Skip to main content

Privacy Policy

Environmental Systems Solutions recognises the importance of protecting the privacy and the rights of individuals in relation to their personal information. This document is our privacy policy and it tells you how we collect and manage your personal information.

We respect your rights to privacy under the Privacy Act 1988 (Cth) and we comply with all of the Act’s requirements in respect of the collection, management and disclosure of your personal information as set out in the Australian Privacy Principles. While we are only required to comply with the Act when undertaking Commonwealth contracts, we choose to apply our privacy policy across all of our work. We also respect other privacy related laws of the States and Territories of Australia when they apply to our business.

What ESS activities does this Privacy Policy cover?

Environmental Systems Solutions is in the business of creating systems for the collection of environmental and cultural information. In our business administration we collect very limited categories of personal information in order to provide our clients with the information or services they ask for.  ‘Personal information’ is information or an opinion about an identified individual.  Personal information can be: true or false; verbal, written, or photographic, and, recorded or unrecorded.

Note that this privacy policy focuses only on personal information collected in the ordinary course of our business administration and does not cover the information that might be recorded in the environmental and cultural systems and other tools that we create for clients.

Further information about how we respect privacy considerations in the ordinary course of our business administration is described in this policy.

What doesn’t this Privacy Policy cover?

The cultural and environmental information management systems developed by ESS are generally created to the specification of specific clients, as guided by the contract between the client and ESS. It is necessary to review the specific details of a given contract to determine whether applicable privacy policy will be that of ESS or the client, and if any other information management protocol additionally applies. For example:

  • Where ESS creates an information management system but the client administers and supplies the hosting service for the system, it is likely that the client’s privacy policy will apply.
  • Where ESS supplies ongoing implementation support and/or provides the system’s hosting service, ESS’s privacy policy is likely to apply.
  • In addition, systems might also be subject to additional information management protocols that have been developed by ESS in consultation with the client or clients specifically for that project.

The ESS Privacy Officer can advise about the applicable policy for specific projects. The applicable privacy policy will be clearly identified to users of the system.  

In the development of ecological and cultural information systems and other tools we help to create, ESS notes that privacy considerations need to be at the forefront of client considerations.  Even when the applicable privacy policy will be that of the client, we actively encourage our clients to ensure systems have robust privacy protocols embedded in their design and administration, and that these protocols comply with any applicable legal requirements. We recognise this is particularly important given that what is considered sensitive information under the Act, such as information as to racial or ethnic affiliation, may sometimes be a feature of the information shared by users within the systems we create.  In such cases, analysis of ways to ensure compliance the Privacy Act and other legislative requirements will be a recommended part of project development.

More broadly, ESS recognises that respecting and protecting the rights and interests of Indigenous peoples and local communities in their cultural information and traditional knowledge is of paramount concern. Such cultural information and traditional knowledge might be shared in the systems we create. The rights and interests of Indigenous peoples and local communities in this information derive from a number of sources in international, Australian and customary law and practice. For example, we might recommend to clients that the tools we develop for them embed robust consent, confidentiality, privacy and security protocols within their system features in order to respect these rights and interests in a way that is consistent with the governance structure and customary law of our client group.

For further information about privacy considerations and their application to specific projects please contact the ESS Privacy Officer at ([email protected]).

What is your personal information?

When used in this privacy policy, the term “personal information” has the meaning given to it in the Act. In general terms, it is any information that can be used to personally identify you. This may include your name, address, telephone number, email address and profession or occupation. If the information we collect personally identifies you, or you are reasonably identifiable from it, the information will be considered personal information.

What personal information do we collect and hold?

We may collect the following types of personal information:

  • name; 
  • mailing or street address; 
  • email address; 
  • telephone number; 
  • organisation
  • profession, occupation or job title; 
  • details of the products and services you have purchased from us or which you have enquired about, together with any additional information necessary to deliver those products and services and to respond to your enquiries; 
  • any additional information relating to you that you provide to us directly through our websites or indirectly through use of our websites or online presence, through our representatives or otherwise; and 
  • information you provide to us through our training activities, customer surveys or visits by our representatives from time to time. 

We may also collect some information that is not personal information because it does not identify you or anyone else. For example, we may collect anonymous answers to surveys or aggregated information about how users use our . 

Importantly, if for any reason it becomes necessary to our activities to collect information that is considered sensitive under the Act, such as racial or ethnic affiliation, we will seek your specific consent before collecting this information. This applies to our general business activities and the collection of personal information within a specific environmental or cultural information management system to which ESS’s privacy policy applies.

How do we collect your personal information? 

We collect your personal information directly from you unless it is unreasonable or impracticable to do so. When collecting personal information from you, we may collect in ways including:

  • through your access and use of our website or email enquiries;
  • during conversations between you and our representatives; or
  • in the course of providing you with a service. 

We may also collect personal information from third parties including: 

  • project partners n the course of providing you with a service.
  • other government entities).

Website and Information Management System Use

In some cases we may also collect your personal information through the use of cookies. When you access our website, we may send a “cookie” (which is a small summary file containing a unique ID number) to your computer. This enables us to recognise your computer and greet you each time you visit our website without bothering you with a request to register. It also enables us to keep track of products or services you view so that, if you consent, we can send you news about those products or services. We also use cookies to measure traffic patterns, to determine which areas of our website have been visited and to measure transaction patterns in the aggregate. We use this to research our users’ habits so that we can improve our online products and services. Our cookies do not collect personal information.  Cookies are also used for technical purposes including those designed to enhance the user experience, such as information about last map viewed and which layers the client wishes to be visible. If you do not wish to receive cookies, you can set your browser so that your computer does not accept them.

We ESS may log IP addresses (that is, the electronic addresses of computers connected to the internet) to analyse trends, administer the website, track users movements, and gather broad demographic . More specifically, when users to our website and/or systems are logged in, we track requests for web pages, the time of access, and the client browser details. In addition, we keep a history of changes made by logged in users, in order to enhance user experience by enabling users to return to previous versions when needed.

ESS uses Google Analytics to monitor website use and may from time to time also use other website analytics tools.

What happens if we can’t collect your personal information?

If you do not provide us with the personal information described above, some or all of the following may happen:

  • we may not be able to provide the requested products or services to you, either to the same standard or at all; 
  • we may not be able to provide you with information about products and services that you may want; or 
  • we may be unable to tailor the content of our websites to your preferences and your experience of our websites may not be as enjoyable or useful. 

For what purposes do we collect, hold, use and disclose your personal information?

We collect personal information about you so that we can perform our business activities and functions and to provide best possible quality of customer service. 

We collect, hold, use and disclose your personal information for the following purposes:

  • to provide products and services to you and to send communications requested by you; 
  • to answer enquiries and provide information or advice about existing and new products or services; 
  • to provide you with access to protected areas of our website; 
  • to assess the performance of the website and to improve the operation of the website; 
  • to conduct business processing functions including providing personal information to our related bodies corporate, contractors, service providers or other third parties; 
  • for the administrative, marketing (including direct marketing), planning, product or service development, quality control and research purposes of Environmental Systems Solutions, its related bodies corporate, contractors or service providers;
  • to update our records and keep your contact details up to date; 
  • to process and respond to any complaint made by you; and 
  • to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority of any country (or political sub-division of a 

Your personal information will not be shared, sold, rented or disclosed other than as described in this Privacy Policy.

To whom may we disclose your information? 

We may disclose your personal information to: 

  • our employees, related bodies corporate, contractors or service providers for the purposes of operation of our website or our business, fulfilling requests by you, and to otherwise provide products and services to you including, without limitation, web hosting providers, IT systems administrators, mailing houses, couriers, payment processors, data entry service providers, electronic network administrators, debt collectors, and professional advisors such as accountants, solicitors, business advisors and
  • suppliers and other third parties with whom we have commercial relationships, for business, marketing, and related purposes; and 
  • any organisation for any authorised purpose with your express consent. 

Direct marketing materials 

We may send you direct marketing communications and information about our products and services that we consider may be of interest to you. These communications may be sent in various forms, including through social media, mail, SMS, fax and email, in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth). If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so. We will only include you in direct marketing with your prior consent. In addition, at any time you may opt-out of receiving marketing communications from us by contacting us (see the details below) or by using opt-out facilities provided in the marketing communications and we will then ensure that your name is removed from our mailing list. 

We do not provide your personal information to other organisations for the purposes of direct . 

How can you access and correct your personal information? 

You may request access to any personal information we hold about you at any time by contacting us (see the details below).

Where we hold information that you are entitled to access, we will try to provide you with suitable means of accessing it (for example, by mailing or emailing it to you) within a reasonable time.

There may be instances where we cannot grant you access to the personal information we hold. For example, we may need to refuse access if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality. If that happens, we will give you written reasons for any refusal. 

If you believe that personal information we hold about you is incorrect, incomplete or inaccurate, then you may request us to amend it. We will consider if the information requires amendment. If we do not agree that there are grounds for amendment then we will add a note to the personal information stating that you disagree with it.

What is the process for complaining about a breach of privacy?

If you believe that your privacy has been breached, please contact us using the contact information below and provide details of the incident so that we can investigate it.

We will ensure our procedure for investigating and dealing with privacy breaches is carried out according to our data breach response plan and complies with the notifiable breach requirements of the Act. Further information on our data breach response plan can be requested from our Privacy .

Do we disclose your personal information to anyone outside Australia?

We may disclose personal information to any related bodies corporate, project partners and third party suppliers and service providers located overseas for some of the purposes listed above.

We take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information.

Note that as of July 2018 ESS does not undertake any activities that would require compliance with the European General Data Protection Regulations (GDPR). The need for compliance with the GDPR will be kept under review should ESS offer goods or services to, or monitor the behaviour of, European Union data subjects.


We take reasonable steps to ensure your personal information is protected from misuse and loss and from unauthorised access, modification or disclosure. We may hold your information in either electronic or hard copy form. Personal information is destroyed or de-identified when no longer needed. 

As our website is linked to the internet, and the internet is inherently insecure, we cannot provide any assurance regarding the security of transmission of information you communicate to us online. We also cannot guarantee that the information you supply will not be intercepted while being transmitted over the internet. Accordingly, any personal information or other information which you transmit to us online is transmitted at your own risk.


Our website may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third party website and we are not responsible for the privacy policies or the content of any third party website. Third party websites are responsible for informing you about their own privacy practices.

Contacting us

If you have any questions about this privacy policy, any concerns or a complaint regarding the treatment of your privacy or a possible breach of your privacy, please use the contact link on our website or contact our Privacy Officer using the details set out below.

We will treat your requests or complaints confidentially. Our representative will contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in timely and appropriate manner.

Please contact our Privacy Officer at:

Privacy Officer

PO Box 324, Essendon, Victoria 3040, Australia

Telephone: +61 3 9014 7114

Email: ([email protected])

 Changes to our privacy policy

We may change this privacy policy from time to time. Any updated versions of this privacy policy will be posted on our website.

This privacy policy was last updated on 1 July 2018.  

To learn more

For further information about the Privacy Act 1988 (Cth) and the privacy laws of other Australian States and Territories consult the Office of the Australian Information Commissioner: 

The full text of the Privacy Act 1988 (Cth) is available at

The Australian Privacy Principles on which this policy is based are set out in Schedule 1 to that Act. Make sure to always consult the most recent version of the Act as legislation is amended from time to time.

Back to top