This privacy policy (Policy) sets out in accordance with the Privacy Act 1988 (Cth) the way in which Inland Rail Pty Ltd (IRPL) (ACN 094 819 520) and its associated entities (IRPL, we, us, or our) may collect, store, use, manage and protect your (you, your) Personal Information.


  • using this website;
  • accessing, requesting information on, enquiring about, or providing feedback in relation to,  IRPL operations, services or projects (online, in writing, by telephone or in person); or
  • otherwise providing Personal Information to IRPL, its officers, agents or employees

after this Policy has been brought to your attention, you acknowledge and consent to the use, collection, storage or disclosure of your Personal Information by us in accordance with this Policy and the Privacy Act.

If you do not agree to us handling your Personal Information in the manner set out in this Policy you must immediately cease to access this website, our operations, services, and projects and you should not provide us with any of your Personal Information.

However, if you choose not to provide your personal information to us, we may not be able to answer your query, provide any information or otherwise effectively address any matter you raise with us.

What is Personal Information?

We follow the definition of Personal Information given in the Privacy Act:

Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:

  • whether the information or opinion is true or not; and
  • whether the information or opinion is recorded in a material form or not.

What kinds of Personal Information might we collect and hold?

  • We may collect (and hold) different Personal Information about you depending upon how you interact with us. This information may vary depending on the specific needs of IRPL, however, it may include:
    • your name, address and phone number;
    • your email address;
    • demographic information;
    • comments and feedback;
    • queries, complaints, or enquiries;
    • messages, emails, voicemail and other correspondence;
    • responses to surveys;
    • your interaction with our websites or our officers, agents, employees or contractors;
    • what computer configurations and software you use;
    • your employment;
    • your business history with us;
    • your business or associated companies or entities;
    • your preferences;
    • the frequency of your enquiries;
    • your location;
    • how and when you use our services; and
    • any information regarding your dealings with us.
  • If you are a landholder, we may obtain Personal Information about your property and your use of it.
  • If you are a contractor, we may collect Personal Information about your working history with us.
  • If you are a customer, we may collect Personal information about your relationship with IRPL.

How do we collect Personal Information?

We collect Personal Information:

  • directly from you (when we contact you, when you contact us, when you visit us or when we visit you); and
  • from third parties who you have authorised to provide us with information.

How do we hold and secure your Personal Information?

We may store your Personal Information in hard copy format, digitally, on site or with a third party storage provider. All hard copy material is secured using physical building and premises security systems. All digital material is secured using segregated corporate information technology systems. Any digital transfer of Personal Information is secured using TLS 1.2 (a strong protocol), ECDHE_RSA with P-256 (a strong key exchange), and AES_256_GCM (a strong cipher).

IRPL uses data storage providers located inside Australia. Where appropriate, IRPL has agreements with its storage providers to keep all Personal Information they store secure, using reasonable and appropriate security methods.

Why do we collect, hold, use and disclose Personal Information?

IRPL may collect Personal Information for a number of reasons, including:

  • providing you with products or services;
  • providing you with information about our operations, services or projects;
  • developing or refining operations or services;
  • internal business purposes;
  • providing you with marketing or other communications material;
  • contacting you in relation to our business or project activities;
  • better understanding our clients, customers and stakeholders;
  • tailoring our services and operations; and
  • corporate governance, auditing and record keeping.

Our use of Personal Information may extend beyond these uses, but will be restricted to purposes that we consider to be related to our functions and activities.

What do we do with your Personal Information?

If we collect Personal Information from you, we may:

  • use that information for any of the purposes outlined in this Policy;
  • store that information in accordance with this Policy;
  • pass that information amongst entities we work with;
  • pass that information to third parties who provide products or services to us (including our accountants, auditors, lawyers, IT contractors, design and construction contractors, and other service providers); or
  • provide that information to third parties as required by law.

What about Cookies?

When you access our website, we may receive information about you via a ‘cookie’.

A cookie is a piece of information that our web server may send to your computer when you visit the website.

The cookie is stored on your machine, but does not identify you or give us any information about your computer.

A cookie helps us to recognise when you re-visit the website, and to optimise your experience.

We do not collect any Personal Information from you when you use cookies on our website.

What about device-based location information?

We may provide certain features or services through our website that rely upon device-based location information. By ‘allowing’ IRPL to access your device-based location information you are consenting to the collection, use, transmission, processing and maintenance of your location data, including the real-time geographic location of your device and information related to your web visit. Such information may include, but is not limited to, your device ID and name, device type and real-time geographic location of your device at time of your visit.

Can you access your Personal Information or request it be corrected?

  • You may request access to the Personal Information that we hold about you by contacting us by any of the methods as set below.
  • Upon receiving an access request we may request further details from you to verify your identity. We reserve the right not to provide you with access to Personal Information if we cannot verify your identity to our reasonable satisfaction.
  • An administrative fee may be charged to cover our costs in providing you with access to your Personal Information. This fee will be explained to you before it has been incurred.
  • We will respond to your access request within a reasonable period of time by:
    • providing you with access to your Personal Information;
    • rejecting your access request, and providing you reasons for this rejection.
  • Access requests may be denied where:
    • we believe your request is frivolous or vexatious;
    • we are entitled to reject a request by law;
    • we are unable to verify your identity; or
    • you have not paid the administrative fees referred to above.
  • If you believe that the Personal Information that we hold is inaccurate or otherwise requires correction, you may send us a correction request by contacting us by any of the methods as set out below. We will review your Personal Information and respond to the request within a reasonable period of time.

What happens if you want to deal with us anonymously or by using a pseudonym?

You can deal with us either anonymously or by using a pseudonym if you choose. If, however, you do so we may not be able to answer your query, provide you with accurate or useful information, or otherwise effectively address any matter you raise with us, and you may not be able to access a full range of our operations and services. Further, we may not be able to investigate incidents or complaints you have made.

Does this policy ever change?

From time to time we may make changes to this Policy. When we do, we will highlight those changes in yellow highlight for a period of 14 days. Changes come into effect from the time when they are brought to your attention, or when you next log on to our website, whichever is earlier. Please make sure you review the Privacy Policy each time you visit our website to keep up to date on any changes.

What happens if you have a question or complaint about how we have handled your Personal Information?

For further information about our privacy policy and related information practices, or to make a complaint, please contact us by one of the following methods:

We take all complaints seriously and will respond to you within a reasonable period of time, unless we consider your complaint to be frivolous or vexatious or if we are unable to verify your identity.

If you aren’t satisfied with the way we have handled your complaint, you can make a complaint to the Office of the Australian Information Commissioner at