Privacy Policy for Restech Laboratories

 

Last Updated: 16 September 2025

1. Introduction & Scope

Restech Laboratories Pty. Ltd. (“we”, “us”, “our”) is committed to protecting the confidentiality, integrity, and availability of your personal information. Our website address is: https://www.restechlabs.com.au.

This Privacy Policy outlines our framework for managing, storing, and securing all digital information assets in compliance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) and other relevant legislation, such as the Information Privacy Act 2009 (Qld).

This policy governs all confidential information generated, managed, processed, stored, and transmitted within our systems. It applies to all personnel, contractors, clients, and other representatives of Restech Laboratories who have access to or provide us with confidential information through our services, including our website, the Restech Digital Chain-of-Custody (DCOC) Portal, and our laboratory information management system (Agilent SLIMS).

2. Responsibilities and Obligations

Protecting personal information is a shared responsibility:

• Laboratory Director: Holds overall responsibility for ensuring compliance with this policy and all relevant legislation.

• Laboratory Staff: Are responsible for creating and managing digital information in accordance with this policy. All staff with access to Confidential Information are obligated to keep it secure, use it only for authorized purposes, and immediately report any suspected security breaches.

3. Information We Collect (Data Classification)

We categorize data based on its sensitivity to ensure appropriate levels of protection:

• Public Information: Information openly shared and accessible to the public, such as business contact details, promotional material, and published research.

• Internal Information: Information limited to Restech personnel only, such as internal policies, business plans, system IP addresses, and financial forecasts.

• Confidential Information: Sensitive information requiring proper authorization for access, the loss of which could be harmful. This is the primary category of personal information we handle and includes:

  • Client & Employee Information: Names, contact details, and other personally identifying information.

  • Financial Information: Credit card and banking details for billing purposes.

  • Personal Identification: Driver’s license numbers and other government-issued identifiers.

  • Research & Analytical Data: All data, results, documentation, and records generated through our laboratory services.

  • Intellectual Property: Information secured by non-disclosure or confidentiality agreements.

4. How We Collect and Use Information

We collect personal information directly from you when you engage with our services, register on our DCOC Portal, communicate with us, or visit our facilities. This information is used exclusively for its intended purpose: to provide and manage our laboratory services, process payments, communicate with you, and comply with our legal and regulatory obligations. We will not disclose your confidential information to any unauthorized third party without your explicit consent, unless required by law.

5. Website and Mobile Application Privacy

This section details the specific privacy practices for our website and any associated mobile applications.

5.1 Comments

When visitors leave comments on the site, we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available at: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

5.2 Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

5.3 Cookies

Our website uses “cookies” to improve user experience.

• If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

• If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

• When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

• If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

You may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser.

5.4 Google Analytics

We use Google Analytics to gather metrics and understand how visitors engage with our website. Google Analytics collects information anonymously and reports website trends without identifying individual visitors. This information helps us analyze traffic and improve our website.

5.5 Embedded Content from Other Websites

Articles on this site may include embedded content (e.g., videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction if you have an account and are logged in to that website.

5.6 Mobile Application

Should Restech Laboratories provide a mobile application, this policy will extend to its use. Any personal information collected through the mobile application will be collected only with your explicit consent and used solely for the purpose of providing and improving the application’s services.

5.7 E-COC (Electronic Chain Of Custody) Mobile Application Privacy Policy

This section outlines the privacy practices for the E-COC (Electronic Chain Of Custody) mobile application (the “App”). The App is intended for use only by authorized contractors and technicians who have been granted access by their respective testing companies.

All individuals authorized to use this App have agreements governing their use of the application and the collection of data necessary for its functionality. The data collection practices outlined below are in accordance with these agreements and compliance requirements.

Information We Collect

To ensure the functionality of the E-COC App and to facilitate the sample submission process, we collect the following information from authorized contractors and technicians:

Contact Information:

– Name: Used for App Functionality and is linked to the contractor’s or technician’s identity.
– Email Address: Used for App Functionality and is linked to the contractor’s or technician’s identity.
– Phone Number: Used for App Functionality and is linked to the contractor’s or technician’s identity.
– Physical Address: Used for App Functionality, linked to the contractor’s or technician’s identity, and for tracking purposes related to sample collection sites.

Location Information:

– Precise Location: Used for Sampling Location Verification, App Functionality, and for tracking purposes.
– Coarse Location: Used to Match with Job address, App Functionality, is linked to the contractor’s or technician for tracking purposes.

How We Use Information

The information collected from our authorized contractors and technicians is used strictly for the following purposes:

App Functionality: To provide the core features of the E-COC App, including authenticating the authorized contractor or technician and creating the chain of custody record.
Product Personalization: To customize and enhance the application experience for the technician or contractor.
Tracking: For purposes related to application performance, service delivery, and accurately logging sample collection locations as required for the chain of custody.

6. Who We Share Your Data With

Visitor comments may be checked through an automated spam detection service. If you request a password reset, your IP address will be included in the reset email. An anonymized string created from your email address may be provided to the Gravatar service to see if you are using it.

7. How Long We Retain Your Data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

8. Your Rights Over Your Data

You have certain rights regarding the personal data we hold about you.

• Access and Correction: You have the right to request access to your personal information and to request its correction.

• Data Portability: If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us.

• Erasure: You can request that we erase any personal data we hold about you. To do this, you are required to send a physical letter to our mailing address and inform us via our contact form at https://www.restechlabs.com.au/contact-us/. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

9. Data Security, Storage, and Retention (Business Records)

As a fully digital laboratory, data security is a critical concern. We implement robust technical and organizational measures to protect your information.

9.1 Platform Security (Agilent SLIMS)

Our primary data management platform is a cloud-based service hosted by Agilent on secure AWS infrastructure, which is certified against ISO 27001/27002, SOC1, SOC2, and SOC3 security standards. Key security features include encryption, access control, threat detection, and unalterable audit trails.

9.2 User Access and Authorization

Access to our systems is strictly controlled.

• SLIMS Access: Each laboratory staff member has a unique login and password with role-based authorization.

• DCOC Portal Access: Staff use a shared login for administration, while each client receives a unique login for their specific data.

9.3 Data Back-up and Restoration

All data within SLIMS is backed up and replicated across multiple physical AWS availability zones. We also maintain offline, encrypted hard disk backups of all analysis data, performed every 6 months.

9.4 Record Retention (Business Records)

We retain business-related digital documents and records—including DCOC, personnel records, and analysis records—for the operational lifespan of the company to meet regulatory and quality assurance requirements.

10. Third-Party Integration and Compliance

To enhance efficiency, we integrate third-party software with our SLIMS platform. We ensure that any third-party vendor complies with stringent IT encryption standards (HTTPS, TLS, AES-256).

11. Non-Compliance

Failure to comply with this policy by our staff or contractors may result in disciplinary action, up to and including termination of employment or contract, and may expose the individual to legal liability.

12. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our business practices or legal requirements. This policy is reviewed annually by the Laboratory Director. The latest version will always be available on our website.

13. Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our handling of your personal information, please contact us at:

The Laboratory Director
Restech Laboratories
59 Fairfield Rd.
Fairfield QLD, 4103

info@restechlabs.com.au