Legal
Privacy Policy
Last updated: 6 July 2026
Credential Systems Pty Ltd (“we,” “us,” or “our”) operates www.credpass.com.au (the “Site”). We are committed to protecting your privacy and handling your personal information in an open and transparent way, in line with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth).
This policy explains how we collect, hold, use, and disclose personal information you provide when you submit the contact form on our Site.
01What Personal Information We Collect
When you submit our contact form, we collect:
- Name
- Email address
We do not currently use cookies, analytics, or tracking technologies on this landing page.
02How We Collect Your Information
We collect personal information directly from you when you voluntarily complete and submit the contact form on our Site. We do not collect personal information by unlawful or unfair means.
03Why We Collect, Hold, and Use Your Information
We collect and use your personal information to:
- Respond to your enquiry or request
- Follow up with you regarding our products or services
- Maintain internal customer relationship management (CRM) records
- Send you direct marketing communications (e.g. updates, offers, newsletters), where you have consented or where permitted under the Spam Act 2003 (Cth)
Direct marketing (Spam Act 2003): If you provide your email address, we will only send you marketing messages if you have consented (including implied consent from your enquiry), and every marketing message will include a functional unsubscribe facility. You can opt out at any time. See Section 9.
04Who We Disclose Your Information To
We do not sell your personal information. We may disclose it to:
- Internal staff (e.g. sales or support) for the purpose of responding to your enquiry
- Third-party service providers, such as CRM or email marketing platforms, who process data on our behalf under confidentiality obligations
- Regulatory or law enforcement bodies, where required or authorised by law
05Storage, Hosting, and Overseas Disclosure
Personal information you submit through our contact form is stored in a database provided by Cloudflare, with its primary data location in Australia. We also store and process personal information using Microsoft 365, a cloud platform provided by Microsoft. We are in the process of confirming our Microsoft 365 data residency settings, and this policy will be updated once this is finalised.
Microsoft, as a global provider, may in some circumstances process limited data (such as diagnostic, backup, or support data) outside Australia as part of its standard service operations, in accordance with Microsoft’s own privacy and data protection commitments. Where any of your personal information is disclosed to an overseas recipient, we take reasonable steps to ensure it is handled consistently with the Australian Privacy Principles, as required by APP 8.
06Data Quality and Security
We take reasonable steps to ensure the personal information we hold is accurate, up to date, and complete, and to protect it from misuse, interference, loss, unauthorised access, modification, or disclosure. This includes reasonable technical and organisational security measures. No method of electronic storage or transmission is completely secure, and we cannot guarantee absolute security.
07Data Breach Notification
If we experience a data breach that is likely to result in serious harm to individuals whose personal information is involved, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches (NDB) scheme under the Privacy Act.
08Data Retention
We retain your personal information only for as long as necessary to fulfil the purposes described in this policy, or as required by law. Where information is no longer needed, we will take reasonable steps to destroy or de-identify it.
09Access, Correction, and Your Rights
Under the APPs, you have the right to:
- Request access to the personal information we hold about you
- Request correction of any inaccurate, out-of-date, or incomplete information
- Withdraw consent to direct marketing at any time (e.g. via the unsubscribe link in our emails, or by contacting us)
- Make a complaint about how we have handled your personal information
To exercise any of these rights, contact us using the details in Section 11.
10Complaints
If you believe we have breached the APPs or mishandled your personal information, please contact us first using the details below so we can attempt to resolve your concern. If you are not satisfied with our response, you may lodge a complaint with the OAIC:
- Website: www.oaic.gov.au
- Phone: 1300 363 992
11Contact Us
12Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. The updated version will be posted on this page with a revised “Last updated” date.