Redox Ltd and its related bodies corporate (together, ‘Redox’, ‘we’, ‘our’, ‘us’) recognise the importance of protecting the privacy and the rights of individuals in relation to their personal information. In the development of Redox‘s privacy policies and standards, we take into consideration the laws relating to privacy protection of personal information applicable to us in every jurisdiction in which we operate.
This policy describes how Redox collects, holds, uses and discloses personal information.
Your rights in relation to our handling of your personal information
You may exercise certain rights in relation to our handling of your personal information by contacting us as set out at the end of this document, including to:
- Access personal information we hold about you (and if we deny access in some circumstances, we will tell you why).
- Ask us to correct personal information about you that you think is incorrect or incomplete. If we refuse your request, we will tell you why and you can ask us to make a note of your requested correction to the information.
- Complain if you feel we have violated your rights. We may request additional details from you regarding your concerns and may need to engage or consult with other parties in order to investigate and deal with your issue. We will keep records of your request and any resolution. If your concerns are not resolved to your satisfaction, you may contact the Office of the Australian Information Commissioner at www.oaic.gov.au or on 1300 363 992.
- Ask more information about our approach to handling and protecting your personal information.
Collection of your Personal Information
Circumstances of collection
We collect personal information in a number of ways, including:
- From you directly, for example when you submit forms and applications to us or provide information verbally;
- From records of communications and activity including by email, online and telephone or surveillance (CCTV);
- From third party sources including publicly available information, your representatives, referees, academic institutions, and our service
- providers; and
- By generating new information through reviews, analysis, and calculations on other information.
Generally, we will tell you why we are collecting information when we collect it and how we plan to use it or these things will be obvious when we collect the information.
Types of personal information we typically collect
We usually collect personal information such as:
- Your name and contact details (e.g. email address and telephone numbers);
- Proof of identification documents (such as driver’s licences and passports);
- In relation to individuals that work for us or apply for a position with us, human resources information e.g.:
- Qualifications, skills, experience;
- Background checks (e.g. references, financial probity, criminal records);
- Other information included in job applications and provided in the course of interviews;
- Work performance and conduct;
- Health and safety information including drug and alcohol tests;
- Records of training;
- Payroll and superannuation information; and
- Use of IT and work resources including emails and web browsing history;
- In relation to investors, information relating to your application or shareholding, e.g., the number of shares you hold or seek, any power of attorney you grant, your shareholder reference number or holder identification number and your tax file number if you choose to provide it.
Use and Disclosures
Why we collect, hold, use and disclose your personal information
We typically collect, hold, use and/or share your personal information for the following purposes:
- To operate and improve our business (including to maintain and update our records and operate our website) and provide our services;
- To respond to your enquiries and requests;
- To communicate and manage our relationships with stakeholders including customers, suppliers, investors, staff and other stakeholders;
- To protect the health, safety and security of our customers, staff, sites and assets;
- In relation to individuals that work for us or apply for a position with us, for human resources purposes, including recruitment, training and workforce management and administration;
- In relation to investors, to assess applications, manage your investment and provide investor services;
- As required or authorised by law, including:
- in relation to investors, the Income Tax Assessment Act and the Corporations Act;
- in relation to personnel, the Fair Work Act, Superannuation Guarantee (Administration) Act, the Income Tax Assessment Act and other tax laws, Corporations Act, occupational health and safety acts and workers compensation acts;
- To exercise and defend our legal rights e.g., in connection with legal claims and processes; and
- For corporate transactions such as business mergers and acquisitions, e.g., to assess or facilitate those transactions and manage the transition of the business.
We may not be able to do these things without your personal information. For example, we may not be able to communicate with you or deal with your enquiries. For staff, we may in some cases take disciplinary action including termination if you refuse to provide important information.
We may exchange your personal information with other Redox entities and third parties including:
- Third parties who provide services we use to run our business (such as external service providers that assist us to perform human resources, information technology and other shared services functions, that provide IT services or that provide security for our sites or systems);
- Our professional advisors (such as our lawyers and accountants);
- Prospective purchasers of all or part of our business or of any shares in a Redox entity;
- Government authorities or other persons for lawful purposes (for example, we disclose payroll and tax details to the tax office); and
- In relation to individuals that work for us or apply for a position with us, employers seeking a reference, academic institutions, health service providers and referees.
Sometimes, we may disclose information to countries other than where the information was originally collected, including to Redox entities, service providers or third parties in countries where Redox may do business in from time to time, including Australia, New Zealand, Malaysia, USA, Mexico, UK.
Use of our Website
We may contact you for direct marketing purposes, in order to provide you with information about our products and services. These marketing communications may be sent either directly by Redox or through appointed third-parties in various forms.
At any time you may opt-out of receiving marketing communications from Redox by contacting Redox via our online contact forms or by contacting our third-parties whom you are receiving the communication from and unsubscribe.
Redox strives to ensure the security and integrity of personal information, including where service providers hold it on our behalf. We use a variety of physical and electronic security measures including restricting physical access to our offices and firewalls and secure databases to protect personal information from misuse, loss and unauthorised use and disclosure. Unfortunately, no data transmission over the Internet can be guaranteed to be totally secure.
Online links to Third Party Sites
Redox may establish relationships with business partners that allow visitors to our Internet sites to link directly to sites operated by these partners.
Application of the United Kingdom and European Union Privacy Laws to Redox
The privacy protection framework in the UK is set out by the Data Protection Act 2018 (UK) and regulated by the UK General Data Protection Regulation (collectively, the UK Privacy Laws). The provisions of the European Union General Data Protection Regulation (EU GDPR) make up the EU Privacy Laws which was incorporated directly into domestic law within the UK and is applicable to those countries which are members of the EU. The UK Privacy Laws and EU GDPR set out the key principles, rights and obligations for most processing of personal data in the UK or EU which contain additional protections and notable differences when compared to the Australian Privacy Act and other privacy laws in countries we operate.
Application of this Section
- when you visit or use our website from the UK or a country which is a member of the EU;
- if you become an employee, contractor, agent, vendor or service provider to us and are based in the UK or the EU;
- you interact with Redox (UK) Limited (Company Number 13332302);
- we provide our goods or services to you whilst you are located in the UK or the EU; and
- we monitor your behaviour whilst you are located in the UK or the EU.
Personal data for the purposes of the UK Privacy Laws and EU GDPR means “any information relating to an identified or identifiable natural person” and includes but is not limited to a name, email, address, identification number, location data, an online identifier, any factor specific to the physical physiological, genetic, mental, economic, cultural or social identity of a natural person, or any other type of information that can be reasonably identify an individual, either directly or indirectly.
For the purposes of the UK Privacy Laws and EU GDPR, Redox may be a data controller or data processor of your personal information, whereas the natural person to whom the personal information belongs (you) is the data subject. Our related bodies corporate will also be data processors of your personal information.
Data subject agrees
The legal basis on which we process personal information
Where required by law, we will ensure there is a legal basis for the processing of your personal information. In most cases our legal basis will depend on the personal information concerned and the specific context in which we collect it.
- Contract: the processing is necessary for the performance of the services or goods we provide to you, or in order to take steps (at your request) prior to, and anticipation of, performing, such services or providing such goods;
- Legal obligation: the processing is necessary to comply with our legal obligations, including compliance with applicable laws, regulations, governmental and quasi-governmental requests, court orders or subpoenas;
- Consent: the processing is based on your consent to the processing of your personal information for one or more specified purposes (e.g. marketing);
- Legitimate interests: the processing is necessary to meet our legitimate interests, for example to develop and improve our website, products and/or services for the benefit of our customers; or
- Vital interests: the processing is necessary to protect your vital interests (for example, health and safety reasons if you attend a meeting at a Redox location)
If you have any questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact our privacy officer on the details below.
Your data subject rights
In addition to the rights set out above, you are also entitled to additional data subject rights under the UK Privacy Laws and EU GDPR. For a detailed description of all your rights, we recommend you refer to the UK Privacy Laws or EU GDPR whichever is applicable to you, Respectively, you also have the:
- Right to erasure – If you no longer require our services, you can request that we erase all your personal information from our personal information holding systems by submitting to us the right to erasure request form set out in this Policy at Annexure 2 below.
- Right to restriction of processing – You have the right to restrict how we process your personal information. This right is enforced by the privacy principles for which we comply and only process your personal information for the primary purposes that it was collected.
- Right to object – You have the ability to object to our processing of your personal information for the purposes that it was collected for, provided we have no legal reason to use it or other valid reason.
- Right to data portability – This is the right to request that we transfer the personal information that we have collected which concerns you to another organisation or data controller, or directly to you in a commonly used and machine-readable format, under certain conditions.
If you wish to exercise any of your data subject rights, you can contact us on the contact details provided in this Policy below. We will respond to you as soon as reasonably possible and in any event at least within one month of receipt of your request.
International transfers of personal information
Your personal information may be transmitted through, stored or processed in countries other than your home country, in which case the information is bound by the laws of these countries, which include Australia, New Zealand, Malaysia, the United States of America and Mexico.
We made an “adequacy decision” with respect to the Privacy Laws of each of these countries. Transfers to each of these countries will be protected by appropriate safeguards, namely:
- with respect of any of our service providers:
- the overseas recipient does not breach the UK Privacy Laws or EU GDPR; or
- the overseas recipient is subject to a law, or binding scheme, that has the effect of protecting the information in a way that, overall, is at least substantially similar to the protection under the UK Privacy Laws or EU GDPR; and
- any disclosure will be done pursuant to agreements setting out the requirements for use, safeguarding, retention and disposal of such information, or as required by law; or
3. you have consented to us making the disclosure.
Retention of your personal information
Complaints about privacy
If you are based in the UK and are unhappy with the way that we are handling your complaint or your personal information, you have the right to make a complaint to the Information Commissioner’s Office (ICO) which is the UK supervisory authority for data protection issues. You can contact the ICO at https://ico.org.uk/ or on 0303 123 113.
Alternatively, if you are based in a country that is a member of the EU and are unhappy with the way that we are handling your complaint or your personal information, you have the right to make a complaint to the National Data Protection Authority (NDPA) in your EU member state. You can find the contact details of your NDPA at https://edpb.europa.eu/about-edpb/about-edpb/members_en.
Employees and jobs applicants
Please contact your Human Resources Manager by email.
Please contact us via the following communication methods:
Locked Bag 15
Minto NSW 2566
+61 2 9733 3000
Use of our Website and our Services
We use technologies that are essentially small data files placed on your computer, tablet, mobile phone, or other devices (referred collectively as a “device“) that allow us to record certain pieces of information whenever you visit or interact with our site, services, applications, messaging, and tools.
Where possible, security measures are set in place to prevent unauthorised access to our cookies and similar technologies. A unique identifier ensures that only we and/or our authorised service providers have access to cookie data.
Service providers are companies that help us with various aspects of our business such as site operations, services, applications, advertisements, and tools. We use some authorised service providers to help us to serve you relevant ads on our services and other places on the internet. These service providers may also place cookies on your device via our services (third party cookies). They may also collect information that helps them identify your device, such as IP-address or other unique or device identifiers.
What are Cookies?
Cookies are small text files that are sent by our website to your device while you are browsing which are processed and stored on your web browser or hard drive of your computer. The cookie is then sent back to our website each time you visit it from your browser.
Cookies record information about your visit to our website, allowing us to remember you the next time you visit and provide a more meaningful experience. Cookies may tell us information such as whether you have visited our website before or whether you are a new visitor. Cookies are also used for profiling activities to measure and enhance the effectiveness of our marketing and improve our services to you.
Cookies do not typically contain any information that personally identifies you, but personal information that we store about you may be linked to the information stored in and obtained from the cookies.
Cookies may either be persistent cookies or session cookies:
- a persistent cookie will be stored by a web browser on the hard drive of your computer and will remain on your device until its set expiry date, unless deleted by you before the expiry date;
- a session cookie on the other hand, is temporary and will expire at the end of your session when you close your web browser.
There are two broad categories of cookies:
- first party cookies, placed directly by our website on your device; or
- third party cookies, which are placed on your device by a third party on our behalf such as an advertiser or an analytic system.
You are free to block, delete or disable these cookies if your device permits it. You can manage your cookies and your cookies preferences in your browser or device settings.
What are Pixel Tags?
In addition to using cookies, we may use pixel tags and other web technologies such as CAPTCHA’s to improve our website’s performance, enhance your browsing experience and to protect our website against spam robots. A pixel tag is a tiny invisible tag or graphic placed on certain parts of our website, in emails or in certain other downloadable content, but not on your computer, mobile device or browser, except to the extent that you download the content that contains such tags. We may use pixel tags and other web technologies to track your behaviour while on our website, site conversions, web traffic and other metrics similar to a cookie.
What are Similar Technologies?
Similar technologies are technologies that store information in your web browser or device by utilising local shared objects or local storage, such as flash cookies, HTML 5 cookies, and other web application software methods. These technologies can operate across all of your browsers and in some instances, may not be fully managed by your browser and may require management directly through your installed applications or device. We may use these similar technologies to store your website preferences, personalise your visit and for other site operations.
We use the terms “cookies” or “similar technologies” interchangeably in our Policy to refer to all technologies that we may use to store data in your web browser or device, or that collect information or help us identify you in the manner described above.
The cookies that we use collect personal information directly from you when you interact with us through our public, secured and third party provider website, provided that we have received your prior consent to collect this information.
Performance or Statistics Cookies: These cookies allow us to analyse your use of our website to enhance your experience using our website and to improve the performance and functionality of our website. In using performance cookies, we do not store any personal data and only use the information collected through these cookies in an aggregated and anonymised form.
Third Party Cookies: We utilise these cookies on certain pages of our website to communicate with third party data suppliers including Google Analytics and WordPress in order to extrapolate your digital behaviour. The cookies that these third parties collect may be used to help us understand how you interact with our website to improve your user experience or remember any information you have inputted into the enquiry forms on our website or other websites to make your experience more efficient. These third party cookies do not store any personal data and only use the information collected through these cookies in an aggregated and anonymised form. The third party cookies used on our website are covered by the third-parties’ privacy or cookies policies.
Social Media Cookies: These cookies allow you to share content from our website on social channels such as Facebook, LinkedIn and Twitter.
Third Party Websites
How to Manage or Delete Cookies?
You have the right to decide when accessing our website whether or not to accept the cookies that we use on our website. You can also set your browser not to accept cookies or delete cookies from your browser. You can block cookies by activating the settings on your browser that allows you to refuse the setting of all or some cookies.
If you accept some or all of the cookies that we use on our website you still have the option of setting your browser to notify you when you receive a cookie, so that you may determine whether to accept it or not. Do Not Track is another optional browser setting that allows you to set your preferences when being tracked by cookies of advertisers and other third-parties.
For more information on how you can block, delete, or disable cookies, how you can be notified of cookies you receive or activate the do not track setting, please review your browser or device settings.
If you have disabled one or more cookies, we may still use information collected from the cookies prior to you disabling the cookie. However, we will no longer use the disabled cookie to collect any further information.
Changes to this Cookies Policy
Click here to download the full Policy containing the Right to Erasure Request Form