top of page
Search

Privacy Policy

Updated: Mar 12


Ascend GRC is committed to protecting the privacy and confidentiality of personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy outlines how we collect, use, disclose, and safeguard personal information.
Ascend GRC Privacy Policy

Privacy Policy


1. Purpose

Ascend GRC is committed to protecting the privacy and confidentiality of personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy outlines how we collect, use, disclose, and safeguard personal information.


2. Scope

This policy applies to all employees, contractors, board members, volunteers, clients, and third parties who handle personal information on behalf of Ascend GRC.


3. Definitions

  • Personal Information: Information or opinions about an individual that can identify them, including name, contact details, and financial information.

  • Sensitive Information: Personal information related to race, religion, health, or political beliefs, requiring higher protection.

  • Data Breach: Unauthorised access, disclosure, or loss of personal information.


4. Policy Statement

Ascend GRC is dedicated to:

  • Lawful & Fair Collection: Collecting personal information only when necessary and with consent.

  • Data Integrity & Security: Ensuring accurate and secure storage of personal information.

  • Transparency: Informing individuals about how their information is used and their rights.

  • Restricted Access: Limiting data access to authorised personnel only.

  • Timely Response to Privacy Concerns: Addressing complaints and data breach incidents promptly.


5. Collection & Use of Personal Information

Ascend GRC collects personal information for:

  • Enrolling individuals in training programs and certifications.

  • Conducting advisory and consulting services.

  • Processing payments and managing subscriptions.

  • Communicating research, reports, and industry updates.

  • Complying with legal and regulatory obligations.


6. Data Security Measures

  • Encryption & Access Controls: Protecting digital records with encryption and authentication.

  • Secure Storage: Maintaining both physical and electronic security for records.

  • Third-Party Agreements: Ensuring service providers comply with privacy laws.

  • Incident Response Plan: Handling data breaches as per the Notifiable Data Breach (NDB) scheme.


7. Disclosure of Personal Information

Ascend GRC will not share personal information without consent, except where:

  • Required by law or regulatory bodies.

  • Necessary for delivering services (e.g., IT support, payment processing).

  • There is a risk to public safety or legal obligation to disclose.


8. Individual Rights & Complaints

Individuals have the right to:

  • Access and correct their personal information.

  • Request deletion of their data where legally permissible.

  • Lodge complaints regarding privacy breaches via compliance@ascendgrc.org


9. Related Legislation & Standards

  • Privacy Act 1988 (Cth) & Australian Privacy Principles (APPs).

  • Notifiable Data Breach (NDB) scheme.

  • ISO 27001: Information Security Management.


10. Review & Approval

This policy will be reviewed annually by the Board of Directors to ensure ongoing compliance and relevance.



11. Contact Information

For queries regarding this policy, please contact:

Ascend GRC Compliance Team

bottom of page