What is this Notice about?
What is this Overview section about?
How do you use my information?
- reasonably consider that we need to use it for another reason and that reason is related to the original purpose;
- are required or authorised by law, a court/tribunal, or for law enforcement purposes to use or disclose your information; or
- obtain your consent to use it for another purpose.
If the way that information will be processed differs from the details provided in this Notice or is incompatible with the original purpose the data was collected for, additional information regarding this processing will be provided to you.
We may amend the content of the Notice from time to time to keep it up to date with current legal requirements and the way we operate our business.
What is the basis on which you justify processing my information?
- Collecting your information must be reasonably necessary to carry out one or more of our functions or activities; and
- Generally, we can only use or disclose your information:
- for the purpose for which it was collected (the primary purpose);
- for another purpose if you give your specific consent;
- for a purpose that is directly or indirectly related to the primary purpose, that you would reasonably expect us to use the information for (a secondary purpose);
- where required or authorised by law or by a court/tribunal, or for law enforcement purposes; or
- where a "permitted general situation" exists.
- the protection of life, health or safety;
- responding to allegations of unlawful activity or serious misconduct;
- assisting with locating missing persons;
- establishing, exercising, or defending against, a legal claim; and
- participating in a confidential Alternative Dispute Resolution process (i.e. a mediation).
Will you process any of my sensitive information, and if so, what are the grounds on which you justify processing that information?
- you consent to us collecting your sensitive information, and the information is reasonably necessary for us to carry on one of our functions or activities;
- we are authorised or required to collect your sensitive information, by law or by order of a court/tribunal;
- a permitted general situation applies (see the above section); or
- a permitted health situation applies (see below).
- providing a health service to you;
- collecting or using/disclosing for the purposes of compiling or analysing statistics, and/or managing the provision of a health service; or
- disclosing to a person who is responsible for you (i.e. your caregiver).
What if I don’t provide you with my information?
How do you keep my information secure?
Where do you get my information from?
When do you share my information with others?
- we sell or buy any business, in which case we may disclose your personal information to the prospective seller or buyer of such business;
- BAE Systems plc (our ultimate parent company located in the United Kingdom), or substantially all of its assets, are acquired by a third party, in which case personal information held by it or us about you will be transferred to that third party;
- we are under a duty to disclose or share your personal information in order to comply with any legal or regulatory obligation, to comply with national security requirements set by the Australian Government or of another jurisdiction in which we operate, or in order to enforce or apply our legal rights, in which case we may share your personal information with our regulators and law enforcement agencies in Australia and around the world, or to our legal advisers;
- it is necessary to protect the rights, property, or safety of BAE Systems Australia Limited or any member of the BAE Systems group of companies, our customers, suppliers or others, in which case we may disclose your personal information to our legal advisers and other professional services firms; or
- they provide services to us connected with your relationship with us.
- local, and global departments, including line management and team members;
- local and executive management responsible for managing or making decisions in connection with your relationship with the Company or when involved in a process concerning your relationship with the Company (including, without limitation, staff from compliance, legal, audit and security);
- system administrators (locally and globally);
- internal audit to provide assurance to the Group’s Audit Committee on the company’s internal controls, as required by the UK Corporate Governance Code for UK Listed entities;
- where necessary for specific projects and assignments, by staff in such relevant teams (whether local or global); and
- where necessary for the performance of specific tasks or system maintenance by staff in teams such as the Finance and IT departments (whether local or global).
Information may also be shared inside of the Company between certain interconnecting IT systems.
In addition, where relevant, certain basic information (which may include your name, location, job title, contact information and any published skills and experience) may also be accessible to the Company's employees for the purposes set out in this Notice.
External recipients
- service providers;
- tax authorities;
- regulatory authorities;
- law enforcement;
- our insurers;
- bankers;
- IT administrators;
- lawyers;
- auditors;
- investors;
- consultants and other professional advisors;
- training bodies, education providers, vocational andn professional membership and/or organisations;
- payroll providers;
- benefits providers;
- administrators of our benefits programs; and
- our Customers.
Is any of my information transferred overseas?
- we have obtained your informed consent;
- we reasonably believe that the overseas recipient is subject to a scheme that is at least substantially similar to Australia’s, and that you can take enforcement action under that scheme;
- if a permitted general situation exists;
- we are required by an Australian law or court/tribunal to do so; or
- use or disclosure is necessary for law enforcement.
- we will only transfer information to countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights;
- transfers to service providers and other third parties will be protected by contractual commitments or other legally acceptable mechanisms that ensure an adequate level of protection; and
- any requests for information we receive from law enforcement or regulators will be carefully checked for authenticity before information is disclosed.