1. RESPECTING YOUR PRIVACY
Catalyze APAC Pty Ltd ( “Catalyze”, we, us, our”) is committed to ensuring that your privacy is protected.
We are a strategy consultancy, helping clients to prioritise and make robust sustainable decisions. We believe the best results are delivered through effective decision-making that engages people and aligns organisations.
We take all reasonable steps to implement and maintain practices, procedures and systems to ensure that we comply with all our obligations under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
Do not hesitate to contact us if you have any questions about this policy or any matters arising from it. Any questions about the general privacy principles may be directed to the office of the Australian Information Commissioner whose website details are: www.oaic.gov.au.
1. WHAT KINDS OF PERSONAL INFORMATION DO WE COLLECT AND HOLD?
The sort of information we collect and hold may include:
- your personal details such as your name, job title, email and/or physical addresses, telephone numbers and other contact information and demographic information (including the country you reside and industry you are involved in);
- your order number, customer reference number or loyalty identifier;
- how and when you access our site; and
- what, how and when you have engaged us.
The information we collect depends on the services that you buy, use or apply for.
If we need to collect and hold Sensitive Information (such as information relating to health, disability, ethnic origin, criminal convictions, religious or political affiliation), we will only do so where it is reasonably necessary to perform our functions and will seek your express written consent in advance. Collection of such Sensitive Information is done in accordance with the APPs.
Under the Privacy Act, you generally have the option of not identifying yourself or of using a pseudonym when dealing with us, but not where this is impractical or where the law or a court order provides otherwise. It will generally be impractical for you to deal with us anonymously or under a pseudonym, should you wish to enter into a contract with us. The reason for this is because your identity is a relevant factor creating a legally binding arrangement. It is material to our decision of whether or not to enter into agreements with you.
2. HOW DO WE COLLECT PERSONAL INFORMATION?
We collect information in a number of ways, including:
- directly from you when you provide information (such as an email address and personal details) by sending us a message, email, online request, phone or in documents. This may arise if/when:
- you make an application or fill out forms for us;
- you take part in our promotions, competitions, testimonials, surveys and focus groups;
- you register or create an account with us; or
- you purchase products or services from us online.
- from our own records and from purchases that you have previously made or other interactions you have been involved in;
- when you visit our websites, social media pages or mobile applications or click on our advertisements on online media, which may provide us with information about your computer hardware or software (for example “cookies“).
Please also be aware that in some circumstances we may receive your personal information from others. This includes:
- from an organisation you are involved with (for example, if you are copied into an email by a colleague); and
- information collected and collated from publicly available sources, including search engines, websites, social media, publicly available data bases, third party sources and referees, personal contacts and industry connections.
If you disclose personal information to us about someone else, you must ensure that you are authorised to disclose that information to us and that, without our taking any further steps required by applicable data protection or privacy laws, we may collect, use and disclose such information for the purposes described in this Policy.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
To opt out of being tracked by Google Analytics for all websites click here.
3. HOW DO WE HOLD PERSONAL INFORMATION?
Personal information we hold is stored on our web servers in secure environments. These servers may be operated by us or by our service providers.
In order to prevent unauthorised access or disclosure, we have in place numerous policies designed to protect physical and electronic information. These policies ensure records stay secure and information is only accessible on a “need-to-know” basis. Employees who do need to use data are trained in data protection and contractually obliged to confidentiality.
4. HOW DO WE USE PERSONAL INFORMATION?
We use personal information for the conduct of our business, to provide and promote our products and services and to engage in other business transactions involving our customers. In particular, we may use this Information to:
- process orders you have placed and provide services to you;
- verify your identity;
- assist you to clarify and access any of our relevant services more easily;
- learn of your likely preferences so that we may promote our products and services in a way which may be of most interest to you;
- consider any application you may make and provide or change the services you require,
- administer and manage those services, including charging, billing and collecting debts;
- gain an understanding of your information and needs in order for us to provide you with better, more personalised services that are tailored to your needs;
- promote goods and services that may be of interest to you;
- inform you of ways the services provided to you could be improved;
- conduct appropriate checks for fraud;
- assist in investigating your complaints and enquiries;
- research and develop our services using third party services;
- maintain and develop our business, systems and infrastructure, including testing and upgrading of these systems;
- assist statistical, actuarial or research analysis as we consider is necessary for business purposes;
- maintain and update our internal record keeping;
- notify you of our service offerings from time to time;
- comply with legislative and regulatory requirements; and
- engage in any other activity relating to our purpose as long as it complies with all relevant law.
By accessing our website, purchasing our products/services or continuing to engage with us, you consent to your personal information being collected, held and used in this way and for any other use you authorize. We will only use your personal information for the purposes described in this Policy or otherwise with your express permission.
Aggregation of non-personally identifiable data
By using our website, you agree that we can access, aggregate and use non-personally identifiable data we have collected from you. This data will in no way identify you or any other individual.
We may use this aggregated non-personally identifiable data to:
• assist us to better understand how our clients are using our products and services;
• provide our clients with further information regarding the uses and benefits of our products and services; and
• otherwise to improve our products and services.
Direct Marketing Purposes
We never disclose personal information that we collect to a third party for the purpose of allowing them to direct market their products and services unless you have given us your permission for us to do this. We may disclose personal information within our group of companies for the purpose of direct marketing.
|By accepting our services you expressly permit us to use your personal information for our direct marketing purposes and the purposes expressly set out in this policy. You consent to our use of your information to issue product and professional mail outs by email, fax, social media or letters and undertaking other marketing or service based activities. You may opt out of any direct marketing service at any time.|
Disclosure Of Information
We will only share your personal information with third parties where there is a legitimate business reason for doing so. For example:
- we may share your personal information with third party IT support providers for the purpose of system administration and recovery, data security, data storage and retaining back ups.
- If you are a client who has engaged with us in a project, we may share your personal information with other sub-contractors where they have been contracted to provide you with specialised services within that project.
In such cases, third-party service providers cannot use your personal data for their own purposes, but only specified purposes in accordance with our contract with them.
More broadly, the information collected will be used or disclosure by us:
- for the primary purposes listed in section 4 above;
- for the secondary purposes related to those purposes (but only if you would expect us to use or disclosure the Information for such secondary purpose); and
- in the case of Sensitive Information the secondary purpose must be directly related to the purposes listed above.
In addition, we may share your Information with our associated entities and our suppliers overseas. It is our policy to require all of our overseas sharing of personal information to be done in a way which requires observance of strict privacy and security standards, both during transit and at the overseas destination.
We may use new technologies from time to time and personal information may be stored outside Australia. We will not transfer personal Information to a recipient in a foreign country unless we have appropriate protections in place as required by the relevant privacy laws. Your information will be stored on our data base for such period of time as required or permitted by law.
5. HOW DO WE PROTECT PERSONAL INFORMATION?
We will take all reasonable steps to protect the Information we hold from misuse, interference and loss, and from unauthorised access, modification or disclosure. When Information is no longer needed or permitted to be held by law, we will destroy or de-identify it.
Accuracy of Information
We will take all reasonable steps to ensure that the information we collect, use and disclose is accurate, up-to-date and complete. Please contact us if there is a change in your circumstances that requires an update to be made to our data..
6. HOW CAN YOU ENQUIRE ABOUT, ACCESS AND CORRECT YOUR PERSONAL INFORMATION?
We will provide you with access to any of your personal information we hold (except in limited circumstances recognised by law). You may request access to the information which we hold about you and request its correction if you believe it to be incorrect. We can also correct your Information if we are satisfied that it is incorrect.
There are some circumstances where we can refuse to give access to information. These include where given access to the Information would:
(a) pose a serious threat to the life, health or safety of an individual or the public,
(b) have an unreasonable impact on the privacy of others; or
(c) be frivolous or vexatious.
The other exceptions are detailed the APPs.
If you wish to access or correct your Information, please contact us at firstname.lastname@example.org
For security reasons, any request for details of personal information held by us should be made in writing.
Before we provide you with access to your personal information, we may require some proof of identity.
7. HOW CAN YOU COMPLAIN ABOUT OUR MANAGEMENT OF PERSONAL INFORMATION?
If you wish to complain about a breach of the privacy rules that bind us, or our management of your privacy generally, you may access our internal dispute resolution (IDR) process by contacting us using the details above. We may ask you to put your complaint in writing and to provide details about it. We may discuss your complaint with our personnel and our service providers and others as appropriate.
If you are not satisfied with our response, you may lodge a complaint with the OAIC. The contact details of the OAIC are:
Office of the Australian Information Commissioner
GPO Box 2999
Telephone: 1300 363 992
We recognise and acknowledge the European Union’s General Data Protection Regulation (‘GDPR’). While it is unlikely that we are required to be GDPR compliant, we are committed to providing a consistent approach to data protection and ensuring the security and protection of personal Information.
10. DATA BREACHES
We are aware of and will comply with the Mandatory Data Breach reporting obligations as set out in the Privacy Act. If you become aware of a data breach please inform us, in writing, immediately.
11. YOUR CONDUCT
We are serious about the protection of the data that we collect. If you access or use our data improperly, including wrongfully accessing, disseminating, copying, using, streaming or otherwise publishing any of the content, most of which will contain personal information, we will prosecute you to the fullest extent permissible by law and you will fully indemnify us in relation to any damages, fines, costs, and penalties that may flow from your wrongful conduct.
13. MORE INFORMATION
More information about privacy law and privacy principles is available from OAIC, which can be contacted at the above address. If you have any other questions or enquiries, please feel free to contact us directly email@example.com
Date: August 2019