Privacy Policy

This policy explains how personal information is handled in the CRC Greenlight mobile applications for Australia and New Zealand.

1. Who we are

CRC Greenlight is a business catalogue app for CRC food-grade products. Depending on which regional app you use, the primary operator is:

In this policy, “CRC”, “we”, “us” and “our” mean the CRC entity that operates the regional app you installed, and (where relevant) its related CRC group companies that support the service.

Privacy enquiries for Australia and New Zealand may be sent to privacy.anz@crcind.com. General customer service: NZ customerservice.nz@crcind.com; AU customerservice.au@crcind.com.

2. Scope

This Privacy Policy applies to:

It does not replace CRC’s broader corporate website privacy notices (for example on crc.co.nz or crcindustries.com.au), which may apply to those websites separately.

CRC Greenlight is intended for business / workplace users (for example food manufacturing and related trades), not for consumer household use by children.

3. Information we collect

3.1 Account information you provide

When you create or manage an account we collect:

You can update your name and company text in the app. Email address changes are handled by contacting CRC support rather than self-service edit in the app.

Separately, CRC staff may associate your account with an internal company record used for push-notification targeting and reporting. That association is set by CRC administration and is not the same as the free-text company name you type.

If you use “Forgot password”, we process your email address to send a reset link through our email delivery provider.

3.2 Product usage information

To understand how the catalogue is used and to improve the service, the app may record the following events on your device and upload them to our servers when an authenticated session is available:

These events are associated with your user account (via your authenticated session) and app region. CRC staff may review aggregate and individual activity in internal reporting tools.

3.3 Push notification information

If you allow notifications, we collect an Expo push token, the device platform (iOS or Android), and region so we can send service and product communications through Expo and, ultimately, Apple Push Notification service (APNs) or Firebase Cloud Messaging (FCM).

3.4 Information we do not collect in the app

The current CRC Greenlight apps do not:

3.5 Optional internal notifications

When configured by CRC operations, creating a new account may trigger an internal email to CRC staff containing name, email, company text, and region solely for administration.

4. How we use information

We use personal information to:

5. How we share information

We do not sell your personal information. We share information only as needed to run the service, including with:

Recipient Purpose
Hosting / backend providers (for example Strapi Cloud or equivalent) Store account, catalogue, activity, and push-token data
Expo Deliver push notification messages
Apple (APNs) / Google (FCM) Deliver notifications to your device
Email / SMTP provider Password reset and (if enabled) internal registration alerts
Google Fonts Load fonts used on this website (www.crcgreenlight.com)
CRC group companies and authorised staff Support, analytics, and administration
Professional advisers / authorities Where reasonably necessary for legal compliance or protection

If CRC is involved in a corporate transaction (for example restructure or sale of assets), personal information relating to the app may be transferred as part of that process, subject to applicable law.

6. Information on your device

The app stores certain information locally on your device, including:

Using Delete account clears your login token, on-device favourites for that account, local notification inbox, and any queued usage events still waiting to upload. Offline catalogue caches of CRC product materials may remain on the device and are not themselves your personal profile data. Uninstalling the app removes the app and its local storage from that device.

7. Retention

We keep account and related activity records while your account remains active and for a reasonable period afterwards where needed for support, security, legal, accounting, or reporting obligations.

When you delete your account in the app, we permanently delete the user account record and associated push tokens and activity log entries from the live application database (subject to residual copies that may briefly remain in encrypted backups until those backups rotate, and any information we must retain by law).

8. Your choices and rights

8.1 In-app controls

8.2 Privacy requests

Depending on where you are and applicable law (including the Australian Privacy Principles and the New Zealand Privacy Act 2020), you may have rights to request access to, correction of, or deletion of personal information we hold about you, and to make a complaint.

Contact privacy.anz@crcind.com (or the customer service emails above). We may need to verify your identity before responding. If you are not satisfied, you may contact the Office of the Australian Information Commissioner (OAIC) or the Office of the Privacy Commissioner (New Zealand), as applicable.

9. Security

We use administrative, technical, and organisational measures designed to protect personal information, including encrypted transport (HTTPS) for production API traffic and hashed password storage. No method of transmission or storage is completely secure; please use a strong unique password and protect your device.

10. Children

CRC Greenlight is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has created an account, contact us and we will take appropriate steps.

11. Overseas disclosure

Service providers that help us host the app backend, send email, or deliver push notifications may process data in countries outside Australia or New Zealand (including the United States or European Economic Area, depending on the provider). Where we disclose personal information overseas, we take steps we consider reasonable in the circumstances to protect that information.

12. Changes

We may update this Privacy Policy from time to time. The “Last updated” date at the top will change when we do. Material changes may also be communicated in the app or by email where appropriate. Continued use of CRC Greenlight after an update means you acknowledge the revised policy.

13. Contact us

Privacy: privacy.anz@crcind.com

New Zealand customer service: customerservice.nz@crcind.com · +64 9 272 2700 · 10 Highbrook Drive, East Tamaki, Auckland 2013

Australia customer service: customerservice.au@crcind.com · 1800 224 227 · 9 Gladstone Road, Castle Hill NSW 2154

This document is a draft tailored to the CRC Greenlight apps’ documented data practices. It is not legal advice. CRC should confirm legal entity names, contact pathways, and retention periods with counsel before publication.