About this policy
CalEnergy Resources Group knows how important it is to protect personal information about our customers, staff, visitors to our website and other individuals. It is our policy to safeguard and protect the personal information we collect.
In this policy ‘CalEnergy Resources Group’, ‘we’, ‘us’ and ‘our’ refer to the group of operating companies headed by CalEnergy Resources Limited.
We may update this policy from time to time as our information handling practices change. Please see www.calenergyresources.com for the latest version. If you are located in the EU, please also note the section towards the end of this policy in relation to your personal information.
What we do with personal information
We participate in upstream oil and gas projects in Australia, Poland and the UK.
We collect, use and disclose personal information for a number of purposes, including to manage our business and workforce, attend to your enquiries and requests, provide and improve our products and services, provide you with communications which may be of interest to you (subject to law and, where required, your consent), retain and update our records, meet our legal obligations, respond to lawful requests from law enforcement and government agencies (e.g. in relation to workers compensation), recruit and train staff and facilitate any sale or restructure of our business.
We may not be able to do these things without your personal information. For example, we may not be able to communicate with you or deal with your enquiries. For staff, certain information may be required to enable us to fulfil our contractual duties to you or to others. Some, for example your social security number (or equivalent) and, in certain jurisdictions, religious affiliation, are required by statute or other laws. Other items may simply be needed to ensure that our relationship can run smoothly, or to run our business. Should you decline to provide us with such data, we may not be able to fulfil our contractual requirements or, in extreme cases, may not be able to continue with our relationship.
Personal information we collect
We collect personal information (current and historic) including name, contact details, identification details (e.g. date of birth, driver’s licence), payment details (e.g. banking details, tax file number), communications, contractual arrangements with us, information about dealings with us and activity (e.g. transactions and activity relating to our business), preferences, interests and opinions.
For staff, we also collect other types of personal information which will include experience, qualifications, skills, character, background checks (e.g. reference, health, directorship, financial probity, identity, eligibility to work, vocational suitability and criminal record), drug and alcohol checks, conduct and performance at work, use of workplace resources and IT, payroll and superannuation details and emergency contacts.
Sometimes we may collect sensitive information about you. This can include information about your health, racial or ethnic origin, political opinions, association memberships, religious beliefs, sexual orientation, criminal history, genetic or biometric information. For example, we may collect information where a claim is made in relation to an injury at one of our sites.
We collect other information online. See below for further details.
We collect some personal information pursuant to applicable laws. For example, in Australia this may include the Income Tax Assessment Act and other tax laws, Corporations Act, Fair Work Act, Superannuation Guarantee (Administration) Act, occupational health and safety acts and workers compensation acts.
How we collect personal information
We collect personal information (including sensitive information):
that you provide to us, e.g. through calls, forms and correspondence
from records of actions and conduct, e.g. CCTV at our sites, website/IT usage
from publicly available information
from your representatives, organisation and co-workers
from third parties (e.g. our related companies and service providers (see below), referees, academic institutions).
Disclosure of personal information
We may disclose your personal information to:
our related companies
your and our representatives
other prospective employers checking your references
our service providers including providers of training, payroll, superannuation, legal, business consulting, banking, payment, data processing, data analysis, research, surveillance, investigation, identity/data verification, insurance, website, data and technology services
law enforcement and government agencies for lawful purposes (e.g. tax and workcover authorities)
The parties to which we disclose personal information may be located in Australia, UK, Poland and other countries. Where we disclose your personal information to a recipient outside your jurisdiction, we use appropriate safeguards to comply with our obligations in respect of exporting personal information. This may include ensuring the recipient is subject to similar legal requirements or certified under a binding data protection scheme or entering into appropriate contractual arrangements for the protection for your personal information. You can contact us to obtain further details of the safeguards we use.
Information collected online
Our web server recognises the domain name and email address, when provided, of each customer and visitor to our site. We use the information obtained from our website to better understand and serve our customers by:
improving the content of our web pages
customizing the content and/or layout of our pages for customers and visitors
notifying persons about updates to our websites
contacting customers and visitors to respond to their questions and fulfil their requests for more information.
We and our third-party service providers collect IP addresses and related information such as: originating and destination information; date and time stamps of communications; indicators of the type of operating system; hypertext protocol headers; application client and server banners; and information about the type of request, such as whether it is requesting or sending data. We and our third-party service providers organize and analyse these types of information to support internal operations, including maintaining functionality of websites and diagnosing website issues, analysing trends, providing more efficient service, maintaining and/or enhancing security for users and the websites, producing traffic volume statistics, and making the websites and our infrastructure more useful and secure. In an effort to protect the security of our critical infrastructure, any use of a website or information relating to such use (as described above) may be monitored and disclosed to government authorities or agencies without further notice to you.
Our websites utilise cookies to provide visitors to our websites a more convenient and enjoyable experience. A cookie is a small data file transferred onto a computer or device by a website for record-keeping purposes and to enhance functionality on the website. The cookie helps us to maintain the continuity of your browsing session and remember your details and preferences when you return. You can configure your web browser software to reject cookies however some parts of our website may not have full functionality in that case. For more information about cookies used on our website, please visit https://support.squarespace.com/hc/en-us/articles/360000851908.
Storage & security of personal information
We hold physical and electronic records, both on our own premises and systems as well as with the assistance of our service providers. To restrict unauthorised access to personal information, maintain data accuracy, and ensure the appropriate use of personal information, we have designed and instituted a number of physical, electronic and administrative procedures. These include physical and IT access restrictions, password controls and audit trails, and measures to deal with any suspected data breach.
Depending on the circumstances, we will generally retain your personal information for no longer than seven years.
Your privacy rights
Please contact us if you would like to:
access or correct any personal information we hold about you
ask us not to use or disclose your personal information for direct marketing
withdraw any consent you have provided in relation to the handling of your personal information
erase or restrict our handling of your personal information, where the information is no longer needed by us for a permitted purpose (or in certain other circumstances)
object to our handling of your personal information except in relation to legal claims or where we have a justifiable basis to continue
object to decisions being made based solely on automated processing of your personal information
have us provide you or another person with a copy of your personal information in a commonly used machine-readable format
Please note that these rights are not absolute and do not apply in all jurisdictions. For example, rights (4) to (7) above have limited application outside the European Economic Area.
We will seek to deal with your request without undue delay, and in any event within any time period set out by law (subject to any extensions to which we are lawfully entitled). We may ask for specific details of your request and may need to verify your identity. We will provide our reasons if we deny any request (e.g. by identifying any relevant exception). We may keep a record of your communications to help us resolve any issues which you raise.
Your privacy concerns
Please contact us if you have any queries or concerns about the way we have handled your personal information. We may seek further details from you and may need to engage or consult with other parties to investigate and deal with your issue. We will keep records of your matter and any resolution.
If you are not satisfied with our determination, you can contact us to discuss your concerns or contact the applicable privacy or data protection authority. In Australia, this is the Office of the Australian Information Commissioner, which can be contacted on 1300 363 992 or via www.oaic.gov.au. In Europe, the privacy regulators for each Member State are listed (along with contact details) on the following website: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
Additional information for individuals in the EU
If you are located in the EU, applicable privacy laws provide that there are a number of different ways that we are lawfully able to handle your personal information. We have set these out below.
For our legitimate interests
We are allowed to use your personal information where it is necessary for our legitimate interests to do so, and those interests aren't outweighed by any potential prejudice to you. We believe that our use of your personal information is within a number of our legitimate interests:
providing and improving our products and services
providing you with communications which may be of interest to you (subject to law and, where required, your consent)
recruiting and training our staff
facilitating any sale or restructure of our business
verifying, maintaining and updating information we hold.
We don't think that any of the activities set out in this policy will prejudice you in any way. However, you do have the right to object to us handling your personal information on this basis (as set out in the "Your privacy rights" section above).
With your consent
As part of our relationship with you, we may ask you for specific consents to allow us to handle your personal information in certain ways. If we require your consent, we will provide you with sufficient information so that you can decide whether or not you wish to consent.
You have the right to withdraw your consent at any time (as set out in the "Your privacy rights" section above).
To carry out our obligations under our contract with you
We will process your personal information when it is necessary to do so for the performance of our contract with you. For example, we need to collect your contact details in order to be able to communicate with you and provide you with any products you have requested. For staff, it is necessary to process bank account details in order to make salary payments.
To carry out our legal obligations
As well as our obligations to you under any contract, we also have other legal obligations that we need to comply with and we will therefore process your personal information as is necessary for us to comply with those other legal obligations.
To contact us about privacy please use the details for our representatives below.
Data Protection Officer
CalEnergy Resources Limited
Company number 4508881
Floor 3, 55 Drury Lane, LONDON WC2B 5SQ
Tel: +44 191 223 5103
E-mail: [email protected] (for all enquiries Worldwide)
Northern Powergrid Limited is the parent company of CalEnergy Resources Ltd, and John Elliott is the Data Protection Officer for the CalEnergy Group of companies.
Policy last updated: October 2018