This policy applies to Engenco Limited ABN 99 120 432 144 and all its related companies, and subsidiaries (together the ‘Engenco Group or Engenco’). The Engenco Group provides a range of products and solutions for transportation, employing over 500 people in two countries across three main business units: power and propulsion, rail, and workforce solutions and training.
Headquartered in Australia, the Engenco Group also has an office in Sweden and is required to comply with the Australian Privacy Act, as well as the General Data Protection Regulation (GDPR), as we process the personal information of individuals in the European Union.
The Engenco Group is comprised of three divisions:
Throughout this policy, references may be made to specific divisions within the Engenco Group, to provide greater transparency about how the Engenco Group uses your information.
In order to provide the products the Engenco Group manufactures, services we provide, and employment to staff, it is necessary for us to collect personal information.
1) In our Power and Propulsion, and Rail businesses we collect the following information if we are negotiating sales or taking orders from you:
a. Your business contact details, including name, company you work for, business phone number and email.
2) In our Workforce Solutions businesses we collect the following information:
a. personal details including name, address, date of birth, country and city of birth, citizenship, gender, ethnic origin, personal mobile number, languages spoken, and any disability information
b. employment details including company name, email, start date of employment and employment status
c. education, qualification and industry details including unique student identifier and rail industry worker card number.
3) For our People, please see Appendix 1 – Employment.
The Engenco Group collects personal information about you which is reasonably necessary to:
.
The Engenco Group collects personal information about you directly from you and from third parties.
Where we collect information directly, this can be:
The Engenco Group may also collect your personal information from other parties. The categories of information that we collect from other sources includes:
Where possible, you have the option of interacting with us anonymously (for example, as a visitor of the website) or using a pseudonym, if you would prefer to deal with us in this way. For example, if you contact the Engenco Group by telephone with a general question, we will not ask for your name or contact details, unless we need these to answer your question.
Wherever possible, the Engenco Group will try to collect personal information from you directly, rather than from third parties, unless it is unreasonable or impractical to do so.
The Engenco Group will not collect sensitive information about you unless required or permitted by law, or where you consent for us to do so.
Sensitive information includes information relating to:
Sensitive information will only be collected if it is relevant to the products or services we are being engaged to provide, or for employment purposes. If applicable, this will be communicated to you. For example:
1) details of health information may be collected where you are completing fitness for work testing through our Workforce Solutions businesses,
2) details of your criminal record, driving history or a disability may be collected by our Workforce Solutions businesses where you are completing industry training where these records are relevant, or
3) gender or ethnic background could be collected in relation to your employment with one of the companies within the Engenco Group or where you are undertaking vocational training through our Workforce Solutions businesses.
Further information regarding the categories of information collected for employment purposes is provided in Appendix 1 – Employment and further information regarding fitness for work testing is below under Health Information.
As part of the services the Engenco Group offers through our Workforce Solutions business, we are engaged to organise fitness for work testing for our clients in the form of pre-employment medicals and rail medicals. Therefore, where necessary, and with your consent, Engenco collects health information where we are engaged to organise this medical testing.
Dependant on the level of fitness for work testing required, Engenco may collect the following types of health information about you, on behalf of our third party service provider: information regarding psychological health, sleepiness, alcohol and drug usage (evidenced by breath and urine analysis), hearing, vision, heart check, blood test, mobility, musculoskeletal assessment, and overall general wellbeing.
All medical testing is completed by Complete Medical Services (CMS). By agreeing to participate in any fitness for work testing, you acknowledge and agree that CMS will collect and use your personal information for the purpose of proving your fitness for work, and in accordance with CMS’s privacy policy, which is available at: Privacy and Managing Your Health Information – Company Medical Services
The Engenco Group may also source health information where this is relevant to your employment with the Group, for example, where you may have an injury or disability relevant to the requirements necessary to perform your role.
The Engenco Group does not share any health information for any purpose other than your application for employment, provision of employment, or as part of our service offerings in our Workforce Solutions businesses, or as otherwise notified to you at the time we collect your information.
The Engenco Group uses personal information about you for the purpose for which it was provided to us, including to:
In order to process your personal data lawfully under applicable privacy laws, the Engenco Group needs to identify the lawful basis for using, or processing, your data. The Engenco Group relies on one or more of the following lawful bases for processing your personal data:
With your consent where required by law, the Engenco Group may communicate with you through the preferred communication channels you have selected, which may include by email, telephone, SMS, iM, mail, or any other electronic means including via social networking forums, to:
The Engenco Group may use or disclose information to combine the information that we hold, with information collected from other sources. The Engenco Group does this for the purpose of developing customer insights, so that we can serve you better. This includes being able to better understand your preferences and interests, enhance the products and services you receive, and to tell you about products and services that may be of interest to you. If any of these insights are provided to others, such insights are based on aggregated information and do not contain any information that identifies you.
If you have provided your consent to receive direct marketing, you can withdraw it at any time.
If you no longer wish to receive marketing communications from Engenco Group, please contact privacy@engenco.com.au
The Engenco Group collects information for the purpose of providing our products and services to you and to comply with our legal obligations. You can review the terms of any application or your contract with the relevant company in the Engenco Group for the categories of information we need to collect, so that we can provide you with the product or services you require.
Where the Engenco Group is collecting information for legal purposes, this is likely to be so we can comply with our legal and reporting obligations such as workplace health and safety, company and income taxation laws and financial reporting.
If you don’t provide the Engenco Group with your information, we may not be able to:
In such circumstances, we will provide you with the most appropriate level of service that we can, without the additional information.
In compliance with relevant laws and to provide our products and services, the Engenco Group may share personal information between the different companies within the Engenco Group. We will do this where you have shown interest in the services offered by another member of the Engenco Group, for example, if you attend one of our vocational training courses, we will provide your details to our Workforce Solutions businesses if your training results highlight that you may be a good candidate for employment.
We may also disclose personal information with organisations outside of the Engenco Group. Any disclosure will occur for the purposes outlined above regarding how we use and process your information. Further detail of our disclosure to organisations outside of the Engenco Group is provided below:
The Engenco Group uses a number of different service providers (acting as data processors or intermediaries) who provide services to us, which then enables the Engenco Group to operate our business. Your personal information is transferred to, and stored by, these service providers, as our data processors, who generally fall under the following categories:
These ‘data processors’ only process information on our behalf. They won’t use your personal information for their own purposes and we only permit them to use any information provided in accordance with our instructions, our contract with them and the law. Please email us on: privacy@engenco.com.au if you would like further information on specific data processors, or the types of personal information they process for us.
In some circumstances, the organisations that the Engenco Group discloses personal information to may operate outside of Australia or, in the case of information collected within the European Union, outside the European Union. Where this occurs, the Engenco Group takes steps to protect personal information against misuse or loss and to comply with local law in respect of the transfer of your information from one jurisdiction to another.
The Engenco Group may share information, for example, when sharing personal information with our affiliates and service providers, to help us provide our products or services. Your personal information may be transferred to or stored in Australia, Singapore, Sweden, the Netherlands, Israel, the United Kingdom, Germany, Ireland and the United States.
Where the Engenco Group transfers your personal information to other countries, we will always take steps to ensure your information is afforded equivalent levels of protection as is required in your country of residence, and where the Engenco Group entity you are dealing with, operates.
Where we transfer your personal information outside the European Union to countries that are not covered by an adequacy decision of the European Commission (as applicable), we use appropriate safeguards that include Standard Contractual Clauses approved by the European Commission as appropriate, or other applicable measures including transfers to a third party that has implemented Binding Corporate Rules or where the specific situations outlined under Article 49 of GDPR apply. Engenco Group entities are bound by an Intercompany Personal Data Transfer Agreement that contains Standard Contractual Clauses.
We take reasonable steps to ensure that all information the Engenco Group holds is as accurate as possible. The rights that you have in relation to the information that we hold about you and how you may exercise these rights, is outlined in detail below.
The Engenco Group retains personal information in physical and electronic records, at our premises and the premises of our service providers, which may include processing or storage in the cloud. The majority of our cloud storage providers and data centres are located within the country in which you access the Engenco Groups’ products or services, however, where cloud storage services are utilised, your information may be backed-up in a different location and this may mean that your information could be stored outside Australia or the European Union. Where this occurs, the Engenco Group will protect the security and integrity of personal information as outlined above in International Information Transfers.
The Engenco Group keeps records of our interactions with you (including by telephone, email and online). We’re required to keep some of your information for certain periods of time in accordance with relevant laws and standards, such as under the Corporations Act, the Standards for Regulated Training Organisations, the ASX Listing Rules or the Fair Work Act. For example, we are required to keep your information for 3 years from the completion of industry training, 10 years from the termination of superannuation / pension fund facilities, and 7 years for financial records.
The Engenco Group may need to retain certain personal information after we cease providing you with products or services to ensure we comply with your direction not to receive marketing, or to resolve legal claims and/or for proper record keeping.
When the Engenco Group no longer requires your information for legitimate business purposes or to comply with relevant laws, we’ll ensure that your information is deleted, destroyed or de-identified.
The Engenco Group uses security procedures and technology to protect the information we hold. The Engenco Group has implemented appropriate technical and organisational measures to protect your personal information and ensure a level of security appropriate to the risk which includes cybersecurity controls, all employees being subject to confidentiality agreements, internal policies, auditing, training on handling personal information and monitoring of staff.
Where the Engenco Group engages third party service providers, we require them to take appropriate technical and organisational measures to secure the privacy of the information provided to them, and include such requirements in our contractual arrangements with them, to ensure compliance.
The Engenco Group would like to ensure you are aware of your data protection rights. Every individual is entitled to the following:
You may exercise any of the above rights by emailing privacy@engenco.com.au. To help protect your privacy and maintain security, the Engenco Group take steps to verify your identity before granting you access to your personal information or complying with your request. You may also designate an authorised agent to make a request on your behalf, as permitted under law. If you make any of the above requests, we have 30 days to respond to you. The Engenco Group may also charge a reasonable fee to comply with your request.
The Engenco Group’s products and services are not specifically directed at children under the age of 18 and we do not knowingly collect or share any information from children.
Some users of the vocational training programs offered by our Workforce Solutions businesses, are older teenagers who may complete the training whilst completing their high school studies or following completion of these. Any participation in training is only permitted with parental consent and students must be over the age of 17 to be eligible to participate in this vocational training. Any information received by the Engenco Group regarding these students, will only be used to provide the relevant training and ensure they receive any qualification due to them at the completion of the training.
Aside from secondary students participating in vocational training, if any personal information collected has been provided by a child under the age of 18, the Engenco Group will promptly cease any further business activities related to that individual, and delete that personal information in accordance with applicable law.
When you visit Engenco websites you will generally browse anonymously unless you have logged into a client portal or accessed the website from a personalised communication from Engenco.
For all visitors to Engenco’s website, we use cookies and other web browser technologies to collect information such as the server your computer is logged on to, your browser type (for example, Chrome, Safari, Microsoft Edge or Firefox), and your IP address. (An IP address is a number that is assigned to your computer automatically and required for using the Internet). Engenco may also derive the location associated with an IP address.
Once you have logged into a Engenco portal, accessed our website from an e-mail or other personalised communication sent to you, or provided us with personal information by completing a form online, we may be able to identify you and we may combine that with other information in order to provide you with a better online experience. If you would prefer not to be identified, you can delete the cookies and reconfigure the cookie preferences on your internet browser. Please see the Engenco Group Cookie policy for further information on cookie use.
Engenco delivers training to staff to help ensure that requirements of this policy are addressed and supported.
Engenco has processes in place to investigate data breaches involving personal information and will notify you of a data breach where we are required to do so under relevant laws, or as is otherwise appropriate in the circumstances. Where notification is required, Engenco will do so promptly and in accordance with the time period for notification provided for under the law, for example within 72 hours in jurisdictions governed by the General Data Protection Regulation.
For all questions and queries regarding your information, please contact privacy@engenco.com.au. Where you contact the Engenco Group seeking resolution of your privacy concerns, we will respond to let you know who will be handling your matter, and when you can expect a further response. The Engenco Group is committed to responding to all privacy queries within 30 days.
If you reside in Australia and your concerns are not resolved to your satisfaction via our internal channels, you may have rights to escalate your concerns to a Privacy Regulator. You can raise your complaint with the Office of the Australian Information Commissioner by contacting them on any of the methods below:
Phone: 1300 363 992
Post: GPO Box 5218, Sydney NSW 2001
Email: enquiries@oaic.gov.au
Web: www.oaic.gov.au
If you live in the European Union and your concerns are not resolved via our internal channels, please contact the relevant EU Data Protection Authority in your country to make a complaint. For easy reference, a listing of several of the Data Protection Authorities within the EU Member States is here: Data Protection Authorities (DPA) | GDPR Register
This policy will be reviewed and updated as business and regulatory changes occur, so the policy remains accurate and up-to-date.
We collect personal information from you when you apply for, and if you are successful in obtaining, employment with the Engenco Group. Please read the below for more information.
By providing personal details, submitting an application or CV, or registering interest for employment with the Engenco Group, you will supply us with personal information, including your application data, gender, right to work status, educational history, contact details and referee details. The Engenco Group will only collect, use and disclose your information where this is necessary for the administration of the recruitment process and, where applicable, your employment/engagement with Engenco, or where Engenco has a legitimate interest in processing the data. For example, this could be for the following purposes:
In carrying out the above activities, your information may be controlled and processed by any of Engenco Group officers, affiliates, agents, contractors and service providers. Where it is necessary for your data to be transferred to other jurisdictions, we will take steps to protect your information against misuse or loss and will comply with local law (where relevant) in respect of the transfer. Please see the When your information is disclosed / transferred to others section of our Privacy Policy for further details.
You are not required by law to submit your information, but the Engenco Group may not be able to accept or process your application for employment if the information is not supplied. You may request access to your information (and the correction of incorrect information) at any time by contacting us at privacy@engenco.com.au.
The Engenco Group will cease to retain your personal data, or remove the means by which the data can be associated with you, once the application process is complete, and your information is no longer necessary for legal or business purposes.
In addition to the above, if you are successful in your application for employment with a company in the Engenco Group, the following information will be retained for the duration of your employment:
As with application information, Engenco Group will only retain your personal information collected for employment purposes, for as long as it is necessary to fulfil our obligations as your employer, and for a reasonable period after your employment has ceased, in accordance with business and legal requirements. Following this, Engenco Group will delete, destroy or de-identify your personal information.