Privacy Policy

1. Introduction

Bluezone Infoseq International Pty Ltd ("we", "us", "our", or "Bluezone") operates Bluezone Academy (academy.bluezoneinfoseq.com), a professional ISO training platform. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website and services.

We are committed to protecting your privacy and complying with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). For users in the European Union or United Kingdom, we also comply with the General Data Protection Regulation (GDPR) and UK GDPR respectively.

By using our website and services, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy.

2. Information We Collect

2.1 Information You Provide

We collect information you voluntarily provide when using our services:

• Account Information: Name, email address, and password when you create an account
• Contact Form Information: Name, email address, phone number, job title, and company name when you submit enquiries through our contact form
• Course Enrollment Information: When enrolling in our courses, we collect your full name, email address, contact number, residential address, organisation name and address, highest educational qualification with supporting certificate, government-issued identification (passport or driving licence number with copy), and electronic signature
• Course Progress Data: Enrollment records, lesson completion status, quiz scores, and assessment submissions
• Certificate Data: Information related to certificates issued upon course completion

2.2 Information Collected Automatically

When you visit our website, we automatically collect certain information:

• IP address and approximate geographic location
• Browser type and version
• Device type and operating system
• Pages visited and time spent on pages
• Referring website or source

We use Vercel Analytics, a privacy-focused analytics service that does not use cookies and does not track individual users across websites.

2.3 Identity Documents and Sensitive Information

For course enrollment, particularly for Exemplar Global RTP certified courses, we collect copies of government-issued identification documents (passport or driving licence) and educational qualification certificates. This information is collected for the following purposes:

• Verification of your identity for professional certification requirements
• Verification of eligibility for Exemplar Global RTP certified courses
• Compliance with certification body requirements and auditor registration standards
• Prevention of fraud and ensuring the integrity of issued certificates

These documents are stored securely and are retained in accordance with our data retention policy (see Section 7). Your identity documents will not be shared with third parties except as described in Section 5 of this policy.

3. How We Use Your Information

We use your personal information for the following purposes:

• Providing and delivering our training courses and services
• Creating and managing your account, including authentication
• Tracking your course progress and issuing certificates
• Responding to your enquiries and providing support
• Sending transactional emails (account verification, password resets, enrollment confirmations)
• Improving our website, courses, and user experience
• Complying with legal obligations and protecting our rights

4. Legal Basis for Processing (GDPR)

For users in the European Union and United Kingdom, we process your personal data based on the following legal grounds:

• Consent: When you create an account or submit a contact form
• Contractual Necessity: To deliver the training courses you have enrolled in
• Legitimate Interests: For analytics, website improvements, and fraud prevention
• Legal Obligation: To comply with applicable laws and regulations

5. Third-Party Service Providers

We share your personal information with trusted third-party service providers who assist us in operating our platform:

• Supabase: Database hosting and user authentication. Supabase is GDPR compliant. Privacy Policy
• Tally: Contact form and course enrollment form processing. Tally is GDPR compliant. Privacy Policy
• Resend: Transactional email delivery. Privacy Policy
• Vercel: Website hosting and privacy-focused analytics (cookie-free). Privacy Policy

5.1 Exemplar Global Data Sharing

When you enroll in an Exemplar Global RTP certified course, the following information may be shared with Exemplar Global:

• Full name and contact details
• Educational qualifications and supporting documentation
• Identity verification information
• Course enrollment and completion details

This data sharing is necessary for Exemplar Global to verify participant eligibility and maintain the integrity of their certification programs. By enrolling in an Exemplar Global RTP certified course, you consent to this data sharing for verification purposes. Your personally identifiable information (PII) will not be shared with any other third parties without your prior permission.

We require all third-party service providers to respect the security of your personal information and to treat it in accordance with applicable data protection laws.

6. International Data Transfers

Your personal information may be stored and processed in countries outside Australia, including the United States, where our third-party service providers operate data centres.

For users in the European Economic Area (EEA) or United Kingdom, we ensure that any transfer of personal data outside these regions is protected by appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission.

7. Data Retention

We retain your personal information for as long as necessary to fulfil the purposes for which it was collected:

• Account and Course Data: Retained for 5 years after account closure or last interaction with our services
• Certificate Records: Retained indefinitely to enable ongoing certificate verification
• Identity Documents: Copies of government-issued identification (passport or driving licence) are retained for 5 years after account closure
• Qualification Certificates: Educational qualification documents uploaded during enrollment are retained for 5 years after account closure
• Enrollment Form Data: Information submitted through course enrollment forms is retained for 5 years after course completion
• Analytics Data: Aggregated and anonymised data may be retained indefinitely
• Contact Form Enquiries: Retained for 5 years from the date of submission

8. Your Rights

8.1 Australian Privacy Principles

Under the Australian Privacy Act 1988, you have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate or outdated information
• Make a complaint to us or to the Office of the Australian Information Commissioner (OAIC) about our handling of your personal information

8.2 GDPR Rights (EU/UK Users)

If you are located in the European Union or United Kingdom, you have additional rights under the GDPR:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your personal data
• Right to Data Portability: Request transfer of your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Restrict Processing: Request restriction of processing in certain circumstances
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

9. Cookies and Tracking

We use only essential cookies necessary for the operation of our website:

• Authentication Cookies: Used by Supabase to maintain your login session

We use Vercel Analytics for website analytics, which is a privacy-focused service that does not use cookies and does not track individual users across websites. We do not use any advertising, marketing, or third-party tracking cookies.

10. Data Security

We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. Our security measures include:

• HTTPS encryption for all data transmitted to and from our website
• Secure password hashing for user accounts
• Row Level Security (RLS) policies in our database
• Access controls limiting who can access personal information
• Regular security assessments and updates

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

11. Children's Privacy

Our services are designed for business professionals seeking ISO training and certification. While we do not specifically restrict access based on age, our courses are professional in nature and intended for individuals in a work or career context.

We do not knowingly collect personal information from children under the age of 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by posting the updated policy on this page with a revised "Effective Date".

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal information, please contact us:

14. Complaints

If you are not satisfied with our response to your privacy concern, you may lodge a complaint with the relevant supervisory authority:

• Australia: Office of the Australian Information Commissioner (OAIC) - www.oaic.gov.au
• European Union: Your local Data Protection Authority
• United Kingdom: Information Commissioner's Office (ICO) - ico.org.uk