Australian Privacy PrinciplesThe Australian Privacy Principles (APPs), established and enforceable under the Privacy Act 1988, may apply to Certex International Pty Ltd.
Certex International Pty Ltd provides audit and certification services to organisations in Australia and New Zealand. We engage auditors to provide these services. We only seek to collect personal information that is necessary for the proper performance of our tasks and functions.
Type of Personal Information HeldPersonal information that we collect and hold usually falls into the following categories:
Insofar as practicable, we may decline to collect unsolicited personal information and may take such measures as we think appropriate to remove it from our systems.
How We Collect InformationUsually the personal information we collect will be requested from the individual. In some instances, such as when confirming the information provided, we will collect information from third parties including referees, company websites, public registers, Linked-In and internet searches. If the individual chooses to not provide us the information we require we may be unable to provide our audit and certification services, or to engage them as auditors.
How We Hold Personal InformationCertex holds personal information in electronic form on our shared computer drive as well as on the Certex intranet. Both of these are located on our office server. We also hold some paper records in a locked filing cabinet in the office.
Purposes for Which We Hold Personal InformationWe primarily hold personal information for the following purposes:
DisclosuresWe may disclose personal information such as audit experience and qualifications to clients. We may disclose personal information within Certex or its related entities for any of the purposes for which it is primarily held or for a related secondary purpose. The related entities of Certex International Pty Ltd are:
We may disclose personal information where obliged to under our license with JAS-ANZ (Joint Accreditation System, Australia and New Zealand).
We may disclose personal information where we are under a legal duty to do so, including circumstances where we are under a lawful duty of care to disclose information.
In some cases we may only disclose information with consent from the individual.
Overseas DisclosuresWe may disclose personal information to the New Zealand based office of JAS-ANZ.
Contractors and OthersWe contract out a number of services from time to time and also work with other agencies and committees. These parties may see some personal information. These parties may include:
Client Personnel InformationIn the course of conducting audit services, we may sight personal information relating to the personnel and job candidates of clients with whom we are working. Certex does not remove copies of this information from the client site. On occasions, the client may make this information available to us in softcopy format. We encourage the client to provide such information on our secured extranet, Certex Online Resources (CORe). On this site the client controls information they have uploaded and remove it themselves. Any such information has restricted access and is accessible only by Certex management and the auditor appointed to the client. If the client does not remove the information on CORe, Certex will remove this and will securely dispose of any other client personal information from our files immediately after the audit is completed.
Sensitive Information SecurityWe take reasonable steps to ensure that sensitive information and any information that has potentially serious adverse consequences if misused is only accessible by those in Certex who need access to it.
Access to and Correction of InformationIf an individual wishes to obtain access to the personal information we hold about them, they should contact the Certex Privacy Co-ordinator. They will need to be in a position where they can verify their identity. Certex may impose a moderate charge in providing access. We may refuse access if it would interfere with the privacy rights of other persons or if it breaches any confidentiality that attaches to that information, otherwise efforts will be made to obtain the information as soon as reasonably possible.
An individual can ask us to correct Personal information that we hold about them if they believe it is inaccurate, out of date, incomplete, irrelevant or misleading.
Destroying and De-identifying InformationWe destroy or permanently de-identify personal information when it is no longer required for any purpose for which it may be used or disclosed. Where it is not practicable to destroy or de-identify electronic data we will take reasonable steps to prevent inadvertent access.
Dianne Gibert, (03) 9555 3855, firstname.lastname@example.org.
Complaints may also be made to the Office of the Australian Information Commissioner.