I.C.L.R.A

Privacy Policy

Who we are

The Crown Licensing Regulatory Authority are authorised and licensed, under the Crown Attorney General, to issue licenses and registrations with the scope of our regulations and contained within our legal policies menu. Our website address is: https://iclrauthority.org.

Privacy Policy

Last updated: October 2025

Your privacy is important to us. This statement explains how your personal information is collected, used, stored and protected when you use our licensing application and renewal system (“the platform”).

1. Purpose of Collection

We collect only the information needed to:

  • Create and manage your licence application or renewal.
  • Verify your identity and supporting documents.
  • Send required notifications such as status updates or renewal reminders.
  • Meet record-keeping and compliance obligations under Australian law.

We do not collect personal information for marketing or advertising purposes.

2. How You Log In

You can access the platform using a secure email login link or one-time code.
We do not use Google, Apple or other third-party sign-ins.
This means your login details are kept private and never shared with outside identity providers.

3. Information We Collect

  • Account information: name, email address, contact details.
  • Application details: form responses, supporting documents and declarations.
  • System metadata: timestamps, session identifiers and technical logs to ensure security.
  • Optional information: only if required for a specific licence type.

We minimise the amount of data collected and never request unnecessary personal information.

4. Document Uploads

  • Accepted file types: JPG and PDF only.
  • Files are stored in secure, encrypted cloud storage with limited, time-bound access.
  • Documents are used solely to verify eligibility and identity.
  • Once a licence is finalised, documents are retained for the required period then deleted.

5. Retention and Deletion

  • Application and document records are kept for seven (7) years after licence expiry or decision.
  • Security and access logs are kept for up to two (2) years.
  • After the retention period, data is securely destroyed or anonymised.
  • You may request earlier deletion where legally permitted (for example, withdrawn applications).

6. Audit and Transparency

Every key action in the system—such as submissions, approvals or document updates—is automatically logged.
Logs record what changed, who made the change, and when, providing a full history of each application.
These logs are read-only and used for dispute resolution and compliance checks.

7. Access Control

Access to your information is tightly managed:

  • Only authorised team members can review applications.
  • Staff roles are divided into functions such as reviewer, support, and audit.
  • Developers and super-admins cannot process or alter licence decisions.
  • All privileged accounts use multi-factor authentication.

8. Data Security

  • All data is transmitted over encrypted HTTPS connections.
  • Databases and document storage are encrypted at rest.
  • Regular backups are kept in secure, geographically-restricted storage.
  • Logs and archives are protected by tamper-evident safeguards.
  • Security access is reviewed quarterly.

9. Your Rights

You can:

  • View your application history through your secure account.
  • Correct errors before submission or by contacting support after submission.
  • Request copies of your stored information.
  • Request deletion, subject to legal and record-keeping requirements.

All privacy requests are logged and acknowledged within reasonable timeframes.

10. Automated Emails

We use email only to:

  • Confirm your login or submission.
  • Send status updates, renewal reminders or re-submission notices.

Emails are sent through a secure provider (SMTP2GO) and contain no marketing or tracking pixels.

11. Third-Party Access

We do not share or sell personal data.
Limited technical service providers (such as secure email or hosting platforms) may process data under strict confidentiality agreements and only for essential system operations.

12. Training and User Guidance

To reduce errors and protect your privacy, the platform includes:

  • Examples of acceptable and unacceptable document uploads.
  • Brief videos and checklists on how to provide correct documentation.
  • Clear explanations when a document needs to be corrected or replaced.

This helps you complete your application confidently without resubmitting unnecessary personal data.

13. Data Breach Response

In the unlikely event of a data breach:

  • We will investigate immediately and take remedial steps.
  • Affected users and authorities will be notified in line with the Australian Notifiable Data Breaches (NDB) scheme.
  • Incident reports and corrective actions are documented for transparency.

14. Contact Us

For privacy or data-access requests, please contact:

Privacy Officer
Email: iclra@mail2one.com