1. Introduction

GRC Solutions is committed to ensuring that your privacy is protected. This Privacy Policy explains how Governance Risk & Compliance Solutions Pty Ltd ACN 166 730 927 (we, us, our, GRC Solutions) manage personal information about you including:

  • what personal information we may collect about you;
  • how we may use and disclose that information; and
  • what safeguards we apply to protect that information from unauthorised use or disclosure.

We may vary this policy from time to time. We will ensure that the most updated version is on this website. We invite you to check the policy on the website from time to time.

You can contact about any matter related to this privacy policy by sending an email to support@grc-solutions.com.

2. Your consent

By providing us with information about yourself, you consent to its collection, use, disclosure and transfer as set out in this Privacy Policy.

3. Collection of personal information

In Australia, personal information is information, or an opinion about you, from which you can reasonably be identified. We may collect personal information about you when:

  • we set up an online training site for you or your employer.

In this policy, an employer includes an entity with whom you contract under a contract of employment or under a contract for services;

  • we make a training course or training courses or other services available to you;
  • you make an enquiry through this website;
  • you attend an event we organise; you sign up to receive information from us;
  • you apply for employment with us; or
  • you provide services to us.

In some circumstances, we may collect personal information about you from a third-party source – for example, from:

  • your employer in relation to training or compliance services we supply or in relation to goods or services your employer may supply to us;
  • third parties (like individuals giving character references) you ask us (directly or by implication) to contact; or
  • from a publicly maintained record.
4. What information we collect

The information we collect may include:

  • your name;
  • your postal address;
  • your email address;
  • your telephone number;
  • information regarding your job;
  • information relating to an application you make for a job with us or to supply services to us;
  • information you gave us when you:
    o enquired about our products or services;
    o applied to obtain other products or services; or
    o used this website;
  • information we collected from supplying products or services to you;
  • information we collected when you used this website like:
    o your IP address;
    o the user ID of logged in users; and
    o the username of login attempts; and/or
  • other information relating to your undertaking training or attending events or acquiring other services from us.

If you do not provide information requested by us, we may not be able to:

  • provide services to you or your employer;
  • perform the purpose for which we requested the information; or
  • consider an application you make to us for employment.
5. Use of your personal information

We may use any information that we collect or hold about you to:

  • provide our products and services to you;
  • assist in supplying training services to your employer;
  • send you information on news, publications, seminars and events;
  • develop and improve our products and services;
  • notify you in relation to an employment application you made to us;
  • send you invoices or payment reminder notices;
  • process requests you make of us and applications you make to us; or
  • for any purpose related to any purpose above.
6. Disclosure of personal information

We may disclose your personal information:

  • to your employer if we have collected your personal information to provide products or services to your employer;
  • to any administrator of a learning management platform, on which you complete any training course we supply to you, for training monitoring and reporting purposes;
  • to our associates (for example, our suppliers, agents, consultants and sub-contractors) that assist us to:
    o conduct our business; or
    o provide our products or services to you or your employer;
  • to other companies in our group of companies for administrative purposes; or
  • as required by law.

We may aggregate de-personalised information and statistics to monitor website usage to help us develop this website, products and services.

7. Information that you provide about other people

If you provide personal information to us about someone else (for example, one of your directors or employees, or a business associate), we ask that you:

  • tell that other person that you have done so; and
  • invite that person to contact us to obtain a copy of our privacy policy or read the privacy policy on the GRC Solutions website.
8. How we hold personal information and data breaches

We will take appropriate measures, including encryption, to keep your information confidential and secure in accordance with our internal procedures covering the storage, access and disclosure of information.

We will take steps reasonably available to us to protect your personal information from:

  • misuse, interference or loss; and
  • unauthorised access, modification or disclosure.

Among other information security protections, we ensure access to your personal information is password protected and available only to those of our employees that need to use, disclose or manage it under this policy.

If, despite our best efforts, a data breach occurs, we will:

  • take immediate steps to determine the breach, its cause and how to fix it;
  • notify you of the extent of the data breach (if known) and the most appropriate means of regaining control of that information; and
  • notify the Office of the Australian Information Commissioner (OAIC) or any other regulator, if appropriate, and comply with all other relevant legal requirements.
9. Disclosing personal information overseas

We may use service providers to assist us to store personal information about you. That may result in some of your personal information overseas being held in Ireland. Also, we may use re-sellers that may store personal information about you in Hong Kong or Japan if the re-seller introduces you to us for the purpose of acquiring services from us.

These may include countries that do not provide the same level of protection as the laws of Australia.

We are responsible for any failures by overseas entities to manage your personal information in accordance with Australian privacy law.

10. Access to personal information

You can ask for access to personal information we hold about you anytime by sending us an email at support@grc-solutions.com. We may ask you to pay a reasonable fee if the volume of information you request is significantly large or if the information will take significant effort for us to extract.

We will respond to any request you make for access to personal information we hold about you within a reasonable time after you make the request. The time it takes will depend on the amount of information you seek and whether we must make more enquiries of you to clarify your request. We expect to respond to any request you make for access within 30 days after we receive your request.

11. Correcting your personal information

You may consider that the personal information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading. You may ask us to correct any personal information we hold about you by sending us an email at support@grc-solutions.com.

If we receive your request to correct information but consider that the information does not need correcting, we will give you a written notice setting out our reasons. Also, we will give you details of how you can:

  • ask us to associate a statement to the information you consider to be incorrect; or
  • make a complaint about us refusing to correct information.

We will respond to any correction request you make within a reasonable time after you make the request.

We will not charge you for correcting or associating a statement to personal information at your request.

12. How to make a complaint

If you have a complaint about the way we manage the personal information we hold about you, please email us at support@grc-solutions.com.

If we cannot resolve your complaint in a manner that is satisfactory to you and within 30 days of receiving your complaint, we will tell you how you can take your complaint to the Office of the Australian Information Commissioner (OAIC).

You can make a complaint to the OAIC by using the privacy complaint form available at www.oaic.gov.au/individuals/how-do-i-make-a-privacy-complaint and submitting it online, by post, fax or email. It is free to make a complaint to us or the OAIC.

13. Marketing purposes

We may collect personal information about you for marketing purposes:

  • when you sign up or opt-in, or your employer signs you up, to receive marketing information from us;
  • when you enter into a commercial relationship with us – for example, if you or your employer purchases a product from us; or
  • when you register for training services (like webinars or workshops) we provide or arrange.

You can ask us not to use your personal information for marketing purposes. You can do so by sending a request to support@grc-solutions.com or by clicking on an unsubscribe link we include in direct marketing messages.

14. Cookies and other information-gathering technologies

The GRC Solutions website uses cookies. When a user visits the site, certain information may be recorded for statistical purposes, including information regarding a user’s:

  • server address
  • domain name
  • date and time of visit
  • previous websites visited, or
  • browser type.

The list below outlines the cookies used on grc-solutions.com and Salt, and their purpose:

ASP.NET_SessionId – The session cookie is stored in temporary memory and is not retained after the browser is closed. It does not collect information from the user’s computer and does not personally identify the user.

Google analytics – We use Google analytics to help us understand how you engage with this website. For example, Google Analytics uses a set of cookies to collect information and report site usage statistics without personally identifying individual website visitors. You can find out how to manage Google Analytics cookies at https://policies.google.com/technologies/cookies?hl=en-US#types-of-cookies.

Wc_session, cart_hash and items_in_cart – These cookies are used to store purchased items in the shopping cart for 24 hours. If the transaction is not complete, it will remove itself after 24 hours.

currentCultureen-AU – Salt course lessons use a cookie to bookmark pages. When exiting a lesson page, the cookie will retain the page number so when the lesson is next launched it will return you to the last visited page.

When launching a Salt lesson or quiz, a cookie stores the session ID for 24 hours. After that time period elapses, the cookie expires and automatically deletes itself. The Salt login page cookie stores login session information for 24 hours. After that time period elapses, the cookie expires and automatically deletes itself.