How AWS handles personal information

This Privacy Policy explains how AWS collects, uses, stores and discloses personal information when providing workplace consulting, employment compliance, WHS, investigations, mediation, training, integrated management systems and GRC services, including services supported by Strobe.

1. Who this policy applies to

This policy applies to personal information handled by Australian Workplace Strategies Pty Ltd in connection with:

• workplace advisory and employment compliance engagements;
• workplace investigations, complaints handling and mediation;
• psychosocial safety, WHS and management-system work;
• training, workshops and capability programs;
• Strobe-related GRC support;
• enquiries submitted through the website;
• communications with AWS.

2. Types of information we may collect

AWS may collect personal information reasonably necessary for our functions and services, including:

• name, role, organisation and contact details;
• information provided in enquiry forms, emails, telephone calls, meetings or documents;
• employment, role, workplace, complaint, incident, performance, conduct or case-management information;
• information provided by employers, employees, witnesses, representatives, advisers or other participants;
• training attendance and participation information;
• records relevant to WHS, psychosocial risk, compliance, governance, audit or management-system work;
• technical information generated through website use, such as device, browser and usage information where analytics or security tools are used.

Where workplace matters involve sensitive information, AWS handles that information carefully and only to the extent reasonably necessary for the relevant engagement.

3. How we collect information

AWS may collect personal information:

• directly from individuals;
• from client organisations and their authorised representatives;
• from employees, contractors, witnesses, complainants, respondents or other workplace participants;
• from documents, records, systems or materials provided during an engagement;
• through website forms, email, telephone or meeting communications;
• through Strobe or related workflow systems where AWS is engaged to support GRC processes.

4. Why we collect and use information

AWS uses personal information for purposes connected with the reason it was collected, including:

• assessing and responding to enquiries;
• scoping, conducting, managing and reporting on engagements;
• providing workplace advisory, compliance, WHS, investigation, mediation, training, ISO and GRC support;
• managing client relationships and engagement administration;
• preparing reports, recommendations, training materials, records, action plans or review outputs;
• maintaining business records and quality-management processes;
• complying with legal, regulatory, professional, contractual and insurance obligations;
• managing website, information security and business continuity functions.

5. Workplace investigations and sensitive workplace matters

In workplace investigations, complaints handling, mediation, case management, psychosocial risk reviews or similar matters, AWS may handle information about workplace conduct, health, safety, performance, injury, complaints, allegations, responses, witness accounts and related records.

AWS will ordinarily use this information only for the relevant engagement, including assessing issues, conducting interviews or reviews, preparing findings or recommendations, supporting procedural fairness, reporting to the client organisation, and helping manage workplace risk and compliance.

6. Disclosure of information

AWS may disclose personal information where reasonably necessary for the purpose of an engagement, including to:

• the client organisation and its authorised representatives;
• relevant workplace participants, where required for procedural fairness or engagement purposes;
• professional advisers, insurers, auditors, consultants or service providers;
• technology providers used to host, store, secure or process business information;
• regulators, courts, tribunals or government agencies where required or authorised by law;
• another party where the individual has consented or disclosure is otherwise permitted.

AWS does not sell personal information.

7. Strobe and technology systems

Where Strobe or other technology platforms are used to support obligations, evidence, risks, actions, case management, assurance or GRC workflows, information may be stored and processed through those systems in accordance with applicable access controls, security settings and engagement arrangements.

AWS aims to limit access to information to personnel and authorised users who need it for the relevant purpose.

8. Overseas disclosure

AWS primarily operates from Australia and provides services across Australia, with New Zealand by arrangement. Some technology, hosting, email, storage, security, analytics or support providers may store or process information outside Australia.

Where overseas service providers are used, AWS takes reasonable steps to select reputable providers and manage information handling through appropriate contractual, technical and administrative controls.

9. Storage, security and retention

AWS takes reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure.

Safeguards may include:

• access controls and permissions;
• secure business systems and hosting arrangements;
• staff confidentiality expectations;
• document and record controls;
• information security and business continuity practices;
• review, backup and retention processes;
• management-system controls aligned with AWS’s quality, WHS and compliance approach.

AWS retains personal information for as long as reasonably required for the purpose collected, for business recordkeeping, dispute management, insurance, audit, regulatory or legal purposes. When information is no longer required, AWS may securely destroy, de-identify or archive it in accordance with its records practices.

10. Data breaches

AWS maintains processes for identifying, assessing and responding to data incidents. Where a data breach is likely to result in serious harm and notification is required under applicable law, AWS will take steps to notify affected individuals and/or relevant regulators as required.

11. Website analytics and cookies

The AWS website may use cookies, analytics, security tools or similar technologies to understand website use, maintain website performance, improve content and protect the site from misuse.

Users may adjust browser settings to block or delete cookies, although this may affect some website functionality.

12. Accessing and correcting personal information

Individuals may request access to, or correction of, personal information AWS holds about them. AWS may need to verify identity before responding.

There may be circumstances where access or correction cannot be provided in full, including where doing so would affect another person’s privacy, compromise a workplace process, breach confidentiality, or be inconsistent with legal, regulatory or procedural obligations.

13. Complaints and enquiries

Privacy enquiries, access or correction requests, and privacy complaints should be directed to:

aws@workplacestrategies.com.au

AWS will consider privacy complaints and respond within a reasonable time. If a person is not satisfied with AWS’s response, they may be able to contact the Office of the Australian Information Commissioner or another relevant regulator.

14. Updates to this policy

AWS may update this Privacy Policy from time to time to reflect changes in services, technology, law, regulatory guidance or business practices. The current version will be published on this website.

Last updated: June 2026