Privacy Policy



In this Privacy Policy a reference to “EPH Group”, “we”, “our” or “us” is a reference to the following entities and their employees and agents together with, where the context admits, entities that are related or affiliated with them in the provision of the Goods and/or services: “EPH Enterprises Pty Ltd (ACN 109 822 246)”, “EPH NSW Pty Ltd (ACN 154 376 173)”, “EPH Queensland Pty Ltd (ACN 159 368 715)”, “EPH Contracts Pty Ltd (ACN 153 936 273)”, “EPH Contracts (QLD) Pty Ltd (ACN 628 420 173)”, “Enviro Fill Manningham Pty Ltd (ACN 134 678 381)”, “ESG Pinkenba Pty Ltd (ACN 140 030 431)”,“ESG Bangholme Pty Ltd (ACN 153 803 886)”, “ESG Bellarine Pty Ltd (ACN 140 481 036)”, “ESG Coldstream Pty Ltd (ACN 153 124 442)”, “ESG Deer Park Pty Ltd (ACN 628 454 080)”, “ESG Dingley Pty Ltd (ACN 158 977 381)”, ESG Epping Pty Ltd (ACN 159 368 760)”, “ESG Ferntree Gully Pty Ltd (ACN 158 977 201)”, “ESG Northern Pty Ltd (ACN 150 100 342)”, “ESG Projects Pty Ltd (ACN 143 027 632)”, “ESG Sunshine Pty Ltd (ACN 151 619 055)”, “ESG Whittlesea Pty Ltd (ACN 159 368 742)” and “ESG Woodstock Pty Ltd (ACN 148 108 034)”.

We are committed to protecting your privacy and Personal Information when you deal with us and ensuring that it collects, stores and deals with your Personal Information appropriately and lawfully, including in accordance with the relevant privacy legislation.

By submitting your Personal Information to the EPH Group or by using our services, you understand and consent to us using your Personal Information as described in this Privacy Policy.


This Privacy Policy applies to all Personal Information collected by the EPH Group in relation to its customers, suppliers and other third parties (“you”).  In this policy, we outline:

  • what types of Personal Information we collect and hold;
  • the purposes for which we collect, hold, use and disclose Personal Information;
  • how we collect and hold Personal Information;
  • how and under what circumstances we disclose Personal Information;
  • the measures we take to safeguard your Personal Information
  • your rights in relation to your Personal Information, including how you may access, update, and/or complain in relation to the Personal Information that we hold in relation to you and seek any correction to that information;
  • how the we collect, use, store and disclose credit information and commercial credit eligibility information; and
  • disclosure of Personal Information to overseas recipients.

We reserve the right to change this Privacy Policy from time to time. Any changes to this Privacy Policy will be updated on www.ephgroup.com.au. We may also issue specific privacy collection notices from time-to-time relating to particular projects, products or services.  The latest version of this policy will be the version posted to our website.

This policy was last updated on 12 November 2018.


Personal Information” means any information or opinion (whether true or not) relating to a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, or an online identifier.


We collect, hold, disclose and use your Personal Information where it is reasonably necessary for us to carry out our business functions and activities and as necessary to provide our services to you. We also collect, hold, use and disclose your Personal Information for related purposes that you would reasonably expect.

For example, we may use your Personal Information to:

  • provide you with booking services;
  • administer the EPH Group relationship with you including responding to queries;
  • internal administrative purposes, such as but not limited to procedural assessment, credit approval, risk management, staff training, accounting, billing, product and service reviews;
  • determine the provision of credit in accordance with the terms of the EPH Group Application For Commercial Credit;
  • assess or exchange information relating to your creditworthiness, credit history or credit capacity in accordance with the terms of the EPH Group Application For Commercial Credit;
  • assist in the collection of overdue payments;
  • comply with legislative requirements such as under the Personal Property and Securities Act 2009 (Cth);
  • monitor activity on our website(s);
  • identify and inform you about other products or services that may be of interest to you;
  • provide you with information about products, services and offerings that may be of interest to you; and
  • distribute our newsletters and other communications either directly or with the assistance of third party services providers.

We may also use your Personal Information for purposes which are required by law such as sharing your Personal Information in order to comply with legal obligations to which we are subject.

If we do not collect, hold, use or disclose your Personal Information, or if you do not consent, then we may not be able to assist you or provide our services to you to the best of our ability.


The types of Personal Information we may collect from you and hold include (without limitation):

  • your name, gender, date of birth, contact details, image, drivers licence, copy signature;
  • payment details (such as credit/debit card number and expiry date) provided in connection with the purchase of our products and services;
  • insurance provider’s details,
  • company details, company contact details, business premises details;
  • your trade references;
  • financial details including annual earnings, bank account details
  • details of the products and service provided;
  • credit history information;
  • information about any application for commercial credit you make with us including the amount of commercial credit you apply for;
  • commercial credit reporting information about you from a credit reporting body; and
  • any other information you provide to us via our website, by email, over the phone or otherwise.



Information collected directly from you

We may collect Personal Information from you or about you when you use our services or purchase our goods, make or update a booking to use our services, register to receive the EPH Group newsletters or other communications, visit the our websites, our Facebook page or other multimedia platform or otherwise interact with the EPH Group.

Information we collect automatically

We may automatically collect information from you and your devices when you use our websites or online services. This may include your IP address, the type of browser and device you use to access the websites, the web page you visited before coming to our websites, and other identifiers associated with the device you used to access our websites.

We note that our websites are not designed to respond to “do not track” signals received from browsers.

Information we collect from third parties

As well as collecting information directly from you, there may be occasions when we collect information about you from a third party. These third parties may include:

  • third parties making bookings on your behalf, or who otherwise interact with us on your behalf, including when you make an inquiry with a representative agent but do not proceed to a booking;
  • other related entities to the EPH Group;
  • credit providers and credit reporting bodies; and
  • publicly available sources of information.


We use technologies like cookies, pixel tags and web beacons to recognise you when you to visit our website or use our online services and to provide, improve, protect and promote our services and products.

What are cookies?

A “cookie” is a small text file which is placed on your computer or device by our webpage servers when you access our websites or online services. The purpose of a cookie is to help analyse web traffic and to allow our services to respond to you when you return to our services. Cookies are also used to enhance the secure use of our services.

Cookies are frequently used and in themselves do not identify the user, just the computer used.

How we use Cookies

When you browse our website or use our online services, we may record geographical tagging, cookies and statistical data. This may include your IP address, date and time of your visit, operating system, language preferences, device characteristics, pages visited, information downloaded and type of browser used to access the Services.

Why we use Cookies

Cookies help us:

  • recognise your device when you use our websites or online services;
  • manage and improve our websites and online services;
  • operate, evaluate and improve our business;
  • analyse your use of our services;
  • help diagnose technical and service problems; and
  • gather demographic information about our users.

Web Beacons

We also may use “web beacons” on our websites.  A web beacon, also known as a pixel tag or clear GIF, may be used to transmit information collected through cookies to our service providers’ servers, such as the server of Google AdWords.  These web beacons enable our service providers to compile anonymous information about your browsing activity.

Disabling Cookies

You can choose if and how a cookie will be accepted by configuring your preferences and options in your browser.  However, if you decide not to display cookies you may not experience optimum performance of our websites or online services.


You may see certain ads on other websites based on your visits to our websites because we participate in advertising networks administered by third-party vendors, such as Google AdWords. Ad networks allow us to target our messaging to users considering demographic data, users’ inferred interests and browsing context. These networks track your online activities over time by collecting information through automated means, including through the use of cookies, web server logs and web beacons. The networks use this information to show you advertisements that are tailored to your individual interests, to track your browser across multiple websites, and to build a profile of your web browsing.

To learn more about how to opt out of ad network interest-based advertising, contact us using our contact details in section 19 of this Privacy Policy.


We may use your information to offer you products and services that we think may be of interest to you, unless you have opted out of marketing communications.

Where required by applicable law, we will obtain your consent before sending you any marketing communications. You may withdraw your consent to the use of your data for marketing purposes at any time by contacting us on our contact details included in this Privacy Policy.

We will never provide your information to third parties for marketing purposes without receiving your consent.


If European Data Protection Laws applies, our lawful basis for collecting and using the information described in this Privacy Policy will depend on the information concerned and the specific context in which we collect or use it.

We normally collect or use Personal Information from you where we have your consent to do so, where we need the information to perform a contract with you or to provide our services or products to you upon your request, or where the processing is in our legitimate interests and not overridden by your data protection interests or rights and freedoms.

If you have questions about or need further information concerning the lawful basis on which we collect and use your personal information, please contact us using the contact details in section 19 of this Privacy Policy.


We hold your Personal Information in a combination of hard copy and electronic files. We have physical, electronic and procedural safeguards in place for personal information and take reasonable steps to ensure that your Personal Information is protected from misuse, interference and loss, and from unauthorised access, modification and disclosure.

The steps we take to protect your Personal Information include the following:

  • data held and stored on paper is stored in lockable offices and in secure premises;
  • data  held  and  stored  electronically  is  protected  by  internal  and  external firewalls, limited access via file passwords, and files designated read-only or no access;
  • when transferring information to others, we ensure that appropriate and suitable safeguards and data protection measures are in place to protect your personal information;
  • the use of firewalls, anti-virus software and ongoing internal monitoring;
  • where  we  disclose  personal  information  to  third  parties  our  contractual arrangements with them include specific privacy requirements;
  • only authorised personnel will have access to personal information; and
  • our staff receive training on privacy procedures.

Whilst we cannot ensure or guarantee that loss, misuse or alteration of information will never occur, we use all reasonable efforts to prevent it.

You should bear in mind that submission of information over the internet is never entirely secure. We cannot guarantee the security of information you submit via our website whilst it is in transit over the internet and any such submission is at your own risk.


We understand the importance of keeping Personal Information confidential, and will only disclose such information to others in limited circumstances.

Information shared to third parties

Third parties to which we may disclose Personal Information include:

  • credit providers and credit reporting bodies in accordance with the terms of the EPH Group’s Application For Commercial Credit;
  • the EPH Group’s professional advisers;
  • government and regulatory authorities;
  • the EPH Group’s related entities;
  • Credit Risk Insurers;
  • Trade Credit Insurance Providers;
  • Credit Reporting Bodies (default information);
  • contractors who provide services to the EPH Group or who manage services provided to an individual on the EPH Group’s behalf (but only to the extent necessary to enable them to provide these services).

Personal Information will generally only be disclosed to third parties in connection with (or for reasons directly related to) any of the purposes set out in this policy or otherwise with your consent. However, we may also be permitted or obligated to disclose Personal Information to other third parties where:

  • we reasonably believe that the disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety and it is unreasonable or impracticable to obtain your consent to the disclosure;
  • there is reason to suspect that unlawful activity, or misconduct of a serious nature, is occurring and that the disclosure is necessary for us to take appropriate action in relation to this matter;
  • we are required or authorized to do so by law and/or an enforcement body; or
  • as otherwise permitted by relevant privacy laws.

Company reorganisation


In the event that we undergo reorganisation or entities of the EPH Group are sold to a third party, any Personal Information we hold about you may be transferred to that re-organised entity or third party in compliance with applicable law.


We shall not directly disclose your Personal Information to overseas recipients without your prior consent.



We will only retain your Personal Information for as long as is reasonably necessary in relation to the purposes for which it was collected. We will also retain Personal Information to ensure compliance with any applicable statutory or regulatory obligations imposed on us in relation to the retention of records.

Where you have requested we stop processing your Personal Information for marketing purposes, we may retain a record of your request to ensure we abide by your request in the future.

When your Personal Information is no longer needed, or if you request that we delete any Personal Information which we hold about you, we will use secure methods to destroy or to permanently de-identify your Personal Information when it is no longer needed. For example, paper records are shredded or destroyed securely and any electronic records are deleted from all locations, to the best of our ability, or permanently de-identified.


Sensitive Information includes information or an opinion about a person’s racial or ethnic origin, political opinions, philosophical or religious beliefs or affiliations, membership of a political, trade or professional association or trade union, sexual preferences or practices, criminal record, health or genetic information, biometric information that is used for the purpose of biometric verification or identification, or biometric templates. We will only collect, hold or disclose Sensitive Information if you have consented or the collection is required or authorized by or under law or a court/tribunal order.


We collect credit information about you which includes, but is not limited to, your identification information and information about any application for commercial credit you make with us.

We also collect and hold commercial credit eligibility information about you which includes, but not limited to, commercial credit reporting information that we receive about you from a credit reporting body – i.e. Australian Securities Investment Commission extracts adverse or default reports, business summaries and profiles, PPSR Registrations, financial performance reports, trade credit reporting information and trade references.

We may also collect Personal Information about any other applicants and/or guarantors included in your application for commercial credit. If you provide Personal Information about any such third party to us, you confirm that you have authority from the applicable individual(s) to your disclosure of their personal information to us and to our use and disclosure of their Personal Information in accordance with this Policy.

So as to assess an application for commercial credit and your commercial credit standing at any time in the future, we may:

  • collect your Personal Information (including information about other applicants and any guarantors (if applicable)) from any application for commercial credit you make with us;
  • collect Personal Information (including credit information) about you, any other applicants and any guarantors (if applicable) from other sources including, but not limited to, any of the EPH Group related entities, credit reporting bodies and credit or debt collections agencies; and
  • obtain commercial credit reporting information from a credit reporting body about you, any other applicants and any guarantors (if applicable).

We may also use your information and, if necessary, disclose it to third party agencies (including, without limitation, the EPH Group’s credit risk insurers) in connection with any credit insurance arrangements that we choose to implement, as well as, to register any security interest granted to us under the terms of any commercial credit contract that we enter into with you.

We may also obtain commercial credit reporting information from time to time during the continuation of any commercial credit contract that we enter into with you.

We may also receive from and/or disclose to any other credit provider or any credit reporting body, personal information relating to your commercial credit worthiness for the purposes of exchange of information, assessing commercial credit worthiness, and/or notification of default at any time whether now or in the future.

Information we disclose to a credit reporting body (including default information) in accordance with this Policy may be held by such credit reporting body on its system and used to provide its credit reporting services (including maintaining its credit information files and disclosing information to its subscribers), in accordance with applicable privacy legislation.

If you default in your payment obligations to us, we may also disclose information relating to that default account to a collections agency for the purpose of receiving any or all of the amounts outstanding.

We may also disclose your personal information, including commercial credit reporting information, to our trade credit insurance providers.


Under the privacy legislation applicable to you, you may be entitled to exercise some or all of the following rights:

  1. Request (i) information as to whether your Personal Information is retained and (ii) access to and/or duplicates of your Personal Information retained, including the purposes of the processing, the categories of personal information concerned, and the data recipients as well as potential retention period
  2. Request rectification, erasure, removal or restriction of your Personal Information, for example, because (i) it is incomplete or inaccurate, (ii) it is no longer needed for the purposes for which it was collected, or (iii) the consent on which the processing was based has been withdrawn.
  3. Refuse to provide us with, or withdraw, your consent to processing of your Personal Information at any time.
  4. Object, on grounds relating to your particular situation, that your Personal Information shall be subject to processing. In this case, please provide us with information about your particular situation. After the assessment of the facts presented by you we will either stop processing your Personal Information or present you our compelling legitimate grounds for an ongoing processing.
  5. Object to us sending you direct marketing and profiling you for the purpose of direct marketing.
  6. Object to your data being subject to any automated decision making, including profiling (decisions based on data processing by automatic means, for the purpose of assessing several personal aspects).
  7. In certain circumstances receive your Personal Information that you have provided to us in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without hindrance from us.
  8. Lodge a complaint regarding our processing of your Personal Information with a relevant authority in a country where you live, work, or where you believe a breach may have occurred, or take legal action in relation to any potential breach of your rights regarding the processing of your personal information.

If you wish to contact us in relation to any of the rights outlined in this section, you can do so by contacting us using our contact details in section 19 of this Privacy Policy.


Our services and products are not directed at children under the age of 16.

If we learn that we have collected Personal Information of a child under 16 years old we will take steps to delete such information as soon as possible unless consent is given or authorised by the holder of parental responsibility over the child. If such consent is provided, the Personal Information will only be collected and used to the extent of the consent given.


If you have any questions, concerns, complaints or comments about this Privacy Policy or any requests concerning your personal information please contact us via email at admin@ephgroup.com.au or by writing to:

Privacy Officer, EPH Group
358 Whitehorse Road, NUNAWADING   VIC   3131

Ph: (03) 8878 9111

Fax: (03) 8878 9100