Who does this Privacy Statement apply to? 

This Privacy Statement applies to: 

• Directors, officers and employees of Woodside. 

• Employees of contractors to Woodside. 

• Individuals external to Woodside including: 

• Visitors to and users of our website. 

• Visitors to our offices or sites. 

• Potential employees. 

• Investors or prospective investors, and employees of such investors. 

• Parties with whom Woodside has business relationships, and employees of such parties. 

• Joint venture participants. 

• Customers. 

• Stakeholders. 

What is personal information? 

Personal information is information or an opinion about you as an individual that identifies you or from which your identity can be ascertained, or any other information protected as ‘personal information’ under applicable law. 

What is sensitive information? 

Sensitive information means certain special categories of personal information that are deemed as ‘sensitive’ under applicable law.  

Sensitive information includes information about a person's: 

• Racial or ethnic origin. 

• Political opinions. 

• Membership or political association. 

• Religious beliefs or affiliations. 

• Philosophical beliefs. 

• Membership of a professional or trade association. 

• Membership of a trade union. 

• Sexual preferences or practices. 

• Criminal record. 

• Health, genetics or biometrics. 

Types of information collected 

In the course of your dealings with Woodside, we, our agents and service providers may collect or receive some or all of the following information about you. 

Website interaction information 

When visiting Woodside’s website, Woodside keeps a record of your visit. The following information may be collected for statistical purposes and may be used by Woodside to help improve the website: 

• Your Internet Protocol (IP) address. 

• The previous site you visited. 

• Your type of browser and operating system. 

• The pages you access and the documents you download. 

Woodside will not attempt to identify users or their browsing activities, however, government agencies may be entitled to inspect such records in the event of an investigation. 

During your visit to our website, we may also ask you to provide us with other information. For example, if you wish to request information from us, you may provide your email address and information about your interests. Similarly, if you apply for a job via our website, we will receive details of your application (including your CV).  

Cookies 

The website uses tracking technologies called ‘cookies’, including to monitor the pages accessed by browsers on our website. Third party cookies may be placed by contracted service providers on Woodside’s website and Woodside may share anonymous aggregate information from the website with contracted service providers. You may set your browser to refuse cookies if you wish, although this may affect your browsing experience. 

Cookies are small text files which are stored in memory or on your hard drive for record keeping purposes and are used to enhance Woodside’s website. 

You may set your browser to refuse cookies without impacting the use of the Woodside website. You can find out how to do this at visit www.aboutcookies.org or  www.allaboutcookies.org. 

The website uses cookies which perform the following functions: 

• utmz - records whether the visitor came from a search engine (and if so, the search keyword used), a link, or from no previous page (e.g. a bookmark). 

• utma - stores the amount of visits for each visitor, the time of the first visit, the previous visit, and the current visit. 

• utmb and utmc - checks how fast people leave and when a visit starts and ends. 

• WSS_FullScreenMode - indicates whether a page is shown in full screen mode and expires when you close your browser. 

The cookies (other than WSS FullScreen Mode) are stored by Google Analytics to see how people visit the website and capture trends, but do not identify the user. The information may be collected for statistical purposes and used by Woodside to help improve the website. 

Links to other websites and social media 

Other information 

When you interact with us via other channels, we may also collect the following information about you: 

• Your name, title, role, biographical and contact details. 

• Current employment and position. 

• Information concerning your potential employment by Woodside. 

• Your usernames and passwords. 

• Biometric information or CCTV footage relating to maintaining security and safety with respect to Woodside sites, premises, systems, assets or people. 

• Your photograph. 

• Information required to facilitate site visits (including to provide personal protective equipment or meet dietary or cultural requirements). 

• Information concerning your Woodside shareholdings or relating to an investment in Woodside. 

• Your responses (including to competitions) on our social media platforms. 

• Survey and environmental and social impact assessment information. 

• Information collected in undertaking due diligence activities. 

• Information provided by you about incidents, complaints or grievances. 

• Other information relevant to your relationship with us. 

In addition to the information outlined above, if you interact with Woodside as a director, officer, employee, or contractors’ employee, we, our agents or our service providers may collect some or all of the following information about you, where appropriate. Please note that this list is not exhaustive: 

• Your date of birth, gender, emergency contact and next of kin details. 

• Medical information. 

• Your tax file number and bank account details. 

References about you. 

• Other recruitment related information including criminal record checks where permitted by law, sanctions and bankruptcy checks, directorships and shareholdings, 100 points identification, verification of qualifications or licenses and evidence of ability to work in Australia or another country. 

• Working with children checks. 

• Your passport, visa, frequent flyer number, driver’s license number and vehicle details. 

• Your GPS location when utilising Woodside vehicles and other plant and equipment. 

• Biometric information including samples and templates.  

• Information about your access to Woodside sites, premises, systems and assets. 

• Details of any grievance or disciplinary matters, whether brought by or against you or in which you are otherwise involved. 

• Details of any leave you take or request during your employment, or sickness absence including health-related information. 

• Diversity information including racial or ethnic origin, religious or other beliefs, and physical or mental health, including disability-related information. 

• Other information relevant to your relationship with us or the Woodside Employee Share Plan. 

We use your information for our legitimate business interests, in order to comply with regulatory obligations and in connection with investigations or claims. Sometimes, we will ask for your express consent to use certain types of personal information and, where we do so, you may have the right to withdraw that consent.  

Woodside may collect, use and store this personal information for the following legitimate business interests of Woodside, including: 

• Facilitating our internal business and oil and gas operations, work management and maintain proper business records. 

• Administering databases (including our contracts database). 

• Establishing and managing good commercial or stakeholder relations with you or the organisation with which you are associated. 

• Engaging in business sales or acquisitions or joint ventures. 

• Receiving and providing services (including maintaining records of business relationships). 

• Arranging travel. 

• Investigating or responding to any incidents, complaints or grievances. 

• Authenticating your access to protect and maintain the security and safety of Woodside-owned or operated premises, sites, systems and assets and people. 

• To monitor and take responsible action in relation to adherence to Woodside’s management system requirements 

• Learning more about customers, stakeholders and products, services or information you receive or may be interested in receiving. 

• Giving you the option of receiving our publications. 

• Inviting you to Woodside functions. 

• Taking steps to improve our products, services and stakeholder communication and our use of technology. 

• Billing and accounts. 

• Publishing information sources used in advertising and mailing lists for public relations. 

We may also use your information in order to comply with the law or enforce the law or cooperate with investigations carried out by the police, government or regulators, or for the establishment, exercise or defence of a legal or equitable claims. 

We may sometimes ask you for your consent to use personal information for other purposes. If we do, we will ask for your consent explicitly and you may be entitled to withdraw that consent. 

Please refer to our careers section for further information about Woodside’s recruitment processes, Direct marketing and newsletters 

Woodside may from time to time send marketing, newsletters or other informative communications to you in accordance with your instructions, with your consent, or as otherwise permitted by applicable law. If you do not wish to continue to receive this information, please contact our Privacy Officer or follow the unsubscribe instructions in the marketing communication.   

Information about directors, officers, employees and contractors’ employees 

In addition to the above, if you interact with Woodside as a director, officer, employee or contractors’ employee, Woodside may collect, use and store personal information for the following legitimate business interests of Woodside: 

• Carrying out the recruitment and administration of staff and human resources activities (including payroll and benefits administration, maintaining emergency contact and beneficiary details, assessing your performance, disciplinary procedures, absence monitoring and training/people management). 

• Facilitating the operation of employee incentive arrangements, such as bonus plans, the Woodside Equity Plan and the Executive Incentive Scheme (or any other employee equity plan introduced from time to time). 

• Facilitating participation in volunteering opportunities. 

• Undertaking due diligence activities. 

Woodside may also collect, use and store personal information of directors, officers, employees or contractors’ employees in the following circumstances and for the following purposes: 

• Where processing your personal information is necessary for us to carry out our obligations under our contract with you, to ensure that you are properly fulfilling your obligations to us, and to ensure that we are fulfilling our obligations to others. There may be contracts which require personal information (including sensitive information) of contractors’ employees to be provided to Woodside. The contractor and Woodside will comply with applicable plans, policies, procedures and guidelines relevant to those contracts. However, if we do not collect, hold, use and disclose the personal information of such contractors’ employees (including sensitive information such as medical or biometric information), then such contractors’ employees may not be permitted to access Woodside owned or operated sites and the contractor may not be able to perform services for Woodside, especially if the collection, holding, use and disclosure of that information is required by law. 
  Where this occurs, consequences for you are set out in Woodside's policies, procedures and guidelines. 

• Where processing your personal information is necessary for us to carry out our regulatory obligations. We may also collect, use or disclose personal information to regulatory or governmental agencies in the event of an investigation in order to meet our ongoing regulatory and compliance obligations. Where permitted or authorised by law, we use systems designed to flag suspicions or potentially unlawful or fraudulent activity. 

• Where processing your sensitive information is necessary for us to assess your work capacity. For example, we may need to make reasonable adjustments if have a disability or we may need to process your personal information to satisfy our obligations with respect to equal opportunities monitoring. 

• Where processing your personal information is necessary for us to establish, exercise or defend legal claims. We may process your personal information where necessary for us to establish, exercise or defend legal claims. 

• Where processing sensitive information is necessary for us to exercise our rights or carry out our employment and social security law obligations. For example, we may process your sensitive information in compliance with our equal opportunities obligations. 

Do we disclose your personal information to anyone? 

Unless you specify otherwise, we may disclose your information to the following groups, in each case in accordance with laws on data transfers:  

• Companies in the Woodside group (or to any prospective purchaser of all or part of the group or its assets), to third parties we work with or in connection with investigations, or for legal or regulatory reasons. 

• Companies in the Woodside group and to third parties who provide goods and services to the Woodside group, or carry out activities on behalf of, the Woodside group for the purposes set out in the section titled “Why we collect hold, use and disclose personal information”, including external service providers, consultants and professional advisers such as lawyers, auditors and accountants, technical support functions and IT consultants carrying out testing and development work on our business technology systems. 

• Tax, audit, or other authorities, when we believe that the law or other regulation requires us to share this data (for example, because of a request by a tax authority, as part of our statutory obligations, or to a court in response to a subpoena). 

Cross-border disclosure of information 

Due to the global nature of Woodside’s business, we may disclose your information to recipients who are outside of the country in which your personal information was collected. For example, the recipient may be in a country outside of Australia and the European Economic Area (EEA), which does not have laws in place that require your personal information to be protected in the same way as it would be within Australia or the EEA. Woodside will ensure that disclosure to overseas recipients occurs in accordance with applicable privacy laws and that measures are put in place to safeguard your personal information (e.g. contracts obliging the third party to protect your data). 

Personal information held by Woodside may be disclosed for specific purposes from time to time and this may occur in the many countries around the world.   The countries in which Woodside processes or stores data from time to time may include: 

• Australia. 

• United Kingdom. 

• Singapore. 

• Myanmar. 

• Canada. 

• European Economic Area. 

• USA. 

• Canada. 

• Japan. 

• Korea. 

• Senegal. 

• Republic of Ireland. 

• Timor-Leste. 

• India. 

We may receive information about you whenever you interact with us, including via our website, emails, letters, applications, calls, enquiries about our products, our business or an investment in Woodside, or when you respond to surveys or other invitations to engage with Woodside, etc. We may also receive information about you from third parties (e.g. public registers). 

If you are a director, officer, employee or contractors’ employee, we will generally collect personal information from you directly. However, sometimes information may be collected about you from some or all of the following other sources, where relevant. Please note that this list is not exhaustive: 

• From third parties, such as our agents or your representatives or (in the case of contractors’ employees) the organisation for which you work. 

• Your employer, in the case of contractors’ employees (for example, we may be organising travel and accommodation arrangements for you, in order for you to do some business with Woodside, so we may need to ask your employer about any health or special dietary requirements you have or your passport and/or visa details). 

• We may require personal information to ensure that you are covered by insurance policies and we request this information from a health provider or another insurance company in order to ensure coverage is quickly organised. 

• From public sources such as a public register, for example, to check directorships and shareholdings, as part of monitoring compliance with Woodside’s Code of Conduct and Supplier Code of Business Conduct. 

In some cases, where entitled by law, you may also be entitled to withdraw your consent where this is the basis on which Woodside is processing your personal information. 

How we secure and retain personal information 

Security 

The security of your personal information is important to us. Woodside takes such steps as are reasonable in the circumstances to protect personal information from loss, misuse, interferences, unauthorised access, modification or disclosure. However, please note that no method of protection is 100% secure and we cannot guarantee absolute security.  If a security breach occurs, we will notify you of the incident and the measures taken to reduce risks in accordance with applicable law. Please notify us immediately if you become aware of any breach of security. 

Woodside employs a number of means to protect your personal information, including: 

• External and internal premises security measures designed to ensure that your information is not capable of being seen or modified by unauthorised persons. 

• Restricted access to personal information. 

• Maintaining technology products designed to prevent unauthorised computer access. 

• Regular review and testing of our technology in order to improve the level of security. 

• Implementation of mandatory requirements in relation to use of Woodside’s IT Systems. 

It is important to be aware that email is generally not a secure way to communicate. Personal information contained within emails sent to and from email addresses external to Woodside may not be secure. 

Retention 

Woodside will retain your data in line with good record-keeping practices. The relevant time period for retention of your information is determined in accordance with relevant legal and regulatory requirements, the purpose for which your personal information was collected, limitation periods for any claims that might arise and industry practice guidelines. 

Woodside’s approach to retention and disposal of information groups ‘like information’ together in order to apply Woodside’s retention rules according to legal and operational requirements. This policy is based on best practice, the Australian Records Retention Manual and legal requirements in applicable laws.  After the requisite time has passed, we will take such steps as are reasonable in the circumstances to attend to the destruction, de-identification or deletion of your personal information. 

If you have given us explicit consent for the use of your personal information, you may later withdraw that consent (although this will not affect the lawfulness of our previous use of your information). 

Right to make a complaint 

If you believe that Woodside has not protected your personal information as set out in this Privacy Statement or has breached your privacy rights in any way, you may lodge a complaint with us by contacting our Privacy Officer using the contact details set out below. 

On receipt of your complaint, Woodside will: 

• Provide a written acknowledgement or receipt 

• Promptly investigate the complaint and let you know if further information is required to investigate it 

• Endeavour to provide you with a substantive written response within 30 days 

Contact our Privacy Officer 

Our Privacy Officer is responsible for Woodside's management of data privacy. You can contact our Privacy Officer for all queries relating to data privacy or in order to exercise your rights. 

Our Privacy Officer is able to receive queries on behalf of all Woodside entities and, if required, can also confirm which Woodside entity is a data controller of your personal information, and provide further contact details for that entity. 

Note, our Privacy Officer does not amount to a data protection officer for the purposes of the European General Data Protection Regulation.  

You can contact our Privacy Officer in any of the following ways: 

• By emailing [email protected] 

• By phone in Australia: +61 8 9348 4000, between 8:00 am and 4:00 pm AWST, Monday to Friday. 

• By sending a letter to: 

The Privacy Officer 
Woodside Petroleum Ltd 
Mia Yellagonga 
11 Mount Street 
Perth, Western Australia 6000 

You can also contact us by phone from outside Australia: 

• Singapore: + 65 6709 8021, from 8:00 am to 4:00 pm. 

• Canada: + 1 587 956 0913, from 8:00 am to 4:00 pm. 

Privacy Regulators 

We invite you to first discuss with us any concerns or queries you might have. If you are not happy with our handling of your concern or query, you can contact the relevant privacy regulator.  

In Australia, the privacy regulator is the Office of the Australian Information Commissioner: 

• By telephoning 1300 363 992 (of +61 2 9284 9749 if calling from outside Australia). 

• By fax to +61 2 92849666. 

• By emailing [email protected]