top of page

Crystal Logic — Privacy Policy

​

Effective: 22 January 2025

​

Crystal Logic (ABN 44 560 683 394) (“Crystal Logic”, “we”, “us”, “our”) is committed to protecting the privacy and confidentiality of personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs) and all other applicable privacy and data protection laws.

This Privacy Policy explains how we collect, use, disclose, store and protect personal information, and how individuals may access and correct their information or make a privacy complaint.

​

1. What is Personal Information?

Personal information is any information or opinion that identifies, or could reasonably identify, an individual—whether the information is true or not.
We may collect personal information from:

  • Clients and prospective clients

  • Representatives of organisations we service

  • Suppliers and service providers

  • Prospective employees, contractors and consultants

  • Any third party interacting with our business

We only collect personal information where it is reasonably necessary for our business activities, or for purposes directly related to providing our services.

​​

2. Types of Information We Collect

The personal information we may collect includes (as relevant):

  • Identity and contact information – name, address, phone number, email, date of birth, identification documents.

  • Business and financial information – organisational details, ABN/ACN, financial records, work history, salary and payroll data (where relevant to an engagement).

  • Employment and background information – CVs, qualifications, screening checks, references and work eligibility.

  • Transactional and engagement records – queries, instructions, deliverables, billing data, and records of communications.

  • Technical information – IP address, browser information, device data, cookies and analytics.

  • Other information needed to provide our consultancy services or interact with you.

Sensitive information (such as health information, criminal history, ethnic origin or union membership) is only collected with your consent, where required by law, or where necessary for a specific engagement.

We do not use government identifiers (e.g., Medicare, TFN, passport numbers) as our own internal identifiers.

​

3. How We Collect Personal Information

We collect information in several ways, including:

  • Directly from you (e.g., emails, forms, meetings, calls, uploads).

  • From your authorised representatives.

  • From your employer (for corporate engagements).

  • From publicly available sources.

  • Through our website, cookies, analytics tools and digital services.

  • From third-party service providers we use for professional, IT, HR, analytics or administrative purposes.

If we receive unsolicited personal information, we will handle it in accordance with the Privacy Act, including securely destroying it if appropriate.

​

4. Why We Collect, Use and Disclose Personal Information

We collect, use, hold and disclose personal information for purposes including:

  • Providing our consultancy services, including data analysis, reporting, modelling, automation, auditing, advisory, and project work.

  • Assessing your request for services, proposals or quotes.

  • Managing our relationship with you, including billing and documentation.

  • Improving our services, systems and processes.

  • Conducting research, insights and analytics.

  • Managing recruitment, employment and contracting.

  • Preventing fraud, security risks or unlawful activity.

  • Complying with legal, regulatory and professional obligations.

  • Sending service updates or marketing communications (unless you opt out).

We will not use your personal information for any purpose unrelated to the above without your consent, unless permitted by law.

​

5. Marketing

We may send you information about our services or insights we believe may be relevant to you.
You can opt out at any time by contacting us or using the unsubscribe feature where available.

​

6. Disclosure to Third Parties

We may share your personal information with:

  • Crystal Logic personnel, contractors and related entities.

  • Professional advisers, auditors, insurers and legal representatives.

  • Technology and cloud service providers, including data hosting providers.

  • Analytics and digital service providers.

  • Third-party consultants assisting with your engagement.

  • Payment processors.

  • Government agencies and regulators (where required).

  • External dispute resolution schemes.

  • Any organisation where you have authorised us to do so.

All third parties are required to maintain strict confidentiality and data security, and may only use the information for the purpose for which it is provided.

​

7. Overseas Disclosure

Some external service providers and data hosting platforms we use operate overseas.
Personal information may be disclosed in countries including New Zealand, the United States, Canada, the United Kingdom, European Union member states, India, Malaysia, the Philippines and Vietnam.

We will only transfer information overseas where:

  • the recipient is subject to privacy protections substantially similar to the APPs,

  • appropriate safeguards are in place, or

  • you have provided consent.

​

8. Security and Storage

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure.

Protections include:

  • Access controls and multi-factor authentication

  • Encryption and secure data centres

  • Confidentiality obligations for staff

  • Mandatory information-security training

  • Internal monitoring, audits and compliance checks

  • Secure physical storage for hard copy information

Information is retained only for as long as reasonably necessary to fulfil the purposes for which it was collected or to comply with legal obligations.

When no longer required, personal information is securely destroyed or de-identified.

​

9. Access and Correction

You may request access to, or correction of, your personal information by contacting us.

We will respond within a reasonable timeframe.
In rare cases where we are permitted to refuse access, we will provide you with written reasons and explain how you can escalate your concerns.

No fee applies for correction requests.
A reasonable fee may apply for repeated or complex access requests.

​

10. Data Breaches

We maintain a Data Breach Response Plan consistent with the Notifiable Data Breaches (NDB) Scheme.
If an eligible data breach occurs, we will promptly notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by law.

​

11. Complaints

If you have concerns about how your personal information has been handled, please contact us:

Crystal Logic – Privacy Officer
Email: support@crystallogic.com.au
Website: https://crystallogic.com.au

We will acknowledge your complaint promptly and aim to resolve it within five business days.

If you remain dissatisfied, you may contact:

Office of the Australian Information Commissioner (OAIC)
Phone: 1300 363 992
Website: www.oaic.gov.au

​

12. Changes to This Policy

We may update this Privacy Policy periodically.
The latest version will always be available on our website.

bottom of page