Privacy Policy

Introduction

Nephthys Pty Ltd (ACN 628 031 587, ABN 70 628 031 587) trading as AusClear ("AusClear", "we", "our", or "us") is committed to protecting your privacy and managing your personal information in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth) and other applicable privacy laws.

This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal information. It also provides information on how you can access and correct your personal information or make a privacy complaint.

01 What Information Do We Collect?

1.1 Personal Information

Personal Information refers to information that identifies you or could reasonably be used to identify you. Depending on the services you engage, this may include:

• Contact Information: Name, email address, phone number, and postal address.
• Professional Information: Employer details, job title, and work-related information.
• Clearance Reference Information: Your AusClear client reference number, clearance level, current status, key dates, and case milestones.
• Aftercare and Compliance Information: Overseas travel reports, annual security declarations, and other ongoing reporting required during the life of an active clearance.
• Portal Account Information: Username, password (held only as a secure hash), and authentication-related data required to operate your client portal account.
• Transactional Information: Details of transactions, including invoices, payment information, and fee records.
• Communication Records: Messages exchanged through the client portal's secure message board, email correspondence, call notes, and booking records.

1.2 Sensitive Information

Sensitive Information includes data about:

• Racial or ethnic origin;
• Political opinions;
• Religious or philosophical beliefs;
• Membership of a trade union or other professional body;
• Criminal record;
• Health information.

We collect Sensitive Information only with your explicit consent and solely for the primary or directly related secondary purposes for which it was obtained, or where required or authorised by law.

1.3 Non-Personal Information

Non-Personal Information includes data that does not identify you personally, such as:

• Website Usage Data: IP address, device type, browser type, and pages visited.
• Aggregated Data: Statistical information about user interactions with the Website.

02 How Do We Collect Your Information?

2.1 Direct Collection

We collect Personal Information directly from you when you:

• Submit a contact form or enquiry on our Website;
• Communicate with us via email, phone, or social media;
• Register for events, subscribe to newsletters, or use our services;
• Participate in surveys, promotions, or competitions.

2.2 Automated Technologies

We may automatically collect technical data about your device and browsing actions using technologies such as cookies, web beacons, and similar tools.

2.3 Third Parties and Public Sources

We may receive Personal Information about you from:

• Third-party service providers (e.g., analytics providers, payment processors);
• Publicly accessible sources;
• Business partners and affiliates.

03 Cookies

We use cookies and similar technologies to enhance your browsing experience. The types of cookies we use include:

• Essential Cookies: Necessary for core Website functionality and cannot be disabled. They help with navigation and basic features.
• Analytical Cookies: Used to improve Website performance and user experience by collecting anonymous usage data (e.g., Google Analytics).
• Preference Cookies: Store your settings and choices to enhance your browsing experience.
• Marketing Cookies: May be set by our advertising partners to build a profile of your interests and show relevant advertisements.
• Third-Party Cookies: Set by external services integrated into our Website (e.g., social media plugins).

3.1 Managing Cookies

You can manage your cookie preferences through your browser settings by:

• Accessing browser settings;
• Selecting 'Privacy' or 'Cookie' settings;
• Choosing to accept, block, or delete specific cookie types.

Please note that disabling certain cookies may affect the functionality of the Website. Third-party cookies are subject to their respective privacy policies, which we encourage you to review. For full details, please review our Cookie Policy.

3.2 Cookie Retention

Cookies are typically stored for up to 180 days, after which they are automatically deleted unless renewed.

3.3 Cookie Consent

Before using any non-essential cookies, we will obtain your explicit consent through a prominent cookie banner that allows you to:

• Accept All Cookies;
• Reject Non-Essential Cookies;
• Manage Preferences for each cookie category.

Your consent choices will be stored and honoured for 180 days, after which renewed consent will be requested. You may modify your cookie preferences at any time.

04 Purpose of Collection

We collect Personal Information to:

• Provide and manage our services to you;
• Communicate with you and respond to your enquiries;
• Conduct security clearance sponsorship and advisory activities;
• Improve our Website and services based on your feedback;
• Engage in marketing and promotional activities (with your consent);
• Comply with legal obligations and regulatory requirements.

4.1 Security Clearance Sponsorship and Referrals

Where you engage us for security clearance sponsorship or advisory services, we collect and process Personal Information for the following purposes:

• To assess your eligibility for Baseline, NV1, or NV2 security clearance sponsorship;
• To sponsor your Baseline security clearance application directly through AGSVA under our accredited DISP membership;
• To facilitate warm referrals to our preferred clearance partner for NV1 and NV2 clearances whilst our DISP Level 3 uplift application progresses;
• To maintain records of sponsorship activity, partner referrals, and clearance outcomes for compliance and aftercare obligations.

05 Data Retention Periods

We retain your Personal Information for the periods specified below, after which it is securely deleted or anonymised:

• Active Account Data: Retained while your account remains active.
• Transaction Records:7 years, as required by law.
• Marketing Preferences:2 years from your last interaction.
• Website Usage Data:12 months.
• Complaint Records:2 years after resolution.
• Inactive Accounts: Deleted or anonymised 12 months after the last activity.
• Security Clearance Records: Retained for the duration required by AGSVA, the Protective Security Policy Framework (PSPF), and our DISP obligations, after which they are securely destroyed.
• Digital Records:30 days for active data and 7 years for archived data, after which automated purge protocols permanently remove the information using secure deletion standards.

06 How Do We Use Your Information?

We may use your Personal Information for the following purposes:

• Service Provision: To provide and manage our security clearance sponsorship and advisory services.
• Communication: To communicate with you and respond to your enquiries.
• Security: To conduct sponsorship-related assessments, perform identity verification, and protect against fraud.
• Improvement: To improve our Website and services based on your feedback and usage data.
• Marketing: To send you marketing and promotional materials (with your consent).
• Compliance: To comply with legal obligations and regulatory requirements, including PSPF and AGSVA obligations.

07 Disclosure of Your Information

We may disclose your Personal Information to third parties for the purposes outlined above.

7.1 Third-Party Disclosures

• Service Providers: Assisting with data processing, IT support, marketing, and other operational functions. They are bound by strict contractual safeguards to protect your information.
• Government Agencies: Including AGSVA and other Commonwealth, State or Territory agencies, as required by law, regulatory authorities, or as part of the security clearance vetting process.
• Preferred Clearance Partner: For NV1 and NV2 clearance referrals, we share your information with our preferred clearance partner. Sharing occurs only:
  • After receiving your explicit consent;
  • For the specific purpose of facilitating NV1 or NV2 sponsorship;
  • With our partner who is bound by strict confidentiality agreements;
  • Limited to information necessary for the clearance process.
• Business Partners: Background check providers, document verification services, and other partners involved in the delivery of our services.

7.2 Security Clearance Sponsorship Information

Due to the sensitive nature of security clearance processes, additional privacy protections apply to information collected for these purposes:

• Enhanced verification procedures;
• Strict access controls aligned with the Protective Security Policy Framework (PSPF);
• Specialised handling protocols required under our DISP accreditation;
• Secure destruction methods for sensitive documentation.

AusClear directly sponsors Baseline clearances under our accredited DISP membership. NV1 and NV2 clearances are facilitated through our preferred clearance partner whilst our DISP Level 3 uplift application progresses. We maintain detailed records of all sponsorship activity, partner referrals, and information transfers in accordance with PSPF and AGSVA requirements.

08 Client Portal

AusClear operates a secure client portal at clientportal.ausclear.au for sponsored clients. The portal provides a secure channel for managing your engagement with us throughout your clearance lifecycle; however, you are also welcome to contact us by phone, email, or in person during business hours.

8.1 Portal Modules

The portal includes the following modules:

• Status: Real-time visibility of your clearance progress, key milestones, and estimated completion timeline.
• Contact: View and update your contact details on file.
• Travel: Submit overseas travel reports in accordance with your ongoing aftercare obligations.
• Messages: A secure message board for direct communication with the AusClear team.
• Documents: Storage and exchange of documents relevant to your engagement.
• Annual Declaration: Completion and submission of your annual security declaration.
• Bookings: Schedule, reschedule, or cancel appointments with our team.
• FAQ and Help: Self-service answers to common questions and direct support requests.
• Settings: Profile, email, password, backup codes, and portal update preferences.

8.2 Account Security and Access

Portal access is granted when you are onboarded as a sponsored AusClear client and your client reference number is issued. Authentication is by email and password with mandatory two-factor authentication (2FA). You are responsible for:

• Maintaining the confidentiality of your login credentials and 2FA tokens;
• Using a unique, strong password;
• Notifying us promptly of any suspected unauthorised access;
• Logging out of shared devices.

AusClear staff access to portal records is logged, audited, and restricted on a least-privilege basis. Staff actions taken on your file are recorded with the responsible staff member's identity in our audit trail.

8.3 Document Handling

Documents you submit through the portal are stored on Australian-hosted infrastructure with TLS in transit and encryption at rest. Access is limited to authorised AusClear staff. Records are retained for the period required by AGSVA, the Protective Security Policy Framework (PSPF), and our DISP record-keeping obligations, then securely destroyed.

8.4 Ongoing Updates and Aftercare

While your clearance remains active, you have ongoing obligations to report changes in your circumstances, overseas travel, and other matters relevant to your clearance. The portal provides a secure and convenient way to submit these updates, although you may also report by phone or email. Information you submit during aftercare is treated with the same protections as information collected at any other stage, regardless of the channel used.

09 Data Security

We take the security of your Personal Information seriously and implement robust measures to protect it:

• Encryption: All data transmitted to and from our Website is encrypted using SSL/TLS.
• Access Controls: Multi-factor authentication is used for systems that store or process Personal Information.
• Secure Data Centres: We use secure data centres with industry-standard security measures.
• Regular Audits: We conduct regular security reviews to identify and address vulnerabilities.
• Employee Training: Employees with access to Personal Information are trained on data protection and security protocols.
• Automated Threat Detection: We use monitoring systems to identify potential threats.
• Data Backups: We perform regular backups to support continuity and recovery.
• Incident Response: We maintain an incident response process aligned to the nature and severity of the event and legal requirements.
• Secure Erasure: We use secure erasure methods to delete Personal Information when required.

When we no longer require your Personal Information for the purpose for which we obtained it, we will take reasonable steps to destroy, anonymise, or de-identify it using secure erasure methods.

10 Accessing and Correcting Your Information

Under the Australian Privacy Principles, you have the right to:

• Access: Request access to the Personal Information we hold about you.
• Correction: Request correction of any inaccurate or incomplete Personal Information.

10.1 How to Request Access or Correction

To exercise these rights, please contact our Privacy Officer using the details provided below. We will respond to your request in accordance with the Privacy Act 1988 (Cth).

11 Complaint Procedure

If you have a complaint about how we handle your Personal Information, please follow our complaint procedure:

11.1 How to File a Complaint

• Contact Details: Use the contact information provided at the bottom of this Privacy Policy.
• Responsible Person: All complaints will be considered by our Privacy Officer.

11.2 Complaint Handling Process

1. Acknowledgement: We will acknowledge receipt of your complaint within 2 business days and provide you with a reference number.
2. Investigation: We will investigate your complaint and maintain records of all communications and findings. We aim to resolve complaints within 30 business days.
3. Resolution Communication: We will communicate our findings and any actions taken within 5 business days after completing the investigation.
4. Appeal Period: You have 14 days from receiving our resolution to request a review if you are unsatisfied.
5. Escalation: If we cannot resolve your complaint within these timeframes, we will provide a written explanation and update you on progress.

11.3 Documentation and Response Timeline

• Complaint Documentation: All complaint documentation will be retained for 12 months following resolution.
• Record-Keeping: We maintain records of communications and findings related to the complaint.

If you remain dissatisfied with the outcome, you may refer the matter to the Office of the Australian Information Commissioner (OAIC).

12 Overseas Transfer

Your Personal Information will not be disclosed to recipients outside Australia unless you expressly request us to do so. If you request us to transfer your Personal Information to an overseas recipient, we ensure that:

• Recipients are Bound by Equivalent Protections: Overseas recipients must comply with privacy protections equivalent to Australian standards.
• Explicit Consent: We obtain your explicit consent for such transfers.
• Compliance: We implement appropriate contractual safeguards and conduct impact assessments where required.

We are not liable for any mishandling of your information by overseas recipients.

13 Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will:

• Post Updates: Any changes will be posted on this page.
• Notify Users: Where appropriate, notify you by email about significant changes.

We encourage you to review this policy regularly to stay informed about how we manage your personal information.

14 Contact Us

If you have any questions about this Privacy Policy or our privacy practices, or if you wish to access, update, or correct your personal information, please contact our Privacy Officer: