Jump to content

This notice explains how Fortescue handles personal information for the audience described below. It supplements the Fortescue General Privacy Policy.

For people who raise concerns via Fortescue’s Speak Up channels (including anonymous reports), and for individuals named in, or assisting with, an investigation.

Last reviewed and updated 9 October 2025.

At a glance

  • What we collect

    Report details and supporting evidence; optional reporter contact details or anonymous IDs; names/roles of involved persons; investigation records (notes, interviews, findings); system audit logs.

  • Why

    To receive, assess and investigate concerns, take action, and meet legal and regulatory obligations.

  • Sharing

    Confidential case‑management/hotline providers; internal investigators and audit; external counsel/forensics; regulators/law enforcement where required.

What we collect

  • System and case‑management logs for security and audit trail.
  • Investigation records (notes, interviews, evidence, findings and outcomes).
  • Names/roles of individuals involved and potential witnesses; relevant HR, finance or system records (to the extent necessary for the investigation).
  • Reporter contact details if provided, or anonymous reference IDs.
  • Report content (allegations, description, attachments) and metadata (time, channel).

Note: reports may include sensitive personal information or information about criminal allegations. We process such information only where necessary and authorised by law.

 

Why we use it

UK/EU/EEA lawful bases:

  • For our legitimate interests, including —
    • Receive, triage and investigate reports; take corrective and remedial actions.
    • Prevent, detect and respond to suspected misconduct or breaches of policy or law.
    • Protect workers and stakeholders, and manage case communications.
    • Use de‑identified or aggregated reporting for governance and learning.
    • Maintain internal controls, assurance and audit functions.
       
  • Public interest — where applicable to reporting wrongdoing.
  • Meet legal and regulatory obligations (including whistleblower protection regimes).

If you don’t provide enough information, we may be unable to investigate fully; you can still report anonymously where permitted.

 

Where we get it

  • Third‑party hotline or case‑management providers that operate the Speak Up channel on our behalf.
  • Internal systems and business records (accessed in line with policy and law).
  • Witnesses and individuals involved in the matter.
  • The reporter (anonymous or named).

 

Who we share it with

  • Insurers and brokers for claims handling (where applicable).
  • Regulators, law‑enforcement agencies or courts/tribunals where required by law.
  • External legal counsel, forensic/accounting investigators and other professional advisers.
  • Internal investigators, assurance and audit teams on a need‑to‑know basis.
  • Confidential case‑management and hotline providers.

For international transfers and safeguards, see the General Privacy Policy. We do not sell your personal information.

 

How long we keep it

We keep reports and investigation records for as long as necessary to meet legal and regulatory requirements and to establish, exercise or defend legal claims.

© Fortescue — 2025

Looking for another Privacy Notice?

Visit our Privacy Hub to find the notice that applies to you. 

Visit our Privacy Hub