Last updated October 2023
How we collect your personal data
When you visit our Website or use our Services, we collect personal data. The ways we collect it can be broadly categorised into the following:
Google Analytics Tracking
We may update this list from time to time. You can control or reset your cookies through your web browser and, if you choose to, you can refuse all cookies. However, some of the features of our Website and Services may not function properly if you disable the ability to accept cookies.
Children’s personal data
We do not knowingly collect personal data from anyone under the age of 16. If you are a parent or guardian and you become aware that your child has provided us with personal data, please contact us using the details set out in the Contact us section below. If we become aware that we have collected personal data from anyone under the age of 16 without parental consent, we take steps to remove that information from our servers.
How we use your personal data
We use your personal data to operate our Website and provide you with any Services you’ve requested, and to manage our relationship with you. We also use your personal data for other purposes, which may include the following:
Where you have given your consent: We may seek your consent to use your personal data for a particular purpose in addition to those set out above. Where you give your consent for us to do this, we will use your personal data in accordance with that purpose. You can withdraw your consent to these uses at any time.
For European Union data protection purposes, we are a processor of your personal data. When we process personal data subject to the EU General Data Protection Regulation (Regulation 2016/679) (the GDPR) and any applicable national laws made under the GDPR (together, Applicable Data Protection Laws), we’ll only process it:
When we share your personal data
There will be times when we need to share your personal data with third parties. We will only disclose your personal data to:
We also adhere to the additional obligations imposed by Applicable Data Protection Laws when it comes to sharing your personal data. Where we process personal data on your behalf and you are a controller with respect to that personal data under the GDPR, you consent to us engaging third-party subprocessors to process the personal data for the purposes of performing our contract with you provided that:
You may object to our appointment or replacement of a subprocessor prior to its appointment or replacement, provided such objection is based on reasonable grounds relating to data protection. Where you do object, we will either not proceed with the appointment or replacement or, if we determine in our sole discretion that this is not reasonably possible, you may terminate the contract that you have with us without penalty (subject to any fees incurred by you up to and including the date of termination).
International data transfers
Subject to any business agreement we have with you, when we share personal data, it may be transferred to, and processed in, countries other than the country you live in – such as to Australia, and other countries where our data hosting provider’s servers are located, or where our third party service providers are located. These international transfers are made in order to provide you with, and improve, our Website and Services. Where we disclose personal data to a third party in another country, we put safeguards in place to ensure your personal data remains protected. For individuals in the European Economic Area (EEA), this means that your data may be transferred outside of the EEA. Where your personal data is transferred outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA data, or to a third party where we have approved transfer mechanisms in place to protect your personal data (for example, by entering into the European Commission’s Standard Contractual Clauses).
We follow generally accepted industry standards to protect the personal data submitted to us, both during transmission and once we receive it (including encryption and password protection). However, no method of transmission over the Internet using industry standard technology is 100% secure which means we cannot guarantee the absolute security of your personal data.
Links to other websites
Access from other websites
Retention of your personal data
The length of time we keep your personal data depends on what it is and whether we have an ongoing business need to retain it (for example, to provide you with a service you’ve requested or to comply with applicable legal, tax or accounting requirements). We’ll retain your personal data for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our data retention policies and practices. Following that period, we’ll make sure it’s deleted or anonymised.
You have rights to know what personal data we hold about you, and to make sure it’s correct and up to date, request a copy of your personal data, or ask us to restrict processing your personal data or delete it and to object to our continued processing of your personal data. You can exercise these rights at any time by making a request using the contact details in the “Contact Us” section below. Please note that we may ask you to verify your identity before responding to such requests. If you have an account with us, you may update certain account information by logging into your account.
Where you work for an organisation that is using our Services, you should first direct your queries about your personal data that has been shared with us to your organisation.
Subject to our legal obligations, we may limit or reject your request in certain cases, including without limitation where the burden or expense of providing access would be disproportionate to the risks to your privacy for that particular situation or where the rights of other persons would be violated.
If you are unhappy with our data practices and are located in:
Director of Compliance
Office of the Australian
Information Commissioner GPO Box 5218
Sydney NSW 2001