Privacy Policy

PRIVACY POLICY 

 

1. Purpose (APP 1) 

This Privacy Policy explains how Enervest Pty Ltd (Enervest, we, us, our) manages personal information in an open and transparent way, in accordance with the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth). 

The purpose of this policy is to: 

  • Protect the privacy of individuals whose personal information we handle. 
  • Ensure Enervest meets its legal and regulatory obligations. 
  • Set clear expectations for employees, contractors and leaders. 
  • Support consistent, lawful and respectful handling of personal information. 

We are committed to protecting the privacy of individuals whose personal information we handle, including our staff, contractors, landholders, community members, website users, suppliers and other stakeholders. 

This Privacy Policy is publicly available on Enervest’s website and can be provided in an alternative format on request. Enervest will take reasonable steps to ensure this policy remains current and accessible. 

 

2. Scope 

This policy applies to: 

  • All Enervest employees, officers, directors, contractors and consultants. 
  • All personal information handled by Enervest, whether in electronic or hard copy form. 
  • All stages of the information lifecycle, including collection, use, disclosure, storage and disposal. 

This policy applies across all Enervest operations, including development activities, community engagement, landholder relations, recruitment and corporate functions.

 

3. Effective Date 

9 February 2026

 

4. Definitions 

Personal information: As given in the Privacy Act 1988 and includes information or an opinion about an identified individual, or an individual who is reasonably identifiable. 

Sensitive information: Is personal information that is afforded a higher level of protection under APP 3, such as information about health, racial or ethnic origin, political opinions or criminal history.

 

5. Governance and Accountability (APP 1) 

Enervest is committed to strong privacy governance. 

5.1 Roles and responsibilities 

(a) Executive Leadership Team 

  • Provide oversight of privacy risk. 
  • Ensure appropriate resources and systems are in place. 
  • Review significant privacy incidents and remediation actions. 
  • Are accountable for organisational compliance with this policy. 

(b) Quality and Compliance Officer 

  • Maintains this policy and related procedures. 
  • Provides advice on APP compliance. 
  • Manages privacy enquiries, complaints and access requests. 
  • Oversees data breach response and regulatory engagement. 

(c) All employees and contractors 

  • Must comply with this policy. 
  • Must only access personal information required for their role. 
  • Must report suspected privacy incidents immediately. 

Where Enervest engages third parties or service providers to handle personal information on its behalf, Enervest will progress the reasonable steps to ensure those parties handle personal information in a manner consistent with the Australian Privacy Principles. This includes implementing appropriate contractual obligations, oversight and security requirements. 

 

6. Categories Of Personal Information Collected and Held (APP 1.4 (a), APP 3) 

The kinds of personal information Enervest may collect and hold depend on how you interact with us. This may include: 

  • identity and contact details (e.g., name, email address, phone number, address) 
  • employment and recruitment information (e.g., resume, qualifications, work history, referees, right-to-work checks, payroll and superannuation details) 
  • contract, lease and commercial information (e.g., signatories, contact persons, billing and payment details) 
  • stakeholder and landholder engagement information (e.g., questions, feedback, meeting records) 
  • community engagement and public forum information (e.g., registration/attendance lists, consultation feedback) 
  • site visitor and access control information (e.g., sign-in records, inductions, competencies, incident reports, vehicle registration) 
  • website and online service information (e.g., IP address, device/browser information, pages visited, and form submissions) 
  • images and footage where used for security and safety (e.g., CCTV in offices or sites, where applicable) 

 

7. Collection and Holding of Personal Information (APP 1.4 (b), APPs 3–5) 

7.1 Solicited Collection (APP 3) 

Enervest will only collect personal information that is reasonably necessary for our functions or activities. We generally collect personal information directly from you when you: 

  • apply for a role or work with us (as an employee or contractor) 
  • contact us via our website, email, phone or in person 
  • enter into a contract or lease with us, or provide services to us 
  • register for or attend community engagement activities or public forums 
  • visit an Enervest office or project site (including by signing in or completing inductions). 

We may also collect personal information from third parties where it is reasonable and lawful to do so, such as: 

  • recruitment referees or publicly available professional sources (e.g., LinkedIn) 
  • our clients, suppliers, advisers, project partners, and relevant stakeholders 
  • government agencies, regulators or public registers where permitted. 

Sensitive information will only be collected where: 

  • the individual has given consent, or 
  • collection is required or authorised by law, or 
  • another permitted exception under APP 3 applies. 

7.2 Website and online services (APPs 3 and 5) 

When you visit our website, we may collect information such as IP address, device and browser type, pages visited, and date/time of access. We may use cookies and analytics tools to help us understand website usage and improve performance and user experience. You can manage cookies through your browser settings. If you disable cookies, some parts of the website may not function properly. 

If our website includes third-party content or links (for example maps, videos, or social media features), those third parties may collect information about you in accordance with their own privacy policies. 

When you submit an enquiry, registration, subscription or application via our website, we collect the information you provide to respond to your request and manage our relationship with you. Some of our third-party service providers may store or process information outside Australia. 

7.3 Unsolicited information (APP 4) 

If Enervest receives personal information that we did not solicit, we will determine whether we could have lawfully collected it under APP 3. If not, we will securely destroy or de-identify the information as soon as practicable. 

7.4 Notification of collection (APP 5) 

When collecting personal information, Enervest will take reasonable steps to notify individuals (or ensure they are aware) of: 

  • our identity and contact details 
  • the facts and circumstances of collection 
  • the purposes of collection 
  • the usual disclosures of the information (including to service providers) 
  • whether collection is required or authorised by law (where relevant) 
  • the consequences of not providing information 
  • how to access this policy and how to request access/correction 
  • whether the information is likely to be disclosed overseas (and, if practicable, the countries). 

7.5 How we hold personal information (APP 5) 

We hold personal information in secure electronic systems and/or physical records. We use access controls and other safeguards to protect personal information (see section 16). 

 

8. Anonymity and Pseudonymity (APP 2) 

Where practicable, Enervest will give individuals the option to interact with us anonymously or using a pseudonym. This may not be possible where identification is required to carry out our functions or meet legal obligations. 

 

9. Use and Disclosure of Personal Information (APP 6) 

Enervest will only use or disclose personal information for: 

  • the primary purpose for which it was collected, or 
  • a related secondary purpose that an individual would reasonably expect, or 
  • another purpose permitted or required by law, or 
  • where the individual has consented. 

Uses include stakeholder communication, landholder and community engagement, recruitment, employment, contract administration, site access management, operational improvement and regulatory compliance. 

Unauthorised use or disclosure of personal information is strictly prohibited. 

Oversea disclosure may include the United States or EU and other locations where our service providers operate. 

 

10. Direct Marketing (APP 7) 

Enervest uses personal information for direct marketing only where permitted by law. Communications will be relevant and proportionate, and individuals may opt out at any time. 

 

11. Cross-Border Disclosure (APP 8) 

Before disclosing personal information outside Australia, Enervest will take reasonable steps to ensure the overseas recipient does not breach the APPs, unless an exception under APP 8 applies. 

This includes situations where Enervest uses cloud-based systems, external advisors or service providers that may store or access information from outside Australia. In these cases, Enervest will assess privacy and security risks and implement appropriate contractual and technical safeguards. 

 

12. Government Related Identifiers (APP 9) 

Enervest will not adopt, use or disclose government related identifiers, except where permitted by APP 9. 

 

13. Data Quality (APP 10) 

Enervest will take reasonable steps to ensure that personal information we collect, use or disclose is accurate, up to date, complete and relevant. 

 

14. Data Security and Retention (APP 11) 

Enervest will take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure. 

Security measures include: 

  • Access controls and role-based permissions. 
  • Secure storage of physical and electronic records. 
  • Approved systems and devices. 
  • Secure disposal and destruction processes. 

Personal information is retained only for as long as it is required to fulfil the purpose for which it was collected, or to meet legal, regulatory or reporting obligations. Once no longer required, information is securely destroyed or de-identified. Personal information will be destroyed or de-identified when it is no longer required, unless retention is required by law. 

Eligible data breaches will be assessed and managed in accordance with the Notifiable Data Breaches scheme. 

 

15. Access to Personal Information (APP 12) 

Individuals may request access to personal information held about them by Enervest. Requests will be handled within a reasonable timeframe and in accordance with APP 12. 

 

16. Correction of Personal Information (APP 13) 

Enervest will take reasonable steps to correct personal information to ensure it is accurate, up to date and complete when requested or when we become aware it is inaccurate. 

 

17. Privacy Enquiries and Complaints 

Privacy enquiries, access requests or complaints may be directed to: 

Quality & Compliance Officer 

Email: hello@enervest.com.au 

Phone: 1300 164 211 

Address: Level 6, 627 Chapel Street, South Yarra VIC 3141 

We will acknowledge your complaint and investigate it promptly and fairly. We aim to respond within 30 days. If the matter is complex and needs more time, we will let you know. There is no cost to make a complaint. 

If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC). 

 

18. Monitoring and Compliance 

Compliance with this policy will be monitored through: 

  • Periodic reviews. 
  • Internal audits where appropriate. 
  • Mandatory training and awareness activities. 

 

19. Breaches and Consequences 

Failure to comply with this policy may result in disciplinary action, up to and including termination of employment or contract, and may expose Enervest to regulatory action. 

 

20. Review 

This policy will be reviewed at least annually and following: 

  • Material changes to privacy law. 
  • Significant changes to Enervest operations. 
  • A serious privacy incident.