Gold Fields Privacy Policy
Introduction
Gold Fields is committed to respecting your privacy and protecting your personal information. This Policy explains why and how Gold Fields collects, uses, retains, and discloses personal information. It sets out your rights in relation to your personal information, and how you can contact us.
In this Policy, references to Gold Fields means Gold Fields Australia Pty Ltd and all of its related companies within Australia (including Agnew Gold Mining Company, Gruyere Mining Company, Gruyere Management, GSM Mining Company and St Ives Gold Mining Company). There are also references to the Gold Fields Group, which means all of the companies within the Gold Fields global corporate group.
Gold Fields is bound by the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth), and this Policy has been drafted in order to comply with the APPs.
This Policy was last updated in March 2022. The contents of this Policy may be updated from time to time by publishing the updated version on Gold Fields’ Australian website. By dealing with Gold Fields, you acknowledge that you have understood and accept the contents of this Policy, including any changes made from time to time.
Terms used in this Policy
- consent - means express consent (for example where you sign a document to say that you are happy for us to collect your personal information) or implied consent (for example where you are given the opportunity to opt out, but you choose to provide your personal information). In all cases consent must be informed (you are aware of the consequences of giving or not giving your consent) and voluntary (you must not be forced or pressured into providing it).
- health / medical information - Means: information or an opinion, that is also personal information, about: the health (including fitness for work) or a disability (at any time) of an individual; an individual’s expressed wishes about the future provision of health services to him or her; or a health service provided, or to be provided, to an individual; or other personal information collected to provide, or in providing, a health service; other personal information about an individual collected in connection with a donation, or intended donation, by the individual of his or her body parts, organs or body substances; or genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual.
- personal information - means information or an opinion about you as an individual that identifies you (or from which you are identifiable). It is not relevant whether the information or opinion is true or not, or how the information or opinion is recorded (for example it does not have to be in a document), it is still personal information.
- sensitive information - means information or an opinion (that is also personal information) about your (or another individual’s): racial or ethnic origin, political opinions, membership or political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal records, health, genetics, or biometrics.
Who does this Policy apply to?
This Policy applies to:
- our directors, officers, employees
- our contractors (and their employees/workers), including workers engaged on labour hire arrangements
- Gold Fields employees from any other Region
- visitors to our offices or sites
- potential employees of any of our offices or sites, including vacation students
- students receiving a scholarship or bursary from Gold Fields
- visitors to, and users of, our websites www.goldfields.com and www.careers.goldfields.com.au
- investors, prospective investors, and employees of such investors
- parties with whom we previously or currently have, or may in the future have, business relationships (including suppliers and service providers), and employees of such parties
- joint venture participants and their employees and contractors
- our stakeholders, their employees and contractors
What personal information does Gold Fields collect?
If you deal with Gold Fields, we may collect some or all of the following types of personal information:
- Your name, title, role, biographical and contact details (including your address)
- Information that is or is potentially relevant to current or future employment with us, including your date of birth, gender, emergency contact and next of kin, medical information (including vaccination status), tax file number, banking details and superannuation information, authorisations and evidence of qualifications, professional experience, criminal record and working with children checks
- Details of any leave you take or request during your employment, including any health-related information relating to that leave
- Your photograph, image, or voice recording (for example on CCTV footage at our offices or sites)
- Biometric or other information in relation to your access to our offices, sites and/or systems, and your usernames and passwords with respect to those systems
- Information required in order to facilitate travel to our sites or elsewhere (including passport, visa, frequent flyer numbers, and driver’s licence), and provide appropriate personal protective equipment
- Information in relation to any incidents, complaints, or grievances (whether brought by or against you or in which you are otherwise involved, for example as a witness)
- Information relating to any business interests of yourself (and potentially your family members), relationships (personal and professional) to the extent that they may amount to a conflict of interest
- Diversity related information including racial or ethnic origin, religious or other beliefs, sexuality, physical or mental health, including information related to any disability that you may have
- Survey responses (which are generally anonymous but, in some circumstances, may not be or you may otherwise be identifiable)
- Information collected about you in the course of undertaking due diligence activities
- Information relevant to any interest that you may have under any Gold Fields incentive plan
- Information that we are required or authorised by law to collect and keep.
What about my health / medical information?
In relation to Gold Fields employees, this may include pre-employment medicals, alcohol and drug tests, fitness for work assessments, occupational exposure monitoring, health, and wellbeing information (such as details of medications), and details of any workers compensation claims.
In relation to the employees of Gold Fields’ contractors, this may include statements of compliance with medical/fitness for work requirements, alcohol and drug tests, fitness for work assessments, occupational exposure monitoring and information captured in any visit to a Gold Fields medic or medical clinic.
In the context of an outbreak of an infectious disease (such as COVID), all personnel and visitors attending Gold Fields’ office and sites may be required to provide information (either directly to Gold Fields or through a third party provider or their employer) in relation to their infection status (by undertaking testing and providing the results of that testing), current health (including any temperature readings), vaccination status and history, travel history, and actual/potential exposure to other individuals who have or may have the disease.
In some circumstances, the collection, storage, use (and in some cases disclosure) of this information may be required by law, in other cases Gold Fields may deem this necessary to provide a safe workplace for its personnel, and where that is the case, we will seek your consent before we collect the information.
What about government related identifiers?
A government related identifier is one that has been assigned to you by a government agency or authority, for example your Tax File Number or Medicare number. We only use government related identifiers for the purpose for which they are provided (for example for administering payroll in the case of TFNs), and not for the purpose of identifying other personal information we may have collected about you.
What if I provide personal information about other people?
Sometimes we will collect information about third parties, for example if you provide us with details of your emergency contact or next of kin, or provide details of a referee. You must advise that person that you are providing their personal information and that this Policy will apply to Gold Fields’ collection, use and disclosure of it, and obtain their consent to doing so.
Why does Gold Fields collect personal information?
We collect, retain, use and (where necessary) disclose personal information that is reasonably necessary for us to carry out the functions and activities required of us as a gold producer, which includes the following activities:
- human resource lifecycle management, including recruitment, onboarding, performance and talent management, succession planning, training, and development, disciplinary process management, equal opportunities monitoring, payroll and associated benefits management, taxation, and superannuation payment, and reporting activities.
- occupational health, wellbeing, and safety, including conducting fitness for work assessments, conducting occupational health monitoring, diagnosing, or treating injury or illness (including preventative treatment and rehabilitation), making adjustments to the workplace to accommodate an illness, injury, or disability, conducting risk assessments, and investigating incidents.
- security services, including monitoring access to our offices, sites, and systems.
- travel and accommodation management, in relation to travel to our operations within Australia and overseas, and any other business related travel.
- facilitating participation in volunteering or external other activities.
- supply chain and procurement, (including maintaining records of our business relationships).
- finance and accounting, including accounts payable.
- audit and assurance, ensuring that we meet our internal and external obligations and commitments.
- corporate administration and governance, including work management, business record and database management.
- corporate development, including conducting due diligence, engaging in business sales or acquisitions and/or establishing and maintaining joint ventures.
- stakeholder relations and engagement, including establishing and maintaining commercial and non-commercial relationships with you and any organisation that you may represent.
- providing information in relation to our business, including publications, and inviting you to Gold Fields functions and events.
- stakeholder consultation, in order to understand your views in relation to Gold Fields, its personnel and activities, or in relation to a specific issue.
- improving the way we conduct our business and communicate with you and any organisation that you may represent.
We may also collect your personal information for legal or regulatory purposes (for example to meet our obligations); conduct our own investigations (for example following a safety incident at an operation); cooperate with any investigation being conducted by the police, regulator or other authority, or to establish, exercise or defend legal claims. It may also be necessary to lessen or prevent a serious threat to the life, health or safety of any person or to public health or safety.
Generally, we will only use or disclose personal information for the purpose for which it was collected. We may from time to time use or disclose your personal information for other purposes if we receive your consent, if you would expect us to use your information for that other purpose, or if it is related to the primary purpose. If the information is sensitive personal information, that secondary purpose must be directly related to the primary purpose.
For example, if we collect your personal information for the primary purpose of corporate administration and you later make some form of complaint against us, we may use that personal information for the secondary purpose of investigating your complaint.
Do I need to provide my consent?
Gold Fields will only collect, retain, use, or disclose personal information or sensitive personal information about you as allowed by law.
In most cases, Gold Fields does not require consent to collect personal information about you, and this would be practically hard to achieve, given the amount of personal information that is contained in our day to day communications and interactions with you.
We will only collect your sensitive personal information where it is necessary for us to do so for one of the activities or functions set out above, and we have your consent to the collection (unless the collection is specifically required or authorised by law – for example the current requirements in relation to COVID vaccination status specifically authorise us to collect that information).
For information on withdrawing your consent, please see section below (Can I withdraw my consent in relation to my personal information?)
How does Gold Fields collect personal information?
In most cases, we collect personal information directly from you. However, we may also collect personal information by other means, including:
- whenever you interact with us, including through written communications, emails, letters, applications, telephone and video conversations, enquiries, and attendance at our events (or for example, visiting our booth at a third party hosted event)
- your use of websites (including our websites), including through the use of cookies
- your employer (particularly in the case of the employees of our contractors)
- through agents and other third parties engaged on our behalf (such as health services providers or insurers)
- through your use of applications or online tools put in place by Gold Fields (or third parties engaged on its behalf) for the purpose of collecting required personal information (for example for gathering site access information)
- through WA Police or any other provider of background/criminal history screening processes
- CCTV and vehicle (i.e. dashcam) video recordings
- audio recordings (including the recording of calls conducted using MS Teams or similar products, or from a two-way radio system)
- temperature and other health monitoring equipment (for example blood pressure recording devices)
- publications, print and other traditional media
- public registers (for example ASIC to check directorships)
- social media, including Facebook, Instagram, Twitter, and LinkedIn
Sometimes we will receive personal information about you that we did not request or take other action to obtain (for example a resume that is not a response to a job advertisement). We will assess that information as soon as possible to understand whether we could have collected it. If we could have, we will retain and use that information in accordance with this Policy, but if not, we will arrange for that information to be destroyed or de-identified immediately.
How are cookies used?
When you visit our website, we keep a record of your visit. Information such as your IP address, your type of browser or operating system, and the pages you access or documents you download, may be collected for statistical purposes or used by us to improve our website.
Our website makes use of cookies in order to provide us with feedback on visitors’ usage patterns. This information allows us to provide a better service for you when you visit our website. Our website provides an option for you to refuse the use of cookies. Refusing cookies will not impact the use of our website.
We will never attempt to identify users or browsing activities, however, government agencies may be entitled to inspect such records in the event of an investigation.
How does Gold Fields protect my personal information?
The security of your personal information is very important to us, as we know it is to you. We take all reasonable steps to protect your personal information from misuse, interference, loss, and from unauthorised access, modification or disclosure. Whilst we are continually reviewing our systems processes to make sure our information is as secure as possible, we cannot guarantee absolute security.
Each of our sites and the Perth office is certified under the ISO 27001 (Information Security Management Standard). Some of the measures that are adopted as part of our information security management system include:
- Storing hard copy documents containing personal information in secured facilities.
- Restricting access to personal information and culturally sensitive information on a strict ‘as required’ basis.
- Implementing technology solutions to prevent unauthorised access to our systems (such as multi-factor authentication.
- Implementing mandatory requirements in relation to the use of Gold Fields’ IT systems.
- Conducting penetration testing of our systems to improve the level of security.
We discourage the use of email to transfer or share personal information, as this is not a secure way to communicate. Where possible, we use secure links with encryption.
Where documents and personal information are retained in cloud-based systems (for example SuccessFactors), we ensure that we first identify the location of all servers, with a preference given to in-country hosting services. In all cases, we ensure that all providers of cloud-computing services have appropriate security measures in place.
If a security breach occurs that involves your personal information, we will notify you as soon as possible and advise of the measures we have taken (and the level of risk to your personal information) in accordance with the relevant law. Please notify us immediately (GFAU.DataBreach@goldfields.com) if you are aware of any breach of security.
How long will my personal information be retained by Gold Fields?
We will retain your information in accordance with our record-keeping and retention guidelines, which are aligned with best practice. The specific time period for retention of your personal information is determined in accordance with applicable legal and regulatory requirements, which will relate to the purpose for which it was collected, any applicable limitation periods in relation to legal claims that could arise, and industry guidelines.
If we hold personal information about you which we no longer require, we will take reasonable steps to destroy the information or ensure that it is de-identified (unless our compliance with the APPs or another law requires us not to).
Who does Gold Fields disclose personal information to?
Unless you specify otherwise, your personal information may be disclosed to the following groups:
- Companies in the Gold Fields Group (or any prospective purchaser of all or part of the Gold Fields Group or any of its assets) (see further on this below in relation to overseas parties).
- Legal and other advisors, include tax, accounting and payroll advisors.
- Third parties (including the State or Federal police, regulators or other authorities) with respect to current or historic investigations or other legal or regulatory matters (including information relating to those processes – for example health information).
- Third parties that Gold Fields engages with in the course of conducting its business, including government, community and other stakeholders, industry representative bodies (such as the Chamber of Minerals and Energy and the Gold Industry Group), and media representatives.
- Third parties who provide goods / services to Gold Fields and/or the Gold Fields Group, or who carry out activities on behalf of Gold Fields and/or the Gold Fields Group for the purposes set out above. These third parties may include lawyers, auditors, technical consultants, training providers or airlines.
Does Gold Fields disclose personal information to overseas parties?
Gold Fields is part of the global Gold Fields Group. As part of our global operations, we may share your personal information with recipients who work in other regions within the Gold Fields Group, and also to third parties (such as service providers).
These parties may be located in many locations across the world (not just the countries in which we operate). In addition, we may process or store your data in other countries (for example the data located in our SuccessFactors system is stored in Germany), including the following: South Africa, Ghana, Peru, Chile, Netherlands, Isle of Man, Philippines, United States of America, Canada, United Kingdom, Germany.
In many cases, the other countries in which we operate are subject to privacy and data protection regimes that are broadly similar to the Privacy Act in Australia, for example, the Protection of Personal Information Act (POPIA) in South Africa. Even where this is not the case, all companies within the Gold Fields Group and any third parties we engage or deal with are required to treat your personal information with confidentiality, store it securely, and only use and disclose it for purposes that are set out in this Policy. We will also take reasonable steps to ensure that those recipients also comply with the APPs.
Companies within the Gold Fields Group, as well as our service providers and contractors, may use cloud services, systems and servers both within and outside of Australia to manage your personal information. All of our cloud storage providers are required to comply with the Privacy Act (and/or in some cases other applicable legislation, for example the European General Data Protection Regulations) as well as Gold Fields’ other data security and governance requirements.
What rights do I have in relation to my personal information?
The APPs in particular grant a range of rights in relation to your personal information, including the rights to access, correct, or delete that information, or to withdraw your consent for us to continue to use it.
You must contact Gold Fields’ Privacy Officer if you wish to exercise any of these rights. If it is not possible to accommodate your request, the Privacy Officer will also explain why.
(see below – Contact our Privacy Officer)
How do I get access to my personal information?
You can request access to any personal information about you held by us by sending a written request to Privacy Officer at GFAU.PrivacyOfficer@goldfields.com
In most cases, we will be able to provide access to the personal information requested within a reasonable period of the request being made (taking into account the number of documents contained in the request and how accessible the information is).
We will not generally charge fees for providing access to personal information, and will only do so in situations where requests contain complications or are resource intensive.
There are a limited number of situations in which we may not be able to provide you access to your personal information. These situations include where granting access would:
- have an unreasonable impact on the privacy of others
- reveal our intentions in relation to negotiations with you in such a way as to prejudice those negotiations
- be unlawful
- be likely to prejudice the taking of action in relation to suspected unlawful activity or serious misconduct.
We also may not provide the requested personal information if it relates to existing or anticipated legal proceedings, and would not be accessible through the discovery process in those proceedings (for example documents subject to legal privilege).
If we are unable to give access to your personal information, we will advise you of that decision in writing and provide reasons for that decision. We will also tell you how you can complain about our decision.
How does Gold Fields make sure that my personal information is correct?
We take all reasonable steps to ensure that the personal information that we collect, use, and disclose about you is accurate, up-to-date, complete, and relevant. Some of these steps include:
- ensuring that updated and new personal information about you is promptly added to our existing records (for example by updating any changes to your position, or a change of name);
- reminding you to update your personal information when we engage with you (for example when you complete a site access form to attend one of our operations);
- providing self-service options to update some of your own personal information that is held by us (for example through the SuccessFactors Employee Central portal);
- where the personal information is in the form of an opinion, we may check that the opinion is from a reliable source and/or provide the opinion to you before we use or disclose it. In some cases, we will identify in our records the individual who formed the relevant opinion.
What can I do about incorrect personal information held by Gold Fields about me?
We will not charge fees for requests relating to the correction of your personal information.
If we are satisfied that the information is inaccurate, out-of-date, incomplete, irrelevant, or misleading, we will take reasonable steps to correct that information as soon as possible, and notify any party that we have disclosed the information to (unless you request us not to, or if it is unlawful or impracticable for us to do so). We can provide details of these third parties if requested by you.
If we are unable to give correct your personal information, we will advise you of that decision in writing and provide reasons for that decision. We will also tell you how you can complain about our decision.
You are also able to request that we attach a statement to the personal information that indicates that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading. Where you make this request, we will take reasonable steps to make the statement apparent to the users of the personal information.
Can I choose to remain anonymous instead of providing personal information?
There may be situations in which you would prefer to deal with us anonymously or to use a pseudonym, for example if you are using our confidential Tip-off Line or the Employee Assistance Programme.
In all cases, we will let you know if this is possible or not. In some circumstances, it may not be possible for us to assist you without knowing your identity, and we will advise you of that.
We may choose not to deal with you anonymously or pseudonymously if:
- we are required or authorised by law to require your identity to deal with you, or
- it is impracticable for us to deal with you in this way.
Can I withdraw my consent in relation to my personal information?
If you have given us your consent to collect, use and disclose your personal information, you may withdraw that consent at any time. You must do so in writing to the Privacy Officer at GFAU.PrivacyOfficer@goldfields.com
You may also write to the Privacy Officer to object to the use of your personal information (whether generally or in relation to a specific purpose), or to request that some or all of your personal information be deleted.
At the time you make a request, we will make you aware of any implications (for example, if providing certain information is a mandatory requirement for access to our operations, withdrawing consent may have implications for your ongoing employment/engagement), and you can then decide whether to continue with your request.
How can I complain about a breach of the APPs?
If you think that Gold Fields has not protected your personal information, has not complied with this Policy, or has breached your privacy rights in any way (whether under the APPs or otherwise), you can lodge a complaint with us by contacting the Privacy Officer at GFAU.PrivacyOfficer@goldfields.com
If we receive a complaint from you, we will confirm that we have received it, and promptly investigate the matters you have raised. In doing so, we will let you know if we require any further information from you. We will aim to provide you with a written response, which will include any action that we intend to take, within 30 days of receiving the complaint.
If you are unhappy with the Privacy Officer’s decision, you may make a complaint to the Office of the Australian Information Commissioner (details provided below).
Contact our Privacy Officer
By email: GFAU.PrivacyOfficer@goldfields.com
By phone: +61 8 9211 9252 between 08:00 and 18:00 AWST (Monday to Friday)
By post: Privacy Officer, Gold Fields Australia, GPO Box 2731, Cloisters Square PO, WA 6850
Office of the Information Commissioner
Our Privacy Officer is there to discuss any concerns or queries that you may have in relation to your personal information, and we invite you to first discuss with us any issues that you may have.
If you are not happy with our handling of your concern or query, you can contact the Office of the Information Commission, who is the relevant privacy regulator in Australia in the following ways:
By email: enquiries@oaic.gov.au
By phone: 1300 363 992 / +61 2 9284 9749
By post: Director of Compliance, OIAC, GPO Box 5218, Sydney, New South Wales 2001