Privacy Policy

Purpose

CredEntry Pty Ltd (“CredEntry”, “we”, “us”, “our”) is committed to protecting personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy explains how we collect, use, store, and disclose personal information in connection with our systems and services.

Scope

This policy applies to all CredEntry platforms, products, and services, including identity and credential verification, access management systems, and client-integrated solutions. It applies to all personal and sensitive information we handle, including that processed through third-party integrations or biometric verification components.

Our Commitment to Privacy

CredEntry supports the Australian Privacy Principles and chooses to operate transparently and securely. We handle personal and sensitive information only as required to deliver our services, under lawful and fair means, and consistent with the expectations of our clients and users.

Information We Collect

We may collect the following types of information when providing our services:

• Personal Information: name, contact details, address, email, date of birth, identification numbers, and employment details.

• Sensitive Information: biometric data (e.g., facial image templates), medical information, criminal background checks, and other compliance documentation as required by clients.

• System and usage data: log information, timestamps, IP addresses, device type, and session metadata collected automatically during use of our services.

How We Collect Information

We collect personal information directly from individuals through online forms, client systems, or communications such as email or phone. We may also receive information from authorised third parties such as employers, training providers, medical services, or background check agencies where permitted by law or consented to.

Use of Smart Access and Verification Systems

We provide digital access and verification systems that may include identity, credential, or biometric verification features to assist clients in managing site access and compliance. Where these systems process images or biometric data, information is handled securely, stored in encrypted form, and retained only as long as required to fulfil the verification purpose in accordance with privacy laws. CredEntry acts as a data processor, operating strictly under client instructions, and clients remain responsible for determining the lawful basis and retention periods for any biometric information processed.

How We Use Information

We use personal information to:

• Verify identity and credentials for site access and compliance.

• Create and manage user profiles within our systems.

• Communicate regarding service updates or support.

• Improve system functionality and user experience.

• Comply with legal and regulatory obligations.

Sensitive information is used only for the purpose for which it was collected or as otherwise permitted by law.

Disclosure of Information

We disclose personal information only:

• To the client or organisation authorising access to their site or system.

• To third parties that verify credentials or provide related services under contractual obligation.

• As required by law or regulatory authority.

Where personal data is stored or processed by trusted third-party providers,all storage remains encrypted and within Australian data centres.

CredEntry does not sell, rent, or share personal information for marketing purposes.

Security of Information

We maintain administrative, technical, and physical safeguards to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure.

No system is completely secure, but we continually review our measures to maintain industry-standard protection.

Retention and Erasure of Information

We retain personal information only for as long as necessary to provide services or meet legal obligations. Users may request deletion of their account or information by contacting us. Deleted data may remain in secure backups for a limited time before being fully purged.

Accuracy, Access and Correction

We take reasonable steps to ensure that the information we hold is accurate, complete, and up to date. Individuals may request access to or correction of their information at any time by contacting us at info@credentry.com.au. Access may be limited only in circumstances permitted by law.

Complaints and Feedback

We are committed to resolving privacy-related concerns promptly and fairly. If you believe we have breached this policy or the APPs, please contact our Security & Compliance Officer at info@credentry.com.au.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

Policy Review and Updates

This policy is reviewed annually, or earlier if significant technological or regulatory changes occur. The latest version is published on our website at www.credentry.com.au/privacy.Your continued use of our services after updates constitutes acceptance of the revised policy.

Last Updated: December 2025