Privacy Policy

Komatsu Australia Pty Ltd (and its related bodies corporate) respect the privacy of Personal Information. This Privacy Policy sets out how Komatsu collects and treats personal information and how it will comply with the Privacy Act 1988 Cth, the Privacy Amendment (Enhancing Privacy Protection) Act 2012 Cth and the Privacy Amendment (Notifiable Data Breaches) Act 2017 Cth (together the “Privacy Act”) and the thirteen Australian Privacy Principles (APP’s) as set out in Annexure ‘A’.
To comply with Komatsu’s obligations under the Privacy Act and the APP’s, this Privacy Policy sets out how Komatsu manages privacy in its organisation. 

Reference in this policy to Komatsu is an inclusive term which refers to and is binding upon:
a) the employees of Komatsu Australia Pty Ltd (KAL); and
b) the employees of Komatsu Marketing Support Australia Pty Ltd (KMSA); and
c) contractors to KAL or KMSA or other third parties;
unless otherwise stated in the employee’s contract of employment or any other relevant documentation governing contractors or other third parties.

Komatsu respects the rights of individuals to privacy and this policy sets out how Komatsu collects and treats Personal Information. 
“Personal Information” is information or an opinion Komatsu holds which is identifiable as being about an individual or could reasonably identify an individual:
a) whether the information or opinion is true or not; and 
b) whether the information or opinion is recorded in a material form or not. 
Komatsu has implemented practices so that its management of Personal Information is open and transparent.

3.1 What Personal Information Komatsu collects
In the course of conducting Komatsu’s business, Komatsu may collect the following types of Personal Information from individuals:
Contact details (including name, address, phone number, fax number and email address);
Information about the goods or services that have been ordered or sold;
Information from enquiries made;  
Records of communications; 
Financial details; and
Credit card information.
Komatsu only collects Personal Information which is reasonably necessary for, or directly related to, the conduct of Komatsu’s business of marketing, selling and servicing heavy mobile equipment and providing training services.  

3.2 How Komatsu collects Personal Information
Komatsu collects Personal Information from individuals when individuals interact with Komatsu in person or electronically, when they access Komatsu’s websites and when Komatsu provides goods or services to them.
Komatsu only collects Personal Information about an individual from the individual directly, unless it is unreasonable or impractical to do so such as where the individual is acting through an agent.
Komatsu does not collect sensitive information such as information or an opinion relating to race, political opinions, religious or philosophical beliefs, memberships of political associations or professional or trade unions, sexual preferences, criminal records or health information. However, if Komatsu has a reasonable business requirement to collect any sensitive information from individuals Komatsu will notify the individual at the time of collecting this sensitive information and obtain their consent before collecting any sensitive information.  

3.3 Information provided to individuals
When Komatsu collects Personal Information from individuals, Komatsu will provide those individuals with information regarding our privacy practices which is required to be provided under the APP’s. This information may be provided by referring them to this Privacy Policy.

3.4 Use of Personal Information
Komatsu only uses and discloses Personal Information for the primary purpose for which it was collected, that is to enable Komatsu to conduct its business of marketing, selling and servicing heavy mobile equipment and providing training services, or for a related purpose, or where the individual has consented. 
Komatsu will take such steps which are reasonable in the circumstances to ensure that Personal Information it uses or discloses is, having regard to the purpose of the use or disclosure, accurate, up to date, complete and relevant.

3.5 Direct Marketing
Komatsu will only use or disclose Personal Information for the purpose of direct marketing where such use or disclosure is permitted by Australian Privacy Principle 7. When engaging in direct marketing Komatsu will provide a simple means by which an individual may easily request not to receive direct marketing communications from Komatsu and Komatsu will include a prominent statement that the individual may make such a request. Komatsu will also comply with any such request.

3.6 Disclosure of Personal Information overseas
Komatsu may disclose Personal Information to other related entities in the Komatsu group of companies located in New Zealand and New Caledonia and third party suppliers in other countries, including Japan, where such disclosure is reasonably required for the purpose of conducting its business or for purposes ancillary to conducting its business. When Komatsu does so it takes reasonable steps to ensure that those recipients based overseas comply with this Privacy Policy and the APP’s. 

3.7 Security of Personal Information
Komatsu takes reasonable steps to protect Personal Information from misuse, interference and loss and from unauthorised access, modification or disclosure through the use of security procedures and technologies.  
If other organisations provide support services Komatsu requires them to appropriately safeguard the privacy of any Personal Information provided to them.
Where the Personal Information Komatsu collects is no longer required it will take reasonable steps to destroy or de-identify the information.

3.8 Access to Personal Information
If Komatsu holds Personal Information about an individual it will normally, on request by the individual, give the individual access to the information. However, there may be some legal reasons to deny access. If access is denied Komatsu will provide the individual with the reasons why. 
If Komatsu is satisfied that, having regard to a purpose for which Personal Information is held:
the information is inaccurate, out of date, incomplete, irrelevant or misleading; or 
an individual requests Komatsu to correct Personal Information held about that individual,
Komatsu will take such steps as are reasonable to correct Personal Information about an individual having regard to the purpose for which it is held, to ensure that the information is accurate, up to date, complete, relevant and not misleading.

3.9  Website
When individuals come on to Komatsu’s website, Komatsu may collect certain information such as browser type, operating system and the website visited immediately before coming to its site. This information is used in an aggregated manner to analyse how individuals use Komatsu’s site, so that Komatsu can improve its site.
As is very common for companies, Komatsu uses cookies on its website. Cookies are very small files which a website uses to identify an individual’s access to Komatsu’s website and tracks returns to the site and to store details about an individual’s use of the site. Cookies are not malicious programs that access or damage an individual’s computer. Komatsu uses cookies to improve the experience of individuals using its website. 
Komatsu’s website has links to other websites not owned or controlled by Komatsu. Komatsu is not responsible for these sites or the consequences of individuals going on to those sites.

3.10 Availability and Changes      
This Privacy Policy will be publicly available free of charge on Komatsu’s website or upon request. Komatsu may change this Privacy Policy in the future. Updated versions will be uploaded onto Komatsu’s website located at www.komatsu.com.au.       

3.11 Implementation   
Komatsu will continue to take reasonable steps to implement practices, procedures and systems to ensure that it complies with the Privacy Act, the APP’s and this Privacy Policy.

3.12 Complaints and Contact Details
If an individual has any enquiries or complaints about Komatsu’s privacy practices, details of enquiries or complaints can be sent to Komatsu’s Privacy Officer whose details are set out below. Komatsu takes complaints very seriously and will respond shortly after receiving written notice of a complaint.
Note: if contacting the Komatsu Privacy Officer by phone about a complaint Komatsu will also ask that the complaint is put in writing so that the full details of the complaint can be fully investigated.
The contact details for the Komatsu Privacy Officer are as follows:
Email: privacy@komatsu.com.au 
Telephone: +61 2 9795 8215
Facsimile: +61 2 9795 8203
Address: P.O. Box 136, Fairfield NSW 2165 
3.13 Notification of serious data breaches

The Komatsu Privacy Officer will notify the Office of the Australian Information Commissioner (OAIC) should the Komatsu Privacy Officer have reasonable grounds to believe that an ‘Eligible Data Breach’ of an individual’s Personal Information as defined in the Privacy Act has occurred, or is directed to do so by the OAIC. 
An ‘Eligible Data Breach’ happens if:
a) there is unauthorised access to, unauthorised disclosure of, or loss of, Personal Information held by Komatsu; and
b) the access, disclosure or loss is likely to result in serious harm to any of the individuals to whom the Personal Information relates.

Annexure ‘A’ - The Australian Privacy Principles (APP’s)
       Australian Privacy Principle 1--open and transparent management of personal information 
       Australian Privacy Principle 2--anonymity and pseudonymity 
       Australian Privacy Principle 3--collection of solicited personal information 
       Australian Privacy Principle 4--dealing with unsolicited personal information 
       Australian Privacy Principle 5--notification of the collection of personal information 
       Australian Privacy Principle 6--use or disclosure of personal information 
       Australian Privacy Principle 7--direct marketing 
       Australian Privacy Principle 8--cross-border disclosure of personal information 
       Australian Privacy Principle 9--adoption, use or disclosure of government related identifiers 
       Australian Privacy Principle 10--quality of personal information 
       Australian Privacy Principle 11--security of personal information 
       Australian Privacy Principle 12--access to personal information 
       Australian Privacy Principle 13--correction of personal information 

For more information regarding the content of the APP’s you can refer to ‘Privacy Fact Sheet 17: Australian Privacy Principles’ located at the Office of the Australian Information Commissioner’s website at: http://www.oaic.gov.au/privacy/privacy-resources/privacy-fact-sheets/other/privacy-fact-sheet-17-australian-privacy-principles