Skip to main content

Privacy Policy

1. Introduction

Indara is committed to protecting the privacy of our customers and our People. This policy outlines our ongoing obligations to you in respect of how we manage your Personal Information.

We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The NPPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information.

A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at .

2. Scope

This Policy applies to all Indara employees, contractors, job applicants, other workers and authorised third parties (collectively referred to, as our People).

3. What is Personal Information and why do we collect it?

Personal Information is information or an opinion that identifies an individual. Examples of Personal Information we collect include: names, addresses, email addresses, phone and facsimile numbers.

This Personal Information is obtained in many ways including during interviews, correspondence, by telephone and facsimile, by email, via our website,, websites, media and publications, from other publicly available sources, and from third parties.

Our primary purpose in collecting information is for use in relation to your employment or working relationship with Indara (referred to as the ‘Employment Relationship’ for the purposes of this Policy). We may also use your Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure.

When we collect Personal Information, we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.

There are two circumstances in which Indara may use or disclose personal information in a way other than as set out in this Policy:

  • where you consent to Indara doing so; and
  • where such use or disclosure is required/authorised by law.
4. Collection of Personal Information

Indara collects personal information in relation to our People and may retain this information in accordance with the Privacy Act.

The type of information collected may include (but is not limited to):

  • recruitment, engagement or training records;
  • job applications, resumes, academic transcripts etc.;
  • information about termination of employment;
  • information about terms and conditions of employment;
  • personal and emergency contact details;
  • performance, conduct or disciplinary records, including performance reviews;
    information about hours of employment;
  • remuneration details;
  • bonus and share option plan information;
  • information about membership of a professional or trade association, trade union membership;
  • annual, long service, sick, personal, parental or other leave records;
  • taxation, banking and superannuation information;
  • work health and safety records;
  • general health information; and
  • any other information provided by employees or relevant third parties.

Such information may be collected by telephone, through third parties, email and/or face to face meetings.

5. Use and Disclosure of Personal Information

Our primary purpose in collecting information from employees, contractors, job applicants and authorised third parties is for use in relation to their employment or working relationship with Indara (referred to as the ‘Employment Relationship’ for the purposes of this Policy).

We typically disclose personal information:

  • between companies in Indara;
  • to external service suppliers who supply administrative, personnel/recruitment services, financial, medical, legal, industrial or other services to Indara such as:
    — work health and safety incident investigators;
    — payroll administrators;
    — recruitment and personnel agencies;
    — share plan administrators;
    — medical practitioners;
    — legal advisors;
    — training providers;
    — organisations who distribute information on behalf of Indara;
    — superannuation trustees or administrators;
    — courts, tribunals and regulatory authorities as agreed or as authorised by law;
    — IT service providers, and
    — anyone an employee authorises.

The personal information that we collect in relation to our People, is necessary for proper and effective management of the Employment Relationship.

6. Sensitive Information

Some personal information we collect, and hold is “sensitive”. “Sensitive” information can include, but is not limited to, criminal records or health information.

Sensitive information may be required for managing the Employment Relationship; including information on our People’s state of health, medical history or leave, or to assist in dealing with work health and safety, workers compensation, insurance, superannuation and industrial relations matters.

In certain circumstances, we may handle sensitive information differently to other types of personal information because of the special nature of the data.

7. Accuracy of Personal Information

We aim to ensure that all personal information is accurate, complete and up-to-date. This information can be subject to change and it is your responsibility to update their personal information through our HRIS. When you changes address, telephone number or other personal details you must log these into the HRIS, update the relevant sections and submit the changes.

8. Security of your Personal Information

Indara will take all reasonable precautions to protect personally identifiable information from loss, misuse or alteration.

Indara stores personal information in a combination of secure computer storage facilities, paper based files and other records. Indara may also archive hardcopy information in secure premises operated by an Authorised Third Party.

9. Access to your Personal Information

Employees (and other workers) have the right to request access to personal information which Indara holds and to advise Indara of any perceived inaccuracy.

To make a request to access your personal information, you need to provide a written request to the People & Culture Team.

If you want to make a general enquiry, change or update your information personal information or obtain access to your personal information, please contact a member of the People & Culture Team.

If you have a grievance or complaint which relates to privacy, please contact the People & Culture Manager, or Head of Risk, HSEQ and Compliance.

10. Cross Border Data Flows

Indara may, on occasion, be required to transfer or store personal information to a person or related body corporate in a foreign country. This transfer will take place if the information is subject to a law, binding scheme, or contract which treats information with a substantially similar integrity as the Australian Privacy Principles. Indara will take reasonable steps and conduct sufficient investigation in order to ensure this is the case.

11. Complaint Process

Complaints regarding the information that Indara collects, uses, holds or discloses should be made in writing to the Executive Director, Human Resources. If a company or individual believes there is a breach of this Policy or the Privacy Act, a written complaint should be made to the Executive Director, Legal Risk Compliance. All complaints will be dealt with confidentially and promptly.

12. Definitions

The following terms within the policy, have the following meanings:

Term Definition
Personal Information Any information that can be used to personally identify an individual including (but not limited to) name, address, email and phone details, details of the individuals profession or occupation, qualification details, residency details.
Authorised Third Parties Refers to contractors, agents and third party suppliers with whom Indara enters into agreements from time to time and persons with whom they may contract in order to provide services.
Sensitive Information A special category of personal information under the Privacy Act. It is the information or an opinion about an individual including racial and ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association or union, sexual preferences or practices, criminal records or health information.

13. Review of this Policy

This Policy will also be reviewed by the Audit & Risk Committee every two years or more frequently, if required, to ensure continued compliance.


Privacy Policy Last Updated: 2nd February, 2023