Privacy Policy

1. Introduction

Delta Corporation Limited (ABN 66 009 225 567) ("Delta") is committed to protecting the privacy of the personal information we collect, hold, use and disclose.

This Privacy Policy explains how we collect, use, disclose, store and protect personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). It also explains how individuals may access and correct their personal information or make a complaint regarding our handling of that information.

As our annual turnover exceeds AU$3 million, Delta is an organisation regulated by the Privacy Act and is bound by the Australian Privacy Principles.

This Policy applies to personal information collected from:

  • employees;
  • prospective employees;
  • contractors and labour-hire personnel;
  • customers;
  • clients;
  • suppliers;
  • consultants;
  • visitors to our premises;
  • users of our website;
  • job applicants; and
  • any other individuals whose personal information we collect in the course of conducting our business.

2. Scope and Application

This Policy applies to all personal information collected by Delta in connection with its manufacturing, commercial and administrative operations, including information collected from:

  • current and prospective employees;
  • contractors, labour-hire workers and agency staff;
  • customers and clients;
  • suppliers and service providers;
  • visitors attending Delta premises;
  • applicants for employment;
  • website users;
  • individuals who contact Delta by telephone, email, correspondence or through our website; and
  • any other individual whose personal information Delta collects, holds, uses or discloses.

This Policy applies regardless of whether the information is collected electronically, in writing, verbally or through automated systems.

3. Personal Information and Sensitive Information

3.1 Personal Information

Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, regardless of whether:

  • the information is true; or
  • the information is recorded in a material form.

Examples include:

  • name;
  • residential or postal address;
  • telephone number;
  • email address;
  • date of birth;
  • employment details;
  • qualifications;
  • payment information;
  • emergency contact information; and
  • any other information capable of identifying an individual.

3.2 Sensitive Information

Sensitive information is a special category of personal information that receives greater protection under the Privacy Act.

Sensitive information includes information relating to an individual's:

  • racial or ethnic origin;
  • political opinions;
  • religious or philosophical beliefs;
  • trade union membership;
  • criminal record;
  • health information;
  • genetic information;
  • biometric information used for identification purposes; and
  • biometric templates.

Delta will only collect sensitive information where:

  • the individual has provided informed consent; or
  • collection is otherwise authorised or required by law.

3.3 Biometric Information

For the purposes of this Policy, biometric information means measurable biological or behavioural characteristics used to identify or verify an individual's identity.

This includes:

  • facial recognition templates;
  • fingerprint scans;
  • fingerprint minutiae templates;
  • iris scans;
  • palm vein scans; and
  • other biometric identifiers.

Where a biometric system converts an image into an encrypted mathematical template and discards the original image, the resulting template remains biometric information and sensitive information for the purposes of the Privacy Act.

4. Information We Collect

Depending on the nature of your relationship with Delta, we may collect a range of personal information.

4.1 Employment Information

For employees and contractors we may collect:

  • name;
  • address;
  • telephone number;
  • email address;
  • date of birth;
  • emergency contact details;
  • tax file number;
  • bank account details;
  • superannuation details;
  • qualifications and licences;
  • employment history;
  • payroll information;
  • leave records;
  • attendance records;
  • training records;
  • work health and safety records;
  • performance information; and
  • disciplinary records where applicable.

4.2 Customer and Commercial Information

For customers, suppliers and contractors we may collect information including:

  • business name;
  • contact details;
  • billing information;
  • delivery addresses;
  • payment details;
  • credit application information where applicable;
  • transaction history;
  • account information;
  • purchase records;
  • correspondence; and
  • records relating to the supply of goods and services.

Where credit facilities are requested, Delta may collect information reasonably necessary to assess creditworthiness and administer customer accounts.

4.3 Website Information

When you interact with our website or online services, we may collect information including:

  • your name;
  • email address;
  • telephone number;
  • business details;
  • information contained in enquiries you submit;
  • IP address;
  • browser type;
  • operating system;
  • pages visited;
  • date and time of access;
  • referring website information; and
  • cookie and similar technology data.

If you subscribe to our mailing list or contact us through our website, we will use your information only for the purpose for which it was provided, unless otherwise permitted by law.

4.4 Information Collected from Communications

We may collect personal information when you:

  • telephone us;
  • email us;
  • correspond with us;
  • complete application forms;
  • submit employment applications;
  • lodge enquiries;
  • attend our premises;
  • participate in meetings;
  • communicate with our employees; or
  • otherwise interact with Delta.

We may keep records of correspondence where reasonably necessary for our business operations, legal obligations or customer service.

4.5 Visitor Information

Visitors attending Delta premises may be required to provide information including:

  • name;
  • organisation;
  • contact details;
  • vehicle registration;
  • arrival and departure times;
  • host details; and
  • health and safety declarations where required.

4.6 Biometric Information Collected Through the Time and Attendance System

Delta operates a biometric time and attendance system at its manufacturing facility located at:

218 Campersic Road
Herne Hill WA 6056

Where an employee has provided valid consent, the system collects:

  • a facial recognition scan;
  • the biometric template generated from that scan;
  • the date and time of each attendance event;
  • the terminal location; and
  • associated attendance metadata.

The biometric template is an encrypted mathematical representation used solely for identity verification.

Delta does not retain the original facial.

Biometric information is collected only for the purposes set out in this Policy and only after informed consent has been obtained.

4.7 Information Collected from Third Parties

Where authorised by law or with the individual's consent, Delta may collect personal information from third parties including:

  • recruitment agencies;
  • referees;
  • labour-hire providers;
  • government agencies;
  • credit reporting bodies (where applicable);
  • professional advisers;
  • insurers; and
  • publicly available sources.

We only collect such information where it is reasonably necessary for our business functions or activities.

5. How We Collect Personal Information

Delta collects personal information by lawful and fair means and, wherever practicable, directly from the individual concerned.

Depending on the nature of your relationship with us, we may collect personal information through:

  • employment application forms;
  • recruitment processes and interviews;
  • onboarding documentation;
  • customer account applications;
  • supplier registration forms;
  • credit applications (where applicable);
  • purchase orders and commercial transactions;
  • correspondence by email, telephone or post;
  • meetings and discussions with our employees;
  • our website, including online enquiry forms and mailing list subscriptions;
  • workplace attendance systems;
  • visitor registration processes;
  • work health and safety documentation;
  • CCTV or security access systems where applicable;
  • training records;
  • payroll documentation;
  • timesheets; and
  • any other lawful interactions with Delta.

Where it is reasonable and practicable to do so, we will collect personal information directly from the individual.

In limited circumstances, we may collect information from third parties where:

  • the individual has consented;
  • the information is publicly available;
  • collection is authorised or required by law; or
  • another exception under the Privacy Act applies.

Examples include obtaining information from:

  • recruitment agencies;
  • labour-hire providers;
  • referees;
  • educational institutions;
  • government agencies;
  • professional advisers;
  • insurers;
  • credit reporting bodies (where applicable); and
  • regulatory authorities.

Where personal information is collected from a third party, Delta will take reasonable steps to notify the individual where required by the Australian Privacy Principles.

Collection Notices

At or before the time personal information is collected (or as soon as reasonably practicable afterwards), Delta will take reasonable steps to ensure individuals are informed of:

  • Delta's identity and contact details;
  • the purpose of collecting the information;
  • whether collection is required or authorised by law;
  • the consequences if the information is not provided;
  • the types of organisations to whom the information may be disclosed;
  • whether overseas disclosure is likely;
  • how to access or correct personal information; and
  • how to make a privacy complaint.

Collection of Sensitive Information

Delta will generally only collect sensitive information where:

  • the individual has provided voluntary, informed, current, specific and unambiguous consent; or
  • collection is authorised or required by law.

Sensitive information will only be collected where reasonably necessary for Delta's functions or activities.

Collection of Biometric Information

Prior to enrolling an employee in Delta's biometric time and attendance system, the employee will receive a separate written collection notice explaining:

  • the biometric information being collected;
  • why the information is required;
  • how the information will be used;
  • how the information will be stored and protected;
  • who may have access to the information;
  • how long the information will be retained;
  • how the information will be destroyed or de-identified; and
  • the alternative attendance recording methods available if consent is not provided.

No biometric information will be collected until the employee has had an opportunity to read the collection notice and provide valid consent.

Withdrawal of Consent

Individuals may withdraw their consent at any time by notifying the Payroll Department.

Withdrawal of consent will not affect the legality of any collection, use or disclosure that occurred before consent was withdrawn.

Upon withdrawal of consent, Delta will:

  • cease collecting biometric information;
  • remove the individual's biometric template unless retention is otherwise required by law; and
  • provide an alternative attendance recording method.

Alternative Attendance Recording

Employees who choose not to participate in the biometric attendance system, or who later withdraw their consent, will be provided with a genuine alternative attendance recording method, such as manual sign-in with the Production Manager.

Employees will not be disadvantaged, discriminated against or subjected to adverse treatment solely because they choose not to participate in biometric attendance recording.

6. Purpose of Collection and Use

Delta collects, holds and uses personal information only where reasonably necessary for its business functions and activities or as otherwise permitted by law.

Depending on the circumstances, personal information may be used to:

  • recruit employees;
  • assess employment applications;
  • administer employment relationships;
  • pay wages and salaries;
  • administer payroll;
  • maintain personnel records;
  • manage contractor relationships;
  • provide products and services;
  • establish and maintain customer accounts;
  • assess credit applications;
  • evaluate creditworthiness where appropriate;
  • process receipts and payments;
  • administer supplier accounts;
  • communicate with customers, suppliers and contractors;
  • respond to enquiries;
  • provide requested information;
  • maintain business records;
  • comply with contractual obligations;
  • meet taxation obligations;
  • comply with accounting requirements;
  • satisfy work health and safety obligations;
  • comply with industrial relations legislation;
  • comply with legal and regulatory obligations;
  • investigate complaints;
  • manage disputes;
  • improve our business operations; and
  • protect Delta's lawful business interests.

Delta will not use personal information for purposes unrelated to those for which it was collected unless:

  • the individual has consented;
  • the individual would reasonably expect the secondary use;
  • the Privacy Act otherwise permits the use; or
  • the use is required or authorised by law.

Use of Biometric Information

Biometric information collected through Delta's attendance system will only be used for the following purposes:

  • verifying employee identity;
  • recording commencement and completion of work shifts;
  • payroll processing;
  • compliance with industrial awards and enterprise agreements;
  • monitoring authorised site attendance;
  • emergency evacuation roll calls;
  • workplace health and safety management;
  • preventing attendance fraud, including "buddy punching";
  • maintaining accurate attendance records; and
  • maintaining site security.

Delta will not use biometric information for:

  • employee profiling;
  • behavioural analysis;
  • productivity monitoring unrelated to attendance;
  • marketing;
  • automated decision-making unrelated to attendance verification; or
  • any unrelated commercial purpose.

Biometric information will not be sold, licensed or commercialised.

7. Disclosure of Personal Information

Delta may disclose personal information where reasonably necessary to carry out its business functions and activities.

Depending on the circumstances, personal information may be disclosed to:

  • payroll service providers;
  • biometric attendance system providers;
  • information technology service providers;
  • cloud hosting providers;
  • accountants;
  • auditors;
  • legal advisers;
  • insurers;
  • workers' compensation insurers;
  • government departments;
  • regulatory authorities;
  • financial institutions;
  • contractors providing services to Delta; and
  • any other party where disclosure is authorised or required by law.

Biometric information may be disclosed only where reasonably necessary for the purposes outlined in Section 6.

Delta requires service providers handling personal information on its behalf to implement appropriate security measures and comply with applicable privacy obligations.

8. Overseas Disclosure of Personal Information

Delta generally stores and processes personal information within Australia.

In some circumstances, personal information may be disclosed to, stored by or processed by third-party service providers located outside Australia. This may occur where Delta engages reputable cloud service providers, software providers or information technology service providers whose infrastructure is located overseas.

Before disclosing personal information to an overseas recipient, Delta will take reasonable steps to ensure the recipient handles the information in a manner consistent with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), unless an exception under the Privacy Act applies.

These reasonable steps may include:

  • entering into contractual arrangements requiring compliance with Australian privacy standards;
  • assessing the overseas recipient's privacy and security practices;
  • requiring appropriate technical and organisational safeguards; and
  • ensuring the overseas disclosure is otherwise permitted under the Privacy Act.

Where practicable, Delta will identify in its collection notices whether overseas disclosure is likely.

9. Data Quality, Storage and Security

Delta takes reasonable steps to ensure that the personal information it holds is:

  • accurate;
  • complete;
  • relevant;
  • up to date; and
  • protected against misuse, interference, loss, unauthorised access, modification or disclosure.

We regularly review our information management practices and encourage individuals to notify us if their personal information changes.

Security Measures

Delta maintains administrative, physical and technical safeguards appropriate to the nature and sensitivity of the information we hold.

These measures include, where appropriate:

  • secure office facilities;
  • controlled physical access to records;
  • password-protected computer systems;
  • role-based user access controls;
  • multi-factor authentication where available;
  • encrypted data transmission;
  • encryption of sensitive information at rest;
  • firewalls;
  • anti-malware software;
  • network monitoring;
  • security logging and auditing;
  • secure backups;
  • software patch management;
  • secure disposal of paper records;
  • secure destruction of electronic media;
  • confidentiality obligations for employees; and
  • regular review of information security procedures.

Access to personal information is restricted to employees and authorised personnel who require access in order to perform their duties.

Security of Biometric Information

Because biometric information is particularly sensitive and cannot simply be replaced if compromised, Delta applies enhanced security controls.

These include:

  • storing encrypted biometric templates rather than original facial images;
  • ensuring biometric templates cannot be reverse-engineered into facial images;
  • biometric information is stored on the device only;
  • restricting access to authorised personnel only;
  • maintaining audit logs of administrative access;
  • applying appropriate software updates and security patches;
  • segregating biometric systems from general business systems where practicable; and
  • regularly reviewing access permissions.

Delta continually reviews these measures to ensure they remain appropriate to emerging security threats.

Data Quality

Delta takes reasonable steps to ensure personal information remains accurate and current by:

  • updating records following notification from individuals;
  • periodically reviewing information held;
  • correcting inaccurate or incomplete information promptly; and
  • maintaining procedures for employees to report changes to personal information.

Individuals are encouraged to notify Delta as soon as practicable if their personal information changes.

10. Website Privacy, Cookies and Internet Use

Delta's website is intended to provide information about our business and services and to facilitate communication with customers, suppliers, contractors, prospective employees and other users.

Information Collected Through Our Website

When you visit our website, our systems may automatically collect technical information including:

  • IP address;
  • browser type and version;
  • operating system;
  • referring website;
  • pages viewed;
  • files downloaded;
  • time and date of access;
  • session information; and
  • general website usage statistics.

This information is generally used for:

  • website administration;
  • security monitoring;
  • diagnosing technical issues;
  • improving website functionality;
  • analysing website performance; and
  • understanding how visitors use our website.

Where this information does not identify an individual, it is not treated as personal information.

Information You Provide

If you voluntarily provide information through our website, such as by:

  • completing an enquiry form;
  • submitting a job application;
  • subscribing to a mailing list;
  • requesting information; or
  • contacting Delta by email,

we will collect only the information necessary to respond to your request or provide the services you have requested.

Cookies

Delta's website may use cookies and similar technologies to improve user experience.

Cookies may assist us to:

  • recognise returning visitors;
  • remember user preferences;
  • analyse website traffic;
  • improve website performance; and
  • enhance website functionality.

Users may configure their browser to refuse cookies. However, doing so may affect the operation of some website features.

Email Communications

If you provide your email address to Delta:

  • we will use it for the purpose for which it was provided;
  • we may respond to your enquiries;
  • we may provide requested information or services; and
  • we will not send unsolicited marketing communications unless permitted by law or with your consent.

Links to Third-Party Websites

Our website may contain links to external websites operated by third parties.

These websites operate independently of Delta and have their own privacy policies.

Delta is not responsible for:

  • the privacy practices of third-party websites;
  • the content of external websites; or
  • information collected after users leave Delta's website.

Individuals are encouraged to review the privacy policies of external websites before providing personal information.

11. Retention and Destruction of Personal Information

Delta retains personal information only for as long as reasonably necessary to:

  • fulfil the purposes for which it was collected;
  • comply with legal obligations;
  • satisfy accounting and taxation requirements;
  • comply with employment and industrial relations legislation;
  • meet work health and safety obligations;
  • manage legal proceedings; or
  • otherwise as required or authorised by law.

When personal information is no longer required, Delta will take reasonable steps to securely destroy or permanently de-identify the information.

Secure destruction methods may include:

  • secure shredding of paper records;
  • permanent deletion of electronic records;
  • secure destruction of storage media; or
  • irreversible de-identification.

Retention of Employment Records

Employment-related records, payroll records and taxation records may be retained for periods required under applicable legislation.

Where retention is required by law, Delta will continue to protect the information in accordance with this Policy.

Retention of Biometric Information

Biometric information is retained only for as long as reasonably necessary to achieve the purposes described in Section 6.

Unless otherwise required by law:

  • biometric templates and associated scan data will be securely deleted or permanently de-identified within one (1) week after an individual's employment or engagement ends;
  • biometric information will also be deleted where an individual withdraws consent and biometric attendance recording is no longer required; and
  • only attendance records (such as clock-in and clock-out times) required for payroll, taxation, industrial relations or work health and safety purposes will be retained.

Attendance records may continue to be retained where required by law; however, the associated biometric template will not be retained once it is no longer required.

Secure Destruction of Biometric Information

When biometric information reaches the end of its retention period, Delta will take reasonable steps to ensure it is permanently destroyed or irreversibly de-identified.

12. Access to and Correction of Personal Information

Delta is committed to ensuring that the personal information it holds is accurate, complete, relevant and up to date.

Subject to the Privacy Act, individuals may request:

  • access to the personal information Delta holds about them;
  • correction of personal information that is inaccurate, out of date, incomplete, irrelevant or misleading; and
  • an explanation of how their personal information has been used or disclosed where appropriate.

Requests should be made in writing to Delta's Privacy Officer using the contact details set out in Section 15.

Delta will respond to requests within a reasonable period, generally within 30 days of receiving the request.

There is ordinarily no charge for requesting access to personal information. However, Delta reserves the right to charge reasonable administrative costs permitted by law where extensive retrieval or copying is required. Any applicable charges will be discussed with the individual before they are incurred.

To protect privacy, Delta may require reasonable proof of identity before providing access to personal information.

Where an individual requests correction of information, Delta will take reasonable steps to:

  • investigate the request;
  • correct the information where appropriate; and
  • notify relevant third parties of the correction where required or appropriate.

Refusal of Access

In limited circumstances permitted by the Privacy Act, Delta may refuse access to personal information.

Examples include where providing access would:

  • unreasonably affect the privacy of another individual;
  • prejudice law enforcement activities;
  • reveal commercially sensitive information;
  • prejudice legal proceedings;
  • be unlawful; or
  • otherwise fall within an exception permitted by the Privacy Act.

Where access or correction is refused, Delta will provide written reasons unless doing so would itself be unreasonable or unlawful.

Individuals who are dissatisfied with a decision may make a complaint under Section 15 of this Policy.

13. Workplace Surveillance – Western Australia

Delta is committed to maintaining a safe, secure and transparent workplace while respecting the privacy of employees and other individuals.

At the date of this Policy, Western Australia does not have a dedicated workplace surveillance statute equivalent to the legislation operating in New South Wales or the Australian Capital Territory.

Instead, surveillance-related activities are principally governed by:

  • the Surveillance Devices Act 1998 (WA);
  • the Privacy Act 1988 (Cth);
  • applicable employment and industrial relations legislation; and
  • work health and safety legislation.

The Surveillance Devices Act primarily regulates the use of listening devices, optical surveillance devices, tracking devices and data surveillance devices in particular circumstances.

Although Delta's biometric attendance system is not intended to conduct surveillance of private activities, Delta recognises the importance of transparency and consultation.

Accordingly, Delta will:

  • provide employees with clear written information before introducing or significantly changing biometric attendance systems;
  • explain the purpose of the system and the information collected;
  • identify how the information will be stored, used and protected;
  • consult with employees regarding significant workplace changes where required;
  • avoid installing biometric attendance devices in areas where individuals have a reasonable expectation of privacy, such as toilets, bathrooms or change rooms; and
  • ensure this Privacy Policy and associated collection notices remain readily available to employees.

Should Delta commence operations in jurisdictions with specific workplace surveillance legislation, such as New South Wales or the Australian Capital Territory, this Policy will be reviewed and updated to ensure compliance with the applicable legislative requirements.

14. Data Breach Notification

Delta maintains procedures to identify, investigate, manage and respond to actual or suspected data breaches.

Where a data breach is likely to result in serious harm to affected individuals, Delta will comply with the Notifiable Data Breaches (NDB) Scheme contained in Part IIIC of the Privacy Act.

Where required by law, Delta will:

  • promptly investigate the suspected breach;
  • take reasonable steps to contain the breach;
  • assess the likely impact on affected individuals;
  • notify affected individuals as soon as practicable;
  • notify the Office of the Australian Information Commissioner (OAIC); and
  • take reasonable steps to reduce the likelihood of future incidents.

15. Privacy Complaints and Contact Details

Delta welcomes feedback regarding this Privacy Policy and its privacy practices.

Individuals may contact Delta to:

  • ask questions about this Policy;
  • request access to personal information;
  • request correction of personal information;
  • withdraw consent for the collection of biometric information;
  • report suspected privacy breaches; or
  • make a complaint regarding Delta's handling of personal information.

Privacy enquiries should be directed to:

Privacy Officer
Craig Steppe

Postal Address
Delta Corporation Limited
218 Campersic Road
Herne Hill WA 6056

Telephone
(08) 9296 5024

Email
craig@deltacorp.com.au

Privacy Complaints

If an individual believes Delta has breached the Privacy Act or the Australian Privacy Principles, they may lodge a complaint with the Privacy Officer.

Complaints should include:

  • the complainant's name and contact details;
  • details of the complaint;
  • relevant dates;
  • any supporting documentation; and
  • the outcome sought.

Delta will:

  • acknowledge receipt of the complaint;
  • investigate the matter promptly and fairly;
  • seek additional information where necessary;
  • provide a written response within a reasonable period, generally within 30 days; and
  • take appropriate corrective action where required.

If the complainant is not satisfied with Delta's response, they may refer the complaint to the:

Office of the Australian Information Commissioner (OAIC)

Website: https://www.oaic.gov.au

Telephone: 1300 363 992

The OAIC may investigate complaints in accordance with the Privacy Act.

16. Changes to this Privacy Policy

Delta may amend this Privacy Policy from time to time to reflect:

  • changes to legislation;
  • changes to the Australian Privacy Principles;
  • changes to technology;
  • changes to Delta's business practices;
  • improvements to privacy governance; or
  • other operational requirements.

The current version of this Policy will be made available to employees and, where appropriate, published on Delta's website.

Where material changes affect the collection, use or disclosure of biometric information or other sensitive information, Delta will take reasonable steps to notify affected individuals before the changes take effect.

Individuals are encouraged to review this Policy periodically to ensure they remain informed of Delta's privacy practices.

Document Control

Document Title

Privacy Policy

Organisation

Delta Corporation Limited

Policy Owner

Privacy Officer

Approved By

General Manager

Version

2.0

Effective Date

17/07/2026

Review Date

16/07/2028