ENGENCO GROUP PRIVACY POLICY

1) Background

This policy applies to Engenco Limited ABN 99 120 432 144 and all its related companies, and subsidiaries (together the ‘Engenco Group or Engenco’). The Engenco Group provides a range of products and solutions for transportation, employing over 500 people in two countries across three main business units: power and propulsion, rail, and workforce solutions and training.

Headquartered in Australia, the Engenco Group also has an office in Sweden and is required to comply with  the Australian Privacy Act, as well as the General Data Protection Regulation (GDPR), as we process the personal information of individuals in the European Union.

The Engenco Group is comprised of three divisions:

  • Power and propulsion (Drivetrain, Convair and Hedemora Turbo and Diesel)
  • Rail: Gemco Rail
  • Workforce Solutions: Momentum, Cert and Eureka.

Throughout this policy, references may be made to specific divisions within the Engenco Group, to provide greater transparency about how the Engenco Group uses your information.

2) Your information

In order to provide the products the Engenco Group manufactures, services we provide, and employment to staff, it is necessary for us to collect personal information.

1)    In our Power and Propulsion, and Rail businesses we collect the following information if we are negotiating sales or taking orders from you:

a.     Your business contact details, including name, company you work for, business phone number and email.

2)    In our Workforce Solutions businesses we collect the following information:

a.     personal details including name, address, date of birth, country and city of birth, citizenship, gender, ethnic origin, personal mobile number, languages spoken, and any disability information

b.    employment details including company name, email, start date of employment and employment status

c.     education, qualification and industry details including unique student identifier and rail industry worker card number.

3)    For our People, please see Appendix 1 – Employment.

3) Why the Engenco Group collects personal information

The Engenco Group collects personal information about you which is reasonably necessary to:

  • provide you with quality products, maintenance services, workforce labour and industry training solutions
  • consider applications for employment, and employ staff whose applications are successful
  • conduct marketing
  • comply with Australian Stock Exchange listing requirements and investor services, and
  •   fulfil our legal obligations, such as those relating to taxation, workplace health and safety, other workplace laws, or as otherwise authorised by you

.

4) How the Engenco Group collects your information

The Engenco Group collects personal information about you directly from you and from third parties.

Where we collect information directly, this can be:

  • in person
  • in documents
  • from telephone calls and emails
  • applications you make for employment with the Engenco Group directly or through our workforce solutions businesses
  • competitions you enter
  • sales negotiations
  • your use of our website or any electronic channels including social media, or from applications you make for participation in training programs we run.

The Engenco Group may also collect your personal information from other parties. The categories of information that we collect from other sources includes:

  •  staff lists / employee data as part of an application from an employer for their employees to complete industry training through our Workforce Solutions businesses
  • medical testing results, as outlined below under Health Information
  • criminal history and driving history from relevant government bodies if relevant to your vocational training and potential employment
  • student and industry identification numbers from government / industry bodies as part of our training businesses
  • employment application data from recruiters as well as results of medical testing and psychometric
  • testing (as necessary) as part of employment applications for roles within the Engenco Group
  • shareholder / investor details from Engenco’s share registry, and
  • online usage data, derived from cookies. Please see our Cookies Policy for further information.

Where possible, you have the option of interacting with us anonymously (for example, as a visitor of the website) or using a pseudonym, if you would prefer to deal with us in this way. For example, if you contact the Engenco Group by telephone with a general question, we will not ask for your name or contact details, unless we need these to answer your question.

Wherever possible, the Engenco Group will try to collect personal information from you directly, rather than from third parties, unless it is unreasonable or impractical to do so.

5) Sensitive Information

The Engenco Group will not collect sensitive information about you unless required or permitted by law, or where you consent for us to do so.

Sensitive information includes information relating to:

  • race or ethnicity
  • political or religious beliefs or affiliations or memberships regarding these beliefs
  • sexual life and sexual orientation
  • criminal record
  • biometric and health information (more on this below)
  • information about your affiliation with certain organisations, such as professional associations or trade unions.

Sensitive information will only be collected if it is relevant to the products or services we are being engaged to provide, or for employment purposes. If applicable, this will be communicated to you. For example:

1)    details of health information may be collected where you are completing fitness for work testing through our Workforce Solutions businesses,

2)    details of your criminal record, driving history or a disability may be collected by our Workforce Solutions businesses where you are completing industry training where these records are relevant, or

3)    gender or ethnic background could be collected in relation to your employment with one of the companies within the Engenco Group or where you are undertaking vocational training through our Workforce Solutions businesses.

Further information regarding the categories of information collected for employment purposes is provided in Appendix 1 – Employment and further information regarding fitness for work testing is below under Health Information.

6) Health Information

As part of the services the Engenco Group offers through our Workforce Solutions business, we are engaged to organise fitness for work testing for our clients in the form of pre-employment medicals and rail medicals. Therefore, where necessary, and with your consent, Engenco collects health information where we are engaged to organise this medical testing.

Dependant on the level of fitness for work testing required, Engenco may collect the following types of health information about you, on behalf of our third party service provider: information regarding psychological health, sleepiness, alcohol and drug usage (evidenced by breath and urine analysis), hearing, vision, heart check, blood test, mobility, musculoskeletal assessment, and overall general wellbeing.

All medical testing is completed by Complete Medical Services (CMS). By agreeing to participate in any fitness for work testing, you acknowledge and agree that CMS will collect and use your personal information for the purpose of proving your fitness for work, and in accordance with CMS’s privacy policy, which is available at: Privacy and Managing Your Health Information – Company Medical Services

The Engenco Group may also source health information where this is relevant to your employment with the Group, for example, where you may have an injury or disability relevant to the requirements necessary to perform your role.

The Engenco Group does not share any health information for any purpose other than your application for employment, provision of employment, or as part of our service offerings in our Workforce Solutions businesses, or as otherwise notified to you at the time we collect your information.

7) How the Engenco Group uses and processes your information

The Engenco Group uses personal information about you for the purpose for which it was provided to us, including to:

  • process applications for fitness for work and other vocational training purposes, as part of the activities in our Workforce Solutions businesses (as outlined above)
  • process applications for employment within the Engenco Group
  • respond to your requests before we provide you with an Engenco Group product or service
  • administer and manage our products and services (including monitoring, auditing, and evaluating those products and services)
  • marketing activities including direct marketing campaigns and promotions
  • customer surveys
  • communicate with you and deal with or investigate any complaints or enquiries
  • anonymise your data for our own purposes including product development
  • track website usage through Google Analytics. To the extent permitted by law, the Engenco Group may collect data in an automated manner and make and use automated decisions about visitors to any of the Engenco Group company websites, in order to provide or optimise our products and services, for security or analytics purposes, or to display advertisements and offers based on individual preferences, for any other lawful purpose. See further detail on the Engenco Group’s use of cookies, in our Cookies Policy, and
  • use or permit our affiliates to use your personal information to the extent that it is lawful to do so without your express permission. For example, we may from time to time use your personal information to inform you or your employer of new vocational training courses which we expect may be of interest. However, if you don’t want to receive such communications you can notify Engenco by using any of the details in the Contact Us section of this Policy.

8) Lawful basis for processing

In order to process your personal data lawfully under applicable privacy laws, the Engenco Group needs to identify the lawful basis for using, or processing, your data. The Engenco Group relies on one or more of the following lawful bases for processing your personal data:

  • the use is necessary in order to fulfil the contract we have with you, or to take specific steps before entering into a contract with you, or the company you work for, at your request;
  • the use is necessary to comply with the law, for example, to comply with company and income taxation laws;
  • the use is necessary for our legitimate interests or the legitimate interests of a third party (such as a client of our Workforce Solutions business); and
  • in certain cases, our lawful basis will be that you have given clear consent to our use of your information.

9) When your information is used for Marketing

With your consent where required by law, the Engenco Group may communicate with you through the preferred communication channels you have selected, which may include by email, telephone, SMS, iM, mail, or any other electronic means including via social networking forums, to:

  • tell you about other Engenco Group products, services and offers that may be of interest to you; and
  • run events, competitions and other promotions.

The Engenco Group may use or disclose information to combine the information that we hold, with information collected from other sources. The Engenco Group does this for the purpose of developing customer insights, so that we can serve you better. This includes being able to better understand your preferences and interests, enhance the products and services you receive, and to tell you about products and services that may be of interest to you. If any of these insights are provided to others, such insights are based on aggregated information and do not contain any information that identifies you.

If you have provided your consent to receive direct marketing, you can withdraw it at any time.

If you no longer wish to receive marketing communications from Engenco Group, please contact privacy@engenco.com.au

10) If you don’t share your information?

The Engenco Group collects information for the purpose of providing our products and services to you and to comply with our legal obligations. You can review the terms of any application or your contract with the relevant company in the Engenco Group for the categories of information we need to collect, so that we can provide you with the product or services you require.

Where the Engenco Group is collecting information for legal purposes, this is likely to be so we can comply with our legal and reporting obligations such as workplace health and safety, company and income taxation laws and financial reporting.

If you don’t provide the Engenco Group with your information, we may not be able to:

  • provide you (or the company you represent) with the products or services you are seeking from the Engenco Group
  • manage your product or service
  • respond to your requests
  • process an application you have submitted to us.

In such circumstances, we will provide you with the most appropriate level of service that we can, without the additional information.

11) When your information is disclosed / transferred to others

In compliance with relevant laws and to provide our products and services, the Engenco Group may share personal information between the different companies within the Engenco Group. We will do this where you have shown interest in the services offered by another member of the Engenco Group, for example, if you attend one of our vocational training courses, we will provide your details to our Workforce Solutions businesses if your training results highlight that you may be a good candidate for employment.

We may also disclose personal information with organisations outside of the Engenco Group. Any disclosure will occur for the purposes outlined above regarding how we use and process your information. Further detail of our disclosure to organisations outside of the Engenco Group is provided below:

11A. TRANSFERS OF PERSONAL INFORMATION TO DATA PROCESSORS

The Engenco Group uses a number of different service providers (acting as data processors or intermediaries) who provide services to us, which then enables the Engenco Group to operate our business. Your personal information is transferred to, and stored by, these service providers, as our data processors, who generally fall under the following categories:

  • medical practitioners appointed by Engenco Group, for the purpose of obtaining medical tests for
  • employment, rail safety and fitness for work (as outlined above in “Health Information”)
  • customers of our Workforce Solutions businesses, including schools, employers, Commonwealth or State and Territory government departments and authorised agencies and the National Centre for Vocational Education Research Ltd (NCVER) where you, or your employer, have enrolled you to participate in one of our vocational training courses
  • our industry partners, for potential employment opportunities following successful completion of vocational training through our Workforce Solutions businesses
  • electronic mailing platforms and social networking sites, who assist us to communicate with you including for direct marketing purposes with your consent
  • organisations that provide investor services, such as the management of our security register and the processing of our investor communications
  • service providers engaged to assist the Engenco Group comply with any legal or regulatory obligations imposed by regulators including those under company law, taxation law, workplace or work health safety laws, laws relating to consumer credit reporting, or reasonably arising in connection with our business operations, such as mandatory pension schemes and superannuation funds
  • IT services providers who provide the following services to the Engenco Group:
    ·       website analytics
    ·       website and data hosting
    ·       IT and system administration
    ·       document storage
    ·       email, contacts, calendar and video conferencing
  • customer relationship management (CRM), accounting and billing
  • insurers and banking providers to the Engenco Group
  • outside parties involved in a merger, acquisition or due diligence exercise
  • parties involved in a dispute, litigation, investigation, proceedings or enquiry
  • companies, third party service providers and professional advisers the Engenco Group or a member of the Engenco Group engages to perform certain functions for us, and
  • anyone you authorise.

These ‘data processors’ only process information on our behalf. They won’t use your personal information for their own purposes and we only permit them to use any information provided in accordance with our instructions, our contract with them and the law. Please email us on: privacy@engenco.com.au if you would like further information on specific data processors, or the types of personal information they process for us.

11B. INTERNATIONAL INFORMATION TRANSFERS

In some circumstances, the organisations that the Engenco Group discloses personal information to may operate outside of Australia or, in the case of information collected within the European Union, outside the European Union. Where this occurs, the Engenco Group takes steps to protect personal information against misuse or loss and to comply with local law in respect of the transfer of your information from one jurisdiction to another.

The Engenco Group may share information, for example, when sharing personal information with our affiliates and service providers, to help us provide our products or services. Your personal information may be transferred to or stored in Australia, Singapore, Sweden, the Netherlands, Israel, the United Kingdom, Germany, Ireland and the United States.

Where the Engenco Group transfers your personal information to other countries, we will always take steps to ensure your information is afforded equivalent levels of protection as is required in your country of residence, and where the Engenco Group entity you are dealing with, operates.

Where we transfer your personal information outside the European Union to countries that are not covered by an adequacy decision of the European Commission (as applicable), we use appropriate safeguards that include Standard Contractual Clauses approved by the European Commission as appropriate, or other applicable measures including transfers to a third party that has implemented Binding Corporate Rules or where the specific situations outlined under Article 49 of GDPR apply. Engenco Group entities are bound by an Intercompany Personal Data Transfer Agreement that contains Standard Contractual Clauses.

12. Keeping information accurate and up to date

We take reasonable steps to ensure that all information the Engenco Group holds is as accurate as possible. The rights that you have in relation to the information that we hold about you and how you may exercise these rights, is outlined in detail below.

12A. HOW THE ENGENCO GROUP STORES YOUR INFORMATION AND RETENTION PERIODS

The Engenco Group retains personal information in physical and electronic records, at our premises and the premises of our service providers, which may include processing or storage in the cloud. The majority of our cloud storage providers and data centres are located within the country in which you access the Engenco Groups’ products or services, however, where cloud storage services are utilised, your information may be backed-up in a different location and this may mean that your information could be stored outside Australia or the European Union. Where this occurs, the Engenco Group will protect the security and integrity of personal information as outlined above in International Information Transfers.

The Engenco Group keeps records of our interactions with you (including by telephone, email and online). We’re required to keep some of your information for certain periods of time in accordance with relevant laws and standards, such as under the Corporations Act, the Standards for Regulated Training Organisations, the ASX Listing Rules or the Fair Work Act. For example, we are required to keep your information for 3 years from the completion of industry training, 10 years from the termination of superannuation / pension fund facilities, and 7 years for financial records.

The Engenco Group may need to retain certain personal information after we cease providing you with products or services to ensure we comply with your direction not to receive marketing, or to resolve legal claims and/or for proper record keeping.

When the Engenco Group no longer requires your information for legitimate business purposes or to comply with relevant laws, we’ll ensure that your information is deleted, destroyed or de-identified.

12B. KEEPING INFORMATION SECURE

The Engenco Group uses security procedures and technology to protect the information we hold. The Engenco Group has implemented appropriate technical and organisational measures to protect your personal information and ensure a level of security appropriate to the risk which includes cybersecurity controls, all employees being subject to confidentiality agreements, internal policies, auditing, training on handling personal information and monitoring of staff.

Where the Engenco Group engages third party service providers, we require them to take appropriate technical and organisational measures to secure the privacy of the information provided to them, and include such requirements in our contractual arrangements with them, to ensure compliance.

13. Your rights in relation to your information

13A. YOUR RIGHTS

The Engenco Group would like to ensure you are aware of your data protection rights. Every individual is entitled to the following:

  • The right to access – You have the right to request we provide you with copies of your personal data.
  • The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request we amend the information we hold, if you believe this is incomplete.
  • The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
  • The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • The right to object to processing – You have the right to object to our using / processing of your personal information, under certain conditions.
  • The right to data portability – You have the right to request that we transfer the data that we have collected about you, to another organisation, or directly to you, under certain conditions.
  • The right to withdraw consent – You have the right to withdraw your consent to us using and processing your information. Please understand that we cannot retrospectively apply this request.
13B. HOW TO EXERCISE YOUR RIGHTS

You may exercise any of the above rights by emailing privacy@engenco.com.au. To help protect your privacy and maintain security, the Engenco Group take steps to verify your identity before granting you access to your personal information or complying with your request. You may also designate an authorised agent to make a request on your behalf, as permitted under law. If you make any of the above requests, we have 30 days to respond to you. The Engenco Group may also charge a reasonable fee to comply with your request.

14. Personal Information of Children

The Engenco Group’s products and services are not specifically directed at children under the age of 18 and we do not knowingly collect or share any information from children.

Some users of the vocational training programs offered by our Workforce Solutions businesses, are older teenagers who may complete the training whilst completing their high school studies or following completion of these. Any participation in training is only permitted with parental consent and students must be over the age of 17 to be eligible to participate in this vocational training. Any information received by the Engenco Group regarding these students, will only be used to provide the relevant training and ensure they receive any qualification due to them at the completion of the training.

Aside from secondary students participating in vocational training, if any personal information collected has been provided by a child under the age of 18, the Engenco Group will promptly cease any further business activities related to that individual, and delete that personal information in accordance with applicable law.

15. Dealing with the Engenco Group online

When you visit Engenco websites you will generally browse anonymously unless you have logged into a client portal or accessed the website from a personalised communication from Engenco.

For all visitors to Engenco’s website, we use cookies and other web browser technologies to collect information such as the server your computer is logged on to, your browser type (for example, Chrome, Safari, Microsoft Edge or Firefox), and your IP address. (An IP address is a number that is assigned to your computer automatically and required for using the Internet). Engenco may also derive the location associated with an IP address.

Once you have logged into a Engenco portal, accessed our website from an e-mail or other personalised communication sent to you, or provided us with personal information by completing a form online, we may be able to identify you and we may combine that with other information in order to provide you with a better online experience. If you would prefer not to be identified, you can delete the cookies and reconfigure the cookie preferences on your internet browser. Please see the Engenco Group Cookie policy for further information on cookie use.

16. Training

Engenco delivers training to staff to help ensure that requirements of this policy are addressed and supported.

17. Data Breach notification

Engenco has processes in place to investigate data breaches involving personal information and will notify you of a data breach where we are required to do so under relevant laws, or as is otherwise appropriate in the circumstances. Where notification is required, Engenco will do so promptly and in accordance with the time period for notification provided for under the law, for example within 72 hours in jurisdictions governed by the General Data Protection Regulation.

18. Contact us

For all questions and queries regarding your information, please contact privacy@engenco.com.au. Where you contact the Engenco Group seeking resolution of your privacy concerns, we will respond to let you know who will be handling your matter, and when you can expect a further response. The Engenco Group is committed to responding to all privacy queries within 30 days.

If you reside in Australia and your concerns are not resolved to your satisfaction via our internal channels, you may have rights to escalate your concerns to a Privacy Regulator. You can raise your complaint with the Office of the Australian Information Commissioner by contacting them on any of the methods below:

Phone: 1300 363 992

Post: GPO Box 5218, Sydney NSW 2001

Email: enquiries@oaic.gov.au

Web: www.oaic.gov.au

If you live in the European Union and your concerns are not resolved via our internal channels, please contact the relevant EU Data Protection Authority in your country to make a complaint. For easy reference, a listing of several of the Data Protection Authorities within the EU Member States is here: Data Protection Authorities (DPA) | GDPR Register

19. Amendments to this Policy

This policy will be reviewed and updated as business and regulatory changes occur, so the policy remains accurate and up-to-date.

Appendix 1 -Employment

We collect personal information from you when you apply for, and if you are successful in obtaining, employment with the Engenco Group. Please read the below for more information.

Applications

By providing personal details, submitting an application or CV, or registering interest for employment with the Engenco Group, you will supply us with personal information, including your application data, gender, right to work status, educational history, contact details and referee details. The Engenco Group will only collect, use and disclose your information where this is necessary for the administration of the recruitment process and, where applicable, your employment/engagement with Engenco, or where Engenco has a legitimate interest in processing the data. For example, this could be for the following purposes:

  • to assess and administer your application for employment/engagement in accordance with the Engenco Group’s recruitment and administrative practices (including conducting psychometric assessment and reference checks)
  • to communicate with you in relation to your application or other suitable roles within the Engenco Group
  • to comply with any legal or regulatory obligations
  • internal reporting, and
  • to monitor and review the Engenco Group’s recruitment practices.

In carrying out the above activities, your information may be controlled and processed by any of Engenco Group officers, affiliates, agents, contractors and service providers. Where it is necessary for your data to be transferred to other jurisdictions, we will take steps to protect your information against misuse or loss and will comply with local law (where relevant) in respect of the transfer. Please see the When your information is disclosed / transferred to others section of our Privacy Policy for further details.

You are not required by law to submit your information, but the Engenco Group may not be able to accept or process your application for employment if the information is not supplied. You may request access to your information (and the correction of incorrect information) at any time by contacting us at privacy@engenco.com.au.

The Engenco Group will cease to retain your personal data, or remove the means by which the data can be associated with you, once the application process is complete, and your information is no longer necessary for legal or business purposes.

Employment

In addition to the above, if you are successful in your application for employment with a company in the Engenco Group, the following information will be retained for the duration of your employment:

  • Name
  • Job title
  • Date of birth
  • Gender
  • Ethnic origin
  • Phone numbers
  • Personal email address
  • Work email address
  • Home address, both postal and street addresses
  • Salary and benefit information and bank account details
  • Pension related information
  • Contract of employment including employment date and terms of employment
  • Health data relevant to employment, such as information regarding pre-existing conditions, medical opinions regarding fitness to work or work related injuries
  • Data confirming any union membership, including renewal information if relevant
  • Name, phone number and email of emergency contact.
  • Right to work status
  • Educational history
  • Photographs, videos and other audio-visual information
  • Leave records (including annual leave, sick leave and maternity/paternity leave), and
  • Performance, conduct and disciplinary records

As with application information, Engenco Group will only retain your personal information collected for employment purposes, for as long as it is necessary to fulfil our obligations as your employer, and for a reasonable period after your employment has ceased, in accordance with business and legal requirements. Following this, Engenco Group will delete, destroy or de-identify your personal information.

DOWNLOAD PRIVACY POLICY