ERS

Privacy Policy

Introduction

This Privacy Policy explains how ERS Group (Aus) Pty Ltd (“ERS”, “we”, “us”, or “our”) collects, uses, stores, and discloses your personal information. It applies to all personal information collected through our website (www.ers.net.au), any sub-domains, and any services or systems we provide.

We are committed to handling your personal information in accordance with the Privacy Act 1988 (Cth) (the Privacy Act), the Australian Privacy Principles (APPs), and the Privacy and Other Legislation Amendment Act 2024 (Cth) (POLA), including reforms that took effect in December 2024 and those commencing in 2026.

We encourage you to read this Policy carefully and contact us if you have any questions.

 

1. Definitions

Term

Meaning

Account

The personal information, payment credentials, and login details used to access our website services and systems

APP entity

An organisation bound by the Australian Privacy Principles under the Privacy Act

Content

Any text, graphics, images, audio, video, software, data compilations, or other information forming part of our website

Cookie

A small text file placed on your device when you visit our website, used to recognise returning visitors and analyse browsing behaviour

Data / Personal Information

Any information or opinion about an identified individual or an individual who is reasonably identifiable, whether true or not, and whether recorded in a material form or not — including all information you submit through our website or services

ERS Group (Aus)

ERS Group (Aus) Pty Ltd, ABN 72 620 257 141

Notifiable Data Breach

A data breach that is likely to result in serious harm to one or more individuals, as defined under Part IIIC of the Privacy Act

Sensitive Information

A subset of personal information that receives higher protections under the APPs, including health information, biometric data, racial or ethnic origin, religious beliefs, sexual orientation, criminal records, trade union membership, and genetic information

Service

Any online facilities, tools, services, or information made available through our website

System

Any online communications infrastructure we make available, including web-based email, message boards, and live chat

User

Any third party who accesses the website and is not employed by ERS Group (Aus) in the course of their employment

Website

www.ers.net.au and any sub-domains, unless those sub-domains have their own terms

2. What Personal Information We Collect

We may collect the following types of personal information:

  • Full name
  • Date of birth
  • Job title and profession
  • Contact details — email address, phone number, and postal address
  • Demographic information — postcode, preferences, and interests
  • Financial information — credit or debit card numbers and payment details
  • IP address (collected automatically)
  • Web browser type and version (collected automatically)
  • Operating system (collected automatically)
  • Browsing activity — referring URLs, activity on our website, and exit URLs (collected automatically)
  • Cookie and tracking identifier data
  • Online identifiers — device identifiers and advertising IDs where linked to your behaviour

We collect sensitive information (as defined above) only where you provide it voluntarily and you have consented, or where we are otherwise permitted by law to collect it. We will always handle sensitive information with a higher standard of care.

We do not collect personal information that is not reasonably necessary for our functions and activities.

3. How We Collect Personal Information

We collect personal information:

  • Directly from you — when you register an account, submit enquiries, complete forms, or correspond with us
  • Automatically — through cookies, web analytics tools, and server logs when you visit our website
  • From third parties — such as payment processors or service providers, where permitted and necessary

Where practicable, we will give you the option to interact with us anonymously or using a pseudonym. However, some services may not be available without identification.

4. How We Use Personal Information

We use your personal information only for the purposes for which it was collected or for directly related purposes you would reasonably expect, including:

  • Providing and improving our services
  • Internal record keeping and administration
  • Processing payments and managing accounts
  • Sending promotional and marketing communications (where you have consented or we are otherwise permitted to do so — see Section 7 below)
  • Conducting market research and improving our website
  • Complying with our legal obligations
  • Responding to enquiries and complaints
  • Conducting COVID-19 contact tracing via TrackERS, where applicable (see Section 11)

We will not use your personal information for a purpose you would not reasonably expect, and we will not use sensitive information for a secondary purpose without your explicit consent (unless required or authorised by law).

5. Disclosure of Personal Information

We do not sell your personal information to third parties.

We may disclose your personal information to:

  • Service providers we engage for payment handling, marketing, analytics, IT support, or other business functions — only to the extent necessary for them to perform those services, and subject to confidentiality and privacy obligations consistent with the APPs
  • Government or regulatory bodies where required by law, a court order, or regulatory authority
  • Successor entities in the event of a business sale or transfer (see Section 9)

All third parties with whom we share personal information are required to handle it in accordance with the Australian Privacy Principles and relevant legislation.

6. Cross-Border Disclosure

We may transfer personal information to recipients located outside Australia where necessary for our operations (for example, to cloud service providers or international service partners).

Before doing so, we take reasonable steps to ensure the overseas recipient does not breach the APPs in relation to the information, including through contractual arrangements that require equivalent privacy protection. Where we cannot ensure equivalent protection, we will obtain your consent prior to transfer.

7. Direct Marketing

We may use your personal information to send you information about our products, services, or promotions that may be of interest to you, where you have opted in or where we are otherwise permitted under the Spam Act 2003 (Cth) and the APPs.

You may opt out of receiving marketing communications at any time by:

  • Clicking the “unsubscribe” link in any email we send
  • Contacting us directly (see Section 13)

We will action opt-out requests promptly and within a reasonable timeframe.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website and to collect analytics data.

You can configure your browser to refuse cookies or to alert you when cookies are being sent. Please note that some parts of our website may not function fully if cookies are disabled.

Where we use cookies or online identifiers that may be linked to individuals, we will be transparent about this in our cookie notice or consent mechanism on the website. We collect and handle cookie-derived personal information in accordance with the APPs.

9. Changes of Business Ownership and Control

If ERS Group (Aus) is involved in a merger, acquisition, restructure, or sale of assets, your personal information may be transferred to the new owner or controlling entity as part of that transaction. Any such transfer will only occur where the recipient agrees to handle your information in accordance with this Policy and the Privacy Act.

You will be notified in advance of any such transfer and given the opportunity to request that your personal information be deleted or withheld from the new owner, where lawfully possible.

10. Your Privacy Rights and Choices

Access and Correction

You have the right to request access to the personal information we hold about you, and to request correction of any inaccurate, incomplete, or out-of-date information. We will respond to access and correction requests within a reasonable timeframe (generally 30 days).

We may decline access in limited circumstances permitted by the Privacy Act (for example, where providing access would unreasonably affect the privacy of others). If we decline, we will provide reasons and information about how to complain.

Deletion

You may request deletion of your personal information where we no longer have a lawful basis for retaining it, subject to our legal obligations (for example, tax record-keeping requirements).

Withholding Information

You may choose not to provide certain information, but this may mean we cannot provide some or all of our services to you.

Restricting Cookies

You may restrict our use of cookies through your browser settings (see Section 8).

11. Data Retention

We retain your personal information for as long as necessary to fulfil the purpose for which it was collected, or as required by law — including for tax, accounting, and regulatory compliance purposes.

Communications data submitted through our systems may be retained for up to 12 months. After the applicable retention period, we will take reasonable steps to destroy or de-identify the information securely.

12. Data Security

We take data security seriously and implement reasonable physical, technical, and organisational measures to protect your personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure.

Our security practices include:

  • Secure data storage in compliance with the Australian Privacy Principles and the Privacy Act
  • Encryption and access controls for sensitive information
  • Regular review of security procedures and technical measures
  • Staff training on privacy and data handling obligations

Notwithstanding our efforts, no system is completely secure. If you believe your information has been compromised, please contact us immediately.

Notifiable Data Breaches

In the event of a data breach that is likely to result in serious harm to you, we will notify you and the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches scheme (Part IIIC of the Privacy Act).

13. Automated Decision-Making

We will update this Policy prior to 10 December 2026 to include information about any automated decision-making we use that involves your personal information, as required by new APP 1.7 under the Privacy and Other Legislation Amendment Act 2024 (Cth). If we use computer programs to make or assist in making decisions that significantly affect you, we will disclose this and explain the kinds of decisions and information involved.

14. Children’s Privacy

Our website and services are not directed at children under the age of 15. We do not knowingly collect personal information from children without verifiable parental or guardian consent. If you believe we have inadvertently collected information from a child, please contact us and we will take steps to delete it.

We are monitoring the development of the Children’s Online Privacy Code being developed by the OAIC (due to be registered by 10 December 2026) and will update our practices accordingly when it comes into effect.

15. Changes to This Policy

We reserve the right to update this Privacy Policy from time to time to reflect changes in the law, our business practices, or technology. All updates will be published on our website. Your continued use of our website following any updates constitutes acceptance of the revised Policy. We encourage you to review this Policy periodically.

Material changes that affect your rights or how we handle your information will be communicated to you directly where practicable.

16. Complaints

If you believe we have handled your personal information in breach of the Privacy Act or the Australian Privacy Principles, you may:

  1. Contact us directly using the details below and we will investigate and respond within 30 days
  2. If unsatisfied, lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

17. Contact Us

For any questions, access requests, correction requests, or privacy complaints, please contact us at:

ERS Group (Aus) Pty Ltd Website: www.ers.net.au Email: [accounts[at]ers.net.au]

This Privacy Policy is provided for general information purposes. It does not constitute legal advice. ERS Group (Aus) recommends seeking independent legal advice if you have specific concerns about your privacy obligations.

ERS Group (Aus) Pty Ltd ABN: 72 620 257 141 Website: www.ers.net.au Last updated: March 2026

ERS_Logo

SERVICES

Programme Decision Frameworks

Stakeholder Knowledge Capture & Data Modelling

Executive Reporting & Programme Visibility

ABOUT ERS

ABOUT ERS

TERMS & CONDITIONS

PRIVACY POLICY

ENGAGE WITH US

Copyright © 2026 ERS Group Australia.