Privacy Policy

A. GENERAL
The aim of this Privacy Policy (‘Policy’) is to explain how and why Rhodes collects, uses, discloses and enables access and correction of Personal Information provided to Rhodes in Australia. This Policy also explains the kinds of Personal Information that Rhodes collects and holds.
In the course of its business activities Rhodes will collect, hold, use and disclose Personal Information in accordance with this policy, its obligations under the Privacy Act 1988 (Cth) (‘Privacy Act’) and the Australian Privacy Principles established under the Privacy Act.
This Policy applies to all Rhodes offices and Projects in Australia. Some Rhodes Projects may have additional or supplementary privacy policies that apply in respect of that Project only.
In the context of this Policy ‘Rhodes’ refers to Rhodes Project Services Pty Ltd and its Related Bodies Corporate operating in Australia.
This Policy does not include how Rhodes collects, uses, stores and discloses employee data. Refer to the Privacy of Personal Data Policy for how Rhodes manages employee data.

B. DEFINITIONS
1. ‘Agent’ – is any third party that collects or uses Personal Information under the instructions of, and for, Rhodes or to which Rhodes discloses Personal Information for use on Rhodes’s behalf.
2. ‘Rhodes’ – is defined in Section A.
3. ‘Rhodes Subcontract Workers’ – are current and former employees of Rhodes subcontractors.
4. ‘Personal Information’ – has the meaning given to it in the Privacy Act. In general terms, it is any information that can be used to personally identify you. This may include your name, address, telephone number, email address and profession or occupation. If the information we collect personally identifies you, or you are reasonably identifiable from it, the information will be considered Personal Information.
5. ‘Privacy Act’ – is defined in Section A.
6. ‘Privacy Officer’ – defined in Section C.
7. ‘Project’ – means any project or defined business activity being undertaken by Rhodes.
8. ‘Related Bodies Corporate’ – of an entity means another entity which is
1. related to the first entity within the meaning of Section 50 of the Corporations Act 2001 (Cth of Australia)
2. in any consolidated entity (as defined in Section 9 of the Corporations Act) which contains the first entity; or
3. an express trust of which an entity described in paragraph a or b above is a trustee.
9. ‘Sensitive Information’ – means personal data (including information or an opinion) about an individual’s racial or ethnic origin, political opinions and memberships, religious or philosophical beliefs or associations, trade union membership, criminal record, health information or the health services they have received, details of their sexual orientation, or their biometric or genetic information.
C. GUIDANCE, CONTACT DETAILS AND COMPLAINTS HANDLING
For any questions concerns or a complaint regarding a possible breach of privacy, please contact Rhodes’s Privacy Officer using the details set out below.
Rhodes’s Privacy Officer can be contacted at:
Post: Attn:
The Privacy Officer
PO Box 100
Kew East VIC 3102 Australia
Email: privacy@rhodesprojects.com
Rhodes will treat the complaint or grievance confidentially. It will investigate the complaint and aim to ensure that a Rhodes representative contacts the individual and that their complaint is resolved within a reasonable time (and in any event within the time required by the Privacy Act, if applicable).

D. PRIVACY POLICY
1. What is Rhodes’s general approach to privacy compliance?
Rhodes respects the privacy rights and interests of any party whose Personal Information it collects, uses, discloses, stores or otherwise processes. Rhodes adheres to the following general principles when collecting, holding, using and disclosing Personal Information:
• Personal Information will be processed in a transparent and open manner, in accordance with applicable laws and this Policy.
• Personal Information will be collected for legitimate purposes.
• Unsolicited Personal Information that could not have otherwise been collected directly from the individual must be destroyed or de-identified.
• Before Rhodes collects Personal Information, notification will be provided about: the purposes for which Personal Information is collected and used; how the individual can access, change or make complaints about the collection, holding, use or disclosure of their Personal Information; the types of third parties to which Rhodes discloses their Personal Information; the means Rhodes offers for limiting the use and disclosure of their Personal Information; and the security measures that Rhodes adopts to safeguard their Personal Information; and details of possible disclosure to overseas recipients.
• Reasonable steps will be taken to maintain Personal Information accurately and the individual will be given the opportunity to request correction to Personal Information.
• Rhodes will offer individuals the opportunity to ask where Rhodes is collecting Personal Information from.
• Rhodes will notify individuals if their Personal Information will be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.
• Personal Information will be relevant to and not excessive for, the purposes for which it is collected and used.
• Rhodes will notify individuals if their Personal Information is to be disclosed to overseas recipients and the likely countries of disclosure where practical.
• Rhodes will obtain assurances from its Agents that they will safeguard personal information consistent with this policy. Where Rhodes has knowledge that an Agent is using or disclosing Personal Information in a manner contrary to this policy, Rhodes will take reasonable steps to prevent or stop the use or disclosure.
• Reasonable precautions will be taken to prevent: unauthorized or accidental destruction, alteration or disclosure of; accidental loss of; unauthorized access to; misuse of; unlawful management of; or damage to, Personal Information.
1. What Personal Information does Rhodes collect and hold?
In the course of conducting its business activities, Rhodes may collect the following types of Personal Information:
• name;
• mailing or street address;
• email address;
• telephone number;
• facsimile number;
• age or birth date;
• profession, occupation or job title; and
• any additional information relating to that individual that is provided to Rhodes, whether through Rhodes’s representatives or otherwise
2. How does Rhodes collect Personal Information?
Rhodes collects Personal Information from individuals in various ways, including:
• through individuals’ access and use of Rhodes’s website;
• during conversations, either verbal or through e-mail communication, between individuals and Rhodes’s representatives;
• from the individual whose Personal Information is being collected (such as when that person applies for a job or other role with Rhodes);
• through recordings which may enable identification of individuals (such as CCTV footage, photographs, audio or other images);
• from the individual’s employer, if that individual is not a Rhodes employee; and
• when Rhodes otherwise interacts with the individual in the course of its business activities.
In some circumstances, Rhodes may collect Sensitive Information from the individual, such as where health information is collected if the individual is asked to submit to a drugs and alcohol test. Sensitive Information will only be collected with the consent of the individual.
Rhodes may also collect Personal Information about individuals from third parties including:
• that individual’s current or former employer;
• from service providers, including health history, credit history or employment information; or
• from regulatory entities such as law enforcement agencies and other government entities.
3. What happens if Rhodes can’t collect Personal Information?
If individuals do not provide Rhodes with the Personal Information described above, some or all of the following may happen:
• Rhodes may not be able to answer the individual’s query or provide any documents or other materials requested;
• Rhodes may not be able to offer the individual a job or other form of engagement; or
• Rhodes may not be able to perform its other business functions relating to the individual, either to the same standard or at all.
4. What purposes does Rhodes collect, hold, use and disclose Personal Information?
Rhodes collects Personal Information about individuals so that Rhodes can perform its business activities and functions and answer any enquiries made by individuals. Rhodes will collect, hold, use and disclose Personal Information for the following purposes:
• to answer enquiries and provide information about existing and new Projects that Rhodes may be undertaking;
• to conduct business processing functions including providing Personal Information to Rhodes’s Related Bodies Corporate, contractors, service providers or other third parties;
• for the administrative, planning, quality control and research purposes of Rhodes and its Related Bodies Corporate, contractors or service providers;
• to provide updated Personal Information to Rhodes’s Related Bodies Corporate, contractors or service providers;
• to update Rhodes’s records and keep individuals’ contact details up to date;
• for security management;
• for health and safety management;
• for subcontract management;
• for tracking the engagement of Rhodes Subcontract Workers and third parties;
• for communication with community members;
• for internal technical and operational support;
• to process and respond to any complaint made by individuals;
• managing human resources;
• to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or to co-operate with any governmental authority; and
• where required to protect its legal rights (e.g., to defend litigation or anticipated litigation)
5. Who does Rhodes disclose and transfer Personal Information to?
a. What third parties does Rhodes disclose Personal Information to?
Rhodes may disclose the Personal Information of individuals, including for the purposes set out above:
• to other Related Bodies Corporate of Rhodes for purposes connected with Rhodes’s business activities;
• for the legal and other reasons described below;
• to customers and Agents as described below;
• to Rhodes employees and Rhodes Subcontract Workers, for purposes connected with Rhodes’s business activities;
• to Rhodes’s other contractors or service providers for the purposes of its business activities (including without limitation to web hosting providers, IT systems administrators, mailing houses, couriers, payment processors, data entry service providers, electronic network administrators, and professional advisors such as accountants, solicitors, business advisors and consultants);
• to suppliers and other third parties with whom Rhodes has a commercial relationships, but only for the purpose of Rhodes’s business and related purposes; and
• to any other organization for any authorized purpose with the express consent of the individual whose Personal Information is collected.
b. What Personal Information Transfers Outside of Rhodes May Be Made? Rhodes may transfer Personal Information outside of Rhodes:
• where required as a matter of law (e.g., to tax authorities);
• where required to protect its legal rights (e.g., to defend litigation or anticipated litigation);
• where required in an emergency where the health or security of a Project Personnel is endangered (e.g., an accident at work); or
• where required for business purposes to Rhodes’s Related Bodies Corporate, third party suppliers and service providers outside of Australia.
c. Does Rhodes disclose Personal Information to anyone outside Australia?
Rhodes may disclose the Personal Information of individuals to its Related Bodies Corporate and third party suppliers and service providers located overseas for some of the purposes listed above.
Rhodes takes reasonable steps to ensure that the overseas recipients of Personal Information do not breach the privacy obligations relating to the management of the Personal Information of individuals.
Rhodes may disclose Personal Information to entities located outside of Australia, including the following:
• to its other offices located in Brazil, Canada, Chile, China, Egypt, Fiji, India, Indonesia, Japan, Korea, Malaysia, Papua New Guinea, Peru, Philippines, Poland, Qatar, Russia, Saudi Arabia, Singapore, Taiwan, Thailand, Turkey, United Arab Emirates, United Kingdom, United States. An overview of Rhodes’s global operations and the countries where it has offices can be viewed on: https://rhodesprojects.com/contact-us
• to data hosting and other IT service providers. An overview of Rhodes’s global operations and the countries where it has offices can be viewed on: https://rhodesprojects.com/contact-us

E. RHODES’S COMPLIANCE WITH OTHER PRIVACY OBLIGATIONS
1. Security and Confidentiality
Rhodes is committed to taking appropriate technical, physical and organizational measures to protect Personal Information against: unauthorized or accidental destruction, alteration or disclosure; accidental loss; unauthorized access; misuse; unlawful management; or damage.
These measures include equipment, application and information security, access security and training of Rhodes employees, who are required to collect, hold use and disclose Personal Information.
2. Access and Correction Rights
a. What Are Individuals’ Rights to Access Their Personal Information?
Any individual may inquire as to the nature of his/her Personal Information held by Rhodes. Rhodes will endeavour to respond to an inquiry without excessive delay and within the time limits prescribed by the Privacy Act (if any) or otherwise within a reasonable time period.
An individual wishing to access a copy of his/her Personal Information held by Rhodes should contact the Privacy Officer. Where Rhodes holds information that an individual is entitled to access, Rhodes will try to provide the individual with suitable means of accessing it (for example, by mailing or emailing it to them).
In responding to a request for access to Personal Information, Rhodes may request for the requesting individual:
• to provide Rhodes with sufficient information to allow it to confirm their identity;
• in order to locate responsive information, to identify his/her concerns which led to or motivated the request; and
• to identify which Rhodes employee interacted with the individual and the nature of the Personal Information requested
b. What Are Individuals’ Rights to Correct Their Personal Information?
If an individual believes the Personal Information that Rhodes is holding about them is incorrect, incomplete or inaccurate, then the individual may request that Rhodes correct this information. An individual wishing to correct his/her Personal Information held by Rhodes should contact the Privacy Officer.
Rhodes will consider if the information requires amendment. If Rhodes does not agree that there are grounds for amendment, then the individual may request that Rhodes adds a note to the Personal Information stating that the individual disputes the accuracy of their Personal Information.