The last update to this document was 14/12/2018.
Sustainable Certification™ Pty Ltd ACN 43 134 489 124 (Sustainable Certification™, we, us, our) is committed to complying with applicable privacy laws in relation to the personal information that we collect in the course of running our business.
Where applicable privacy laws provide for exceptions or exemptions, we may rely on those exceptions or exemptions in our information handling practices.
In this document:
- “APPs” means the Australia Privacy Principles set out in the Privacy Act;
- “Personal information” has the meaning set out in the Privacy Act, and (in summary) means information or an opinion about an identified individual or an individual who is reasonably identifiable, whether true or otherwise;
- “Privacy Act” means the Privacy Act 1988 (Cth); and
- “Sensitive information” has the meaning set out in the Privacy Act, and includes certain specific types of personal information such as health information, and information about a person’s racial or ethnic origin, sexual orientation, religious beliefs or affiliations and criminal record.
1. How we collect your personal information
We will collect and hold your personal information in a fair and lawful manner, and not in an intrusive way. Where it is reasonably practical to do so, we will collect your personal information directly from you.
We may collect the personal information you directly give us through some of the following means:
- (a) when you submit an application form to us for certification services;
- (b) when you make an inquiry, register with or otherwise use our website located at www.sustainablecertification.com.au (the Website);
- (c) when you set up your online profile through the Website;
- (d) in the course of providing our certification services;
- (e) in administering and performing any contracts with our service providers;
- (f) when you contact us via telephone, e-mail, through the Website or other means;
- (g) from correspondence (whether in writing or electronically);
- (h) while conducting customer satisfaction and market research surveys;
- (i) when administering our business relationship with you and your business (including invoicing, payment processing and debt recovery); and
- (j) as otherwise required to manage our business.
When your business or organisation engages us to provide certification services, we will collect a range of information about your business or organisation in order to perform our assessment. We collect this information through requests for documents and information, and through audits (including on-site audits and follow-up surveillance audits). Some of this information may include personal information of individual personnel of the business or organisation, where this information is relevant to the certification assessment we have been asked to undertake.
In certain cases we may collect personal information from publicly available sources and third parties, such as suppliers, recruitment agencies and your employers (if you are applying for a position with us), contractors, sub-contractors, our clients, business partners and regulators. If we collect personal information about you from a third party we will, where appropriate, request that the third party inform you that we are holding such information, how we will use and disclose it, and that you may contact us to gain access to and correct and update the information.
If your business or organisation engages us to provide certification services (including follow up surveillance audits), we may collect personal information about you in the course of providing these services. We will only do so with the approval of your business or organisation, and only to the extent that such information is relevant and necessary in order for us to provide our certifications services to your business or organisation.
2. Types of personal information we collect
In general, we will only collect personal information about you where it is reasonably necessary for one or more of our functions or activities. As such, the types of personal information we collect about you will depend on the nature of our relationship with you and the circumstances in which the information is collected.
Some of the common types of personal information we may collect include (but are not limited to) your name, postal address, email address, phone numbers, date of birth, credit card details and billing information and, if applicable, information about your current and former employment (including your roles and responsibilities), your qualifications and training records. We also collect registration, account and administrative information about you when you register on the Website and engage us to provide services.
We only collect sensitive information about you with your consent, or otherwise in accordance with the Privacy Act. If you provide us with sensitive information about another person, you are responsible for ensuring that you have that person’s consent to do so.
Where you refuse to provide us with personal information that we have requested, we may not be able to provide you with requested goods or services.
3. Our purposes for handling your personal information
As a general rule, we only process personal information for purposes that would be considered relevant and reasonable in the circumstances.
We collect, hold, use and disclose personal information to:
- (a) confirm your identity;
- (b) offer and provide you with our goods and services, which may require us to (among other things)
- collect and review personal information about you and other personnel from your business or organisation;
- conduct on-site audits and follow-up surveillance audits; and
- prepare various reports throughout the certification process (including an initial summary report of your existing management systems);
- (c) manage and administer those goods and services, including account keeping procedures;
- (d) operate the Website and provide its functionality to you;
- (e) optimise and customise the user experience (including content and advertising) for users of the Website and our other services;
- (f) protect the security and integrity of the Website and our services;
- (g) develop and improve the Website and our products and services;
- (h) communicate with you, including (but not limited to) emailing you tax invoices;
- (i) comply with our legal and regulatory obligations; and
- (j) otherwise to manage our business.
4. Who we disclose your personal information to
The types of persons, agencies and entities we typically disclose personal information to include (but are not limited to) our clients, contractors, sub-contractors, organisations that provide us with technical and support services, auditors, regulatory bodies and our professional advisors.
Where your business or organisation engages us to perform certification services, we may share personal information we collect in the course of providing those services (which may include personal information relating to the performance and qualifications of your business or organisation’s personnel) with your business or organisation.
We may also disclose your personal information in accordance with any consent you give or where disclosure is authorised, compelled or permitted by law.
If we disclose information to a third party, we generally require that the third party protect your information to the same extent that we do.
5. Protection of personal information
We will hold personal information as either secure physical records, electronically on our intranet system, in cloud storage, and in some cases, records on third party servers, which may be located overseas.
We use a range of security measures to protect the personal information we hold, including by implementing IT security tools to protect our electronic databases and ensuring that employees and third parties with access to records containing personal information are subject to appropriate information security obligations.
We will destroy or de-identify personal information once it is no longer needed for a valid purpose or required to be kept by law.
6. Direct marketing
Like most businesses, marketing is important to our continued success. We therefore like to stay in touch with customers and let them know about new offers and opportunities. We may provide you with information about products, services and promotions either from us, or from third parties which may be of interest to you.
You may opt out at any time if you no longer wish to receive direct marketing messages from us. You can make this request by contacting our Privacy Officer.
We may use third party vendors to show our ads on sites on the Internet and serve these ads based on a user’s prior visits to our Website. We may also use analytics data supplied by these vendors to inform and optimise our ad campaigns based on your prior visits to our Website.
8. Accessing and correcting your personal information
You may contact our Privacy Officer to request access to the personal information that we hold about you and/or to make corrections to that information, at any time. On the rare occasions when we refuse access, we will provide you with a written notice stating our reasons for refusing access. We may seek to recover from you reasonable costs incurred for providing you with access to any of the personal information about you held by us.
We are not obliged to correct any of your personal information if we do not agree that it requires correction and may refuse to do so. If we refuse a correction request, we will provide you with a written notice stating our reasons for refusing.
We will respond to all requests for access to or correction of personal information within a reasonable time.
9. Overseas transfers of personal information
Sustainable Certification™ Pty Ltd is an Australian business, with our headquarters in Melbourne and offices in Sydney, Brisbane and Perth.
We also offer certification services in a number of other countries, as described in the “Internationals” page of the Website. Where you engage us to provide certification services in relation to your operations in these countries, we may engage trusted local agents to assist us in providing our services. In such circumstances, we may need to transfer information (including personal information) between our team members in Australia and our local agents in the relevant country in order to provide you with our services and complete the certification.
In general terms, we may disclose your personal information to our related entities, service providers and agents located overseas. This may include countries such as Bangladesh, Hong Kong, India, Indonesia, Iran, Papua New Guinea, South Korea, Malaysia, New Zealand, Singapore, Turkey and Vietnam, USA,Philippines.
From time to time we may also engage an overseas recipient to provide services to us, such as cloud-based storage solutions. Please note that the use of overseas service providers to store personal information will not always involve a disclosure of personal information to that overseas provider.
By providing your personal information to us, you consent to us disclosing your personal information to any such overseas recipients for purposes necessary or useful in the course of operating our business, and agree that APP 8.1 will not apply to such disclosures. For the avoidance of doubt, in the event that an overseas recipient breaches the Australian Privacy Principles, that entity will not be bound by, and you will not be able to seek redress under, the Privacy Act.
10. Resolving personal information concerns
We take all complaints seriously, and will endeavour to respond to your complaint within a reasonable period.