JOCES Privacy Policy (Australia)
Last updated: October 11, 2025
This Privacy Policy explains how Jo Civil Engineering Services Pty Ltd (ABN 40 658 327 041) collects, uses, discloses and protects personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Additional rights may apply under NSW privacy legislation for dealings with NSW public sector agencies.
1. What personal information we collect
The personal information we collect depends on how you interact with us and may include:
Identity and contact details: name, organisation, role, email, phone, postal address.
Business information: project details, development applications, tender or proposal information, scope of works, correspondence.
Website/usage data: IP address, device and browser type, pages viewed, timestamps, referral URLs, cookie identifiers, consent preferences and similar analytics data (see Cookie Policy).
Payment and invoicing: billing contact details, ABN/ACN, purchase order numbers (we do not store full credit card numbers on our systems).
Recruitment: CV, cover letter, qualifications, work history, referees and right‑to‑work information when you apply for a role.
Sensitive information: only where necessary and permitted by law (e.g. medical/adjustment information you choose to provide during recruitment or engagement). We will seek consent where required.
2. How we collect personal information
We collect personal information when you:
contact us, request a proposal, or engage us for services;
interact with our Site, emails, forms or client portals;
attend events or meet with us;
apply for a job or supply services to us; or
where permitted, from third parties (e.g. your organisation, public registers, government agencies, consultants, referees) and from publicly available sources.
3. Why we collect, use and disclose personal information
We handle personal information to:
provide, manage and improve our services and the Site;
respond to enquiries and communicate with clients, councils, consultants and partners;
prepare proposals, contracts, reports and deliverables;
comply with legal, regulatory and insurance obligations;
run analytics and measure Site performance (using cookies/online identifiers);
market our services (you can opt out of marketing at any time); and
recruit, onboard and manage personnel and suppliers.
4. Legal bases (EU/UK visitors)
While we are an Australian business, if you are in the EU/UK we rely on the following lawful bases under the GDPR/UK GDPR (as applicable): performance of a contract, legitimate interests (e.g. business operations, client communications and Site analytics), consent (for non‑essential cookies/marketing), and legal obligations.
5. Disclosing personal information
We may disclose personal information to:
our personnel and trusted contractors who help deliver our services;
clients, councils and authorities as required for project delivery;
professional advisers (lawyers, auditors, insurers), IT and cloud service providers;
payment processors and accounting platforms;
regulators, courts and law enforcement where required or authorised by law; and
any party with your consent or at your direction.
Some recipients may be located outside Australia (e.g. cloud hosting in other countries). Where we do so, we take reasonable steps to ensure appropriate privacy protections are in place.
6. Data retention
We retain personal information for as long as needed for the purposes described in this Policy or as required by law and our professional and insurance obligations. When no longer required, we take reasonable steps to destroy or de‑identify personal information.
7. Security
We implement reasonable physical, technical and administrative safeguards to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure. No system is perfectly secure. If you suspect a security issue, please contact us promptly.
8. Your rights
You may request access to the personal information we hold about you and ask us to correct it if inaccurate, out‑of‑date, incomplete, irrelevant or misleading. To make a request, contact us using the details below. We may need to verify your identity and may charge a reasonable fee where permitted by law.
9. Notifiable Data Breaches
If a data breach is likely to result in serious harm, we will assess, and where required, notify affected individuals and the Office of the Australian Information Commissioner (OAIC) under the Notifiable Data Breaches scheme.
10. Children
Our Site and services are directed to business and government audiences. We do not knowingly collect personal information from children under 16 without appropriate consent.
11. Marketing communications
We may send you updates about our services, events or insights. You can opt out at any time by using the unsubscribe link or contacting us.
12. Contact us
Privacy enquiries or requests: JOCES, Level 6, 150 George Street, Parramatta NSW, Australia or via the Site’s contact form. If you are not satisfied with our response, you may contact the OAIC for guidance.
13. Changes to this Policy
We may update this Policy from time to time. The latest version will be posted on the Site with the effective date.
