Privacy Policy
Last updated: 25 March 2026
9001 Plus Consulting Group (“we”, “us”, “our”) operates the website 9001.plus. This Privacy Policy explains how we collect, use, disclose, and protect personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where applicable, we also comply with the European Union General Data Protection Regulation (GDPR).
By using our website or engaging our services, you consent to the practices described in this policy.
1. Information We Collect
Information you provide directly
When you interact with us through our website, you may provide us with the following personal information:
- Contact form submissions: Your name, email address, phone number, company name, and any details you include in your message.
- Management System Self-Assessment Tool: Your responses to assessment questions, your name, email address, and company details submitted alongside your assessment.
- Email correspondence: Any personal information you include when you email us at info@9001.plus.
- Engagement and consulting: Business and organisational information shared during consulting engagements, including company structure, personnel names, roles, and operational data relevant to management system design and implementation.
Information collected automatically
When you visit our website, we may automatically collect:
- Device and browser information: Browser type and version, operating system, screen resolution, and device type.
- Usage data: Pages visited, time spent on pages, referring URLs, and click activity.
- IP address and approximate location: Used for analytics purposes and to understand our audience geographically.
- Cookies and similar technologies: See Section 6 below.
2. How We Use Your Information
We use the personal information we collect for the following purposes:
- To respond to your enquiries and communicate with you about our services.
- To deliver your personalised self-assessment results and action plan.
- To provide consulting services you have engaged us to perform.
- To send you information about our services where you have consented or where we have a legitimate business relationship with you.
- To improve our website, content, and services based on usage patterns.
- To comply with legal obligations and protect our legitimate business interests.
We do not use your personal information for automated decision-making or profiling.
3. How We Share Your Information
We do not sell, rent, or trade your personal information to third parties.
We may share your information in the following limited circumstances:
- Service providers: We may share information with third-party service providers who assist us in operating our website, hosting our data, delivering email communications, or providing analytics. These providers are contractually required to handle your information in accordance with this policy and applicable privacy laws.
- Certification bodies: During consulting engagements, we may coordinate with your chosen certification body as part of the certification process. We will only share information necessary for this purpose and with your knowledge.
- Legal requirements: We may disclose your information where required by law, regulation, legal process, or enforceable government request.
- Business transfers: In the event of a merger, acquisition, or sale of business assets, your information may be transferred as part of that transaction. We will notify you of any such change.
4. Data Storage and Security
Your personal information is stored on secure servers located in Australia. Where third-party service providers store data outside Australia, we take reasonable steps to ensure those providers comply with the APPs or are subject to substantially similar privacy protections.
We implement reasonable technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include encrypted data transmission (SSL/TLS), access controls, and regular security reviews.
No method of transmission or storage is completely secure. While we strive to protect your personal information, we cannot guarantee absolute security.
5. Your Rights
Rights under Australian Privacy Law
Under the Australian Privacy Principles, you have the right to:
- Access the personal information we hold about you.
- Request correction of any inaccurate, incomplete, or out-of-date information.
- Request deletion of your personal information, subject to any legal obligations we have to retain it.
- Opt out of receiving marketing communications at any time by contacting us or using the unsubscribe mechanism in any email.
- Lodge a complaint if you believe we have breached the APPs (see Section 9).
Additional rights for individuals in the European Economic Area (EEA)
If you are located in the EEA, you have additional rights under the GDPR. See Section 11 below.
To exercise any of your rights, contact us using the details in Section 10.
6. Cookies and Tracking Technologies
Our website uses cookies — small text files stored on your device — to improve your browsing experience and help us understand how visitors use our site.
Cookies we use
| Type | Purpose | Duration |
|---|---|---|
| Essential cookies | Required for the website to function (e.g., session management, security) | Session |
| Analytics cookies | Help us understand visitor behaviour and improve our website (e.g., Google Analytics) | Up to 2 years |
| Functional cookies | Remember your preferences (e.g., cookie consent choice) | Up to 1 year |
Managing cookies
You can control or delete cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when a cookie is being set. Note that disabling cookies may affect the functionality of some parts of our website.
Google Analytics
We use Google Analytics to collect anonymised usage data. Google Analytics uses cookies to track visitor interactions. This data is processed in accordance with Google’s privacy policy. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
7. Third-Party Links
Our website may contain links to third-party websites, including certification body websites, industry resources, and social media platforms. We are not responsible for the privacy practices or content of those websites. We encourage you to read the privacy policies of any third-party site you visit.
8. Data Retention
We retain personal information only for as long as necessary to fulfil the purposes described in this policy, or as required by law. Specifically:
- Contact form enquiries: Retained for the duration of any resulting business relationship, plus 2 years.
- Self-assessment data: Retained for 2 years from submission, unless you engage our services, in which case it is retained for the duration of the engagement plus 2 years.
- Consulting engagement records: Retained for 7 years from the end of the engagement, consistent with Australian business record-keeping requirements.
- Analytics data: Retained in anonymised/aggregated form and not linked to identifiable individuals.
You may request earlier deletion of your personal information at any time (see Section 5).
9. Complaints
If you believe we have breached the Australian Privacy Principles, you may lodge a complaint by contacting us using the details in Section 10. We will acknowledge your complaint within 5 business days and aim to resolve it within 30 business days.
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
- Website: www.oaic.gov.au
- Phone: 1300 363 992
- Email: enquiries@oaic.gov.au
10. Contact Us
If you have any questions about this Privacy Policy, wish to access or correct your personal information, or want to make a complaint, contact us at:
9001 Plus Consulting Group 145 Commonwealth Street Sydney, NSW 2010 Australia
Email: info@9001.plus
11. Information for Individuals in the European Economic Area (GDPR)
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the following additional provisions apply to you under the General Data Protection Regulation (GDPR).
Data controller
9001 Plus Consulting Group is the data controller responsible for your personal information. Contact details are provided in Section 10.
Legal basis for processing
We process your personal information on the following legal bases:
- Consent: Where you have given clear consent for us to process your personal information for a specific purpose, such as submitting a contact form or completing our self-assessment tool. You may withdraw consent at any time by contacting us.
- Contractual necessity: Where processing is necessary to perform a contract with you or to take steps at your request before entering into a contract, such as delivering consulting services you have engaged.
- Legitimate interests: Where processing is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. Our legitimate interests include responding to enquiries, improving our website, and marketing our services to existing business contacts.
- Legal obligation: Where processing is necessary to comply with a legal obligation to which we are subject.
Your rights under the GDPR
In addition to the rights described in Section 5, individuals in the EEA have the following rights:
- Right to erasure: You may request that we delete your personal information where there is no compelling reason for its continued processing.
- Right to restrict processing: You may request that we restrict processing of your personal information in certain circumstances, such as where you contest the accuracy of the data.
- Right to data portability: You may request a copy of your personal information in a structured, commonly used, and machine-readable format, and request that we transmit it to another data controller where technically feasible.
- Right to object: You may object to processing of your personal information based on our legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
- Right to withdraw consent: Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.
- Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with the data protection authority in your country of residence. A list of EEA supervisory authorities is available at ec.europa.eu/justice/data-protection/bodies/authorities.
International data transfers
Your personal information may be transferred to and stored in Australia, which the European Commission has not assessed for adequacy under GDPR. Where we transfer personal information from the EEA to Australia or other countries outside the EEA, we rely on appropriate safeguards including standard contractual clauses approved by the European Commission to ensure an adequate level of protection for your data.
Cookies and consent (EEA visitors)
For visitors located in the EEA, we will obtain your consent before placing non-essential cookies on your device, in accordance with the ePrivacy Directive. You may withdraw cookie consent at any time through your browser settings.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any changes will be posted on this page with an updated “Last updated” date. We encourage you to review this policy periodically.
This Privacy Policy is provided for informational purposes and does not constitute legal advice. We recommend consulting a qualified legal professional to ensure your privacy practices comply with all applicable laws and regulations.