Employee Privacy Policy

At E&P Financial Group Limited, the privacy of your personal information is important to us.  Our Employee Privacy Policy is designed to provide employees, contractors, consultants and prospective employees with general information about what and how we collect, use and disclose and otherwise handle your personal information. We will handle your personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles and this Employee Privacy Policy (Policy).

This Policy relates to E&P Financial Group Limited and its related bodies corporate (together “E&P”, “we”, “us” and “our”).

E&P reviews its policies, statements and procedures to keep up to date with changes in the law, technology and market practices. As a result, we may update and change our Employee Privacy Policy from time to time. We encourage you to occasionally review this Policy on our website so that you are aware of our most up to date practices, including any recent changes or updates.

If you require any further information concerning privacy and the ways in which we handle your personal information, please contact us using the contact details set out at the end of this Policy.

 

Purposes for handling personal information

We collect, hold, use and disclose your personal information to support E&P’s human resources, administration and workplace operations. We collect personal information for purposes including, but not limited to:

• Recruitment and hiring: assisting with the review of applications, identifying skills, and supporting interview and selection processes;
• Onboarding and HR administration: documentation checks and managing employee records;
• Payroll, superannuation, and benefits administration: calculating wages and entitlements, and monitoring payroll data for compliance;
• Performance management, training, and career development: analysing performance-related data, identifying training needs, and recommending tailored learning opportunities;
• Workplace productivity: supporting scheduling, workflow management, and productivity analysis;
• Security and Compliance: managing access control systems, fraud prevention, regulatory requirements and compliance monitoring;

As part of our diversity and inclusion initiatives, we may also ask you to voluntarily provide certain information, such as gender, sexual orientation, cultural, religious or ethnic background. This information is collected only where you choose to provide it, and is used to help us understand workforce demographics, track representation, and support initiatives that promote diversity and inclusion.

Disclosure to third parties

Your personal information may be shared with third parties, such as employment screening providers, recruitment services, payroll and human resource service providers, insurers, IT and cloud service providers (including AI providers), professional advisers (including legal, audit and tax), government authorities and regulators, and other service providers necessary for business operations, for the purposes outlined above or as required by law. E&P maintains third-party management frameworks and policies to ensure your personal information is protected.

E&P will make accommodations where reasonably possible for persons who are unable or unwilling to provide certain personal information. If a prospective employee chooses not to provide us with the required personal information as part of their application, we may not be able to proceed with their application.

Employee records

The personal information collected from successful candidates, as well as information provided during your employment or engagement as a contractor or consultant, will be deemed as Employee Records (as defined in the Privacy Act 1988 (Cth)). This information will be used and disclosed to allow us to manage your employment and E&P’s business operations and risks. The use of information may include, but is not limited to:

• providing employment references;
• managing your payroll and compensation;
• managing your performance and conduct;
• managing our IT and systems access;
• complying with any applicable laws and regulations.

Artificial intelligence (AI)

We use artificial intelligence technologies responsibly to help us deliver better service and communication experiences and streamline or enhance our operations. Our AI systems operate under meaningful human supervision with appropriate testing, validation, and governance frameworks that ensure alignment with our commitment to fairness, privacy protection, transparency, and accountability.

 

Type of personal information we collect

We collect, hold, use and disclose your personal information to support E&P’s human resources, administration and workplace operations. We collect personal information for purposes including, but not limited to:

• Full name;
• Contact details;
• Residential address;
• Date of birth;
• Demographic, cultural and identity information (e.g. gender, sexual orientation, ethnicity, religion and language(s) spoken at home);
• Proof of working rights;
• Employment, professional and qualifications records;
• Financial and legal background information (e.g. bankruptcy, credit and criminal history) and
• Banking, payroll and other financial information (e.g. bank account information, tax file number and superannuation account details.

Sensitive information

In some circumstances, we may also collect sensitive information (as defined in the Privacy Act 1988 (Cth)), such as criminal records to assess your suitability for a role, or health information as part of any required employment notifications or support.

Other sensitive information, such as your racial or ethnic origin, religious beliefs or affiliations will help us understand workforce demographics and promote inclusion. We will only collect sensitive information with your consent, unless required or authorised by law.

Prospective employees

If your application is successful, we may request additional personal information to finalise your onboarding and employment arrangements. We collect the personal information reasonably necessary to progress our recruitment processes. As part of the process, you will be required to provide or authorise the release of sensitive information, including but not limited to criminal history records and credit history checks.

Current employees, contractors, and consultants

For current employees, contractors, and consultants, we collect updated or additional personal information (e.g. via employee rescreening) where reasonably necessary to manage your employment and to meet our ongoing risk management and regulatory requirements.

 

How long we retain personal information

Upon the cessation of your employment or if we no longer need to use your personal information for the purposes outlined in this Policy, to the extent permissible by law and in accordance with our internal policies and procedures, we will take reasonable steps to destroy or permanently de-identify your personal information.

Recruitment

If your application is unsuccessful, we will retain your personal information for two years from your last application date, unless a longer retention period is required by law or for legitimate business purposes. We may use this information to contact you about future opportunities that match your profile.

 

How we protect your personal information

We take reasonable and appropriate steps to protect the personal information we hold about you from interference, misuse, loss, unauthorised access, modification, or disclosure. Our security measures include, but are not limited to:

• educating our staff about their obligations with regards to your personal information and taking appropriate disciplinary action where there is a breach;
• restricting access to your personal information on a ‘need-to-know’ basis;
• only giving access to personal information to a person who is authorised to be able to receive that information;
• transfer of significant or sensitive personal information via an approved, secure channel.
• maintaining electronic security systems, such as firewalls and data encryption on our servers and websites;
• implementing physical security measures to monitor and limit access to our office premises;
• requiring the use of secure passwords to access databases and systems;
• the use of secure bins for the disposal of written personal information; and
• de-identifying personal information as required by laws and regulations.

Disclosure of information overseas

While our preference is to limit the transfer of personal information to Australian recipients, there may be circumstances where disclosure to overseas recipients is necessary. These recipients may include, but are not limited to:

• E&P staff or third-party vendors located overseas;
• regulators and law enforcement bodies in jurisdictions where E&P operates;
• service providers assisting with employee screening and/or recruitment;
• cloud service providers and providers of AI tools that may process and store data on servers overseas;
• other third parties where disclosure is required or authorised by law.

Your personal information may be transferred to or stored in overseas countries, such as the United States of America, the United Kingdom, Hong Kong and Singapore. Please note this is not an exhaustive list.

Where personal information is disclosed overseas to a third party recipient, we take reasonable steps to ensure your information remains protected, which may include confirming:

• that the recipient does not breach the Privacy Act and the Australian Privacy Principles,
• that the recipient is subject to an information privacy scheme at least substantially similar in protecting information as the Privacy Act; or
• that you have consented to the disclosure

Access to and correction of personal information

We aim to make sure that the personal information we collect, use or disclose is accurate, complete and up to date. If your information is incorrect or requires updating, you may request an update by contacting the People & Culture team.

You can also request access to your personal information we hold about you by contacting us using the contact details provided at the end of this Policy.

Complaint

If you have a complaint about the our handling, use or disclosure of your personal information, write please contactto E&P People & Culture at using the contact details provided below. We will investigate your complaint and advise inform you of the outcome as soon as possible. If the matter is not resolved to your satisfaction, you can thenmay be eligible to refer your complaint to the Office of the Australian Information Commissioner, who which can be contacted at:

Office of the Australian Information Commissioner
Level 3, 175 Pitt Street
Sydney NSW 2000
Website: www.oaic.gov.au/privacy

Company contact details

If you have any questions or would like further information on our privacy and information handling practices, please contact us using the following contact details:

People & Culture
Level 32
1 O’Connell Street
Sydney NSW 2000

Alternatively, you can email the E&P People & Culture team at: pandc@eandp.com.au