Security and Privacy Statement
Privacy at CSR
This policy for Boral CSR Bricks falls under CSR. CSR respects the privacy of individuals. This policy outlines the way we manage personal information that we collect or that is provided to us. It applies to CSR Limited and Australian companies in the CSR group (CSR).
CSR is bound by National Privacy Principles (Principles) contained in the Commonwealth Privacy Act. In summary, the Principles describe 'personal information' as information (or an opinion) relating to an individual that can be used to identify that individual.
Why does CSR collect personal information?
CSR is major manufacturer and supplier of building materials. We are also a large sugar producer and have a substantial investment in aluminium smelting. To operate our businesses, we need to collect some information about the people we deal with. As a publicly listed company, we also maintain records of our shareholders. Collecting personal information is also necessary in some circumstances to meet our legal obligations.
What kind of personal information does CSR collect and how does CSR collect it?
CSR generally collects and holds personal information about:
- our employees;
- contractors who provide services to CSR;
- our customers;
- our suppliers;
- our shareholders;
- job applicants; and
- other people who may come into contact with CSR or one of CSR's businesses.
The type of information we collect varies, depending on the purpose, and may include (but is not limited to) name, address, contact details, credit information and marketing information.
This information may be obtained by way of forms filled out, information provided in person or by telephone by the individuals themselves, or from a third party (for example, a reference).
How do we use personal information and to whom may we disclose it?
In general, CSR uses personal information to:
- provide products or services that have been requested;
- maintain relationships with suppliers and contractors;
- provide ongoing information about CSR products and services to CSR customers; and
- comply with legal obligations.
Depending on the product or service concerned, personal information may be disclosed to:
- other divisions or organisations within CSR;
- service providers and specialist advisers to CSR who have been contracted to provide CSR with administrative or other services;
- insurers, credit providers, courts, tribunals and regulatory authorities as agreed or authorised by law;
- credit reporting or reference agencies or insurance investigators; or
- a person authorised by an individual.
Generally, we require that organisations outside CSR who handle or obtain personal information as service providers to CSR acknowledge the confidentiality of this information, undertake to respect any individual's right to privacy and comply with the Principles and this policy.
In most cases, if you do not provide information about yourself that CSR has requested, CSR may not be able to provide you with the relevant product or service.
CSR uses the personal information it collects about CSR shareholders to fulfil its legal obligations and to keep its shareholders informed of CSR's progress.
How do we treat sensitive information?
The Privacy Act defines 'sensitive' information as information about a person's racial or ethnic origin, religion, membership of political bodies, trade union or other professional or trade association, sexual preferences, criminal record or health.
Sometimes it may be necessary to collect sensitive information. If you provide CSR with sensitive information, it is CSR's policy that this information will be used and disclosed only for the purpose for which it was provided or another directly related purpose, unless you agree otherwise, or unless use or disclosure of this information is allowed by law.
The way we use tax file numbers and information received from a credit reporting agency about an individual is also restricted by law.
How do we manage personal information?
CSR trains its employees who handle personal information to respect the confidentiality of that information and the privacy of individuals.
How do we store personal information?
CSR is required by the Principles to safeguard the security and privacy of your information, whether you interact with us personally, by telephone, mail, over the internet or other electronic medium. This includes an obligation to take reasonable steps to protect the personal information we hold from misuse, loss, unauthorised access, modification or disclosure.
The Principles also require CSR not to store personal information longer than necessary. Where CSR no longer requires any personal information that we hold, we will destroy that personal information or remove details which may identify individuals.
How do we keep personal information accurate and up-to-date?
CSR seeks to ensure that the personal information it holds is accurate and up-to-date. We realise that this information changes frequently with changes of address and other personal circumstances. We encourage you to contact CSR as soon as possible in order to update any personal information we hold about you. CSR contact details are set out below.
Can you check what personal information about you is held by us?
You may obtain access to any personal information which CSR holds about you, unless one of the exceptions in the Principles applies.
To make a request to access information CSR holds about you, please contact CSR in writing. CSR will require you to verify your identity and to specify what information you require. CSR may charge a fee to cover the cost of verifying the application and locating, retrieving, reviewing and copying any material requested.
What if you have a complaint?
How do you contact us?
If the particular CSR business or activity is unable to deal with a privacy complaint to your satisfaction, please contact CSR by e-mail, post, phone or facsimile:
Post: CSR Limited, Locked Bag 6, Chatswood NSW 2057
Phone: (02) 9235 8000
Fax: (02) 9235 8044