• 1. OVERVIEW

    Welcome to the Thales Australia Privacy Statement. In this Privacy Statement we describe the personal information that we collect about you, how it is collected and how we use and disclose that personal information.

    This Privacy Statement is for Thales Australia Limited (ABN 66 008 642 751), and the other Thales Australia group entities listed at Part 2.1 of this Privacy Statement. When we mention “Thales Australia”, “we”, “us” or “our”, we refer to, and issue on behalf of, Thales Australia Limited and each of the Thales Australia group entities listed at Part 2.1 of this Privacy Statement.  For more information about us, see Part 2 of this Privacy Statement.

    1.1 WHO THIS PRIVACY STATEMENT APPLIES TO

    This Privacy Statement applies to our interactions with customers, suppliers (including contractors), business partners and other persons whose personal information is processed by Thales Australia, as well as the personal information that we collect through your use of our applications and Thales Australia operated websites.

    Privacy Statement does not apply:

    • to prospective and current employees, or to our human resources practices and access to our internal information systems;
    • to the extent where we have published or otherwise provided you with a separate privacy policy, notice or statement; or
    • where you deal directly with a member of the Thales Group not listed as one of the Thales Australia group entities covered by this Privacy Statement at Part 2.1.

    Thales Australia is bound by the Australian Privacy Principles set out in the Privacy Act 1988 (Cth) (APPs) when handling your personal information, and other laws that may apply to our processing of your personal information.  For individuals located within the European Union, see Part 13 of this Privacy Statement.

    1.2 PURPOSE OF THIS PRIVACY STATEMENT

    This Privacy Statement outlines how Thales Australia may collect and process your personal information, and how we protect that information.  Please read this Privacy Statement carefully, together with any other privacy notice or statement we may provide on specific occasions when we are collecting or processing personal information about you. This Privacy Statement supplements such other privacy notices or statements and is not intended to override them.

    In addition to this Privacy Statement, Thales Australia is subject to a broader Thales Group framework of policies and procedures that ensure we process personal information in accordance with applicable personal information protection laws, including the EU General Data Protection Regulation (2016/679) (GDPR). See Part 13 of this Privacy Statement.

    1.3 CHANGES TO THIS PRIVACY STATEMENT

    This Privacy Statement may change from time to time, so please check this statement and our websites periodically for updates. This version of the Privacy Statement was last updated on 10 November 2022.

    It is important that the personal information we hold about you is accurate and current.  Please keep us informed if your personal information changes during your relationship with us.

    1.4 FORMAT OF THIS PRIVACY STATEMENT

    This Privacy Statement is provided in a layered format so that you can click through to the specific areas set out below.

    1. OVERVIEW
    2. IMPORTANT INFORMATION AND WHO WE ARE
    3. INFORMATION WE COLLECT
    4. HOW IS YOUR PERSONAL INFORMATION COLLECTED?
    5. HOW AND FOR WHAT PURPOSES WE USE YOUR PERSONAL INFORMATION
    6. IF YOU DO NOT PROVIDE PERSONAL INFORMATION
    7. DISCLOSURES OF YOUR PERSONAL INFORMATION
    8. INTERNATIONAL TRANSFERS
    9. DATA RETENTION
    10. DATA SECURITY
    11. DIRECT MARKETING
    12. ACCESS TO AND CORRECTION OF YOUR PERSONAL INFORMATION
    13. THALES AND THE GDPR
    14. CONTACT US
    15. APPLICATION OF THIS PRIVACY STATEMENT TO OUR WEBSITES

    2. IMPORTANT INFORMATION AND WHO WE ARE

    2.1 Thales Australia group entities covered by this Privacy Statement

    This Privacy Statement applies to the following Thales Australia group entities: Thales Australia Holdings Pty Ltd; Thales Australia Limited; ADI Group Holdings Pty Ltd; ADI Group Pty Ltd; ADI Munitions Pty Ltd; Australian Defence Industries Pty Ltd; ADI Lithgow Pty Limited; Thales ATM Pty Ltd; Thales Training & Simulation Pty Limited; Thales Underwater Systems Pty Ltd; and GTS Australia Pty Limited.

    Thales Australia has an Australian Privacy Officer who is responsible for overseeing questions in relation to this Privacy Statement.  Refer to Part 14 of this Privacy Statement for details on how to get in contact with our Australian Privacy Officer.

    2.2 About Thales Group

    Thales Australia is part of a leading international electronics and systems group, known as Thales Group, serving the defence, aerospace and space, security, digital business and transport markets in Australia and throughout the world.  Our global parent company is THALES S.A, a French “Société Anonyme” (Public Limited Company) of Tour Carpe Diem - 31 Place des Corolles - Esplanade Nord 92400 Courbevoie France, and together the global group of Thales entities are known as the ‘Thales Group’.  

    3. INFORMATION WE COLLECT

    3.1 INFORMATION WE COLLECT ABOUT YOU

    We may collect, use, store and transfer different kinds of personal information about you which we have grouped together broadly as follows:

    • Identity Data includes first name, maiden name, last name, signature, username, employee number or similar identifier, title or role description. In some cases, we may also collect an image of you (including digital image or photograph) where required, for example for access at our various sites across Australia or use of our products or services.
    • Contact Data includes email address, digital email signature, company/employer, company address, and telephone numbers.
    • Profile Data includes your credentials, username and password, purchases, orders, interactions or enquiries made by you on your or your company’s behalf (e.g. if you are an individual business contact of Thales Australia), professional information, such as your role and qualifications, you or your company’s interests, preferences, affiliations, memberships, your purchasing influence and role, feedback and survey responses. We may also collect social media details and App ID details.
    • Financial Data includes information about your banking references.
    • Usage Data includes information about how you use our websites, applications, products and services, including audit logs.
    • Technical Data includes information automatically collected from your device when you visit or use our websites, networks or application, such as internet protocol (IP) address, login data. Please see Part 15 of this Privacy Statement for further information on how we use cookies.
    • Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences, including our events you may have attended or register to attend, and information provided to us at, or arising out of, these events. Your marketing and communications preferences are handled by us as set out below at Part 11 of this Privacy Statement.

    We also collect, use and share aggregated, anonymous data, such as statistical data, for any purpose. Such data may be derived from personal information but is not considered personal information at law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data of our websites to calculate the percentage of users accessing a specific website feature.

    3.2 SENSITIVE INFORMATION

    In very limited circumstances, we may collect sensitive personal information about you. This includes details about criminal convictions and offences.  In particular we may require this information in order to comply with export laws, or to allow access to security sensitive information, technologies or sites.

    We will only collect and process such information in accordance with applicable laws, including by seeking your consent, or where a permitted general situation exists.

    4. HOW IS YOUR PERSONAL INFORMATION COLLECTED?

    Direct interactions: You may give us your personal information by filling in forms or by corresponding with us by mail, phone, email, through our websites or otherwise. This includes personal information you provide when you:

    • Use our websites.
    • Create an account on our websites, portals, or any other applications or websites used to communicate with you, or provide products or services.
    • Exchange email, text, phone, chat and other electronic messages with us.
    • Download marketing or technical material.
    • Purchase or license (or intend to purchase or license) our products or services, including maintenance and support.
    • Sell or license (or intend/propose to sell or license) products and services to us.
    • Enter into other commercial and/or property transactions with us.
    • Subscribe to receive our publications or marketing.
    • Attend or register to attend sponsored events or other events at which we participate.
    • Provide a query or feedback.
    • Complete a survey or form (including the “contact us” form on our website or when you register a product for warranty purposes).

    Third parties or publicly available sources: We may receive personal information about you from various third parties and public (open) sources, including information provided by a company in which you are a shareholder or officeholder, or from your employer, and information about you that is publicly available such as contact details, qualifications and social media details available on the world wide web.

    You need to confirm separately the level of consents or other permissions you may have given to any third party to share your personal information with us and this Privacy Statement does not relate to any such consents or permissions.

    Third party information you provide:  You may give us personal information about other people, for example your colleagues or employees. If so, you are responsible for ensuring those individuals are aware of this Privacy Statement.

    5. HOW AND FOR WHAT PURPOSES WE USE YOUR PERSONAL INFORMATION

    5.1 PURPOSES FOR WHICH WE USE YOUR INFORMATION

    We collect and use your personal information for the management, administration and conduct of our business including providing our products/services, managing our business relationships, communication with you, protecting our company and information and complying with laws.  This includes the following key purposes:

    Providing Products and Services

    Thales Australia provides a number of products and services (Products) which involve the processing of personal information.  We may need personal information to:

    • provide access to and use of our Products, including to establish software licensing solutions, accounts, access and authorisations;
    • provide training, and support and maintenance services, including a helpline;
    • deliver outsourcing, hosting or administration of information technology systems and security services;
    • improve, configure, adapt, set up, test and deliver our Products, such as for human factors engineering conducted for systems we deliver;
    • manage and administer Product warranties and remediation; and
    • conduct open source intelligence on our customers’ behalf only as it applies to potential threats to individuals or Australian citizens.

    Marketing and communications

    Thales Australia engages in sales and marketing activities.  We may use personal information to:

    • organise, advertise and/or support attendance of events and training;
    • manage actual and potential business relationships and opportunities;
    • provide you with newsletters, marketing information and other communications, including maintaining contact with existing and prospective customers, or otherwise manage your opt out preferences;
    • understand use of and navigation on our websites, but not on an individual basis, including for the purposes of improving our website; and
    • manage queries, feedback and suggestions from suppliers, partners, customers and other users of our websites and services.

    Management and administration of our business, relationships and opportunities

    Thales Australia requires personal information for the daily management and administration of its business, relationships and opportunities.  We may need personal information to:

    • manage and administer our current and prospective business relationships: including management of enterprise resources, transactions and contracts;
    • enable us to address your requests and to respond to your communications;
    • manage and engage in bid and tender processes (or similar processes), including to both submit and receive tenders and proposals (or similar);
    • prepare and issue quotes, purchase orders, invoices and related documentation;
    • manage our financial and accounting operations, including managing payments, our accounting, fees, charges and to collect and recover money owed to us;
    • manage our information systems and phone networks, including the implementation of an email system and helpdesk system; and
    • participate in and/or implement research and development projects.

    Legal and governance

    Thales Australia may also be required to process personal information in compliance with laws and implementation of governance procedures.  This includes processing of personal information to:

    • comply with (and monitor/report on our compliance with) our legal obligations and assist government and law enforcement agencies, authorities and regulators (including, but not limited to, with respect to export control, tax, partner due diligence, health and safety and anti-bribery and corruption); and
    • manage litigation, disputes, investigations, audits and claims.

    Securing our business and sites

    Thales Australia also takes the security of our business, sites and information seriously.  Our security and operations may require the processing of personal information.  This includes processing of personal information for:

    • control and security measures at our sites around Australia, including through implementation of closed-circuit television (CCTV) and reception of visitors and contractors;
    • implementing, monitoring and managing environmental, and health and safety procedures and incidents at Thales Australia’s sites and any project sites;
    • managing and monitoring of security breaches and incidents;
    • implementing procedures for data back-up and business continuity;
    • managing our property interests and portfolio in Australia; and
    • managing the authorisations or accreditations of contractors, suppliers, partners, customers, and other parties for obtaining access to certain Thales Australia sites, protected or sensitive documents, information and technologies.
    5.2 LIMITED PURPOSE AND CHANGE OF PURPOSE

    We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.  If we need to use your personal information for an unrelated purpose, we will notify you and request your consent to that use.

    6. IF YOU DO NOT PROVIDE PERSONAL INFORMATION

    Where we need to collect personal information for any of the purposes set out in this Privacy Statement, and you do not provide that data when requested, we may not be able to fulfil those purposes either in part or at all, including performing the contract we have or are trying to enter into with you, or to facilitate your downloading of technical or marketing material, or our applications.

    7. DISCLOSURES OF YOUR PERSONAL INFORMATION

    We may share your personal information with the parties set out below for the purposes set out in Part 5.1 above.

    7.1 INTERNAL THIRD PARTIES

    As we are part of a global organisation with offices and businesses in around 68 countries (as at May 2020) we may share your personal information with other Thales Group entities.  For more information about Thales Group companies see our website at https://www.thalesgroup.com/en.

    7.2 EXTERNAL THIRD PARTIES

    We do not sell or otherwise transfer your information to external third parties for their own marketing purposes.  We may however share your information with third parties as follows:

    • Service providers. We may share your information with our service providers (for example, IT services and hosting providers, logistic companies or travel or events service providers) to perform services for us on our behalf, including to assist us with our websites, products and services, managing our accounting and payments, management our enterprise resources, and improving our websites and services.
    • Professional consultants and advisers including lawyers, bankers, auditors, consultants and insurers.
    • Other entities identified at the time of collecting your personal information or to which we are legally required to disclose your personal information.
    • Third parties to whom we may choose to sell, transfer, or merge parts of our business (or any of our companies) or our assets.

    We require these third parties to respect the security of your personal information, to treat it in accordance with all applicable laws, and do not allow these entities to use your personal information for their own purposes.

    We may also share information with regulators, government bodies, law enforcement agencies and other authorities who require the provision of information in certain circumstances.

    8. INTERNATIONAL TRANSFERS

    When we process or share your personal information within Thales Group, your personal information may be transferred outside of Australia to the countries in which Thales Group operates.  This may include the transfer of your personal information to the European Economic Area, Canada, China, India, Indonesia, Japan, Singapore and the United States of America. For more information on where we operate, see our Thales Group website https://www.thalesgroup.com/en.

    For external third parties (i.e. outside of Thales Group), the recipients to whom Thales Australia discloses personal information outside of Australia, including our third-party service providers who have locations overseas, are likely to be located in India, Japan, the European Economic Area and the United States of America.

    For all personal information handled or processed outside of Australia, we take reasonable steps to ensure that it is handled in accordance with all applicable laws including the APPs.  Where the GDPR applies to such transfers, we first implement appropriate safeguards, including, where applicable, by signing the standard contractual clauses of the European Commission with the entity which processes the personal information.

    9. DATA RETENTION

    We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements, or for any secondary purpose permitted by the APPs.

    10. DATA SECURITY

    We store most information about you in computer systems and databases operated by either us or our external service providers. Some information about you is recorded in paper files that we store securely.

    Data security is at the heart of our company.  We take commercially reasonable technical, administrative and physical security measures to ensure that the personal information we hold about you is protected from loss, misuse, unauthorised access, disclosure, alteration and destruction.

    We have put in place procedures to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

    11. DIRECT MARKETING

    If we collect any information from you for direct marketing purposes, including where you subscribe to newsletters on our websites, and you no longer wish us to use your personal information for direct marketing or related online communications from us, you can at any time opt out of receiving direct marketing and communications from us by:

    • clicking the 'stop' and/or ‘unsubscribe’ link at the bottom of the newsletter, advertisement or other communication received from us (as applicable); and/or
    • writing to us at [email protected] to ask us to stop and remove you from our marketing lists.

    If you do opt out of receiving direct marketing materials from us, we will no longer use your information for those purposes.

    12. ACCESS TO AND CORRECTION OF YOUR PERSONAL INFORMATION

    In accordance with the APPs, we can make your personal information accessible to you by providing a copy of the relevant information (ordinarily in the form of an electronic copy). We may charge you a fee for the reasonable costs of providing such access. You can also ask us to correct any incorrect personal information that we hold about you. Circumstances and applicable law (including exemptions under such laws) will impact how these rights apply.

    We may need to request specific information from you to help us confirm your identity and ensure your personal information is up-to date and accurate. This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

    We will try to respond to all legitimate requests within 30 days. Occasionally it may take us longer than 30 days if your request is particularly complex or you have made a number of requests.  In this case, we will endeavour to notify you and keep you updated.

    13. THALES AND THE GDPR

    Thales and the GDPR

    Thales Group complies with the EU General Data Protection Regulation (2016/679) (GDPR). The GDPR involves concepts of entities acting as a ‘data controller’ or a ‘data processor’. When we handle personal information subject to the GDPR as a data controller or a data processor we undertake such handling in accordance with the GDPR and the Thales Group framework of policies and procedures implementing our compliance with the GDPR.

    Legal Basis

    For our processing activities under this Privacy Statement that are covered by the GDPR, generally one or more of the following are the legal basis we rely on to justify the use of your personal information:

    • where it is necessary to comply with our legal obligations (such as tax, health and safety, and anti-corruption laws);
    • where it is necessary to enter into or perform our contract with you;
    • where it is necessary to achieve a legitimate interest that we pursue. Such interests include: delivering and improving our products and services; ensuring the security and protection of our solutions, sites, websites, and information assets; carrying out our marketing activities; the proper communication and exchange of information between you and Thales; and managing and administering our contractual relationships, business relationships and corporate operations; and
    • your consent, where we are required at law to obtain that consent. Subject to applicable laws, you are free to withdraw your consent at any time. This will not affect the validity of the processing based on your consent before you withdrew it.

    Data Subject Rights

    If the GDPR applies to you, in addition to the rights identified at Part 12 above, you may also be entitled to seek the erasure of your personal information that we no longer have a lawful ground to use, or request the restriction of our processing. In some cases, you have the right to ask for receiving, in a structured and standard format, your personal information which we process by automated means. Circumstances and applicable law (including exemptions under such laws) will impact whether and how these rights apply.

    Contacting Thales

    You can contact Thales Group at any time about the processing of your personal information in accordance with the GDPR by reaching out to the Thales Group Data Protection Officer.  See Part 14 of this Privacy Statement.

    14. CONTACT US

    If you have any complaints, questions or comments on how we process or handle your personal information, about this Privacy Statement, or if you wish to access or request correction of the personal information we hold about you, you can contact the Thales Australia Privacy Officer by sending an email to the following address: [email protected].

    If you remain unsatisfied with the way in which we have handled a privacy issue, you may approach an independent advisor or contact the Office of the Australian Information Commissioner (www.oaic.gov.au) for guidance on alternative courses of action which may be available.

    You can also contact the Thales Group Data Protection Officer about the processing of your personal information in accordance with the GDPR at any time by sending an email to the following address: [email protected]. We recommend in the first instance that you contact the Thales Australia Privacy Officer.

    15. APPLICATION OF THIS PRIVACY STATEMENT TO OUR WEBSITES

    Thales Group Websites

    When you visit or use the Thales Group website, the Thales Group Privacy Notice and Cookies Policy will apply.  You can find a copy of these here: https://www.thalesgroup.com/en/privacy-notice.  This Privacy Statement does not apply to the Thales Group website.

    Thales Australia Websites

    This Privacy Statement applies to all information collected over the following Thales Australia operated websites.

    Children

    Our Thales Australia operated websites are not intended for children and we do not knowingly collect data relating to children.

    Third Party Links

    Our Thales Australia operated websites may include links to websites, plug-ins, applications and other resources operated by third parties other than Thales Australia or the Thales Group. Such third-party links are provided solely as a convenience to you. Thales Australia does not control or endorse such third-party links. Clicking on those third-party links or enabling those connections may allow third parties to collect or share information and data about you. We recommend you read the terms and conditions and privacy policies imposed by any such third parties.

    Cookies

    Like many websites, Thales Australia operated websites use “cookies” to maintain a record of your visit to our site, distinguish users and track your use of our products and services.

    A “cookie” is a file that websites send to a visitor's computer or other Internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser.

    Cookies help us to improve our Thales Australia operated websites, and to deliver more personalised service by enabling Thales Australia to: distinguish users; assist you in navigation; allow us to analyse your use of our products, services and applications; and provide you with our products and services. We make use of third parties, such as Google Analytics, Mailchimp and WordPress, for such purposes. Please note that these third parties may use cookies and other tracking technologies which collect information to perform their services. We do not share personal information that we collect directly with these third parties.

    Most web browsers automatically accept cookies. If you would prefer to prevent your computer or other Internet-connected device from accepting cookies or to notify you each time a cookie is sent to your browser, you may follow your Internet browser’s steps for doing so. Please note, however, that if you disable cookies from your browser, you may not be able to access certain sections of the Thales Australia operated websites or services.

    For more information on cookies please visit the Thales Group Cookies Policy available here https://www.thalesgroup.com/en/worldwide/cookies-thalesgroup.

    IP Addresses

    An IP address is a computer’s numeric address by which it can be located within a network. Thales Australia may record your IP address when you visit or use services or features on the Thales Australia operated websites. Thales Australia may use your IP address for the purposes noted above, and to help diagnose problems with its server, or to administer its site or services.