5 May 2023 | Version 1.3
We adhere to the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) and to the extent applicable, the European Union (EU) General Data Protection Regulation and the United Kingdom’s (UK) equivalent regulation (collectively referred to as the GDPR).
This policy will cover:
- Who this policy applies to;
- What information we collect about you;
- How we use information we collect;
- How we share information we collect;
- How we store and secure information we collect;
- How to access and control your information;
- How we transfer information we collect internationally;
- How to get in touch with us; and
- Other important privacy information.
Who does this policy apply to?
This policy will apply to you if you’re currently working with us on an engagement (as a client or contractor), if you visit or use our website, if you attend or register for our training or events, if you licence our products or if you otherwise interact with us.
What information do we collect about you?
We collect your personal information depending on the type of relationship we have with you. Your “personal information” is information we hold which is identifiable as being about you. This includes information such as your name, email address, identification number, or any other type of information that can reasonably identify an individual, either directly or indirectly, and other information connected with your identifiable information that tells us something about you, such as the courses you have attended or products you have purchased.
Information you provide to us
|Your relationship to us||The information we collect about you|
|If you’re one of our clients or potential clients||It’s likely that you’ve shared information with us. That might include your name, email, address, occupation and details of other communications we’ve had with you.|
|If you’re interested in our training courses or you register for our training||We’ll likely collect your name, email, address, occupation and details of other communications we’ve had with you. We may also ask you for your financial information to process your course registration. Once you attend our training, we’ll also collect and store any feedback you provide to us about the course.
|If you sign up to one of our products||We’ll collect information when you register for an account, create or modify your profile, set preferences, sign up for or make purchases. This will include your contact information and may include billing information.
We’ll also collect and store content that you post, send, receive and share when using our product based on settings you or your administrator (if applicable) select. Some of the collaboration features of the Services display some or all of your profile information to other Service users when you share or interact with specific content. We will also collect and store any feedback you provide to us, the files and links you upload to the Services and any information regarding any technical issues you may have.
|If you visit our website or social media pages||We may collect information that you’ve shared with us, both directly and indirectly.
Information shared directly could include the details you’ve chosen to share with us when making a contact enquiry, providing feedback, downloading our documents or where you participate in a survey, contest, promotion, activity or event.
Information shared indirectly could include the information we collect automatically when you visit our website, during which time we may collect certain information such as browser type, operating system, and websites visited immediately before coming to our site, etc. This information is used in an aggregated manner to analyse how people use our site, and used to improve our Services.
|If you otherwise provide us with billing information||We will collect your billing information when you register or request certain paid Services. For example, we ask you to designate a billing representative, including name and contact information. You might also provide payment information, such as payment card details, which we collect via secure payment processing services.|
|If you work for us, or apply for a job with us||We may collect detailed information about you. As well as your name, email, address and previous occupations, we may also ask for your bank details, superannuation account, residency status, CV or emergency contacts. We will only ever keep this info subject to applicable laws, and if it will help us work with you as a contractor, or a potential staff member.|
|If you share sensitive information with us||Information that may be considered ‘sensitive’ under the Australian Privacy Act should not be shared with us. This could include information such as your racial or ethnic origin, or religious and political views. If you do share such information with us, we will not retain it.
If a third party shares this type of info with us, we’ll get in touch with you so you can let us know if you are comfortable with this, or if you want us to remove this information from our records.
Information we receive from other sources
We may receive information about you from other Service users, from third-party services, from our affiliate companies, social media platforms, public databases, and from our business partners, including advertising and market research partners. We may combine this information with information we collect through other means described above. This helps us to update and improve our records, identify new customers, and suggest services that may be of interest to you.
How we’ll use and disclose your information
We’ll only ever use your personal information for the purpose you shared it for. This includes:
- to provide Services and personalise your experience;
- to communicate with you about the Services;
- to market and promote our current and future services, training and events;
- to provide our newsletters and information on topics related to our business;
- to conduct research and development on our current and future Services;
- to provide you with training or to enable you to undertake training with our partner organisations;
- to enable you to receive training certification with our partner organisations;
- to conduct surveys on our Services;
- to improve the operation of our website and Services;
- to provide you with customer support and respond to technical support issues;
- to protect our legitimate business interests and legal rights; and
- for any other purpose where you’ve given us your consent.
We may use your personal information for other purposes that are related to the above. If we do this then we will make you aware of the purpose at the time of collection, unless it is otherwise permitted or required under law.
Where we use your personal information for direct marketing purposes it will be sent directly from us. You will be given the opportunity to “opt out” of receiving future correspondence. Where we send you these types of messages, you are entitled to request us to tell you where we obtained your personal information. We will provide you with this source unless it is impractical or unreasonable to do so.
Legal basis for processing (for EEA users)
If you are an individual in the European Economic Area (EEA) or the UK, we collect and process information about you only where we have legal basis for doing so under applicable EU laws. The legal basis depends on the Services you use and how you use them but it means we only collect and use your information where:
- We need it to perform our contract with you to provide you with the Services, including to operate the Services, provide customer support and personalised features and to protect the safety and security of the Services;
- It satisfies a legitimate interest (which is not overridden by your data protection interests). The legitimate interests for which we process your personal data are: research and development in respect of our services, to enable us to improve these for all our customers; to market and promote the Services; to protect our legal rights and interests; and to provide you with services that we have been engaged to provide by another party, such as your employer;
- You give us consent to do so for a specific purpose that is not covered by any other legal basis; or
- We need to process your data to comply with a legal obligation.
If you’ve consented to our use of information about you for a specific purpose that is not covered by any other lawful basis, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party have a legitimate interest to do so, you have the right to object to that use but, in some cases, this may mean you can no longer use the Services.
Will Elabor8 give my personal information to anyone else?
We are not in the business of selling information about you to advertisers or other third parties. However, there are times when we might share your information with our local or international partner organisations and service providers to make sure we can provide you with the Services or communicate with you. Where we need to disclose your information to an international partner organisation, these providers are typically located within the United States of America and the United Kingdom.
Third parties we may need to share information with include:
- Where you attend a certified training course, the certification organisation, which may be located overseas;
- Third parties that help us operate, provide, improve, integrate, customise, support and market our Services (e.g. our cloud service providers that host our Services);
- Third parties when you give us consent to do so (e.g. personal testimonials we put on our website that are publicly available);
- Where we must comply with enforcement requests and applicable laws or enforce our rights; and
- Our affiliated companies (this policy applies to the information we share with them).
Links to third party sites
Our Services may from time to time have links to other websites not owned or controlled by us. These links are meant for your convenience only. Links to third party websites do not constitute sponsorship or endorsement or approval of these websites. Please be aware that we are not responsible for the privacy practices of other such websites. We encourage our users to be aware, when they leave our website, to read the privacy statements of each and every website that collects personal identifiable information.
How we transfer information we collect overseas
As we use cloud service providers to host many of our Services, your information may be transferred, processed and stored outside your country of residence for the purposes described in this policy. We still control any data collected but we rely on cloud suppliers to manage the infrastructure, operations and delivery of cloud services. We have assessed the security controls and compliance of these cloud providers to ensure they meet our strict security, data protection and compliance requirements and, where applicable, have put in place written agreements with these suppliers that comply with the GDPR.
How we store and secure your information
Whether it’s stored in a physical or digital format, we always work towards making sure your information is safe and secure. This includes taking measures like applying password protection, using secure server and document management systems and ensuring any inactive data is archived.
We will do everything we can to comply with digital and legal best practice when managing and mitigating unauthorised access. However, no data transmission over the internet or email is totally secure, so you should be aware that any personal information you send us over the internet and email is sent at your own risk.
How long we keep information we collect about you depends on the type of information we have collected. The information will be kept for no longer than is necessary for the purposes for which it is being provided. After this time, we will either delete or anonymise your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.
Your legal rights
Where you are resident in the UK or EEA, you have specific legal rights in relation to your personal information, as set out below. We will respond to your requests free of charge.
Where you are resident in Australia or the United States, or other locations where we provide our services, you have rights under applicable law and regulations, which may include some of the rights set out below. We reserve our right to charge you a reasonable fee for the preparation and provision of your information or correction of it.
We can decide not to take any action in relation to a request where we have been unable to confirm your identity (this is one of our security processes to make sure we keep information safe) or if we feel the request is unfounded or excessive. We may charge a fee where we decide to proceed with a request that we believe is unfounded or excessive. If this happens we will always inform you in writing.
Access: You must be told if your personal information is being used and you can ask for a copy of your personal information as well as information about how we are using it to make sure we are abiding by the law.
Correction: You can ask us to correct your personal information if it is inaccurate or incomplete. We might need to verify the new information before we make any changes.
Deletion: You can ask us to delete or remove your personal data if there is no good reason for us to continuing holding it or if you have asked us to stop using it (see below). If we think there is a good reason to keep the information you have asked us to delete (e.g. to comply with regulatory requirements), we will let you know and explain our decision.
Restriction: You can ask us to restrict how we use your personal data and temporarily limit the way we use it.
Objection: You can object to us using your personal data if you want us to stop using it. If we think there is a good reason for us to keep using the information, we will let you know and explain our decision.
Portability: You can ask us to send you or another organisation an electronic copy of your personal data.
Get in touch with us
Get in touch with our team. We’d love to hear from you if:
- You have feedback, questions or concerns regarding your privacy and how we engage with you;
- You wish to exercise your rights in relation to your personal data as set out above; or
- You wish to make a complaint about Elabor8’s use of your data.
Your right to anonymity
We respect your right to remain anonymous or use a pseudonym when interacting with us, where it is lawful and practicable. For example, you can make an inquiry to us by phone without providing your personal information.
How to contact us
You can reach us via email or phone:
+61 3 9008 7250
You can also submit an enquiry via our online form: https://elabor8.com.au/contact/
Making a complaint
We hope to discuss any concerns or complaints you have with our policy personally, but if you are not satisfied with our response, you can contact your local data protection authority within Australia, the European Economic Area, the United Kingdom, or Switzerland (as applicable) for unresolved complaints.
|Country / authority||Contact details|
|Australia: Office of the Australian Information Commissioner||Tel: +61 1300 363 992|
|Hong Kong: Office of the Privacy Commissioner for Personal Data||Tel: +852 2827 2827|
|New Zealand: Privacy Commissioner||Tel: +64 0800 803 909|
|Philippines: National Privacy Commission||Tel: +63 8234 2228|
|Singapore: Personal Data Protection Commission||Tel: +65 6377 3131|
|United Kingdom: Information Commissioner’s Office||Tel: +44 0303 123 1113|
Changes to this policy