Protecting your privacy is important to us. This policy explains how we collect, use, disclose and protect your personal information, and sets out your rights in relation to the personal information we hold about you. We are committed to complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles, and, where applicable, the New Zealand Privacy Act 2020 and the New Zealand Information Privacy Principles.

If you have questions about this policy or how we handle your personal information, please contact our Privacy Officer at the details set out in the Privacy Rights and Choices section below.

Who we are

In this policy, references to “we” means KEOLIS ANZ Pty Ltd ACN 165 343 680, its subsidiary companies, operating divisions and business units (together, the Keolis ANZ Group). We are part of the global Keolis group of companies, headquartered in France.

Who this policy applies to

This policy applies to all individuals whose personal information we handle, including:

  • Current and prospective employees and contractors

  • Suppliers and representatives of our business partners and clients

  • Site visitors

  • Users of our website and digital services

Information we collect

Employees and Contractors (current, prospective and former)

  • Name, home address, telephone number, email address, date of birth, next of kin and emergency contact details

  • Copies of or information from identification documents including driver's licence, birth certificate and passport

  • Bank account details, tax file numbers and PAYG payment summaries

  • Curriculum vitae, resume, academic and operational qualifications, licences and certificates

  • Pre-employment medical results, drug, alcohol and other medical testing results

  • Psychometric and skills testing results

  • Reference checks and confirmation of professional memberships

  • Leave details, performance information including appraisals and disciplinary records, training records and qualifications

  • Where relevant or required by law: criminal history checks, credit/bankruptcy checks, directorship searches and company checks

Customers and Suppliers

  • Name, role, title, address, company name and number, telephone number and email address

Site Visitors and Incident Witnesses

  • Name, company, signature and other basic identifying information

Business Partners

  • Personal information held by a customer or business partner and provided to us for the purpose of providing a service to them or their customers

Service-related information

  • Payment and transaction details for products and services

  • Service preferences and feedback

  • Survey responses relating to our transport services and operations

Digital information

  • IP address and general location information derived from your IP address

  • Search and browsing behaviour

  • Website usage patterns

  • Cookie preferences

Sensitive Information

We handle sensitive information with extra care and only collect it with your consent or when legally permitted. The sensitive information we may collect includes:

  • Health or disability information including pre-employment medical results, drug and alcohol testing results and medical records relevant to your employment or engagement with us

  • Racial or ethnic origin, including information about whether you identify as Aboriginal or Torres Strait Islander - this information is collected voluntarily only

  • Criminal history, where required by law or relevant to your role

  • Immigration status and right to work information

Credit Information

We may collect credit and financial information where relevant to your engagement with us, including information about any court proceedings involving you.

How we collect personal information
  • Directly from you when you: apply for employment or engagement with us, visit our sites, report an incident or provide witness information, contact us, or fill out forms.

  • Automatically when you: visit our website or use our online services.

  • From third parties: nominated referees, police and background checking agencies, clients and customers who engage our services, government organisations, and other parties authorised by you.

  • From publicly available sources: such as ASIC, professional licensing bodies and professional networking sites.

Why we collect, hold, use and disclose personal information

We collect and use your personal information to run our business and provide our services as set out below.

Business operations

  • To manage our relationship with you as a customer or supplier

  • To handle your inquiries, support requests, and communications

  • To maintain accurate records for billing and administration

  • To operate our transport networks and deliver transport services

  • To manage contractor and subcontractor relationships

  • To comply with our obligations under transport industry legislation and government contracts

Client onboarding and verification

  • To assess and onboard new clients, customers and suppliers, including performing background checks where required or permitted by law, and to retain records of verification checks as required by law

Communication and support

  • To respond to your questions and support requests

  • To manage incident reporting and response

  • To communicate with site visitors and incident witnesses

  • To communicate important updates about our services

  • To handle inquiries made through our website or platforms

  • To manage your participation in surveys, feedback sessions, or events

Service improvement

  • To conduct analytics and research to improve our transport services and operations

  • To improve our business processes and workforce management

  • To understand how our services are used by clients and customers

Marketing and promotions

  • To send you information about our services and capabilities

  • To manage your communication preferences

Employment purposes

  • To assess and process employment and contractor applications

  • To evaluate candidate qualifications, licences and authorisations required for transport industry roles

  • To manage professional certifications, licences and ongoing compliance requirements

  • To maintain employment and contractor records

  • To conduct performance management, disciplinary processes and training

Legal and compliance

  • To comply with our legal obligations, including under transport industry legislation, government contracts and applicable privacy laws in Australia and New Zealand

  • To respond to court orders or legal processes

  • To maintain required business records

  • To fulfill regulatory requirements or reporting obligations

  • To respond to workplace health and safety incidents and investigations

  • To protect our legal rights and interests or as authorised by law

Credit information

We may collect, hold, use and disclose credit information for the following purposes:

  • Administering your account, including for internal record keeping, administrative, invoicing and billing purposes

  • Complying with our legal obligations and resolving any disputes that we may have

  • If otherwise required or authorised by law

Our disclosures of personal information to third parties

We may disclose personal information to:

Service providers

  • IT service providers

  • Payroll and HR system providers and payment processors

  • Data storage providers and web hosting and server providers

  • Marketing and advertising providers and analytics providers

  • Identity and background verification and compliance screening service providers

  • Occupational health and medical testing providers

  • Transport industry licensing and regulatory bodies

Professional advisers

  • Bankers and auditors, insurers and insurance brokers and legal advisers

Business partners

  • Our existing or potential agents and our business partners or contractors

Corporate transactions

  • If we merge with or are acquired by another company, or sell our business assets, your information may be disclosed to our advisers or to the potential purchaser’s advisors. Your information may also be included in the transferred assets.

Legal and regulatory bodies

  • Courts and tribunals

  • Regulatory authorities including as required for reporting obligations

  • Law enforcement officers

  • Transport safety regulators and investigators

  • Government bodies with oversight of our transport operations

  • WorkSafe and equivalent state and territory bodies

Other parties

  • Third parties you have authorised, emergency services when necessary and any other parties as required or permitted by law

Credit Information

We will only disclose your credit information to third parties where it is necessary as part of our business, where we have your consent, or where permitted by law.

Disclosure to Related Entities

We may disclose your personal information to other entities within the Keolis group of companies, including our parent company, subsidiaries, and related bodies corporate (whether located in Australia, New Zealand, France or elsewhere).

We do this on the following bases:

Business operations: To operate our transport networks and deliver services efficiently across the group, including shared IT systems, payroll, HR and administrative functions

Workforce management: To manage employees and contractors who work across multiple group entities or whose employment is administered centrally

Compliance and reporting: To meet group-wide legal, regulatory and contractual obligations, including obligations under government transport contracts

Legitimate business interests: Where it is necessary for the proper functioning of our business as part of a global transport group

Overseas disclosure

Storage and access

We store your personal information, including credit information, in hard copy and electronic form. Your personal information may be accessed from or transferred to locations outside Australia, including France, Singapore, Japan, New Zealand, the Netherlands, the United Kingdom and the United States, in these circumstances, when:

  • Your personal information is shared with other entities within the Keolis group of companies, including our parent company headquartered in France

  • Our service providers are located overseas

  • We work with overseas business partners

  • We use cloud-based services or data storage solutions

Our approach to overseas disclosure

Before disclosing your personal information overseas, we take reasonable steps to ensure that the recipient treats your information in accordance with applicable law by:

  • Only sending what is necessary

  • Requiring recipients to protect your information through contractual agreements which require compliance with privacy standards comparable to those under applicable law

  • Applying group-wide privacy and data security policies to disclosures within the Keolis group

  • Monitoring how recipients handle your information

Your privacy rights and choices

Providing information

You can choose whether to provide personal information to us, however, if you don't provide certain information, we may not be able to provide some services. Let us know if you don’t want to provide information and we will let you know when information is required versus optional. Some information, such as certain licences and qualifications, is required by law for particular roles in the transport industry and cannot be optional.

Access to your information

You can request access to the personal information we hold about you and we will respond to your request within a reasonable time. We may charge a reasonable administrative fee for providing access and if we cannot provide access, we will explain why and explore alternative ways to share relevant information.

Correction rights

You can ask us to correct any information that is inaccurate, out of date, incomplete, irrelevant or misleading and we will take reasonable steps to correct your information promptly. If we cannot make the correction, we will explain why and discuss alternatives. You can ask us to add a statement to your information noting your requested correction.

Marketing communications

You can opt-out of receiving marketing communications at any time. Each marketing communication will include an unsubscribe option. You can change your marketing preferences by contacting us. We will process your request as soon as practicable.

How to contact us about your rights or to make a complaint and what happens next

Step 1: Contact our privacy officer

  • Email: arnaud.dehollander@keolis.au 

  • Phone: (+61) 0456046560 

  • Post: Keolis Australia and New Zealand

  • Suite2.23 Level 2, 55 Clarence St

  • Sydney NSW 2000 Australia

 What to include:

Your full name, contact details, clear details about your request or complaint, and any relevant dates or reference numbers.

Step 2: Our response

We will:

  • Verify your identity before processing your request

  • Investigate thoroughly (for complaints) or process your request (for rights)

  • Respond to you in writing within reasonable timeframes and as required by law

  • Explain what actions we will take and keep you updated on progress

  • Not charge you for making a request (except for reasonable access fees if applicable)

  • Help you understand and exercise your rights

Step 3: If you're not satisfied (complaints only)

If you're not satisfied with our response to your complaint, you can:

  • Ask for a review by our senior management, or

  • Contact external bodies:

    • Australian residents: Office of the Australian Information Commissioner (Phone: 1300 363 992, Website: www.oaic.gov.au)

    • New Zealand residents: Office of the New Zealand Privacy Commissioner (Website: www.privacy.org.nz)

This is the same process whether you want to access your information, correct mistakes, change marketing preferences, or make a complaint about our privacy practices.

Protecting your information

We use multiple layers of security to protect your information.

Technical safeguards

Enterprise-grade encryption for data storage and transmission, regular security testing and monitoring and automated threat detection systems.

Operational security

Staff training on security and privacy, strict access controls based on job requirements and regular security audits and incident response procedures testing.

Physical security

Secure premises with controlled access, secure disposal of physical documents and equipment security protocols.

Public information

Please note that any information you choose to share publicly on online platforms (such as comments or reviews) can be accessed and used by others. We cannot control or protect information that you make publicly available.

How long we keep your information

We keep your personal information only as long as we need it for the purposes we collected it, or as required by law. When we no longer need it, we securely destroy or de-identify it.

We may retain information for longer periods where required by law, government contract, or where the information relates to ongoing legal proceedings.

Cookies and Analytics

We use cookies, tracking pixels, and similar technologies on our website and in our emails to improve your experience and our services.

Cookies are small text files stored on your device that help remember your preferences and enable website functions. Tracking pixels are tiny, invisible images embedded in web pages and emails that help us understand how you interact with our content and measure engagement.

We use these technologies to maintain your session security and enable core website features, to analyse how our website is used and identify areas for improvement, and to personalise your experience by tailoring content to your interests.

You can manage these technologies by adjusting your browser settings, using privacy-focused browser extensions, configuring your email client to block images, or using our cookie preference settings. Note that blocking all cookies may affect website functionality and your user experience.

Artificial Intelligence (AI) Technologies

Overview

We use artificial intelligence and machine learning technologies in our business operations and services, including AI tools provided by third parties. We only use these technologies when legally permitted and necessary for our business.

How we use AI

We may use AI technologies to conduct analysis and data processing, generate and modify content and coding, improve and optimise our services and operations, automate routine tasks and communications, personalise your experience with our services, support quality assurance processes and assist with customer support and queries.

Data protection and security

When we work with third-party AI providers, we ensure they handle your personal information in accordance with privacy laws through contractual requirements and appropriate safeguards.

Your rights and our commitments

Any information generated or inferred about you by AI technologies is treated as personal information, and you maintain all the rights outlined in this privacy policy. When using AI with your personal information, we commit to:

Transparency and control
  • We will inform you when AI is used to make decisions that may significantly affect you

  • We maintain human oversight and review of significant AI-generated decisions

  • Our staff are trained to understand AI limitations and verify outputs before relying on them

  • We implement processes to verify the accuracy of AI-generated outputs

Risk mitigation
  • We regularly assess and document risks associated with using AI to process personal information

  • We implement appropriate measures to address these risks

  • We continuously monitor AI performance and regularly review their impact, their accuracy and their reliability.

Amendments

We may update this policy at any time by posting the revised version on our website. We recommend that you review our website regularly to stay current with any policy changes.