This Privacy Policy describes how we handle your personal information in accordance with the Privacy Act 1988 (Privacy Act) including the Australian Privacy Principles (APP) and the General Data Protection Regulation (EU) 2016/679 (GDPR).
The terms of this Privacy Policy form part of any agreement between you and us (Agreement). If there is any inconsistency between any Agreement and this Privacy Policy, the Agreement prevails.
By using our website and our products and services, you acknowledge and consent to the data practices described in this Privacy Policy.
This Privacy Policy only applies to Industry Capability Network Limited. It does not apply to any other company or organisation we may associate with, including organisations whose services are in some way linked to us through online content or social media services.
If you choose to communicate with us or access information about us through a social network service, the social network or app provider and its partners or associates may collect, hold, use or disclose your personal information, in Australia or overseas, for its own purposes and according to its own policies. This Privacy Policy does not apply to those services.
We encourage you to review the privacy policies of websites you choose to link to from our website or the social network services you use to communicate with us so that you can understand how those websites collect, use and share your information. We are not responsible for the way these third party sites handle your personal information, or for other content on websites outside of our website.
The kind of information we collect and hold about you will depend on the nature of your dealing with us. We may collect and hold information about you including:
If you are one of our service providers, we may also collect and hold information about the nature of the goods and services supplied and quotes you have provided.
If you are applying for employment with us, we may also collect information about your previous employment and professional references.
We collect personal information in a number of ways, including:
We collect commercial credit history information from Equifax which may also contain information about company directors, secretaries, other office holders and employees and shareholders. You can find out more about how Equifax handle your personal information by viewing their privacy policy at www.equifax.com.au/privacy.
In the course of providing our goods and services, we may indirectly collect personal information (including sensitive information) about you. We may combine or link this personal information with our own records of your personal information.
If you provide any personal information about another person (such as a referee or account contact person), please tell them about this Privacy Policy so they are aware that you have provided their personal information to us and how we will handle that information. You also warrant that you have obtained their consent to provide us with their personal information and for us to use it in accordance with this Privacy Policy.
If you request a copy of your commercial credit report or commercial credit score through the Gateway platform, you consent to that information being stored in our systems in accordance with section 12 below.
Where possible, we will allow you to interact with us through the website anonymously or using a pseudonym. However, if you do not wish to provide particular information, or the information you provide is incorrect, incomplete or inaccurate we may not be able to:
We collect, hold, use and disclose your personal information for the primary purpose of conducting our business, which includes but is not limited to:
We may also collect, hold, use and disclose your personal information for other purposes which are within reasonable expectations, we have told you about at the time we collected the information or where permitted or required by law.
We reserve the right to transfer information (including personal information) to a third party in the event of a sale, merger or other transfer of all or substantially all of our assets provided the third party adheres to this Privacy Policy.
We may collect sensitive information about you including your membership to any trade union or trade association which is necessary to provide our products and services to you or for any other purpose outlined in section 6 above.
You give us consent to collect, use and disclose your sensitive information in accordance with this Privacy Policy.
Where we collect, use and disclose sensitive information about you for any other purpose, we will only do so where we have obtained your consent or such collection, use, or disclosure is permitted by law.
Our website uses ‘cookies’ to help you personalise your online experience. A cookie is a text file that is placed on your hard disk by a webpage server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.
The purpose of a cookie is to tell the web server that you have returned to a specific page. For example, if you personalise any of our webpages, register with our site or for our services, a cookie helps us to recall your specific information on subsequent visits. This simplifies the process of recording your personal information, such as billing addresses, shipping addresses, and so on. When you return to the same webpage, the information you previously provided can be retrieved, so you can easily use the features that you customised.
You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of our website or our services.
We also keep track of the websites and pages you visit within our website in order to determine which of our services are the most popular and to deliver customised content and advertising to you.
We will not sell, rent, licence or lease our customer lists to third parties.
We may disclose your personal information:
All third party subcontractors are:
It is a necessary requirement of operating the Gateway platform that some of the information you have provided is available to third parties who may wish to use your products or services such as buyers, project managers and government officials as part of a tender process. You can control or manage the type of personal information that is disclosed in this way through the Gateway platform. By using the Gateway platform you consent to us making this information available to third parties.
Please keep in mind that if you directly disclose person information or sensitive information through our public message boards or on social media, this information may be collected and used by others.
We take reasonable steps to ensure that, before disclosing personal information to any third party, they comply with the requirements of the Privacy Act, the GDPR or a law or binding scheme or code which has the effect of protecting information in a substantially similar way.
Please note that third party recipients of personal information may handle your information in accordance with their own privacy policies and, to the maximum extent permitted by law, we are not responsible for the way that they handle your personal information.
The ICN Group consists of Industry Capability Network Limited, its related bodies corporate and the ICN State Members.
We collect information from and share information with other members of the ICN Group, including your personal information, to:
We will not disclose your commercial credit history information to members of the ICN Group without your consent.
By using the products and services provided by us, you understand and consent to your information being disclosed in this way.
While we take reasonable steps to ensure that each member of the ICN Group complies with the requirements of the Privacy Act and the GDPR, each member of will handle your personal information in accordance with their own privacy policies and, to the maximum extent permitted by law, we are not responsible for the way that they handle your personal information.
From time to time, we may disclose your personal information to overseas recipients if it is necessary to conduct our business, to provide the services to you, or if it is required by law. We will not transfer your information overseas for any other reason without your express consent.
We will take reasonable steps to ensure that the receiving party provides commitments regarding privacy and confidentiality which:
We take your privacy and security seriously. For this reason we take reasonable steps to secure your personal information from unauthorised access, use or disclosure.
We regularly assess the risk of misuse, interference, loss, and unauthorised access, modification or disclosure of personal information, and take measures to address those risks including conducting real time monitoring of our security systems efficacy using specialised software tools.
We secure your personal information using password protection on computer servers in a controlled, secure environment. When personal information (such as a credit card number) is transmitted to other websites, it is protected through the use of encryption, such as the secure socket layer (SSL) protocol and is not stored electronically in our systems.
We also use cloud based solutions in Australia to securely store your personal information. We may, from time to time, expand our operations or change the cloud-based or other secure storage solutions we use. We can do this without notifying you, but we will take reasonable steps to maintain the same level of security and protection.
There are also system and managerial controls which restrict your commercial credit information from being accessed, used or disclosed by anyone other than you, without your consent.
We keep personal information as long as it is reasonably necessary for the purposes described in this Privacy Policy or otherwise in compliance with the law.
We are committed to handling any suspected or actual data breach expeditiously and in accordance with our data breach reporting obligations under the GDPR and the Notifiable Data Breach Scheme.
Although we take reasonable steps, we are not responsible for third party circumvention of security measures on our electronic databases or at any of our premises. We are also not responsible for unlawful access or interception by a third party of any transmissions or private communications.
As a result, while we strive to protect your personal information, we cannot ensure or warrant, and do not warrant, the security, privacy or confidentiality of any information, including personal information that you transmit to us, and you do so at your own risk.
Further, while we use password controls and other physical and managerial controls to secure your information, we cannot guarantee that only authorised persons will access your personal information. Please notify us immediately if you believe there has been any unauthorised access to your information.
You are solely responsible for maintaining the security of your passwords or any account information.
From time to time, we may use your personal information for direct marketing purposes and you consent to us using your personal information for direct marketing purposes for an indefinite period (unless you opt out). This includes sending you updates about our products and services and contacting you on behalf of our external business partners (but we will not disclose your personal information to them without your consent).
When we contact you, it may be by mail, email or SMS in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth).
If you do not want to receive direct marketing from us please contact us using the details in section 16 below or you can opt out on the Gateway platform. Alternatively, we will always provide a simple means by which you can easily request not to receive direct marketing communications from us, such as clicking an ‘unsubscribe’ or ‘opt out’ link at the bottom of our emails and other direct marketing communications.
Once you have made a request not to receive direct marketing communications from us, we will, within a reasonable period of time, update our records and remove you from the mailing list so that you do not receive any future direct marketing communications or materials.
If you are a user in the European Union (EU), please see section 17 below.
The ICN Group (or any of the entities which make up the ICN Group) may send you direct marketing material and surveys to inform you about products or services, special offers, promotions and events that may be of interest to you and to receive your feedback on existing products and services.
By giving us consent to receive direct marketing, you are also consenting to receiving it from the ICN Group.
Please note that each member of the ICN Group is a separate entity. If you do not want to receive marketing communications and surveys from a member of the ICN Group, you can let that entity know at any time by contacting them at the details specified in their privacy policy or by utilising the opt-out function offered by that organisation.
We take reasonable steps to ensure that the personal information we hold is accurate, up to date and complete, including maintaining and updating records when advised that the information has changed.
You may request access to the personal information we hold about you under the Privacy Act, the APPs or the GDPR. Please note that each member of the ICN Group is a separate entity and may hold different information about you.
If you wish to access or correct the personal information we hold about you, you can do so through the Gateway platform or by contacting the Privacy Officer using the details in section 16 below. Before we provide you with access to your personal information we may require some proof of identity.
If you believe that the information contained in your Equifax Score or Equifax commercial credit report is inaccurate or incomplete, please contact Equifax on 1300 921 621 or email subscriberassist.au@Equifax.com.au
We will respond to any request to access or correct your personal information within 30 days of receiving your request. We will provide you with access to any of your personal information we hold (except in limited circumstances recognised by law).
In certain circumstances, we may charge you a reasonable fee for giving you access to or for correcting your personal information but we will not charge you for making the request itself. We will notify you in advance of the amount of any fee (or the basis for the calculation) for providing access to your information.
In the unlikely event that we disagree about the accuracy of the personal information provided and we are unable or unwilling to change it, we will, to the extent reasonable, provide you a written response as to our reasons. You can make a complaint if you think we have wrongly refused to correct or give you access to your personal information by using the contact details in section 16 below.
If you are a user in the EU, please see section 17 below.
We will occasionally update this Privacy Policy but we will endeavour to ensure that your overall level of privacy protection is not diminished. We encourage you to periodically review this Privacy Policy to be informed of how we are protecting your information as you agree to be bound by any modified or amended versions of this Policy.
The revised version of the Privacy Policy will be effective at the time we post it, which time will be indicated below.
If you would like to request further information, make a complaint, or are not satisfied with how we have handled your personal information, please contact the Privacy Officer using the details below:
Privacy Officer
Industry Capability Network Limited
37 Geils Court
Deakin ACT 2600
PO Box 130
Deakin West ACT 2600
We may ask you to provide further details about your complaint and we may discuss your complaint with our personnel, our service providers and others as appropriate. Our team will investigate the matter and attempt to resolve it within 30 days of receipt.
If you are not satisfied with our resolution of your complaint and no other complaint resolution procedures are agreed or required by law:
The Privacy Commissioner’s contact details are:
Office of the Australian Information Commissioner
Website: www.oaic.gov.au
Email: enquiries@oaic.gov.au
Telephone: 1300 363 992
Post: GPO Box 5218, Sydney, NSW, 2001
Facsimile: + 61 2 9284 9666
If you are a user in the EU, please see section 17 below.
If you are a user of our products and services in the EU, our processing of your Personal Data (personal information) must be in accordance with the GDPR. Under the GDPR, in addition to any other right you have under this Privacy Policy, you have a right to:
In accordance with the GDPR, we process personal information under the following legal grounds:
If you would like to:
please contact us using the details in section 16.
For your protection, we may need to verify your identity or conduct further verification checks before fulfilling your request but will endeavour to comply with your request as soon as reasonably practicable.
Due to the nature of the products and services provided by us, the transfer of personal information to Australia is essential. We will comply with applicable laws when transferring personal information to Australia but data standards may be different to those of your country of residence. By using the products and services provided by us, you understand and consent to the cross-border transfer of your personal information to Australia and that this transfer is not currently subject to an adequacy decision by the Commission.
In certain circumstances, the courts and regulatory authorities in Australia may be entitled to access your personal information.
BY USING OUR SERVICES, YOU SIGNIFY YOUR ACCEPTANCE OF THIS PRIVACY POLICY. IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, YOU SHOULD NOT USE OUR SERVICES. YOUR CONTINUED USE OF OUR SERVICES FOLLOWING THE POSTING OF CHANGES TO THIS PRIVACY POLICY WILL MEAN THAT YOU ACCEPT THOSE CHANGES.