Privacy Regulations

Privacy Regulations

Privacy Act

We understand the importance to our c­lients and to their ­customers of the discreet and confidential handling of their personal information. Blue Star DIRECT is committed to protecting the privacy of any personal information we hold about individuals on behalf of our clients in accordance with the Privacy Act 1988 and the Australian Privacy Principles contained in all activities involving the collection, use, disclosure and handling of personal information.

You can find a copy of our Privacy Policy HERE

General Data Protection Regulation (GDPR)

As a Data Processor, Blue Star DIRECT will ensure that:

  • We implement appropriate technical and organisational measures that ensure compliance with the GDPR and protect the rights of the data subject (Article 28(1)) – we maintain ISO 27001 Information Security certification and ongoing assessments including SOC2 for ASAE 3402 – an Assurance Report on Controls over Security, Availability, Processing Integrity, Confidentiality and Privacy.
  • We will only process data in accordance with documented instructions from the controller (Article 28(3)).
  • All staff have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality, we also conduct Police, Anti-Terrorism and Anti-Money Laundering background checks on all staff members.
  • We will not engage another processor without the authorisation of the data controller (Article 28(2)).
  • We will assist the data controller (our clients) to satisfy their responsibilities in terms of security obligations, data protection impact assessments and DBN notifications.
  • We also implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, as determined through our Risk Management Guidelines (as it also applies to data controllers) (Article 32).

Spam Act

Blue Star DIRECT understand and comply to the SPAM Act and will support our clients to ensure that:

  1. Ensuring our clients have the necessary express or inferred consent to ensure that their electronic messages comply to the SPAM Act;
  2. All commercial electronic messages contain clear and accurate identification of the sender of the message and information on how you can contact the sender;
  3. Finally, that all commercial electronic messages contain an unsubscribe facility.

For further information on these requirements, please contact us at

How can we help you?