Australian Privacy Principles
The Australian Privacy Principles (APPs), established and enforceable under the Privacy Act 1988, may apply to Certex International Pty Ltd.
Certex International Pty Ltd provides audit and certification services to organisations in Australia and New Zealand. We engage auditors to provide these services. We only seek to collect personal information that is necessary for the proper performance of our tasks and functions.
Type of Personal Information Held
Personal information that we collect and hold usually falls into the following categories:
- Certex personnel information including contact details;
- Information submitted and obtained from people seeking work with Certex and other sources e.g. referees in connection with applications for work;
- Information about personality, character, skills, qualifications, experience and audit history;
- Information about registrations and industry associations related to auditing;
- Work performance information;
- Information about incidents in the workplace;
- Client personnel contact details including name, title, telephone, and email and office address.
Certex auditors may also sight personal information relating to candidates and the personnel of the clients with whom we are working. Generally such information is not held by Certex. Refer to the section on Client Personnel Information for more details.
Insofar as practicable, we may decline to collect unsolicited personal information and may take such measures as we think appropriate to remove it from our systems.
How We Collect Information
Usually the personal information we collect will be requested from the individual. In some instances, such as when confirming the information provided, we will collect information from third parties including referees, company websites, public registers, Linked-In and internet searches. If the individual chooses to not provide us the information we require we may be unable to provide our audit and certification services, or to engage them as auditors.
How We Hold Personal Information
Certex holds personal information in electronic form on our shared computer drive as well as on the Certex intranet. Both of these are located on our office server. We also hold some paper records in a locked filing cabinet in the office.
Purposes for Which We Hold Personal Information
We primarily hold personal information for the following purposes:
- Competency assessments;
- Allocation to audits;
- General personnel management;
- Client and business relationship management.
We may disclose personal information such as audit experience and qualifications to clients. We may disclose personal information within Certex or its related entities for any of the purposes for which it is primarily held or for a related secondary purpose. The related entities of Certex International Pty Ltd are:
- Certex Immigration Compliance Pty Ltd
- Service Excellence Consulting Pty Ltd
- Fathom Business Architects International Pty Ltd
We may disclose personal information where obliged to under our license with JAS-ANZ (Joint Accreditation System, Australia and New Zealand).
We may disclose personal information where we are under a legal duty to do so, including circumstances where we are under a lawful duty of care to disclose information.
In some cases we may only disclose information with consent from the individual.
We may disclose personal information to the New Zealand based office of JAS-ANZ.
Contractors and Others
We contract out a number of services from time to time and also work with other agencies and committees. These parties may see some personal information. These parties may include:
- IT Contractors and database designers;
- JAS-ANZ auditors;
- Certex Advisory Board;
- Tax accountant;
Client Personnel Information
In the course of conducting audit services, we may sight personal information relating to the personnel and job candidates of clients with whom we are working. Certex does not remove copies of this information from the client site. On occasions, the client may make this information available to us in softcopy format. We encourage the client to provide such information on our secured extranet, Certex Online Resources (CORe). On this site the client controls information they have uploaded and remove it themselves. Any such information has restricted access and is accessible only by Certex management and the auditor appointed to the client. If the client does not remove the information on CORe, Certex will remove this and will securely dispose of any other client personal information from our files immediately after the audit is completed.
Sensitive Information Security
We take reasonable steps to ensure that sensitive information and any information that has potentially serious adverse consequences if misused is only accessible by those in Certex who need access to it.
Access to and Correction of Information
If an individual wishes to obtain access to the personal information we hold about them, they should contact the Certex Privacy Co-ordinator. They will need to be in a position where they can verify their identity. Certex may impose a moderate charge in providing access. We may refuse access if it would interfere with the privacy rights of other persons or if it breaches any confidentiality that attaches to that information, otherwise efforts will be made to obtain the information as soon as reasonably possible.
An individual can ask us to correct Personal information that we hold about them if they believe it is inaccurate, out of date, incomplete, irrelevant or misleading.
Destroying and De-identifying Information
We destroy or permanently de-identify personal information when it is no longer required for any purpose for which it may be used or disclosed. Where it is not practicable to destroy or de-identify electronic data we will take reasonable steps to prevent inadvertent access.
How to make Inquiries and Complaints
Dianne Gibert, (03) 9555 3855, firstname.lastname@example.org.
Complaints may also be made to the Office of the Australian Information Commissioner.