PRIVACY POLICY

1. GENERAL

1.1 – This Privacy Policy relates to the website of SYSTRA RAIL SYSTEMS AUSTRALIA, an Australian and New Zealand entity of SYSTRA Group.
This Privacy Policy applies to all Personal Information collected by SYSTRA RAIL SYSTEMS AUSTRALIA.
SYSTRA RAIL SYSTEMS AUSTRALIA is committed to complying with its obligations under the Privacy Act 1988 (Act) and the Australian Privacy Principles (APP) in respect of that information. If you are located in another jurisdiction, additional local requirements will comply.
In this policy, we explain how and why we collect your Personal Information, how we use it, and what controls you have over our use of it.

Please read this Privacy Policy carefully and ensure that you understand it. If you do not agree with the terms and conditions of this Privacy Policy, please do not use our Website or Services. If you have any doubt or need more information, please contact SYSTRA RAIL SYSTEMS AUSTRALIA at personaldata@systra.com.

1.2 – In this Privacy Policy the following terms shall have the following meanings:
1. “OAIC” means the Office of the Australian Information Commissioner;
2. “Personal Information” means information about you which personally identifies you or may reasonably be used to personally identify you;
3. “Sensitive Information” has the meaning given to that term in the Act;
4. “Services” means services that are to be provided by SYSTRA RAIL SYSTEMS AUSTRALIA, including without limitation through our Website or third parties, from time to time;
5. “we”, “us” or “SYSTRA RAIL SYSTEMS AUSTRALIA” means SYSTRA RAIL SYSTEMS AUSTRALIA a company incorporated under the Australian law, having its principal place of business at Level 2, 507 Murray Street, Perth, WA 6000, Australia, registered with the Australian Trade and Companies Register under number A.C.N. 615 858 716 and its associated entities as appropriate;
6. “Website” means https://railsystemsaustralia.com.au/ or any other website from time to time from which the Services are promoted and/or delivered; and
7. “you” means you and anyone acting on your behalf or with your implied authority.

2. WHY DO WE COLLECT, HOLD, USE AND DISCLOSE PERSONAL INFORMATION?

2.1 – We may collect, hold, use and disclose your Personal Information for the following purposes:
– for the purpose(s) for which it was disclosed to or collected by us;
– facilitating interactions with you in the course of operating our business;
– responding to your enquiries and information requests;
– providing services to our clients if it was validly collected for that purpose;
– storing information at third-party data centers;
– updating your Personal Information;
– complying with our legal obligations;
– for any other purposes for which you have consented from time to time.

2.2 – We may hire third parties (such as professional advisors, lawyers, accountants, auditors and our related body corporates) to provide limited services on our behalf (i.e providing advisory, compliance reviews, audits or performing statistical analysis of our services). We will only provide those third parties with the personal information they need to deliver the specific services and take reasonable steps to ensure that these third parties maintain the confidentiality of your information and are prohibited from using that information except for the purposes for which it was supplied.

2.3 – We may also disclose your personal information to authorize regulatory bodies or otherwise if required to do so by law.

3. WHAT PERSONAL INFORMATION DO WE COLLECT?

We collect and hold various types of Personal Information, including:

Personal Information Purpose
Full Name, Email Address, Cookies, and Job title, Company name if required 1. Access to all our Website
2. Send you communication if you consent to
3. If you send Us an email, We may collect your name, your email address, and any other information which you choose to give Us
4. Matomo Analytics will set cookies if the cookie control script allows them. In addition, the site will set a temporary session cookie

4. HOW DO WE COLLECT PERSONAL INFORMATION?

We may collect Personal Information from you when:
– you access or use our Website;
– you download forms accessible in our Website;
– you communicate with our employees or clients;
– you deal with us in the course of business;
– we solicit it from third parties in the course of our business;
– we solicit it from third parties, for example, from your employment referees or interviews where you are applying to work for us;
– it is provided by or on behalf of our clients in the course of us providing services to them;
– it is provided from publicly available records or public registries that we accessed in the course of providing services to our clients;
– you communicate with us through via email, telephone, SMS, our Website or social media including when you submit your CV/resume or contact details;
– you otherwise deal with us in the course of our business;
– You give us your personal information when contacting us through candidate profiles, through interviews or in response to surveys, jobs, projects, bids, through quality and compliance questionnaires, proposals or other means.

5. HOW DO WE STORE AND PROTECT PERSONAL INFORMATION

5.1 – We prioritize the security of your Personal Information whilst it is in our possession. We may hold Personal Information in various forms, including but not limited to physical documents, electronic records, visual records and audio recordings. Physical files are kept securely inside our access controlled premises. Electronic files are stored securely on protected information systems and are only accessible through our secure network. We maintain physical security over our paper and electronic data stores, and confidentiality agreements form part of the employment contracts for all of our staff members and contractors.

We take to secure and protect your data include:
– Use of industry-standard cloud tools for management and backup of client data including Microsoft Office 365/Azure;
– Anti-malware, anti-spoofing and anti-spam utilities to protect against threats coming through electronic messages;
– Filtering devices with Intrusion detection system and anti-malware utilities which protect from threats coming from the Internet;
– EDR (Endpoint detection and response) software runs on every workstation/laptop and on every server;
– VPN mechanisms are used to ensure encrypted interconnection of our physical sites and between our offices and remote locations;
– Standard access control lists on shared folders to grant access only to authorised members of staff;
– One standard global directory (Active Directory) to centralize user identities and password policy; and
– Administration model of Active Directory enabling to comply with the “least-privileged” principle for high-privileged accounts.

5.2 – We take reasonable steps to:
– ensure that Personal Information we collect is accurate, up-to-date, complete and relevant, other than where it is only collected to provide advice in respect of a particular point in time, in which case we will seek to ensure it is accurate, complete and relevant as at that particular point in time,
– ensure that Personal Information we use or disclose is accurate, up-to-date, complete and relevant, having regard to the purposes for which Personal Information is used or disclosed,
– protect Personal Information from misuse, interference and loss, and from unauthorized access, modification or disclosure, and
– destroy or de-identify Personal Information which we no longer need for the purposes for which it was collected, except where it is necessary to retain it in order to maintain ongoing records for our clients.

We cannot guarantee the security of information transmitted via the Internet. As such, transmission of Personal Information via the Internet is at your own risk and we cannot be held responsible for the security of such information.

5.3 – Your Personal Information collected by SYSTRA RAIL SYSTEMS AUSTRALIA are stored in the United States of America by HubSpot.

6. DIRECT MARKETING

We will only send you direct marketing communications and information via email and social media platforms about our Services with your consent. If you do not provide your consent to receive direct marketing communications, you may opt-out of receiving marketing communications from us by contacting us at the details below or by using opt-out facilities provided in our communications. We do not provide your Personal Information to other organizations for the purposes of their direct marketing.

7. OVERSEAS DISCLOSURE

SYSTRA RAIL SYSTEMS AUSTRALIA is not aware of any likely scenarios where we will need to disclose your Personal Information to an overseas recipient, except for SYTRA’s Group, or otherwise store your Personal Information overseas. If we are ever required to do so, we will obtain your informed consent or ensure that the overseas recipients comply with the APPs.

For more details, SYSTRA’s Group entities store datas within the following countries:
– SYSTRA servers: each entity store data within its own country (e.g: Australia for SYSTRA RAIL SYSTEMS AUSTRALIA),
– Microsoft (including Teams and Outlook): Southern Ireland,
– HR: Germany.

These data processing are done in compliance with the General Data Protection Regulation (Regulation (EU) 2016/679).

8. USING OUR WEBSITE AND COOKIES

To improve your experience on our website, we may use ‘cookies’: small data files that are served by our platform and stored on your device. These are used by us or third parties for a variety of purposes including to operate and personalize the website. Cookies may be used for recording preferences, conducting internal analytics, conducting research to improve our offering, assisting with marketing and delivering certain website functionality.
You may refuse to accept cookies by selecting the appropriate setting on your internet browser. However, please note that if you do this, you may not be able to use the full functionality of our Website.

9. THIRD PARTY SITES

For your convenience and to improve the usage of the Website and Services we may insert links to third-party websites, applications or resources, for which this Privacy Policy does not apply.
SYSTRA RAIL SYSTEMS AUSTRALIA is not responsible for those third party websites, applications or resources. If you access such websites, applications or resources, you do so at your own risk and we make no representations or warranties regarding third parties’ privacy practices. We encourage you to read the privacy statements/policies of every website, application or resource you use.
When we do link to a third party website, application or resource, this does not automatically imply that SYSTRA RAIL SYSTEMS AUSTRALIA endorses that website, application, resource and their contents. Our Privacy Policy does not cover the use of cookies by any third parties.

10. DATA RETENTION

We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Where we anonymize your personal information (so that it can no longer be associated with you) for research or statistical purposes, we may use this information indefinitely without further notice to you.

11. HOW CAN YOU ACCESS OR CORRECT YOUR PERSONAL INFORMATION

We are committed to maintaining accurate, timely, relevant and appropriate information.

Where requested, we will provide you with a copy of the Personal Information that we hold which relates to you, provided that the request is made in accordance with the APPs (contained in the Act). We will also update any inaccurate information about you if you inform us that the information is inaccurate, out of date, incomplete, irrelevant or misleading.

There are no charges for requesting access to or the correction of your Personal Information, however if the volume of information we hold is excessively large, we reserve our rights to charge you any reasonable administration fees (including fees for photocopying) associated with your request.

You can contact our privacy officer regarding access to or correction of your information by any of the following methods:
– Email: personaldata@systra.com
– Post: DPO Level 15, Chifley Tower, 2 Chifley Square, Sydney NSW 2000, Australia Phone: +61 7 3210 5153

We will respond to those requests within 30 days in accordance with our obligations under the Act. If we refuse a request to access or correct Personal Information, where reasonable, we will provide you our reasons for doing so and information about your ability to complain about such refusal.
In order to protect the confidentiality of your Personal Information, details of your information will only ever be passed on to you where we are satisfied that the information relates to you. Accordingly, we may request documentation from you which confirms your identity before passing on any Personal Information which relates to you.

12. FURTHER INFORMATION

12.1 – You have the following legal rights:
– the right to be informed about our collection and use of personal data;
– the right of access to the personal data we hold about you (see section 11);
– the right to rectification if any personal data We hold about you is inaccurate or incomplete;
– the right to be forgotten – i.e. the right to ask Us to delete any personal data We hold about you;
– the right to restrict the processing of your personal data;
– the right to data portability if possible;
– the right to object to Us using your personal data for particular purposes.
If you have a complaint about our Privacy Policy or the collection, use, disposal or destruction of your Personal Information, your complaint should be directed in the first instance to our privacy officer at the details set out above.
We will investigate your complaint and attempt to resolve any breach that might have occurred in relation to the collection, use or destruction of Personal Information held by us about you in accordance with the Act. If you are not satisfied with the outcome of this process, then you may contact the OAIC by:
– email: enquiries@oaic.gov.au;
– mail: GPO Box 5218, Sydney NSW 2001; or
– fax: 02 9284 9666.

12.2 – If you require any further information or have any queries regarding our Privacy Policy, please contact our privacy officer at the details set out above.
Should you wish to read more information on the Act, we recommend that you visit the website of the OAIC at http://www.oaic.gov.au or call the OAIC enquiries hotline on 1300 363 992.

13. PRIVACY POLICY CHANGES

We may change this Privacy Policy at our discretion. If we do so, the latest version of our privacy policy will be available on our Integrated Management Systems on SharePoint and it will apply to all your Personal Information held by us at that time.
This Privacy Policy is reviewed annually to ensure it meets business needs and is updated as appropriate.