1. About this policy
This privacy policy explains how Botany Industrial Park Pty Limited (ABN 96 083 874 962)
("BIP", "we", "us", "our") collects, uses, stores, and discloses personal information
through the BIP Safety Induction Website (the "Platform"), hosted at
induction.bipco.com.au.
BIP is committed to protecting your privacy in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
2. What personal information we collect
We collect the following personal information when you register for and complete the safety induction:
| Data | Purpose |
|---|---|
| Full name (first and last) | Identify you on certificates and records |
| Email address | Account login, password resets, expiry notifications |
| Phone number | Emergency contact, account recovery |
| Company / employer name | Track which organisation you represent |
| Employment type (employee / contractor) | Determine induction validity period |
| Contracted-to company (contractors only) | Record which site employer engaged you |
| Induction progress and quiz results | Track completion of safety requirements |
| Certificate details (issue date, expiry, ID) | Verify induction status |
| Login timestamps and IP addresses | Security monitoring and audit trail |
| HTTP request metadata (method, URL path, response status, response duration, User-Agent header, HTTP Referer header) | Server-side security monitoring and abuse detection. Captured on every request, including requests made before login by anonymous visitors. |
3. How we collect personal information
We collect personal information:
- Directly from you — when you register an account, complete your profile, or update your details
- From your employer — when an administrator imports employee records via bulk CSV upload
- Automatically — login timestamps, IP addresses, User-Agent strings, and HTTP Referer headers are captured on every server request; course progress is recorded as you use the Platform. This per-request logging applies to all visitors, including anonymous visitors who have not yet logged in.
4. Why we collect personal information
We collect and use your personal information for the following purposes:
- Managing your safety induction account and tracking completion
- Issuing and verifying induction certificates
- Sending password reset emails and induction expiry notifications
- Enabling BIP site administrators to verify that personnel on site hold a current induction
- Maintaining an audit trail for security and compliance purposes
- Generating anonymised reports on induction completion rates
5. Who has access to your information
Your personal information is accessible to:
- You — via your learner dashboard
- BIP Site Administrators — can view all learner records, completion status, and contact details
- Company Administrators — can view records for learners within their own company only
- Security personnel — read-only access to completion records
6. How we store and protect your information
- All data is stored on a server located in Sydney, Australia
- Data is transmitted over HTTPS (TLS 1.2+) encryption
- Passwords are hashed using bcrypt (not stored in plain text)
- Sessions expire after 30 minutes of inactivity
- Admin accounts are protected by multi-factor authentication (TOTP), rate limiting, and account lockout after failed login attempts
- The database is backed up daily with 7-day retention
- Access to the server is restricted to authorised personnel via SSH key authentication
7. How long we keep your information
| Data | Retention period |
|---|---|
| Active accounts | Retained while the account is active |
| Completed induction records | Retained for the duration of the induction validity period plus 12 months |
| Expired contractor accounts | Deleted 2 months after expiry notification (if not renewed) |
| Audit logs | Retained for 7 years for compliance purposes |
| Backup files | Retained for 7 days, then automatically deleted |
| Server request log / interaction log (IP, User-Agent, Referer, path, event type) | Automatically purged after 90 days |
When an account is deleted, all personal contact details are removed. A de-identified training record (name, company, certificate details, and quiz results) is retained for safety audit purposes as required by site regulations.
8. Your rights
Under the Australian Privacy Principles, you have the right to:
- Access your personal information — you can view your data on your learner dashboard, or request a copy by contacting us
- Correct your personal information — you can update your profile at any time, or ask an administrator to make corrections
- Request deletion — you can request that your account and all associated data be deleted
- Complain — if you believe your privacy has been breached, you can lodge a complaint with us or with the Office of the Australian Information Commissioner (OAIC)
9. Cookies and session data
The Platform uses a session cookie to keep you logged in. This cookie:
-
Is marked
HttpOnlyandSecure(cannot be accessed by JavaScript, only sent over HTTPS) - Has
SameSite=Strictto prevent cross-site request forgery - Expires after 24 hours or 30 minutes of inactivity, whichever comes first
- Does not track you across other websites
This means the Platform currently uses only a strictly necessary / essential cookie for authentication and session security. It is not intended to rely on consent for analytics, marketing, profiling, or other non-essential cookie activity, because those technologies are not enabled.
If we later introduce any non-essential cookies or similar tracking technologies, we will update this policy and, where applicable law requires it, implement a consent mechanism before those technologies are activated for users in the relevant jurisdiction. This is intended to cover stricter privacy and ePrivacy-style regimes, including jurisdictions that require prior consent for non-essential cookies.
10. Changes to this policy
We may update this privacy policy from time to time. The "Last updated" date at the top of this page will be revised accordingly. Continued use of the Platform after changes constitutes acceptance of the updated policy.
11. Contact us
For privacy enquiries, data access requests, or complaints:
- Community Hotline: 1800 025 138
- Email: support@bipco.com.au
- Online: Contact form
- Mail: Botany Industrial Park Pty Limited, Denison Street, Hillsdale NSW 2036
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
- Website: https://www.oaic.gov.au/
- Phone: 1300 363 992