Privacy

Woodside Privacy Statement (General)

1. About this document

This document explains what we do with your personal information, your privacy rights, and how you can contact us regarding your privacy. This document applies to:

visitors to our premises;
business partners and customers;
website visitors;
investors and shareholders;
community stakeholders;
regulators and political stakeholders; and
media representatives.

To find out how we handle personal information about candidates seeking employment with Woodside, visit Woodside’s Privacy Statement (Candidates). For Woodside employees, contractors, officers or directors, visit Woodside’s Privacy Statement (Employees, contractors, officers and directors) on Woodside’s Intranet. For suppliers, visit Woodside’s Privacy Statement (Suppliers).

2. General information

2.1 Who we are

We are Woodside, an energy company founded in Australia now operating around the world. We operate through several related or subsidiary companies.

2.2 Changes to this Privacy Statement

This Privacy Statement was last updated on 11 November 2024. We will update this Privacy Statement periodically to keep it up to date. You will always see the most current version on our website.

2.3 How you can contact our Privacy Officer

You can contact our Privacy Officer by any of the following methods:

Email

[email protected]

Phone

Australia +61 08 9348 4000
Singapore +65 6709 8000
United States of America +1 713 961 8500

Mail

Privacy Officer
Woodside Energy Group Ltd
Mia Yellagonga
11 Mount Street
Perth, Western Australia 6000
Australia

3. What we do with your personal information

3.1 What personal information we collect, why we collect it, and how we collect it

Who we collect information about	What personal information we collect	Why we collect it	How we collect it
Visitors to our premises	Identity information – full name. Contact information – email address, phone number. Site visit information – the reason for your visit, information to facilitate your visit. CCTV footage – images and video surveillance inside Woodside facilities or premises.	To authenticate access to and manage the safety and security of, our systems, assets and premises. To facilitate your visit. To ensure your security and/or safety with respect to Woodside sites, premises, systems, assets or people.	Directly from you when you visit our premises (e.g., CCTV footage).
Business partners and customers	Identity information – full name, signature. Contact information – email address, phone number. Professional information – your employer and job title.	To be able to conduct business with you or the organisation you are associated with.	Directly from you and/or your organisation.
Website visitors	Technical information – your IP address, the previous site you visited, the type of browser and operating system you use. Website usage information – the pages you accessed and the documents you downloaded from our website.	To manage and monitor access to our website. To help us improve our website.	Directly from you/your device while you interact and navigate across our website. Via a third-party provider.
Investors and shareholders	Identity information – full name. Contact information – residential address, email address, phone number. Investment information – information about your shareholdings or interest in our company.	To communicate with you about our activities and other matters relating to your investment or shareholding.	Directly from you. From third-party share registry services.
Community stakeholders	Identity information – full name. Contact information – residential address, email address, phone number. Sensitive information - racial or ethnic origin. Other – information about your feedback, complaint, or query; your interaction on our social media platforms; your responses to social and environmental impact assessments.	To communicate with you, including to address your feedback, complaint, or query. To comply with our legal obligations and social license to operate.	Directly from you when you participate in a community feedback event or provide feedback to us.
Regulators and political stakeholders	Identity information – full name. Contact information – email address, phone number. Professional information – your employer and job title.	To communicate with you.	Directly from you or your organisation. From public sources.
Media representatives	Identity information – full name. Contact information – email address, phone number. Professional information – your employer and job title.	To communicate with you and the organisation you are associated with.	Directly from you or your organisation. From public sources.

Who we collect information about

What personal information we collect

Why we collect it

How we collect it

Visitors to our premises

Identity information – full name.
Contact information – email address, phone number.
Site visit information – the reason for your visit, information to facilitate your visit.
CCTV footage – images and video surveillance inside Woodside facilities or premises.

To authenticate access to and manage the safety and security of, our systems, assets and premises.
To facilitate your visit.
To ensure your security and/or safety with respect to Woodside sites, premises, systems, assets or people.

Directly from you when you visit our premises (e.g., CCTV footage).

Business partners and customers

Identity information – full name, signature.
Contact information – email address, phone number.
Professional information – your employer and job title.

To be able to conduct business with you or the organisation you are associated with.

Directly from you and/or your organisation.

Website visitors

Technical information – your IP address, the previous site you visited, the type of browser and operating system you use.
Website usage information – the pages you accessed and the documents you downloaded from our website.

To manage and monitor access to our website.
To help us improve our website.

Directly from you/your device while you interact and navigate across our website.
Via a third-party provider.

Investors and shareholders

Identity information – full name.
Contact information – residential address, email address, phone number.
Investment information – information about your shareholdings or interest in our company.

To communicate with you about our activities and other matters relating to your investment or shareholding.

Directly from you.
From third-party share registry services.

Community stakeholders

Identity information – full name.
Contact information – residential address, email address, phone number.
Sensitive information - racial or ethnic origin.
Other – information about your feedback, complaint, or query; your interaction on our social media platforms; your responses to social and environmental impact assessments.

To communicate with you, including to address your feedback, complaint, or query.
To comply with our legal obligations and social license to operate.

Directly from you when you participate in a community feedback event or provide feedback to us.

Regulators and political stakeholders

Identity information – full name.
Contact information – email address, phone number.
Professional information – your employer and job title.

To communicate with you.

Directly from you or your organisation.
From public sources.

Media representatives

Identity information – full name.
Contact information – email address, phone number.
Professional information – your employer and job title.

To communicate with you and the organisation you are associated with.

Directly from you or your organisation.
From public sources.

3.2 Who we share your personal information with

We may need to share your personal information with:

Our related or subsidiary companies - who require the personal information for the reasons explained in section 3.3.
Our IT vendors, facility managers and other service providers - where they are assisting us to carry out a function of our business.
Regulators, government authorities, or law enforcement agencies – where we are under a legal obligation to do so.

3.3 Where we share your personal information to

The global nature of our operations means that at times we may need to share your personal information to our related or subsidiary companies or a third party (as explained in section 3.1) who may be in a different jurisdiction to where your personal information was collected.

When we do this, we take steps to ensure that there is a lawful basis and that there are appropriate technical and security controls in place to protect your personal information.

Some of the countries we may share personal information with include: Australia, Canada, China, Ireland, Indonesia, Japan, Mexico, Myanmar, New Zealand, Norway, Republic of Korea, Senegal, Singapore, Thailand, Timor-Leste, Trinidad and Tobago, the European Union, the United Kingdom, and the United States of America.

3.4 How long we keep your personal information for

We keep your personal information for as long as necessary to fulfill the purpose for which it was collected and to comply with our applicable legal requirements.

4. How we use technology

4.1 Cookies

When you visit our website small text files, known as cookies, are placed on your device. These cookies record actions and information such as:

how you came to our website;
the pages you visited on our website;
the number of times you visited our website;
the duration you visited our website for;
whether you visited our website in full screen mode or minimised;
your language preferences; and
how many times you watched a video on our website and the settings you used to watch that video.

We use these cookies to help us understand how people use our website and where we can improve our website. Third parties may also use the cookies for their own purposes, such as to display advertising.

You can set your browser to reject cookies, although this may affect your browsing experience.

5. Your privacy rights

5.1 What privacy rights you have

You may have certain privacy rights and may include the right to:

access your personal information;
correct your personal information if it is inaccurate or incomplete;
ask us to erase your personal information;
ask us to restrict using or sharing your personal information;
object to how we use or share your personal information;
us to transfer your personal information to another organisation or give it to you; and/or
withdraw consent if you have provided consent for us to use or share your personal information in a certain way.

You are also able to make a privacy complaint if you believe we have done something inappropriate with your personal information.

5.2 How you can exercise your privacy rights

You can exercise your privacy rights or make a privacy complaint by contacting our Privacy Officer.

When you do this, we may need to request further information from you to help us confirm your identity and clarify the scope of your request or privacy complaint. We will communicate with you about what we need if this is the case.

We aim to respond to all requests and privacy complaints within one month. Sometimes, it may take us longer, if so, we will communicate with you to keep you informed.

5.3 What you can do if we can’t facilitate your privacy right or resolve your privacy complaint

We aim to facilitate your privacy rights and resolve any privacy complaints. If we can’t, you may be able to escalate the matter to the relevant data protection authority.

The relevant data protection authority will depend on where the personal information was collected, some examples include:

Australia – the Office of the Australian Information Commissioner
The United Kingdom – the Information Commissioner’s Office
The Republic of Korea – the Personal Information Protection Commission (SK)
Japan – the Personal Information Protection Commission (JP)
Singapore – Personal Data Protection Commission
The United States of America – there is no single national data protection authority, some States have their own data protection authority (such as California’s Privacy Protection Agency)
The European Union - the data protection authority for each country is listed (along with the contact details) on the European Data Protection Board’s website.
Mexico – the National Institute for Transparency, Information Access and Protection of Personal Data