Who are we and how does this policy apply?
The Caltex Australia Group is the largest refiner and marketer of petroleum products in Australia with operations in all states and territories. This policy applies to Caltex Australia Limited (ACN 004 201 307) and its related bodies corporate (collectively referred to in this policy as "Caltex").
What is the purpose of this policy?
This policy outlines how Caltex manages the personal information and credit-related personal information we hold about our customers, potential customers, contractors and others. Caltex is bound by the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) (Privacy Act) and the applicable parts of the credit reporting requirements in Part IIIA of the Privacy Act and the Credit Reporting Code of Conduct.
Under the Privacy Act, and throughout this policy, "personal information" is information or an opinion relating to an individual which can be used to identify that individual. In this policy, where we refer to "you" or "your", we are referring specifically to natural persons as opposed to other entities such as partnerships, trusts and companies.
Part I of this policy details Caltex's management of personal information generally.
Part II of this policy provides specific details about how Caltex manages credit-related personal information.
Part III of this policy sets out how Caltex protects personal information and credit-related personal information, and how you may seek access to or correction of or make a complaint about, that information.
PART I - MANAGEMENT OF PERSONAL INFORMATION
How does Caltex collect personal information?
The main way in which Caltex collects personal information is through hardcopy forms or through forms provided on Caltex's internet (for external users) and intranet (for employees) website pages. Caltex may also collect personal information by recording telephone calls made to the Caltex call centre (see below for more information), in face-to-face meetings and in interviews.
Caltex may collect personal information from third parties, such as from referees in the case of prospective employees.
At or before the time Caltex collects your personal information, or if that is not practicable, as soon as practicable afterwards, Caltex will give you notice as follows:
(a) the purposes for which the information is collected
(b) to whom, or the types of individuals or organisations to which, Caltex might usually disclose information of the kind collected; and
(c) any law that requires the particular information to be collected, and the main consequences if all or part of the information is not provided.
What information does Caltex collect?
The personal information Caltex may collect about you is dependent upon your relationship with Caltex. The following are some examples of the types of personal information that Caltex may collect from individuals:
(a) In the employment context:
- application forms - name, addresses, telephone numbers;
- resume details - which will usually include details such as an individual's name, address, telephone numbers, academic qualifications, employment history, and referees;
- reference checking;
- pre-employment medical (with the prospective employee's consent);
- psychological and drug testing; and
- criminal record checks.
- employment application forms;
- personal details including name and address and telephone numbers;
- bank account details (for salary/wages); and
- tax file number details (for salary and superannuation).
(b) Commercial customers and franchisees
- personal details - including names, addresses, telephone numbers;
- financial details including banking details - for payments (where applicable); and
(c) StarCard Customers
- application forms - information including but not limited to names, addresses, telephone numbers and employment details;
- financial details including bank account details; and
(d) Customers generally
- monitoring and/or recording interactions with customer service representatives at Caltex's call centre - customers' and employees' conversations at Caltex's call centre may be monitored and/or recorded for coaching, training, record keeping and dispute resolution purposes. Callers will be notified at the outset if such monitoring or recording is to occur and be given the option not to have the call recorded. Caltex may, even if the phone call is not recorded, collect personal information during those telephone calls to assist with your query.
- competitions and contests - Caltex may use the personal information collected from competitions and contests (for example, the contestant's name and address) to market certain of its products to the contestants. Where Caltex intends to do this, it will advise the contestant of this in the competition's terms and conditions.
- personal details - including names, addresses, telephone numbers
- financial details - including bank account details
- personal details for share register purposes - including names, addresses, number of shares held
- financial details - including tax file number and bank account details
- shareholder registry - Caltex is required to maintain a register of shareholders under the Corporations Act 2001 (Cth)
How does Caltex use and disclose personal information?
Subject to the exceptions set out in the Australian Privacy Principles (for example, the disclosure of personal information when allowed or required by law), Caltex will only use and/or disclose your personal information for:
(a) the primary purpose for which it is collected; or
(b) a related purpose, where you would reasonably expect that it be used and/or disclosed without your further consent.
This means that generally Caltex will only disclose your personal information internally and/or to a third party contracted to provide services to Caltex and only if necessary for one of the purposes referred to above.
The third parties that may be used by Caltex vary depending on the particular circumstances in each case, but typically fall into the following categories:
- insurance companies
- trade promotion agencies
- insurance assessors
- billing and mailing houses
- delivery contractors
- IT service providers
- superannuation funds
- share registries
Will Caltex send you marketing material and what can you do to stop that?
A related purpose for which Caltex collects personal information may be marketing. However, if this is not the case, Caltex is entitled to send marketing material to you if you have consented to receiving this material or provided it gives you a chance to stop or opt-out of receiving this material.
If you have received marketing material from Caltex and you wish to stop it, you can write to the Privacy Compliance Officer at the address set out below. Caltex will not charge you or in any way disadvantage you if you choose to opt out of receiving marketing material.
Caltex will not disclose your personal information to a third party for that third party to send you its marketing material unless Caltex has obtained your consent. Caltex may occasionally provide its marketing material to third parties to distribute on Caltex's behalf to individuals who have consented to receiving that material.
When does Caltex share information?
Caltex generally will only disclose personal information to third parties without your consent if that disclosure is necessary for the purpose(s) for which that information was collected. Set out below are some examples of where it is necessary for Caltex to disclose personal information to third parties:
(a) In the employment context:
- Superannuation plan administration arrangements - Caltex provides employees' personal details (including, but not limited to, employees' names, addresses, tax file numbers, dependents, salaries) to the external administrator of the superannuation plan which is responsible for the day-to-day administration of plan business.
- Payroll arrangements - Caltex provides its external paymaster company with employees' personal details (including, but not limited to, employees' names, addresses, bank account details, tax file numbers) to ensure wages and salaries are properly paid in accordance with employees' directions.
- Insurance arrangements - Caltex advises disability and death insurers of employees' personal details (including, but not limited to, employees' names, addresses, medical reports) to enable those insurers to properly process disability and death claims.
- Recruitment systems - Caltex requires prospective employees to complete documentation and submit to pre-employment checks, including completing application forms, reference checking, pre-employment medicals, psychological and drug testing and criminal record checks which involves disclosure of personal information to various third parties.
- Video monitoring - external security advisers/contractors may view security tapes that have been recorded in the workplace.
- Medical - Caltex may, with the employee's consent, provide the company doctor or any medical specialists retained by Caltex with employees' medical records for the purposes of their employment with Caltex.
- Worker's compensation - Caltex may disclose employees' records (including the employees' medical records) to its insurers and their agents for the purpose of processing claims.
- IT arrangements - Caltex may provide its external IT service providers with employees' personal details (limited to identifiers such as name, address, date of birth and employee identifier) to assist in ensuring the security of Caltex's computer network is maintained (see also security measures Caltex adopts to protect personal information).
(b) Generally and in a commercial context:
Credit checks on new and existing individual customers - Caltex may provide necessary personal information to credit reporting agencies to ascertain an individual's financial position if the person is a new or an existing customer.
Competitions - in some cases Caltex uses third parties to run its competitions. In these instances, unless otherwise disclosed to the contestant prior to, or at the time of, entering the competition (normally set out in the competition's terms and conditions), any personal information collected about a contestant will be returned to Caltex.
Does Caltex send your personal information overseas?
Caltex may transfer information about you between countries if required for a relevant purpose described above. Caltex may disclose your personal information to the following overseas recipients:
(a) other members of the Caltex Group (including those members located in Singapore);
(b) other companies or individuals who assist us in providing services or who perform functions on their behalf (such as third party service providers, specialist consultants), including those located in the United Kingdom, USA and Singapore;
(c) anyone else to whom you authorise us to disclose it; and
(d) anyone else where authorised by law
PART II - MANAGEMENT OF CREDIT REPORTING INFORMATION
What credit-related personal information does Caltex collect?
Caltex collects credit-related personal information in connection with applications for credit, which are predominantly applications for commercial credit for business purposes. Examples of the types of credit-related personal information Caltex may collect and hold include:
- identity particulars of individuals associated with the applicant for credit, including contact name, address, date of birth, phone numbers, employer and drivers licence number. This information is mainly collected about the directors, partners, trustees or principals of the business, but some personal information may also be collected about others in that business (such as the account management staff or a guarantor where deemed necessary by Caltex);
- financial information relating to directors, partners, trustees or sole traders, and any person who acts, or proposes to act, as a guarantor;
- historical insolvency information of directors, partners, trustees, sole traders or managers associated with a business applying for credit;
- consumer credit information of directors, partners, trustees or sole traders, anyone acting or proposing to act as a guarantor, or any individual applying for credit. This information is obtained from credit reporting bodies where Caltex believes it is necessary to assess the credit worthiness of individuals associated with the applicant for credit, including guarantors;
- a record that we have made a request with a credit reporting body for credit related information; and
- where an application for commercial credit is made by a sole trader or an application for consumer credit is made by an individual, and we have made a request with a credit reporting body in connection with such an application, the type and amount of credit that has been applied for
What does Caltex use credit-related personal information for?
Personal information provided to Caltex in connection with an application for credit is principally used to assess that application and for the ongoing management of a credit account in the name of the applicant (if the application is successful), and otherwise as permitted by law. This may involve one or more of the following:
- assessing the credit worthiness of the applicant, or individuals associated with the applicant (in the case of a business applying for commercial credit) where that is deemed necessary by Caltex, including obtaining both consumer and commercial credit reports from credit reporting bodies;
- disclosing personal information to credit reporting bodies before, during or after the granting of credit to the applicant, including but not limited to identity particulars (as outlined above), payment defaults of individuals and serious credit infringements (mainly in relation to guarantors);
- obtaining and verifying personal information from a motor vehicle or land title registry or from a business that provides credit worthiness information;
- providing to or exchanging personal information with any person whose name is given to Caltex in connection with an application for credit;
- exchanging personal information with another credit provider who is named in an application for credit or in a credit report issued by a credit reporting body, or a credit provider who proposes to provide credit to an applicant, principally for (but not limited to) the following purposes:
- assisting an account holder from defaulting on its credit obligations;
- assessing an account holder's position if it falls into arrears; or
- notifying other credit providers of if an account holder defaults,
- disclosing personal information to Caltex's collection agents in the event of a default.
Caltex is required to obtain an individual's consent before being provided with consumer credit information about that individual from a credit reporting body. Caltex will typically do this by having the individual read and agree to a privacy agreement in Caltex's credit application form or otherwise accept the provisions of this policy.
Who is credit-related personal information disclosed to?
Caltex discloses credit-related personal information to third parties in the circumstances and for the purposes described above, including to credit reporting bodies. Credit reporting bodies may include credit-related personal information in reports provided to credit providers to assist them to assess an individual's credit worthiness.
Caltex shares credit-related personal information with the following credit reporting body:
PO Box 964
North Sydney NSW 2059
Phone: 1300 762 207
To obtain a copy of your credit file held by Veda Advantage, or to view a copy of Veda Advantage's policy about the management of credit-related personal information, please visit www.mycreditfile.com.au
What are your rights in relation to credit reporting bodies?
(a) Opting out of direct marketing pre-screenings - a credit reporting body may use your credit-related personal information to assist a credit provider to market to you by pre-screening you for direct marketing by the credit provider. You have the right under the Privacy Act to request a credit reporting body to exclude you from such a direct marketing pre-screening by contacting that credit reporting body.
(b) If you are a victim of fraud - if you reasonably believe you have been, or are likely to be, a victim of fraud (including identity fraud), you have a right to request a credit reporting body not to use or disclose any credit-related personal information held by that body about you for a minimum of 21 days (referred to as a "ban period"). Caltex reserves the right to delay or refuse any application for credit where it reasonably believes it requires credit-related personal information about an individual but is unable to obtain such information because a ban period is in effect for that individual.
PART III - PROTECTION, ACCESS, CORRECTION AND COMPLAINTS
In this Part III, the term 'personal information' includes credit-related personal information. Some sections deal specifically with the protection, access and correction of credit-related personal information.
How does Caltex protect personal information?
Caltex stores personal information in a range of paper-based and electronic forms:
(a) Paper Security - Where personal information is stored in physical form, Caltex may use a variety of mechanisms to protect the security and integrity of such information which might include:
- locking personal information in cabinets and only giving access to those employees who have a need to use it; and
- using other access control measures such as keyed access, security alarms and surveillance cameras to deter and detect unauthorised access.
(b) Computer and Network Security - Caltex adopts a number of security measures to protect information from unauthorised access to its computer systems which include:
- access control for authorised users such as user names and passwords;
- limiting access to shared network drives to authorised staff;
- virus checking; and
- specialised IT support to deal with security risks.
(c) Communications Security - Transmission of personal information may involve insecure telecommunications lines. Security of this personal information is enhanced by:
- checking facsimile numbers before sending personal information, and confirming receipt;
- PIN numbers and passwords required for some telephone and internet transmissions;
- identity checking before giving out any personal information; and
- encryption of data for high risk transmissions.
Personal information in Caltex's possession may be retained in archival storage. Generally Caltex will destroy personal information after a period of seven (7) years following its collection or an employee's separation from Caltex unless it is required, or may be required, to be kept for a longer period because of the purpose(s) for which it was originally collected.
How can you access to your personal information?
If you want access to your personal information held by Caltex, please put your request in writing and clearly identify the personal information you seek access to. This is important to ensure that the information can be retrieved quickly and cost effectively. All requests for access must be addressed to The Privacy Compliance Officer (see contact details below).
Depending on the circumstances, Caltex reserves the right to charge you a reasonable administrative fee. For example, Caltex's reasonable administrative costs might include:
- reasonable staff costs in locating and collating the information;
- reasonable reproduction or photocopying costs; and
- reasonable costs involved in having someone explain the information to you.
If a fee is charged for providing access, you will be advised of the likely cost in advance.
In some instances, Caltex may not release the personal information. For example, if the information reveals a formula or the details of a commercially sensitive decision-making process, then, in these instances, Caltex may decide to give you an explanation of the commercially-sensitive decision rather than direct access to the information.
What if your personal information is inaccurate?
Caltex will take reasonable steps to correct personal information that is inaccurate. You should contact Caltex if your personal information changes. If Caltex believes it is inappropriate to delete or alter the original information, it will discuss with you alternative ways of correcting the information that satisfies the needs of both parties.
Where a request to correct personal information relates to credit-related information, Caltex will notify the individual of its decision as to whether it agrees to correct that information in writing. Where Caltex does not agree to amend credit-related personal information held about you, Caltex will provide you with reasons for its decision and details of how you may make a complaint about Caltex's decision.
How do you make a complaint?
If you wish to make a complaint to Caltex about a possible breach of privacy, please provide full details of your complaint in writing and send it to the Privacy Compliance Officer (see contact details below).
Individuals inquiring about their rights and remedies for breaches of privacy can access detailed information at the Australian Privacy Commissioner's website.
If your complaint specifically concerns credit- related personal information and you believe Caltex has not complied with its obligations under the Privacy Act or the Credit Reporting Code of Conduct, Caltex will acknowledge any complaint within 7 days of receiving it, and aim to investigate and resolve complaints within 30 days. If that is not possible, we will seek to agree a longer period with you. Caltex will notify you of the outcome of its investigation in writing, including details of how you make a complaint if you are not satisfied with Caltex's decision.
How will changes to this policy be notified?
How to contact us?
If you would like more information concerning Caltex's approach to privacy or how Caltex handles your personal information you can write to:
The Privacy Compliance Officer
Caltex Australia Petroleum Pty Ltd
2 Market Street
SYDNEY NSW 2000
Updated: November 2016