Employee Learning, General Knowledge & Publications Platform (Sustainable Energy Resources)
McKercher Corporation Pty Ltd (ACN 164 130 581) trading as McKercher Corporation (the Company, we, us, our)
Effective: December 2025 | Version: 5.12.1
This Privacy Policy explains how we collect, hold, use, disclose, and protect personal information when you access or use our employee-facing website / intranet platform hosting sustainable energy industry publications and learning resources (the Platform).
We are committed to handling personal information in accordance with applicable privacy laws, including the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) (where they apply).
1.1 This Privacy Policy applies to personal information we collect through the Platform and related interactions (for example, support requests or training administration).
1.2 By using the Platform, you consent to the collection, use, and disclosure of personal information as described in this Privacy Policy.
1.3 This Privacy Policy should be read together with our Website Terms and Conditions and any internal IT/security policies notified to you.
2.1 Personal information has the meaning given in the Privacy Act and generally includes information or an opinion about an identified individual, or an individual who is reasonably identifiable. OAIC
2.2 Sensitive information is a subset of personal information that attracts higher protections under Australian privacy law and may include (for example) health information and certain other categories.
3.1 The Privacy Act contains an employee records exemption that may apply to certain handling of employee records by private sector employers, in certain circumstances. OAIC
3.2 Even where the exemption may apply, we aim to handle employee-related personal information responsibly and consistently with good privacy practice, and we apply security safeguards described in this policy.
3.3 This Privacy Policy does apply to personal information we collect about individuals who are not employees (for example, contractors, invited industry professionals, or other Authorised Users), and to employee information where the exemption does not apply.
4.1 The types of personal information we may collect include:
(a) Identity and contact details: name, work email, job title, employer/entity within the McKercher Group, phone number, workplace location.
(b) Account and authentication data: username, password hash, multi-factor authentication status, access logs, role-based permissions.
(c) Platform usage data: pages viewed, publications accessed, downloads, time stamps, device/browser information, IP address, session identifiers.
(d) Learning and training records (if enabled): module enrolments, completion status, assessment results, certifications, CPD logs.
(e) Support and communications: helpdesk tickets, enquiries, correspondence, and feedback.
(f) Payment information (if paid services are enabled): payment status, invoices/receipts, transaction references (note: card details are handled as set out in clause 9).
4.2 We generally do not seek to collect sensitive information via the Platform. If sensitive information is required for a specific purpose (for example, compliance training tied to HSEQ requirements), we will collect it only where lawful and with appropriate notice/consent (or as otherwise permitted by law).
5.1 We collect personal information in the following ways:
(a) Directly from you, when you register, update your profile, complete learning activities, submit feedback, or contact support.
(b) Automatically, when you use the Platform (for example, via logs, cookies, and analytics described in clause 8).
(c) From your employer / McKercher Corporation, where account provisioning is managed centrally (for example, via HR systems or identity providers), to enable Platform access and role-based permissions.
(d) From third parties, where required to operate the Platform (for example, identity providers, hosting providers, or learning management tools), subject to appropriate safeguards.
5.2 Unsolicited information: If we receive personal information we did not request, we will determine whether we could have collected it lawfully and, if not, we will destroy or de-identify it where permitted and practicable.
6.1 We collect, hold, and use personal information to:
(a) provide and administer the Platform, including account creation, authentication, and access control;
(b) deliver publications and educational resources and personalise your learning experience (where enabled);
(c) administer learning pathways, assessments, certifications, and compliance records (where enabled);
(d) maintain security, prevent misuse, and monitor for unauthorised access;
(e) respond to enquiries, provide support, and manage requests;
(f) improve the Platform, content library, and user experience;
(g) meet legal and regulatory obligations and manage risk (including audit and incident response); and
(h) communicate Platform updates, service notices, and—where you have opted in or it is otherwise lawful—training updates or promotional material related to the Platform.
6.2 We may use de-identified and aggregated data (which does not identify you) for reporting, analytics, and platform improvement.
7.1 We may disclose personal information to entities within the McKercher Corporation and to third-party service providers we use to operate the Platform and business systems, including:
Platform / IT and collaboration
- Google Workspace (Google Drive and Gmail/email services) and related administration features. Google Workspace offers “data regions” controls for certain editions/configurations. Google Workspace+1
- Cloudways (managed hosting for the Platform). Cloudways provides managed hosting using major cloud infrastructure providers and allows selection of server/data centre locations depending on configuration. Cloudways+1
Business operations systems (may be linked to user administration and reporting)
- monday.com (CRM/workflows). monday.com describes multiple data regions (including Asia Pacific/Australia) and hosts customer account data in the region assigned to the account. monday.com+1
- ServiceM8 (field reporting/workflows). ServiceM8 states its platform uses AWS infrastructure and backups to Amazon S3 in multiple locations. ServiceM8 Help+1
- Xero (accounting/invoicing/finance administration). Xero’s privacy notice and data processing terms outline how it processes personal data and provide safeguards for cross-border processing/transfer. Xero+1
- Timecloud (jointimecloud.com) (time & attendance/workforce management). Timecloud’s terms indicate the service may involve “Service Data” including personal information and (depending on features used) biometric and payroll-related data. Timecloud Workforce Management+1
7.2 Higher-risk workforce data (where applicable): Some operational systems (particularly time & attendance) may involve additional categories of personal information (e.g., payroll identifiers, work eligibility/visa details, or biometric identifiers if your business enables biometric time clocks). Timecloud Workforce Management
7.3 We do not sell personal information.
7.4 We may also disclose personal information to professional advisers (lawyers/auditors/insurers), regulators, law enforcement, or transaction counterparties where required or authorised by law.
8.1 Some providers we use may store or process personal information outside Australia, depending on configuration, support operations, and account region settings. For example, monday.com supports different data regions, including APAC (Australia), the US and the EU, with the account’s region affecting where customer data is stored. Monday Support+1
8.2 Google Workspace offers controls and reporting relating to data region settings for certain editions/configurations. Google Help+1
8.3 ServiceM8 states that backups are stored across multiple locations globally on Amazon S3 infrastructure. ServiceM8 Support
8.4 What we do: We take reasonable steps to ensure overseas recipients handle personal information consistently with Australian privacy requirements (including contractual protections and security controls), except where an exception applies under the APPs.
8.5 Locations: Personal information may be stored/processed in Australia, the EU, Singapore and the United States. Purchased system hardware account information is manufacturer-specific.
9.1 If the Platform offers paid services, payments may be processed by a third-party payment provider.
9.2 We do not store full credit card details on our systems. Any card details are collected and processed by the payment provider and handled in accordance with their terms and privacy practices.
10.1 We use cookies and similar technologies to:
(a) maintain sessions and authentication,
(b) improve security,
(c) remember preferences, and
(d) understand usage to improve the Platform.
10.2 Our servers record information such as IP address, device and browser type, access times, pages visited, and actions taken on the Platform for security and support purposes.
10.3 You can usually modify your browser settings to control cookies. If you disable cookies, parts of the Platform may not work properly.
10.4 Analytics tools: We may use analytics providers to help understand usage patterns, such as Google Analytics.
11.1 We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure, including via access controls, encryption (where appropriate), monitoring, and staff training.
11.2 No method of transmission over the internet is completely secure; however, we maintain and review our safeguards in light of current technologies and risks.
11.3 We retain personal information only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law (for example, audit, legal, or compliance obligations). We then take reasonable steps to delete or de-identify it.
12.1 If we become aware of a suspected data breach, we will assess it and respond in accordance with our incident response processes.
12.2 Where required under the Notifiable Data Breaches (NDB) scheme, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) about eligible data breaches. OAIC+1
13.1 You may request access to personal information we hold about you and request corrections if you believe it is inaccurate, out of date, incomplete, irrelevant, or misleading.
13.2 We will respond to access and correction requests within a reasonable time and may need to verify your identity before processing the request.
13.3 We may refuse access in limited circumstances permitted by law. If we refuse, we will provide reasons (where permitted) and explain complaint options.
14.1 Where practicable, you may interact with us anonymously or using a pseudonym. However, because the Platform is access-controlled and used for learning and security purposes, it is generally not practicable to provide Platform access anonymously.
15.1 We may send Platform-related updates (service notices, security notifications, changes to content library or training features).
15.2 If we send direct marketing communications (for example, optional learning updates), you can opt out at any time by using the unsubscribe function (if available) or contacting us using the details in clause 17.
15.3 We do not send marketing to external individuals unless they have consented or it is otherwise lawful.
16.1 The Platform may contain links to third-party websites or resources. We are not responsible for the privacy practices of those third parties. You should review their privacy policies before providing personal information.
17.1 If you have a question, request, or complaint about this Privacy Policy or our handling of personal information, contact:
Privacy Officer (McKercher Corporation Pty Ltd)
Email: pr*****@******************on.com
Phone: 08 6171 4111
Address: 3/90, Discovery Drive, Bibra Lake, Western Australia, 6163
17.2 We will acknowledge privacy complaints within 3 business days and aim to resolve them within 5-10 business days.
17.3 If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC). OAIC