Privacy
PRIVACY STATEMENT
Chimelite Holdings Limited is committed to recognising and respecting your privacy.
This Privacy Statement details how Chimelite Holdings Limited collects, holds, uses and discloses personal information. It sets out rights in relation to personal information and how you can contact us.
In this Privacy Statement, references to ‘Chimelite Holdings Limited’, ‘we’ or ‘us’ means Chimelite Holdings Limited Petroleum Ltd (ABN 55 004 898 962) and all related or subsidiary companies both in and out of Australia.
This privacy statement was last updated on 31 August 2021. The contents of this Privacy Statement and the disclaimer may be updated from time to time by publishing the updated version on Chimelite Holdings Limited’s website. You should regularly check this Privacy Statement and the Chimelite Holdings Limited Public Disclaimer to ensure you have the latest versions. By dealing with Chimelite Holdings Limited, you acknowledge that you have understood and accept the contents of this Privacy Statement and the disclaimer including any changes made to these documents by Chimelite Holdings Limited from time to time.
Who does this Privacy Statement apply to?
This Privacy Statement applies to:
Directors, officers and employees of Chimelite Holdings Limited.
Employees of contractors to Chimelite Holdings Limited.
Individuals external to Chimelite Holdings Limited including:
Visitors to and users of our website.
Visitors to our offices or sites.
Potential employees.
Investors or prospective investors, and employees of such investors.
Parties with whom Chimelite Holdings Limited has business relationships, and employees of such parties.
Joint venture participants.
Customers.
Stakeholders.
What is personal information?
Personal information is information or an opinion about you as an individual that identifies you or from which your identity can be ascertained, or any other information protected as ‘personal information’ under applicable law.
What is sensitive information?
Sensitive information means certain special categories of personal information that are deemed as ‘sensitive’ under applicable law.
Sensitive information includes information about a person's:
Racial or ethnic origin.
Political opinions.
Membership or political association.
Religious beliefs or affiliations.
Philosophical beliefs.
Membership of a professional or trade association.
Membership of a trade union.
Sexual preferences or practices.
Criminal record.
Health, genetics or biometrics.
Types of information collected
In the course of your dealings with Chimelite Holdings Limited, we, our agents and service providers may collect or receive some or all of the following information about you.
Website interaction information
When visiting Chimelite Holdings Limited’s website, Chimelite Holdings Limited keeps a record of your visit. The following information may be collected for statistical purposes and may be used by Chimelite Holdings Limited to help improve the website:
Your Internet Protocol (IP) address.
The previous site you visited.
Your type of browser and operating system.
The pages you access and the documents you download.
Chimelite Holdings Limited will not attempt to identify users or their browsing activities, however, government agencies may be entitled to inspect such records in the event of an investigation.
During your visit to our website, we may also ask you to provide us with other information. For example, if you wish to request information from us, you may provide your email address and information about your interests. Similarly, if you apply for a job via our website, we will receive details of your application (including your CV).
Cookies
The website uses tracking technologies called ‘cookies’, including to monitor the pages accessed by browsers on our website. Third party cookies may be placed by contracted service providers on Chimelite Holdings Limited’s website and Chimelite Holdings Limited may share anonymous aggregate information from the website with contracted service providers. You may set your browser to refuse cookies if you wish, although this may affect your browsing experience.
Cookies are small text files which are stored in memory or on your hard drive for record keeping purposes and are used to enhance Chimelite Holdings Limited’s website.
You may set your browser to refuse cookies without impacting the use of the Chimelite Holdings Limited website.The website uses cookies which perform the following functions:
utmz - records whether the visitor came from a search engine (and if so, the search keyword used), a link, or from no previous page (e.g. a bookmark).
utma - stores the amount of visits for each visitor, the time of the first visit, the previous visit, and the current visit.
utmb and utmc - checks how fast people leave and when a visit starts and ends.
WSS_FullScreenMode - indicates whether a page is shown in full screen mode and expires when you close your browser.
The cookies (other than WSS FullScreen Mode) are stored by Google Analytics to see how people visit the website and capture trends, but do not identify the user. The information may be collected for statistical purposes and used by Chimelite Holdings Limited to help improve the website.
Links to other websites and social media
Other websites and social media may be accessible via hyperlinks from the Chimelite Holdings Limited website. Chimelite Holdings Limited is not responsible for the levels of data protection afforded to you by these other websites and social media platforms. We encourage you to review the separate privacy guidance for these websites and platforms before using them.
Chimelite Holdings Limited may provide links to other websites and social media features (e.g. so that you can interact with Chimelite Holdings Limited on social media websites). As these are third party websites and features, Chimelite Holdings Limited cannot be responsible for your use of them.
Your use of other websites and social media features could lead to the collection or sharing of information about you.
Those websites and social media platforms are not subject to this Privacy Statement. Chimelite Holdings Limited encourages you to review the privacy guidance and settings of each website and social media platform with which you interact to assess whether the guidance and settings are satisfactory to you in relation to the collection, use and disclosure of information by those websites and platforms.
Please refer to the disclaimer for more information.
Other information
When you interact with us via other channels, we may also collect the following information about you:
Your name, title, role, biographical and contact details.
Current employment and position.
Information concerning your potential employment by Chimelite Holdings Limited.
Your usernames and passwords.
Biometric information or CCTV footage relating to maintaining security and safety with respect to Chimelite Holdings Limited sites, premises, systems, assets or people.
Your photograph.
Information required to facilitate site visits (including to provide personal protective equipment or meet dietary or cultural requirements).
Information concerning your Chimelite Holdings Limited shareholdings or relating to an investment in Chimelite Holdings Limited.
Your responses (including to competitions) on our social media platforms.
Survey and environmental and social impact assessment information.
Information collected in undertaking due diligence activities.
Information provided by you about incidents, complaints or grievances.
Other information relevant to your relationship with us.
For potential employees, we may collect date of birth, gender, tax file number, bank account details and may also need to collect information from third parties such as referees or publicly available information. Please refer to our careers section for further information about Chimelite Holdings Limited’s recruitment processes and the types of information collected.
The share registry for Chimelite Holdings Limited Petroleum Ltd is managed by Computershare Investor Services Pty Ltd (Computershare) and further details regarding the share registry are in this document. Please also see the “Links to other websites and social media” section of this Privacy Statement below.
In some limited cases, we may also make travel arrangements for third parties requiring additional travel related information. The personal information required will be discussed with you at the time of collection.
We may also collect, use or disclose personal information to regulatory or governmental agencies in the event of an investigation in order to meet our on-going regulatory and compliance obligations. Where permitted or authorised by law, we use systems designed to flag suspicions of potentially unlawful or fraudulent activity.
We will only collect the above personal information to the extent permitted by applicable law.
Third party information you provide
Occasionally, you may give us personal information about other people - for example your referees or authorised representatives. If so, you must tell those individuals that you are giving their personal information to us and that this Privacy Statement governs the collection, use, disclosure and storage of that information, and obtain their consent.
Government related identifiers
A government related identifier of an individual is one that has been assigned by a government agency or authority, or an agent of these, or a contracted service provider for a government contract acting that capacity. Examples of government related identifiers may include your Tax File Number or Medicare number. Chimelite Holdings Limited does not use government related identifiers as a means of identifying the personal information we may have collected about you.
Information about directors, officers, employees and contractors’ employees
In addition to the information outlined above, if you interact with Chimelite Holdings Limited as a director, officer, employee, or contractors’ employee, we, our agents or our service providers may collect some or all of the following information about you, where appropriate. Please note that this list is not exhaustive:
Your date of birth, gender, emergency contact and next of kin details.
Medical information.
Your tax file number and bank account details.
References about you.
Other recruitment related information including criminal record checks where permitted by law, sanctions and bankruptcy checks, directorships and shareholdings, 100 points identification, verification of qualifications or licenses and evidence of ability to work in Australia or another country.
Working with children checks.
Your passport, visa, frequent flyer number, driver’s license number and vehicle details.
Your GPS location when utilising Chimelite Holdings Limited vehicles and other plant and equipment.
Biometric information including samples and templates.
Information about your access to Chimelite Holdings Limited sites, premises, systems and assets.
Details of any grievance or disciplinary matters, whether brought by or against you or in which you are otherwise involved.
Details of any leave you take or request during your employment, or sickness absence including health-related information.
Diversity information including racial or ethnic origin, religious or other beliefs, and physical or mental health, including disability-related information.
Other information relevant to your relationship with us or the Chimelite Holdings Limited Employee Share Plan.
Medical information collected from employees may relate to pre-employment medicals, alcohol and drug tests, periodic medicals and related documentation to support ongoing fitness for work (such as for remote environments, to meet statutory requirements, demonstrate emergency response capability, travel or assurance relating to capacity or return to work), health and well-being (such as flu vaccinations) and occupational exposure monitoring. De-identified biometric information (e.g. blood pressure, cholesterol level and other medical test results) may be collected as summary information as to workforce health and the success of health and well-being initiatives.
For contractors’ employees, medical information may be captured for a Chimelite Holdings Limited clinic attendance, alcohol and drug testing or occupational exposure monitoring. A statement of compliance with medical requirements may be captured in Chimelite Holdings Limited’s contractor verification system.
Biometric data collected from directors, officers, employees and contractors’ employees may relate to maintaining security or safety with respect to Chimelite Holdings Limited sites, premises, systems, assets, equipment or people and absence monitoring. CCTV footage may be collected at Chimelite Holdings Limited premises and used, disclosed and stored for security and safety related purposes.
Chimelite Holdings Limited only collects, uses or discloses sensitive information about you as allowed by law, for example, where we need to process this information in order to make reasonable adjustments to the workplace for you, or where we have received your consent to do so and the collection is reasonably necessary for one or more of Chimelite Holdings Limited’s functions or activities, or the collection is necessary for the establishment, exercise or defence or a legal or equitable claim, or to meet some other legal obligation. See Why we collect, hold, use and disclose personal information below.
Why we collect, hold, use and disclose personal information
We use your information for our legitimate business interests, in order to comply with regulatory obligations and in connection with investigations or claims. Sometimes, we will ask for your express consent to use certain types of personal information and, where we do so, you may have the right to withdraw that consent.
Chimelite Holdings Limited may collect, use and store this personal information for the following legitimate business interests of Chimelite Holdings Limited, including:
Facilitating our internal business and oil and gas operations, work management and maintain proper business records.
Administering databases (including our contracts database).
Establishing and managing good commercial or stakeholder relations with you or the organisation with which you are associated.
Engaging in business sales or acquisitions or joint ventures.
Receiving and providing services (including maintaining records of business relationships).
Arranging travel.
Investigating or responding to any incidents, complaints or grievances.
Authenticating your access to protect and maintain the security and safety of Chimelite Holdings Limited-owned or operated premises, sites, systems and assets and people.
To monitor and take responsible action in relation to adherence to Chimelite Holdings Limited’s management system requirements
Learning more about customers, stakeholders and products, services or information you receive or may be interested in receiving.
Giving you the option of receiving our publications.
Inviting you to Chimelite Holdings Limited functions.
Taking steps to improve our products, services and stakeholder communication and our use of technology.
Billing and accounts.
Publishing information sources used in advertising and mailing lists for public relations.
We may also use your information in order to comply with the law or enforce the law or cooperate with investigations carried out by the police, government or regulators, or for the establishment, exercise or defence of a legal or equitable claims.
We may sometimes ask you for your consent to use personal information for other purposes. If we do, we will ask for your consent explicitly and you may be entitled to withdraw that consent.
Please refer to our careers section for further information about Chimelite Holdings Limited’s recruitment processes, Direct marketing and newsletters
Chimelite Holdings Limited may from time to time send marketing, newsletters or other informative communications to you in accordance with your instructions, with your consent, or as otherwise permitted by applicable law. If you do not wish to continue to receive this information, please contact our Privacy Officer or follow the unsubscribe instructions in the marketing communication.
Information about directors, officers, employees and contractors’ employees
In addition to the above, if you interact with Chimelite Holdings Limited as a director, officer, employee or contractors’ employee, Chimelite Holdings Limited may collect, use and store personal information for the following legitimate business interests of Chimelite Holdings Limited:
Carrying out the recruitment and administration of staff and human resources activities (including payroll and benefits administration, maintaining emergency contact and beneficiary details, assessing your performance, disciplinary procedures, absence monitoring and training/people management).
Facilitating the operation of employee incentive arrangements, such as bonus plans, the Chimelite Holdings Limited Equity Plan and the Executive Incentive Scheme (or any other employee equity plan introduced from time to time).
Facilitating participation in volunteering opportunities.
Undertaking due diligence activities.
Chimelite Holdings Limited may also collect, use and store personal information of directors, officers, employees or contractors’ employees in the following circumstances and for the following purposes:
Where processing your personal information is necessary for us to carry out our obligations under our contract with you, to ensure that you are properly fulfilling your obligations to us, and to ensure that we are fulfilling our obligations to others. There may be contracts which require personal information (including sensitive information) of contractors’ employees to be provided to Chimelite Holdings Limited. The contractor and Chimelite Holdings Limited will comply with applicable plans, policies, procedures and guidelines relevant to those contracts. However, if we do not collect, hold, use and disclose the personal information of such contractors’ employees (including sensitive information such as medical or biometric information), then such contractors’ employees may not be permitted to access Chimelite Holdings Limited owned or operated sites and the contractor may not be able to perform services for Chimelite Holdings Limited, especially if the collection, holding, use and disclosure of that information is required by law.
Where this occurs, consequences for you are set out in Chimelite Holdings Limited's policies, procedures and guidelines.Where processing your personal information is necessary for us to carry out our regulatory obligations. We may also collect, use or disclose personal information to regulatory or governmental agencies in the event of an investigation in order to meet our ongoing regulatory and compliance obligations. Where permitted or authorised by law, we use systems designed to flag suspicions or potentially unlawful or fraudulent activity.
Where processing your sensitive information is necessary for us to assess your work capacity. For example, we may need to make reasonable adjustments if have a disability or we may need to process your personal information to satisfy our obligations with respect to equal opportunities monitoring.
Where processing your personal information is necessary for us to establish, exercise or defend legal claims. We may process your personal information where necessary for us to establish, exercise or defend legal claims.
Where processing sensitive information is necessary for us to exercise our rights or carry out our employment and social security law obligations. For example, we may process your sensitive information in compliance with our equal opportunities obligations.
Do we disclose your personal information to anyone?
Unless you specify otherwise, we may disclose your information to the following groups, in each case in accordance with laws on data transfers:
Companies in the Chimelite Holdings Limited group (or to any prospective purchaser of all or part of the group or its assets), to third parties we work with or in connection with investigations, or for legal or regulatory reasons.
Companies in the Chimelite Holdings Limited group and to third parties who provide goods and services to the Chimelite Holdings Limited group, or carry out activities on behalf of, the Chimelite Holdings Limited group for the purposes set out in the section titled “Why we collect hold, use and disclose personal information”, including external service providers, consultants and professional advisers such as lawyers, auditors and accountants, technical support functions and IT consultants carrying out testing and development work on our business technology systems.
Tax, audit, or other authorities, when we believe that the law or other regulation requires us to share this data (for example, because of a request by a tax authority, as part of our statutory obligations, or to a court in response to a subpoena).
Cross-border disclosure of information
Due to the global nature of Chimelite Holdings Limited’s business, we may disclose your information to recipients who are outside of the country in which your personal information was collected. For example, the recipient may be in a country outside of Australia and the European Economic Area (EEA), which does not have laws in place that require your personal information to be protected in the same way as it would be within Australia or the EEA. Chimelite Holdings Limited will ensure that disclosure to overseas recipients occurs in accordance with applicable privacy laws and that measures are put in place to safeguard your personal information (e.g. contracts obliging the third party to protect your data).
Personal information held by Chimelite Holdings Limited may be disclosed for specific purposes from time to time and this may occur in the many countries around the world. The countries in which Chimelite Holdings Limited processes or stores data from time to time may include:
Australia.
United Kingdom.
Singapore.
Myanmar.
Canada.
European Economic Area.
USA.
Canada.
Japan.
Korea.
Senegal.
Republic of Ireland.
Timor-Leste.
India.
Personal information may be disclosed to providers around the world.
Chimelite Holdings Limited, its contracted services providers (and their affiliates or subcontractors) may also use cloud services, systems and servers both within and outside of Australia to store and manage your personal information. Chimelite Holdings Limited requires its service providers to ensure that any data transfer in relation to such cloud storage occurs in accordance with applicable privacy laws.
Chimelite Holdings Limited requires service providers it contracts with from time to time to take appropriate steps to protect the privacy and manage the security of your personal information.
If you have any further questions about the protections Chimelite Holdings Limited puts in place when transferring information overseas, please contact our Privacy Officer.
How we collect personal information
We may receive information about you whenever you interact with us, including via our website, emails, letters, applications, calls, enquiries about our products, our business or an investment in Chimelite Holdings Limited, or when you respond to surveys or other invitations to engage with Chimelite Holdings Limited, etc. We may also receive information about you from third parties (e.g. public registers).
If you are a director, officer, employee or contractors’ employee, we will generally collect personal information from you directly. However, sometimes information may be collected about you from some or all of the following other sources, where relevant. Please note that this list is not exhaustive:
From third parties, such as our agents or your representatives or (in the case of contractors’ employees) the organisation for which you work.
Your employer, in the case of contractors’ employees (for example, we may be organising travel and accommodation arrangements for you, in order for you to do some business with Chimelite Holdings Limited, so we may need to ask your employer about any health or special dietary requirements you have or your passport and/or visa details).
We may require personal information to ensure that you are covered by insurance policies and we request this information from a health provider or another insurance company in order to ensure coverage is quickly organised.
From public sources such as a public register, for example, to check directorships and shareholdings, as part of monitoring compliance with Chimelite Holdings Limited’s Code of Conduct and Supplier Code of Business Conduct.
In some cases, where entitled by law, you may also be entitled to withdraw your consent where this is the basis on which Chimelite Holdings Limited is processing your personal information.
How we secure and retain personal information
Security
The security of your personal information is important to us. Chimelite Holdings Limited takes such steps as are reasonable in the circumstances to protect personal information from loss, misuse, interferences, unauthorised access, modification or disclosure. However, please note that no method of protection is 100% secure and we cannot guarantee absolute security. If a security breach occurs, we will notify you of the incident and the measures taken to reduce risks in accordance with applicable law. Please notify us immediately if you become aware of any breach of security.
Chimelite Holdings Limited employs a number of means to protect your personal information, including:
External and internal premises security measures designed to ensure that your information is not capable of being seen or modified by unauthorised persons.
Restricted access to personal information.
Maintaining technology products designed to prevent unauthorised computer access.
Regular review and testing of our technology in order to improve the level of security.
Implementation of mandatory requirements in relation to use of Chimelite Holdings Limited’s IT Systems.
It is important to be aware that email is generally not a secure way to communicate. Personal information contained within emails sent to and from email addresses external to Chimelite Holdings Limited may not be secure.
Retention
Chimelite Holdings Limited will retain your data in line with good record-keeping practices. The relevant time period for retention of your information is determined in accordance with relevant legal and regulatory requirements, the purpose for which your personal information was collected, limitation periods for any claims that might arise and industry practice guidelines.
Chimelite Holdings Limited’s approach to retention and disposal of information groups ‘like information’ together in order to apply Chimelite Holdings Limited’s retention rules according to legal and operational requirements. This policy is based on best practice, the Australian Records Retention Manual and legal requirements in applicable laws. After the requisite time has passed, we will take such steps as are reasonable in the circumstances to attend to the destruction, de-identification or deletion of your personal information.
Individual rights
Chimelite Holdings Limited complies with applicable laws which grant individuals certain rights in respect of their personal information (e.g. rights to access, correct, delete, withdraw consent, complain etc.). You can contact our Privacy Officer to exercise your rights.
The rights that individuals have in respect of their personal information vary from country to country. We set out below a list of the key rights you should be aware of. Some rights will not apply in some jurisdictions and there may also be limitations on the ways in which rights can be exercised.
Please contact our Privacy Officer if you would like to request the exercise of any of these rights in relation to your personal information held by Chimelite Holdings Limited. If we deny your request, we will explain why.
Right to access
You may request access to or correction of any of the personal information Chimelite Holdings Limited holds about you. Your entitlement to access your personal information will be subject to applicable laws.
For more detailed requests for access to personal information, for example, access to information held in archives, a fee may be charged where permitted under applicable laws to cover the cost of retrieval and supply of this information to you.
Your request for access will be handled as soon as reasonably practicable. We will comply with applicable laws and, in any event, endeavour to process your request within 30 days after receiving the request. Some requests may take longer to process depending upon the nature of the personal information being sought.
Right to correction
Chimelite Holdings Limited takes reasonable steps to ensure that information is up to date and complete. However, if you believe the information we hold about you is inaccurate or incomplete, you may request that we correct it.
You may request that we correct any of the personal information which we hold about you, to ensure that having regard to the purpose for which we hold it, the information is accurate, up to date, complete relevant and not misleading.
If we have shared this personal information with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. You may also request details of the third parties that we have disclosed the inaccurate or incomplete personal information to.
If we refuse your request, we will tell you in writing why we have done so, as well as the mechanisms which are available to you to complain about our refusal and anything else of which we are required to inform you.
Right to object to, or restrict use of, data
You may write to us to object to us using your personal information – either generally or for specific purposes.
Right of deletion
In some circumstances, you may be able to request that Chimelite Holdings Limited erase some or all of the personal information we hold about you.
Right to data portability
If you have made personal information available to us for automated processing and have provided your explicit consent for that processing (or that processing is required for the purposes of a contract between Chimelite Holdings Limited and you), you may be able to ask us to transfer that data to you or a third party in a machine-readable format.
Right to withdraw consent
If you have given us explicit consent for the use of your personal information, you may later withdraw that consent (although this will not affect the lawfulness of our previous use of your information).
Right to make a complaint
If you believe that Chimelite Holdings Limited has not protected your personal information as set out in this Privacy Statement or has breached your privacy rights in any way, you may lodge a complaint with us by contacting our Privacy Officer using the contact details set out below.
On receipt of your complaint, Chimelite Holdings Limited will:
Provide a written acknowledgement or receipt
Promptly investigate the complaint and let you know if further information is required to investigate it
Endeavour to provide you with a substantive written response within 30 days
Contact our Privacy Officer
Our Privacy Officer is responsible for Chimelite Holdings Limited's management of data privacy. You can contact our Privacy Officer for all queries relating to data privacy or in order to exercise your rights.
Our Privacy Officer is able to receive queries on behalf of all Chimelite Holdings Limited entities and, if required, can also confirm which Chimelite Holdings Limited entity is a data controller of your personal information, and provide further contact details for that entity.
Note, our Privacy Officer does not amount to a data protection officer for the purposes of the European General Data Protection Regulation.
You can contact our Privacy Officer in any of the following ways:
By emailing [email protected]
By phone in Australia: +61 8 9348 4000, between 8:00 am and 4:00 pm AWST, Monday to Friday.
By sending a letter to:
The Privacy Officer
Chimelite Holdings Limited Petroleum Ltd
Mia Yellagonga
11 Mount Street
Perth, Western Australia 6000
You can also contact us by phone from outside Australia:
Singapore: + 65 6709 8021, from 8:00 am to 4:00 pm.
Canada: + 1 587 956 0913, from 8:00 am to 4:00 pm.
Privacy Regulators
We invite you to first discuss with us any concerns or queries you might have. If you are not happy with our handling of your concern or query, you can contact the relevant privacy regulator.
In Australia, the privacy regulator is the Office of the Australian Information Commissioner:
By telephoning 1300 363 992 (of +61 2 9284 9749 if calling from outside Australia).
By fax to +61 2 92849666.
By emailing [email protected]
By writing to:
Director of Compliance
Office of the Australian Information Commissioner
GPO Box 5218
Sydney, New South Wales 2001
In the European Union, the privacy regulators for each Member State are listed (along with contact details) on the following website: http://edpb.europa.eu/about-edpb/about-edpb/members.