Privacy Policy (Australia)

Privacy Policy – CCL Secure Pty Ltd (Australia)

In this Privacy Policy, CCL Secure Pty Ltd, Australia, sets out how we collect, use, store and disclose your personal information. We are bound by the Australian Privacy Act 1998 (Cth) including the Australian Privacy Principles.  Where personal information is collected about European Union, United Kingdom or Mexican residents the UK Data Protection Act 1998, the European Union General Data Protection Regulation, and Mexican privacy laws (in Spanish “Ley Federal de Protección de Datos Personales en Posesión de los Particulares”) apply. We are committed to respecting your privacy and each CCL Secure company will be responsible for its use and the protection of your personal information in accordance with the privacy law in its jurisdiction.

By providing personal information to us, you consent to our collection, use and disclosure of your personal information in accordance with this Privacy Policy and any other arrangements that apply between us. We may change our Privacy Policy from time to time by publishing changes to it on our websites at www.cclsecure.com and www.polyteq.com.au. We encourage you to check our websites periodically to ensure that you are aware of our current Privacy Policy.

1. What personal information do we collect?

Personal information includes information or an opinion about an individual that is reasonably identifiable. For example, this may include your name, age, gender, postcode and contact details.

General collection

We may collect the following types of personal information:

• contact details, including name, organisation for whom you work, mailing or street address, email address, telephone number and other contact details;
• financial details, including your bank account number; and
• any other personal information that may be required in order to facilitate your dealings with us.

We may collect these types of personal information either directly from you, or from third parties.

We may collect this information when you:

• provide goods or services to us;
• require services from us or require access to secure parts of our business;
• communicate with us in person and through correspondence, chats, email, or when you share information with us from other services;
• interact with our business; and
• invest in our business or enquire as to a potential purchase of our business.

Collection for work and screening requirements

In addition, when a person applies for a job or otherwise applies to work with us, or when a person requires access to secure parts of our business, we may collect the following additional information:

• identification information, including age or date of birth, nationality, and gender;
• identity verification information, including driver’s licence number, copy of driver’s licence, motor vehicle registration number, vehicle plate number, tax file number, birth or citizenship certificate, passport number, and photographs;
• information about your personal circumstances, including your marital status;
• information about third parties, such as a family member, spouse, partner, dependent, housemate or other person with whom you live or have close relationships;
• information about legal proceedings that you are, or have been, involved in;
• information about your education and working history, including current and past position title and qualifications, resume details, and training history;
• financial information, including information about your income and expenditure, assets, cash and investments, business history and debts; and
• sensitive information including information about your health, criminal background, political affiliations and memberships of any clubs, associations or interest groups.

For persons who apply to work with us or who require access to secure parts of our business, we may collect this information either directly from you, or from publicly available records, recruitment consultants, your referees, your previous employers, organisations that provide labour hire services, organisations that undertake working and criminal history assessments and others who may be able to provide information to us to assist in our decision on whether or not to make you an offer of employment, engage you under a contract, or allow you to access our business.

If you are listed as a reference, or if you have been named as having a close relationship or affiliation with a person who has applied to work with us or access our business, we may collect your personal information from the person who has provided that information and is the subject of that application, or from publicly available records, organisations that undertake working and criminal history assessments and others who may be able to provide information to us to assist in our decision on the application.

2. Unsolicited Information

When we receive unsolicited information about you we will assess whether that information is reasonably necessary for, or directly related to, one of our functions or activities.  If it is, we will handle this information in the same way we handle other information in accordance with our Privacy Policy. If it is not, then we will destroy or de-identify the information in accordance with the relevant legislation.

3. Why do we collect, use and disclose personal information?

We may collect, hold, use and disclose your personal information for the following purposes:

• to contact and communicate with you;
• to allow you to provide goods and services to us;
• to allow us to provide goods and services to you;
• to make payments to you for goods and services you provide to us, including paying you remuneration and other benefits and entitlements;
• to send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you;
• to verify your identity and conduct screening assessments to assess your security credentials and suitability to work with us and access secure parts of our business;
• to better understand how you use our websites so we can improve our websites and services;
• to consider the suitability of a person for whom you have provided a character reference, or for whom you have been listed as being a close contact; and
• to comply with our legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties.

For persons who have applied to work with us or who require access to our business, we do this in order to maintain the high security standards for our business and because we must comply with strict requirements to conduct screening assessments and obtain security clearances for individuals and organisations who may obtain access to security classified information or resources that must be safeguarded.

4. To whom do we disclose your personal information?

We may disclose personal information for the purposes described in this Privacy Policy to:

• our employees and our related bodies corporate;
• third party suppliers and service providers (including providers for the operation of our business or in connection with providing our products and services to you);
• third parties with which we do business and/or lease premises;
• our professional advisers, dealers, agents and business partners;
• payment systems operators for the purposes of making payments to you or to third parties on your behalf;
• anyone to whom our assets or businesses (or any part of them) are transferred;
• specific third parties authorised by you to receive information held by us; and
• other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.

Disclosure of Government Related Identifiers

In Australia, Government Related Identifiers are defined in the Privacy Act and include your tax file number, driver licence number, motor vehicle registration number, vehicle plate number and passport number. We are required to comply with laws relating to the collection, storage, use and disclosure of Government Related Identifiers. We will only use and disclose Government Related Identifiers that you provide to us in accordance with the law.

Disclosure of personal information overseas

We may disclose your personal information overseas to our third party suppliers for due diligence screening and training purposes, and between CCL Secure companies in limited circumstances. Our third party suppliers are located in the United Kingdom, United States of America and other countries, and CCL Secure companies are located in Australia, the United Kingdom and Mexico. We will take reasonable steps to ensure that any overseas recipient will deal with such personal information in a way that is consistent with the relevant law.

5. Using our websites and cookies

The CCL Secure website is operated in the United Kingdom and bound by the UK Data Protection Act 2018 and the European Union General Data Protection Regulation.  Our European Union General Data Protection Regulation Privacy Statement – can be found here:

We may collect personal information about you when you use and access our websites. We may record certain information about your use of our websites, such as that you have logged in, which pages you visit, what content or documents you access and download and when, the time and date of your visit and the internet protocol address assigned to your computer.

We may also use ‘cookies’ or other similar tracking technologies on our websites that help us track your website usage and remember your preferences. Cookies are small files that store information on your computer, TV, mobile phone or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. You can disable cookies through your internet browser but our websites may not work as intended for you if you do so.

We may also use cookies to enable us to collect data that may include personal information. For example, where a cookie is linked to your account, it will be considered personal information under relevant legislation. We will handle any personal information collected by cookies in the same way that we handle all other personal information as described in this Privacy Policy.

6. Security

Our industry requires us to comply with strict security requirements and your security is our priority. We may hold your personal information in either electronic or hard copy form. We take reasonable steps to protect your personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure and we use a number of physical, administrative, personnel and technical measures to protect your personal information.

For example, we:

• provide training to our employees and other personnel in relation to our privacy and security policies and procedures;
• maintain secure premises and protect them from unauthorised access by using fences, alarms, CCTV, electronic security detection systems and onsite security officers;
• require that all persons who enter and have access to our premises must pass strict security screening assessments and be granted security clearance;
• maintain a comprehensive framework of information technology security policies, processes, systems and architecture to protect our internal networks, system and data from unauthorised access; and
• regularly review and evaluate our information security management practices, processes, systems and controls to ensure compliance with our internal policies and procedures and the legal requirements.

In addition, we hold all physical, hard copies of your sensitive personal information in secure safes on our secure premises, only for the period of time permissible under relevant legislation. Although we take these reasonable steps, we cannot guarantee the security of your personal information.

7. Links

Our websites may contain links to websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites, and have no control over or rights in those linked websites. The privacy policies that apply to those other websites may differ substantially from our Privacy Policy, so we encourage individuals to read them before using those websites.

8. Accessing or correcting your personal information

You can access the personal information that we hold about you by contacting us using the contact information in the “Contact Us” section below. In some cases, we may not be able to provide access to certain personal information and when this is the case, we will tell you the reasons for not being able to provide this information. We may also need to verify your identity when you request your personal information.

If you consider that any personal information we hold about you is inaccurate, please contact us and we will take reasonable steps to ensure that it is corrected.

In Mexico, these rights are known as “ARCO”, through which you may “access”, “rectify”, “cancel” (request the removal of your personal information) or “oppose” (request that your personal information not be processed), in accordance with the relevant legislation in Mexico. You may make these requests of the CCL Secure company in Mexico by using the contact information in the “Contact Us” section below.

9. Making a complaint

If you think that we have breached relevant legislation, or you wish to make a complaint about the way we have handled your personal information, you can contact us using the details set out below. Please include your name, email address and/or telephone number and clearly describe your complaint. We will acknowledge your complaint and respond to you regarding your complaint within 5 business days of receiving your complaint. If you think that we have failed to resolve the complaint satisfactorily, we will provide you with information about the further steps you can take.

10. Contact Us

For further information about our Privacy Policy, or to access or correct your personal information, or to exercise your ARCO rights in Mexico, or make a complaint, please contact us using the details below:

Australia	United Kingdom	Mexico
Vice President and Managing Director CCL Secure PO Box 223 Craigieburn VIC 3064, Australia	Managing Director CCL Secure Station Road, Wigton, Cumbria CA7 9BG,United Kingdom	Vice President and Managing Director CCL Secure Parque Industrial Querétaro, Santa Rosa Jáuregui, Querétaro, C.P. 76220, Querétaro, México

In Australia, if you are dissatisfied by the manner in which we handle your information, you can also send your complaint to the Office of the Australian Information Commissioner. The Commissioner can be contacted at:

Office of the Australian Information Commissioner (OAIC)

GPO Box 5218

Sydney NSW 2001

Telephone: 1300 363 992

www.oaic.gov.au

Effective: December 2020