Alfa Laval privacy policy

1.       Overview

In this Privacy Policy, ‘us’ ‘we’ or ‘our’ means Alfa Laval Australia Pty Ltd ABN [65 000 016 197] and Alfa Laval New Zealand Ltd NZBN [9429038787515] are the primary Legal Entities (LEs) responsible for the collection and handling of personal information (i.e. processing) in Australia (AU) and New Zealand (NZ) respectively. It forms part of the Alfa Laval Group with its ultimate parent LE Alfa Laval AB headquartered in Lund, Sweden.

We comply with applicable data protection and privacy laws including, where relevant, the EU General Data Protection Regulation (GDPR), the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (The Privacy Act) as amended by the Privacy and Other Legislation Amendment Act 2024 (Cth), New Zealand Privacy Act 2020 (Privacy Act) when handling personal information.

This Privacy Policy explains how we collect, hold, use, disclose and protect your (i.e. individual/ data subject) personal information.

This Privacy Policy is designed to meet all the requirements under the Australian Privacy Principles (APPs) and New Zealand’s Information Privacy Principles (IPPs) respectively. It reflects the updated regulatory expectations under laws in Australia (viz. the amendments) as well as New Zealand (viz. the amendments).

 

1.1      What is the Scope of this Privacy Policy?

The Alfa Laval Group has adopted this Privacy Policy which applies to all group companies and to all employees, consultants, contractors and other people working for or on behalf of the Alfa Laval Group in Australia and New Zealand. The privacy policy provides you with information about our processing of personal data relating to you (i.e. individual/ data subject):

  • as a representative/contact person of our business customers, suppliers, contractors and business prospects, including where you are using our customer portals;
  • as a user of our Web Services, or subscriber to our newsletter or other information from us;
  • as a participant to a corporate event organized by us (campaigns, conferences, customer events, etc.), or a visitor of our offices or factories (“Premises”)

This Privacy Policy applies to all personal data collected by Alfa Laval Group from users in Australia and New Zealand. It is one of our ways to demonstrate adherence to APP1 and IPP3 respectively.  It outlines the types of personal data we collect, how we use and share that data, and the security measures we implement to protect it. The policy also details your rights regarding your personal data and our use of cookies.

 

1.2      What Personal Information we collect?

Personal information means information about an identifiable individual (a natural person). The types of personal information we may collect about you include:

  • your name, your contact details, including email address, mailing address, street address and/or telephone number.
  • your credit card or payment details (through our third-party payment processor);
  • your preferences and/or opinions.
  • information you provide to us through customer surveys.
  • details of products and services we have provided to you and/or that you have enquired about, and our response to you;
  • information about your access and use of our Services, including through the use of Internet cookies, your communications with our online Services, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider;
  • any other personal information requested by us and/or provided by you or a third party.
  • technical identifiers such as IP address, device identifiers, cookie data and online interaction metadata, which may constitute personal information under expanded definitions in applicable privacy laws;

 

1.3      How we collect personal information?

We collect personal information in a variety of ways, including:

Directly: We collect personal information that you provide to us directly, including when you register for an account, contact us through our website, communicate with us via email, telephone, customer portals, or participate in events and service engagements. Where required by law, we will take reasonable steps to notify individuals at or before the time of collection about the purposes of collection, consequences of non-provision, overseas disclosures, and how to access or correct their personal information in accordance with APP 5 and NZ IPP 3.

Indirectly: We may collect personal information which you indirectly provide to us while interacting with us, such as [when you use our website, in emails, over the telephone and in your online enquiries. When collecting personal information indirectly (e.g. from a third party), we will take reasonable steps to notify you of the collection as soon as practicable, including the source of the information. Where personal information is collected from third parties or other indirect sources, we will take reasonable steps to notify you of the collection, the source of the information and the purposes of collection as soon as practicable, in accordance with APP 3, APP 5 and NZ IPP 3.

Consent in case of minor : While we do not knowingly collect the information for individuals under the age of 18 , but if we collect personal information of individuals under the age of 18, we will take reasonable steps to obtain verifiable parental or guardian consent before collection, use or disclosure of such personal information, in accordance with anticipated regulatory guidance on children’s privacy from 2025.

 

1.4      Why we collect, hold, use and disclose personal information?

Collection and use of personal information

Personal information: We may collect, hold, use and disclose personal information for the following purposes:

  • to enable you to access and use our Services;
  • to provide our Services to you, including to [dispatch and deliver our products to you,] [register your attendance at our events,] [assess your application,] [to manage your appointments,];
  • to enable you to access and use our associated applications;
  • to contact and communicate with you about our Services;
  • for internal record keeping, administrative, invoicing and billing purposes;
  • for analytics, market research and business development, including to operate and improve our Services, associated applications;
  • for advertising and marketing, including to send you promotional information about our products and services and information that we consider may be of interest to you;
  • to comply with our legal obligations and resolve any disputes that we may have;
  • if you have applied for employment with us; to consider your employment application; and
  • if otherwise required or authorised by law.
  • Before we engage in automated decision-making that has a legal or similarly significant effect on you, we will provide meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing.

 

1.5      Disclosure of personal information to Intracompany and third parties

We may disclose personal information to:

  • sister companies and affiliates as part of same Alfa Laval Group and where Alfa Laval has its place of business to facilitate, support and integrate the organization’s global operations. Thus, Personal Data is transferred across cross border from AU/NZ to EU/EEA and other jurisdictions.
  • for illustration: where for identical purposes, the Assets where personal data is stored are common i.e. personal data is stored in the same repository and managed by common resources (i.e. Shared Services for HR, Finance Function etc.), personal data is shared within the Alfa Laval Group.
  • service providers who require access to personal information for legitimate business, operational, compliance or technical support purposes, or for the purpose of enabling them to provide their services to us and to our existing or potential agents or business partners; subject to confidentiality and data protection obligations;
  • anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred;
  • courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;
  • courts, tribunals, regulatory authorities and law enforcement officers, as required or authorised by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights; and
  • any other third parties as required or authorised by law or with your (data subject) consent.

 

1.6      Overseas (Cross Border) data transfer as part of disclosure:

Due to the global nature of the Alfa Laval Group’s operations and IT infrastructure, personal information may be transferred to and processed by related entities (intra company) and service providers (third parties) located outside Australia (AU) and New Zealand (NZ), including jurisdictions where data protection laws may differ.

We take reasonable steps to ensure that overseas recipients handle personal information in a manner consistent with the Australian Privacy Principles (APP 8) and the NZ’s Information Privacy Principles (IPP 12) including through contractual safeguards, data transfer impact assessments, internal group policies, and due diligence processes. Before disclosing any personal information to an overseas recipient, we will comply with this Privacy Policy and will only disclose the information if any of the following applies:

  • We reasonably believe that:
  • The overseas recipient is subject to a law or binding scheme that is, overall, substantially similar to the Australian Privacy Act 1988 (Australia), Privacy Act 2020 (NZ) and the General Data Protection Regulation (GDPR).
  • That the overseas recipient is required to protect your personal information in a way that provides comparable safeguards to those in Australian and New Zealand privacy laws (for example, pursuant to a data transfer agreement endorsing data privacy principles entered into between us and the overseas recipient).
  • Where other jurisdictions (e.g. Overseas Recipient) have officially recognized that Privacy Laws such as in New Zealand constitute providing an adequate level of data protection as theirs.
  • The disclosure is required or authorised by an Australian/New Zealand law or court/tribunal order; or
  • Where we transfer personal information to jurisdictions not included in the APP 8 whitelist, we will assess and implement appropriate contractual and technical safeguards, including data transfer impact assessments (DTIAs) where appropriate.
  • You (data subjects/individuals) have given us your consent to disclose your personal information to that third party;

 

1.7      Your rights and controlling your personal information

Your choice: Please read this Privacy Policy carefully. If you provide personal information to us, you understand we will collect, hold, use and disclose your personal information in accordance with this Privacy Policy. You do not have to provide personal information to us, however, if you do not, it may affect our ability to provide our Services to you and your use of our Services. You may request access to, or correction of, your personal information subject to legal exceptions. You can exercise your applicable data privacy rights of erasure; restrict and unsubscribe; access and correction; etc. here at: Privacy Web Form.

Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.

Right to erasure and Object: You have the right to object at any time to the processing of your personal information for direct marketing purposes, and we will no longer process your personal information for such purposes upon receiving your objection Where applicable under relevant data protection laws (including GDPR where it applies), you may have the right to request deletion, restriction or objection to certain processing activities. Under Australian and New Zealand privacy law, individuals primarily have rights to access and correct their personal information, subject to lawful exception.

Restrict and unsubscribe: To object to processing for direct marketing/unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.

Access and Correction: Subject to certain grounds for refusal set out in the Privacy Act, you may request access to, and correction of, the personal information that we hold about you. Please contact us using the details below. We will deal with your request in accordance with the Privacy Act.

Retention: We will not keep your personal information for longer than is required for the purposes for which your personal information may lawfully be used.

Complaints: If you wish to make a complaint, please contact us using the details below and provide us with full details of the complaint about a breach of privacy laws. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take in response to your complaint. You may have rights under applicable law, including the ability to seek legal remedies in Australia and/or New Zealand for serious invasions of privacy involving misuse of personal information, subject to legislative developments and applicable legal thresholds. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) or the Office of the Privacy Commissioner (New Zealand) in accordance with applicable privacy laws.

 

1.8      Storage and security

We are committed to ensuring that the personal information we collect is secure. We have put in place appropriate physical, electronic, technical and organisational safeguards, including access controls, cybersecurity protections, encryption measures, vendor risk management and governance oversight, to protect personal information from misuse, interference, loss and unauthorised access, modification or disclosure in accordance with APP 11 and NZ IPP 5.

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, to comply with legal, regulatory, accounting and operational obligations, and to manage corporate risk. When personal information is no longer required, we will take reasonable steps to securely destroy or de-identify it in accordance with applicable privacy laws.

 

1.9      Notifiable Data Breaches

In accordance with the Privacy Act 1988 (Cth) and the Notifiable Data Breaches (NDB) scheme, where an eligible data breach is likely to result in serious harm, we will assess the incident and notify affected individuals and the Office of the Australian Information Commissioner as required by law. We will also comply with applicable breach notification obligations under the New Zealand Privacy Act 2020.

 

1.10    Cookies

We may use cookies on our online Services from time to time. Cookies are text files placed in your computer's browser to store your preferences. Cookies, by themselves, do not tell us your email address or other personally identifiable information. However, they do recognise you when you return to our online Services and allow third parties, such as Google and Facebook, to cause our advertisements to appear on your social media and online media feeds as part of our retargeting campaigns. If and when you choose to provide our online Services with personal information, this information may be linked to the data stored in the cookie.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our online Services.

 

1.11    Links to other websites

Our Services may contain links to other websites. We do not have any control over those websites, and we are not responsible for the protection and privacy of any personal information which you provide whilst visiting those websites. Those websites are not governed by this Privacy Policy.

 

1.12    Amendments

We may, at any time and at our discretion, update or amend this Privacy Policy to reflect changes in legal, regulatory, technological or operational requirements. Where required by applicable law, we will provide reasonable notice of any material changes. We recommend checking our website regularly to stay informed about our current Privacy Policy, which should be read in conjunction with our global policy available at our global website: Alfa Laval privacy policy | Alfa Laval. Where any applicable laws or regulations conflict with this Policy, the stricter rule prevails.

 

For any questions or notices, please contact us at:

 

Alfa Laval Australia Pty Ltd.

Address: 14 Healey Circuit, - NSW 2148 Huntingwood, Australia

Email: australia.info@alfalaval.com

Alfa Laval Group Privacy Team

Email: dataprivacy@alfalaval.com

 

Version

This policy was published on 23 June 2026.