Protecting your privacy is important to us. This policy explains how we collect, use, disclose and protect your personal information, and sets out your rights in relation to the personal information we hold about you. We are committed to complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles, and, where applicable, the New Zealand Privacy Act 2020 and the New Zealand Information Privacy Principles.
If you have questions about this policy or how we handle your personal information, please contact our Privacy Officer at the details set out in the Privacy Rights and Choices section below.
Who we are
In this policy, references to “we” means KEOLIS ANZ Pty Ltd ACN 165 343 680, its subsidiary companies, operating divisions and business units (together, the Keolis ANZ Group). We are part of the global Keolis group of companies, headquartered in France.
Who this policy applies to
This policy applies to all individuals whose personal information we handle, including:
Current and prospective employees and contractors
Suppliers and representatives of our business partners and clients
Site visitors
Users of our website and digital services
Information we collect
Employees and Contractors (current, prospective and former)
Name, home address, telephone number, email address, date of birth, next of kin and emergency contact details
Copies of or information from identification documents including driver's licence, birth certificate and passport
Bank account details, tax file numbers and PAYG payment summaries
Curriculum vitae, resume, academic and operational qualifications, licences and certificates
Pre-employment medical results, drug, alcohol and other medical testing results
Psychometric and skills testing results
Reference checks and confirmation of professional memberships
Leave details, performance information including appraisals and disciplinary records, training records and qualifications
Where relevant or required by law: criminal history checks, credit/bankruptcy checks, directorship searches and company checks
Customers and Suppliers
Name, role, title, address, company name and number, telephone number and email address
Site Visitors and Incident Witnesses
Name, company, signature and other basic identifying information
Business Partners
Personal information held by a customer or business partner and provided to us for the purpose of providing a service to them or their customers
Service-related information
Payment and transaction details for products and services
Service preferences and feedback
Survey responses relating to our transport services and operations
Digital information
IP address and general location information derived from your IP address
Search and browsing behaviour
Website usage patterns
Cookie preferences
Sensitive Information
We handle sensitive information with extra care and only collect it with your consent or when legally permitted. The sensitive information we may collect includes:
Health or disability information including pre-employment medical results, drug and alcohol testing results and medical records relevant to your employment or engagement with us
Racial or ethnic origin, including information about whether you identify as Aboriginal or Torres Strait Islander - this information is collected voluntarily only
Criminal history, where required by law or relevant to your role
Immigration status and right to work information
Credit Information
We may collect credit and financial information where relevant to your engagement with us, including information about any court proceedings involving you.
How we collect personal information
Directly from you when you: apply for employment or engagement with us, visit our sites, report an incident or provide witness information, contact us, or fill out forms.
Automatically when you: visit our website or use our online services.
From third parties: nominated referees, police and background checking agencies, clients and customers who engage our services, government organisations, and other parties authorised by you.
From publicly available sources: such as ASIC, professional licensing bodies and professional networking sites.
Why we collect, hold, use and disclose personal information
We collect and use your personal information to run our business and provide our services as set out below.
Business operations
To manage our relationship with you as a customer or supplier
To handle your inquiries, support requests, and communications
To maintain accurate records for billing and administration
To operate our transport networks and deliver transport services
To manage contractor and subcontractor relationships
To comply with our obligations under transport industry legislation and government contracts
Client onboarding and verification
To assess and onboard new clients, customers and suppliers, including performing background checks where required or permitted by law, and to retain records of verification checks as required by law
Communication and support
To respond to your questions and support requests
To manage incident reporting and response
To communicate with site visitors and incident witnesses
To communicate important updates about our services
To handle inquiries made through our website or platforms
To manage your participation in surveys, feedback sessions, or events
Service improvement
To conduct analytics and research to improve our transport services and operations
To improve our business processes and workforce management
To understand how our services are used by clients and customers
Marketing and promotions
To send you information about our services and capabilities
To manage your communication preferences
Employment purposes
To assess and process employment and contractor applications
To evaluate candidate qualifications, licences and authorisations required for transport industry roles
To manage professional certifications, licences and ongoing compliance requirements
To maintain employment and contractor records
To conduct performance management, disciplinary processes and training
Legal and compliance
To comply with our legal obligations, including under transport industry legislation, government contracts and applicable privacy laws in Australia and New Zealand
To respond to court orders or legal processes
To maintain required business records
To fulfill regulatory requirements or reporting obligations
To respond to workplace health and safety incidents and investigations
To protect our legal rights and interests or as authorised by law
Credit information
We may collect, hold, use and disclose credit information for the following purposes:
Administering your account, including for internal record keeping, administrative, invoicing and billing purposes
Complying with our legal obligations and resolving any disputes that we may have
If otherwise required or authorised by law
Our disclosures of personal information to third parties
We may disclose personal information to:
Service providers
IT service providers
Payroll and HR system providers and payment processors
Data storage providers and web hosting and server providers
Marketing and advertising providers and analytics providers
Identity and background verification and compliance screening service providers
Occupational health and medical testing providers
Transport industry licensing and regulatory bodies
Professional advisers
Bankers and auditors, insurers and insurance brokers and legal advisers
Business partners
Our existing or potential agents and our business partners or contractors
Corporate transactions
If we merge with or are acquired by another company, or sell our business assets, your information may be disclosed to our advisers or to the potential purchaser’s advisors. Your information may also be included in the transferred assets.
Legal and regulatory bodies
Courts and tribunals
Regulatory authorities including as required for reporting obligations
Law enforcement officers
Transport safety regulators and investigators
Government bodies with oversight of our transport operations
WorkSafe and equivalent state and territory bodies
Other parties
Third parties you have authorised, emergency services when necessary and any other parties as required or permitted by law
Credit Information
We will only disclose your credit information to third parties where it is necessary as part of our business, where we have your consent, or where permitted by law.
Disclosure to Related Entities
We may disclose your personal information to other entities within the Keolis group of companies, including our parent company, subsidiaries, and related bodies corporate (whether located in Australia, New Zealand, France or elsewhere).
We do this on the following bases:
Business operations: To operate our transport networks and deliver services efficiently across the group, including shared IT systems, payroll, HR and administrative functions
Workforce management: To manage employees and contractors who work across multiple group entities or whose employment is administered centrally
Compliance and reporting: To meet group-wide legal, regulatory and contractual obligations, including obligations under government transport contracts
Legitimate business interests: Where it is necessary for the proper functioning of our business as part of a global transport group
Overseas disclosure
Storage and access
We store your personal information, including credit information, in hard copy and electronic form. Your personal information may be accessed from or transferred to locations outside Australia, including France, Singapore, Japan, New Zealand, the Netherlands, the United Kingdom and the United States, in these circumstances, when:
Your personal information is shared with other entities within the Keolis group of companies, including our parent company headquartered in France
Our service providers are located overseas
We work with overseas business partners
We use cloud-based services or data storage solutions
Our approach to overseas disclosure
Before disclosing your personal information overseas, we take reasonable steps to ensure that the recipient treats your information in accordance with applicable law by:
Only sending what is necessary
Requiring recipients to protect your information through contractual agreements which require compliance with privacy standards comparable to those under applicable law
Applying group-wide privacy and data security policies to disclosures within the Keolis group
Monitoring how recipients handle your information
Your privacy rights and choices
Providing information
You can choose whether to provide personal information to us, however, if you don't provide certain information, we may not be able to provide some services. Let us know if you don’t want to provide information and we will let you know when information is required versus optional. Some information, such as certain licences and qualifications, is required by law for particular roles in the transport industry and cannot be optional.
Access to your information
You can request access to the personal information we hold about you and we will respond to your request within a reasonable time. We may charge a reasonable administrative fee for providing access and if we cannot provide access, we will explain why and explore alternative ways to share relevant information.
Correction rights
You can ask us to correct any information that is inaccurate, out of date, incomplete, irrelevant or misleading and we will take reasonable steps to correct your information promptly. If we cannot make the correction, we will explain why and discuss alternatives. You can ask us to add a statement to your information noting your requested correction.
Marketing communications
You can opt-out of receiving marketing communications at any time. Each marketing communication will include an unsubscribe option. You can change your marketing preferences by contacting us. We will process your request as soon as practicable.
How to contact us about your rights or to make a complaint and what happens next
Step 1: Contact our privacy officer
Email: arnaud.dehollander@keolis.au
Phone: (+61) 0456046560
Post: Keolis Australia and New Zealand
Suite2.23 Level 2, 55 Clarence St
Sydney NSW 2000 Australia
What to include:
Your full name, contact details, clear details about your request or complaint, and any relevant dates or reference numbers.
Step 2: Our response
We will:
Verify your identity before processing your request
Investigate thoroughly (for complaints) or process your request (for rights)
Respond to you in writing within reasonable timeframes and as required by law
Explain what actions we will take and keep you updated on progress
Not charge you for making a request (except for reasonable access fees if applicable)
Help you understand and exercise your rights
Step 3: If you're not satisfied (complaints only)
If you're not satisfied with our response to your complaint, you can:
Ask for a review by our senior management, or
Contact external bodies:
Australian residents: Office of the Australian Information Commissioner (Phone: 1300 363 992, Website: www.oaic.gov.au)
New Zealand residents: Office of the New Zealand Privacy Commissioner (Website: www.privacy.org.nz)
This is the same process whether you want to access your information, correct mistakes, change marketing preferences, or make a complaint about our privacy practices.
Protecting your information
We use multiple layers of security to protect your information.
Technical safeguards
Enterprise-grade encryption for data storage and transmission, regular security testing and monitoring and automated threat detection systems.
Operational security
Staff training on security and privacy, strict access controls based on job requirements and regular security audits and incident response procedures testing.
Physical security
Secure premises with controlled access, secure disposal of physical documents and equipment security protocols.
Public information
Please note that any information you choose to share publicly on online platforms (such as comments or reviews) can be accessed and used by others. We cannot control or protect information that you make publicly available.
How long we keep your information
We keep your personal information only as long as we need it for the purposes we collected it, or as required by law. When we no longer need it, we securely destroy or de-identify it.
We may retain information for longer periods where required by law, government contract, or where the information relates to ongoing legal proceedings.
Cookies and Analytics
We use cookies, tracking pixels, and similar technologies on our website and in our emails to improve your experience and our services.
Cookies are small text files stored on your device that help remember your preferences and enable website functions. Tracking pixels are tiny, invisible images embedded in web pages and emails that help us understand how you interact with our content and measure engagement.
We use these technologies to maintain your session security and enable core website features, to analyse how our website is used and identify areas for improvement, and to personalise your experience by tailoring content to your interests.
You can manage these technologies by adjusting your browser settings, using privacy-focused browser extensions, configuring your email client to block images, or using our cookie preference settings. Note that blocking all cookies may affect website functionality and your user experience.
Artificial Intelligence (AI) Technologies
Overview
We use artificial intelligence and machine learning technologies in our business operations and services, including AI tools provided by third parties. We only use these technologies when legally permitted and necessary for our business.
How we use AI
We may use AI technologies to conduct analysis and data processing, generate and modify content and coding, improve and optimise our services and operations, automate routine tasks and communications, personalise your experience with our services, support quality assurance processes and assist with customer support and queries.
Data protection and security
When we work with third-party AI providers, we ensure they handle your personal information in accordance with privacy laws through contractual requirements and appropriate safeguards.
Your rights and our commitments
Any information generated or inferred about you by AI technologies is treated as personal information, and you maintain all the rights outlined in this privacy policy. When using AI with your personal information, we commit to:
Transparency and control
We will inform you when AI is used to make decisions that may significantly affect you
We maintain human oversight and review of significant AI-generated decisions
Our staff are trained to understand AI limitations and verify outputs before relying on them
We implement processes to verify the accuracy of AI-generated outputs
Risk mitigation
We regularly assess and document risks associated with using AI to process personal information
We implement appropriate measures to address these risks
We continuously monitor AI performance and regularly review their impact, their accuracy and their reliability.
Amendments
We may update this policy at any time by posting the revised version on our website. We recommend that you review our website regularly to stay current with any policy changes.

