We generally collect your personal information directly from you when you act on behalf of a purchasing organisation. When your organisation purchases products or services from us, you will be asked to provide personal information. This information is likely to include your name, employer name, contact title, phone, email and other business contact details (this is not an exhaustive list). We will also collect information on your interests, preferences, and survey and feedback responses as part of our business interest in developing and enhancing our services for our customers.
1.3. Orica website
When you visit our website, we may collect the following information from you directly and/or automatically. This is to say:
- information you provide to us if you contact us, for example to request general business and product/service information; and
- details of visits made to our website such as the volume of traffic received, domain name used, type of browser used, referring website, resources accessed and other logs (including, server address, the internet protocol (IP) address, location of the device connecting to our website, and other identifiers about the device and the date, time and nature of the visit).
1.4. Incident data
If you are involved in an incident at one of our sites, you will be required to submit personal information (including name and contact details) in order to assist us in managing our response to the incident.
1.5. Other query data
If you are lodging a query or complaint, you will be invited to submit personal information (including name and contact details) in order to assist us in responding to you.
1.6. RECRUITMENT PROCESS
If you are a prospective or current employee, further privacy information will be made available to you during the recruitment process, online via the Orica Careers Portal, and/or via your Orica HR Business Partner. Please also refer to the Q&A page for further information.
1.7. SENSITIVE PERSONAL INFORMATION
In certain circumstances, we may also collect sensitive information about you. Sensitive personal information is a type of personal information of a particularly private nature and includes (among other things and depending on jurisdiction) personal information about a person’s race, ethnic origins, trade union membership and health and genetic information.
Where required by applicable law, we will request your consent to the processing your sensitive personal information. Additional information about data processing purposes will be provided when sensitive information is collected from you.
2. For what purpose do we collect, hold and use your personal information?
We use your personal information for the following non-exhaustive list of purposes:
2.1. Providing our products and services
We use your personal information in order to carry out our obligations as a result of any contract entered into between your organisation and us and to provide your organisation with the products and services that you request from us.
2.2. Receiving services
We process personal information in relation to our suppliers, service providers and their staff as necessary to receive the services in question. For example, where a supplier is providing us with facilities management or other outsourced services, we will process personal information about those individuals that are providing services to us.
We also use personal information in relation to our suppliers, service providers and their staff to maintain up to date records of appropriate qualifications and experience of third parties, with respect to transport, handling or storage of dangerous goods sold by us.
2.3. Administering, managing and developing our businesses and services
We process personal information in order to run our business, including:
- managing our relationship with customers;
- our businesses and services (such as identifying customer needs and improvements in products and service delivery);
- promoting our products and services;
- maintaining our own accounts and records;
- maintaining and using IT systems;
- hosting or facilitating the hosting of events; and
- administering and managing our website and systems and applications.
2.4. Providing our clients with information about us and our range of products and services
We use customer business contact details to provide those individuals with information that we think will be of interest about us and our products, services and business operations, and information on safe use and handling of products. For example, industry updates and insights, other services that may be relevant and invites to events and training.
2.5. Complying with any requirement of law, regulation or a professional body of which we are a member
We are subject to legal, regulatory and professional obligations. We need to keep certain records to demonstrate that we are in compliance with those obligations and those records may contain personal information, for example in order to:
- comply with laws and regulations relating to access to security-sensitive products such as ammonium nitrate;
- participate in document disclosure processes mandated by law, such as discovery in court proceedings, or responding to subpoena or notices to produce information issued by competent authorities (for example, in some circumstances, a law enforcement agency or other government agency may exercise its legal authority to inspect personal information held by us); and
- notify or report to emergency services and other regulatory bodies.
2.6. Improving our products and services
We are continually looking for ways to help our customers and improve our products and services. We may use information that we receive in the course of providing our products services for other lawful purposes, including analysis, research and development to better understand a particular issue, industry or sector, provide insights back to our customers, to improve our business, service delivery and products and to develop new technologies and offerings.
We may also use your personal information to undertake research on enhancing safety, health, environment and security management, including longitudinal studies based on historic incidents.
We may contact you for direct marketing purposes, in order to provide you with information about our products and services that we consider may be of interest to you. These marketing communications may be sent either directly by Orica or through appointed third-parties in various forms, including but not limited to email, mail, telephone, SMS or fax. We may seek your consent to send you marketing communications where we are required to do so to comply with applicable laws (for further information please see section 9.2 below).
At any time you may opt-out of receiving marketing communications from us by:
- contacting us at the contact details set out in section 11 below;
- contacting our third-party vendors whom you are receiving the communication from; or
- clicking on the unsubscribe link on any marketing communication that you receive from us.
Please note that if you opt-out of receiving marketing communications from us, we will still send you safety, security, or service related messages to the extent permitted by applicable laws.
We will only use your contact details to market Orica Group products and services. We do not provide your personal information to other organisations for the purpose of allowing them to market their products and services to you.
We may contact you to participate in surveys, in order to enhance the quality of Orica’s products and services to our customers. These survey communications may be sent either directly by Orica or through appointed third-parties in various forms, including but not limited to email, mail, telephone, SMS or fax. We may seek your consent to send you survey communications where we are required to do so to comply with applicable laws (for further information please see section 9.2 below).
At any time you may opt-out of receiving survey communications from us by:
- contacting us at the contact details set out in section 11 below;
- contacting our third-party vendors whom you are receiving the communication from; or
- clicking on the unsubscribe link on any survey communication that you receive from us.
Please note that if you opt-out of receiving survey communications from us, we will still send you safety, security, or service related messages to the extent permitted by applicable laws.
2.9. Processing required by law
We may use your personal information if we believe doing so is required or appropriate to:
- comply with law enforcement or national security requests and legal process, such as a court order or subpoena;
- respond to your requests;
- protect yours', ours' or others' rights, property, or safety;
- to enforce our policies or contracts;
- to collect amounts owed to us; or
- when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity.
3. Practical consequences of not providing your personal information
If you do not provide us with the personal information described in section 1 above, or we do not disclose it as described in section 5 of this statement, then we may not be able to perform the activities for which we collect personal information as effectively, through your use of this website, as described in section 2 of this statement. For example:
- we may not be able to provide the requested products or services, or important information about them, to you or your organisation, either at all or to the same standards;
- we may be limited in our ability to consider you or your organisation as a service provider for us; or
- we may not be able to respond to your questions or complaints promptly and effectively.
4. To whom may we disclose your information?
We may share your personal information with the following categories of recipients:
4.1. Other companies within the Orica Group
Your personal information will be used by us and disclosed to other companies within the Orica Group (including our head office in Australia, and all of its subsidiaries)..
If you are buying products or services from us on behalf of an organisation, your personal information will be used by us and disclosed to the organization which you represent.
4.3. Service providers
We may disclose your personal information to third party service providers who require access to such information for the purpose of providing specific services to us. These third parties will generally only be able to access your data in order to provide us with their services and will not be able to use it for their own purposes. Such services will include archival, auditing, accounting, community relations, customer or investor contact, legal, business consulting, banking, debt collection (including to list overdue debt with credit rating agencies where permitted by law), human resources, payment, delivery, data processing, research, training, website or technology services.
4.4. Regulatory bodies
We may disclose your personal information:
- to regulators, law enforcement agencies, government agencies, and judicial or administrative bodies;
- to data protection regulatory authorities; and
- to other regulatory authorities with jurisdiction over our activities.
4.5. Professional advisers, auditors and other third parties
We may disclose your personal information to professional advisors (such as legal advisors and accountants), auditors or other third parties for the purpose of providing professional services to us, or to enable us to enforce or defend our rights, only to the extent reasonably necessary, including without limitation to a rights holder in connection with an allegation of intellectual property infringement or other breach of a legal, equitable, or contractual obligation.
5. Disclosure of your personal information overseas
Our principal operations are in Australia, but we interact with people all over the world. The information that we collect from you may be transferred to, and stored at, destinations both within and outside Australia.
In compliance with data protection laws, we want to make sure that your personal information is stored and transferred in a way which is secure. We will therefore only transfer information overseas where it is compliant with data protection laws and the means of transfer provides adequate safeguards in relation to your information.
If we transfer your personal information overseas and where the country or territory in question does not maintain adequate information protection standards, we will take all reasonable steps to ensure that your information is treated securely and in accordance with this statement.
You may obtain a copy of Orica’s data safeguards by contacting Orica – See section 11 for contact details.
We are subject to a range of requirements, which require us to take steps to protect the security of personal information, and we take reasonable steps to ensure your personal information is protected from misuse, interference and loss, and from unauthorised access, modification or disclosure. The measures we employ include firewalls, encryption secure premises and data access controls.
Unfortunately, there is always risk involved in transmitting any data electronically, and any information, which you transmit to us online is transmitted entirely at your own risk (you also need to take active steps to protect against security risks on any system that you use). Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted over the internet and we do not warrant the security of any information, including personal information, which you transmit to us over the internet.
Please contact us using the details in section 11 if you become aware of any breach of security or privacy of your personal information.
7. Access your personal information and your other rights
In accordance with data protection laws, you may have various rights in relation to the information, which we hold about you. We describe these rights below. To get in touch with us about any of these rights, please contact us using the contact details set out in section 11 below. If you are an Orica employee, you can self service using SuccessFactors. If you are a contractor, you can also contact your Orica manager or the HR business partner for your function or region.
In particular, you may request access to any personal information we hold about you at any time by contacting us using the contact details set out in section 11 below. Where we hold information that you are entitled to access, we will try to provide you with suitable means of accessing it, for example, by mailing or emailing it to you. We may charge you a fee to cover our administrative and other reasonable costs in providing the information to you, where permitted by applicable law. We will not charge for simply making the request and will not charge for making any corrections to your personal information.
There may be instances where there are legal restrictions on granting you access to the personal information we hold. If that happens, we will give you written reasons for any refusal.
If you believe that personal information, we hold about you is incorrect, incomplete or inaccurate, then you may request us to amend it. We will consider if the information requires amendment. If we do not agree that there are grounds for amendment, then we will add a note to the personal information stating that you disagree with it.
If you are a contractor, we may provide you with access to Orica systems that allow you to self-serve your requests for access, correction as well as updating your personal information. Where you don’t have access to Orica systems, please contact us using the contact details set out in section 11 below.
We will seek to deal with any request under this section 7 without undue delay, and in any event within one month (subject to any extensions to which we are lawfully entitled). Please note that we may keep a record of your communications to help us resolve any issues which you raise.
For those individuals in the European Union who engage with us, under the General Data Protection Regulation ("GDPR") you have the following specific rights in relation to your personal information:
7.1. Right to object
This right enables you to object to us processing your personal information where we do so for one of the following reasons:
- because it is in our legitimate interests to do so (for further information please see section 9.1 below);
- to enable us to perform a task in the public interest or exercise official authority;
- to send you direct marketing materials; or
- for scientific, historical, research, or statistical purposes.
7.2. Right to withdraw consent
Where we have obtained your consent to process your personal information for certain activities, you may withdraw this consent at any time and we will cease to use your information for that purpose unless we consider that there is an alternative legal basis to justify our continued processing of your information for this purpose, in which case we will inform you of this condition.
7.3. Data Subject Access Requests
You may ask us for a copy of the information we hold about you at any time, and request us to modify, update or delete such information. If we provide you with access to the information, we hold about you, we will not charge you for this unless permitted by law. If you request further copies of this information from us, we may charge you a reasonable administrative cost. Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will always tell you the reasons for doing so.
7.4. Right to erasure
You have the right to request that we "erase" your personal information in certain circumstances. Normally, this right exists where:
- the information is no longer necessary, and the information does not form part of a historical business record;
- you have withdrawn your consent to us using your information, and there is no other valid reason for us to continue;
- the information has been processed unlawfully;
- it is necessary for the information to be erased in order for us to comply with our obligations under law; or
- you object to the processing and we are unable to demonstrate overriding legitimate grounds for our continued processing.
We would only be entitled to refuse to comply with your request for erasure for one of the following reasons:
- to exercise the right of freedom of expression and information;
- to comply with legal obligations or for the performance of a public interest task or exercise of official authority;
- for public health reasons in the public interest;
- for archival, research or statistical purposes; or
- to exercise or defend a legal claim.
If we refuse to comply with your request for erasure, we will always tell you our reason for doing so.
When complying with a valid request for the erasure of information we will take all reasonably practicable steps to delete the relevant information.
7.5. Right to restrict processing
You have the right to request that we restrict our processing of your personal information in certain circumstances, for example if you dispute the accuracy of the personal information that we hold about you or you object to our processing of your personal information for our legitimate interests. If we have shared your personal information with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on processing your personal information.
7.6. Right to rectification
You have the right to request that we rectify any inaccurate or incomplete personal information that we hold about you. If we have shared this personal information with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. You may also request details of the third parties that we have disclosed the inaccurate or incomplete personal information to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision. If you are an Orica employee, you are provided with self-service tools to correct personal information held about you. If you are a contractor, please contact your Orica Manager or the relevant HR business partner to assist you with this.
7.7. Right of portability
If you wish, you have the right to transfer your personal information between service providers. In effect, this means that you are able to transfer the details we hold on you to another third party. To allow you to do so, we will provide you with your information in a commonly used format so that you can transfer the information. See section 7.3 on getting access to the information that we hold about you.
7.8. Right to complain
You have the right to lodge a complaint with your local data protection authority. Before you do so, please raise the concern with us so that we can take steps to help address your concern.
Information on how to contact any European data protection authority can be found on the European Commission website.
Please note, you can also contact us to raise any query or complaint at any time (for further information please see section 11 below).
8. Retention and Destruction
We will not keep your personal information for longer than is necessary for the purposes for which we have collected it, unless we believe that the law or other regulation requires us to keep it (for example, to prevent and detect fraud or in connection with any current or anticipated claims or investigations) or if we require it to enforce our agreements.
In general, we will retain your personal information for as long as we provide services to you and, following that period, we will only retain your personal information for as long as is reasonably necessary in the circumstances.
When it is no longer necessary to retain your personal information, we will delete the personal information that we hold about you from our systems. While we will endeavour to permanently erase your personal information once it reaches the end of its retention period, some of your personal information may still exist within our systems, for example if it is waiting to be overwritten. For our purposes, this personal information has been put beyond use, meaning that, while it still exists in the electronic ether, our employees will not have any access to it or use it again.
9. Legal conditions for processing your personal information
Where applicable under the GDPR, there are a number of different ways that we are lawfully able to process your personal information. We have set these out below.
9.1. Where using your information is in our legitimate interests
We are allowed to use your personal information where it is in our interests to do so, and those interests aren't outweighed by any potential prejudice to you.
We believe that our use of your personal information is within a number of our legitimate interests, including but not limited to:
- to enable us to provide our products and services to our customers;
- to provide you with marketing communications about our products and services;
- to help us understand our customers better and provide better, more relevant products and services to them; and
- to help us keep our systems secure and prevent unauthorised access or cyber-attacks.
We do not believe that any of the activities set out in this statement will prejudice you in any way. However, you do have the right to object to us processing your personal information on this basis. We have set out details regarding how you can go about doing this in section 7 above.
9.2. Where you give us your consent to use your personal information
We are allowed to use your personal information where you have specifically consented. In order for your consent to be valid:
- it has to be given freely, without us putting you under any type of pressure;
- you have to know what you are consenting to – so we'll make sure we give you enough information;
- you should only be asked to consent to one thing at a time – we therefore avoid "bundling" consents together so that you don't know exactly what you're agreeing to; and
- you need to take positive and affirmative action in giving us your consent – we are likely to provide a tick box for you to check so that this requirement is met in a clear and unambiguous fashion.
As part of our relationship with you, we may ask you for specific consents to allow us to use your information in certain ways. If we require your consent, we will provide you with sufficient information so that you can decide whether or not you wish to consent.
You have the right to withdraw your consent at any time. We have set out details regarding how you can go about this in section 7 above.
9.3. Where using your personal information is necessary for us to carry out our obligations under our contract with you
We are allowed to use your personal information when it is necessary to do so for the performance of our contract with you. For example, we need to collect your payment details in order to be able to process payments for our services.
9.4. Where processing your personal information is necessary for us to carry out our legal obligations
As well as our contractual obligations to you, we also have other legal obligations that we need to comply with and we are permitted to use your personal information when we are required to do so, in order to comply with those other legal obligations.
9.5. Where processing your personal information is necessary for us to establish, exercise or defend legal claims
Sometimes it may be necessary for us to process personal information and sensitive personal information in connection with exercising or defending legal claims. Applicable data protection law may allow us to do this where the processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
9.6. Where processing your personal information is necessary in order to protect your vital interests or the vital interests of another natural person
Sometimes it may be necessary for us to process personal information and sensitive personal information in connection with protecting your vital interests or the vital interests of another natural person (for example, checking an individual is fit and appropriate to handle explosives and blasting equipment).
10. Use of “cookies”
11. How to contact us
If you have any questions about this statement, any concerns or complaints regarding the treatment of your privacy, or would like to notify us of a possible infringement of your privacy, please contact us at:
The Orica Data Protection Officer handles privacy complaints. Please ensure that your email includes the country that you are based in so that we can best respond, as in some countries there are separate specific personnel tasked with data governance issues for that region.
If you are internal to Orica, please talk to Helpdesk or your HR contact or in respect of your personal information.
We will attempt to confirm, as appropriate and necessary with you, your understanding of the conduct relevant to the complaint and what you expect as an outcome. We will inform you whether we will conduct an investigation and the estimated completion date for the investigation process.
After we have completed our enquiries, we will contact you, usually in writing, to advise the outcome and invite a response to our conclusions about the complaint. If we receive a response from you, we will assess it and advise if we have changed our view.
If you do raise a complaint with us and are not satisfied with our resolution of your complaint, you have the right to raise the matter with the data protection authority in your country (for further information please see section 7 above).