1. GENERAL
Ravenswood Gold Pty Ltd and its related bodies corporate in the Ravenswood Gold group (referred to in this document as we, us or our) recognises that your privacy is very important, and we are committed to protecting the personal information we collect from you. The Privacy Act 1988 (Cth) (Privacy Act), Australian Privacy Principles (APPs) and registered privacy codes govern the way in which we must manage your personal information. This policy sets out how we collect, use, disclose and otherwise manage personal information about you.

2. WHAT WE COLLECT AND HOLD
Personal information is information about you. We may collect and handle personal information about you, that can identify you, and is relevant to the way you are interacting with us, for example, for business activities, or for employment opportunities. The types of personal information we collect includes: 1) Contact details including your name, address, contact details, date of birth and gender. 2) Employment information including former employment details (including taxation and income details), and relevant record checks (e.g., police and security). 3) Transactional information including bank account and credit card details, Australian Business Numbers and superannuation details. 4) Web information including your email address, IP address and MAC address. 5) Security and travel information including passport information, drivers licence number, nationality and visa details. We may also collect and hold sensitive information, such as images of you, your health or medical related information, and information about your ethnicity or race if it is reasonably necessary to comply with the law or if it is required to administer aspects of the relationship between you and Ravenswood Gold. For example, we may collect information relating to your health, medical history, or any disabilities. Health information also includes other personal information collected to provide, or in providing, a health service to you.

2.1 Purpose of collection
1) Personal information

The personal information that we collect and hold about you, depends on your interaction with us. Generally, we will collect, use and hold your personal information if it is reasonably necessary for or directly related to the performance of our functions and for the purposes of:
a) assessing your application for employment as an employee or contractor;
b) facilitating our internal business operations, including the fulfilment of any legal requirements such as those relating to safety and security);
c) protect and enforce our legal rights and obligations;
d) comply with applicable laws, regulations and our policies and standards;
e) assist us with queries raised;
f) external business activities such as transactions, and
g) keeping records as required

2) Sensitive information

Except as otherwise permitted by law, we only collect sensitive information about you if you consent to the collection of the information and if the information is reasonably necessary for the performance of our functions, as set out above.

We also use sensitive information to administer employment-related matters (even though you may not yet be an employee) such as to determine your fitness for work, eligibility for employment, safety matters and the provision of health treatment if necessary. Sometimes, we may collect sensitive information including from our employees and contractors to comply with workplace or equal opportunity laws and to improve our workplace diversity and conduct criminal record and medical checks.

If we intend to use or disclose your personal information in ways not described in this Privacy Policy, we will give you prior notification.

2.2 How we collect your personal and sensitive information

1) Personal information

We collect your Personal Information directly from you unless it is unreasonable or impracticable to do so.

We collect this information when you:
a) Engage with us through our business operations or when you provide services to us;
b) Use our online platforms (including our Human Resources Information System, Contractor Portal), WiFi services and social networks;
c) Call, email or send correspondence through the mail;
d) Apply for employment opportunities with us; or
e) Are recorded through electronic monitoring (i.e. drones, closed circuit television (CCTV), portable cameras and security access control systems.

2) Sensitive information

Except as otherwise permitted by law, we only collect sensitive information about you with your consent. Unless unreasonable or impracticable to do so, sensitive information about you will be collected directly from you. We may also collect sensitive information from third parties such as external health service providers.

We may gather personal and sensitive information indirectly through various means, such as publicly accessible sources, third parties authorised by you to share your information, current or former employers, educational institutions, professional and trade associations, authorised representatives, agents, or referees.

2.3 Failure to provide information

f the personal information you provide to us is incomplete or inaccurate, we may be unable to do the things described above.

If you do not want us to use your personal information in a particular way, you can contact our Privacy Officer (details below) to discuss how we can limit the collection, use or disclosure of your personal information.


2.4 Disclosure of Personal Information to a Third Party

We may disclose your information to a third party as part of our business operations, including to the following:
a) Professional advisors (such as accountants, auditors and lawyers);
b) Government and regulatory authorities;
c) Operational and maintenance contractors;
d) Information technology service suppliers.

2.5 De-identified personal information

e may anonymise and aggregate your personal information so that you are not identifiable and disclose the information to third parties or publicly. We may use that information for any purpose, including understanding our employees, improving employee programs, reporting purposes, and marketing or promotional purposes. We do not disclose aggregate information in a way that would identify you personally, unless permitted by law. However, please be aware there is always a risk of re-identification of de-identified personal information.

2.6 Use and disclosure

1) Personal information

Generally, we only use or disclose personal information about you for the purposes for which it was collected (as set out above). We may disclose personal information about you to:
a) Service providers, who assist us in operating our business (and these service providers may not be required to comply with our privacy policy), including certain contractors and contract managers, insurers and insurance loss adjusters, legal and other professional advisers, financiers;
b) Health service providers; and
c) Our related entities and other members of the Ravenswood Gold group, joint venture partners and other organisations with whom we have affiliations.

We also disclose your information to enforcement and investigative bodies to assist them in their investigations and you expressly consent to this.

The law also permits us to use or disclose personal information for other purposes in certain circumstances.

2) Sensitive information

Except as otherwise permitted by law, we only disclose your sensitive information with your consent, for the purposes for which it was collected, and to the parties described above.



3. SECURITY

We store your personal information and sensitive information in different ways, including in paper and in electronic form. We use appropriate technical and organisational security measures to secure your personal and sensitive information, including:
a) In servers located in Australia and may be available to other members of Ravenswood Gold through use of the it system (i.e. firewalls, data encryption and intrusion detection systems, system access restrictions).
b) Physical security, for example, site access controls.
c) Information security policies and standards for employees and contractors.



4. ACCESS

You may access the personal information and sensitive information we hold about you, upon making a written request. We will try to acknowledge your request within 14 days of its receipt, and to provide you with access to the information requested within 30 days. We will not charge you for processing your request.

We may decline a request for access to personal information or sensitive information in circumstances prescribed by the Privacy Act, and if we do, we will provide you with a written notice that sets out the reasons for the refusal (unless it would be unreasonable to provide those reasons).

If, upon receiving access to your personal information or sensitive information or at any other time, you believe the personal information or sensitive information we hold about you is inaccurate, incomplete, or out of date, please notify us immediately.

4.1 Employee Records Exemption
Please note that certain exemptions apply in respect of employee records, and so employees may not be entitled to the same level of access and correction as other individuals.

4.2 How long we store your personal information
Except where permitted by law, we only keep your personal information if required to conduct our business operations and maintain an appropriate record of our relationship with you. If we are legally required to keep your personal information for a certain period, we will do so.

4.3 Access to and correction of Personal Information
Where we hold personal information, you may request access or correction to that information we hold about you.

While we take reasonable steps to ensure that the personal information is accurate, up-to-date, complete, relevant, and not misleading, if you find that it is not, then you may request that we correct your personal information. In considering a request for correction, we may need to verify your identity and in some circumstances we may not to be able to effect the changes sought. We will provide reasons for all refusals to make corrections.

We will respond to a request to correct personal information within a reasonable time (generally within sixty (60) business days), although giving effect to any associated corrections which are sought by an individual may take longer if we need to contact any third-party organisations or notify other individuals about the request. No charge applies for the making of a request to correct personal information, upon refusing to affect the corrections sought, or upon correction of any relevant personal information by or on behalf of Ravenswood Gold.



5. COMPLAINTS AND FEEDBACK

If you wish to make a complaint about how we have handled your personal information or if you believe that we may have breached the privacy laws, then please contact us and we will take reasonable steps to address your complaint.

Please contact our Privacy Officer at:
Email Address: privacy@ravenswoodgold.com
Telephone: 07 4736 9100

Our Privacy Officer will investigate your complaint and respond to you promptly. If you are not satisfied with how we manage your complaint, you may contact the Office of the Australian Information Commissioner.

You can also contact our Privacy Officer if you have any queries about our Privacy Policy.

5.1 More information

For more information about privacy in general, you can visit the Australian Information Commissioner’s website at www.oaic.gov.au.