about you, please contact CSR in writing at the address set out below. CSR will require you to verify your identity and to specify what information you require. We will provide reasons if we deny any requests for access to or correction of personal information. CSR may charge a fee to cover the cost of providing access including locating, retrieving, reviewing and copying any material requested. Where we decide not to make a requested correction to your personal information and you disagree, you may ask us to make a note of your requested correction with the information
What If You Have a Complaint?
If you consider that any action of CSR breaches this privacy policy or the Australian Privacy Principles, you can make a complaint. In the first instance, please direct your complaint to the particular CSR business or activity concerned – they are likely to be in the best position to deal with the matter quickly and effectively. Each CSR business or activity has an officer appointed to handle complaints. If the matter is not resolved to your satisfaction, please make contact with the relevant privacy officer below. CSR takes your privacy seriously and endeavours to respond promptly to complaints.
For information about privacy generally, or if your concerns are not resolved to you satisfaction, you may contact the Office of the Australian Information Commissioner at www.oaic.gov.au and on 1300 363 992.
How Do You Contact Us?
If the particular CSR business or activity is unable to deal with a privacy complaint to your satisfaction, please contact the CSR Building Products Privacy Officer or the CSR Prioperty Privacy Officer (as relevant) by e-mail, phone, facsimile or post as set out below:
E-mail: info@csr.com.au
CSR Corporate Headquarters Locked Bag 1345 North Ryde BC NSW 1670 Australia
Telephone: (02) 9235 8000 Facsimile: (02) 8362 9013
Updates to this Policy
This privacy policy will be reviewed from time to time to take account of new laws and technology, changes to our operations and practices and the changing business environment. All personal information held by CSR will be governed by CSR's most recent policy. If you are unsure whether you are reading the most current version, please contact us using the contact information provided above.
Reviewed and updated: March 2016