PRIVACY POLICY

Effective Date: May 2025

This Privacy Policy explains how Sheerline Group collects, uses, and protects your personal information. We are committed to handling your information in accordance with the Australian Privacy Principles.
If you have questions, please contact our Privacy Officer at privacy@sheerline-group.com.

Sheerline Group

Sheerline Holdings Pty Ltd, trading as Sheerline Group, and its subsidiary Sheerline Solutions Pty Ltd ABN 17 675 172 577 (together referred to as “Sheerline Group”, “we”, “us”, or “our”), is committed to protecting the privacy of personal information in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) and associated legislation.

SCOPE & APPLICATION

This policy applies to all personal information collected, used, stored, and disclosed by Sheerline Group in relation to clients, employees, contractors, suppliers, business partners, and visitors.

DEFINITIONS

Personal information: Refers to details that identify an individual or could reasonably identify them.

Sensitive information: May be required to be collected in some circumstances such as health data, racial or ethnic origin, religious beliefs, union membership, criminal records, and other protected categories. Sensitive information is only collected when necessary for business purposes and, where possible, with the individual's consent.

Data Breach: Unauthorised access to, disclosure of, or loss of personal information.

Consent: Voluntary agreement to the handling of personal information, which may be express or implied.

All information collected will be used and disclosed by Sheerline Group only in accordance with this policy and the law. Sheerline Group will take reasonable steps to ensure that all personal information is held securely.

TYPES OF PERSONAL INFORMATION COLLECTED

Client Information

We collect and hold the following client information:

  • Identity information (name, date of birth, gender)

  • Contact details (residential address, email addresses, telephone numbers)

  • Government identifiers (passport details, driver's licence, visa information)

  • Financial information (bank account details, credit card information, payment records)

  • Vessel information (yacht registration, specifications, ownership details)

  • Project specifications and preferences

  • Photographic and video records that may include individuals

  • Communication records and correspondence

Employee and Contractor Information

We collect and hold the following workforce information:

  • Identity and contact information

  • Tax file numbers and superannuation details

  • Bank account information

  • Employment history and qualifications

  • Performance management records

  • Work health and safety records

  • Emergency contact details

  • Security clearance information (where applicable)

  • Professional memberships and certifications

Supplier & Business Partner Information

We collect and hold the following business information:

  • Business name and Australian Business Number (ABN)

  • Contact person details

  • Banking and payment information

  • Insurance and certification documentation

  • Performance and compliance records

  • Contractual documentation

Visitor Information

We collect and hold the following visitor information:

  • Name and contact details

  • Organisation represented

  • Purpose and duration of visit

  • Vehicle registration details

  • Closed-circuit television (CCTV) footage

Sensitive Information

We only collect sensitive information where:

  • The individual has consented to the collection

  • Collection is required or authorised by law

  • Collection is necessary for employment purposes

  • Collection is necessary for legal proceedings

COLLECTION METHODS

Direct Collection

We primarily collect personal information directly from individuals through:

  • Application and registration forms

  • Contracts and agreements

  • Email, telephone, and video communications

  • Our website and online portals

  • Face-to-face meetings and consultations

  • Microsoft 365 platforms (Teams, SharePoint, Outlook)

Indirect Collection

We may collect personal information from third parties including:

  • Referral partners and agents

  • Marine brokers and surveyors

  • Previous employers (with consent)

  • Recruitment agencies

  • Credit reporting agencies

  • Government agencies

  • Professional advisors

Collection Notices

When collecting personal information, we will take reasonable steps to notify individuals of:

  • Our identity and contact details

  • The purposes of collection

  • The consequences if information is not provided

  • Third parties to whom information may be disclosed

  • How to access our Privacy Policy

  • How to access and correct personal information

USE & DISCLOSURE OF PERSONAL INFORMATION

Primary Purposes of Use

We use personal information for the following primary purposes:

  • Providing marine manufacturing, refit, and repair services

  • Managing client relationships and projects

  • Processing payments and maintaining financial records

  • Managing employment and contractor relationships

  • Ensuring workplace health, safety, and security

  • Complying with legal and regulatory obligations

  • Managing insurance and risk

Secondary Purposes of Use

We may use personal information for secondary purposes including:

  • Improving products and services

  • Marketing and business development (with consent)

  • Internal business analysis and reporting

  • Managing disputes and legal proceedings

  • Meeting future defence industry requirements

Disclosure to Third Parties

We may disclose personal information to:

Service Providers

  • Cloud service providers (including Microsoft Corporation for Microsoft 365 services)

  • Accounting and financial services (including Xero Limited)

  • Professional advisors (lawyers, accountants, consultants)

  • Insurance companies and brokers

  • Marine classification societies and surveyors

Regulatory & Government Bodies

  • Australian Taxation Office

  • Australian Maritime Safety Authority

  • Australian Securities and Investments Commission

  • Fair Work Commission

  • Office of the Australian Information Commissioner

  • State and Federal Police (when required by law)

  • Department of Defence (for security clearances)

Other Third Parties

  • Subcontractors engaged on projects (with consent)

  • Financial institutions for payment processing

  • Debt collection agencies (if required)

  • Prospective purchasers of business assets

Cross-Border Disclosure

Personal information may be disclosed to recipients in the following countries:

  • United Kingdom (remote workforce and service providers)

  • United States of America (cloud storage providers)

  • Other countries where our cloud service providers maintain servers

We ensure appropriate safeguards are in place for international transfers in accordance with Australian Privacy Principle 8.

DATA QUALITY & SECURITY

Data Quality

We take reasonable steps to ensure personal information we collect is:

  • Accurate, up-to-date, and complete

  • Relevant to the purposes for which it is collected

  • Not excessive for the stated purposes

Security Measures

We protect personal information through:

Technical Controls

  • Multi-factor authentication systems

  • Encryption of data at rest and in transit

  • Regular security patches and updates

  • Access control and privilege management systems

  • Intrusion detection and prevention systems

  • Regular backup and recovery procedures

  • Data loss prevention technologies

Administrative Controls

  • Information security policies and procedures

  • Confidentiality and non-disclosure agreements

  • Incident response and breach notification procedures

  • Regular security audits and assessments

  • Vendor security assessments

Physical Controls

  • Secured facility access controls

  • CCTV monitoring systems

  • Clean desk and clear screen policies

  • Secure document disposal services

  • Visitor management procedures

Retention & Disposal

We retain personal information in accordance with:

  • Legal and regulatory requirements

  • Business and operational needs

  • Industry best practices

Standard retention periods include:

  • Client records: Seven (7) years after last service

  • Employee records: Seven (7) years after employment cessation

  • Financial records: Seven (7) years

  • Marine construction documentation: 10 years

  • CCTV footage: 7-30 days unless required for investigation

  • Unsuccessful employment applications: 12 months

INDIVIDUAL RIGHTS

Right of Access

Individuals have the right to request access to personal information we hold about them. Access requests should be made in writing to our Privacy Officer.

We will respond to access requests within 30 days and may charge reasonable costs for providing access to extensive records.

Right of Correction

Individuals have the right to request correction of personal information that is inaccurate, incomplete, out-of-date, irrelevant, or misleading.

Right to Object

Individuals may opt-out of:

  • Direct marketing communications

  • Non-essential uses of personal information

  • Certain disclosures to third parties

Exceptions to Access

We may refuse access to personal information where:

  • Providing access would pose a serious threat to life, health, or safety

  • Providing access would have an unreasonable impact on the privacy of others

  • The request is frivolous or vexatious

  • The information relates to legal proceedings

  • Providing access would be unlawful

  • Denial is required or authorised by law

DIRECT MARKETING

Consent Requirements

We only use personal information for direct marketing where:

  • The individual has consented

  • The individual would reasonably expect such use

  • We provide a simple opt-out mechanism

Opt-Out Procedures

Individuals may opt-out of direct marketing by:

  • Using the unsubscribe link in electronic communications

  • Contacting our Privacy Officer

  • Updating preferences in account settings

DATA BREACH MANAGEMENT

Breach Response

In the event of a data breach, we will:

  • Contain the breach and perform preliminary assessment

  • Evaluate the risk of serious harm

  • Notify affected individuals if required

  • Notify the Office of the Australian Information Commissioner if required

  • Review and strengthen security measures

Notification Procedures

If notification is required, we will notify affected individuals and the OAIC as soon as practicable, including information about:

  • The nature of the breach

  • The types of information involved

  • Recommendations for protective action

  • Our contact details for further information

RAISING CONCERNS OR COMPLAINTS

Any concerns or complaints regarding the handling of personal information should be directed to the Privacy Officer who will investigate and reply accordingly.

Internal Complaints Process

Privacy complaints should be directed to:

Privacy Officer
Sheerline Group
Office 31, 76-84 Waterway Drive, Coomera, Queensland 4209
Email: privacy@sheerline-group.com
Phone: +61 1300 757 700

We will acknowledge complaints within 48 hours and aim to resolve them within 30 days.

External Complaints

If dissatisfied with our response, complaints may be escalated to the Office of the Australian Information Commissioner (OAIC):

Office of the Australian Information Commissioner
Phone: 1300 363 992
Email: enquiries@oaic.gov.au
Website: www.oaic.gov.au

WEBSITE & ELECTRONIC COMMUNICATIONS

Cookies

Our website uses cookies to:

  • Maintain session security

  • Analyse website usage

  • Improve user experience

  • Remember user preferences

Analytics

We use analytics tools to collect information about website usage including:

  • Pages visited

  • Time spent on site

  • Referral sources

  • Device and browser information

Electronic Communications

Electronic communications may be monitored for:

  • Security purposes

  • Quality assurance

  • Legal compliance

  • Training purposes

POLICY ADMINISTRATION

Policy Review

This policy will be reviewed:

  • Annually at minimum

  • Upon significant legislative changes

  • Following any significant data breach

  • Upon material changes to business operations

Policy Updates

Updates to this policy will be communicated through:

  • Website publication

  • Email notification to active clients

  • Internal staff communications

  • Contractual notifications where required

CONTACT INFORMATION

Privacy Officer

For all privacy-related queries, requests, or complaints:

Privacy Officer
Sheerline Group
Office 31, 76-84 Waterway Drive, Coomera, Queensland 4209
Email: privacy@sheerline-group.com
Phone: +61 1300 757 700
Website: www.sheerline-group.com

Business Hours
Monday to Friday: 7:00 AM - 5:00 PM AEST
Excluding public holidays