Personal information includes information or an opinion about an individual that is reasonably identifiable. For example, this may include your name, age, gender, postcode and contact details.
We may collect the following types of personal information:
We may collect these types of personal information either directly from you, or from third parties. We may collect this information when you:
For persons who apply to work with us or who require access to secure parts of our business, we may collect this information either directly from you, or from publicly available records, recruitment consultants, your referees, your previous employers, organisations that provide labour hire services, organisations that undertake working and criminal history assessments and others who may be able to provide information to us to assist in our decision on whether or not to make you an offer of employment, engage you under a contract, or allow you to access our business.
If you are listed as a reference, or if you have been named as having a close relationship or affiliation with a person who has applied to work with us or access our business, we may collect your personal information from the person who has provided that information and is the subject of that application, or from publicly available records, organisations that undertake working and criminal history assessments and others who may be able to provide information to us to assist in our decision on the application.
We may collect, hold, use and disclose your personal information for the following purposes:
We keep your personal data for no longer than is necessary for the purposes it was collected for. The length of time we retain your personal data for is determined by operational and legal considerations. For example, we are legally required to hold some types of personal data to fulfil our statutory and regulatory obligations (e.g. health/safety and tax/accounting purposes).
We review our retention periods on a regular basis.
In Australia, Government Related Identifiers are defined in the Privacy Act and include your tax file number, driver licence number, motor vehicle registration number, vehicle plate number and passport number. We are required to comply with laws relating to the collection, storage, use and disclosure of Government Related Identifiers. We will only use and disclose Government Related Identifiers that you provide to us in accordance with the law.
We may disclose your personal information overseas to our third party suppliers for due diligence screening and training purposes, and between CCL Secure companies in limited circumstances. Our third party suppliers are located in the United Kingdom, United States of America and other countries, and CCL Secure companies are located in Australia, the United Kingdom and Mexico. We will take reasonable steps to ensure that any overseas recipient will deal with such personal information in a way that is consistent with the relevant law.
We may collect personal information about you when you use and access our websites. We may record certain information about your use of our websites, such as that you have logged in, which pages you visit, what content or documents you access and download and when, the time and date of your visit and the internet protocol address assigned to your computer.
We may also use ‘cookies’ or other similar tracking technologies on our websites that help us track your website usage and remember your preferences. Cookies are small files that store information on your computer, TV, mobile phone or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. You can disable cookies through your internet browser but our websites may not work as intended for you if you do so.
Our industry requires us to comply with strict security requirements and your security is our priority. We may hold your personal information in either electronic or hard copy form. We take reasonable steps to protect your personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure and we use a number of physical, administrative, personnel and technical measures to protect your personal information.
For example, we:
Data protection law requires us to rely on one or more lawful grounds to process your personal data. We consider the following grounds to be relevant:
Where you have provided specific consent to us using your personal data in a certain way, such as to send you newsletters or email, text and/or telephone marketing.
Where we are entering into a contract with you or performing our obligations under it.
Where necessary so that we can comply with a legal or regulatory obligation to which we are subject.
Where it is necessary to protect life or health (for example in the case of medical emergency suffered by an individual at one of our events) which requires us to share your personal data with the emergency services.
Where it is reasonably necessary to achieve our or others’ legitimate interests (as long as what the personal data is used for is fair and does not duly impact your rights).
We consider our legitimate interests to be running CCL as a profitable organisation in pursuit of our aims and ideals, and those of our clients. For example to
When we legitimately process your personal data in this way, we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. We will not use your personal data where our interests are overridden by the impact on you, for example, where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law).
When we use sensitive personal data, we require an additional legal basis to do so under data protection laws, so will either do so on the basis of your explicit consent or another route available to us at law (for example, if we need to process it for employment, social security or social protection purposes, your vital interests, or, in some cases, if it is in the public interest for us to do so).
Under UK data protection law, you have certain rights over the personal data that we hold about you. These include:
You have a right to request access to the personal data that we hold about you. You also have the right to request a copy of the personal data we hold about you, and we will provide you with this unless legal exceptions apply.
If you want to access your personal data, please send a description of the information you want to see and proof of your identity by post to the address provided below.
You have the right to have inaccurate or incomplete personal data we hold about you corrected. The accuracy of your information is important to us if you believe any of the other information we hold about you is inaccurate or out of date, please contact us by using the contact information in the “Contact Us” section below.
You have a right to ask us to restrict the processing of some or all of your personal data if there is a disagreement about its accuracy or we’re not lawfully allowed to use it.
You may ask us to delete some or all of your personal data and in certain cases, and subject to certain exceptions; we will do so as far as we are required to. In many cases, we will anonymise that information, rather than delete it.
If we are processing your personal information (1) based on your consent, or in order to enter into or carry out a contract with you, and (2) the processing is being done by automated means, you may ask us to provide it to you or another service provider in a machine-readable format.
You have the right to object to processing where we using your personal information (1) based on legitimate interests, (2) for direct marketing or (3) for statistical/research purposes.
If you want to exercise any of the above rights, please email us at email, phone or postal address. We may be required to ask for further information and/or evidence of identity. We will endeavour to respond fully to all requests within one month of receipt of your request, however if we are unable to do so we will contact you with reasons for the delay.
Please note that exceptions apply to a number of these rights, and not all rights will be applicable in all circumstances. For more details we recommend you consult the guidance published by the UK’s Information Commissioner’s Office, https://ico.org.uk/
In Mexico, these rights are known as “ARCO”, through which you may “access”, “rectify”, “cancel” (request the removal of your personal information) or “oppose” (request that your personal information not be processed), in accordance with the relevant legislation in Mexico. You may make these requests of the CCL Secure company in Mexico by using the contact information in the “Contact Us” section below.
If you think that we have breached relevant legislation, or you wish to make a complaint about the way we have handled your personal information, you can contact us using the details set out below. Please include your name, email address and/or telephone number and clearly describe your complaint. We will acknowledge your complaint and respond to you regarding your complaint within 5 business days of receiving your complaint. If you think that we have failed to resolve the complaint satisfactorily, we will provide you with information about the further steps you can take.
Vice President and Managing Director
Parque Industrial Querétaro
C.P. 76220 Santa Rosa Jáuregui
Vice President and Managing Director
PO Box 223 Craigieburn VIC 3064
In Australia, if you are dissatisfied by the manner in which we handle your information, you can also send your complaint to the Office of the Australian Information Commissioner. The Commissioner can be contacted at:
Office of the Australian Information Commissioner (OAIC)
GPO Box 5218
Telephone: 1300 363 992
Effective: September 2018