Engineering Excellence (“”) Privacy Statement
Introduction and scope
is committed to keeping personal information accurate and private. We respect an individual’s right to privacy and will treat all personal information we receive responsibly, with integrity and in accordance with data protection and privacy laws.
Applicable privacy laws
We are bound by the laws of the countries where we operate which protect the privacy of individuals by regulating the collection and use of personal information.
These laws may contain exemptions for the collection and use of some personal information.
The relevant data privacy law(s) governing our main countries of operation are likely to be:
Australia: Privacy Act 1988 () and the Australian Privacy Principles
Canada: Personal Information Protection and Electronic Documents Act 2000
Cyprus: Processing of Personal Data (Protection of the Individual) Law 2001
Hong Kong: Personal Data (Privacy) Ordinance (Cap. 486)
New Zealand: Privacy Act 1993
United Arab Emirates: UAE Penal Code and DIFC Data Protection Law 2007
United Kingdom: Data Protection Act 1998
To the extent that the relevant data privacy law(s) are amended, substituted or repealed from time to time, then this Privacy Statement should be read as referring to those relevant data privacy law(s) as so amended, substituted or repealed.
What information does this Privacy Statement apply to?
Personal information is any information (including an opinion) about you where your identity is apparent, or that contains details that may identify you. It may include your name, date of birth, address, postcode, telephone numbers and email address. It includes sensitive information.
Sensitive information is a particular type of personal information about your racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record or health. In certain circumstances we may collect sensitive information about you.
The type of personal information we collect and manage includes:
Your name, address, email address, date of birth and gender
Your company email address, role at the company, industry and country
Your nationality, ethnic origin, residency/immigration status
Your contact details (including telephone number, facsimile, emergency contact details, next of kin, beneficiaries, dependents, etc)
Any additional information relating to you that you provide to us directly or indirectly through use of our website or online presence, through our representatives or otherwise.
How do we collect your personal information and why?
We only collect personal information that is necessary for us to manage our business effectively, to develop and promote our services and to assist us with complying with our legal and regulatory obligations.
Generally, we try to collect personal information directly from you but, occasionally, we may collect personal information from publicly available records, third parties and/or other sources.
We will only collect personal information about you from publicly available records, third parties and/or other sources if it is unreasonable or impracticable to collect it from you directly.
We will only collect sensitive information about you if we have your consent or we are permitted or required by law to collect the information.
The ways we collect personal information include:
our dealings with government agencies
our dealings with clients, contractors, subcontractors, suppliers and other service providers
during conversations between you and our representatives
through access to our website
access control systems and registers for individuals accessing our sites and premises
monitoring and surveillance systems, including CCTV systems from social media web sites and blogs
If we receive your personal information and we did not request it, then we will determine, within a suitable time after receiving that information, whether it is reasonably necessary for us to retain that information and in the case of sensitive information, whether you consented to the collection. If not, we will de-identify or destroy the information.
Regardless of how we obtain the information, we will take reasonable steps to ensure that you are aware of the way we are collecting the information, any laws requiring the collection, who we usually disclose it to and any consequences for you if we are not provided with the information.
Purpose for which we collect personal
We may collect your personal information to enable us to properly operate, manage and administer our business including:
to maintain effective access, safety and security controls for our sites and
to process and respond to specific inquiries or issues that you have raised with
where you are a representative of an organisation with whom we deal, in relation to the services that we provide to (and/or receive from) that
to investigate any allegation or complaint about our practices or conduct made by
compliance with our legal and regulatory requirements, policies and contractual obligations or in cooperation with any governmental authority of any
in the management of claims, disputes and litigation proceedings arising out of our business
to engage the services of external consultants, agents, temporary and casual workers and other
to process and respond to enquiries, allegations or complaints from members of the
to maintain supplier and contractor databases (where the supplier or contractor is a sole trader
in the compilation of and access to business contact
to conduct business processing functions including providing personal information to our related companies, contractors, service providers or other third
investigation/prevention/detection/prosecution of unlawful or inappropriate activities; or
monitoring use of our website.
Passive Information Collection
As you navigate through our website or otherwise use our equipment, systems and technology, we may collect information about your computer, including, where available, your IP address, operating system and browser type, for system administration. This is statistical data about our users’ browsing actions and does not identify any individual.
We use ‘cookies’ which are small text files placed on your computer by a web page server which may later be retrieved. A cookie enables us to recognise your computer without the need for a fresh request for you to register. The cookies do not allow us to collect personally identifiable information about you.
How we use your personal information
We use the personal information we collect to enable us to effectively and efficiently conduct our business. The precise use can vary, depending on the circumstances in which it was collected, including:
for any of the purposes set out in this Privacy Statement
to verify your identity and conduct credit and other verification checks
to update your details and keep our records up to date
to provide you with access to protected areas of our website/intranet
to conduct business processing functions including providing information to our related companies, contractors, suppliers, service providers, business partners, and clients
to inform you of existing and proposed services which we provide and commercial opportunities which we offer from time to time
For personal information that is sensitive information, we will only collect, use or disclose that information where it is reasonably necessary in the operation of our business and we have received your consent to do or it is permitted or required by law.
As part of our safety and security commitment to our clients and members of the public, we conduct camera, computer and tracking surveillance of our sites, premises, assets and business systems. If we intend to conduct surveillance activities which might affect you, we will give you notice of those activities as we are required under applicable law(s). Any surveillance activity will only be conducted by appropriate individuals and any resulting personal information collected will be held in accordance with this Privacy Statement.
We may also use your personal information for purposes related to those described above which would reasonably be expected by you or to which you have consented.
Sharing your personal information?
We may disclose your personal information in certain circumstances, such as where we are required or permitted by law, where you have consented to us doing so or for any of the purposes for which the information was collected.
The persons to whom we typically may disclose your personal information include:
our related companies, business partners, contractors, subcontractors, suppliers, consultants, clients and service providers for the purpose of our business operations
individuals or organisations to whom we have commercial relationships, including individuals or organisations engaged in providing us with professional, business, technology, corporate and administrative services which are reasonably required for the effective operation of our business government agencies (including local tax authorities) and regulators as required or permitted by law
Where appropriate, we will only release personal information if we have an appropriate commitment from the recipient to use the information in a lawful, secure and responsible manner and only for the purpose(s) for which it is released.
We are a part of the Laing O’Rourke group of companies, which are incorporated and operate in different countries including Australia, Canada, Hong Kong, New Zealand, the United Arab Emirates and the United Kingdom.
Some of the information we collect is stored on cloud-hosted systems which may be outside the country in which we collect the information.
We will only share your personal information outside the country in which we collect the information (including with cloud-hosted systems) if one or more of the following apply:
we reasonably believe the recipient of the information is subject to a law regarding the holding and use of that information that is substantially the relevant privacy laws of the country in which we collect the information
we are permitted or required to do so by law
we have taken reasonable steps to ensure that the recipient of the information will not breach the relevant privacy laws of the country in which we collect the information
You may contact us to obtain a list of countries in which likely overseas recipients of your personal information are located (see “How to contact us” below). As cloud-hosted systems may be accessed from different countries, it is not always feasible for us to know the countries in which some personal information is held.
Access to your personal information?
You may request access to any of the personal information we hold about you by contacting us (see “How to contact us”).
We are required to provide you with that access although there are exceptions such as:
where your request is frivolous
where there is an unreasonable impact on others
where we are prevented by law or a court order
We reserve the right to require you to verify your identity (so that we process access requests responsibly) and to charge a reasonable fee for the costs of retrieval and supply of any requested information. In some cases, such as where you have requested copies of the personal information that we hold about you (rather than access to that information), we may require you to make your request in writing.
We will respond to access requests within a reasonable time and will give you access in the manner you request usually by mailing or emailing it to you (provided it is reasonably practicable to do so). If we cannot give you access to all the personal information we hold, or if we can’t give you access in the manner you requested, we will take steps to give you alternative access that meets our respective needs. If we can only give you limited or no access to your personal information, we will set out written reasons why this is the case and you may contact us to complain about that refusal (see “How to contact us” below).
We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and up to date, relevant and not misleading. Please notify us of any errors or changes to your personal information and we will take appropriate steps to update or correct such information in our possession.
Where we have corrected your personal we will take reasonable steps to communicate that correction to any third party with whom we’ve shared the information (unless it is impracticable or unlawful to do so). If we refuse to correct your personal information following a request by you to do so, we will:
set out written reasons why this is the and you may contact us to complain about that refusal (see “How to contact us” below)
at your request (and where we do so), associate with that personal information a statement that it is inaccurate, out-of–date, incomplete, irrelevant or misleading in such a way that the statement is apparent to users of the information.
Security and retention of personal information?
We store personal information in different ways including in electronic or hard copy form.
We will take reasonable precautions in the circumstances to safeguard your information from loss, misuse, interference, unauthorised access, modification, disclosure or destruction.
Some of the measures we take are:
insisting on confidentiality from our employees, staff and business partners in their use information we provide to them and/or directing them to the principles we apply regarding personal information as identified in our Global Code of Conduct
implementing document management controls
using access control and security measures for our sites, premises, assets and business systems
business continuity planning
You should keep in mind that no internet transmission is ever completely secure or error free. sent to or from our website may not be secure.
In accordance with our document / personal information management controls, we will keep some forms of personal information longer than others in line with business or legal requirements.
If personal information we hold is no longer reasonably necessary for a purpose identified in this Privacy Statement and we are not required by law to retain that information, we will take reasonable steps to de- identify or destroy that information.
Links to other websites
Our website may contain links or references to other websites to which this Privacy Statement may not apply. Please always read the privacy statement or policy of every website you visit.
How to contact us or complain about a breach
If you have any questions about this Privacy Statement, are concerned that we have breached relevant data privacy law(s) or have a complaint about our information management practices, please contact us by sending an email to firstname.lastname@example.org (located in the “Contact Us” section of the website) from the email you provided us so that we can investigate your concerns. We request that complaints about breaches of privacy be made in writing so that we can be sure about the details of the complaint.
Your question, concern or complaint will be handled by our Compliance Officer and where appropriate will be investigated in accordance with our procedures.
Our Compliance Officer will respond to you within a reasonable time and advise of any investigation process. If you feel that we have not adequately dealt with any privacy complaint you have made to us, you may wish to contact the appropriate data privacy authority relevant to your complaint. This is likely to be:
Australia Office of the Australian Information Commissioner
Canada Office of the Privacy Commissioner of Canada
Cyprus Office of the Commissioner for Personal Data Protection
Hong Kong Office of the Privacy Commissioner for Personal Data
New Zealand Office of the Privacy Commissioner
United Arab Emirates Data Protection Commissioner (for our businesses operating in the Dubai International Financial Centre only)
United Kingdom Information Commissioner’s Office
Anonymity and pseudonyms
You may submit information to us anonymously or by using a pseudonym unless we are required by law to insist that you identify yourself or it is impractical for us to deal with the information unless you have identified yourself.
Where you provide information through our Conduct Line, you may provide personal information on an anonymous basis. However, where you do not provide us with your name and contact details, we may be limited in our ability to investigate and deal with your complaint and under certain local laws (such as the Corporations Act 2001 () in Australia and the Public Disclosure Act 1998 in the United Kingdom) you may not be eligible for the legal protection provided to you by those laws to the extent your complaint relates to a breach of those laws.
Changes to this privacy statement
Our Privacy Statement may change from time to time as updated on our website. Before providing us with personal information, please check our website for changes.