Pilbara Minerals Limited and its subsidiaries (together, PLS or we/us) are committed to protecting the privacy of individuals’ personal information in accordance with applicable law.
This Privacy Policy (Policy) sets out the principles that PLS will follow in collecting, using, holding, disclosing, and otherwise managing, personal information. It sets out rights in relation to personal information and how you can contact us.
PLS and its directors, officers and employees must comply with this Policy.
Personal information is information or an opinion about an identified individual or an individual who is reasonably identifiable, whether true or not and whether the information or opinion is recorded in a material form or not.
PLS may collect personal information from you in a variety of ways, including when you work with us, apply for a position, attend our operational sites, use our website, invest in us, or have business dealings with us (e.g., customers, suppliers, contractors, investors and the like), and/or when you attend a company presentation (e.g., annual investor presentation).
Where possible, we collect personal information directly from you. This may occur when you interact with PLS in person, over the telephone or electronically (e.g. via websites, apps, social media posts, chats, telephone, emails and or SMS) or as otherwise permitted by law.
From time to time, we may also collect personal information about you from other sources. For example, we may collect information:
If we collect personal information about you from someone else, we will take reasonable steps to ensure that you are made aware that we have collected the information.
From time to time, we may receive personal information that we have not requested (unsolicited personal information).
If we receive unsolicited personal information, we will consider if we could have collected that information directly from the relevant individual.
If we determine that:
Examples of the kinds of personal information that PLS may collect, and hold could include:
We may collect information about you when you access our website. This can include (but may not be limited to) the following:
PLS uses cookies and IP address tracking to administer its website and generally improve its content and service offering. You may set your browser to refuse cookies if you wish, although this may affect your browsing experience.
In most circumstances, it is impractical for people to communicate with us anonymously. However, where possible and practical, we will provide you with the option of not identifying yourself or using a pseudonym when communicating with us.
Sensitive information is a subset of personal information and includes:
We only collect sensitive information where you have consented to the collection, and it is reasonably necessary for one or more of our functions or activities.
PLS uses personal information to carry out its business functions and activities, to comply with regulatory obligations and in connection with investigations or claims.
If required by law, we will ask for your express consent to use certain types of personal information and, where we do so, you may have the right to withdraw that consent.
We may collect, use, and store personal information for the legitimate business interests of PLS, including:
PLS will only disclose your personal information for:
Examples of instances where we may disclose personal information about you to third parties include disclosure to providers of services to PLS, government agencies, regulatory authorities, and our professional advisers.
Personal information collected by PLS may be transferred within its group of companies who require the information for the purposes in this Policy. An overview of PLS’ global corporate group and the countries in which PLS group companies operate can be found in PLS’ annual report.
In addition, some of our service providers, including data storage and technology service providers, may be located or use locations in a different country to where personal information was collected.
Where we are required to disclose information to a third party in a country which does not have substantially similar legal protections for personal information to the privacy laws applicable to PLS (each a privacy law), we will take reasonable steps to ensure that:
A government identifier of an individual is one that has been assigned by the government (e.g. an Australian tax file number). Subject to certain exemptions under applicable privacy law, PLS will not disclose identifiers assigned by government agencies or use those identifiers to identify your personal information.
We will take reasonable steps to ensure the security of the personal information that is collected such that the personal information that we hold is protected from misuse, interference, loss, and from unauthorised access, modification, and/or disclosure.
As a company we store and retain information both in electronic and hard copy format.
We have implemented strict controls within our IT systems that restrict access to information databases, maintain our security firewalls and intrusion detection systems, and where applicable, encrypt our data.
No information that is transmitted over the internet can be guaranteed to be 100% secure. We will strive to protect users’ personal information however we cannot guarantee or warrant the security of information transmitted over the internet and users do so at their own risk.
If you have concerns about transmitting information over the internet, you should contact our Privacy Office to arrange a suitable alternative.
We will retain your data in line with good record-keeping practices. The relevant time period for retention of your information is determined in accordance with relevant legal and regulatory requirements, the purpose for which your personal information was collected, limitation periods for any claims that might arise and industry practice guidelines.
PLS will take reasonable steps to ensure that personal information it holds that is no longer necessary for the disclosed purpose is destroyed or permanently de-identified, subject to any legal obligation to keep the personal information for any required period.
Personal information held in hard copy is shredded or disposed of through secured access recycling bin collection services.
Where possible, personal information held in electronic form will be ‘sanitised’ from the relevant hardware to completely remove the stored personal information. Where hardware cannot be sanitised, reasonable steps will be taken to destroy the personal information in another way.
Where it is not possible to irretrievably destroy personal information held in electronic format, we take reasonable steps to de-identify the personal information or put it beyond use.
At the request of an individual, PLS will, in most circumstances, provide access to any personal information that is being held by PLS about that individual. We will endeavour to do this within 30 days of the request.
There are certain circumstances where PLS will not provide an individual access to such personal information in accordance with applicable privacy law. These circumstances include where providing access would have an unreasonable impact to the privacy of others, where providing access would reveal commercially sensitive information about the organisation or where providing access would be unlawful.
We take reasonable steps to ensure that the information is up to date and complete. However, if you believe the information we hold about you is inaccurate or incomplete, you may request that we correct it.
An individual can seek access to, and update or correct, any personal information that is being held by us about that individual by contacting the Privacy Office directly in writing.
Any breach of this Policy will be regarded as a serious matter and may result in, for employees, contractors and consultants, disciplinary action, including termination, or for third parties, appropriate legal action in accordance with applicable privacy law.
In certain circumstances, PLS will be required to notify affected individuals and relevant regulators about a data breach.
Should you have any questions or complaints relating to this Policy, you should direct them in writing to our Privacy Office, who can be contacted at privacy@pls.com.
If you are not satisfied with our handling of your complaint, you may lodge a complaint with your applicable privacy regulator.
All complaints will be investigated by an appropriately qualified representative of PLS. We will endeavour to resolve your complaint as quickly as possible. We will notify you of the outcome of the investigation, including how we propose to resolve your complaint and what, if any, corrective measures we will implement.
Additional privacy rules and restrictions relating to our management of your personal information may apply in some countries where we operate.
This additional provision applies to all individuals that work for PLS and are based in Australia.
This Policy does not apply to information collected or otherwise obtained by PLS in relation to current and former employees and which relates directly to the employment relationship that exists, or existed, between us and our current and former employees.
The additional provisions in this section apply to all individuals that work for PLS in Brazil and anyone whose personal data is collected in Brazil.
We may only collect sensitive data if we have express consent for a specific purpose or to comply with laws, exercise our legal rights, protect the physical safety of a person or for fraud prevention or for electronic system security and authentication processes.
You may exercise your legal rights by contacting our Brazilian Personal Data Protection Officer at privacy@pls.com to:
The additional provisions in this section apply to all individuals that work for PLS and whose personal information is collected, used, or disclosed in Singapore.
References in this Policy to “personal information” means any data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which PLS has or is likely to have access.
PLS will collect, use, or disclose your personal information where necessary for the purposes of managing and administering your employment or appointment with PLS. These purposes may continue to apply for a reasonable period after the termination of your employment or appointment.
You may exercise your legal rights to the following by emailing our Privacy Office to:
A Portuguese version of this Policy will be made available on PLS’ website for convenience purposes only. In the event of any conflict, the English version of this Policy will prevail.
This Policy will be reviewed by the Board every two years and amended as required. The current version of this Policy will be made available on PLS’ website.