Privacy Policy
Zer01 Privacy Policies, Collection Statements and Compliance Procedures
This document sets out the privacy framework applicable to Zer01 Pty Ltd and its related
entities (together, Zer01 or the Company), including: - Zer01 Privacy Policy; - Zer01 Privacy
Collection Statement; and - Zer01 Privacy Compliance Procedures.
These documents apply to the Business and all subsidiaries and related entities of Zer01
unless otherwise stated.
PART A — Zer01 Privacy Policy
1. Purpose
Zer01 is committed to protecting the privacy of individuals and handling personal
information in a transparent, lawful, and secure manner. This Privacy Policy explains how
Zer01 collects, uses, discloses, stores, and protects personal information in accordance
with applicable privacy laws, including the Privacy Act 1988 (Cth) and the Australian
Privacy Principles (APPs).
This Policy supports Zer01’s ethical and compliance framework by ensuring personal
information is not misused for improper purposes, including bribery, corruption, or other
unlawful conduct, consistent with Zer01’s Anti-Bribery and Corruption Policy.
2. Scope
This Privacy Policy applies to: - Employees, contractors, consultants, and directors; -
Clients, customers, suppliers, and business partners; - Job applicants and candidates; -
Any individual whose personal information is collected or held by Zer01.
3. Types of Personal Information Collected
Zer01 may collect and hold personal information including, but not limited to: - Name,
contact details, and professional details; - Employment, payroll, and contractor
information; - Identification information required for onboarding or compliance; - Business
communications and correspondence; - System access credentials and usage data; -
Information required to meet legal, regulatory, or contractual obligations.
Zer01 does not intentionally collect sensitive information unless required by law or with the
individual’s consent.
4. How Personal Information is Collected
Personal information may be collected: - Directly from individuals; - Through business
interactions, contracts, or recruitment processes; - Via Zer01 systems, platforms, or
websites; - From third parties where lawful and appropriate.
5. Use of Personal Information
Zer01 uses personal information to: - Deliver professional services and manage client
relationships; - Recruit, employ, and manage personnel; - Meet contractual, legal, and
regulatory requirements; - Manage business operations, security, and systems access; -
Communicate with stakeholders; - Improve services and operational effectiveness.
6. Disclosure of Personal Information
Zer01 may disclose personal information to: - Clients and project partners where required
to deliver services; - Service providers (e.g. payroll, IT, legal, accounting); - Government
agencies or regulators where required by law; - Related entities within the Zer01 group.
Zer01 does not sell personal information.
7. Overseas Disclosure
Personal information may be disclosed to overseas recipients where required for business
operations, including service delivery, systems hosting, or professional services. Where
this occurs, Zer01 takes reasonable steps to ensure overseas recipients comply with
privacy obligations consistent with Australian law.
8. Data Security and Retention
Zer01 takes reasonable steps to protect personal information from misuse, interference,
loss, unauthorised access, modification, or disclosure. Information is retained only for as
long as necessary to fulfil its purpose or meet legal requirements.
9. Access and Correction
Individuals may request access to or correction of their personal information by contacting
Zer01. Requests will be handled in accordance with the Privacy Act.
10. Complaints
Privacy complaints may be made to Zer01 in writing. Zer01 will investigate and respond
within a reasonable timeframe. If unresolved, complaints may be escalated to the Office of
the Australian Information Commissioner (OAIC).
11. Policy Review
This Privacy Policy is reviewed periodically and updated as required.
PART B — Zer01 Privacy Collection Statement
Zer01 collects personal information to conduct its business and deliver professional
services.
What information we collect
We may collect personal information such as: - Names, contact details, and professional
information; - Employment and contractor details; - Identification and compliance-related
information; - Business communications.
How we collect it
We collect personal information directly from you, through business interactions,
recruitment processes, contracts, systems use, or from third parties where permitted by
law.
Why we collect it
We collect, use, and disclose personal information for purposes including: - Providing
services and managing client engagements; - Employing and engaging personnel; - Meeting
legal and regulatory obligations; - Managing business operations and systems security.
Disclosure
Your personal information may be disclosed to clients, service providers, regulators, or
related entities where necessary to operate our business.
Overseas disclosure
Your information may be disclosed overseas where required for business operations.
Reasonable steps are taken to ensure appropriate privacy protections.
Access and complaints
You may request access to or correction of your personal information, or make a privacy
complaint, by contacting Zer01.
PART C — Zer01 Privacy Compliance Procedures
1. Governance and Accountability
Zer01 assigns responsibility for privacy compliance to senior management. Privacy
obligations are integrated into Zer01’s governance, risk, and compliance framework.Privacy governance operates in conjunction with Zer01’s Anti-Bribery and Corruption
controls, including: - segregation of duties and approval thresholds; - record-keeping and
audit trail requirements; - whistleblower and incident reporting mechanisms; - third-party
due diligence and contracting standards.
2. Privacy by Design
Zer01 considers privacy impacts when: - Implementing new systems or technologies; -
Engaging new service providers; - Entering into new client or partnership arrangements; -
Collecting new categories of personal information.
3. Data Handling Procedures
Zer01 maintains procedures to: - Limit collection to information reasonably necessary for
business purposes; - Restrict access to personal information on a need-to-know basis; -
Secure systems through appropriate technical and organisational controls; - Maintain
accurate and up-to-date records.
4. Third-Party Management
Third parties handling personal information on Zer01’s behalf must comply with privacy
obligations through contractual terms and due diligence processes.
Where third parties are engaged to interact with clients, government bodies, or other
external stakeholders, Zer01’s third-party due diligence processes are aligned with its Anti-
Bribery and Corruption Policy to mitigate risks of improper conduct, data misuse, or
undisclosed inducements.
5. Training and Awareness
Employees and long-term contractors receive privacy awareness training as part of
onboarding. Additional training is provided where roles involve handling higher volumes of
personal information.
6. Data Breach Response
Zer01 maintains procedures to identify, assess, and respond to suspected or actual data
breaches in accordance with the Notifiable Data Breaches scheme.
7. Monitoring and Review
Privacy compliance is monitored through management oversight and incident reviews.
Procedures are updated as required to address changes in law, risk, or business
operations.