Privacy Policy

This Privacy Policy applies to all personal information collected by Spectrum Mining Consultants Pty Ltd (we, us or our) via the website located at www.spectrummining.com.au (Website).

1. What information do we collect?

The kind of Personal Information that we collect from you will depend on how you use the website. The Personal Information which we collect and hold about you may include:

Name; Phone number; Residential address; Business Address; Email address

2. Types of information

The Privacy Act 1998 (Cth) (Privacy Act) defines types of information, including Personal Information and Sensitive Information.

Personal Information means information or an opinion about an identified individual or an individual who is reasonably identifiable:

(a) whether the information or opinion is true or not; and

(b) whether the information or opinion is recorded in a material form or not.

If the information does not disclose your identity or enable your identity to be ascertained, it will in most cases not be classified as “Personal Information” and will not be subject to this privacy policy.

Sensitive Information is defined in the Privacy Act as including information or opinion about such things as an individual’s racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.

Sensitive Information will be used by us only:

(a) for the primary purpose for which it was obtained;

(b) for a secondary purpose that is directly related to the primary purpose; and

(c) with your consent or where required or authorised by law.

3. How we collect your Personal Information

(a) We may collect Personal Information from you whenever you input such information into the Website, related app or provide it to Us in any other way.

(b) We may also collect cookies from your computer which enable us to tell when you use the Website and also to help customise your Website experience. As a general rule, however, it is not possible to identify you personally from our use of cookies.

(c) We use different types of cookies including essential cookies for Website functionality, analytical cookies to improve user experience, and marketing cookies that may be set by third parties. These cookies are retained for up to [DAYS] days and can be managed through your browser settings. Third-party cookies are subject to their respective privacy policies, which we encourage you to review.

(d) We will obtain your explicit consent before placing non-essential cookies on your device. You may withdraw consent and manage cookie preferences through your browser settings at any time. A detailed list of third-party cookie providers, their purposes, and retention periods is available in our Cookie Policy, which includes direct links to their respective privacy policies.

(e) We generally don’t collect Sensitive Information, but when we do, we will comply with the preceding paragraph.

(f) All employees and contractors receive mandatory privacy and data handling training upon commencement and annually thereafter, covering Australian Privacy Principles, confidentiality obligations, secure data handling practices, breach notification procedures, and client confidentiality requirements.

(g) Where reasonable and practicable we collect your Personal Information from you only. However, sometimes we may be given information from a third party, in cases like this we will take steps to make you aware of the information that was provided by a third party.

4. Purpose of collection

(a) We collect Personal Information to provide you with the best service experience possible on the Website and keep in touch with you about developments in our business.

(b) For business-to-business client data, including geological surveys, mining exploration information, and confidential technical reports, we collect only information necessary for project delivery and contractual obligations. Client project data is protected with enhanced security measures including encryption, access restrictions, and audit logging, and will not be used for marketing purposes or disclosed to third parties without explicit written consent.

(c) We customarily only disclose Personal Information to our service providers who assist us in operating the Website. Your Personal Information may also be exposed from time to time to maintenance and support personnel acting in the normal course of their duties.

(d) All service providers and contractors handling Personal Information must execute Data Processing Agreements requiring compliance with Australian Privacy Principles, implement encryption of data in transit and at rest with appropriate access controls, and notify us of any data breaches within [24] hours. We reserve the right to audit service provider compliance with these obligations.

(e) By using our Website, you consent to the receipt of direct marketing material. We will only use your Personal Information for this purpose if we have collected such information direct from you, and if it is material of a type which you would reasonably expect to receive from us. We do not use sensitive Personal Information in direct marketing activity. Our direct marketing material will include a simple means by which you can request not to receive further communications of this nature, such as an unsubscribe button link.

(f) We will only send you direct marketing communications if you have explicitly opted in to receive such material. We maintain records of all marketing consent and withdrawal requests, including the date, method, and content preferences. You may withdraw your marketing consent at any time by clicking the unsubscribe link in our communications or by contacting us directly.

5. Security, Access and correction

(a) We store your Personal Information in a way that reasonably protects it from unauthorised access, misuse, modification or disclosure. When we no longer require your Personal Information for the purpose for which we obtained in, we will take reasonable steps to destroy and anonymise or de-identify it. Most of the Personal Information that is stored in our client files and records will be kept for a maximum of 7 years to fulfill our record keeping obligations.

(b) We implement technical security measures including encryption (AES-256 for data at rest, TLS 1.2+ for data in transit), role-based access controls, multi-factor authentication for system access, and maintain audit logs of all data access. We conduct annual security assessments and maintain a Data Breach Response Plan. In the event of a data breach likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner within 30 days in accordance with the Notifiable Data Breaches scheme.

(c) The Australian Privacy Principles:

(i) permit you to obtain access to the Personal Information we hold about you in certain circumstances (Australian Privacy Principle 12); and

(ii) allow you to correct inaccurate Personal Information subject to certain exceptions (Australian Privacy Principle 13).

(d) Where you would like to obtain such access, please contact us in writing on the contact details set out at the bottom of this privacy policy.

(e) We maintain differentiated retention schedules based on data type and purpose: client project data and engineering records are retained for 7 years post-project completion; marketing contact information for 2 years from last engagement; website analytics and cookies for 12 months; and employee records for 7 years post-termination. We conduct annual reviews to identify and securely delete data no longer required for its stated purpose, using industry-standard data destruction methods including secure wiping for electronic records and certified shredding for physical documents.

(f) We will respond to access requests within 14 days of receipt. Requests must include sufficient information to identify the individual and the Personal Information sought, and we may request proof of identity before releasing Personal Information. Correction requests will be assessed within 21 days; if we disagree with the correction, we will provide written reasons and information about complaint procedures. Requests should be submitted to the contact details below with subject line “Privacy Access Request”. We will not charge fees for reasonable access requests, but may charge for excessive or repetitive requests.

6. Complaint procedure

If you have a complaint concerning the manner in which we maintain the privacy of your Personal Information, please contact us as on the contact details set out at the bottom of this policy. All complaints will be considered by Rohan Gleeson and we may seek further information from you to clarify your concerns. If we agree that your complaint is well founded, we will, in consultation with you, take appropriate steps to rectify the problem. If you remain dissatisfied with the outcome, you may refer the matter to the Office of the Australian Information Commissioner.

7. Overseas transfer

Your Personal Information will not be disclosed to recipients outside Australia unless you expressly request us to do so. If you request us to transfer your Personal Information to an overseas recipient, the overseas recipient will not be required to comply with the Australian Privacy Principles and we will not be liable for any mishandling of your information in such circumstances.

8. GDPR

In some circumstances, the European Union General Data Protection Regulation (GDPR) provides additional protection to individuals located in Europe. The fact that you may be located in Europe does not, however, on its own entitle you to protection under the GDPR. Our website does not specifically target customers located in the European Union and we do not monitor the behaviour of individuals in the European Union, and accordingly the GDPR does not apply.

9. How to contact us about privacy

If you have any queries, or if you seek access to your Personal Information, or if you have a complaint about our privacy practices, you can contact us through: info@spectrummining.com.au.

10. Complaint handling procedures

All privacy complaints will be logged in our Privacy Complaint Register with date received, complainant details, and complaint summary. We will acknowledge receipt within 7 business days and provide an initial response within 14 days. Complaints will be investigated by Rohan Gleeson; if unresolved after 30 days, the matter will be escalated to our designated privacy officer. We will document our investigation findings, actions taken, and reasons for any decisions. Complaints involving potential data breaches will be escalated immediately to our Data Breach Response Team.