Privacy Policy

This Privacy Policy (“Policy”) applies to Certis Australia Pty Ltd and its subsidiaries (hereinafter collectively “Certis Australia,” “we,” “us” or “our”). This Policy outlines the responsibility of each member of the Certis Australia in relation to the collection, processing, usage and disclosure of Personal Information (as defined below). It is designed to protect the confidentiality of the personal information and regulate the way it is managed.

1.    Introduction

Certis Australia collects, holds, uses and/or discloses personal information relating to individuals (including, but not limited to, its clients, contractors, suppliers and employees) in the performance of its business activities.

We are committed to protecting the privacy of our clients, employees, and other individuals we interact with. This Privacy Policy outlines how we collect, use, disclose, and manage personal information in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs) contained therein.

2.    What is personal information?

In this Privacy Policy “personal information” has the meaning set out in the Privacy Act. Personal information means information or an opinion that relates to an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not.

3.    Types of personal information we collect and hold

Certis Australia collects personal information that is reasonably necessary for one or more of its functions or activities.
The type of information that we collect depends on the circumstances of the collection and on the nature of the service requested or transaction undertaken. This information (some of which may be personal information about you) includes but is not limited to:

• name, gender, date of birth, passport, driver’s license, security license number, first aid certification or other personal identification numbers;
• contact information e.g. address, phone number, email address;
• employment details;
• financial, debt and payment information e.g., creditworthiness, debt details, bank account details, credit or debit card information, including the name of cardholder, card number, billing address and expiry date;
• images, photographs, videos, closed circuit television (CCTV) footage, voice recordings;
• biometric information, geo-location and vehicle driving information (such as location, speed, braking and acceleration information);

We will only collect sensitive information where the individual consents to the collection of the information and the information is reasonably necessary for one or more of the business functions or activities. Sensitive information that we collect includes, but is not limited to, information or an opinion about:

• tax file number;
• health information e.g., medical records or requests;
• membership of a trade union;
• criminal history.

4.    How we collect your personal information

Generally, Certis Australia collects personal information either directly from you, your employer or your authorised representatives (i.e. persons who have been validly identified as being authorised by you through our verification procedures) or from publicly available information sources in the following ways:

• when you submit forms relating to an enquiry or purchase, or use any of our products or services;
• when you interact with our customer service or security officers, including via telephone calls, face-to-face meetings and emails;
• when you provide information prior to entering our buildings or premises;
• when you request that we contact you or be included in an email or other mailing list(s);
• when you respond to our promotions or other incentives;
• when you respond to our request for additional personal information;
• when you respond to our surveys;
• when you submit a job application;
• when you sign on for work or use any of our corporate digital resources or apps such as BOSS;
• when we receive references from business partners and third parties, for example, where you have been referred by them; and
• when you browse our website. If you are only browsing our website, you generally do so anonymously. We do not capture any data that allows us to identify you individually, unless you provide such information. However, we do use cookies on our websites. To find out more, please refer to Section 11 on cookies below.

When we collect personal information about you through publicly available information sources, we will manage such information in accordance with the APPs.

5.    Purposes for which we collect, hold, use and/or disclose personal information

We collect, use, disclose and/or share your personal information for the following purposes:

• to communicate with you on any queries you may have;
• to process your order and deliver products and services to you;
• to manage the administration and business operations of Certis Australia and to comply with our policies and procedures;
• to respond to client requests, audits or investigations
• for service improvements, resolving complaints and disputes;
• for identity and licensing verification purposes;
• to communicate with you and/or to keep records in connection with a job application and other job opportunities;
• in relation to a job application by you,
• to contact the referee(s) whose details have been provided by you;
• to verify your academic and professional qualification by contacting the school/college/university/institute/professional qualifying bodies;
• to disclose your personal information to our customers in connection with your job application,
• to conduct other relevant pre-employment checks and screening, such as with authorities and credit agencies; and
• to administer employment or psychometric assessments (including via third parties);
• for employee training, assessments for learning or development purposes, and performance evaluation (including via third parties);
• to provide controlled access to our non-corporate users for using our systems;
• to update our records and generally maintain your accounts with us;
• to detect and prevent fraudulent activity;
• to meet or comply with any applicable rules, laws, regulations, codes of practice or guidelines issued by any legal or regulatory bodies which are binding on Certis Australia (including but not limited to responding to regulatory complaints, disclosing to regulatory bodies and conducting audit checks, due diligence and investigations); and
• purposes which are reasonably related to the above.

Furthermore, where permitted under applicable laws, we may collect, use and disclose your personal information for the following additional purposes:

• analytics and tracking;
• conducting market research and surveys to enable us to understand and determine customer location, preferences and demographics to develop special offers and marketing programmes in relation to our products and services and to improve our service delivery and customer experience at our touchpoints;
• providing additional products and services and benefits to you;
• matching your personal information with other data collected for other purposes and from other sources (including third parties) in connection with the provision, marketing or offering of products and services to you;
• leads generation and management for marketing products and services;
• administering contests, competitions and marketing campaigns, and personalising your experience at our touchpoints;
• organising promotional events; and
• purposes which are reasonably related to the above.

6.    Disclosure of personal information

We may disclose or share your personal information in the following circumstances:

• Third party service providers: We may disclose your personal information to third parties:
• contracted by us to assist us in delivering part or all of the products and services ordered by you;
• who provide services as part of the promotions or services offered to you;
• who provide services to us such as other security service providers, professional advisers, IT consultants, recruitment partners etc.;
• credit bureaux for the purpose of preparing credit reports or evaluation or updating of creditworthiness or enforcement of repayment obligations;
• bankers, insurers, credit card companies and any of their respective service providers.

We will use all commercially reasonable endeavours to conduct due diligence on the data protection practices of third party providers prior to our engagement of them.

• Our clients: If you work for us or one of our subcontractors, we may disclose your personal information to our clients for the purposes of identity, licensing, qualification or shift verification or for audit and investigation purposes or for managing complaints,
• Certis Group: We may disclose information, which may include personal information, to our related and affiliated companies with the Certis Group which includes Certis CISCO Security Pte Ltd in Singapore for general business and operational purposes as part of a shared business model.
• Business transfers: As we continue to develop our business, we might sell or buy businesses, subsidiaries or business units or undertake a merger. In such transactions, customer information may be one of the transferred business assets.
• Any other purpose: We may seek your consent to collect, hold, use and disclose your personal information for any other purpose not set out herein.

Certis Australia shall use its best endeavours to ensure that its employees, officers, partners and such other third parties mentioned above who are involved in the collection, processing and disclosure of personal information will observe and adhere to the terms of this Policy.

Certis Australia also reserves the right to share your personal information as is necessary to prevent a threat to the life, health or security of an individual or corporate entity. Further, Certis Australia may disclose your personal information to law enforcement agencies, government representative and our advisers, as is necessary, to investigate suspected unlawful activities including but not limited to fraud, intellectual property infringement or privacy.

7.    Cross-border disclosure of personal information

We may use or disclose your personal information with members of the Certis Group (which includes our affiliates, subsidiaries and joint ventures worldwide) located in Singapore, Hong Kong, Macau and Qatar. Other third party providers may be located overseas. The countries in which these third parties are located will depend on the circumstances.

Before Certis Australia discloses personal information about you to an overseas recipient, we will take such steps as are reasonable in the circumstances to ensure that the overseas recipient does not breach the APPs in relation to the information.

8.    Access, correction and withdrawal

If you wish to:

• apply for a copy of the personal information we hold about you;
• request for your personal information to be updated or corrected;
• make a complaint about the way in which your personal information has been handled; or
• withdraw the consent you previously provided to us to use the personal information we hold about you,
• please contact us at the relevant contact set out in Section 12 below.

Please allow us reasonable time to respond to any request and effect any change. We may ask you to verify your identity and for more information about your request. Access is only limited to your own data and no others.

Where we are legally permitted to do so, we may refuse your request and give you reasons for doing so. Where you request your personal information to be updated and there is a dispute about the facts, we will make a note on your personal information of such dispute. Where permitted to do so, we may charge an administrative fee for access requests.

Please note that if your personal information has been provided to us by a third party (e.g. a referral), you should contact that organisation or individual to make such queries, complaints, and access and correction requests. This is to ensure that your queries, complaints, and access and correction requests are properly processed by the relevant organisation or individual.

If you withdraw your consent to any or all use of your personal information, depending on the nature of your request, we may not be in a position to continue to provide our products and services to you, and/or administer any contractual relationship in place, which in turn may also result in the termination of any agreements with us, and your being in breach of your contractual obligations or undertakings. Our legal rights and remedies in such event are expressly reserved.

9.    Storage and security

Security of your personal information is important to us and we will take all reasonable precautions to protect your personal information from misuse, interference, loss, unauthorised access, modification or disclosure. However, to the extent permitted by law we exclude all liability (including in negligence) for the consequences of any unauthorised access to, disclosure of, misuse of or loss or corruption of your personal information.

Personal information held by us is stored within secured premises or servers (located in Australia or Singapore), or third-party cloud infrastructure. The storage facilities have physical, electronic and procedural safeguards to protect your personal information from misuse, interference, loss, unauthorised access, modification or disclosure.

We will take such steps as are reasonable in the circumstances to protect the personal information from misuse, interference, loss and from unauthorised access, modification or disclosure. We train our employees who handle your personal information to respect the confidentiality of your personal information. Our Privacy Officer oversees our management of your personal information in accordance with this Policy and applicable laws.

If Certis Australia holds personal information it no longer needs the information for any purpose for which the information may be used or disclosed; the information is not contained in any Commonwealth record; and the Company is not required by law to retain the information, the Company will take such steps as are reasonable in the circumstances to destroy the information or to ensure it is de-identified.

10.    Third party websites

Our website may contain links to third party sites whose data protection and privacy practices may differ from ours. We are not responsible for the content and privacy practices of these other websites and encourage you to read the applicable privacy policies governing those sites. Certis Australia is not responsible for any information that is submitted to or collected by these third party websites.

11.    Cookies and Google Analytics

Our website uses cookies to monitor browsing preferences and help us analyse data about webpage traffic in order to make website improvements and for statistical analysis purposes. A cookie does not give us access to your computer or any information about you, other than the information you choose to share with us. Most internet browsers allow you to turn off cookies. Should you do so, you may not be able to experience all of the features of our website.

Our website uses Google Analytics. For more information about Google analytic cookies, please see Google’s Privacy Policy and Google Analytics Help pages.

Google has developed the Google Analytics opt-out browser add-on for the Google Analytics JavaScript (ga.js, analytics.js, dc.js). If you wish to opt out of Google Analytics, you can download and install the add-on for your web browser.

12.    Complaints and contact details

If you have any concerns or questions about the way your personal information is managed and used by us or are concerned that an APP or the Privacy Act have been breached, please feel free to contact our Privacy Officer.

Certis Australia takes compliance with its privacy obligations seriously. We will ensure that your complaint is registered with us and may request that you provide the complaint to us in writing. The Privacy Officer will ensure that the complaint is referred to the right people within the organisation to investigate and respond to the complaint. Any response or action will be notified to you as soon as practicable.

The contact details of the Privacy Officer are as follows:

13.    Changes to our Privacy Policy

This Policy will be reviewed and updated from time to time by Certis Australia to take into account new laws, technological changes, changes to our operations and practices and industry trends.

Subject to your rights at law, you agree to be bound by the prevailing terms of our Privacy Policy as updated from time to time on our website. Please check back regularly for updated information on the handling of your personal information.