Woodside Privacy Statement (Suppliers)
Woodside Privacy Statement (Suppliers)
1. About this document
This document explains what we do with your personal information, your privacy rights, and how you can contact us regarding your privacy.
This document applies to suppliers who provide goods or services to Woodside. To find out how we handle personal information about candidates seeking employment with Woodside, visit Woodside’s Privacy Statement (Candidates). For Woodside employees, contractors, officers or directors, visit Woodside’s Privacy Statement (Employees, contractors, officers and directors) on Woodside’s Intranet. For anyone else, visit Woodside’s Privacy Statement (General).
2. General information
2.1 Who we are
We are Woodside, an energy company founded in Australia now operating around the world. We operate through several related or subsidiary companies.
2.2 Changes to this Privacy Statement
This Privacy Statement was last updated on 11 November 2024. We will update this Privacy Statement periodically to keep it up to date. You will always see the most current version on our website.
2.3 How you can contact our Privacy Officer
You can contact our Privacy Officer by any of the following methods:
Phone
Australia +61 08 9348 4000
Singapore +65 6709 8000
United States of America +1 713 961 8500
Privacy Officer
Woodside Energy Group Ltd
Mia Yellagonga
11 Mount Street
Perth, Western Australia 6000
Australia
3. What we do with your personal information
3.1 What personal information we collect
Depending on how we engage with you and the nature of our engagement, we may collect some, all, or none of the following types of personal information:
- Identity information – your full name, date of birth, and identity documents.
- Contact details – your physical address, email address, and telephone number.
- Employment related information – details about your qualifications and employment history (including current employment).
- Due diligence information – a criminal records check, any past history of you having been bankrupt, current or former directorships or shareholdings, verifying your license or qualification, and evidence of your ability to work in a specific country or sector (e.g., permitted to work in Australia or with children).
- Information relating to your access of our premises, assets, or systems – including photographic or biometric information; the premises, assets or systems you accessed; the duration of your access; and the information or interaction itself associated with that system (e.g., emails).
3.2 How we collect your personal information
We collect your personal information:
- Directly from you.
- From your employer or the company you engage with us through.
- From the third party(s) we are performing the due diligence check with (e.g., former employers, public records, or a government agency).
3.3 Why we collect your personal information
We collect your personal information to:
- Assess your suitability for engagement with us.
- Contact you regarding your engagement with us.
- Undertake and maintain due diligence and background screening.
- Authenticate access to and protect our premises, assets, and systems.
- Satisfy any legal obligations we may have.
3.4 Who we share your personal information with
We may need to share your personal information with:
- Your employer or the company you engage with us through.
- Regulators, government authorities, or law enforcement agencies – where we are under a legal obligation to do so.
- Our lawyers, accountants, consultants, or insurers – where we need professional advice.
- Our IT vendors who provide the platform where your application is received, stored, and assessed.
- Our related or subsidiary companies who require the personal information for the reasons explained in section 3.3.
3.5 Where we share your personal information to
The global nature of our operations means that at times we may need to share your personal information to our related or subsidiary companies or a third party (as explained in section 3.4) who may be in a different jurisdiction to where your personal information was collected.
When we do this, we take steps to ensure that there is a lawful basis and that there are appropriate technical and security controls in place to protect your personal information.
Some of the countries we may share personal information with include: Australia, Canada, China, Ireland, Indonesia, Japan, Mexico, Myanmar, New Zealand, Norway, Republic of Korea, Senegal, Singapore, Thailand, Timor-Leste, Trinidad and Tobago, the European Union, the United Kingdom, and the United States of America.
3.6 How long we keep your personal information for
We keep your personal information for as long as necessary to fulfill the purpose for which it was collected and to comply with our applicable legal requirements.
4. Your privacy rights
4.1 What privacy rights you have
You may have certain privacy rights and may include the right to:
- access your personal information;
- correct your personal information if it is inaccurate or incomplete;
- ask us to erase your personal information;
- ask us to restrict using or sharing your personal information;
- object to how we use or share your personal information;
- us to transfer your personal information to another organisation or give it to you; and/or
- withdraw consent if you have provided consent for us to use or share your personal information in a certain way.
You are also able to make a privacy complaint if you believe we have done something inappropriate with your personal information.
4.2 How you can exercise your privacy rights
You can exercise your privacy rights or make a privacy complaint by contacting our Privacy Officer.
When you do this, we may need to request further information from you to help us confirm your identity and clarify the scope of your request or privacy complaint. We will communicate with you about what we need if this is the case.
We aim to respond to all requests and privacy complaints within one month. Sometimes, it may take us longer, if so, we will communicate with you to keep you informed.
4.3 What you can do if we can’t facilitate your privacy right or resolve your privacy complaint
We aim to facilitate your privacy rights and resolve any privacy complaints. If we can’t, you may be able to escalate the matter to the relevant data protection authority.
The relevant data protection authority will depend on where the personal information was collected, some examples include:
- Australia – the Office of the Australian Information Commissioner
- The United Kingdom – the Information Commissioner’s Office
- The Republic of Korea – the Personal Information Protection Commission (SK)
- Japan – the Personal Information Protection Commission (JP)
- Singapore – Personal Data Protection Commission
- The United States of America – there is no single national data protection authority, some States have their own data protection authority (such as California’s Privacy Protection Agency)
- The European Union - the data protection authority for each country is listed (along with the contact details) on the European Data Protection Board’s website.
- Mexico – the National Institute for Transparency, Information Access and Protection of Personal Data