PRIVACY POLICY

In this Privacy Policy, 'us' 'we' or 'our' means BlueScope Steel Limited (ABN 16 000 011 058) (BlueScope).
 

Personal Information
is information or an opinion about an identified individual, or an individual who is reasonably identifiable whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not.
For example, this may include your name, age, gender, postcode and contact details, as well as financial information.
 

Sensitive Information
includes information or an opinion about an individual’s racial or ethnic origin, political opinion, religious beliefs, sexual orientation, memberships of professional associations or trade unions, or criminal record, provided the information or opinion otherwise meets the definition of Personal Information. It also includes health information about an individual.

The types of Personal Information BlueScope will collect from you will depend on the circumstances in which that information is collected. It may include your name, date of birth, contact details such as current and previous address, telephone numbers, email address, occupation, details of shareholdings, information required for recruitment purposes, information required to open or maintain a trading account with BlueScope or otherwise do business with us, including your bank account details, information obtained through credit checks, information from prior dealings with BlueScope and statistical information on the use of BlueScope’s websites, such as your IP address, dates and times of visits.

Sensitive Information requires a higher level of protection under the Privacy Act. Where the collection of Sensitive Information is reasonably necessary for us to pursue one or more of our functions or activities, we will only collect such information when we obtain your express consent. In the event that the collection of your Sensitive Information is required or authorised by law, we will not need your consent.

We collect Personal Information through various means including: our websites, software products, interactions with our social media pages and advertisements, from publicly accessible social media profiles, orders for and provision of products, services or support, employment applications, third party service providers, credit checks, credit assessments and debt recovery actions, warranty claims, feedback from customers, our shareholder registry, provision of training and educational materials, content and services, responses to surveys or research conducted by us, and entries into competitions or trade promotions.

If you do not provide us with the information we request, we may not be able to fulfill the applicable purpose of collection, such as to supply products or services to you or to assess your application for employment.

Where lawful and practical, you have the right to remain anonymous or to make use of a pseudonym, however if you choose to remain anonymous or to use a pseudonym, we may not be able to provide you with access to some or all of our websites or to our other products or services.

The Privacy Act contains certain exemptions in relation to certain acts undertaken in relation to employee records and related bodies corporate. Where appropriate we make use of relevant exemptions in the Privacy Act.

Where practicable, we will collect Personal Information directly from you. If we receive information about you from someone else (for example from someone who supplies goods or services to us or is our customer), we will take reasonable steps to ensure you are aware that we have collected Personal Information about you and the circumstances of the collection.

Our main purposes for collecting, holding, using and disclosing Personal Information are to: supply and obtain products or services or software; provide training and educational materials, content and services; respond to enquiries; assess and process warranty claims; assess employment applications; undertake research and surveys, analyse statistical information, conduct trade promotions, comply with legislation and regulations, comply with our internal policies, including in relation to occupational health and safety, diversity, workers compensation, the Fair Work Act and environmental matters, inform you of changes to our business and our products, give you access to our websites and software, and for marketing purposes, including to assist in developing our websites and software.

We may disclose Personal Information for the purposes described in this Privacy Policy to our employees and related bodies corporate, third party suppliers and service providers (including providers for the operation of our websites and/or our business in connection with providing our products and services to you), professional advisers, dealers, payment systems operators (e.g. merchants receiving card payments), our existing or potential agents and representatives, business partners, anyone to whom our assets or businesses (or any part of them) are transferred, specific third parties authorised by you to receive information held by us, your employer in instances where you register or participate in training or educational activities with us that are related to your employment, customers in response to inquiries made by those customers’ clients, and other persons, including government agencies, regulatory bodies and law enforcement agencies, or as requested, authorised or permitted by law.

We generally explain at the time we collect Personal Information how we will use or disclose that information. We will only use or disclose Personal Information for a secondary purpose where such use or disclosure is compliant with the Privacy Act.

In carrying out our business, it may be necessary to share information about you with and between our related bodies corporate and organisations that provide services to us. These related bodies corporate and organisations may combine this information with other Personal Information they hold about you.

We may hold your Personal Information in either electronic or hard copy form. We take reasonable steps to hold your Personal Information securely by protecting it from misuse, interference and loss, as well as unauthorised access, modification or disclosure. To achieve this, we use a number of physical, administrative, personnel and technical measures to protect your Personal Information. However, we cannot guarantee the security of your Personal Information.

We may disclose Personal Information to recipients outside of Australia. This may include our related bodies corporate, across the various jurisdictions in which they operate (see https://www.bluescope.com/about-us/where-we-are/ for the list of countries in which we operate), for the purposes set out in this Privacy Policy. From time to time we may also store some Personal Information in servers located overseas, or may disclose Personal Information to our service providers who assist us to operate our businesses and provide products and services to our customers and third parties. Examples include CapGemini (a multinational company, headquartered in France) and DXC Technology (a multinational company, headquartered in the USA).
We will take reasonable steps to ensure that any overseas recipient will deal with such Personal Information in a way that is consistent with the Australian Privacy Principles.

We may, from time to time, send you direct marketing communications in the form of emails, SMS, mail or other forms of communication in accordance with the Privacy Act and the Spam Act 2003 (Cth). If you no longer wish to receive such communications, please contact us using the details set out in section 15 (‘Contacting Us’) and ask to be removed from our mailing lists or use the unsubscribe facilities included in our marketing communications.

We sometimes use cookie technology on our websites to provide information and services to website visitors. Cookies are pieces of information that a website transfers to your computer's hard disk for record keeping purposes and are a necessary part of facilitating online transactions. Most web browsers are set to accept cookies. Cookies are useful to determine overall traffic patterns through our websites. If you do not wish to receive any cookies, you may set your browser to refuse cookies. This may mean you will not be able to take full advantage of the services on the website.

Our websites may contain links to third party websites. These linked websites are not under our control and we are not responsible for the content of those websites nor are those websites subject to our Privacy Policy. Before disclosing your Personal Information on any other website, we recommend that you examine the terms and conditions and privacy policy of the relevant website. BlueScope is not responsible for any practices on linked websites that might breach your privacy.

You can access the Personal Information we hold about you by contacting us using the details set out in section 15 (‘Contacting Us’). Sometimes, we may not be able to provide you with access to all of your Personal Information we hold about you and, where this is the case, we will tell you why. We may also need to verify your identity when you request your Personal Information. Your information will usually be made available to you within 21 days.

If you think that any Personal Information we hold about you is inaccurate, please contact us using the details set out in section 15 (‘Contacting Us’) and we will take reasonable steps to ensure that it is corrected.

If you think we have breached the Privacy Act, or you wish to make a complaint about the way we have handled your Personal Information, you can contact us using the details set out in section 15 (‘Contacting Us’).

Please include your name, email address and/or telephone number and clearly describe your complaint. We will investigate your complaint and will use reasonable endeavours to respond to you in writing within 30 days of receiving the written complaint. If we fail to respond to your complaint within 30 days of receiving it in writing or if you are dissatisfied with the response that you receive from us, you may have the right to make a complaint to the Office of the Australian Information Commissioner.
The Office of the Australian Information Commissioner can be contacted using the details set out below:

Online Complaints: Through the Privacy Complaint Form located at https://forms.business.gov.au/smartforms/landing.htm?formCode=APC_PC
Online Enquiries: Through the Enquiries Form located at https://forms.business.gov.au/smartforms/servlet/SmartForm.html?formCode=APC_ENQ
Post: GPO Box 5218, Sydney NSW 2001
Phone: 1300 363 992 (Monday–Thursday, 10am–4pm AEST/AEDT)

If you have any concerns or complaints about how we handle your Personal Information, or if you have any questions about this Privacy Policy or our practices, please contact us at privacyquestions@bluescope.com.

We value inclusion and encourage our People to share their ideas and feedback.

We are committed to fostering a culture of speaking up when something isn’t right. If you see something that is not consistent with Our Bond, our Code of Conduct – How We Work or any Guiding Document including this Policy, you should speak up.

If you wish to speak up, raise a concern or complaint or seek further advice you should speak with your manager or your local People or Ethics & Compliance representative, send an email to ethics@bluescope.com or contact BlueScope’s externally managed confidential hotline at www.bluescopespeakup.deloitte.com.au or by email bluescopespeakup@deloitte.com.au.

For further information please see BlueScope’s Speak Up Policy.

We reserve the right to change this Privacy Policy at any time and notify you by posting an updated version of the policy on our website. If at any point we decide to use personal information in a manner materially different from that stated at the time it was collected we will notify you by email or via a prominent notice on our website, and where necessary we will seek your prior consent.