OUR PRIVACY POLICY


1. Who We Are

Industry Capability Network Limited (We or Us) is committed to protecting your privacy and developing technology that gives you the most powerful and safe online experience.

This Privacy Policy describes how we handle your personal information in accordance with the Privacy Act 1988 (Privacy Act) including the Australian Privacy Principles (APP) and the General Data Protection Regulation (EU) 2016/679 (GDPR).

The terms of this Privacy Policy form part of any agreement between you and us (Agreement). If there is any inconsistency between any Agreement and this Privacy Policy, the Agreement prevails.

By using our website and our products and services, you acknowledge and consent to the data practices described in this Privacy Policy.

2. Scope

This Privacy Policy only applies to Industry Capability Network Limited. This includes all of our product suites, including ICN Gateway, Procure by ICN and ICN Perspective . It does not apply to any other company or organisation we may associate with, including organisations whose services are in some way linked to us through online content or social media services.

If you choose to communicate with us or access information about us through a social network service, the social network or app provider and its partners or associates may collect, hold, use or disclose your personal information, in Australia or overseas, for its own purposes and according to its own policies. This Privacy Policy does not apply to those services.

We encourage you to review the privacy policies of websites you choose to link to from our website or the social network services you use to communicate with us so that you can understand how those websites collect, use and share your information. We are not responsible for the way these third party sites handle your personal information, or for other content on websites outside of our website.

3. The type of personal information we collect and hold

The kind of information we collect and hold about you will depend on the nature of your dealing with us. We may collect and hold information about you including:

  1. contact and identification information such as your email address, name, date of birth, organisation you work for, home or work address or phone number;
  2. business and commercial information about your business, partnership or organisation;
  3. demographic information, which is not unique to you, such as your post code, age, gender, preferences, interests and favourites;
  4. information about your computer hardware and software such as your IP address, browser type, domain names, access times, webpages visited, cookies and referring website addresses;
  5. commercial credit history information and commercial credit scores which may contain information about company directors, secretaries and shareholders including their name, date of birth, appointment date and address;
  6. log in information including your username and password;
  7. payment and billing information including account information, billing statements and other payment related information in connection with the purchase of our services (but no credit card data is held);
  8. records of correspondence and other interactions you have with us; and/or
  9. information collected from marketing campaigns, product research, surveys and your interactions with us including via social media; and
  10. sensitive information including:
    1. your membership to any trade union or trade association memberships; and
    2. information about the number of employees who identify as Aboriginal and Torres Strait Islander, with the relevant consents, as outlined and referenced in our Terms of Use.

If you are one of our service providers, we may also collect and hold information about the nature of the goods and services supplied and quotes you have provided.

If you are applying for employment with us, we may also collect information about your previous employment and professional references.

4. How we collect personal information

We collect personal information in a number of ways, including:

  1. where you provide information directly to us, for example, where you:
    1. complete an order form or register to purchase any of our products or services;
    2. register or set up an account to access the Gateway platform;
    3. register or submit an Expression of Interest through the Gateway platform;
    4. make an inquiry, provide feedback or make a request;
    5. subscribe to our newsletter;
    6. interact with us whether in person, online, by email, phone, SMS, social media or in some other form of communication;
    7. respond to a survey or marketing communication;
    8. use our communication services such as bulletin boards, chat areas, news groups, forums, webpages or links;
    9. provide or upload information or otherwise interact directly with the Gateway platform;
    10. make a payment through the e-way online payment system; or
  2. from third parties, for example:
    1. our clients may provide information about you if you are a director, shareholder or authorised contact for their account with us;
    2. if you are applying for employment with us, where we obtain it from a recruitment agency, your referees, education institutions and government agencies;
    3. our service providers;
    4. members of the ICN Group; or
  3. from publicly available sources.

We collect commercial credit history information from Equifax which may also contain information about company directors, secretaries, other office holders and employees and shareholders. You can find out more about how Equifax handle your personal information by viewing their privacy policy at www.equifax.com.au/privacy.

In the course of providing our goods and services, we may indirectly collect personal information (including sensitive information) about you. We may combine or link this personal information with our own records of your personal information.

If you provide any personal information about another person (such as a referee or account contact person or when uploading information about employees in the ICN Gateway business profile), please tell them about this Privacy Policy so they are aware that you have provided their personal information to us and how we will handle that information. You also warrant that you have obtained their consent to provide us with their personal information and for us to use it in accordance with this Privacy Policy. For example, when registering for a subscription or when completing the business profile.

If you request a copy of your commercial credit report or commercial credit score through the Gateway platform, you consent to that information being stored in our systems in accordance with paragraph 11 below.

5. Primary purposes of collection, use and disclosure of your personal information

We collect, hold, use and disclose your personal information for the primary purpose of conducting our business, which includes but is not limited to:

  1. operating, supporting and maintaining the quality of the Gateway platform, our website and our services;
  2. providing you with a customised and personalised experience when you use our website;
  3. delivering the products and services you have requested including introducing you to projects and opportunities you may be interested in;
  4. identifying, and informing you of offers, events, products and services from ICNL, the ICN Group, its affiliates and business partners that may be of interest to you (where you have opted in to receive direct marketing);
  5. contacting you to conduct research about your opinion of services or of potential new services that may be offered;
  6. providing assistance and customer support;
  7. providing account maintenance including resetting the password on your account;
  8. identifying possible partnerships and new business opportunities for you and delivering quality outcomes;
  9. verifying your credentials and assessing your suitability for future projects you have expressed an interest in;
  10. following up on your correspondence, responding to an enquiry or request and providing additional information as requested by you;
  11. administering and managing our relationship with you including providing access to the Gateway platform;
  12. resolving disputes or addressing complaints;
  13. in the case of applications for employment, assessing your application for employment with us;
  14. fulfilling our contractual obligations with the government and cooperating with government authorities;
  15. protecting our property, rights, and security, and the rights, property, and security of third parties or the public in general;
  16. businesses displaying badges of recognition for being Aboriginal and Torres Straight Islander owned or carbon neutral through the ICN Gateway service;
  17. disclosing business-related data and information (including personal information) to a potential buyer or other successors in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, insolvency, liquidation, or similar proceedings;
  18. generating reports and data analytics to be shared with third parties as part of the ICN Perspective capability; and
  19. for internal and administrative purposes such as planning, auditing, data analysis, internal benchmarking, reporting, procedural assessments, risk management, product and service development, quality control, staff training, research, accounting and billing.

We may also collect, hold, use and disclose your personal information for other purposes which are within reasonable expectations, we have told you about at the time we collected the information or where permitted or required by law.

We reserve the right to transfer information (including personal information) to a third party in the event of a sale, merger or other transfer of all or substantially all of our assets provided the third party adheres to this Privacy Policy.

6. Acting anonymously

Where possible, we will allow you to interact with us through the website anonymously or using a pseudonym. However, if you do not wish to provide particular information, or the information you provide is incorrect, incomplete or inaccurate we may not be able to:

  1. provide you with our products or services;
  2. provide you with access to protected areas of the Gateway platform including the ability to submit expressions of interest for future projects;
  3. consider your application for employment with us; or
  4. respond to your enquiry or request.

7. Use of cookies

Our website uses ‘cookies’ to help you personalise your online experience. A cookie is a text file that is placed on your hard disk by a webpage server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.

The purpose of a cookie is to tell the web server that you have returned to a specific page. For example, if you personalise any of our webpages, register with our site or for our services, a cookie helps us to recall your specific information on subsequent visits. This simplifies the process of recording your personal information, such as billing addresses, shipping addresses, and so on. When you return to the same webpage, the information you previously provided can be retrieved, so you can easily use the features that you customised.

You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of our website or our services.

We also keep track of the websites and pages you visit within our website in order to determine which of our services are the most popular and to deliver customised content and advertising to you.

8. Who we disclose your personal information to

We will not sell, rent, licence or lease our customer lists to third parties.

We may disclose your personal information:

  1. to companies or individuals we have employed to perform services for us such as:
    1. technology or cloud service providers;
    2. mailing houses;
    3. electronic network administrators;
    4. debt collection agencies;
    5. lawyers, accountants and business advisors;
    6. trusted partners;
    7. credit card processing companies; and
    8. in the case of employee information, to third parties that manage our payroll system and employee records;
  2. where you otherwise provide your consent, whether express or implied;
  3. where required by law;
  4. in the good faith belief that such action is necessary to:
    1. conform to the edicts of the law or comply with legal process served on us;
    2. protect and defend our rights or property; and
    3. act under exigent circumstances to protect the personal safety of others.

All third party subcontractors are:

  1. engaged in accordance with our obligations under the Privacy Act and the GDPR;
  2. prohibited from using your personal information except to provide these services to us;
  3. required to honour our privacy and security policies in the way this information is handled; and
  4. required to maintain the confidentiality and security of your information.

It is a necessary requirement of operating the Gateway platform that some of the information you have provided is available to third parties who may wish to use your products or services such as buyers, project managers and government officials as part of a tender process. You can control or manage the type of personal information that is disclosed in this way through the Gateway platform. By using the Gateway platform you consent to us making this information available to third parties.

Please keep in mind that if you directly disclose personal information or sensitive information through our public message boards or on social media, this information may be collected and used by others.

We take reasonable steps to ensure that, before disclosing personal information to any third party, they comply with the requirements of the Privacy Act, the GDPR or a law or binding scheme or code which has the effect of protecting information in a substantially similar way.

Please note that third party recipients of personal information may handle your information in accordance with their own privacy policies and, to the maximum extent permitted by law, we are not responsible for the way that they handle your personal information.

9. Disclosure within the ICN Group

The ICN Group consists of Industry Capability Network Limited, its related bodies corporate and the ICN State Members.

We collect information from and share information with other members of the ICN Group, including your personal information, to:

  1. provide you with an integrated and high quality customer experience;
  2. provide our products, services, information and assistance;
  3. respond to your enquiries;
  4. inform you of products, services, special offers and events from the ICN Group that may interest you;
  5. help keep your information up to date; and
  6. for any other purpose outlined in this Privacy Policy. 

We will not disclose your commercial credit history information to members of the ICN Group without your consent.

By using the products and services provided by us, you understand and consent to your information being disclosed in this way.

While we take reasonable steps to ensure that each member of the ICN Group complies with the requirements of the Privacy Act and the GDPR, each member will handle your personal information in accordance with their own privacy policies and, to the maximum extent permitted by law, we are not responsible for the way that they handle your personal information.

We partner with various stakeholders and third parties to improve your experience and maximise your value for money. These partners include:

  1. government bodies
  2. private entities
  3. Our arrangements with our partners include relevant contractual arrangements and service agreements to ensure your personal information is kept safe.

10. Overseas disclosure

From time to time, we may disclose your personal information to overseas recipients if it is necessary to conduct our business, to provide the services to you, or if it is required by law. We will not transfer your information overseas for any other reason without your express consent.

We will take reasonable steps to ensure that the receiving party provides commitments regarding privacy and confidentiality which:

  1. are at least equal to the Australian Privacy Principles or that offer at least the same level of protection as that required under the Privacy Act or the GDPR; and
  2. require strict observance of privacy and security standards, both during transit and once received by the overseas recipient.

11. Storage and Security of your personal information

We take your privacy and security seriously. For this reason we take reasonable steps to secure your personal information from unauthorised access, use or disclosure.

We regularly assess the risk of misuse, interference, loss, and unauthorised access, modification or disclosure of personal information, and take measures to address those risks including conducting real time monitoring of our security systems efficacy using specialised software tools.

We secure your personal information using password protection on computer servers in a controlled, secure environment. When personal information (such as a credit card number) is transmitted to other websites, it is protected through the use of encryption, such as the secure socket layer (SSL) protocol and is not stored electronically in our systems.

We also use cloud based solutions in Australia to securely store your personal information. We may, from time to time, expand our operations or change the cloud-based or other secure storage solutions we use. We can do this without notifying you, but we will take reasonable steps to maintain the same level of security and protection. 

There are also system and managerial controls which restrict your commercial credit information from being accessed, used or disclosed by anyone other than you, without your consent.

We keep personal information as long as it is reasonably necessary for the purposes described in this Privacy Policy or otherwise in compliance with the law. 

We are committed to handling any suspected or actual data breach expeditiously and in accordance with our data breach reporting obligations under the GDPR and the Notifiable Data Breach Scheme.

Although we take reasonable steps, we are not responsible for third party circumvention of security measures on our electronic databases or at any of our premises. We are also not responsible for unlawful access or interception by a third party of any transmissions or private communications.

As a result, while we strive to protect your personal information, we cannot ensure or warrant, and do not warrant, the security, privacy or confidentiality of any information, including personal information that you transmit to us, and you do so at your own risk.

Further, while we use password controls and other physical and managerial controls to secure your information, we cannot guarantee that only authorised persons will access your personal information. Please notify us immediately if you believe there has been any unauthorised access to your information.

You are solely responsible for maintaining the security of your passwords or any account information.

12. Direct marketing

Direct marketing by us

From time to time, we may use your personal information and sensitive information for direct marketing purposes and you consent to us using your personal information for direct marketing purposes for an indefinite period (unless you opt out). This includes sending you updates about our products and services and contacting you on behalf of our external business partners (but we will not disclose your personal information or sensitive information to them without your consent).

When we contact you, it may be by mail, email or SMS in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth).

If you do not want to receive direct marketing from us, please contact us using the details in paragraph 15 below or you can opt out on the Gateway platform. Alternatively, we will always provide a simple means by which you can easily request not to receive direct marketing communications from us, such as clicking an ‘unsubscribe’ or ‘opt out’ link at the bottom of our emails and other direct marketing communications.

Once you have made a request not to receive direct marketing communications from us, we will, within a reasonable period of time, update our records and remove you from the mailing list so that you do not receive any future direct marketing communications or materials.

If you are a user in the European Union (EU), please see paragraph 16 below.

Direct marketing by the Group

The ICN Group (or any of the entities which make up the ICN Group) may send you direct marketing material and surveys to inform you about products or services, special offers, promotions and events that may be of interest to you and to receive your feedback on existing products and services.

By giving us consent to receive direct marketing, you are also consenting to receiving it from the ICN Group.

Please note that each member of the ICN Group is a separate entity. If you do not want to receive marketing communications and surveys from a member of the ICN Group, you can let that entity know at any time by contacting them at the details specified in their privacy policy or by utilising the opt-out function offered by that organisation.

13. Accessing and correcting your personal information

We take reasonable steps to ensure that the personal information we hold is accurate, up to date and complete, including maintaining and updating records when advised that the information has changed.

You may request access to the personal information we hold about you under the Privacy Act, the APPs or the GDPR. Please note that each member of the ICN Group is a separate entity and may hold different information about you.

If you wish to access or correct the personal information we hold about you, you can do so through the Gateway platform or by contacting the Privacy Officer using the details in paragraph 15 below. Before we provide you with access to your personal information we may require some proof of identity.

If you believe that the information contained in your Equifax Score or Equifax commercial credit report is inaccurate or incomplete, please contact  Equifax on 1300 921 621 or email subscriberassist.au@Equifax.com.au

We will respond to any request to access or correct your personal information within 30 days of receiving your request. We will provide you with access to any of your personal information we hold (except in limited circumstances recognised by law).

In certain circumstances, we may charge you a reasonable fee for giving you access to or for correcting your personal information but we will not charge you for making the request itself. We will notify you in advance of the amount of any fee (or the basis for the calculation) for providing access to your information.

In the unlikely event that we disagree about the accuracy of the personal information provided and we are unable or unwilling to change it, we will, to the extent reasonable, provide you a written response as to our reasons.  You can make a complaint if you think we have wrongly refused to correct or give you access to your personal information by using the contact details in paragraph 15 below.

If you are a user in the EU, please see paragraph 16 below.

14. Changes to this Privacy Policy

We will occasionally update this Privacy Policy but we will endeavour to ensure that your overall level of privacy protection is not diminished. We encourage you to periodically review this Privacy Policy to be informed of how we are protecting your information as you agree to be bound by any modified or amended versions of this Policy.

The revised version of the Privacy Policy will be effective at the time we post it, which will be indicated below. 

Last updated: September 2022

15. Contact and complaints information

If you would like to request further information, make a complaint, or are not satisfied with how we have handled your personal information, please contact the Privacy Officer using the details below:

Privacy Officer
Industry Capability Network Limited
37 Geils Court
Deakin ACT 2600
PO Box 130
Deakin West ACT 2600

We may ask you to provide further details about your complaint and we may discuss your complaint with our personnel, our service providers and others as appropriate. Our team will investigate the matter and attempt to resolve it within 30 days of receipt.

If you are not satisfied with our resolution of your complaint and no other complaint resolution procedures are agreed or required by law:

  1. if you are in Australia, you may refer your complaint to the Privacy Commissioner for further investigation.

The Privacy Commissioner’s contact details are:

Office of the Australian Information Commissioner
GPO Box 5218, Sydney, NSW, 2001
1300 363 992
Fax: + 61 2 9284 9666
  1. if you are in the EU you may lodge a complaint with your supervisory authority.

If you are a user in the EU, please see paragraph 16 below.

16. Personal Data (European Union users)

EU User Rights

If you are a user of our products and services in the EU, our processing of your Personal Data (personal information) must be in accordance with the GDPR. Under the GDPR, in addition to any other right you have under this Privacy Policy, you have a right to:

  1. request an explanation of the personal information that we have about you and how we use that personal information;
  2. request the deletion of your personal information which we hold under certain circumstances;
  3. request that we restrict the way we process your personal information in certain circumstances; and
  4. object to the way we process your personal information, including for marketing purposes based on profiling and/or automated decision making.

Grounds for Processing

In accordance with the GDPR, we process personal information under the following legal grounds:

  1. the processing of personal information is necessary for us to provide our goods and services to you;
  2. the processing is necessary for us to protect the interests of other individuals. This will include disclosing personal information to the relevant law enforcement authorities in the event the safety of another person is at risk;
  3. the processing is necessary for our legitimate interests. This will include processing for the purpose of providing customer service and support, resolving disputes and responding to feedback, for direct marketing purposes and to enforce our Terms of Service; or
  4. you consented to the processing. You may revoke your consent at any time, however the revocation of your consent may limit the products and services that we are able to provide or that you may have access to.

Accessing your personal information

If you would like to:

  1. review, correct, update, suppress, restrict or delete any of your personal information held by us;
  2. receive an electronic copy of your personal information to transmit to another company or personal information controller; or
  3. object to the way we process your personal information;

please contact us using the details in paragraph 15.

For your protection, we may need to verify your identity or conduct further verification checks before fulfilling your request but will endeavour to comply with your request as soon as reasonably practicable. 

Transfers of personal information

Due to the nature of the products and services provided by us, the transfer of personal information to Australia is essential. We will comply with applicable laws when transferring personal information to Australia but data standards may be different to those of your country of residence. By using the products and services provided by us, you understand and consent to the cross-border transfer of your personal information to Australia and that this transfer is not currently subject to an adequacy decision by the Commission. 

In certain circumstances, the courts and regulatory authorities in Australia may be entitled to access your personal information.

BY USING OUR SERVICES, YOU SIGNIFY YOUR ACCEPTANCE OF THIS PRIVACY POLICY. IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, YOU SHOULD NOT USE OUR SERVICES. YOUR CONTINUED USE OF OUR SERVICES FOLLOWING THE POSTING OF CHANGES TO THIS PRIVACY POLICY WILL MEAN THAT YOU ACCEPT THOSE CHANGES.