- Home /
- Privacy Policy
Privacy Policy
Sydney Markets Limited (SML) is committed to protecting the privacy of everyone who interacts with our operations, premises and websites. This policy explains how we collect, use, disclose, secure and dispose of personal and sensitive information, in line with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.
Questions about your privacy?
Contact our Privacy Officer at privacy@sydneymarkets.com or on 02 9325 6215, or write to Level 3, Market Plaza Building, Parramatta Rd, Sydney Markets NSW 2129.
What we collect and how
Personal information means information that identifies you, such as your name, date of birth, contact details, identification documents, employment records, financial details, vehicle or licence particulars, and biometric data such as facial recognition templates. Sensitive information includes health and medical data, drug and alcohol testing outcomes, criminal background checks and biometric information, and receives a higher level of protection under the Privacy Act.
We collect information through fair and lawful means, including:
- Direct interaction: completed forms, signed agreements, inductions, enquiries, emails and conversations with SML employees.
- Telephone communications: inbound and outbound calls may be recorded for quality assurance, training, incident investigation and compliance. See the call recording section below.
- CCTV monitoring: continuous camera surveillance operates across SML premises for safety, security and incident investigation. Signage around the premises notifies visitors that CCTV is in operation.
- Site access control systems: these record entry and exit times and may use identification cards, facial identification, vehicle licence plate recognition or biometric data.
- Biometric data (facial recognition): collected only from consenting tenants, licensees, their staff and SML employees, with explicit informed consent, and used solely for identity verification and access control on SML premises.
- Drug and alcohol testing: regular, random, targeted, incident-triggered or compliance-required testing is performed on site. By accessing SML sites, individuals consent to testing as required for safety, compliance or incident investigation.
- Third-party sources: including employers, credit reporting bodies, government databases and referrals, where permitted by law or with consent.
- Our websites: cookies, analytics tools and online forms. See the cookies section below.
Where practicable and lawful, you may deal with us anonymously or under a pseudonym. However, for most operational and safety-related activities on SML premises, such as site access, tenancy and employment, identification is a necessary requirement.
Cookies and website analytics
Our website uses cookies to keep the site working and to understand how visitors use it. When you first visit, a banner lets you accept all cookies, keep only the essentials, or choose your own settings. Strictly necessary cookies are always on because the site cannot function without them. Analytics cookies (Google Analytics) and marketing cookies only run if you allow them.
Analytics tools collect anonymous data about website usage, such as browsing patterns and referral sites, to help us improve our online services. We will not attempt to identify anonymous users or their browsing activities unless legally compelled to do so.
You can change your cookie choices at any time:
Cookie SettingsRecording of telephone calls
SML may record inbound and outbound telephone communications to support operational integrity, quality assurance, staff training, incident investigation and compliance with legal obligations. Recordings are governed by the Surveillance Devices Act 2007 (NSW) and the Privacy Act 1988 (Cth).
For inbound calls, you are notified by an automated message at the beginning of the call. For outbound calls, SML representatives inform you at the start of the conversation. Continuing the call after notification is taken as implied consent. If you object to recording, you may request an alternative such as written correspondence or an unrecorded call.
Recordings are stored securely, accessed only by authorised personnel, and retained in accordance with SML's data retention policies.
How we use your information
We use personal and sensitive information only for the purposes for which it was collected, or for directly related purposes you would reasonably expect, or where required or permitted by law. This includes:
- Meeting our workplace health and safety obligations, including drug and alcohol testing protocols.
- Administering tenancy, licensing and registration agreements.
- Ensuring site security, managing site entry and access control (including CCTV and biometric data), and upholding regulatory compliance.
- Investigating and addressing incidents.
- Communicating operational updates and essential notices.
- Managing financial transactions, credit checks and legal compliance.
- Processing employment applications, onboarding and contractor management.
- Detecting and preventing fraudulent, unlawful or unsafe activities.
- Improving our websites and online services.
We may also use information for related secondary purposes within your reasonable expectations, such as internal auditing, service improvement and statistical analysis (usually with de-identified data).
Who we share information with
We may disclose personal and sensitive information to:
- Approved contractors and service providers, including security, IT, mailing and marketing agencies, bound by confidentiality agreements.
- Professional advisors such as legal counsel, safety advisors and accountants.
- Government and regulatory bodies where legally required or authorised, for example the police, work health and safety authorities, or in response to a court order.
- Employers, insurers and legal representatives for incident management, compliance enforcement and workplace safety assurance.
- Secure third-party providers for biometric data processing, solely for identity verification and access control, under strict data security and privacy standards.
- Other market stakeholders where necessary for the legitimate operation of the markets, with appropriate privacy safeguards and consent.
SML generally does not disclose personal information to overseas recipients. If such a disclosure becomes necessary, we will take reasonable steps to ensure the overseas recipient handles your information in accordance with the Australian Privacy Principles, unless we obtain your informed consent otherwise.
How we keep your information secure
We employ stringent technical and organisational measures to protect personal information from unauthorised access, disclosure, loss or misuse, including:
- Encryption for electronic storage and transmission of sensitive information.
- Strict access controls and authentication, limiting access to authorised personnel based on their roles.
- Controlled physical access to data storage facilities and premises.
- Firewalls, intrusion detection systems and regular vulnerability assessments.
- Periodic security audits and reviews.
- Mandatory, regular privacy and data security training for staff handling personal information.
- Contractual requirements that third-party providers meet equivalent or higher privacy and security standards.
How long we keep information
We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. This includes periods mandated by Australian laws (such as tax, workplace health and safety, and employment records), periods reasonably necessary for our business functions, and longer periods where information is relevant to potential or ongoing investigations, disputes or legal proceedings.
When information is no longer needed and no legal retention requirement applies, we take reasonable steps to destroy it securely, or to de-identify it if it is retained for statistical analysis or research, so that you can no longer reasonably be identified from it.
Accessing and correcting your information
You have the right to request access to, or correction of, the personal information we hold about you by contacting our Privacy Officer. Requests are processed promptly, within 30 days, unless specific exceptions apply under applicable legislation.
We take reasonable steps to ensure the information we hold is accurate, complete, relevant, up to date and not misleading. If we refuse a request for access or correction, we will give you written reasons and explain how to make a complaint.
Complaints and data breaches
Direct any privacy-related complaint to our Privacy Officer in the first instance. We will acknowledge your complaint promptly and aim to give you a substantive response within 30 days. If you are not satisfied with the outcome, you can escalate your complaint to the Office of the Australian Information Commissioner at www.oaic.gov.au.
If an eligible data breach occurs that is likely to result in serious harm to any individual whose information we hold, we will comply with the Notifiable Data Breaches scheme: assessing the suspected breach swiftly, notifying affected individuals and the OAIC as soon as practicable, and taking all reasonable steps to mitigate harm.
Marketing communications
We may use collected information to deliver operational notifications and marketing communications. You can opt out of marketing at any time by contacting our Privacy Officer or by using the unsubscribe mechanism in the communication itself. We will not use or disclose sensitive information for direct marketing without your explicit consent.
Changes to this policy
We review this policy at least annually, and sooner if legislation, our operational practices or significant incidents require it. Amendments are approved by the SML Board of Directors, and the latest version will always be available on this page.
Policy documents
Prefer the full documents? Download them here.