Effective from 10 August 2020
We care about your data and want to be transparent about what information we collect, why we collect it and how we may use and share information about you.
We adhere to the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) and to the extent applicable, the EU General Data Protection Regulation (GDPR) and California Consumer Protection Act (CCPA).
This policy will cover:
- Who this policy applies to
- What information we collect about you
- How we’ll use information we collect
- How we share information we collect
- How we store and secure information we collect
- How to access and control your information
- How we transfer information we collect internationally
- How to get in touch with us
- Other important privacy information
Elabor8, we and us, refers to Elabor8 Pty Ltd and any of our corporate affiliates. We offer a wide range of services and products. We refer to all of these products, together with our other services and websites as “Services” in this policy.
Who does this policy apply to?
This policy will apply to you if you’re currently working with us on an engagement (as a client or contractor), if you visit or use our website, if you attend or register for our training or events, if you licence our products or if you otherwise interact with us.
If you don’t agree with this policy, do not access or use our Services or interact with any other aspect of our business.
What information do we collect about you?
The type of personal information we collect will generally depend on the type of relationship we have with you.
“Personal information” is information we hold which is identifiable as being about you. This includes information such as your name, email address, identification number, or any other type of information that can reasonably identify an individual, either directly or indirectly.
Information you provide to us
If you’re one of our clients or potential clients, it’s likely that you’ve shared information with us. That might include your name, email, address, occupation and details of other communications we’ve had with you.
If you sign up to one of our products, we’ll collect information when you register for an account, create or modify your profile, set preferences, sign up for or make purchases. This will include your contact information and may include billing information. We’ll also collect and store content that you post, send, receive and share when using our product based on settings you or your administrator (if applicable) select. Some of the collaboration features of the Services display some or all of your profile information to other Service users when you share or interact with specific content. We will also collect and store any feedback you provide to us, the files and links you upload to the Services and any information regarding any technical issues you may have.
For visitors to our website or social media page, we might collect information that you’ve shared with us directly and indirectly. Direct information could include the details you’ve chosen to share with us when making a contact enquiry, providing feedback, downloading our documents or where you participate in a survey, contest, promotion, activity or event.
Where you need to give us payment information, this may be collected when you register or request certain paid Services. For example, we ask you to designate a billing representative, including name and contact information. You might also provide payment information, such as payment card details, which we collect via secure payment processing services.
For anyone who interacts with us, if you choose to share information that’s considered ‘sensitive’ under the Australian Privacy Act, this is entirely up to you. This could include things like racial or ethnic origin, or religious and political views. If a third party shares this type of info with us, we’ll get in touch with you so you can let us know if you are ok with this or want us to remove this information from our records.
For contractors or potential team members, the type of information we collect might be more detailed. As well as the things above, we may ask for your bank details, superannuation account, residency status, CV or emergency contacts. We’ll only ever keep this info if it will help us work with you as a contractor, or a potential staff member.
Information we collect automatically when you use the Services
We collect information about you when you use our Services, including browsing our websites and taking certain actions.
When you visit our website we may collect certain information such as browser type, operating system, website visited immediately before coming to our site, etc. This information is used in an aggregated manner to analyse how people use our site, such that we can improve our service.
Information we receive from other sources
We may receive information about you from other Service users, from third-party services, from our affiliate companies, social media platforms, public databases, and from our business partners, including advertising and market research partners. We may combine this information with information we collect through other means described above. This helps us to update and improve our records, identify new customers, and suggest services that may be of interest to you.
How we’ll use and disclose your information
We’ll only ever use your personal information for the purpose you shared it for. This includes:
- to provide Services and personalise your experience
- to communicate with you about the Services
- to market and promote our current and future services, training and events
- to provide our newsletters and information on topics related to our business
- to conduct research and development on our current and future Services
- to provide you with training or to enable you to undertake training with our partner organisations
- to enable you to receive training certification with our partner organisations
- to conduct surveys on our Services
- to improve the operation of our website and Services
- to provide you with customer support and respond to technical support issues
- to protect our legitimate business interests and legal rights
- for any other purpose where you’ve given us your consent
We may use your personal information for other purposes that are related to the above. If we do this then we will make you aware of the purpose at the time of collection, unless it is otherwise permitted or required under law.
Where we use your personal information for direct marketing purposes it will be sent directly from us. You will be given the opportunity to “opt out” of receiving future correspondence. Where we send you these types of messages, you are entitled to request us to tell you where we obtained your personal information. We will provide you with this source unless it is impractical or unreasonable to do so.
Legal basis for processing (for EEA users)
If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have legal basis for doing so under applicable EU laws. The legal basis depends on the Services you use and how you use them but it means we only collect and use your information where:
- We need it to provide you the Services, including to operate the Services, provide customer support and personalized features and to protect the safety and security of the Services;
- It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests;
- You give us consent to do so for a specific purpose; or
- We need to process your data to comply with a legal obligation.
If you’ve consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party have a legitimate interest to do so, you have the right to object to that use but, in some cases, this may mean you can no longer use the Services.
Will Elabor8 give my personal information to anyone else?
There are times when we might share your information with our local or international partner organisations and service providers to make sure we can provide you with the Services or communicate with you. For example, if you attend a certified training course we’ll need to share your information with the certification organisation which may be located overseas. We’re not in the business of selling information about you to advertisers or other third parties.
Other third parties we may need to share information with are:
- third parties that help us operate, provide, improve, integrate, customise, support and market our Services (eg. our cloud service providers that host our Services)
- third parties when you give us consent to do so (eg. personal testimonials we put on our website that are publicly available)
- where we must comply with enforcement requests and applicable laws or enforce our rights
- our affiliated companies (this policy applies to the information we share with them)
Where we need to disclose your information to an international partner organisation, these providers are typically located within the United States of America and the United Kingdom (though these locations may change from time to time).
We may also disclose your personal information to other third parties where it is required or permitted under any applicable law.
Links to third party sites
Our Services may from time to time have links to other websites not owned or controlled by us. These links are meant for your convenience only. Links to third party websites do not constitute sponsorship or endorsement or approval of these websites. Please be aware that we are not responsible for the privacy practises of other such websites. We encourage our users to be aware, when they leave our website, to read the privacy statements of each and every website that collects personal identifiable information.
How we store and secure your information
Whether it’s stored in a physical or digital format, we always work towards making sure your information is safe and secure. This includes things like applying password protection, using secure server and document management systems and ensuring any inactive data is archived.
We will do everything we can to comply with digital and legal best practice when managing and mitigating unauthorised access. However, no data transmission over the internet or email is totally secure so you should be aware that any personal information you send us over the internet and email is sent at your own risk.
How long we keep information we collect about you depends on the type of information we have collected. The information will be kept for no longer than is necessary for the purposes for which it is being provided. After this time, we will either delete or anonymise your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.
How we transfer information we collect overseas
As we use cloud service providers to host many of our Services, your information may be transferred, processed and stored outside your country of residence for the purposes described in this policy. We still control any data collected but we rely on cloud suppliers to manage the infrastructure, operations and delivery of cloud services. These cloud providers primarily include Google, Amazon and Atlassian. We have assessed the security controls and compliance of these cloud providers to ensure they meet our strict security, data protection and compliance requirements.
How can I access and control my information?
We take reasonable steps to ensure personal information is accurate, complete, up-to-date, relevant and not misleading.
You have certain choices available to you when it comes to your information. These include the right to:
- request a copy of your information
- to object to our use of your information (including for marketing purposes)
- to request the deletion or restriction of your information
- to request your information in a structured, electronic format.
You can exercise these choices by contacting us on firstname.lastname@example.org.
In some circumstances we may deny your request but if this happens we’ll provide you with written reasons. We also reserve our right to charge you a reasonable fee for the preparation and provision of your information or correction of it.
Note that we may need to retain certain information for record keeping purposes, to complete transactions or to comply with our legal obligations.
Get in touch with us
Get in touch with our team. We’d love to hear your feedback, questions or concerns on privacy and how we engage with you.
You can reach us via email or phone:
+61 3 9008 7250
We hope to discuss any concerns or complaints you have with our policy personally, but if you’re not satisfied with our response you can get in touch with your local data protection authority within Australia, the European Economic Area, the UK, or Switzerland (as applicable) for unresolved complaints.
Other important privacy information
If you are a California resident, there are some additional rights that may be available to you under the California Consumer Protection Act (“CCPA”), including the right to deletion and the right to request access to the categories of information we have collected about you. If you want to exercise one of these rights please contact us.
Changes to this policy