Employee Privacy Policy

At E&P Financial Group Limited, the privacy of your personal information is important to us. Our Employee Privacy Policy is designed to provide employees, contractors, consultants and prospective employees with general information about what and how we collect, use and disclose your personal information. We will collect, use and disclose your personal information in accordance with the Australian Privacy Principles in the Privacy Act 1988 (Cth) and this Employee Privacy Policy (Policy).

This Policy relates to the members of E&P Financial Group and its related bodies corporate (together “E&P”, “we”, “us” and “our”).

If you require any further information concerning privacy and the ways in which we handle your personal information, please contact us using the contact details set out at the end of this Policy.

Purposes for which we collect, hold, use and disclose personal information

We will collect, use and disclose your personal information to allow us to proceed with E&P’s recruitment process and to determine the suitability of your application with us. During the recruitment process, we may use or disclose your personal information including but not limited to:

• conduct psychometric assessment;
• conduct criminal and reference checks;
• communicate with you;
• comply with legal obligations; and
• conduct other hiring or recruitment processes to ensure your suitability for the role.

If you do not provide us with your personal information, we may not be able to proceed with your application.
The personal information of successful candidates and provided while you are an employee, contractor or consultant will be deemed as Employee Records (as defined by the Privacy Act 1988 (Cth)), and will be used and disclosed to allow us to manage your employment and our business affairs, or as reasonably instructed by you e.g. providing employment references.

How long we retain personal information

Upon the cessation of your employment or if we no longer need to use your personal information for the purposes outlined in this Policy, to the extent permissible by law and in accordance with our internal policies and procedures we will take reasonable steps to destroy or permanently de-identify your personal information.

If your application is unsuccessful, we may retain your personal information so long as it is necessary for the purposes for which it was collected, as required by law or for three years from the last unsuccessful application with us. We may contact you if any new role arises.

Type of personal information we collect

To assist us with the above purposes, the type of personal information we collect includes but not limited to:

• Contact details;
• Residential address;
• Date of birth;
• Proof of working rights;
• Employment and qualifications records; and
• Banking/Payroll and other financial information, including bank account information, tax file number and superannuation account details.

For prospective employees, we will only collect reasonably necessary personal information to allow us to proceed with our recruitment process, and if you are successful we may require additional information to complete your onboarding.

Sometimes we need to collect sensitive information about you in order to assess your suitability for the role, such as criminal history. We will only collect sensitive information about you with your consent, unless required or authorised by law.

How we collect personal information

We will primarily collect personal information directly from you. We may collect personal and sensitive information about you from third parties or public sources, including recruitment agencies who assist us with the recruitment and onboarding process and third-party service providers who provide screening checks.

How we protect your personal information

We take appropriate steps to protect the personal information we hold about you from interference, misuse, loss, unauthorised access, modification, or disclosure. Specifically, our security measures include, but are not limited to:

• educating our staff about their obligations with regards to your personal information and taking appropriate disciplinary action where there is a breach;
• restricting access to your personal information on a ‘need-to-know’ basis;
• only giving access to personal information to a person who is authorised to be able to receive that information;
• electronic security systems, such as firewalls and data encryption on our websites;
• appropriate security systems to monitor and limit access to our office premises;
• the use of passwords to access database information;
• the use of document shredders for the disposal of written information; and
• securely de-identifying personal information as required by laws and regulations.

Disclosure of information overseas

While our preference is to limit the transfer of personal information to Australian recipients where possible, on occasion we may disclose personal information to overseas recipients, including but is not limited to:

• E&P Staff or third-party vendors located overseas;
• regulators and law enforcement in jurisdictions that E&P operates in;
• service providers assisting with employee screening or recruitment processes; and
• other third parties where required by law.

Where it is necessary to disclose your information overseas, we will take reasonable steps to notify you, protect your information against misuse, loss and unauthorised access, and will ensure the recipient complies with relevant local privacy laws.

Access to and correction of personal information

We aim to make sure that the personal information we collect, use or disclose is accurate, complete and up to date. If your information is not correct or needs updating, you can request it to be updated by contacting the People & Culture team.

You can also request to access your personal information we hold about you by contacting us using the contact details set out at the end of this Policy.

Complaint

If you have a complaint about the handling, use or disclosure of your personal information, write to E&P People & Culture at the contact details below. We will investigate your complaint and advise you of the outcome as soon as possible. If the matter is not resolved to your satisfaction, you can then refer your complaint to the Office of the Australian Information Commissioner, who can be contacted at:

Office of the Australian Information Commissioner
Level 3, 175 Pitt Street
Sydney NSW 2000
Website: oaic.gov.au/privacy

Company contact details

If you have any questions or would like further information on these privacy and information handling practices, please use the following contact details:

People & Culture
Level 32
1 O’Connell Street
Sydney NSW 2000

or email the E&P People & Culture team at pandc@eandp.com.au

E&P Financial Group reviews its policies, statements and procedures to keep up to date with changes in the law, technology and market practice. As a result, we may update and change this Employee Privacy Policy from time to time. Please check this Employee Privacy Policy from time to time so you are aware of any changes or updates to the Policy.