Accounts Payable Officer

SAIPEM AUSTRALIA PRIVACY POLICY

Saipem Australia Pty Ltd (ACN 000 544 507) (Saipem) and its associated entities values and respects the privacy of employees and the people we deal with. Saipem is committed and obligated to protect your privacy and comply with the Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles (APPs) and other applicable privacy laws and regulations.

This Privacy Policy (Policy) describes why we collect, how, hold, use and disclose your personal information, and how we maintain the quality and security of personal information.

Scope and Application

This Policy applies to all Saipem employees and contractor personnel. This Policy will be reviewed and amended as required. Saipem has the right to withdraw this Policy at any time.

What is personal information?

The term “personal information” has the meaning given to it in the Privacy Act, and means means any “information or opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not”.

In general terms, this includes information or an opinion that personally identifies you either directly (e.g. your name) or indirectly (e.g. through your email address).

Sensitive information is a subset of personal information, and is afforded a higher level of security due to its sensitive nature. Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless you agree otherwise, or the use or disclosure of the sensitive information is allowed by law.

“Sensitive information” is personal information that includes information or an opinion about an individual’s:

• racial or ethnic origin;
• political opinions or associations;
• religious or philosophical beliefs;
• trade union membership or associations;
• sexual orientation or practices;
• criminal record;
• health or genetic information; and
• some aspects of biometric information.

In this Policy, a reference to personal information includes sensitive information.

What personal information do we collect?

The personal information we collect about you depends on the nature of your dealings with us or what you choose to share with us. The personal information we collect about you may include your:

• Name;
• Mailing or street address;
• Date of birth;
• Email address;
• Phone number;
• Curriculum vitae (i.e. your CV);
• Employment history;
• Training/qualifications; and
• Health information

If we collect any sensitive information from you, we will do so only with your consent and because it is necessary to perform one or more of Saipem’s functions or activities, is required by law, or where a permitted general situation exists. For example, we may collect sensitive information to lessen or prevent a serious threat to life, health or safety, or when we request you to undergo a pre-medical assessment to ensure that you are fit to work.

Saipem will take appropriate measures to protect the security of this information.

How do we collect your personal information?

We collect your personal information directly from you when you:

• apply for a position with us as an employee, contractor or volunteer;
• are onboarded by Saipem;
• attend and provide details for an employment related health assessment;
• Are required to provide relevant personal information of employees to client representatives;
• interact with us over the phone;
• interact with us in person;
• interact with us online;
• participate in surveys or questionnaires;
• attend a Saipem organised event; or
• subscribe to our mailing list.

The above list is non-exhaustive and serve as examples only.

We may also collect your personal information from third parties or through publicly available sources for a primary purpose. For example, we may obtain relevant medical information about you from health providers following a pre-employment medical assessment.

We collect your personal information from these third parties in order to meet our duty of care (and often client obligations) related to workplace safety and in respect to other areas such as training, verification of competency and broader Human Resources related matters.

How will we use your personal information?

We only use your information for:

• the reason we collect it as set out above; or
• in the case of personal information, for any purpose which is reasonably related to or necessary for the purpose for which it was collected; or
• in the case of sensitive information, for any purpose which is directly related to and/or necessary for the purpose for which it was collected; or
• as otherwise permitted by law.

For example, we ordinarily use personal information for primary purposes in connection with our functions and activities, including the following purposes:

• internal administrative purposes, including ICT, Human Resources and payroll;
• Human Resources and Safety obligations, including legislative requirements;
• client safety obligations and contractual requirements;

• to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority;

• to provide you with information or services that you request from us to deliver to you a more personalised experience and service offering; and
• improve the quality of the services we offer to employees.

Your personal information will not be shared, sold, rented or disclosed other than as described in this Policy.

Disclosure of personal information to third parties

We may disclose your personal information, including sensitive information, to third parties in accordance with this Policy in circumstances where you would reasonably expect us to disclose your information, or to anyone you authorize Saipem to disclose information to.

For example, we may disclose your personal information to clients where it is an express and legal requirement related to our contractual obligation.

If you do not want your personal and/or sensitive information disclosed to a third party as described above, then please let us know, either at the time we collect the information, or any later time, and we will ensure that the disclosure either ceases or does not occur.

We take reasonable steps to ensure that all third party recipients of the information which you provide to us are bound by confidentiality and privacy obligations when handling your personal and/or sensitive information.

Transfer of personal information overseas

On occasions we may disclose personal information to related bodies corporate and associated Saipem departments or divisions who have servers located outside of Australia. Where we disclose your personal information overseas, we will take reasonable steps to ensure that data security and appropriate privacy practices are maintained and that privacy obligations are not breached.

Saipem will not send personal information about an individual outside Australia without:

• obtaining the consent of the individual (in some cases this consent will be implied); or
• otherwise complying with the APPs or other applicable privacy legislation.

How do we manage and protect your personal information?

Saipem staff are required to respect the confidentiality of personal information and the privacy of individuals. Saipem has in place steps to protect the personal information that is holds from misuse, interference and loss, unauthorised access, modification or disclosure by use of various methods.

Saipem will take reasonable steps to ensure that the personal information that we hold about you is kept confidential and secure, including by:

• having a robust physical security of our premises and databases/records;
• only allowing authorized individuals are permitted to access the personal and sensitive information; and
• having technological measures in place (for example, passwords, anti-virus software, fire walls, encryption, etc.).

We may hold your information in either electronic or hard copy form. Personal information is destroyed or de-identified when no longer needed or when we are no longer required by law to retain it (whichever is the later).

Online activity

Saipem website and intranet uses cookies. A cookie is a small file of letters and numbers the website puts on your device if you allow it. These cookies recognise when your device has visited our website(s) before, so we can distinguish you from other users of the website. This improves your experience with respect to the website(s).

We do not use cookies to identify you, just to improve your experience on our website(s). If you do not wish to use the cookies, you can amend the settings on your internet browser so it will not automatically download cookies. However, if you remove or block cookies on your computer, please be aware that your browsing experience and our website’s functionality may be affected.

Retention of personal information

We will not keep your personal information for longer than we need to. In most cases, this means that we will only retain your personal information for the duration of the employment relationship unless we are required to retain your personal information to comply with applicable laws, for example record-keeping obligations under the Fair Work Act 2009 (Cth).

Saipem will take reasonable steps to destroy or de-identify your personal information once it is no longer needed for any purpose for the primary purpose which it was collected, or no longer required by law to retain it (whichever is the later).

How to access and correct your personal information

Saipem will endeavour to keep your personal information accurate, complete and up to date. If you wish to make a request to access and/or correct the personal information we hold about you, you should make a request by contacting Human Resources who will update your personal information.

There may be instances where we cannot grant you access to the personal information we hold. For example, we may need to refuse access if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality. If that happens, we will give you written reasons for any refusal.

Links to third party sites

Saipem’s website(s) may contain links to websites operated by third parties. If you access a third-party website through our website(s), personal information may be collected by that third party website. Saipem makes no representations or warranties in relation to the privacy practices of any third-party provider or website and is not responsible for the privacy policies or the content of any third-party provider or website.

Third party providers/websites are responsible for informing you about their own privacy practices and we encourage you to read their privacy policies. Inquiries and complaints

Mandatory notification of eligible data breach

The Privacy Act sets out obligations for notifying affected individuals, and the Office of the Australian Information Commissioner (OAIC), in the event of an eligible data breach which is likely to result in serious harm.

An eligible data breach occurs where:

• There is unauthorised access to, or unauthorised disclosure of personal information, or a loss of personal information, that an entity holds;
• This is likely to result in serious harm to one or more individuals; and
• The entity has not been able to prevent the likely risk of serious harm with remedial action.

If an eligible data breach is confirmed or Saipem is otherwise directed to do so by the Commissioner, each affected individual will be provided with a statement including:

• details of the breach; and 
• recommendations of the steps individuals should take. 

A copy of the statement will also be provided to the OAIC.

Enquiries and Complaints to third party sites

If you would like further information about the way Saipem manages the personal information it holds, or wish to make a complaint about how Saipem handles, processes or manages your personal information, please contact HR Manager, Saipem on +614 48 003 437.

We may require proof of your identity and full details of your request before we can process your complaint. Please allow up to three days for Human Resources to respond to your complaint. We will treat your requests or complaints confidentially. It will not always be possible to resolve a complaint to everyone’s satisfaction. If you are not satisfied with Human Resource’s response to a complaint, you have the right to contact the Office of Australian Information Commissioner (at www.oaic.gov.au/) to lodge a complaint.

How to contact us

If you have a question or concern in relation to our handling of your personal information or this Policy, you can contact us for assistance as follows:

Email: Natasha.Lindfield@saipem.com

Contact number: +61 448 003 437

Post Attention: Saipem Australia Privacy Officer

Address: 1101 Hay Street West Perth WA 6005

Breaches of this Policy

A breach of this Policy may result in disciplinary action up to and including termination of employment.

Other policies

Saipem employees are encouraged to read this Policy in conjunction with other relevant Saipem policies.

Policy Updates

This Policy may be updated or revised from time to time. Saipem will notify all staff members each time the Policy has been updated.

Types of Data collected

Among the Personal Information collected by this Site through the contact form and the form for spontaneous applications there are: Cookies, Usage Data, Email, Password, Name, Surname.

Other Personal Data collected may be indicated in other sections of this privacy policy or through informative texts displayed together with the collection of the Data.

Personal Data is entered voluntarily by the User.

Any use of Cookies - or other tracking tools - by this Site, unless otherwise specified, has the purpose of identifying the User and recording the related preferences for purposes strictly related to the provision of the service requested by the User.

Failure to provide the User with some Personal Data may prevent this Site from providing its services.

The User assumes the responsibility of the Personal Data of third parties published or shared through this Site and guarantees to have the right to communicate or disseminate them, freeing the Owner from any liability to third parties.

Purposes of the processing of collected data

The Data concerning the User is collected to allow the Owner to provide its services, as well as for the following purposes: Analytics, Contacting the User, Optimizing and distributing traffic.

The types of Personal Data used for each purpose are indicated above.

Communication and dissemination of data

The data collected using cookies may be processed by employees and collaborators of nCore HR, as persons in charge and responsible for data processing.

The list of data is constantly updated and is available upon request by sending a communication to the address below or an e-mail to ----

The data collected using cookies will not be disclosed.

Your rights

At any time you can request information on the processing of your personal data, obtain the update, correction or integration of the same, as well as obtaining the cancellation, transformation into anonymous form or blocking of data processed in violation of the law and oppose the processing of You according to the provisions of art. 7 of Legislative Decree no. 196/2003 reported in full at the end of this policy.

To exercise your rights you can contact the Data Controller by sending a written notice to the address below or an e-mail to ----

Owner and manager of the treatment

Holder of the treatment is ----

Internal manager of the treatment is ----

Last updated: July 2015

Art. 7 D.Lgs 196/2003. Rights attributed to the interested party.

The interested party has the right to obtain confirmation of the existence or not of personal data concerning him, even if not yet registered, and their communication in intelligible form.
The interested party has the right to obtain the indication:
the origin of personal data;
of the purposes and methods of processing;
of the logic applied in case of treatment carried out with the aid of electronic instruments;
of the identifying details of the holder, of the responsible and of the designated representative according to article 5, paragraph 2;
the subjects or the categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the territory of the State, managers or agents.
The interested party has the right to obtain:
updating, rectification or, when interested, integration of data;
the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
the attestation that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or disseminated, except in the case in which this fulfillment proves impossible o involves a use of means manifestly disproportionate to the protected right.
The interested party has the right to object, in whole or in part:
for legitimate reasons, the processing of personal data concerning him, even if pertinent to the purpose of the collection;
to the processing of personal data concerning him for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication.
Changes to this information

The Data Controller reserves the right to make changes to this privacy statement at any time by giving notice to Users on this page. Please therefore consult this page often, referring to the date of the last modification indicated at the bottom. In case of non-acceptance of the changes made to this statement, the User is required to cease using this Site and may request the Data Controller to remove his Personal Data. Unless otherwise specified, the previous privacy policy will continue to apply to Personal Data collected until then.

Information on this privacy policy

The Data Controller is responsible for the privacy policy.

Last updated: July 2015