General Privacy Policy
 

1. Objective

In its business activities, TOTAL receives, collects, uses, stores and discloses personal information. TOTAL recognizes that the privacy of personal information is important and abides by the Privacy Act 1988 (Cth) and the Australian Privacy Principles ("APPs").
 
The objective of this General Privacy Policy ("Policy") is to ensure TOTAL manages the privacy of personal information in compliance with the requirements of the Privacy Act and the APPs.
 
TOTAL will only collect, use and disclose personal information (which is not an employee record) in accordance with this Policy. By providing personal information to TOTAL, a person consents to the collection, use, storage and disclosure of its personal information in accordance with this Policy.

 

2. Scope

This Policy applies to Total E&P Australia ABN 96 832 035 151 ("TEPAU"), and to each of the subsidiaries of Total SA in the Exploration & Production Branch that are present, or have operations, in Australia ("TOTAL E&P Australia Group"). References to "TOTAL" mean the Total E&P Australia Group unless otherwise specified.

This Policy covers how TOTAL will handle and manage personal information collected pursuant to Section 3.2. This Policy does not address the handling of personal information related to TEPAU's employees and contained in employee records, which is dealt with in a separate internal policy (the "Privacy Policy in relation to Employees' Personal Information").

Information about the APPs and privacy rights can be found at the website of the Office of the Australian Information Commissioner at http://www.oaic.gov.au/index.php.

 

3. Responsablility

3.1 What personal information does TOTAL collect?
 

TOTAL collects personal information that is necessary for it to conduct its business. Personal information is any information that can be used to identify a person and may include:

  • a person’s name, address, occupation and contact details (address, phone numbers and email address);

  • information related to the person's professional life;

  • other personal information a person may disclose to TOTAL in relation to TOTAL's business operations, or which is contained in communications between TOTAL and a person.

Where relevant, TOTAL may ask a person for other information, for example, qualifications and employment history in relation to an application for employment with TOTAL.

 
3.2 How does TOTAL collect and hold personal information?
 
TOTAL usually collect personal information in the following ways:
 
  • Directly from a person (including employees and in-house contractors working for TOTAL or job applicants), either in person, in documents or by e-mail. Personal information may be collected through TEPAU's website cookies when visiting TEPAU's website;

  • From third parties, such as TOTAL's business associates, joint venturers, clients, contractors, sub-contractors, suppliers, business counterparties or a person's employer;

  • From other companies in the TOTAL E&P Australia Group or other subsidiaries of Total SA; and

  • From publicly available resources.

    TOTAL holds personal information in hard copy and electronic files.

 
3.3 Why does TOTAL collect personal information?
 
TOTAL receives, collects and processes personal information for the purpose of its business activities.
 

In relation to in-house contractors working for TOTAL, TOTAL collects and processes personal information for the purpose of administrative management. TOTAL may receive or collect personal information as well from people seeking employment with TOTAL or people communicating with TOTAL whether in writing, bye-mail or telephone.

TOTAL also collects and processes personal information related to its joint venturers, clients, sub­contractors, suppliers and business counterparties for the purpose of managing the relationship with these parties.

TOTAL's ability to carry out its business operations may be adversely affected if requested personal information is not provided, or if the information given to it is incomplete or inaccurate.

 
3.4 How does TOTAL use personal information?
 
TOTAL uses personal information for the purpose of its business activities. TOTAL uses personal information for the purpose for which it was collected and for related secondary purposes, including the following purposes (depending on the circumstances):
 
  • providing information to persons regarding its business activities;

  • conducting its internal business operations and administrative management (including meeting any relevant legal requirements);

  • managing third party (including joint venture, client, supplier, contractor and sub-contractor) relationships and improve its business operations;

  • assessing applications for employment.

3.5 To whom does TOTAL disclose personal information?
 
TOTAL will only disclose personal information for the purpose for which it was collected or for related secondary purposes, and in the following circumstances:
 
  • to any person where necessary or desirable in connection with the conduct of its business, such as to regulatory authorities and other parties;

  • to other companies in the TOTAL group of companies;

  • to external service providers (on a confidential basis) so they can provide TOTAL with services related to its business, for example mailing services, IT services, data storage or archive services;

  • to TOTAL's legal representatives and auditors;

  • where required or authorised by law;

  • in any case, where consent to the disclosure is provided.

The above restrictions on use and disclosure are not applicable where the Privacy Act and the APPs provide exemptions, for example with respect to employee records.
 
 
3.6 Cross-border disclosure of personal information
 
TOTAL may deal with its affiliates or third parties, such as service providers, who are located overseas. As a result, personal information may be disclosed to a recipient in a foreign country, including but not limited to France.
 
TOTAL has an obligation ("the Obligation") which it will abide by, to take reasonable steps, in the circumstances, before disclosing personal information to an overseas recipient to ensure that the overseas recipient does not breach the APPs in relation to that information.
 
The Obligation does not apply and TOTAL may disclose personal information to an overseas recipient:
 
  • if the overseas recipient is located in a country that is a member state of the European Economic Area because TOTAL reasonably believes that such overseas recipient is subject to a law that has the effect of protecting the information in a way that, overall, is substantially similar to the way in which the APPs protect the personal information and there are mechanisms that the individual can access to take action to enforce that protection;

  • if the overseas recipient is a TOTAL affiliate located overseas (but not within the European Economic Area) and is subject to a binding scheme that has the effect of protecting the information in a way that, overall, is substantially similar to the way in which the APPs protect the information and there are mechanisms that the individual can access to take action to enforce that protection; or

  • if a person consents to the disclosure of its personal information to an overseas recipient. In the case of consent, TOTAL will not be accountable and a person whose personal information was disclosed will not be able to seek redress against TOTAL under the Privacy Act if the overseas recipient handles the personal information in breach of the APPs. It may not be possible to seek redress for breach of privacy laws, if applicable, against the overseas recipient depending on the overseas jurisdiction. Persons providing personal information to TOTAL consent to the disclosure of that personal information to an overseas recipient and by doing so, agree that the Obligation does not apply and acknowledge and agree to the risk associated with the disclosure of personal information to overseas recipients.

3.7 Security and accuracy of personal information 
 
TOTAL will take reasonable steps to ensure that all personal information TOTAL holds is:
 
  • accurate, complete, up-to-date, relevant and not misleading;

  • stored in a secure environment; and

  • protected from misuse, interference and loss as well as unauthorised access, modification or disclosure.

TOTAL employees with access to such information are subject to obligations of confidentiality.
 
If a person's details or any personal information that they have provided changes, they are required to notify TOTAL as soon as possible by using the contact details below so TOTAL can maintain the accuracy of all personal information.
 
 
3.8 How can people access and correct personal information?
 
Each person has a right to access personal information TOTAL holds about them. TOTAL will comply with any request to access a particular person's personal information that it receives by email at privacy-tepau@total.com except where the Privacy Act or the APPs allow TOTAL to refuse to do so.
 
TEPAU will be the entity responsible for handling all requests for access to personal information in relation to TOTAL. There is no fee for making a request to access personal information. However, if giving the person access to the requested personal information requires a significant amount of work, TOTAL may then charge a fee for providing such access.
 
Each person also has the right to ask TOTAL to correct information about them if such information is inaccurate, incomplete, out-of-date, irrelevant or misleading. If TOTAL refuses to correct that personal information as requested, TOTAL must:
 
  • notify the person in writing of the reasons of its refusal (unless it would be unreasonable to do so) and how to complain of the refusal; and

  • if the person so requests, TOTAL must record a statement indicating that the person believes its personal information is inaccurate, incomplete, out-of-date, irrelevant or misleading. TOTAL must take reasonable steps so that such statement appears to the users of the personal information.

3.9 Sensitive information
 
Some personal information that TOTAL collects may be sensitive information. Sensitive information includes: information relating to a person's racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, trade union or other professional or trade association membership, sexual preferences and criminal record that is also personal information; health information and genetic information about an individual,
 
Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless the relevant person agrees otherwise, or where other limited circumstances apply (e.g. where required by law).
 
  
3.10 Links to other websites
 
TOTAL is not responsible for the content or material contained in, or obtained through, any third party website or for the privacy practices of the third party website. TOTAL suggests that the privacy policy of each website that is visited by a person is reviewed.

 

4. Personal information originating from Total's affiiates in the European Economic Area (EEA)

In the course of its business activities, TOTAL will receive from time to time personal information from its parent company TOTAL SA or other affiliates established in France or elsewhere in the EEA. In order to be able to receive such personal information that is necessary for its activities, TOTAL must comply with certain requirements governing the transfer of personal information originating from the EEA to entities outside the EEA. Consequently, and in addition to the principles set forth in the present Policy, TOTAL applies specific rules to personal information it receives from its affiliates and which originates from the EEA. A simplified version of such rules is available on the TOTAL Group's website http://total.com/en/legal.

 

5. Miscellaneaous

5.1 How can TOTAL be contacted? 
 
TEPAU will be the entity responsible for handling all matters concerning how personal information is handled by TOTAL. Any questions or complaints about how TOTAL handles personal information can be made by contacting TEPAU's Privacy Officer on 9442 0000 during business hours or by e-mail at privacy-tepau@total.com or in writing at the following address:
 
TOTAL E& P Australia
Level 13 BGC Centre
28 The Esplanade
Perth W A 6000
C/O Privacy Officer
 
TEPAU will consider and respond to any complaint notified to it within 21 days. TEPAU will always endeavour to resolve any complaint to the complainant's satisfaction.
 
 
5.2 Additional information and Australian Information Commissioner
If a person is not satisfied with the way in which TEPAU handles their enquiry or complaint, the Office of the Australian Information Commissioner can be contacted on Tel: 1300 363 992 or email: enquiries@oaic.qov.au

 
5.3 Changes to this Policy
This is TOTAL's current General Privacy Policy outlining its personal information management practices. This Policy replaces any other external privacy policy published by TOTAL to date. TOTAL may vary this Policy from time to time. This Policy is available online on the following address: http://total.com.au