GPK Privacy Policy

Your privacy matters to us. Learn more about how we manage and protect your personal information.

Privacy Policy

GPK Group Pty Ltd and its related entities (GPK Group) understands the importance of, and is committed to, protecting the privacy of an individual’s personal information. In handling personal information, GPK Group is committed to complying with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (as amended) (Australian Act) in Australia; and the Information Privacy Principles (IPPs) contained in the Privacy Act 1993 in New Zealand (New Zealand Act).

This Policy sets out how GPK Group aims to protect the privacy of personal information, an individual’s rights in relation to their personal information managed or held by GPK Group and the way GPK Group collects, holds, uses and discloses personal information. This Policy may be updated from time to time.

In the event personal information is collected during a recruitment or application process and you subsequently become an employee of GPK Group, GPK Group’s handling of such personal information may no longer be governed by the Privacy Acts and this Policy will no longer apply to you. GPK Group will nevertheless treat personal information it holds about its employees appropriately in the circumstances.

What is ‘Personal Information’ and what kinds of Personal Information does GPK Group collect and access?

Personal information is information or an opinion about an identified, or reasonably identifiable, individual. During the provision of GPK Group’s services, GPK Group may collect or hold personal information. The type of personal information that we typically collect and hold will vary depending on our relationship with you. This information is generally categorised as:

  • Client Information – information we may collect from all individuals/companies who we deal with for the purposes of providing our products and services. The main types of information we collect are:
  • Contact details including your address, telephone numbers and email addresses
  • Information about your company such as the name, size and location of your company and your role within the company
  • Credit checks on new clients
  • Records of our interaction with you and any confidential feedback you may give us
  • Your use of our products and services, and certain transactional information and financial details to process any transactions.
  • End User Data – through its commercial arrangements or terms of service with GPK Group, a client may provide GPK Group with access to personal information about the client’s customers, employees, partners or suppliers. End user data is therefore information that resides on a GPK Group, client or third-party system to which GPK Group is provided access to perform services (including test, development and production environments that may be accessed to perform GPK Group consulting and support services). GPK Group treats end user data according to the terms of this Policy and as confidential in accordance with the arrangements with its clients. End user data is collected, shared and used by a GPK Group client in accordance with their own company privacy policy.
  • Prospective employees and contractors – information we may collect to reasonably determine your suitability for work with us or through us. The main types of information we collect are:
  • Name and contact details, including your address, email address and phone numbers
  • Information in your cover letter, resume and application forms including your skills, qualifications, work history, references, goals and interests
  • Details of your work rights in Australia and other countries
  • Your tax file number and superannuation details
  • Information documenting your work history with or through us
  • Aptitude and psychological assessment results, and the results of police checks or medical assessments
  • Other information that you or your referees provide to us, including personal feedback.

Sensitive information is a special category of personal information under the Australian Act. It is information or opinion about you, including membership of a professional or trade association or membership of a trade union; criminal record; health information, racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, or sexual preferences or practices. As outlined in the Australian Act, sensitive information can, in most cases, only be disclosed with your consent.

How will your Personal Information be collected or accessed?

Generally, personal information will be collected from you directly when you apply for a role, request a product or service, or otherwise provide us with personal information in person or via our website, telephone, email, fax, post or other means, whether at GPK Group’s request or at your own initiative.

There may be other occasions when GPK Group collects your personal information from other sources such as another person or business, or from a publicly available source including social media or when we engage a consultant or agent to collect information about people who may be interested in buying GPK Group’s products or services. Generally, GPK will only collect your personal information from sources other than you if it is unreasonable or impracticable to collect your personal information from you.

GPK Group may access or use end user data to perform services for its clients. This may include monitoring and testing system use and performance, resolving bugs and other issues or testing and applying new product or system versions, patches, updates and upgrades. GPK Group may process end user data but it is not responsible for providing any notices and/or obtaining any consents necessary for GPK Group to access, use, retain and transfer end user data as necessary to provide its services. If GPK Group hires contractors or subcontractors to assist in providing services, their access to end user data will be consistent with the relevant client arrangement and this Privacy Policy. GPK Group is responsible for its contractors’ and subcontractors’ compliance with the terms of this Policy.

How we use Cookies

You can visit our website and browse without the need to disclose any personal information.

When you access a GPK Group website or web application a small file (“cookie”) may be saved on your computer’s hard drive. Cookies are used to collect information about how websites are used. The data contained in any cookie is encrypted and does not give us access to your computer or any personal information about you.

Why does GPK Group need your Personal Information?

GPK Group collects, holds, uses and discloses your personal information where it is reasonably necessary for the purposes of providing you with its products and services. This may include using and disclosing your personal information:

  • to enable you to access and use our products and services
  • to operate, protect, improve and optimise our products and services, business and our users’ experience, such as to perform analytics, conduct research and for advertising and marketing
  • to send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you
  • to send you marketing and promotional messages and other information that may be of interest to you, including information sent by, or on behalf of, our business partners that we think you may find interesting
  • to administer rewards, surveys, contests, or other promotional activities or events sponsored or managed by us or our business partners
  • to comply with our legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties, and
  • to consider your employment application.
  • Where personal information is used or disclosed, GPK Group takes steps reasonable in the circumstances to ensure it is relevant to the purpose for which it is to be used or disclosed.

You are under no obligation to provide your personal information to GPK Group. However, without certain information from you, or where information provided is inaccurate or irrelevant, GPK Group may not be able to provide its products and services to you or may be limited in its ability to provide its products and services to you.

Marketing communications

In the event you do not wish to receive marketing communications, you can opt-out by contacting GPK Group via the contact details set out below or through any opt-out mechanism contained in a marketing communication to you.

Disclosure of Personal Information

GPK Group discloses your personal information for the purpose for which GPK Group collects it or for a related secondary purpose. That is, generally, GPK Group will only disclose your personal information for a purpose related to the provision its products and services or as otherwise set out in this Policy. Your personal and sensitive information may be disclosed to:

  • our employees and related bodies corporate
  • third party suppliers and service providers (including providers for the operation of our websites and/or our business or in connection with providing our products and services to you)
  • professional advisers, dealers and agents
  • payment systems operators (for example, merchants receiving card payments)
  • our existing or potential agents, business partners or partners
  • anyone to whom our assets or businesses (or any part of them) are transferred
  • specific third parties authorised by you to receive information held by us, and/or
  • other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.

Overseas disclosures

GPK may disclose personal information to overseas recipients to provide its products and services and for administrative or business management purposes. Recipients of such disclosures include contractors located in France and the United States, but recipients may also be in other countries.

Before disclosing any personal information to an overseas recipient, GPK Group takes steps reasonable in the circumstances to ensure the overseas recipient complies with the APPs or IPPs or is bound by a substantially similar privacy scheme, unless you consent to the overseas disclosure or it is otherwise required or permitted by law.

Security of your Personal Information

GPK Group takes all reasonable steps to ensure personal information it holds is protected against misuse, interference and loss and from unauthorised access, modification or disclosure. GPK Group holds personal information in both hard copy and electronic forms in secure databases on secure premises, accessible only by authorised employees and contractors.

GPK Group will destroy or de-identify personal information in circumstances where it is no longer required, unless GPK Group is otherwise required or authorised by law to retain the information.

You can gain access to, and seek correction of, your Personal Information held by GPK Group

GPK Group takes steps reasonable in the circumstances to ensure personal information it holds is accurate, up to date, complete, relevant and not misleading. Subject to some exceptions that are set out in both the APPs and IPPs, you have a right to access and seek correction of your personal information that is collected and held by GPK Group. If at any time you would like to access or correct the personal information that GPK Group holds about you, or you would like more information on GPK Group’s approach to privacy, please contact GPK Group via the contact details set out below. GPK Group will grant access to the extent required or authorised by the Privacy Acts or other law and take steps reasonable in the circumstances to correct personal information where necessary and appropriate.

To obtain access to your personal information:

  • you will have to provide proof of identity. This is necessary to ensure that personal information is provided only to the correct individuals and that the privacy of others is protected
  • GPK Group requests that you be reasonably specific about the information you require, and
  • GPK Group may charge you a reasonable administration fee, which reflects the cost to GPK Group for providing access in accordance with your request.

GPK Group will endeavour to respond to your request to access or correct your personal information within 30 days from your request.

If GPK Group refuses your request to access or correct your personal information, GPK Group will provide you with written reasons for the refusal and details of complaint mechanisms. GPK Group will also take steps reasonable in the circumstance to provide you with access in a manner that meets your needs and the needs of GPK Group.


Please direct all privacy complaints to GPK Group’s Privacy Compliance Officer via the contact details below.

At all times, privacy complaints:

will be treated seriously
will be dealt with promptly
will be dealt with in a confidential manner, and
will not affect your existing obligations or affect the commercial arrangements between you and GPK Group.
GPK Group’s Privacy Officer will commence an investigation into your complaint. You will be informed of the outcome of your complaint following completion of the investigation. In the event you are dissatisfied with the outcome of your complaint, you may refer the complaint to the Office of the Australian Information Commissioner, or in New Zealand, you can contact the Office of the Privacy Commissioner.

How to contact us

For further information or enquiries regarding personal information that GPK Group holds about you, or if you would like to opt out of receiving any promotional communications, please write to:

Telephone: 1300 000 475


Mail: Privacy Officer, GPK Group Pty Ltd, 2/94 Abbott Road, Hallam, Victoria 3803, Australia