1. Introduction 


Protecting your privacy is very important to us. This policy sets out how CTA Group collects and processes your personal information. It also sets out your rights in relation to the personal information we hold about you. If you have questions about this policy, please contact the CTA Group via the Contact Us section of our website. 


This policy describes how CTA Group deals with personal information of individuals that interact with CTA Group – this includes representatives of our suppliers, customers, sponsors, and business partners; landowners; industry association representatives; users of the CTA Group website and mobile applications (“apps”); shareholders; and job applicants. 


For the purposes of this policy, “personal information” means any information about an identified or identifiable person. This includes where you can be identified, directly or indirectly, including by reference to an identifier (for example, a name or email address, or an online identifier such as a unique device identification number). We use the words “process” and “processing” to describe the various things we may do with your personal information – including using, disclosing, holding, recording, storing, transferring, or otherwise handling that information. 


References to “CTA Group”, “we” or “us” in this policy mean CTA (VIC) Pty Ltd, CTA (QLD) Pty Ltd, CTA (NSW) Pty Ltd, CTA (WA) Pty Ltd, CTA Commercial Flooring Installations Pty Ltd, CTA Commercial Joinery Pty Ltd, CTA Metal Works Pty Ltd, CTA Australia Pty Ltd, CTA International Pty Ltd and other related companies within the CTA Group with Head Office at 45 Logistics Street Keilor Park, Melbourne, Victoria 3042, Australia. 


2. Types of personal information we collect 


We collect and process different types of personal information depending on how you interact with us. In some cases, this may include information that shows who you are and/or is linked to you because of your interactions with CTA Group. In some circumstances, we may also collect sensitive personal information about you. 


We will primarily collect personal information from you either directly (such as when you subscribe to a news alert or request information from us, including through the Contact Us form available on our website or when you interact with us by phone) or indirectly from your interactions with us (such as by monitoring your use of the CTA Group website and apps). In some cases, we may also to collect personal information about you from third parties (such as recruitment agencies). 


The types of personal information that we collect about you will depend on your interaction with us but may include: 


Identification data – such as your name, gender, job title, photograph, and date of birth. 

Contact details – such as your home and business address, email address and telephone number. 

Recruitment-related information – such as your name, email address, location, telephone number, qualifications, employment history, interests, types of roles you are interested in, your work application form and resume or CV. If you progress through the interview process, we may also collect interview notes, references, results of any psychometric tests and background checks (including criminal records checks), your work visa and other information to verify your identity and right to work. 


e-Business information – this includes information required to provide access to CTA Group e-Business websites or portals (such as login information, IP addresses), and records of your use of those websites or portals. 


Usage information – information we collect when you use our websites or apps, such as server log information (your IP address, browser type, operating system, browser language, time zone, access times and any referring addresses) and location information. 


Other information – this includes information about access and attendance to CTA Group premises and physical assets (such as security records about times of entry and exit, and information collected through CCTV), details about your use of our assets, communications with you (including complaints or concerns raised by you or any feedback or survey responses that you provide to us) and other information you voluntarily provide to CTA Group. 


Some types of personal information are more private than others (which, depending on jurisdiction, includes information about someone’s racial or ethnic origin, health or medical conditions, biometric information, criminal record, trade-union membership, and political association membership). This type of information is called “sensitive personal information”. We will only do this as described in section 3 (Why we process your personal information) below and only where you have explicitly provided your consent; or where otherwise permitted by applicable laws and regulations. 


3. Why we process your personal information 


We process personal information to conduct our business – this includes managing our contractual relationships, recruitment, monitoring access to our websites and apps, managing safety and security risks, and complying with our legal obligations. We also process sensitive personal information where you have provided your consent, or it is necessary to comply with legal obligations. 


The purposes for which we process your personal information will depend on the type of personal information collected and the context in which it was collected. However, the primary purposes for which we process personal information include: 


Managing our relationship with you – this includes providing you with information or services, improving our products and services and communicating with you. 


Business-related purposes – this includes negotiating, managing, and fulfilling our contracts with customers, suppliers and third parties (including e-commerce transactions); managing business relationships; administering real estate leases and licences; conducting clearance procedures; managing accounts and records; supporting corporate social responsibility activities; resource planning and workforce management; activities and operations; internal investigations; and debt administration. 


Marketing and public relation purposes – this includes analysing the characteristics of visitors to our website; to prepare analytics and profiling for business intelligence purposes; to personalise your experience on our website; managing our newsletters and communications and, where CTA Group collects details in the membership database relevant to CTA Group’s e-Business website, for demographic analysis and personalisation of the website. 


Recruitment-related purposes – this includes considering you for career opportunities (including internship positions) with CTA GROUP and inviting you to participate in recruitment activities and events. 


Managing safety and security risks – this includes managing and monitoring access and use of our premises and sites, safety and security at our sites (including through the use of CCTV), and our IT environment (including monitoring electronic communications) and the health of those on our sites; 

website administration and internal operations – this includes troubleshooting, data analysis, testing, research, statistical and survey purposes. 


Legal obligations – this includes meeting obligations imposed under law; responding to lawful requests from governments and public authorities; and responding to potential or actual litigation. 

We may also collect and process your personal information for any other purposes for which you have provided your consent or if there is another lawful basis for doing so. 


If we do not collect your personal information, it may affect our ability to perform these functions. 


CookiesOur websites and apps may use cookies. Cookies are small pieces of data stored on the web browser of your device. These are used by us for site administration and analysis purposes and to deliver tailored content. If you wish not to take advantage of cookies, you may configure your browser not to accept them (although this may disable or render unusable some of the features our online services). 


HyperlinksOur websites and apps may contain links to other websites. We are not responsible for the privacy practices or the content of other websites. The privacy practices applicable to other websites may differ substantially from ours. Please read the privacy policy of any other websites you visit before using such websites. 


4. Who we share your personal information with 


We may share your personal information within our corporate group as well as with third parties involved in the running of our business and your authorised representatives. This may involve sharing information across national borders. 


5. How we store and protect your personal information 


We take steps to ensure that your personal information is kept secure and protected against unauthorised access or use. We only keep your personal information for as long as we need it to carry out the purposes described in this policy. 


Information securityWe have put in place procedures and technologies to maintain the security of your personal information from the point of collection to the point of destruction. 


We also take steps to ensure that all our workers are aware of and are properly trained through applicable information security policies and procedures that are designed to keep your personal information secure. We will investigate and take appropriate action if we become aware of any failure to comply with these policies and procedures. 


Storing personal informationWe generally store the personal information that we collect in electronic databases. These databases are generally hosted in our dedicated data centres in Australia. We may also use third parties to store and process your personal information. However, we will only do this if the party agrees to comply with our procedures and policies or if they put in place equivalent security measures. 


Information retentionOur aim is to keep personal information for no longer than is necessary for the purposes described in this policy or as otherwise required by law. 


Job applicantsIf you are a job applicant, and your application is unsuccessful, we may retain your personal information for 12 months for the purposes of considering you for other roles within CTA Group. We are under no obligation to retain your personal information for this purpose and may elect to delete your personal information at any time following an unsuccessful application. 


You may request that we delete your personal information from our database at any time. You can do this by managing your profile on our HR Platform or by emailing us at HR@ctagroup.com.au 


If your account is inactive for 12 months or more, we may deactivate your account. Following deactivation, all your account information will be destroyed or erased from our systems in accordance with our standard information retention and destruction policies. 


6. Your rights and choices 


You have certain rights in relation to your personal information that we hold about you, though the details of these may vary depending on the country where you are based. We respond to all requests we receive from individuals wishing to exercise their rights in relation to any information we hold in accordance with applicable data protection laws. If you wish to access, correct, or update any personal information that we hold about you, please send a request to HR@ctagroup.com.au or via the Contact us form available on our website. 


It is important to us that all the information we hold about you is correct and up to date, so let us know promptly if there are any errors or other changes should be made. If you are concerned about how we are dealing with your personal information, then you may have the right to complain to an applicable data protection authority. The relevant authority will depend on which country you are located in.  


Before raising a complaint with a data protection authority, we recommend that you first raise the issue with us so we can address your concerns as quickly as possible. We will make a record of your complaint and will deal with it as quickly as we can while keeping you informed of progress. Even if we are not able to address your concern, we will be able to provide further information about how you can contact a relevant data protection authority.  


8. Updates to this policy 


We will update this policy from time to time where necessary to reflect changes in applicable laws or in our privacy compliance practices. The latest version of this policy will always be available online through the CTA Group website. 


9. How you can contact us 


If you have any questions about this policy, you can raise any privacy-related queries (either related to this policy or otherwise) via the Contact us link on the CTA Group website. 


Last updated 11th Dec 2023