Skip to main content


Our Privacy Policy explains how we collect, manage and use Personal Information, and how you can exercise your privacy rights.

Read our privacy policy in multiple languages:

Our Privacy Policy is consistent with our Code of Business Conduct, and our commitments to respect and protect the Personal Information and privacy of others.

Read our Code of Business Conduct in multiple languages:
  • Code of Business Conduct and Speak Up Policy (English)
    504.00 KB
  • Code of Business Conduct and Speak Up Policy (Spanish)
    269.00 KB
  • Code of Business Conduct and Speak Up Policy (Portuguese)
    252.00 KB
  • Code of Business Conduct and Speak Up Policy (Simplified Chinese)
    562.00 KB

Privacy Policy FAQ

Learn more about South32's Privacy Policy.

At South32, a Policy is statement of principles to guide decisions and actions expected to be undertaken by any person involved in any of the entities part of South32, in this case, in relation to matters involving data privacy.

This Privacy Policy (“Policy”):

  • relates to “Personal Information”, which is any information (including an opinion) about an identified or identifiable person
  • explains how we collect, manage, and use Personal Information, and how you can exercise your privacy rights.

The privacy laws that apply in your case will depend on your relationship with South32 and the context in which South32 handles your Personal Information.

This Policy applies to South32 Limited, its subsidiaries, and its operated or controlled joint ventures. We require our People to follow this Policy, as well as those of our Processors authorised to manage Personal Information on our behalf.

Information that you provide voluntarily

At times, South32 may ask you to voluntarily supply Personal Information. For example, we may ask you to provide your contact details when you submit enquiries to us.

Information that we collect automatically

When you visit our website, or use our products and services, we may collect certain information automatically from your device. Specifically, we may collect information like your device type, unique device identification numbers, browser-type, broad geographical location, and other technical information from you.

Information that we obtain from third party sources

We may collect Personal Information about you from publicly available sources or from a third party, such as through your representatives, contractors who provide services to us, or where you have expressed interest in working with South32, Personal Information provided to us by HR practitioners.

The Personal Information we may collect depends on our relationship with you. Please see Appendix 1 in the policy document for a detailed breakdown.

The Personal Information you provide, is processed on either a) contractual basis, b) given your consent, or c) because it is required by law.

What are cookies?

Cookies are small data files that are placed on your computer or mobile device when you visit a website to track the number of visitors to our website, collect information (where available) about your computer or mobile device for system administration purposes, to evaluate our website’s effectiveness and improve your experience.

How can I control cookies?

You have the right to decide whether to accept or reject cookies. You can set or amend your web browser controls to accept or refuse cookies.

Protection of Personal Information

We are committed to protecting all Personal Information we collect from you in accordance with newest and current standards of technology, implementing security controls and conducting periodic audits.

Retention of Personal Information

We are committed to keeping your Personal Information safe, confidential, and secure. We update our Personal Information safeguards from time to time to address new and emerging security threats.

Disposal of Personal Information

We only retain Personal Information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a product or service you have requested, or to comply with applicable legal, tax or accounting requirements). In consideration of these requirements, South32’s aim is to keep your Personal Information for no longer than is necessary for compliance or other legitimate business purposes. We apply our standard document retention and disposal procedures and processes to records that include Personal Information.

Disclosure between South32 entities

Your Personal Information may be disclosed between related entities within the South32 Group worldwide and used by those entities for the same purposes for which we are entitled to use it.

Disclosure to Processors and other third parties

In appropriate circumstances, we may also disclose your Personal Information to Processors and third parties, to fulfil our contract with you or for legitimate purposes. These Processors and third parties may include auditors and advisers, service providers and business partners, law enforcement, or any other person with your consent to the disclosure, among others.

In some cases, the Processors and third parties to whom South32 may disclose your Personal Information may be located outside your country of residence. This means that when we collect your Personal Information we may process or transfer it to a country other than the country in which you are located, in which South32 operates. When doing this, we will take appropriate safeguards to protect your Personal Information and that the recipient will handle the information in a manner consistent with this Policy and all applicable privacy laws.

Make a request

You can submit a request to exercise any of the following Data Subject rights by writing us to [email protected]. We will first need to prove your identity, and then proceed to verify and enact your request.

Right of Access and Correction

You can request access to your Personal Information held by us, or request that it be updated or corrected, at any time, by contacting us.

Right to Delete

You may request removal of any Personal Information you provided to us by contacting us.

If you are not happy with the handling of your complaint or concern, you may escalate it to your relevant privacy regulator. Click on the relevant country below for contact details of the relevant privacy regulator in that jurisdiction.

Australia: Office of the Australian Information Commissioner

European Union: The privacy regulators for each Member State are listed (along with contact details) on the following website here, including the UK ICO here.

Brazil: No regulator website currently available.

Canada: Contact details for Office of the Privacy Commissioner of Canada and Office of the Information and Privacy Commissioner for British Columbia.

Colombia: Superintendence of Industry and Commerce

Singapore: Personal Data Protection Commission (Singapore)

South Africa: The Information Regulator (South Africa)

United States: Contact details for the Federal Trade Commission. You can also contact the Arizona Attorney General.

If a data breach occurs and your Personal Information is compromised, we will follow the applicable data breach response requirements issued by the applicable authorities based on the jurisdiction you are located, and notify you in a timely manner, if required.

Promptly report any such incident per the contact section.

The current version of the Privacy Policy was published and approved on 14/04/2023.

We recommend you visit this site frequently, as we periodically update our Privacy Policy to reflect any changes in both our business and in the regulatory environment.

Information for Data Subjects in the UK/EEA

If we handle or process your Personal Information in the context of our UK establishment(s) in accordance with applicable privacy laws in addition to the rights above, you can also object to processing of your Personal Information, ask us to restrict processing of your Personal Information or request portability of your Personal Information, where those rights are available to you at law. Similarly, if we have collected your Personal Information with your consent, you can withdraw your consent at any time. You can exercise these rights at any time by contacting us using the details below.

South32 maintain a separate notice, which accompanies the Privacy Policy for UK/EEA Data Subjects.

Any question, concern or complaint relating to our UK processing activities can be directed by email to [email protected]

South32 will review and respond to your question, concern, or complaint as soon as possible, generally within 30 days of receiving it.

Information for Data Subjects in South Africa

If you have a question, concern, or complaint regarding the way in which we handle your Personal Information, or if you believe that South32 has failed to comply with this Policy or breached any applicable laws in relation to the management of that information, you can make a complaint.

South32 maintain a PAIA Manual which explains how you can get access to records.


This Manual has been prepared in accordance with Section 51 of the Promotion of Access to Information Act, Number 2 of 2000 (the “Act”) and the Protection of Personal Information Act, Act No 4 of 2013 (“PoPI”) of South Africa.

Any question, concern or complaint relating to our South African processing activities can be directed by email to [email protected]


Question, concern or complaint - Contact us

If you have a question, concern or complaint about how we handle your Personal Information, first contact our Privacy Officer [email protected]. This email can also be used as our specific point of contact on privacy matters for all the jurisdictions where we operate.

You can also contact us by mail:

Privacy Officer
South32 Limited
Level 35, 108 St Georges Terrace
Perth WA 6000