Certis Security Australia Pty Ltd and its subsidiaries (hereinafter collectively “Certis Security Australia”, referred to as the “Company”) collects, holds, uses and/or discloses personal information relating to individuals (including, but not limited to, its customers, contractors, suppliers and employees) in the performance of its business activities.
The Company will place this Policy on our website and will have copies available in each of our major office locations to be provided to people on request.
Staff who work with personal information shall receive training on this Policy and our obligations.
Senior Managing Director
1 March 2021
All documentation, whether electronic or printed, generated by the Company and from which personal information may be collected as a part of the transaction process (the primary purpose of which is to provide products or services), will carry the following statement concerning privacy:
The Company respects your privacy at all times. When processing your order or application, we collect personal information about you for the primary purpose of providing you with a high level of customer service. We may also use this information to inform you of any changes to the service/s provided or of new services that may become available.
As we value your privacy, we do not make your personal information available to other organisations, and you have the right to gain access to your information at any time.”
What is personal information?
Personal information means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
An employee record is a record of personal information relating to the employment of an employee. Examples of personal information relating to the employment of the employee include, but are not limited to, health information and information about the engagement, training, disciplining, resignation, termination, terms and conditions of employment of the employee.
To the extent that the Company already holds personal information about an individual, and that information constitutes part of an employee record, this Policy does not apply.
Kinds of information that the company collects and holds
The Company collects personal information that is reasonably necessary for one or more of its functions or activities.
The type of information that the Company collects depends on the circumstances of the collection and on the nature of the service requested or transaction undertaken. For example:
|Candidate: if you are a candidate seeking employment with the Company, the Company may collect and hold information including your name, address, email address, contact telephone number, gender, age, employment history, references, resume, medical history, emergency contact, taxation details, qualifications and payment details.
|Customer: if you are a customer of the Company, the Company may collect and hold information including your name, address, email address, contact telephone number, gender and age.
|Supplier: if you are a supplier of the Company, the Company may collect and hold information including your name, address, email address, contact telephone number, business records, billing information, information about goods and services supplied by you.
|Referee: if you are a referee of a candidate being considered for employment by the Company, the Company may collect and hold information including your name, contact details, current employment information and professional opinion of the candidate.
|Employees: The Company may still need to collect personal information from individuals even after they become employees. As employment conditions change and new policies and procedures are introduced, individuals may be required to provide additional personal information. If the information is considered sensitive personal information, the Company will obtain consent from the individual prior to collecting the information.
The Company will only collect sensitive information where the individual consents to the collection of the information and the information is reasonably necessary for one or more of the Company’s functions or activities. Sensitive information includes, but is not limited to, information or an opinion about racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, membership of a trade union, sexual preferences, criminal record, health information or genetic information.
How the company collects and holds personal information
The Company must collect personal information only by lawful and fair means. The Company will collect personal information directly from you if it is reasonable or practicable to do so.
The Company may collect personal information in a number of ways, including without limitation:
|through application forms;
|by email or other written mechanisms;
|over a telephone call;
|through biometric verification;
|through our website;
|through surveillance camera;
|by technology that is used to support communications between us;
|through publicly available information sources (which may include telephone directories, the internet and social media sites);
|direct marketing database providers;
When the Company collects personal information about you through publicly available information sources, it will manage such information in accordance with the APPs.
At or before the time or, if it is not reasonably practicable, as soon as practicable after, the Company collects personal information, the Company must take such steps as are reasonable in the circumstances to either notify you or otherwise ensure that you are made aware of the following:
|the identity and contact details of the Company;
|that the Company has collected personal information from someone other than you if you are unaware that such information has been collected;
|that collection of personal information is required by Australian law, if it is;
|the purpose for which the Company collects the personal information;
|the consequences if the Company does not collect some or all of the personal information;
|any other third party to which the Company may disclose the personal information;
|whether the Company is likely to disclose personal information to overseas recipients, and the countries in which those recipients are likely to be located.
Unsolicited personal information is personal information that the Company receives which it did not solicit. Unless the Company determines that it could have collected the personal information in line with the APPs or the information is contained within a Commonwealth record, it must destroy the information to ensure it is de-identified.
Purposes for which the company collects, holds, uses and/or discloses personal information
The Company will collect personal information if it is reasonably necessary for one or more of its functions or activities (including but not limited to complying with our Conflict of Interest and Disclosure Policy and processes).
The main purposes for which the Company may collect, hold, use and/or disclose personal information may include but are not limited to:
|customer service management;
|training and events;
|surveys and general research; and
|business relationship management.
The Company may also collect, hold, use and/or disclose personal information if you consent or if required or authorised under law.
The Company may use or disclose personal information (other than sensitive information) about you for the purpose of direct marketing (for example, advising you of new goods and/or services being offered by the Company).
The Company may use or disclose sensitive information about you for the purpose of direct marketing if you have consented to the use or disclosure of the information for that purpose.
You can opt out of receiving direct marketing communications from the Company by contacting the Privacy Officer in writing or, if feasible, accessing the Company’s website and unsubscribing appropriately.
Disclosure of personal information
The Company may disclose your personal information for any of the purposes for which it is was collected, as indicated in this Policy, or where it is under a legal duty to do so.
Before the Company discloses personal information about you to a third party, the Company will take such steps as are reasonable in the circumstances to ensure that the third party does not breach the APPs in relation to the information.
Cross-border disclosure of personal information
The Company may use or disclose your personal information with members of the Certis Group (which includes our affiliates, subsidiaries and joint ventures worldwide). Personal information will only be used or disclosed for purposes which are related to the original purpose for which the information was collected.
Before the Company discloses personal information about you to an overseas recipient, the Company will take such steps as are reasonable in the circumstances to ensure that the overseas recipient does not breach the APPs in relation to the information.
Access to personal information
If the Company holds personal information about you, you may request access to that information by putting the request in writing and sending it to the Privacy Officer. The Company will respond to any request within a reasonable period and a charge may apply for giving access to the personal information.
There are certain circumstances in which the Company may refuse to grant you access to your personal information. In such situations the Company will give you written notice that sets out:
|the reasons for the refusal; and
|the mechanisms available to you to make a complaint.
Correction of personal information
If the Company holds personal information that is inaccurate, out-of-date, incomplete, irrelevant or misleading, it must take such steps as are reasonable to correct the information.
If the Company holds personal information about you and you make a request in writing addressed to the Privacy Officer to correct the information, the Company must take such steps as are reasonable to correct the information. The Company will respond to any request within a reasonable period.
There are certain circumstances in which the Company may refuse to correct the personal information. In such situations the Company will give you written notice that sets out:
|the reasons for the refusal; and
|the mechanisms available to you to make a complaint.
If the Company corrects personal information that it has previously supplied to a third party and you request us to notify the third party of the correction, the Company will take such steps as are reasonable to give that notification unless impracticable or unlawful to do so.
Integrity and security of personal information
The Company will take such steps (if any) as are reasonable in the circumstances to ensure that the personal information that it:
|collects is accurate, up-to-date and complete; and
|uses or discloses is, having regard to the purpose of the use or disclosure, accurate, up-to-date and complete.
The Company will take such steps as are reasonable in the circumstances to protect the personal information from misuse, interference, loss and from unauthorised access, modification or disclosure.
If the Company holds personal information; it no longer needs the information for any purpose for which the information may be used or disclosed; the information is not contained in any Commonwealth record; and the Company is not required by law to retain the information, the Company will take such steps as are reasonable in the circumstances to destroy the information or to ensure it is de-identified.
Anonymity and pseudonymity
You have the option of not identifying yourself, or using a pseudonym, when dealing with the Company in relation to a particular matter. This does not apply:
|where the Company is required or authorised by or under an Australian law, or a court/tribunal order, to deal with individuals who have identified themselves; or
|where it is impracticable for the Company to deal with individuals who have not identified themselves or who have used a pseudonym.
However, in some cases if you do not provide the Company with your personal information when requested, the Company may not be able to respond to your request or provide you with the goods or services that you are requesting.
You have a right to complain about the Company’s handling of your personal information if you believe the Company has breached the APPs.
If you wish to make such a complaint to the Company, you should first contact the Privacy Officer in writing. Your complaint will be dealt with in accordance with the Company’s Complaints Policy and the Company will provide a response within a reasonable period.
If you are unhappy with the Company’s response to your complaint, you may refer your complaint to the Office of the Australian Information Commissioner.
Privacy Officer contact details
The Company's Privacy Officer can be contacted in the following ways: