BHP Foundation Privacy Notice
Key points of our Privacy Notice:
- The BHP Foundation is committed to protecting the security of all Personal Information collected by us.
- While the BHP Foundation is a separate (though related) legal entity to BHP, its operations rely on the use of BHP IT systems and networks, including email and servers. Any information provided to us by you, or collected by us about you, will be stored on these systems (unless deleted by us). See Who we are under Section 1, below, for more information.
- We conduct due diligences on partner organizations and service providers (and occasionally sub-grantees), including by asking questions about their key personnel. See Section 2 and 3(a) below for more information.
- We sometimes share information about partner organizations, grants or Projects with our colleagues at BHP to help us provide the best support we can to our partner organizations. See Disclosures within the BHP corporate group at Section 4 below
- “Privacy” in this policy does not refer to confidentiality, intellectual property or cultural and/or Indigenous knowledge.
If you have questions about this notice, please contact us. Our contact details are set out under how you can contact us at Section 9, below. We are committed to continuously improving the way we work and partner, and always welcome feedback.
At the BHP Foundation we seek to build relationships based on trust, collaboration, openness and integrity. We do this because it’s the right thing to do, but also in the belief that purposeful transparency enables us to contribute to a growing evidence base of what works and allows others to learn from our experiences.
Working collaboratively means our collaborators also need to be open to sharing, and so protecting your privacy is very important to us.
In this notice the Foundation explains:
- how we collect and process your personal information, as well as your rights in relation to the personal information we hold about you; and
- when and how we disseminate information about partners (and their personnel) to stakeholders, including our donor BHP.
What does this notice do?
This notice describes how the BHP Foundation deals with personal information of individuals that interact with BHP Foundation – this includes representatives of our partners and grant applicants, business partners such as evaluators and advisors, users of our website and social media sites, and our suppliers.
For the purposes of this notice, “personal information” means any information about an identified or identifiable person. This includes where you can be identified, directly or indirectly, including by reference to an identifier (for example, a name or email address, or an online identifier such as a unique device identification number). We use the words “process” and “processing” to describe the various things we may do with your personal information – including collecting, using, disclosing, holding, recording, storing, transferring or otherwise handling that information.
In this notice, the following words have the following meanings:
- "participant" means an individual , group, community or entity that participates in a Project or is a focus or target of a Project, and includes the personnel of partners, advisors, contractors, sub-grantees, beneficiaries and local community members.
- "partner organization" means any organization that proposes or delivers a Project with the Foundation, or seeks or receives a donation from the Foundation (whether or not the organization receives any funding from the Foundation).
- "project" means means activities by a partner organization that are funded, or partly funded, by a grant or donation from the Foundation.
- "us", "we" or the "Foundation" means the BHP Foundation, a private foundation registered in Texas, United States.
- "BHP" means BHP Group Limited of 171 Collins Street, Melbourne, Victoria 3000, Australia; BHP Group Plc of Nova South, 160 Victoria Street, London, SW1E 5LB, UK; BHP Marketing Asia Pte Ltd of 10 Marina Boulevard, #50-01 Marina Bay Financial Tower, Tower 2, Singapore 018983; or the local BHP entity in the country in which your Personal Information is collected.
Who we are
The Foundation is a US-based private foundation funded by BHP.
While the Foundation is a separate legal entity to BHP and has its own governance and management structures, its operations rely on the use of BHP IT systems and networks, including email systems and servers. Additionally, many BHP Foundation staff members are employees of BHP who have been seconded to work at the Foundation, and may still perform part of their role for BHP.
Types of personal information we collect
We collect and process different types of personal information depending on how you interact with us. In some cases, this may include information that shows who you are and/or is linked to you as a result of your interactions with the Foundation. We may also collect sensitive personal information about you in circumstances where we have your consent or we are otherwise authorized by law to do so.
How we collect personal information
When an organization applies for a grant or donation from the BHP Foundation, it typically provides information about key personnel at the organization and relevant details about work history, contact details and other information that is useful to us in assessing its application. We ask organizations to seek permission before sharing personal information with us and to ensure that your organization complies with any data privacy laws which you are required to in the jurisdictions relevant to your organization in respect of such disclosure of personal information.
We may also collect personal information from you either directly (such as when you request information from us) or indirectly from your interactions with us. Where permitted to do so, we may also to collect personal information about you from third parties (such as the Dow Jones Risk and Compliance databases and the BvD Orbis / Catalyst databases) and via general internet browsing. Regardless of where we obtain personal information we always comply with relevant data privacy laws.
Types of personal information we collect
The types of personal information that we collect may include:
- Identification data – such as your name, gender, job title and date of birth.
- Contact details – such as your home and business address, email address and telephone number.
- Qualification-related information – such as your qualifications, employment history, and proposed contribution to our work or work that we fund.
- Due Diligence information - We conduct background checks (including criminal records checks) on key personnel and decision-makers at prospective partner organizations.
- Other information – this includes communications with you (including complaints or concerns raised by you or any feedback or survey responses – which are aggregated so retain their anonymity -
Sensitive personal information
Some types of personal information are considered to be more private than others (which, depending on jurisdiction, includes information about someone’s racial or ethnic origin, political opinions, religious beliefs or affiliations, health or medical conditions, genetic information, biometric information, sexual orientation, criminal record, trade-union membership and political association membership). This type of information is called “sensitive personal information”.
Sometimes we may collect sensitive personal information about you (such as criminal history checks for the purpose of conducting due diligences, or your racial or ethnic origin to ensure that we are funding appropriate groups where Cultural or Indigenous Knowledge may be used).We will only collect sensitive personal information when we have your consent or when we are otherwise permitted do so by law.
Why we process your personal information
We collect Personal Information where it is reasonably necessary for us to do so in order to perform our functions and activities, as outlined below:
- operational and grant-making purposes – including for operational, charitable and regulatory purposes, including negotiating, concluding and performing contracts, managing the grant relationship, managing accounts and records, supporting corporate social responsibility activities, security, conducting internal investigations and administration.
- conducting pre-grant enquiries – this includes conducting due diligence on partner organizations when we commence a new project or partnership.
- website administration and internal operations – this includes providing the services on our website, troubleshooting, data analysis, testing, research, statistical and survey purposes.
- managing stakeholder relationships – this includes communicating with partner organizations, third party providers and vendors, employees and contractors of those organizations, and other parties who are interested or involved with the Foundation.
- email monitoring - including monitoring emails sent to and from the BHP email systems, which includes emails to and from BHP Foundation employees.
- to comply with our legal obligations – this includes meeting obligations imposed under law; responding to lawful requests from governments and public authorities; and responding to potential or actual litigation.
Who we share your personal information with
We will share your personal information within the BHP Group as well as with third parties involved in advising us or assisting us, and your authorised representatives. This may involve sharing information across national borders.
Disclosures within the BHP corporate group
We may share your personal information (which may sometimes include sensitive personal information) within the BHP corporate group when we need additional resourcing from the BHP workforce. This may include sharing your personal information with BHP entities in countries other than where the information was originally collected.
Sharing of this information within the BHP Group is governed by data transfer agreements that are in place with all relevant BHP entities.
Disclosures outside the BHP corporate group
We may also need to share your personal information (which may sometimes include sensitive personal information) with:
- people you have authorized to interact with us on your behalf (such as your organization’s evaluators, or representatives);
- third parties who provide services we use to run our organization (such as external service providers that assist us to perform MLE or other services);
- other partner organizations with whom we will collaborate or knowledge-share;
- our professional advisors (such as our lawyers and accountants); and
- government authorities or other persons where obliged to do so by an applicable law.
If we need to disclose personal information to third parties in a different country to where the information was collected, we will take steps to ensure that there is a lawful basis for the disclosure and that the disclosure complies with all applicable laws. This may include entering into a legally binding contract with the recipient under which they are obliged to handle your information in accordance with applicable laws.
How we store and protect your personal information
Your rights and choices
You have rights relating to your personal information held by the Foundation and BHP. You can advise us if you want to correct your personal information or if you have concerns about how we are handling your personal information.
You have certain rights in relation to your personal information that we hold about you, though the details of these may vary depending on the country where you are based. We respond to all requests we receive from individuals wishing to exercise their rights in relation to any information we hold in accordance with applicable data protection laws.
It is important to us that all of the information we hold about you is correct and up-to-date, so let us know promptly if there are any errors or other changes should be made.
If you wish to access, correct or update any personal information that we hold about you, please contact us using the details in Section 9, below.
Raising concerns about how we deal with personal information
If you are concerned about how we are dealing with your personal information, then you may have the right to complain to an applicable data protection authority. The relevant authority will depend on which country you are located in. A list can be found here.
Before raising a complaint with a data protection authority, we recommend that you first raise the issue with us so we can address your concerns as quickly as possible. We will make a record of your complaint and will deal with it as quickly as we can while keeping you informed of progress. Even if we are not able to address your concern, we will be able to provide further information about how you can contact a relevant data protection authority. Further information about how to contact us is outlined below.
Country specific rules
Updates to this policy
We will update this policy from time to time where necessary to reflect changes in applicable laws or in our privacy compliance practices.
How you can contact us
For general enquiries about this policy, please contact our Legal team at [email protected].
Of course, you are always welcome to discuss issues with your regular Foundation contact person.