Privacy statement


This Privacy Statement provides you with information on how Rio Tinto Group of Companies (“Rio Tinto”, “we”, “us”, “our”) collects, uses, processes or discloses Personal Data and Sensitive Data that we may obtain from you. Rio Tinto values your trust and is committed to the responsible management, use and protection of your Personal Data.

The Rio Tinto company with whom you engage is the controller of your Personal Data.

  • Definitions

    “Affiliate” means an entity linked, or connected with, or controlled by Rio Tinto PLC or Rio Tinto Limited.

    “Applicable Laws” means the applicable privacy and data protection legislation in your home  jurisdiction.

    “External stakeholders” means former, current, and prospective customers, suppliers of goods or services,  government or public officials, or other stakeholders Rio Tinto interacts with, as part of its business activities.

    “Personal Data” means any information relating to an identified or identifiable natural person, including sensitive  data as defined under Applicable Laws. In this Privacy Statement, our use of the term “Personal Data” includes other similar terms under Applicable Laws, such as “Personal Information” and “Personally identifiable information.  In South Africa only, Personal Data also includes information of companies.

    “Privacy regulator” means the public authority that operates independently and is tasked with making sure local data protection laws are followed.   

    “Rio Tinto Group of Companies” means any affiliate or subsidiary of Rio Tinto PLC or Rio Tinto Limited.

    “Sensitive Data” means Sensitive Data, that may include racial or ethnic origin, religious or philosophical beliefs, political opinions, genetic data, biometric data, health, sexual orientation, criminal convictions, and or other information that receives special protections under Applicable Laws. In this Privacy Statement, our use of the term “Sensitive Data” includes other similar terms under Applicable Laws, such as “Sensitive Information”.

    “Subsidiary” means a company entirely or partially owned and managed by another company referred to as the parent company under Rio Tinto Group of Companies.

Visitors to our Rio Tinto sites or events

We may collect, use, process and disclose the following Personal Data from you, or others.

  • Your name, company name and address, job title, gender, home address, and contact information
  • Audio and or photographic/video: audio, electronic, visual, or similar such as, CCTV footage, or photographs, if you physically visit any of our Rio Tinto locations or participate in any live events that may be recorded
  • Your dietary requirements if you are attending an event
  • Sensitive Data such as:
  • health information or health checks (including, but not limited to; vaccination screening or advice, and medical history), or race or ethnicity, either directly or indirectly
  • alcohol and drug screening (this is required to ensure we comply with legal and policy obligations to keep our employees and you safe), or
  • information required for investigation of an incident or allegation (which may include Sensitive Data)
  • see section “Health and Medical Testing” for more information
  • Identity information such as passport details to verify identity
  • Automatic Number Plate Recognition (ANPR): details of vehicle registration numbers will be collected from some Rio Tinto sites
  • Clothing and shoe size for Personal Protective Equipment (PPE) wear
  • Information you voluntarily provide us
  • In certain circumstances, such as to attend social events, we collect Personal Data from children, of all ages, please see section “Children’s Personal Data” for more information. Personal Data will be limited to name and age only, for dietary requirements and children related activities

Visitors To Rio Tinto websites, microsites, or online platforms, such as RT Connect

We may collect, use, process and disclose the following Personal Data from you.

  • Your name, company name and address, job title, and contact information
  • Usage data: internet or other electronic network activity Information including, but not limited to, your interaction with our Websites or microsites, or email communication
  • Geolocation data: precise geographic location information from your use of our Website
  • Cookies, see below for more information and visit Cookies preferences on the Website

Members of the community where Rio Tinto operates or seeks to operate

We may collect, use, process and disclose the following Personal Data from you, or others.

  • Your name, and personal contact information, such as email address, home address, and telephone number
  • Audio and or photographic/video: audio, electronic, visual, or similar such as, CCTV footage, or photographs, if you physically visit or reside in any of our Rio Tinto locations or participate in any live events that may be recorded
  • Your dietary requirements if you are attending an event
  • Sensitive Data such as health information or health checks (including, but not limited to; vaccination screening or advice, and medical history), race or ethnicity, religious or philosophical beliefs, or your connection to the community or location, either directly or indirectly. See section “Health and Medical Testing” for more information
  • Information required for investigation of an incident or allegation (which may include Sensitive Data)
  • Identity information such as passport to verify identity
  • Education history, academics, or achievements
  • Employment status, and history, work industry, and work visa
  • Your family ties to a particular location, and how long you have lived there, and/or your heritage
  • Gender, marital status, signature, and any dependents’ information
  • Automatic Number Plate Recognition (ANPR): details of vehicle registration numbers will be collected from some Rio Tinto sites
  • Information you voluntarily provide us

External stakeholders

We may collect, use, process and disclose the following Personal Data from you, or others.

  • Your name, company name and address, job title, gender, and contact information
  • Anti money laundering, anti-bribery and corruption, conflict of interests, or sanction checks required by law for certain stakeholders, such as, but not limited to, government or public officials
  • Audio and or photographic/video: audio, electronic, visual, or similar such as, CCTV footage, or photographs, if you physically visit any of our Rio Tinto locations or participate in any live events that may be recorded
  • Your dietary requirements if you are attending an event
  • Sensitive Data such as:
  • health information or health checks (including, but not limited to; vaccination screening or advice, and medical history), race or ethnicity, political opinions, or philosophical beliefs, either directly or indirectly
  • alcohol and drug screening (this is required to ensure we comply with legal and policy obligations to keep our employees and you safe), or
  • information required for investigation of an incident or allegation (which may include Sensitive Data)
  • see section “Health and Medical Testing” for more information
  • Identity information such as passport details to verify identity
  • Automatic Number Plate Recognition (ANPR): details of vehicle registration numbers will be collected from some Rio Tinto sites
  • Information you voluntarily provide us

Alumni

We may collect, use, process and disclose the following Personal Data from you.

  • Your name and contact information

Current employees where Rio Tinto acts as a landlord or offers accommodation

We may collect, use, process and disclose the following Personal Data from you, or others.

  • Your name, work location, Rio Tinto owned or offered accommodation address, job title, and contact information
  • Financial information
  • Information required for investigation of an incident or allegation (which may include Sensitive Data)
  • Information you or others voluntarily provide us

Children’s personal data

Whilst our services are not directed to children, in some instances we may collect, use, process, and disclose Personal Data from children of all ages. For those that aged 13 years and over, in accordance with Applicable Laws, they will be afforded the same rights as an adult, including the right to access, update, and object to the processing of their Personal Data. We recognise our responsibility to provide suitable privacy protection to Personal Data we collect from children under 13 years, which will only be collected where they attend with a parent or guardian, for Rio Tinto organised social events, such as Family Days. We put in place several measures to protect that child’s Personal Data such as:

  • notifying parents or guardians about the processing and obtaining consent where necessary
  • ensuring any data collected is kept to a minimum
  • where permitted by law, allowing parents or legal guardians the right to request the Personal Data collected about their child and ask for such to be amended or deleted (please note, these rights are not absolute)

Please note in China, only children aged 14 years or over will be afforded the same rights as an adult.

Work experience students [aged 13 years and over]

We may collect, use, process and disclose the following Personal Data from you, or others.

  • Your name, contact details, school or college address, contact/teacher’s name and details, gender, and age
  • National insurance, social security or ID number
  • Your parent/legal guardian’s contact details
  • Audio and or photographic/video: audio, electronic, visual, or similar such as, CCTV footage, or photographs, if you physically visit any of our Rio Tinto locations or participate in any live events that may be recorded
  • Your dietary requirements
  • Health information or health checks (including, but not limited to; vaccination screening or advice, and medical history), or race or ethnicity, either directly or indirectly. See section “Health and Medical Testing” for more information
  • Information you voluntarily provide us

Health and medical testing

In accordance with our health and safety requirements and or Applicable Laws, in some circumstances, such as visiting certain Rio Tinto sites, or attending our events, we will ask for your consent for us to collect, use, process and disclose your Personal and/or Sensitive Data to be able to conduct medical assessments, or undertake drug and alcohol screenings, and or to manage and support your recovery from injury and illness. In some circumstances, we may ask you for your medical history before assisting us in undertaking heritage field work. This is so we can assess your fitness in health and wellbeing, to be able to travel and attend these locations. 

Where we have obtained your consent to our collection, use, processing and disclosure of your Personal or Sensitive Data, you can withdraw your consent at any time, but the withdrawal of your consent may impact your ability to engage with us, or be able to visit our Rio Tinto sites, or attend our events, and/or our ability to help you recover from your injury or illness.

Legal bases for processing your personal data 

We may process your Personal Data for the following purposes:

Performance of contract 

  • To manage our business relationship with you, such as executing our business arrangements and/or contracts

With your consent 

  • To engage with you, either in person in email, or through your use of our Websites or microsites, or via the “Contact Us” page, or wish to partake in any events that we organise
  • To send marketing and promotional materials to existing and prospective business stakeholders. We may also notify you about updates to our Websites or microsites, business activities or products and services
  • Where we legally require your explicit consent, where no other lawful basis will apply, such as processing your Sensitive Data, or transferring your data
  • For health, safety and security reasons, where you visit any of our Rio Tinto sites, we will process your Personal Data and or your Sensitive Data (such as alcohol or drug screening, or medical checks and vaccination screening or advice) to adhere to health and safety or security requirements, to keep you, and us safe
  • To take images of you, if you agree to have your photo taken at a Rio Tinto event
  • To investigate and report on your feedback, complaints and grievances and known or suspected misconduct, suspicious activity, fraudulent, or criminal activity, and includes any other activity that we assess may cause you, us, or others harm, in accordance with Applicable Laws

Where we rely on consent as the legal bases for processing your Personal Data, you have the right to withdraw your consent at any time, by emailing aske&c@riotinto.com, or clicking on the opt out or unsubscribe button. 

Compliance with laws

  • For health, safety and security reasons, where you visit any of our Rio Tinto sites, we will process your Personal Data and or your Sensitive Data (such as alcohol or drug screening) to adhere to health and safety or security regulations or Applicable Laws, to keep you, and us safe
  • Protecting and defending our legal rights and those of third parties, in accordance with Applicable Laws
  • To develop community relationships, inform access to lands, permits, and approvals, understand community opinions and social customs regarding current and future activities, as well as avoid or mitigate adverse impacts on communities, in accordance with Applicable Laws
  • To investigate and report on your feedback, complaints and grievances and known or suspected misconduct, suspicious activity, fraudulent, or criminal activity, and includes any other activity that we assess may cause you, us, or others harm, in accordance with Applicable Laws

Our legitimate interests

  • To measure and improve our business, products or services and performance
  • To develop community relationships, inform access to lands, permits, and approvals, understand community opinions and social customs regarding current and future activities, as well as avoid or mitigate adverse impacts on communities
  • To deal with feedback or complaints relating to Rio Tinto business activities (including Rio Tinto offered, managed, or owned properties)
  • To send you marketing and promotional materials, we may also notify you about updates to our Websites or microsites, business activities or products and services
  • For data analysis, or audits, and prevention of fraud
  • For health, safety and security reasons (including CCTV), where you visit any of our Rio Tinto sites
  • To investigate and report on your feedback, complaints and grievances and known or suspected misconduct, suspicious activity, fraudulent, or criminal activity, and includes any other activity that we assess may cause you, us, or others harm in accordance with Applicable Laws

Vital interests

  • To protect your or someone else’s life. For example, if you are involved in an emergency and you require emergency care or medical treatment or you witness an emergency situation and are able to provide information to us about it

Where does Rio Tinto collect your personal data 

  • From you, either directly (such as through information you submit to us) or indirectly (such as observing your actions on our Websites or microsites, or when you engage in email communications)
  • From your feedback or surveys, you may complete
  • From Cookies and other similar technologies when you visit Rio Tinto Websites or microsites
  • From data analytics’ providers
  • From joint marketing partners
  • From government entities, or agencies
  • From service providers, or third parties, (such as companies who are assisting us in fulfilling our contracts and carrying out our business)
  • From health and medical professionals or advisors
  • From third party insurers
  • From other sources, such as public databases, social media platforms (including people with whom you are friends or otherwise connected) and from other third parties

Sharing and transferring your personal data

We may share your Personal Data with the following:

  • Rio Tinto Group of Companies, and also partners (such as managed and non managed joint ventures). We may share your Personal Data for the purposes of carrying out the collection, use, processing, and disclosure, set out above
  • Professional advisers, such as health or medical professionals/advisors, consulting firms, financial advisors, legal advisors, external auditors, insurers, third parties, or cloud service providers who support our business, in connection with the business purpose set out above for which we collect, use, process, and disclose your Personal Data
  • Regulatory bodies, government agencies and law enforcement bodies in any jurisdiction
  • Where we are obliged to disclose your Personal Data under Applicable Laws, which may include laws outside your country of residence
  • To third parties that install, monitor and/or maintain CCTV, security, and other monitoring equipment at our premises or sites
  • To third parties involved with events organising to facilitate your participation in those events, and or support feedback

For details on Personal Data or Sensitive Data transfers for China, Mongolia or South Korea residents, please refer to table under section Additional Information for Mainland China, Mongolia, and South Korea Residents.

As defined under California privacy laws, we do not sell or share Personal Data with third parties.

Cross border transfer of your personal data

We may transfer some of your Personal Data outside of your home jurisdiction.  In these circumstances your Personal Data will only be transferred on one of the following bases: 

  • Where required under Applicable Laws, with your consent (implied or express)
  • Where the transfer is subject to appropriate safeguards for international transfers as prescribed by applicable law, for example if we are sharing your Personal Data with a third party, as required, the contract with them will have appropriate contractual clauses endorsed and released by the appropriate privacy regulator or other obligations in the contract requiring appropriate technical, organizational and security measures to protect your Personal Data
  • The transfer is to a country that is deemed an adequate destination for Personal Data by the privacy regulator in the country of origin

How Rio Tinto keeps your personal data safe

Rio Tinto, at all times, maintains technical, security and organisational measures intended, as required under Applicable Laws, to protect your Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access. 

If you do not provide Rio Tinto with your personal or sensitive data  

If you do not provide your Personal or Sensitive Data where required, this may impact your ability to engage with us, or be able to visit our Rio Tinto sites, or attend our events.
Where we have obtained your consent to our collection, use, processing, or disclosure of your Personal or Sensitive Data, you can withdraw your consent at any time, but the withdrawal of your consent may impact your ability to engage with us, or be able to visit our Rio Tinto sites or attend our events.

Your rights

Depending on your country of residence, you may have a number of rights under Applicable Laws, such as; accessing, rectifying, deleting, objecting or restricting your Personal Data, as well as the right not to be discriminated against. You may also nominate an individual who would be able to exercise your rights. If you would like to exercise any of these rights, including a request for access to your Personal Health  Information (PHI) under The Health Insurance Portability and Accountability Act 1996    (“HIPAA”) (for US only), please contact us at aske&c@riotinto.com. Please note, however, these rights are not absolute.

How long we retain your personal data

We will only retain your Personal Data for as long as necessary to fulfil the purpose for which it is processed or as required by Applicable Laws or any litigation hold, to which we are subject, including to meet any governance or reporting requirements.

  • Additional information for California residents

    This section applies to Personal Data, referred to in this section as “Personal Information” as defined in the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), whether collected offline or online. This section does not address or apply to our handling of Personal Information that is exempt under the CCPA, such as publicly available information or deidentified/aggregated information. 

    What personal information is collected and disclosed 

    The table below, identifies the categories of Personal Information about California residents that we collect and have collected in the prior twelve (12) months, as well as the categories of third parties to whom we disclosed the information for a business or commercial purpose. In some cases (such as where required by law), we may ask for consent or give you certain choices prior to collecting or using certain Personal Information.

    Categories of personal information collected

    Disclosed to following recipients for operational business purposes

    Identifiers, such as name, contact information, online identifiers, IP address, or email address

    • Rio Tinto group of companies
    • Service providers or vendors
    • Professional advisors, and agents
    • Regulators, government entities, and law enforcement
    • Health professionals
    • Websites, online platforms, operating systems
    • Others with your permission

    Categories of personal information described in Cal. Civ. Code § 1798.80, such as name, signature, photograph, contact information, financial information, health information.

    • Rio Tinto group of companies
    • Service providers or vendors
    • Professional advisors, and agents
    • Regulators, government entities, and law enforcement
    • Health professionals
    • Websites, online platforms, operating systems
    • Others with your permission

    Internet or other electronic network activity information, such as browsing history, search history, information regarding your interaction with our and other websites or online platforms.

    • Rio Tinto group of companies
    • Service providers or vendors
    • Professional advisors, and agents
    • Regulators, government entities, and law enforcement
    • Websites, online platforms, operating systems

    Commercial information, transaction information, purchase history and financial details

    • Rio Tinto group of companies
    • Service providers or vendors
    • Professional advisors, and agents
    • Regulators, government entities, and law enforcement
    • Online platforms, or operating systems

    Geolocation data, such as device location, your physical location, and IP location.

    • Rio Tinto group of companies
    • Service providers or vendors
    • Online platforms, or operating systems

    Audio, electronic, visual and similar information , such as images and audio, video or call recordings created in connection with our business activities.

    • Rio Tinto group of companies
    • Service providers or vendors
    • Professional advisors, and agents
    • Regulators, government entities, and law enforcement
    • Websites, online platforms, operating systems

    Sensitive Information, such as health information, race or ethnicity, or information required for investigation of an incident or allegation (which may include Sensitive Information).

    • Rio Tinto group of companies
    • Service providers or vendors
    • Professional advisors, and agents
    • Regulators, government entities, and law enforcement
    • Health professionals
    • Online platforms
    • Others with your permission

    Inferences drawn from any of the Personal Information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics.

    • Rio Tinto group of companies
    • Service providers or vendors
    • Professional advisors, and agents

    We do not “sell” or “share” (as defined by the CCPA) Personal Information or Sensitive Information related to California residents. 

    Your CCPA Privacy Rights 

    California residents have the following rights under the CCPA:

    • Know/access: the right to know what Personal Information we have collected about you, including the categories of Personal Information, the categories of sources from which the Personal Information is collected, the business or commercial purpose for collecting, selling, or sharing Personal Information, the categories of third parties to whom we disclose Personal Information, and the specific pieces of Personal Information we have collected about you
    • Correct the information we hold about you
    • Opt out of “sales” and “sharing”: the right to opt-out of the “sale” and “sharing” of their Personal Information as those two terms are defined under the CCPA. However, Rio Tinto does not “sell” or “share” California resident Personal Information
    • Limit use/disclosure of Sensitive Information: the right to request to limit certain uses and disclosures of Sensitive Information
    • Non-discrimination: the right not to be subject to discriminatory treatment for exercising your rights under the CCPA
    • Do Not Track. Currently, our website does not recognize “Do-Not-Track” requests

    You may exercise your rights under Applicable Laws or raise any concerns by emailing aske&c@riotinto.com or by phoning our free toll number  +1 800 872 6729. Please note, however, these rights are not absolute.

    Your rights under California’s Shine The Light Act

    We do not disclose Personal Information to third parties for their direct marketing purposes.

    Authorised agents

    If you want to make a request as an authorized agent on behalf of a California resident, you may use the submission methods noted above. As part of our verification process, we may request that you provide, as applicable, proof concerning your status as an authorized agent, in addition, we may require the individual on whose behalf you are making the request to verify their own identity.

  • Additional information for Mainland China, Mongolia, and South Korea residents

    In China, your Personal Data will be collected by one or more of the following entities:

    • Rio Tinto Trading (Shanghai) Co Ltd (branches in Shanghai and Beijing)
    • Rio Tinto Mining Commercial (Shanghai) Co Ltd
    • Rio Tinto Mineral Exploration (Beijing) Co Ltd
    • Rio Tinto Iron & Titanium (Suzhou) Co Ltd
    • Rio Tinto China

    In Mongolia, your Personal Data will be collected by one or more of the following entities:

    • Rio Tinto Holdings LLC
    • Rio Tinto Mongolia LLC
    • Oyu Tolgoi LLC

    What personal data is processed 

    We collect a range of Personal Data about you as described above in this Privacy Statement.

    Reference to Personal Data shall, unless the context otherwise requires, be deemed to include Sensitive Data (as defined by Applicable Laws in your jurisdiction). For such purposes, in China, bank account numbers, credit checks, and government issued ID would be considered Sensitive Data, whereas “race” and “gender” is not considered Sensitive Data (in China). For more information, please contact aske&c@riotinto.com.  

    Cross border transfer of your personal data

    Rio Tinto delegates processing of your Personal Data as follows:

    Recipient

    Purpose

    Personal Data

    Retention

    Rio Tinto Group of Companies

    Business reasons, on a need-to-know basis

    Name, Job title, Company name and contact details, telephone number, email address

    In accordance with Applicable Law and Rio Tinto’s Retention Policy

    Rio Tinto Group of Companies (managed corporate and operational sites)

    Access control

    Name, job title, company name and contact details, telephone number, email address

    As above

    Microsoft Office 365 (US)

    Communication and collaboration, SharePoint, Emails,

    Name, job title, company name and contact details, telephone number, email address

    As above

    RTBS Server (Australia)

    Supplier and customer information database

    Name, job title, company name and contact details, telephone number, email address

    As above

    Global Website (Australia, US)

    Website management

    Name, telephone number, email address, usage data, such as your interaction with our Websites or microsites, Geolocation data: such as precise geographic location information from your use of our Websites or microsites. Visitors to Rio Tinto Websites, or microsites have the option into opting into Cookies via their cookies preferences.

    As above

    Enablon (US)

    Environment, Health and Safety software

    Limited contact information of inputter of incident

    As above

    Navex (EU)

    Incident Management and Reporting Software (whistleblowing hotline)

    Limited Personal Data of reporter (if provided - usually anonymous), including Personal Data (including Sensitive Data dependent on the report or conduct alleged) of individual that is the subject of the report, and others that may be involved

    As above

Supplementary privacy notices

In some cases, and depending on your home jurisdiction, we may provide you with additional notices about our information collection practices (“Supplementary Privacy Notices”). These Supplementary Privacy Notices apply in addition to this Privacy Statement. Where a Supplementary Privacy Notice conflicts with this Privacy Statement, the Supplementary Privacy Notice shall prevail. 

Where Rio Tinto provides you with electricity supply services, please refer to the Supplementary Privacy Notice for Electricity Supply Services.

Cookies 

We may use Cookies and similar technologies that aim to collect and store information when you visit our Websites or microsites. You can control and manage your Cookie preferences by changing the settings on your browser. However, if you disable Cookies and similar technologies, some features may not work as intended. For more detailed information about the specific Cookies and similar technologies we use and your choices, please see below. For a list of the different types of Cookies and similar technologies used on our Websites, visit the preference/settings in the Cookie banner of the Website you are viewing. 

Cookies are a standard feature of websites that allow us to store small amounts of data on your computer about your visit to and use of the Services. Cookies help us learn which areas of the Services are useful and which areas need improvement. For this purpose, we also use technologies similar to Cookies, such as Flash Local Shared Objects (also known as Flash Cookies) or pixel tags, as further detailed below.

Strictly Necessary Cookies: These enable you to navigate our Websites. Without these absolutely necessary Cookies, our Websites will not perform as smoothly for you as we would like it to.

Functional Cookies: These collect information about your choices and preferences, and allow us to remember language or other local settings and customize for you accordingly.

Performance Cookies: These are analytics Cookies which collect information about your use of our Website and enable us to improve the way it works. They can show us which are the most frequently visited pages on our Websites. 

Targeting and Social Media Cookies: These Cookies collect information about your activities on our Websites (or other Sites) to provide you with targeted advertising. Social media Cookies collect information about social media usage.

Google Analytics: Some of our Websites, may use Google Analytics services, as provided by Google, Inc. (“Google”), which uses Cookies and similar technologies to collect and analyse information and report on activities and trends. This service may also collect information regarding the use of other Websites, applications and online resources. You can learn about Google’s practices by going to google.com/technologies/partner-sites, and you can opt out by downloading the Google Analytics opt-out browser add-on, available at tools.google.com/dlpage/gaoptout.

Your Choices About Our Use of Cookies and Similar Technologies: Depending on the applicable law of your jurisdiction (such as the EU/EEA, or the UK), we may ask for your Consent for placing Cookies on your device, with the exception of strictly necessary Cookies. You can change your settings for Cookies and similar technologies by visiting the preference/settings in the Cookie banner of the Website you are viewing.

In addition, you can also avoid Cookies being placed on your device, by configuring your browser settings. Please refer to allaboutcookies.org for information on commonly used browsers. Please note, however, if some Cookies are disabled, not all features of our Websites function as intended.

Contact information and complaints

If you have any questions or concerns regarding our use of your Personal Data, or if you wish to exercise any of your rights described in this Privacy Statement, please contact us by emailing aske&c@riotinto.com, or by contacting the data protection officer responsible for your country or region, if applicable. You also have the right to lodge any complaints you may have regarding Rio Tinto’s processing of your Personal Data to us or the privacy regulator for your country or region.

California residents

If you have any questions or concerns regarding our use of your Personal Information, or if you wish to exercise any of your rights under CCPA, please contact us by emailing aske&c@riotinto.com, or by phoning our free toll number +18008726729.  

Other important information

This Privacy Statement may be changed over time. Please visit this page regularly for possible changes. 

Our Websites and microsites may contain links to Websites or applications we do not own or control. Our Privacy Statement does not apply to those. Please read the privacy statements on those Websites or applications if you would like to find out how they collect, use, process, and disclose your Personal Data. 

Any translation is for reference only, and in the event of any conflict, the English version will prevail.