Privacy Policy

  1. Introduction

As an Australian small business, we are exempt from the Australian Privacy Principles except to the extent to which we manage personal information to provide registry support for code of conduct and disciplinary and dispute resolution procedures of our professional association clients (“Registry Support Activities”).

Our privacy policy is therefore developed principally with regard to our Registry Support Activities.

The WEBSITE section of this policy includes information about how our site handles your personal information when you interact with it.

APP Entity

WORKACCORD manages personal information related to its Registry Support Activities, as an APP Entity, under the Australian Privacy Principles (APPs).


WORKACCORD does not offer goods or services to, or monitor the behaviour of, data subjects in member states of the EU.

This policy applies to information collected by AC Wood Holdings Pty Ltd ACN 074 381 409 (trading as WorkAccord)  in the performance of its Registry Support Activities.

We only collect information that is reasonably necessary for the proper performance of our activities or functions.

We do not collect personal information just because we think it could be useful at some future stage if we have no present need for it.

We may decline to collect unsolicited personal information from or about you and take steps to purge it from our systems.

If you have any questions please contact The Privacy Officer, WorkAccord during normal office hours, which are 8.30am to 5.30 am Monday to Friday.  Our contact details:

A: Level 2, Riverside Quay, 1 Southbank Blvd, SOUTHBANK, VIC 3006


T: +61 3 9982 4408

  1. Information Flow

When we collect your personal information:

We check that it is reasonably necessary for our functions or activities connected with providing registry support for professional disciplinary & dispute resolution schemes; and facilitating the exchange of information between parties to grievances and complaints

We check that it is current, complete and accurate. This will sometimes mean that we have to seek feedback from third parties about the information that we collect from you. Most usually, the third party will be the other party involved in the grievance or complaint;

We record and hold your information for the purpose of our Registry Support Activities.

Some information may be disclosed to overseas recipients. Most usually, that will occur when the overseas recipient is your professional association, or the other party involved in the grievance or complaint.

We retrieve your information when we need to use or disclose it for our Registry Support Activities.

Subject to some exceptions, we permit you to access your personal information in accordance with APP:12 of the (APPs).

We correct or attach associated statements to your personal information in accordance with APP:13 of the (APPs).

We destroy or de-identify your personal information, when it is no longer needed for any purpose for which it may be used or disclosed provided that it is lawful for us to do so.

  1. Type of Information We Collect and Why We Collect It

The type of information that we typically collect (and hold) is information that is necessary to facilitate the exchange of information for the handling of grievances and complaints and the determination of complaint proceedings.

Examples might include information about: job applications and dealings with recruitment staff; the effects of those dealings upon the people involved in them and sometimes upon third parties; employment arrangements; complaint forms and records; and the types of outcomes that may resolve grievances or complaints.

  1. Our Policy on Direct Marketing

We do not use any personal information we collect from, or about, you for direct marketing.

  1. How your personal information is collected

We sometimes collect information from third parties and publicly available sources, when it is necessary for a specific purpose such as checking information that you have given us, or where you have consented, or would reasonably expect us to collect your personal information in this way.

Personal information will be collected from you directly, when you fill out and submit a complaint forms or any other information in connection with the grievance or complaint in which you are involved.

Personal information is also collected when:

Another party to the grievance or complaint (or a third party) provides information about you;

You reply to feedback, questions or requests for information in connection with the grievance or complaint in which you are involved.

We may also collect personal information about you from a range of publicly available sources including newspapers, journals, directories, the Internet and social media sites. When we collect personal information about you from publicly available sources for inclusion in our records we will manage the information in accordance with the APPs  [and our Privacy Policy.

Electronic Transactions

Often, we collect personal information from emails and attached digital files.

It is important that you understand that there are risks associated with use of the Internet and you should take all appropriate steps to protect your personal information.  It might help you to look at the OAIC’s resource on Internet Communications and other Technologies

You can contact us by land line telephone or post if you have concerns about making contact via the Internet.


Our website address is:

What personal data we collect and why we collect it


When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment.


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms


If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

  1. How your personal information is held

Personal information is held in our Information Record System until it is no longer needed for any purpose for which it may be used or disclosed at which time it will be de-identified or destroyed provided that it is lawful for us to do so.

Our Information Record System

Information is stored in electronic format on our computers, synchronised portable devices (e.g. tablets and smart phones) and data storage devices (e.g. external hard drives);

We use DropBox cloud-based storage technology. We may share storage files containing your personal information with other people such as our lawyers and our industry association clients.

Information Security

Our computers and cloud storage systems containing your personal information are password protected.

In the event of a data breach, we would follow the data breach notification procedures outlined in the OIAC’s guidelines adjusted as appropriate to the nature of the breach and the size of our enterprise.

  1. Disclosures

We may disclose your personal information for any of the purposes for which it is primarily held or for a lawful related purpose.

Disclosure will usually be internally and to our professional advisors; to our Clients including their ethics or disciplinary committees and officers who may be involved in grievance and complaint handling processes; to another party or participant to a grievance or complaint in which you are involved.

We may disclose your personal information where we are under a legal duty to do so.

Related Purpose Disclosures

We outsource a number of services to contracted service suppliers (CSPs) from time to time.  Our CSPs may see some of your personal information.  Typically, our CSPs would include:

Software solutions providers; I.T. contractors and database designers and Internet service suppliers; Legal and other professional advisors; Insurance brokers, loss assessors and underwriters.

We take reasonable steps to ensure that terms of service with our CSPs recognise that we are bound by obligations to protect the privacy of your personal information and that they will not do anything that would cause us to breach those obligations.

Cross-Border Disclosures

Some of your personal information is likely to be disclosed to overseas recipients. We cannot guarantee that any recipient of your personal information will protect it to the standard to which it ought to be protected. The costs and difficulties of enforcement of privacy rights in foreign jurisdictions and the impracticability of attempting to enforce such rights in some jurisdictions will mean that, in some instances, we will need to seek your consent to disclosure.

The likely countries, type of information disclosed, and recipients are indicated, so far as is practicable, in the following table:


Country Type of Information Likely Recipients
New Zealand Information relevant to complaints and grievances involving New Zealand parties and participants Clients for whom we are providing registry support

Parties and participants to complaints and grievances who are based in New Zealand.

Other countries All personal data stored electronically by us DropBox cloud storage providers and their CSPs.
  1. Access & Correction

Subject to some exceptions set out in privacy law, you can gain access to your personal information that we hold.

Important exceptions include evaluative and opinion material obtained confidentially in the course of providing our registry support services. In many cases evaluative material contained in references that we obtain will be collected under obligations of confidentiality that the person who gave us that information is entitled to expect will be observed. We do refuse access if it would breach confidentiality.

Other exceptions include responses and replies to grievances and complaints received confidentially and legal advice received from our lawyers and our client’s lawyers.

For more information about access to your information see our Access Policy (below).

For more information about applying to correct your information see our Correction Policy (below)

Access Policy

If you wish to obtain access to your personal information you should contact our Privacy Officer.  You will need to be in a position to verify your identity.

Most access requests can be granted within 5 business days. Some may take longer if the requests are complex or involve the privacy or confidentiality rights of other people.

If we refuse access, you can make a complaint to the OAIC.

Correction Policy

If you find that personal information that we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, you can ask us to correct it by contacting us.

We will take such steps as are reasonable in the circumstances to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up to date, complete, relevant and not misleading.

If we have disclosed personal information about you that is inaccurate, out of date, incomplete, irrelevant or misleading, you can ask us to notify the third parties to whom we made the disclosure and we will take such steps (if any) as are reasonable in the circumstances to give that notification unless it is impracticable or unlawful to do so.

Correction requests may take up to 10 business days to respond to as it may be necessary for us to seek verification in some cases.

If we refuse to correct the information, you can ask up to place an associated statement with your personal information.

You can also make a complaint to the OAIC.

  1. Complaints

You have a right to complain about our handling of your personal information if you believe that we have interfered with your privacy.

For more information see our Complaints Procedure.

Complaints procedure

If you are making a complaint about our handling of your personal information, it should first be made to us in writing.

You can make complaints about our handling of your personal information to our Privacy Co-ordinator, whose contact details are:

The Privacy Officer


Ph: (03) 9982 4408

You can also make complaints to the Office of the Australian Information Commissioner

When we receive your complaint We will take steps to confirm the authenticity of the complaint and the contact details provided to us to ensure that we are responding to you or to a person whom you have authorised to receive information about your complaint;

Upon confirmation we will write to you to acknowledge receipt and to confirm that we are handling your complaint in accordance with our policy.

We may ask for clarification of certain aspects of the complaint and for further detail;

We will consider the complaint and may make inquiries of people who can assist us to established what has happened and why;

We will require a reasonable time (usually 30 days) to respond;

If the complaint can be resolved by procedures for access and correction we will suggest these to you as possible solutions;

If we believe that your complaint may be capable of some other solution, we will suggest that solution to you, on a confidential and without prejudice basis in our response.

If the complaint cannot be resolved by means that we propose in our response, we will suggest that you take your complaint to any recognised external dispute resolution scheme to which we belong or to the Office of the Australian Information Commissioner.