Bright Energy Investments Privacy Policy
This is an EXTRACT from the BEI Privacy Policy (Revision 3)
For a complete copy of the BEI Policy please send a written request to: info@brightenergyinvestments.com.au
COMPANY POLICY STATEMENT
Revision 3 dated 26 February 2024
Privacy Policy
1. Purpose
The Privacy Policy (the Policy) of Bright Energy Investments (BEI) sets out how we collect, use, disclose, store and dispose of Personal Information.
BEI has adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). While this Policy is based on the APPs, it is not a registered APP document.
A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at www.aic.gov.au
The purpose of the Policy is to set out the processes and procedures for BEI around the management of Personal Information to build trust and confidence in the community. The effective management of Personal Information also directly contributes effective cyber and physical security of the BEI business activities.
2. Application
This Policy applies to Bright Energy Investments (BEI), BEI Group companies and BEI owned projects whether in development, construction or operations.
3. Policy Statement
3.1 What is Personal Information and why do we collect it?
Personal Information is information or an opinion that identifies an individual. Examples of Personal Information we collect may include: names, addresses, email addresses, phone numbers, dates of birth and other information to establish a person’s identity.
This Personal Information is obtained in many ways including interviews, correspondence, by telephone, by email, via our website ( www.brightenergyinvestments.com.au ), from media and publications, from other publicly available sources, and from third parties.
Personal Information may be solicited by the Company in circumstances where it is necessary to undertake its business processes. Unsolicited Personal Information may also come into the possession of the Company from time to time.
If unsolicited Personal Information is received by the Company, it must be determined if: (a) the Company requires the unsolicited Personal Information for its business processes; and (b) that the Company would otherwise be entitled to hold it if it had been solicited Personal Information. If the answer to both questions is yes, then it shall be treated the same as solicited Personal Information in accordance with this Policy; or otherwise, the unsolicited Personal Information shall be destroyed.
Please note that we don’t guarantee website links or the policies of authorised third parties.
We collect your Personal Information for the primary purpose of carrying out our business. We may also use your Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure.
When we collect Personal Information we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.
If the Company requires Personal Information to provide you with a service, employment or to satisfy some other interactive task and you choose not to provide your Personal Information, the Company will be unable to provide that service, employment or other interaction that you have requested.
You may unsubscribe from any mailing or marketing list we may use at any time by making a request to us in writing.
In some limited circumstances where the Personal Information that the Company collects is not critical to the reason for its collection (such as subscription to the Company’s mailing lists), it is acceptable for a pseudonym to be used or for the party to opt for anonymity. This does not apply in circumstances where the identity of the person providing the Personal Information must be established (such as for employment related functions) because it is required, authorised by law or otherwise impractical for the person not to provide identifying information. In the circumstances where a person uses a pseudonym or is anonymous in a manner which prevents identification of that person, the information collected ceases to be Personal Information for the purpose of this Policy. A further consequence of using a pseudonym or anonymity is that the Company is unable to provide potentially Personal Information held by the Company in respect of a person whose identity cannot be established.
The Company does not use direct marketing data lists and does not purchase Personal Information from external data sources in the normal course of its business. The source of Personal Information contained in mailing lists used by the Company is either generated by a request from the person receiving the communications or alternatively the person has been identified as a stakeholder in the Company’s projects who may have an interest in being kept informed. In the latter case, the Personal Information will generally be sourced from publicly available sources or directly from the person. In either case, any person whose Personal Information is on a mailing list of the Company will be given the option to ‘opt-out’ in all marketing communications. Written requests to opt-out will be actioned promptly.
The Company is not to ‘facilitate’ direct marketing by a third party using Personal Information held by the Company unless that third party is a contractor of the Company performing a task at the direction of the Company.
The Company is to comply with both the Spam Act 2003 (Cth) and the Do Not Call Act 2006 (Cth).
3.2 Sensitive Information
Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual's health conditions, racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or general health information.
Sensitive information will only be collected with your permission and is to be used by us only:
a. for the primary purpose for which it was obtained;
b. for a secondary purpose that is directly related to the primary purpose; and
c. with your consent (unless an exemption applies – see below).
The Company is to ensure before collecting Sensitive Information about a party, that the party in question is adequately informed and has capacity to give, and has freely given, specific consent (which remains current) to the collection of Sensitive Information about that party.
The permitted general exceptions to the collecting Sensitive Information without specific consent are:
a. Lessening or preventing a serious threat to life, health or safety;
b. Taking appropriate action in relation to suspected unlawful activity or serious misconduct;
c. Locating a person reported as missing;
d. Where reasonably necessary for establishing, exercising or defending a legal or equitable claim; or
e. Where reasonably necessary for a confidential alternative dispute resolution.
3.3 Third Parties
Where reasonable and practicable to do so, we will collect your Personal Information only from you. However, in some circumstances we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.
BEI does not provide Personal Information to third parties outside Australia (i.e. across borders) in the normal course of its business. If BEI is required to provide Personal Information to a third party outside Australia for contractual or legal reasons, it will advise the subject of the Personal Information of the requirement prior to doing so.
3.4 Disclosure of Personal Information
Your Personal Information may be disclosed in a number of circumstances including the following:
a. To other BEI Group companies and trusts which require the information to perform a function within the BEI Group;
b. To the BEI Group Vehicle and Asset Manager (SynergyRED) that provides management services to the BEI Group;
c. To third parties, where you consent to the use or disclosure; and
d. Where required or authorised by law.
3.5 Security of Personal Information
Your Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorized access, modification or disclosure.
When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Information. However, most of the Personal Information is or will be stored in our corporate records, which will be kept by us for a minimum of 7 years.
3.6 Access to your Personal Information
You may access the Personal Information we hold about you and you may update and/or correct it, subject to certain exceptions. If you wish to access your Personal Information, please contact us in writing by email at info@brightenergyinvestments.com.au or mail to:
The Information Security Officer
Bright Energy Investments
219 St Georges Terrace PERTH WA 6000
Please note that access to Personal Information remains subject to a certain tests as contemplated in Chapter 12 of the APPs (summarised in section 12.34 of the APPs).
BEI will not charge any fee for your access request but may charge an administrative fee for providing a copy of your Personal Information.
To protect your Personal Information, we will require identification from you before releasing the requested information.
3.7 Maintaining the Quality of your Personal Information
Personal Information held by the Company should be accurate, up-to-date, complete, relevant, and not misleading. It is important to us that your Personal Information is correct. We will take reasonable steps to make sure that your Personal Information is correct but if you find that the information we have is not up-to-date or is inaccurate, please advise us as soon as practicable so we can update our records.
All requests for access to, or alteration of, Personal Information held by the BEI Group Companies will be documented, together with what actions were taken.
The Information Security Officer is responsible for determining the reasonable steps necessary to ensure the quality of Personal Information held by the Company and what steps are reasonable to maintain that quality, given the nature and source of the Personal Information held.
The Company is to update Personal Information where requested by the subject of the Personal Information record or where the Company otherwise becomes aware of an error in the data. In the latter case, the Company will in most circumstances advise the person that is the subject of the Personal Information when a correction has been made by the Company.
4. BEI Privacy Policy Transparency
This BEI Privacy Policy is a public document and a condensed version is to be made available on the Company’s website. The full version can be obtained by sending a written request by email to info@brightenergyinvestments.com.au The BEI GM is to report all material breaches of the Policy or material breaches of the security of Personal Information to the Board of Directors.
5. Complaints or Enquiries
If you have any complaints or enquiries, please contact the General Manager or the Company Information Security Officer in writing by email to info@brightenergyinvestments.com.au or mail to:
The General Manager
Bright Energy Investments
219 St Georges Terrace PERTH WA 6000
After allowing appropriate time for the Company to investigate and act on any complaint (up to 30 days is usually considered appropriate), if you are still dissatisfied with the Company’s actions you should consider contacting the Office of the Australian Information Commissioner at www.aic.gov.au
Where a formal complaint of any nature is received by the Company in writing, the complaint itself shall be treated as Personal Information for the purposes of this Policy.
The Information Security Officer is to investigate all complaints received by the BEI Group companies and is to document on every occasion the nature of the complaint, the investigation carried out, the recommended course of action and any action taken.
Any ‘whistle blower’ submission or report of fraud or criminal activity made to the Company by one of its officers or employees shall be treated as Personal Information for the purposes of this Policy.
END of EXTRACT