Privacy Policy
Effective date: 1 June 2026 | Cameron Facilities Pty Ltd ABN 17 639 270 947 | 396 Walcott Street, Mount Lawley WA 6050
Cameron Facilities Pty Ltd ("Cameron Facilities", "we", "us", "our") is committed to protecting your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy explains how we collect, use, disclose, and protect your personal information.
1. Who We Are
Cameron Facilities Pty Ltd is a facilities management and commercial cleaning services company operating from Perth, Western Australia. We provide integrated FM services, building management, commercial cleaning, concierge services, and related property management services to clients across Western Australia.
Our FM Platform (fm.cameronfacilities.com.au) is a proprietary operational platform used by Cameron Facilities staff and authorised clients. It is not a public service and access is restricted to authorised users only.
2. What Personal Information We Collect
The personal information we collect depends on your relationship with us:
- Clients and client representatives: Name, organisation name, email address, phone number, site address, service history, communications.
- Building residents and owners: Name, unit number, contact details, maintenance requests, booking history.
- Staff and contractors: Full name, contact details, employment history, tax file number (via payroll processor only), bank account details (via payroll processor only), police clearances, right-to-work documentation, GPS location data during working hours, training records.
- Portal users: Login credentials (encrypted), access logs, activity within the portal.
We do not store tax file numbers or bank account details on this platform. These are held exclusively by our payroll provider and Xero accounting software, which maintain their own privacy and security standards.
3. How We Collect Personal Information
- Directly from you when you contact us, request a service, or use our client portal
- From your employer or body corporate when they engage Cameron Facilities on your behalf
- Automatically through the FM platform (login logs, GPS clock-in records, portal activity)
- From employment application forms and onboarding documentation
- From contractors and suppliers during the engagement process
4. Why We Collect Personal Information
We collect personal information to:
- Deliver and manage facilities management and cleaning services
- Manage employment relationships and contractor engagements
- Operate the FM platform and client portals
- Record attendance, GPS clock-in/out, and work schedules
- Comply with legal and regulatory obligations (including WHS Act 2020 (WA), Fair Work Act 2009, WorkCover WA)
- Respond to maintenance requests, work orders, and complaints
- Send service notifications and operational communications
- Prepare inspection reports, compliance documentation, and quarterly reports
- Manage insurance claims (Public Liability: Berkley Insurance Australia, Policy 202307-2821 R2 BIA; Workers Compensation: CGU, Policy O/20-14954)
5. Disclosure of Personal Information
We do not sell, rent, or trade your personal information. We may disclose personal information to:
- Authorised staff and managers within Cameron Facilities on a need-to-know basis
- Subcontractors and trade service providers only to the extent necessary to perform work at your property
- Our insurance brokers and insurers (Interlink Insurance Brokers, Berkley Insurance Australia, CGU) in connection with insurance coverage and claims
- Our accounting system (Xero) for financial and invoicing purposes
- Our HR platform (BrightHR / Peninsula) for employment and payroll administration
- Google LLC as our data processing platform (Google Sheets, Google Drive) -- data may be stored on servers outside Australia but Google LLC is bound by standard contractual clauses
- Railway Inc. (application hosting) -- servers located in the United States
- Regulatory bodies including WorkCover WA, the ATO, or law enforcement where required by law
6. Cross-Border Disclosure
Some of our service providers (including Google and Railway Inc.) store data on servers located outside Australia, primarily in the United States. Before disclosing your information to overseas recipients, Cameron Facilities takes reasonable steps to ensure those recipients do not breach the Australian Privacy Principles.
7. GPS and Location Data
Cameron Facilities collects GPS location data from staff using the FM platform clock-in/out system. Location data is collected at the time of clocking in and out only, and is used solely to verify that staff are present at the correct work location. Location data is not tracked continuously and is not accessible to clients or third parties. Staff are informed of GPS collection prior to use of the system.
8. Security of Personal Information
We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access. Our security measures include:
- Encrypted passwords (all user passwords are stored as cryptographic hashes -- never in plain text)
- Role-based access control -- each user can only access information relevant to their role
- HTTPS encryption on all platform communications (SSL/TLS)
- Secrets management through Railway environment variables (not stored in code)
- Session-based authentication with automatic timeout
- Physical access to offices limited to authorised personnel
In the event of a data breach that is likely to result in serious harm to individuals, Cameron Facilities will comply with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth), including notifying affected individuals and the Office of the Australian Information Commissioner (OAIC) as required.
9. Data Retention
- Client service records: Retained for 7 years after the end of the service relationship (to comply with general statutory limitation periods)
- Employment records: Retained for 7 years after employment ends (Fair Work Act 2009)
- WHS and incident records: Retained for a minimum of 7 years (WHS Act 2020 (WA))
- GPS clock-in records: Retained for 2 years, then deleted
- Portal access logs: Retained for 12 months
10. Access and Correction
You have the right to request access to personal information Cameron Facilities holds about you, and to request corrections where the information is inaccurate, out of date, or incomplete. To make an access or correction request, contact our Privacy Officer using the details below.
We will respond to access requests within 30 days. In limited circumstances, we may decline an access request as permitted under the Privacy Act 1988 (Cth), and we will explain why in writing.
11. Complaints
If you believe Cameron Facilities has breached the Australian Privacy Principles in relation to your personal information, please contact our Privacy Officer in the first instance. We will investigate and respond within 30 days.
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
12. Direct Marketing
Cameron Facilities may use your contact details to send service-related communications, operational notifications, and (with your consent) information about our services. You may opt out of marketing communications at any time by contacting us. Service-related notifications (e.g. maintenance updates, work order status) cannot be opted out of while you remain a client of Cameron Facilities.
13. Updates to This Policy
This Privacy Policy may be updated from time to time to reflect changes in our operations or legal obligations. The current version will always be accessible via the client portal and at cameronfacilities.com.au. The effective date at the top of this policy indicates when it was last revised.
14. Contact -- Privacy Officer