Effective Date: 25 May 2018
Where your personal information is protected by the GDPR, We will process that data in accordance with the GDPR.
Where you personal information is protected by other law, such as the Australian Privacy Act 1988 (Cth), We will, at a minimum, process that information in accordance with that law. However, where it is lawful and practical to do so, We will also extend to all individuals the similar rights as those that are provided to data subjects who are protected under GDPR, in respect of the:
Right of access;
Right to object;
Right of portability;
Right of erasure or the right to be forgotten.
The GDPR Representative of Gordian Services Pty Ltd is Gordian GDPR Representative Ltd. You can contact the Representative and our Privacy officer at:
2nd Floor College House, 17 King Edwards Road, Ruislip, London, HA4 7AE, United Kingdom; and
via the Contact Us page on our website.
Gordian GDPR Representative Ltd (UK Company number 11325831);
Gordian Services Limited (UK Company number 11325863);
Gordian Services Pty Ltd (Australian Company ABN 86 160 629 685);
Gordian Lawyers Pty Ltd (Australian Company ABN 78 121 066 733),
The Gordian group of companies is engaged in the following business activities:
promoting, offering, selling and performing representative services as defined in Article 27 of GDPR, in particular Gordian GDPR Representative Limited;
promoting, offering, selling and performing professional services relating to privacy advice and compliance, including consulting, training, supporting online services and Data Protection Officer Services as defined by Article 37-39 of GDPR, in particular:
Gordian Services Limited;
Gordian Services Pty Ltd;
providing legal services as defined under the law of New South Wales, Australia, being Gordian Lawyers Pty Ltd;
any business activities related or ancillary to any of the activities set out above.
Australian Privacy Law means the Australian Privacy Act 1998 (Cth).
GDPR means the privacy laws that applies to the European Union, General Data Protection Regulation 2016/679.
has the same meaning as defined in the Australian Privacy Law, where the Australian Privacy Law applies; or
has the same meaning as defined in the GDPR, where the GDPR applies;
Sensitive Information has the same meaning as defined in the Australian Privacy Law.
Special Category Data has the same meaning as defined in the GDPR.
Regulator is the legal entity that is responsible for the supervision of the relevant privacy law in Australia or the relevant Member State of the EU, as applicable.
We may collect and hold the following types of Personal Information:
As a rule We do not collect or hold Sensitive Information or Special Category Data. The only exceptions to this rule are:
We collect Personal Information in a number of ways, including:
We hold Personal Information:
We will only ask for personal information where it is necessary, and is to be processed for a lawful purpose.
If you elect not to provide Us with Personal Information then We may not be able to provide you with the information, products, services or support that you may want.
We may receive other unsolicited Personal Information in the course of Our business, for example, where you send us a resume (which includes your name, address and work history) without us specifically asking you to. We will notify you when we receive any such unsolicited information; confirm to you the purposes for which we intend to use that Personal Information; and deal with this unsolicited Personal Information in accordance with our legal obligations.
We collect, hold, use and disclose Personal Information for the following purposes:
We take appropriate measures to secure personal data and protect it from loss or unauthorised disclosure or damage. All Personal Information provided to Us will be held for so long as we reasonably require to deliver services to you or to or your employer or as otherwise required for regulatory or other legal purposes and will be hold on secure servers. Any payment transactions processed by us or any applicable third party will be encrypted using SSL technology.
The countries in which We know that Personal Information may be processed and/or transferred to include:
Where We have given you (or where you have chosen) a password which enables you to access certain parts of our website or any part of our services, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although We will do our best to protect your Personal Information, We cannot guarantee the security of your Personal Information transmitted to our site; any transmission is at your own risk. Once We have received your information, We will use strict procedures and security features to try to prevent unauthorised access.
Under applicable privacy legislation We must ensure that your Personal Information is accurate and up to date. Therefore, please advise Us of any changes to your information.
If you want to find out what Personal Information We hold on you, or you believe any of your Personal Information that is held by Us is inaccurate, out of date, incomplete, irrelevant or misleading or it is not necessary for Us to continue to hold it, or that We are not processing it lawfully and you require Us to suspend or stop processing it, or you wish for Us to delete or port your Personal Information to a third party provider, you can contact Us, and We will either provide you with access to the Personal Information (in so far as We are legally able and required to do so by applicable law,) or We will delete it or correct it (and/or add supplementary information) or satisfy your rights as a data subject, as applicable, within a reasonable period, in accordance with applicable privacy legislation. Where your Personal Information is subject to GDPR We will provide you these rights in accordance with GDPR. Where your Personal Information is subject to Australian Privacy Law, then We will provide you these rights at least in accordance with Our obligations under Australian Privacy Law, and where it is lawful and practical for Us to do so, to the same extent as if GDPR applied.
You can contact Us for any of these purposes by:
If you make any such complaint, We may be obliged to report that complaint to the relevant local regulator within the time frames set out in the relevant local legislation. We may also be obliged to self report breach of privacy to the relevant local regulator within the time frames set out in the relevant local legislation.
We will aim to respond to any complaint within 10 business days of the date of receipt. We will attempt to resolve your complaint to your satisfaction. If you are not satisfied with how We deal with your complaint you may contact the relevant regulatory authority in your country.