Privacy Policy
Last updated: February 2026
1. About Trusted Firms Global and this policy
TFG Certification Pty Ltd (ABN: 16 695 393 429) (“Trusted Firms Global”, “we”, “us”, “our”) operates the Trusted Firms Global certification programme at trustedfirms.global.
This policy explains how we collect, use, disclose, and protect personal information in connection with our certification activities, this website, and related communications. It applies across:
- — Australia — under the Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs)
- — United Kingdom — under the Data Protection Act 2018 and UK GDPR
- — European Economic Area (EEA) — under the EU General Data Protection Regulation (GDPR)
Service quality reviews are conducted by Client Culture Pty Ltd (ABN: 88 619 177 132) on behalf of certified firms. For information about how Client Culture handles personal data collected during quality reviews, please refer to the Client Culture Privacy Policy.
2. Data controller
TFG Certification Pty Ltd is the data controller for personal information collected through this website and the certification process. Client Culture Pty Ltd acts as a separate data controller for personal information collected during service quality reviews.
Contact: privacy@trustedfirms.global
3. What data we collect
Firm and applicant data
Firm name, contact details, invoicing records (for Verified and Gold tier audits), and certification results. Collected from firms during the application and certification process.
Adviser credential data
Individual adviser names, associated firm, and certification status, displayed on public verification pages with the adviser's knowledge and consent.
Website enquiries
Name, firm name, email, and other details provided through the application form on this website.
Technical data
IP address, browser type, and usage data collected automatically when you visit this website.
4. How and why we process personal data
Conducting certification assessments and audits
Legal basis (UK/EU): Contract performance / legitimate interests
Operating public verification pages
Legal basis (UK/EU): Legitimate interests (public accountability of certification)
Benchmarking aggregate results across certified firms
Legal basis (UK/EU): Legitimate interests
Communicating with firms about certification and renewal
Legal basis (UK/EU): Contract performance
Responding to website enquiries
Legal basis (UK/EU): Consent / pre-contractual steps
Legal and compliance obligations
Legal basis (UK/EU): Legal obligation
5. Disclosure to third parties
We only share personal data:
With Client Culture Pty Ltd, who conducts service quality reviews on behalf of certified firms
With Vercel (hosting and infrastructure) and Resend (transactional email delivery) as authorised processors
With regulators, courts, or law enforcement where required by law
We do not sell personal information.
6. International transfers
Our infrastructure is hosted in Australia and the United States (via Vercel). Where personal data is transferred internationally, we rely on European Commission Standard Contractual Clauses (2021) with the UK International Data-Transfer Addendum for transfers from the UK and EEA, and on adequacy decisions or appropriate safeguards where available.
7. Data retention
Certification data is retained for the duration of the certification relationship and for a reasonable period thereafter for record-keeping and appeals purposes. Service quality review data is retained in accordance with the Client Culture Privacy Policy.
8. Your privacy rights
EU / UK (GDPR)
Access, rectification, erasure, restriction of processing, data portability, right to object, right to withdraw consent, and the right to lodge a complaint with your data protection authority.
Australia (APPs)
Access to and correction of personal information held about you, and the right to make a complaint to the Office of the Australian Information Commissioner (OAIC).
To exercise any right, contact privacy@trustedfirms.global. We respond within 30 days.
9. Complaints
If you believe we have not handled your personal information appropriately, contact us at privacy@trustedfirms.global. If we are unable to resolve your concern, you may contact:
— Australia: Office of the Australian Information Commissioner (OAIC) — oaic.gov.au
— United Kingdom: Information Commissioner's Office (ICO) — ico.org.uk
— EEA: Your local EU supervisory authority — ec.europa.eu