Last updated on 19 July 2023
POLICY No: KSS-06-01-0004
VER: 4.0
1 PURPOSE
Komatsu New Zealand Limited (Komatsu) respects the privacy of Personal Information. This Privacy Policy (Policy) sets out how Komatsu collects and treats personal information and how it will comply with the Privacy Act 2020 (NZ) and the thirteen New Zealand Information Privacy Principles (IPP’s) as set out in Annexure ‘A’.
To comply with Komatsu’s obligations under the Privacy Act and the IPP’s, this Policy sets out how Komatsu manages privacy within its organisation.
2 CONTENT
Komatsu respects the rights of individuals to privacy and this Policy sets out how Komatsu collects and treats Personal Information.
“Personal Information” means information about an identifiable individual. Komatsu has implemented practices so that its management of Personal Information is open and transparent.
2.1 What Personal Information Komatsu collects
In the course of conducting Komatsu’s business, Komatsu may collect the following types of Personal Information from individuals:
• Contact details (including name, address, phone number, fax number and email address);
• Driver’s Licence details (including Licence No, Expiry Date and Date of Birth);
• Information about the goods or services that have been ordered or sold;
• Information from enquiries made;
• Records of communications;
• Financial details;
• Credit card information;
• The location of where an individual is operating a Komatsu machine (only in those instances where Komtrax or similar systems are installed on the machine and an operator identification number has been allocated to a Komatsu machine); and
• How an individual operates a Komatsu machine (only in those instances where Komtrax or similar systems are installed on the machine and an operator identification number has been allocated to a Komatsu machine).
Where an individual uses SMART CONSTRUCTION or any of the applications available within the SMART CONSTRUCTION module, Komatsu will also collect the following types of Personal Information:
• Name, address, email address that was registered at the time of entering into the SMART CONSTRUCTION Contract;
• Name, email address and Login ID of the Chief Administrator of the SMART CONSTRUCTION account;
• Name, email address and Login ID of the users to who have been granted the right to use the various applications, which are registered when the SMART CONSTRUCTION account was created;
• Information registered in or uploaded to an application or SMART CONSTRUCTION by the users of the relevant application;
• Download history and usage history of an application; and
• Device and location information of the electronic device being used to access an application within SMART CONSTRUCTION (including the individual identification information and name of the carrier to be connected).
Komatsu only collects Personal Information which is reasonably necessary for, or directly related to, the conduct of Komatsu’s business of marketing, selling, hiring and servicing of mining equipment and construction and utility equipment, parts and providing training services.
Komatsu may also request and collect limited health information from individuals when the government makes a public health order enabling organisations to do so due to an epidemic or pandemic that has been declared by the New Zealand Government or the World Health Organisation.
Komatsu only collects the above health information relating to individuals in order to identify risk and implement appropriate controls to prevent or manage the epidemic or pandemic. Komatsu will delete this health information within 30 days of collection.
2.2 How Komatsu collects Personal Information
Komatsu collects Personal Information from individuals when individuals interact with Komatsu in person or electronically, when they access Komatsu’s websites (including myKomatsu), in certain instances when they operate a Komatsu machine, if an individual is using SMART CONSTRUCTION or any of the applications within the SMART CONSTRUCTION module and when Komatsu provides goods or services to them.
Komatsu only collects Personal Information about an individual from the individual directly, unless it is unreasonable or impractical to do so such as where the individual is acting through an agent.
Komatsu does not collect sensitive information such as information or an opinion relating to race, political opinions, religious or philosophical beliefs, memberships of political associations or professional or trade unions, sexual preferences, criminal records or health information. However, if Komatsu has a reasonable business requirement to collect any sensitive information from individuals Komatsu will notify the individual at the time of collecting this sensitive information and obtain their consent before collecting any sensitive information.
2.3 Information provided to individuals
When Komatsu collects Personal Information from individuals, Komatsu will provide those individuals with information regarding our privacy practices which is required to be provided under the IPP’s. This information may be provided by referring them to this Privacy Policy.
2.4 Use of Personal Information
Komatsu only uses and discloses Personal Information for the primary purpose for which it was collected, that is to enable Komatsu to conduct its business of marketing, selling, hiring and servicing of new and used mining equipment, construction and utility equipment, parts and providing training services, or for a related purpose, or where the individual has consented.
Komatsu will take such steps which are reasonable in the circumstances to ensure that Personal Information it uses or discloses is, having regard to the purpose of the use or disclosure, accurate, up to date, complete and relevant.
2.5 Direct Marketing
Komatsu will only use or disclose Personal Information for the purpose of direct marketing where such use or disclosure is permitted by Information Privacy Principle 3. When engaging in direct marketing Komatsu will provide a simple means by which an individual may easily request not to receive direct marketing communications from Komatsu and Komatsu will include a prominent statement that the individual may make such a request. Komatsu will also comply with any such request.
2.6 Disclosure of Personal Information overseas
Komatsu may disclose Personal Information to other related entities in the Komatsu group of companies located in New Zealand, Australia, New Caledonia, Indonesia and third party suppliers in other countries, including Japan, China, the United States of America and the United Kingdom, where such disclosure is reasonably required for the purpose of conducting its business or for purposes ancillary to conducting its business. When Komatsu does so it takes reasonable steps to ensure that those recipients based overseas comply with this Policy and the IPP’s.
2.7 Security of Personal Information
Komatsu takes reasonable steps to protect Personal Information from misuse, interference and loss and from unauthorised access, modification or disclosure through the use of security procedures and technologies.
If other organisations provide support services Komatsu requires them to appropriately safeguard the privacy of any Personal Information provided to them.
Where the Personal Information Komatsu collects is no longer required it will take reasonable steps to destroy or de-identify the information.
2.8 Access to Personal Information
If Komatsu holds Personal Information about an individual it will normally, on request by the individual, give the individual access to the information. However, there may be some legal reasons to deny access. If access is denied Komatsu will provide the individual with the reasons why.
If Komatsu is satisfied that, having regard to a purpose for which Personal Information is held:
• the information is inaccurate, out of date, incomplete, irrelevant or misleading; or
• an individual requests Komatsu to correct Personal Information held about that individual,
Komatsu will take such steps as are reasonable to correct Personal Information about an individual having regard to the purpose for which it is held, to ensure that the information is accurate, up to date, complete, relevant and not misleading.
2.9 Usage Details & IP Addresses, Cookies, Google Analytics and Customer Feedback
Usage Details & IP Addresses
When individuals come on to Komatsu’s websites (including my.komatsu.co.nz), Komatsu may collect certain information such as browser type, operating system and the websites visited before coming to its site. This information is used in an aggregated manner to analyse how individuals use Komatsu’s site, so that Komatsu can improve its site.
Cookies
As is very common for companies, Komatsu uses cookies on its websites. Cookies are very small files which a website uses to identify an individual’s access to its websites and tracks returns to the websites and to store details about an individual’s use of the websites.
Cookies are not malicious programs that access or damage an individual’s computer. Komatsu uses cookies to improve the experience of individuals using its websites.
Komatsu’s websites have links to other websites not owned or controlled by Komatsu. Komatsu is not responsible for these sites or the consequences of individuals going on to those sites.
If you would like to learn more about Cookies or modify your web browser settings to delete or refuse Cookies, please visit the help pages of your web browser.
Google Analytics
Komatsu reserves the right to use cookies to show its own advertisements to individuals whilst they are browsing the internet after having visited Komatsu’s websites, utilising third party platforms including Google Analytics. Google Analytics is a web analysis service provided by Google LLC, 1600 Ampitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
Google Analytics uses cookies and similar technologies to collect information about an individual’s activity on its websites to analyse and improve Komatsu’s websites based on an individual’s usage behaviour. The information regarding an individual’s usage of Komatsu’s websites may be transmitted to and stored on Google’s servers. Komatsu has enabled Google’s “Remarketing” function using Google Analytics, Google Display Network Impression Reporting and Google Analytics Demographics and Interest Reporting Advertising Features in Google Analytics with Google Signals activated. Google Signals compiles for Komatsu, mutli-platform data reports on Google users that have enabled personalised advertising in an individual’s Google account.
An individual can learn more about the use of cookies for Google Analytics by visiting: https://analytics.google.com.
Komatsu uses first and third party cookies, including performance, targeting, tracking and functionality cookies, to collect information about your activity on its websites to analyse and improve Komatsu’s websites and serve relevant advertisements based on an individual’s usage behaviour. Komatsu will not store any personal details about its users, nor provide this to any third party suppliers, as a result of any remarketing campaign. Komatsu’s remarketing campaigns only hold the information about an individual’s visit for the relevant period in accordance with the data retention settings nominated by Google, from their last visit.
An individual can choose to opt out of the Google Analytics Advertising features by visiting: http://www.google.com/settings/ads, and opt out of cookie based ad serving by visiting: http://www.networkadvertising.org/managing/opt_out.asp.
Customer Feedback
When an individual provides feedback on Komatsu’s website located at https://my.komatsu.co.nz/ this information will be kept anonymous and not shared with any third party apart from the entity responsible for collecting this information from the website on behalf of Komatsu.
2.10 Availability and Changes
This Privacy Policy will be publicly available free of charge at: https://www.komatsu.co.nz; and https://my.komatsu.co.nz, or upon request. Komatsu may change this Policy in the future. Updated versions of the Policy will be uploaded onto the respective Komatsu website.
2.11 Implementation
Komatsu will continue to take reasonable steps to implement practices, procedures and systems to ensure that it complies with the Privacy Act, the IPP’s and this Policy.
2.12 Complaints and Contact Details
If an individual has any enquiries or complaints about Komatsu’s privacy practices, details of enquiries or complaints can be sent to Komatsu’s Privacy Officer whose details are set out below. Komatsu takes complaints very seriously and will respond shortly after receiving written notice of a complaint.
Note: if contacting the Komatsu Privacy Officer by phone about a complaint Komatsu will also ask that the complaint is put in writing so that the full details of the complaint can be fully investigated.
The contact details for the Komatsu Privacy Officer are as follows:
Email: privacy@komatsu.com.au
Telephone: +61 2 9795 8215
Address: P.O. Box 136, Fairfield NSW 2165, Australia
2.13 Notification of Privacy Breaches
The Komatsu Privacy Officer will notify the Office of the Privacy Commissioner (OPC) should the Komatsu Privacy Officer have reasonable grounds to believe that a ‘Notifiable Privacy Breach’ of an individual’s Personal Information as defined in the Privacy Act has occurred, or is directed to do so by the OPC.
A ‘Notifiable Privacy Breach’ happens if there is unauthorised access to or disclosure of Personal Information, or an action that prevents Komatsu from accessing the Personal Information on either a temporary or permanent basis, where the access, disclosure or preventative action poses a risk of harm. This will be something that:
(a) has caused, or may cause, loss, detriment, damage, or injury to an individual;
(b) has adversely affected, or may adversely affect, the rights, benefits, privileges, obligations, or interests of an individual; or
(c) has resulted in, or may result in, significant humiliation, significant loss of dignity, or significant injury to the feelings of the individual.
Annexure ‘A’ - New Zealand: Information Privacy Principles (IPP’s)
Information Privacy Principle 1—Purpose of collection of personal information
Information Privacy Principle 2—Source of personal information
Information Privacy Principle 3—Collection of information from subject Information Privacy Principle 4—Manner of collection of personal information Information Privacy Principle 5—Storage and security of personal information Information Privacy Principle 6—Access to personal information
Information Privacy Principle 7—Correction of personal information
Information Privacy Principle 8—Accuracy, etc, of personal information to be checked before use Information Privacy Principle 9—Agency not to keep personal information for longer than necessary Information Privacy Principle 10—Limits on use of personal information
Information Privacy Principle 11—Limits on disclosure of personal information Information Privacy Principle 12 – Disclosure of personal information outside New Zealand Information Privacy Principle 13—Unique Identifiers
For more information regarding the content of the IPP’s you can refer to ‘A Quick Tour of the Privacy
Principles’ located at the Office of the Privacy Commissioner’s website at: https://www.privacy.org.nz/your-rights/your-privacy-rights/the-privacy-principles/