This policy describes the type of personal information we collect at Clean Management Solutions Pty Ltd (CSM) ACN 125 303 059, a Trident Services Australia company (Trident), why we need it, how we use it and share it, and how we store it.
What personal information do we collect?
We may collect and hold personal information about you (that is, information that can identify you) that is relevant to our functions and activities. The kinds of information we typically collect from you depends on our relationship with you. For all individuals we deal with, we may collect your name and other information relevant to providing you with the information, goods, and services you, or someone else on your behalf, is seeking. If you use our website, we may collect your IP address, browser type, date and time of visit, and geographic location.
Our employees, customers, suppliers, service providers, visitors, and other stakeholders
The kinds of personal information we collect from you to run our business and provide our services to you may include:
- General personal or business details such as your name, address, postcode, phone number, email address, job title, employer, business card details, image, date of birth, gender.
- Information to prove your identity such as your driver’s license, passport, visa, birth/citizenship certificate, marriage certificate, proof of age/medicare/veterans/health care cards, bank statement, rates notice, utility bill, proof of enrolment with the Australian Electoral Commission, Aviation Security Identification Card (ASIC), current and previous addresses.
- Feedback and other information you give us when we communicate such as your opinion, questions or complaints, preferences, social media information, medical details (if relevant), and the history of our interactions with you.
- Financial, billing, or transactional information such as your bank account, credit card information, and tax file number
Users of our website and other online services
The kinds of personal information we collect include:
- Information we gather when you visit our website and other online services (such as our Workforce Ready portal) including your device ID, device type, geolocation information, IP and MAC addresses, browser type and connection information, statistics on page views, ad data and information about the way you use our websites.
If you submit a Service Booking Request Form on our website, the kinds of personal information we collect from you include:
- General personal or business details such as your name, company name, address, postcode, phone number, email address and invoice number.
If you apply for a job with us, the kinds of personal information we collect from you include:
- Information contained in applications and resumes such as your name and contact details, educational details, academic and other transcripts, qualifications, experience, employment history and skills.
- Interview and assessment information such as your responses to criteria, notes made by interviewers, citizenship status or proof of right to work, criminal history, and medical history.
- References from past employers and referees and background checks.
Sensitive personal information
Sometimes we may need to collect sensitive information from you such as your health information (including your Covid 19 vaccination status), biometrics or criminal record. We collect sensitive information only with your prior permission and if it is relevant to your interaction with us; or we may do so when we are allowed or required by law. For example, we may collect health or biometric information as part of a job application, and we may also collect health information when we investigate a safety incident or in the form of dietary requirements for an event. We collect your criminal history information if you apply for a role with us and if you are required to obtain an Aviation Security Identification Card (ASIC) as part of your employment.
How do we collect personal information?
Personal information will generally be collected directly from you when you:
- Communicate with us
- Access our social media
- Apply for employment with us
- Register as a visitor to our offices
- Apply for an online service booking request.
There may, however, be some instances where personal information about you will be collected indirectly because it is unreasonable or impractical to collect personal information directly from you. We will usually notify you about these instances in advance, or where that is not possible, as soon as reasonably practicable after the information has been collected. Sometimes we obtain personal information about you from others, such as:
- Your employer
- Our suppliers
- Our service providers
- Persons that you have authorised to give us your information (like referees or recruitment agencies)
- Government and regulatory authorities
- Publicly available sources (such as social media and online searches).
Why do we collect and how do we use personal information?
The personal information that we collect and hold about you depends on your interaction with us. The main reason we collect, use, and hold your information is to run our business and provide our services through:
- Communicating with you
- For security and safety purposes (including managing incidents and investigations)
- Confirming your identity for employment
- To ensure you have the required work visas, licenses (for example, a security license) and identification for your employment (for example, an Aviation Security Identification Card)
- Meeting our compliance obligations, including audits of employment documents under relevant legislation, and assisting government or law enforcement agencies
- To meet client contractual requirements for vetting staff if required
- Managing our website and online services
- Conducting, monitoring, and analysing our businesses and internal operations (including training).
Except as otherwise permitted by law, we only collect sensitive information about you if you consent to the collection of the information and if it is reasonably necessary for the performance of our functions, as set out above.
Who do we share personal information with?
Generally, we only use or disclose personal information about you for the purposes for which it was collected (as set out above). We share your information with third parties that assist us run our business and deliver our services. We require third parties to only use the personal information we disclose to them, for the specific role we ask them to perform. These third parties include:
- Service providers assisting with our operations such as our human resources providers, our occupational health physician, and employee assistance partner
- Banks, payment card agents and payment gateway providers
- Software and technology providers such as network services, cloud storage, software, and IT support providers
- Government, regulators, and law enforcement agencies such as the Department of Home Affairs, WorkCover and the police
- Administrative support such as recruitment, debt recovery and document destruction
- Organisations that help identify illegal activities and prevent fraud; and
- Our professional advisors such as insurers, accountants, auditors, and lawyers.
We will also share your information with your authorised representatives and if we are required by law to do so. In some circumstances we may also disclose employees’ personal information to clients and prospective clients for the provision of services or for compliance audits.
We run our business in Australia and generally only use systems located within Australia. We engage third parties (such as cloud storage providers) who use data centres based in Australia. We do not disclose your information with overseas recipients.
How do we keep personal information secure?
We store personal information in hardcopy and electronic form in secure buildings and systems or use trusted third parties. Some of the steps we take to protect those records include:
- Maintaining up-to-date policies and standards for employees and contractors to follow
- Giving our employees information security and privacy training
- Using firewalls, passwords, email scanning products, access control, intrusion detection systems, monitoring tools and virus scanning and appropriate encryption to maintain network and system security; and
- Keeping buildings secure by using access control, alarms, and CCTV. When we use third parties to store personal information (such as cloud storage providers), we require them to take appropriate measures to protect it in accordance with applicable laws and industry best practice.
If you contact us via our website, we archive your personal information in our web hosting / social platforms and delete it after resolution. Some enquiries are also shared with other CMS and/or Trident personnel to assist with an investigation. We hold personal information for as long as we need it for our business purposes or as allowed or required by law.
Third party links
How do you access or correct your personal information?
You can contact us to request access to your personal information or ask us to correct or update information that we hold about you in writing. Contact us using the details in the ‘Contact Us’ section and we will consider and respond to your request. There is no fee to make a request but, if your request is complex or we will incur extra costs in carrying it out, we may charge you a reasonable fee for preparing the information. If there is a fee, we will let you know, and you will need to pay it before we start.
We try and make your information available within 30 days after you ask for it unless we refuse access. If we refuse access in circumstances prescribed by the Privacy Act or only allow access to some information, we will tell you why in writing (unless it would be unreasonable to provide those reasons), including details of the mechanisms available to you to make a complaint. If your information does not need correcting, we will also tell you why in writing. We will always confirm your identity before giving you access or making any update.
If you have a complaint about how we deal with your personal information, please contact us via the channels below. We aim to respond to complaints quickly and to resolve them within 30 days. However, if your complaint is complex and we need more time to investigate it, we will contact you and let you know.
If you are not satisfied with our response, you can make a privacy complaint with the Office of the Australian Information Commissioner (OAIC). To lodge a complaint, visit the ‘Complaints’ section of the Information Commissioner’s website, located at http://www.oaic.gov.au/privacy/privacy-complaints, to obtain the relevant complaint forms, or contact the OAIC at email@example.com or visit www.oaic.gov.au.
Online: Use our Feedback Form at www.tridentservices.com.au
Phone: +61 7 3395 6311 (ask for the Privacy Officer)
Post: Privacy Officer, Trident Services Australia, P.O. Box 628, Cannon Hill, Qld, 4170.
For more information about privacy in general, you can visit the Office of the Information Commissioner’s website at www.oaic.gov.au.