When we talk about Personal Information, we mean information or an opinion about an identifiable individual (not a company), whether or not that information or opinion is true or in a material form (Personal Information).
3. Collection of Personal Information
3.1 How we collect Personal Information
We collect Personal Information in the ordinary course of our business, which is the provision of consulting services. Personal Information is collected when you:
email, telephone or via our website;
(b) seek application support for the
(c) subscribe to our newsletters or
complete surveys and online forms;
(d) attend a CERPASS (or affiliate) event
(e) interact with us through social media
channels, such as Facebook, LinkedIn
(g) purchase or enquire about our
(h) seek support in relation to our
(i) make customer service related
Information will only be collected directly from you unless you authorise
another person to provide the information.
3.2 What Personal Information is collected?
The types of Personal Information we collect includes your name, address, telephone number, email, and any additional information you provide to us.
Where you contact us on behalf of your employer, the information you provide often contains information about your employment, position and employers contact details. In those circumstances certain employment information is collected.
Where you contact us in relation to a job application, we may also collect Personal Information such as your date of birth, gender, qualification details, education and academic history, work experiences and skills, next of kin, awards received and areas of interest.
4. How CERPASS uses Personal Information
4.1 Why we collect Personal Information
We collect your Personal Information for the primary purpose of providing our services to you. We may also use your Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure.
Examples of when we may use your Personal Information include:
(b) providing you with the services you
(c) sending you magazines or electronic
newsletters which you have signed up
(d) administration needs in relation to
providing you with services;
(e) providing you with application support
for the CERPASS software;
complaints and other customer
care-related activities; and
(g) carrying out any activity in connection
with a legal, governmental or
regulatory requirement imposed on us
or in connection with legal
proceedings, crime or fraud prevention,
detection or prosecution.
4.2 Direct marketing
Where you provide us with consent to do so (e.g. if you have subscribed to our email lists or have indicated that you are interested in receiving offers or information from us), we send you marketing communications by email services for events that we feel may be of interest to you.
We (or an appointed third party) may also conduct surveys or market research and may seek other information from you on a periodic basis. These surveys will provide us with information that allows improvement in the type, quality and the manner in which our services are offered to you.
You can opt-out of such communications if you would prefer not to receive them in the future by using the “unsubscribe” facility provided in the communication itself.
5. Cookies and browser analytics
5.1 What are cookies
Cookies are small text files that are placed on your computer by the websites you visit. They are processed and stored by your web browser. When you visit a website or engage with a business through social media, certain information is collected by cookies. This is generally anonymous information and it does not reveal your identity. In and of themselves, cookies are harmless and serve crucial functions. They are widely used in order to make websites work more efficiently and improve the user experience, as well as to provide information about the use of a website.
By storing and using information about your use of our website, including preferences and habits, we are able to make your visit to our website more productive. For example, some cookies remember your language or preferences so that you do not have to repeatedly make these choices.
5.3 We use the following types of cookies:
that are required for the operation of
our website. They include, for example,
cookies that pass information from
one web page to another and to use
(b) Analytical cookies. These allow us to
recognise and count the number of
visitors and to see how visitors move
around our website when they are
using it. This helps us to improve the
way our website works, for example,
by ensuring that users are able to find
what they are looking for easily. We
also use third party cookies, such as
those provided via the Google
Analytics service. The information
passed back to Google for use with
Google Analytics is anonymous.
recognise you when you return to our
website. This enables us to
personalise our content for you and
remember your preferences. These
cookies also record your visit to our
website, the pages you have visited
and the links you have followed. We
may use this information to make our
website and communications sent to
you more relevant to your interests.
5.4 How can I remove cookies
6. Data retention and security
6.1 Security mechanisms we employ
Generally, we store your Personal Information using secure servers protected from unauthorised access, modification and disclosure. However, like most businesses we hold some information on our staff’s computers (such as emails from you) and where necessary as hard copy files (such as printed invoices).
Our systems are located in Australia and are managed by us and our service providers. Personal Information that we store or transmit is protected by security and access controls, including username and password authentication, two-factor authentication, and data encryption (such as SSL) where appropriate.
In our dealings with third party service providers, we take care to work with subcontractors and service providers (such as Atlassian, SAP, HubSpot and Xero) who we believe maintain an acceptable standard of data security compliance.
6.2 How long we keep your Personal Information
We retain your Personal Information for as long as is necessary to provide the services to you, as required for our internal business operations, and to comply with our legal obligations.
If we hold Personal Information about you, and we do not need that information for any purpose, we will take reasonable steps to destroy or de-identify that information, in accordance with the Australian Privacy Principles (APP) and the European Union General Data Protection Regulation (GDPR), unless we are prevented from doing so by law.
Under Australian law, financial records, such as those relating to financial transactions, must be retained for 7 years after the transactions associated with those records are completed.
7. Disclosure of your Personal Information
7.1 Who we share your Personal Information with
Your Personal Information may be disclosed to:
our professional advisers (lawyers,
accountants, financial advisers, etc.);
(b) regulators and government authorities
in connection with our compliance
procedures and obligations, including
law enforcement agencies to assist in
the investigation and prevention of
(c) a third party, in order to enforce or
defend our rights, or to address
financial or reputational risks;
(d) a rights holder in relation to an
allegation of intellectual property
(e) third party contractors, suppliers and
service providers with whom we have
a business association, including:
(f) customer support applications, such
as Atlassian Jira;
(g) our related entity, CERP R&D Pty Ltd,
in relation to CERPASS;
(h) administration service providers, such
as Office 365 and Xero;
(i) marketing and sales service providers,
such as HubSpot; and
(j) other information technology and cloud application providers which we engage from time to time.
We will not disclose your Personal Information other than in accordance with this Policy without your consent.
7.2 Offshore transfer
While we do not otherwise actively disclose your Personal Information to overseas entities, our engagement of service providers, such as those who operate cloud services, may have international data centres and disaster recovery sites. Consequently, these providers may have access to your information offshore. We rely solely on reputable organisations for such cloud services.
8. Anonymity and use of pseudonyms
If you contact us with a general enquiry, we may interact with you anonymously or through the use of pseudonyms. However, you are required to provide true and accurate details when requesting the provision of services. You agree you will provide accurate information if we require it.
9. Access to Personal Information and corrections
We endeavour to only hold Personal Information that is accurate, complete and up-to-date. You have the right to make a request to access Personal Information which we hold about you and to request corrections of any errors in that data. To make an access or correction request, contact us using the contact details provided at the end of this Policy.
In order to protect your Personal Information, when you contact us, we may require identification from you before releasing the requested information or making the correction.
10. Additional rights for EU residents and citizens
For the purposes of the GDPR, we are a ‘data controller and processor’ of Personal Information. If you are a citizen or resident of the European Economic Area, the following rights apply to you.
You are entitled to ask us to port your Personal Information (i.e. to transfer in a structured, commonly used and machine-readable format, to you), to erase it, or restrict its processing. You also have rights to object to some processing that is based on our legitimate interests, such as profiling that we perform for the purposes of direct marketing, and, where we have asked for your consent to process your data, to withdraw this consent.
These rights are limited in some situations – for example, where we can demonstrate that we have a legal requirement to process your Personal Information. In some instances, this means that we may retain some data even if you withdraw your consent.
Where we require your Personal Information to comply with legal or contractual obligations, then provision of such data is mandatory and if you do not provide it then we will not be able to manage our contractual relationship with you, or to meet obligations placed on us. In those cases, you must provide us with your Personal Information, otherwise the provision of requested Personal Information is optional. If you have unresolved concerns, you also have the right to complain to data protection authorities.
The relevant data protection authority will be the data protection authority in the country:
(a) of your habitual residence;
(b) of your place of work; or
(c) in which you consider the alleged infringement has occurred.
Your privacy is important to us. If you have a complaint or concern about our handling of your Personal Information, we ask that you first contact our privacy officer whose contact details are listed below. We will investigate your complaint and reply to you in writing if you provide us with contact details and request us to do so.
If, after we have conducted our investigations, you are still not satisfied, then we ask you to consult with the Office of the Australian Information Commissioner:
Email: [email protected]
Telephone: 1300 363 992 (from overseas +61 2 9284 9749)
Post: GPO Box 5218 Sydney NSW 2001
12. Contacting CERPASS
If you have any questions about our privacy practices, wish to make a complaint or have questions regarding
the way in which we have been managing your Personal Information, please contact our privacy officer:
Email: [email protected]
Telephone: (07) 3217 7778
Post: The Terraces 9a/19 Lang Parade, Milton, QLD 4064
13. Variations to this Policy
We will need to change this policy from time to time in order to make sure it stays up to date with the latest legal requirements and any changes to our privacy management practices. When we do change the policy, we’ll make sure to notify you about such changes, where required. A copy of the latest version of this policy will always be available on this page.
This policy was last updated on 30 September 2022.