Privacy Policy

Last Updated: 13 December 2024

1. Introduction

Bluezone Infoseq International Pty Ltd ("Bluezone Infoseq", "we", "us", or "our") is committed to protecting your privacy and handling your personal information with the highest degree of confidentiality and professionalism. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website bluezoneinfoseq.com and our training platform academy.bluezoneinfoseq.com (collectively, "our Services").

We comply with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), as well as the General Data Protection Regulation (GDPR) for our clients and website visitors located in the European Union and United Kingdom.

2. Information We Collect

2.1 Personal Information You Provide

When you contact us through our enquiry form, we collect the following information:

  • Full name
  • Email address
  • Phone number
  • Job title
  • Company name

This information is collected voluntarily when you submit our contact form to enquire about our consultancy, training, or auditing services.

2.2 Information Collected Automatically

When you visit our website, we automatically collect certain information through analytics services, including:

  • IP address (anonymised where possible)
  • Browser type and version
  • Device type and operating system
  • Pages visited and time spent on pages
  • Referring website or source
  • Geographic location (country/region level)

3. How We Use Your Information

We use the personal information we collect for the following purposes:

  • To respond to enquiries: Contact you regarding your interest in our ISO consultancy, training, or auditing services
  • To schedule consultations: Arrange meetings and discussions about your compliance needs
  • To provide services: Deliver the consultancy, training, or auditing services you have engaged us for
  • To improve our website: Analyse usage patterns to enhance user experience and website performance
  • To comply with legal obligations: Meet our regulatory and legal requirements
  • To protect our rights: Establish, exercise, or defend legal claims where necessary

4. Legal Basis for Processing (GDPR)

For individuals located in the European Union or United Kingdom, we process your personal data based on the following legal grounds:

  • Consent: When you submit our contact form, you consent to us processing your information to respond to your enquiry
  • Contractual necessity: Processing necessary to perform a contract with you or take pre-contractual steps at your request
  • Legitimate interests: Processing necessary for our legitimate business interests, such as improving our services and website functionality, provided these do not override your fundamental rights
  • Legal obligation: Processing necessary to comply with applicable laws and regulations

5. Third-Party Service Providers

We use trusted third-party service providers to operate our website and process information on our behalf. These providers are contractually obligated to protect your information and use it only for the purposes we specify:

5.1 Tally (Form Processing)

Our contact forms are powered by Tally, a form management service. When you submit an enquiry, your information is processed through Tally's secure servers. Tally is GDPR compliant and maintains appropriate data protection measures. You can review Tally's privacy policy at tally.so/privacy.

5.2 Vercel Analytics (Website Analytics)

We use Vercel Analytics to understand how visitors interact with our website. Vercel Analytics is privacy-focused and does not use cookies for tracking. It collects anonymised data about page views and website performance. You can review Vercel's privacy policy at vercel.com/legal/privacy-policy.

5.3 Hosting Services

Our website is hosted on Vercel's secure infrastructure, which may involve storing and processing data on servers located in various countries, including the United States.

6. International Data Transfers

As we serve clients globally and use international service providers, your personal information may be transferred to, stored, and processed in countries other than your country of residence, including Australia and the United States.

Where we transfer personal data outside of the European Economic Area (EEA) or United Kingdom, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Transfers to countries with adequacy decisions from the European Commission
  • Binding Corporate Rules or other legally approved transfer mechanisms

7. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, including:

  • Enquiry data: Retained for up to 24 months from the date of your last interaction with us, unless you become a client
  • Client records: Retained for 7 years after the end of our business relationship, as required for professional and legal compliance purposes
  • Analytics data: Aggregated and anonymised data may be retained indefinitely for statistical analysis

When personal information is no longer required, we will securely delete or de-identify it in accordance with our data retention procedures.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

8.1 Australian Privacy Principles

Under the Privacy Act 1988 (Cth), you have the right to:

  • Access the personal information we hold about you and request a copy
  • Request correction of any inaccurate, incomplete, or out-of-date information
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe we have breached your privacy

8.2 GDPR Rights (EU/UK Residents)

If you are located in the European Union or United Kingdom, you have additional rights under GDPR, including:

  • Right of access: Request a copy of your personal data
  • Right to rectification: Request correction of inaccurate data
  • Right to erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to restrict processing: Request limitation of how we use your data
  • Right to data portability: Receive your data in a structured, machine-readable format
  • Right to object: Object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent: Withdraw your consent at any time where processing is based on consent

To exercise any of these rights, please contact us using the details provided in Section 12 below.

9. Cookies and Tracking Technologies

Our website uses minimal cookies and tracking technologies:

  • Essential cookies: Required for basic website functionality and security
  • Analytics: Vercel Analytics uses privacy-focused, cookie-free analytics to understand website usage

We do not use advertising cookies or third-party tracking cookies for marketing purposes. You can manage your browser settings to refuse cookies, though this may affect your experience on our website.

10. Data Security

We take data security seriously and implement appropriate technical and organisational measures to protect your personal information, including:

  • Secure HTTPS encryption for all data transmitted to and from our website
  • Access controls limiting who can view personal information
  • Regular security assessments of our systems and processes
  • Secure hosting infrastructure with industry-standard protections
  • Staff training on data protection and confidentiality obligations

As an ISO compliance consultancy, we understand the importance of information security and apply the principles of ISO 27001 to our own operations.

11. Children's Privacy

Our services are designed for business professionals and organisations. We do not knowingly collect personal information from individuals under 18 years of age. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information promptly.

12. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about how we handle your personal information, please contact us:

Bluezone Infoseq International Pty Ltd

Privacy Officer: Sushant Chakravarty

Email: sushant.chakravarty@bluezoneinfoseq.com

Phone: +61 452 350 374

Location: Victoria, Australia

13. Complaints

If you are not satisfied with our response to a privacy concern, you may lodge a complaint with the relevant supervisory authority:

  • Australia: Office of the Australian Information Commissioner (OAIC) - www.oaic.gov.au
  • European Union: Your local Data Protection Authority
  • United Kingdom: Information Commissioner's Office (ICO) - ico.org.uk

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this Privacy Policy periodically.

Your continued use of our Services after any changes to this Privacy Policy constitutes your acceptance of the updated policy.