Хүн төрөлхтний хөгжилд нэн чухал түүхий эдийг нийлүүлэхээр ээлтэй, дэвшилтэт замаар ажиллана
Зэс алтны нөөцөөрөө дэлхийд дээгүүр орох Оюу толгойд хамгийн сүүлийн үеийн дэвшилтэт технологи бүхий, аюулгүй ажиллагааг бүрэн хангасан, тогтвортой хэрэгжиж буй уул уурхайн төслийг хэрэгжүүлж байна.
Шинэ мэдээ, онцлох мэдээлэл
The Data Privacy Standard sets out the minimum rules (Data Privacy Principles) that apply whenever and wherever Rio Tinto collects and processes personal data in any format, including electronic and paper. The Data Privacy Principles reflect the benchmark for processing personal data across the Rio Tinto Group. Note that:
The Glossary at the end of the Standard defines these and other terms used in this Standard (in bold).
As Rio Tinto’s organisation-wide privacy policy, this Standard applies to everyone who works for Rio Tinto, and to each Rio Tinto Group business.
The following explains this. At Rio Tinto, the lawful and correct handling of personal data is critical. At its simplest, people need to be able to trust us to respect their privacy and how we handle their personal data when working with us or doing business with us.
In addition, we need to comply with privacy and data protection laws around the world. Applying the Data Privacy Principles in this Data Privacy Standard helps us to do this. Failure to comply with these principles could lead to financial and reputational damage to Rio Tinto, as well as resulting in a loss of trust from the individuals we employ, engage or do business with.
The Data Privacy Principles create a global standard which helps Rio Tinto ensure that we act consistently with our obligations under the many different local data privacy laws around the world.
At Rio Tinto, it is important that we comply with the Data Privacy Principles below and with any additional requirements under local data privacy laws that apply to the processing of personal data. If there is a conflict between the requirements under the Data Privacy Principles and local data privacy laws, we comply with the most stringent requirement.
Any proposed personal data processing that can potentially lead to data subject complaints, regulatory investigations, enforcement actions or damage to Rio Tinto’s reputation must be subject to a Privacy Impact Assessment (PIA) from Ethics and Compliance. The Chief Ethics and Compliance Officer may suspend or block proposed personal data processing activities that, as assessed by Ethics and Compliance, represent a high risk of producing complaints, regulatory investigations, enforcement actions or which could damage Rio Tinto’s reputation.
The following Data Privacy Principles reflect the minimum rules that apply to the processing of personal data at Rio Tinto.
Processing for a new purpose will only be found to be compatible with the original purpose where applicable law so provides, or we have assessed and concluded that it is taking into account such factors as the relationship between the initial purposes and the new purpose; the context in which the personal data was collected and expectations of data subjects; the nature of the personal data; the consequences of the new processing for data subjects; and whether there are privacy safeguards in place.
When we process personal data, we take reasonable steps to ensure that:
Sensitive information is a type of personal data that is of a particularly private nature and includes (among other things) personal data about a person's race, ethnic origins, trade union membership and health and biometric information, as well as criminal record information. We must ensure that sensitive information is processed only when necessary and only if:
We protect disclosures of personal data (including but not limited to when it is transferred across national borders) as follows:
An overview of international disclosures/transfers (both within the Rio Tinto Group and to external service providers) is at Appendix 2a. Also, Appendix 2b outlines requirements for assessments prior to international disclosures.
Personal data must be kept only for as long as necessary for the lawful purpose for which it is processed (as notified to the relevant individuals), or for the time required or permitted under local laws (whichever is the shorter).
Personal data will be retained in accordance with the Records Retention and Disposition Schedule (made under the Rio Tinto Records Management Standard and as updated from time to time), which sets out periods for which different types of records containing personal data are needed. After such time, records containing personal data must be securely destroyed (in the case of physical records) or permanently deleted (in the case of electronic records) in accordance with Rio Tinto’s Records Retention and Disposition Schedule or applicable local laws (whichever imposes the strictest obligations). To the extent possible, all archived copies and back- up copies should be destroyed at the same time and in the same manner as any original records that contain the personal data.
Data subjects have the right to:
There are legal exceptions to the exercise of these rights, and Rio Tinto will review each request on a case by case basis, by reference to the laws of the country where the data subject is located (or if the country where the data subject is located has no data privacy laws, or no data privacy laws containing the relevant right, by reference to the data privacy laws in Australia). Requests from data subjects to access their rights should be referred to the Data Privacy Lead for the relevant region who will advise on how the request needs to be responded to.
Appendix 3 contains more information about how to exercise data privacy rights.
We must ensure that data privacy compliance is integrated into our personal data processing activities.
Ethics & Compliance will undertake a Threshold Privacy Assessment if it is proposed to:
The Threshold Privacy Assessment will consider:
This information will be collected as part of the Security Risk Assessment (SRA) process undertaken by Cyber Security, or separately by Ethics & Compliance.
If the Threshold Privacy Assessment indicates that the proposed processing is likely to result in a high risk to the privacy rights of data subjects, Ethics & Compliance will conduct a Privacy Impact Assessment. The Privacy Impact Assessment will identify steps that must be taken to mitigate the risk and to ensure that Rio Tinto complies with its obligations under this Standard and applicable data privacy laws.
We must limit our use of personal data to send marketing communications. All marketing communications (however distributed) must:
Consent of a data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes.
Criminal record information means personal data relating to criminal convictions and offences.
Data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Data Privacy Incident means a data breach or a known or suspected breach of any of the other Data Privacy Principles in this Data Privacy Standard.
Data Privacy Lead means a member of Ethics & Compliance who is the first point of contact for data privacy questions from a region, as listed on the data privacy page on Element (the Rio Tinto intranet). If you are outside Rio Tinto and cannot access Element, email AskE&C@riotinto.com if you wish to contact the Data Privacy Lead for your region.
Data Privacy Principles: the principles in the Data Privacy Standard that Rio Tinto Group companies and staff must apply when processing personal data.
Data subject: the individual to whom personal data relates.
Disclosure means the act by which personal data is made accessible to others.
Group business: includes all companies, product groups, business units, global functions and corporate offices in the Rio Tinto Group.
Legitimate business purpose: a purpose that is directed at Rio Tinto achieving its business objectives and that complies with all relevant laws and regulations, and with . Rio Tinto’s policies and standards.
Marketing communications: means communications and publications that have a purpose of marketing or promoting Rio Tinto or its products, but does not include communications from Rio Tinto to its employees that relate to the administration of the employment relationship.
Personal data: all information relating to any identifiable individual.
Privacy Impact Assessment means an assessment of the impact of proposed processing operations on the rights and freedoms of data subjects, and the protection of personal data.
Privacy Statement: a notice that needs to be provided to data subjects when we collect their personal data.
Processing: all actions taken in relation to personal data including collecting, using, disclosing, recording, organising, storing, transferring, amending, deleting, destroying, retrieving, accessing, hosting or otherwise handling.
Rio Tinto Data Transfer Deed: the deed executed between Rio Tinto Limited and Rio Tinto plc on 1 July 2009 (as amended from time to time) and to which Rio Tinto Group companies are bound under executed Deeds of Accession.
Rio Tinto Group: all the businesses which are wholly or majority owned or managed by Rio Tinto plc or Rio Tinto Limited (whether directly or indirectly).
Sensitive information: personal data (including information or an opinion) about an individual’s racial or ethnic origin, political opinions and memberships, religious or philosophical beliefs or associations, trade union membership, criminal record information, genetic data, biometric data (processed for the purpose of uniquely identifying a natural person), health or the health services they have received or details of sexual life.
Rio Tinto collects and processes the following categories of personal data for a range of business purposes, including:
Rio Tinto collects personal data directly from data subjects wherever possible.
Rio Tinto does not sell and does not propose to sell personal data.
Unless described above (ie in relation to Shareholder Personal Data) or unless required by law or for the purposes of legal proceedings, disclosures of personal data are generally limited to other members of the Rio Tinto Group (eg Rio Tinto shared services companies) or to external service providers that help Rio Tinto to conduct its business. Sometimes this involves transfers across national borders - more information about international disclosures is contained in Appendix 2.
Personal data may be stored in Rio Tinto's local systems or databases, in the Rio Tinto Business Solution (currently a SAP system that is hosted in Australia), or on infrastructure owned and operated by external service providers engaged by Rio Tinto. Where external service providers are engaged to assist Rio Tinto to process personal data, Rio Tinto requires such service providers to comply with contractual privacy and data protection obligations and applicable data privacy laws. Disclosures within the Rio Tinto Group are governed by Rio Tinto’s internal Data Transfer Deed. More information about personal data processing can also be located in Privacy Statements that Rio Tinto makes available when personal data is collected (see references in Appendix 3 below).
[Privacy Act 1988: Australian Privacy Principle 1.4(a) and (b) and (c); also California Consumer Privacy Act]
An overview of Rio Tinto's global operations and the countries where it operates is on the Rio Tinto website.
This explains where each of the Rio Tinto product groups operates, on a "country by country" basis.
If you are employed or engaged by or have business dealings with a particular Rio Tinto product group, your personal data may be exchanged between Rio Tinto Group companies that are in the countries listed for that product group.
Also, your personal data may be processed by Rio Tinto "shared services companies and external service providers that provide services to the Rio Tinto Group in one or more of the following countries:
Shareholder personal data is processed in Australia and the United Kingdom by Rio Tinto and by the external manager of our share register.
[Privacy Act 1988: Australian Privacy Principle 1.4(f) and (g)]
Prior to transferring personal data outside the country where it was collected, the relevant Group business will carry out the following assessment (with assistance from Ethics & Compliance):
Please complete a Data subject request form if you wish to exercise your rights under Data Privacy Principle 8, including to:
Your request will be forwarded to the Data Privacy Lead for your region, who can also provide you with the Data subject request form. Rio Tinto will aim to respond within a reasonable period after the request is made or from when information required to process the request is received (or otherwise as required under local laws).
As explained in Data Privacy Principle 8, there are legal exceptions to the exercise of the rights listed above, and Rio Tinto will review each request on a case by case basis, by reference to the laws of the country where the data subject is located.
If you have any questions or wish to make a complaint about the processing of your personal data or a complaint about Rio Tinto’s response to your request to exercise your data subject rights, you can do so by emailing AskE&C@riotinto.com or by reporting this as a Data Privacy Incident to Ethics & Compliance.
Data Privacy Leads are responsible for investigating and responding to complaints, unless the complaint is about the Data Privacy Lead's processing of personal data. In such circumstances, another person will be appointed to investigate and respond to the relevant complaint.
If you are not satisfied with how your complaint has been addressed, complaints may be made to, where available, the relevant data privacy regulator or data protection authority in your country. This will be explained in the response to your complaint or you can find out more information about how to complain to the data privacy regulator or data protection authority in your region from your Data Privacy Lead or by contacting AskE&C@riotinto.com
[Privacy Act 1988: Australian Privacy Principle 1.4(d) and (e)]
Certain functions of the ‘person in charge of the protection of personal information’ under Quebec data privacy law are delegated to the Data Privacy Lead for Canada (who is supported by the Ethics & Compliance data privacy team in undertaking such functions). If you are in Quebec, you can contact them by emailing AskE&C@riotinto.com.
[Act Respecting the Protection of Personal Information in the Private Sector, Quebec, section 3.1]
A privacy statement will be provided at the time personal data is collected from you (in accordance with Data Privacy Principle 1). In addition, copies of privacy statements can be accessed as follows:
Otherwise please email AskE&C@riotinto.com for a privacy statement (or if you have any data privacy related questions or concerns).
This section of the Privacy Policy describes how Rio Tinto processes personal data and other data that is collected or obtained through this website.
Rio Tinto plc, a company registered in England, controls the personal data that is collected or obtained through this website.
With the exception of the use of cookies (explained below), Rio Tinto generally does not seek to collect personal data through this website.
However if you choose to provide personal data to Rio Tinto through this website (for example, by sending us an email), we will process that personal data to answer your query and if relevant, to manage our business relationship with you or your company. We won't process that personal data for other purposes except where required to meet our legal obligations or otherwise as authorised by law and notified to you.
Part 1 of this Privacy Policy contains the Rio Tinto Data Privacy Standard, which provides an overview of Rio Tinto’s approach to personal data processing. There is additional information in the appendices to the Data Privacy Standard, including information about disclosures, trans-border data transfers, the exercise of data subject rights and how to make complaints or obtain further information relating to Rio Tinto’s processing of your personal data.
If you choose to subscribe to our media releases or other communications, you can unsubscribe at any time (by following the instructions in the email or by contacting us at digital.comms@riotinto.com).
With your consent, our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive.
As some data privacy laws regulate IP addresses and other information collected through the use of cookies as personal data, Rio Tinto’s processing of such personal data needs to comply with its Data Privacy Standard (see Part 1 of this Privacy Policy), and also applicable data privacy laws.
We use the following cookies:
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
You can find more information about the individual cookies we use and the purposes for which we use them in the tables below:
COOKIE CATEGORY
COOKIE NAME
DESCRIPTION
DURATION
Strictly necessary cookies
Azure
ARRAAffinity
This cookie is essential for our site and enables us to load balance site traffic between web servers. The server connection is maintained and tracked for the duration of the session.
At end of session
ASP.NET_SessionId
General purpose platform session cookie, used by sites written with Miscrosoft .NET based technologies. Usually used to maintain an anonymised user session by the server.
Performance/analytical cookies
Sitecore Analytics
SC_ANALYTICS _GLOBAL_COOKIE
These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.
More information available.
10 years
Functional cookies
Site Selector
Sxa_site
These cookies are used to record which location and language the users has selected.
Site_name#lang
Cookie policy
privacy-notification
This cookie is used for our cookie notification banner. The cookie banner will appear the first time you accept or reject the cookie policy as laid out in the privacy notification. This is how we collect and confirm your consent to the use of cookies. If you choose to clear your cookies prior to each visit to our website, you will see the cookie banner upon entry to the website on each visit.
1 year
pxcelBcnLcy
Part of the ShareThis sharing button functionality. Unique identifiers given to each computer to allow traffic analysis to ShareThis
pxcelPage _c010_B
2 months
__stid
ShareThis cookies to help to share site content on social media sites
Session
Pref
This cookie stores your preferences and other information, in particular preferred language, how many search results you wish to be shown on your page, and whether or not you wish to have Google’s SafeSearch filter turned on.
8 months
VISITOR_INFO1 _LIVE
A cookie that YouTube sets that measures your bandwidth to determine whether you get the new player interface or the old.
179 days
GPS
Registers a unique ID on mobile devices to enable tracking based on geographical GPS location.
1 day
YSC
This cookie is set by the YouTube video service on pages with embedded YouTube videoyo
ig_did
This is an Instagram cookie that enables social media functionality within the site.
mid
rur
shbid
5 days
shbts
urlgen
csrftoken
Investis cookies are set by Investis controlled domains and are included for completeness.
ASP.NET _SessionId
AWSELB
This cookie is essential for enables Investis to load balance site traffic between web servers.
AWSALB
1 week
_ga
These cookies are used to collect information about how visitors use the Investis site.
2 years
This website relies on a range of security measures to protect data that is exchanged through this site, including firewalls, intrusion detection systems and virus scanning tools. These are intended to protect against unauthorised persons and viruses from accessing the information that you provide to us, and we to you. However, please be aware that there are inherent risks in transmitting information by use of the Internet and other online or electronic transmission systems and that we cannot guarantee the security of information transmitted in this way.
As with personal data that we collect in other ways, personal data that is collected online through this website may be shared between companies in the Rio Tinto Group and with external service providers who assist us with our services and functions. Personal data that is collected through this website may be stored and processed in any country where Rio Tinto or its external service providers operate. More information about the countries where Rio Tinto operates, and the location of key external service providers (data processors) is in Appendix 2 of the Rio Tinto Data Privacy Standard (in Part 1 of this Privacy Policy and available under the Privacy Policy link).
This website may contain links to third party websites (ie. that are not provided by Rio Tinto). Before providing personal data to third party websites, we recommend you examine the privacy policies on those websites. Rio Tinto is not responsible for the privacy practices on third party websites. Please note that such third parties may also use cookies, over which we have no control, so we recommend you check their cookies policy also.
Энэ цахим хуудсыг ашиглах явцад бий болсон таны хувийн мэдээллийн тухай. Энэ цахим хуудсыг ашиглах явцад бий болсон хувийн мэдээллийг (Cookies ашиглахаас бусад тохиолдолд) Рио Тинто компани цуглуулдаггүй. Гэхдээ энэ цахим хуудсаар дамжуулан бидэнд цахим шуудан явуулсан тохиолдолд түүнд байгаа хувийн мэдээллийг танд хариу өгөх, эсвэл тантай болон танай компанитай харилцах бизнесийн харилцаанд ашиглах боломжтой. Хувийн мэдээллийг хууль тогтоомж, дүрэм журам биелүүлэх шаардлагын дагуу танд мэдэгдэж ашиглахаас бусад зорилгоор ашиглахгүй. Та манай компанийн хэвлэлийн мэдээ, бусад мэдээллийг цахимаар авахаар бүртгүүлсэн бол (цахим шууданд байгаа зааварчилгааны дагуу, эсвэл бидэнтэй холбогдож) бүртгэлээ хэзээ ч цуцлах боломжтой.
Таныг энэ цахим хуудасны бусад хэрэглэгчдээс ялган танихын тулд Cookies-ийг таны зөвшөөрөлтэйгөөр ашигладаг. Энэ нь цахим хуудсаар дамжуулан мэдээллийг илүү сайн хүргэх, мөн энэхүү цахим хуудсыг сайжруулах боломжийг олгодог юм. Cookies нь таны зөвшөөрөлтэйгөөр хөтөч эсвэл компьютерын санах ойд хадгалагддаг үсэг, тооноос бүрдсэн жижиг цахим файл юм. Cookies файлд таны компьютерын санах ойд дамжуулсан мэдээлэл багтдаг. Cookies ашиглан цуглуулсан IP хаягийн (интернэт протокол) болон бусад мэдээлэл нь зарим хууль тогтоомжийн дагуу хувийн мэдээлэлд тооцогддог. Эдгээр мэдээллийг Рио Тинто ашиглах нь тус компанийн Мэдээллийн Нууцлалын Стандарт (Нууцлалын журмын 1 дэх хэсгийг үзнэ үү) болон мэдээллийн нууцлалын талаарх холбогдох хууль тогтоомжид нийцэж байх ёстой.
ЭНЭ ЦАХИМ ХУУДСААР ДАМЖУУЛАН ӨГСӨН, ЭСВЭЛ ОЛЖ АВСАН МЭДЭЭЛЛИЙГ БИД ХЭРХЭН АШИГЛАДАГ ТАЛААР Cookies ашиглахаас бусад тохиолдолд (өмнө тайлбарласан) Рио Тинто компани энэ цахим хуудсаар дамжуулан хувийн мэдээллийг цуглуулдаггүй. Гэхдээ энэ цахим хуудсаар дамжуулан (жишээ нь цахим шуудан явуулах замаар) Рио Тинто компанид хувийн мэдээллээ өгсөн тохиолдолд уг мэдээллийг танд хариу өгөх, эсвэл тантай болон танай компанитай харилцах бизнесийн харилцаанд ашиглах боломжтой. Хувийн мэдээллийг хууль тогтоомж, журам биелүүлэх шаардлагын дагуу танд мэдэгдэж ашиглахаас бусад зорилгоор ашиглахгүй. Нууцлалын Журмын нэгдүгээр хэсэгт хувь хүний мэдээллийг ашиглахтай холбоотой Рио Тинто компанийн баримтлах зарчим, нууцлалын стандарт багтдаг. Мэдээллийн Нууцлалын Стандартын хавсралтад мэдээллийг ил болгох, дамжуулах, мэдээллийн агуулгыг эзэмших эрхийг хэрэгжүүлэх, хэрхэн гомдол гаргах, эсвэл хувь хүний мэдээллийг ашиглахтай холбоотой Рио Тинто компанийн бусад мэдээллийг олж авах талаарх нэмэлт мэдээлэл багтсан байгаа. Та манай компанийн хэвлэлийн мэдээ, бусад мэдээллийг цахимаар авахаар бүртгүүлсэн бол (цахим шууданд байгаа зааварчилгааны дагуу, эсвэл digital.comms@riotinto.com хаягаар хандаж) бүртгэлээ хэзээ ч цуцлах боломжтой.
Хэрэглэгч цахим хуудсыг илүү хялбар ашиглахад ашигладаг. Жишээ нь тодорхой агуулга, мэдээлэлтэй харьцаж буй үзүүлэлтийг хэмжих, эсвэл хэлний сонголт, видео бичлэг үзэх хэрэглэгчийн тохируулга зэргийг сануулах гэх мэт.
Эдгээр нь цахим хуудасны ашиглалтад анализ хийж, түүнд үнэлгээ өгөх, үйл ажиллагааг нь сайжруулах боломжийг бидэнд олгодог. Энэ нь хэрэглэгч цахим хуудсанд ямар давтамжтайгаар, хэзээ, хэчнээн хугацаагаар зочилсон гэх мэт ашиглалтын мэдээллийг олж авахад тусалдаг.
Зар сурталчилгааны компаниуд таны хүсэл сонирхолд тулгуурлан ашиглаж буй цахим хэрэгсэл рүү зар сурталчилгаа илгээхэд ашигладаг. Энэ нь нийгмийн сүлжээнд мэдээлэл хуваалцах, мөн тодорхой зар сурталчилгааны мэдээлэлтэй харьцаж буй таны үйлдлийг бүртгэж авахад ашиглагддаг.