top of page

Privacy & Whistleblower Policy

March 2020
Lonsdale Solutions Pty Ltd Privacy Policy

Lonsdale Solutions is a Professional Services company that provides a range of project delivery consulting services. Lonsdale Solutions is fully committed to ensuring the proper, open and transparent management and use of all personal information and/or data it collects and handles complies with applicable privacy laws. This privacy policy applies only to external personal information and/or data provided by clients, suppliers and other external third parties that Lonsdale Solutions interacts with.

Personal information and personal data for the purpose of this Policy is defined as “any sort of information or an opinion about an individual, whether true or not”, and includes all personal data about an individual, or which can be used to identify an individual either directly or indirectly (referred to collectively as “Personal Information”).

A sub-category of Personal Information is sensitive information and data. For the purposes of this Policy, sensitive information and data includes information of a particularly sensitive nature, such as information relating to an individual’s health, racial or ethnic origins, political opinions, membership of a trade union or political association, religious beliefs or affiliations, philosophical beliefs, sexual preferences or criminal record.



Lonsdale Solutions will only collect Personal Information that is necessary for its functions and activities. It will only collect Personal Information by fair and lawful means. Lonsdale Solutions may collect and process personal information through a variety of means, including, as examples, access to Lonsdale Solutions sites or services, employment processes, or correspondence with Lonsdale Solutions representatives, through purchase of goods or services or in the course of an online services.  Lonsdale Solutions collects and holds different categories of information depending on the services being provided and the jurisdiction in which those services are being provided. The following types of Personal Information may be collected:

a)         Information about Lonsdale Solutions’s Contractors and Suppliers​

Lonsdale Solutions collects, directly from our contractors and suppliers, Personal Information about them. This Personal Information includes their name and contact details which allows them to be contacted. For workplace health and safety reasons we may also collect from contractors certain Sensitive Information with consent; for example, medical information a contractor has provided us about any injuries he or she may currently suffer.

From third parties, we may also collect feedback and information relating to our contractors and suppliers’ performance of services for Lonsdale Solutions. This information is collected for the purposes of monitoring our contractors and suppliers’ performance of services and to ensure that we are able to provide the highest quality products and services to our customers.

b)         Information about job applicants

Applicants for a position at Lonsdale Solutions will be asked to supply details relevant to the job application such as name, contact details, information contained in CVs, driver’s licence or passport. We may also collect from third parties identified as referees Personal Information relating to the applicant. This information is used for the purposes of determining suitability for the vacant role.

c)          Information about customers and their employees and customers

Personal Information may be collected from customers such as name, contact details, bank account and credit card details.

All customer Personal Information collected by Lonsdale Solutions is used for our business functions and activities. These include:

  • for billing purposes and order fulfilment;

  • to contact customers about our provision of services;

  • to maintain account details;

  • to provide technical support e.g. account creation, password reset;

  • to provide information on request about our products and services;

  • to streamline and personalise customer experience while dealing with Lonsdale Solutions;

  • to undertake customer satisfaction surveys and to tailor Lonsdale Solutions information, services or products in order to improve and enhance those services and products provided to our  customers.

Lonsdale Solutions may also collect from its customers Personal Information relating to its employees and customers; for example, payroll information. This Personal Information is used so that we can facilitate provision of the services our customers have requested.

Occasionally, Lonsdale Solutions uses aggregated Personal Information derived from use of our products and services to provide Lonsdale Solutions with anonymous demographic and customer usage information. This information does not identify individuals. This anonymous, aggregated information is used to improve Lonsdale Solutions services and products.



Lonsdale Solutions will ensure, to the extent reasonably possible, that Personal Information collected, used or disclosed is accurate, up-to-date, complete and relevant. If Lonsdale Solutions becomes aware that any of the Personal Information it holds is inaccurate it will take prompt steps to update its records so that those records are correct.



Lonsdale Solutions takes active measures to ensure the security of Personal Information it holds is protected from misuse, interference, loss and unauthorised access, modification or disclosure.

All Lonsdale Solutions ICT devices, storage and channels are subject to continuous monitoring, logging analysis and audit. Lonsdale Solutions may choose to contract a third party to perform those functions.

All Personal Information is stored at secure premises using good quality security protocols.

Lonsdale Solutions security systems are regularly reviewed and updated to maintain the integrity of the Lonsdale Solutions security posture.



Subject to verification of identity, any Personal Information held about an individual may be accessed, updated or corrected by application to a Lonsdale Solutions Privacy Officer (for contact details, see section 9 below).

There is generally no fee for an individual to make a request or to be provided access to his or her Personal Information. However, depending on the complexity of the request a reasonable processing fee may be charged in some cases.

Lonsdale Solutions will endeavour to respond to access and correction of Personal Information within 15 business days after a written request is received by a Lonsdale Solutions Privacy Officer.



Lonsdale Solutions will only engage in direct marketing practices in accordance with the laws of the relevant country or jurisdiction. At any time an individual or organisation may contact Lonsdale Solutions to request that they no longer receive any marketing material or information from Lonsdale Solutions.

For email communications, Lonsdale Solutions also provides a simple opt-out (unsubscribe) mechanism that individuals can easily submit at any time.

If you feel at any stage we have incorrectly used your Personal Information for direct marketing, please contact us immediately (for contact details, see section 9 below).



As part of providing services to a customer, Lonsdale Solutions may disclose Personal Information to third party suppliers and contractors of services or retain and disclose Personal Information as authorised by law for example metadata.

Lonsdale Solutions only retains Personal Information for as long as required by applicable law or as needed for our business functions and activities. If Personal Information is no longer needed it is then destroyed or disposed of in a secure manner.



Lonsdale Solutions recognises and respects the varying national laws and obligations and their impact on cross-border data transfers when transferring or processing Personal Information outside of the country of collection for the purposes identified above. Lonsdale Solutions will take all reasonable steps to ensure that no person or entity, breaches any relevant privacy and data protection laws using a variety of lawful data transfer mechanisms and contractual agreements for privacy and data protection.



Accessing Lonsdale Solutions’s websites will result in some information being logged including the time of access, IP address and the pages that have been viewed or accessed.

Lonsdale Solutions’s websites may contain links to external websites. Lonsdale Solutions is not responsible for the content or privacy policies that govern such external websites.



Lonsdale Solutions has legal obligations under privacy legislation to hold information securely and to use it appropriately in accordance with our privacy policy.  If you feel we have breached these obligations, or have any questions about this Policy, or to raise any issues about privacy or data protection within Lonsdale Solutions please contact a Lonsdale Solutions Privacy Officer.


Due to the nature of the services that Lonsdale Solutions provides, in most situations it will be impracticable for an individual to deal with us on an anonymous basis. However, Lonsdale Solutions will consider anonymous requests on a case by case basis.

If you are not satisfied with Lonsdale Solutions’s response and the issue relates to a privacy concern or alleged breach by Lonsdale Solutions, you may take your complaint to the relevant government authority responsible for privacy and data protection.

Lonsdale Solutions Pty Ltd Whistleblower Policy 

At Lonsdale Solutions ​ (“the Company”) we are guided by our company values. These values are the foundation of how we conduct ourselves and interact with each other, our clients, members, supplies, shareholders and other stakeholders. The Company is committed to ensuring corporate compliance and promoting ethical corporate culture by observing the highest standards of fair dealing, honesty and integrity in our business activities.   


The Company encourages the reporting of any instances of suspected unethical, illegal, corrupt, fraudulent or undesirable conduct involving the Company’s business and provides protections and measures to individuals who make a disclosure in relation to such conduct without fear of victimisation or reprisal.  

This policy will be made available on the Company website and in any other ways that will ensure that it is made available to persons to whom this policy applies.   


This policy applies to any person who is, or has been, any of the following with respect to the Company:   

  • Employee;  

  • Officer;  

  • Director;  

  • Contractor (including sub-contractors and employees of contractors);   

  • Supplier (including employees of suppliers);  

  • Consultant;  

  • Auditor;  

  • Associate.; and 

  • Relative, dependant, spouse, or dependant of a spouse of any of the above.  



You may make a report or disclosure under this policy if you have reasonable grounds to believe that a Company director, officer, employee, contractor, supplier, consultant or other person who has business dealings with the Company has engaged in conduct (‘Reportable Conduct’) which is:  

  • Dishonest, fraudulent or corrupt;  

  • Illegal (such as theft, dealing in or use of illicit drugs, violence or threatened violence and criminal damage to property);  

  • Unethical including any breach of the Company’s policies such as the Code of Conduct; Oppressive or grossly negligent;  

  • Potentially damaging to the Company, its employees or a third party;  

  • Misconduct or an improper state of affairs;  

  • A danger, or represents a danger to the public or financial system;  

  • Harassment, discrimination, victimisation or bullying.


For the avoidance of doubt, Reportable Conduct does not include personal work-related grievances. These grievances should be reported to your manager in accordance with the Grievance Policy. A personal work-related grievance is a grievance about any matter in relation to a staff member’s current or former employment, having implications (or tending to have implications) for that person personally and that do not have broader implications for the Company. Examples of personal work-related grievances are as follows:  

  • An interpersonal conflict between the staff member and another employee;  

  • A decision relating to the engagement, transfer or promotion of the staff member;  

  • A decision relating to the terms and conditions of engagement of the staff member;  

  • A decision to suspend or terminate the engagement of the staff member, or otherwise to discipline the staff member.  


The Company relies on its employees maintaining a culture of honest and ethical behaviour. Accordingly, if you become aware of any Reportable Conduct, it is expected that you will make a disclosure under this policy.  

There are several ways in which you may report or disclose any issue or behaviour which you consider to be Reportable Conduct.  


You may disclose any Reportable Conduct to the Whistleblower Protection Officers listed below:  


Title: General Manager  

Name: Nick Flynn 

Phone Number: 0408 141 903  

Email Address:


Title: Managing Director  

Name: Mike Walters  

Phone Number: (03) 8669 1421 

Email Address: 


If you are unable to use any of the above reporting channels, a disclosure can be made to an “eligible recipient” within the Company. Eligible recipients include:  

  • Officers;  

  • Directors;  

  • Senior Managers;  

  • Auditor or member of an audit team conducting an audit of the Company; Actuary.   


The Whistleblower Protection Officer or eligible recipient will safeguard your interests and will ensure the integrity of the reporting mechanism.  


When making a disclosure, you may do so anonymously. It may be difficult for the Company to properly investigate the matters disclosed if a report is submitted anonymously and therefore the Company encourages you to share your identity when making a disclosure, however you are not required to do so.  

Where a disclosure has been made externally and you provide your contact details, those contact details will only be provided to a Whistleblower Protection Officer with your consent.  



You may also make a disclosure to the Australian Securities and Investments  

Commission (ASIC) or the Australian Prudential Regulation Authority (APRA) in relation to a Reportable Conduct. You will be covered by the protections outlined in this policy if you have reported your concerns to ASIC or APRA.  



You may choose to discuss your concerns with a legal practitioner for the purposes of obtaining legal advice or representation. You will be covered by the protections outlined in this policy if you have reported your concerns to a legal practitioner.  



In certain situations, the conduct or wrongdoing may be of such gravity and urgency that disclosure to the media or a parliamentarian is necessary.  

A public interest and emergency disclosure can only be made to:  

  • A journalist, defined to mean a person who is working in a professional capacity as a journalist for a newspaper, magazine, or radio or television broadcasting service; or  

  • A Member of the Parliament of the Commonwealth or of a State or Territory parliament. You may only make a public interest and emergency disclosure if:  

  • You have previously disclosed the information to ASIC or APRA;  

    • At least 90 days has passed since the previous disclosure was made;   

    • You have reasonable grounds to believe that action is not being taken to address the matters which you have disclosed;  

    • You have reasonable grounds to believe that making a further disclosure to a journalist or member of parliament would be in the public interest;  

    • You have given written notification, including sufficient information to identify the previous disclosure to the authority to which the previous disclosure was made that you intend on making a public interest disclosure; and  

    • The extent of information disclosed is no greater than is necessary to inform the recipient of the misconduct or improper state of affairs.  

  • You will be qualified for protection where you have made a public interest disclosure if: You have previously disclosed the information to ASIC or APRA;  

    • You have reasonable grounds to believe that the information concerns a substantial and imminent danger to the health or safety of one or more persons, or to the natural environment; and  

    • You have given written notification, including sufficient information to identify the previous disclosure to the authority to which the previous disclosure was made that you intend on making a public interest disclosure; and  

    • No more information is disclosed than is reasonably necessary to inform the recipient of the substantial and imminent danger.  



The Company will investigate all matters reported under this policy as soon as practicable after the matter has been reported. The Whistleblower Protection Officer will investigate the matter and where necessary, appoint an external investigator to assist in conducting the investigation. All investigations will be conducted in a fair, independent and timely manner and all reasonable efforts will be made to preserve confidentiality during the investigation.  

If the report is not anonymous, the Whistleblower Protection Officer or external investigator will contact you to discuss the investigation process and any other matters that are relevant to the investigation.  

Where you have chosen to remain anonymous, your identity will not be disclosed to the investigator or to any other person and the Company will conduct the investigation based on the information provided to it.  

Where possible, the Whistleblower Protection Officer will provide you with feedback on the progress and expected timeframes of the investigation. The person against whom any allegations have been made will also be informed of the concerns and will be provided with an opportunity to respond (unless there are any restrictions or other reasonable bases for not doing so).  

To the extent permitted by law, the Whistleblower Protection Officer may inform you and/or a person against whom allegations have been made of the findings. Any report will remain the property of the Company and will not be shared with you or any person against whom the allegations have been made.  


The Company is committed to ensuring that any person who makes a disclosure is treated fairly and does not suffer detriment and that confidentiality is preserved in respect of all matters raised under this policy.  

Protection from Legal Action  

You will not be subject to any civil, criminal or administrative legal action (including disciplinary action) for making a disclosure under this policy or participating in any investigation.  

Any information you provide will not be admissible in any criminal or civil proceedings other than for proceedings in respect of the falsity of the information.  

Protection against Detrimental Conduct  

The Company (or any person engaged by the Company) will not engage in ‘Detrimental Conduct’ against you if you have made a disclosure under this policy.  

Detrimental Conduct includes actual or threatened conduct such as the following (without limitation):   

Termination of employment;  

  • Injury to employment including demotion, disciplinary action;  

  • Alternation of position or duties;  

  • Discrimination;  

  • Harassment, bullying or intimidation;  

  • Victimisation;  

  • Harm or injury including psychological harm;  

  • Damage to person’s property;  

  • Damage to a person’s reputation;  

  • Damage to a person’s business or financial position; or Any other damage to a person.  


The Company will take all reasonable steps to protect you from Detrimental Conduct and will take necessary action where such conduct is identified.  


The Company also strictly prohibits all forms of Detrimental Conduct against any person who is involved in an investigation of a matter disclosed under the policy in response to their involvement in that investigation.  


If you are subjected to Detrimental Conduct as a result of making a disclosure under this policy or participating in an investigation, you should inform a Whistleblower Protection Officer or eligible participant in accordance with the reporting guidelines outlined above.  

You may also seek remedies including compensation, civil penalties or reinstatement where you have been subject to any Detrimental Conduct.  



All information received from you will be treated confidentially and sensitively.  

If you make a disclosure under this policy, your identity (or any information which would likely to identify you) will only be shared if:  

  • You give your consent to share that information; or  

  • The disclosure is allowed or required by law (for example where the concern is raised with a lawyer for the purposes of obtaining legal advice);  

  • The concern is reported to the Australian Securities and Investments Commission  

  • (ASIC), the Australian Prudential Regulation Authority (APRA), the Australian Taxation Office (ATO) or the Australian Federal Police (AFP);  

  • Where it is necessary to disclose information for the effective investigation of the matter, and this is likely to lead to your identification, all reasonable steps will be taken to reduce the risk that you will be identified.  



Where appropriate, the Company may also appoint an appropriate independent support person from team to deal with any ongoing concerns you may have.  

You may also access third party support providers such as Lifeline (13 11 14) and Beyond Blue (1300 22 4636) for support or speak with your GP about support available to you.  

bottom of page