Effective Date: 29th January 2020
1. Our Commitment to Your Privacy
1.3. The European Union’s privacy law, known as “GDPR”, may apply to certain types of information, certain people and certain processes in accordance with that law. However, the GDPR is unlikely to apply in most situations where Personal Information is being processed by LIW in respect of individuals who are in Australia. Nevertheless there may be circumstances where GDPR does apply to Your Personal Information, and in this case We will comply with GDPR when We deal with that Personal Information.
1.4. You can be assured that, at a minimum, We will treat Your Personal Information in accordance with Australian privacy law, where Australian privacy law applies, or in accordance with GDPR, where GDPR applies.
1.5. However, where it is lawful and practical to do so, We will also extend to all individuals similar rights as those that are provided to data subjects who are protected under GDPR, in respect of their:
1.5.1 right of access;
1.5.2 right to object;
1.5.3 right of portability;
1.5.4 right of erasure or the right to be forgotten.
1.8.1 Leading Initiatives Worldwide Pty Ltd T/A LIW3;
1.9. Our business activities and functions include:
1.9.1 promoting, offering, selling and performing leadership consultancy, training, education and development;
1.9.2 promoting, offering, selling and conducting leadership based surveys, feedback and other leadership based benchmarking services; and
1.9.3 any business activities related or ancillary to any of these activities.
1.12. “GDPR” means the General Data Protection Regulation (EU) 2016/679.
1.13. “Personal Information” means:
1.13.1 information that is defined under Australian privacy laws as Personal Information or other information that is subject to Australian privacy laws, where Australian privacy laws apply; or
1.13.2 “personal data” as defined under GDPR, where the GDPR applies to the information, and/or the individual and/or the processing of that Personal Information.
1.14. “Privacy Collection Notice” means a notice that is used to inform You of the purpose for which We will use Personal Information, the legal basis for processing that Personal Information, the categories of recipients, any overseas transfers of the Personal Information and other details relating to the processing of Personal Information that complies with the requirements of GDPR. A Privacy Collection Notice is most often used at the point where We collect Personal Information from You.
1.15. “Sensitive Information” means:
1.15.1 information that is defined under Australian privacy laws as “sensitive information”, where Australian privacy laws apply; or
1.15.2 “special category data” as defined under GDPR, where the GDPR applies to the information, and/or the individual and/or the processing of that Personal Information.
2. What Personal Information do We Collect and Hold?
2.1. We may collect and hold the following types of Personal Information:
2.1.1 name, honorific or title and gender;
2.1.2 personal and business address, phone number, fax number, email address, Skype address and other business or personal addresses/contact details/identifiers and social media identifiers;
2.1.3 individual’s business or vocation status, including job role, job description, job title, employment status, education status, educational institute, courses, status and identifiers;
2.1.4 voicemail recordings left in Our phone system and images that individuals have made publicly available or provided to Us;
2.1.5 biometric information, video and sound recordings from Our security systems;
2.1.6 demographic information such as location at any point in time, preferences or interests;
2.1.7 information, including data, images, video and sound recordings, that You, or people authorised by You enter into Our software programs and services or use the features in Our software programs or services to import from other software applications;
2.1.8 information about the products or services that You purchase or consider purchasing from Us, Our suppliers or business associates;
2.1.9 information about enquiries made to Us, Our suppliers or business associates;
2.1.10 information You provide when You raise a support enquiry or when We are working with You to resolve a technical or administrative query;
2.1.11 information that You provide in response to market research, surveys or competitions that are conducted by or for Us;
2.1.12 information that You provide in response to marketing or training events that We attend e.g. information You give Us when We have a stand at a trade show or industry event or at presentations We give;
2.1.13 information that is provided in respect of employment, contract work, work experience or similar, whether solicited or unsolicited;
2.1.14 credit card or details of other payment methods used on Our website, software programs or services, to purchase Our products and services or in connection with Our support of community or charitable causes;
2.1.15 other Personal Information that is independently provided by You without Us requesting it; and/or
2.1.16 cookies, metadata, pixels and other information set out in section 8 below, which may identify You when used by itself or in conjunction with any of the information set out above.
2.2. Generally We do not collect or hold Sensitive Information. The only exceptions to this rule are:
2.2.1 where the Sensitive Information is collected by our security or access systems when You visit Our offices or You seek access to Our systems;
2.2.2 where the Sensitive Information is directly linked to the individual’s employment records and Our collection, holding and use is permitted by applicable law for the purpose managing the individual’s employment record;
2.2.3 where Sensitive Information is provided to Us in connection with the individual seeking employment, internship, work experience, contract work or similar, whether solicited or unsolicited;
2.2.4 where You provide this Sensitive Information in connection with Us operating Our business or providing Our services, e.g. You may provide Us with health related information when We ask about Your dietary requirements in connection with an all-day training course that We are running.
3. How do We Collect and Hold Personal Information?
3.1. We collect Personal Information in a number of ways, including:
3.1.1 through Our website;
3.1.2 through communications with You, including letters, emails, telephone calls, voicemail messages, facsimiles, surveys, competitions, events and via social media applications;
3.1.3 through communications with others;
3.1.4 in the course of You using Our software programs and services, when You or people authorised by You load those details into the software programs or services;
3.1.5 in the course of providing Our products and services to You, including providing support through Our support service;
3.1.6 when You visit Our offices or seek access to Our systems;
3.1.7 when Our suppliers provide Us with that Personal Information;
3.1.8 in the course of Our business functions and activities.
3.2. When We collect Personal Information We will, wherever practical and in compliance with any legal requirements, use a “Privacy Collection Notice” which will provide You with more detailed information as to the exact nature of the Personal Information We collect, the purpose for which We will use the Personal Information, the legal basis for processing that Personal Information, the categories of recipients, any overseas transfers of the Personal Information and various other details that may be necessary for Us to meet Our obligations under Australian privacy laws and GDPR.
3.3. We hold Personal Information:
3.3.1 in Our hard copy files;
3.3.2 in the databases associated with the software programs or services that You have licensed from Us;
3.3.3 in other systems that We use in connection with Our business, some of which may be owned and operated by Our suppliers (please also see section 6); and
3.3.4 in the database associated with Our website.
3.3.5 Providing it is lawful and practical, We will give You the option of not identifying yourself, using a pseudonym, or not providing Personal Information when You enter into a transaction or deal with Us.
3.4. If You elect not to provide Us with Personal Information then We may not be able to provide You with the information, products, services or support that You may want.
3.5. You will not be able to access Our offices or systems without providing Us with biometric or other Personal Information that is required by Our access control systems.
3.6. Where it is practical, We use encryption or We process Personal Information in a manner that does not attribute the individual directly to that individual’s Personal Information to enhance its security.
3.7. We may receive other unsolicited Personal Information in the course of Our business, for example You send Us an unsolicited job application that includes Your CV and personal details.
3.8. Where the unsolicited Personal Information is subject only to Australian privacy laws, We will deal with that Personal Information in accordance with Australian privacy laws.
3.9. Where We are required to do so by law (e.g. where GDPR applies), We will notify You when We receive any Personal Information about You, confirm to You the purposes for which We intend to use that Personal Information, and deal with this Personal Information in accordance with Our legal obligations.
4. The Purposes for which We use Personal Information
4.1. We collect, hold, use, process and disclose Personal Information for the following purposes:
4.1.1 pursuing Our business activities and functions;
4.1.2 ensuring the security of Our offices and systems;
4.1.3 allowing the technical support personnel to provide assistance to You (or Your employer), if needed;
4.1.4 facilitating interactions between You (or other people who You are acting for) and Us or between You (or other people who You are acting for) and other people and organisations who are accessible via Our website or other electronic means;
4.1.5 facilitating payment for the purchase of products or services through Our website or otherwise. In this case You may be directed to (or We may use to facilitate the transaction) a third party website (a secure internet payment gateway) approved by the relevant financial institution within Your country of access with whom You bank to enter Your credit/debit/charge card or other payment mechanism details. This third party may in turn integrate the payment software with a third party payment application provider who assists in managing the payment transaction. Where You are redirected in this way, You will be subject to the privacy policies of the third party providers;
4.1.6 performing certain functions via Our website, e.g. conducting surveys,
market research, mail outs, competitions, completing forms or using social media;
4.1.7 conducting surveys, market research, mail outs and competitions off line;
4.1.8 improving the quality of Our website and Our products and services;
4.1.9 allowing You to participate in interactive features of Our service, when You choose to do so;
4.1.10 developing or adding additional products and services from Us or existing or new people and organisations that are accessible via Our website;
4.1.11 Our training and quality assurance purposes;
4.1.12 Our website safety and security purposes;
4.1.13 Our administrative purposes;
4.1.14 allowing technical support personnel to manage Our infrastructure, systems, databases other applications or tools;
4.1.15 statistical analysis of the usage of Our website or applications or tools that are accessed via the website;
4.1.16 if We sell or finance some or for all of Our business or its assets then We may transfer Personal Information to the potential or actual buyer or funder (and their professional advisers) in connection with the transaction; and/or
4.1.17 complying with applicable laws, including relevant privacy legislation.
4.2. Where You are subject only to Australian privacy laws, You consent to Us collecting, holding, using, processing and disclosing Your Personal Information for the purposes set out in section 4.1.
4.3. Where the information, and/or the individual and/or the processing of Your Personal Information is subject to GDPR, We advise You that We have a legitimate interest for collecting, holding, using and disclosing Your Personal Information for the purposes set out in section 4.1 and this is necessary to enable Us to conduct Our business activities and functions efficiently. In this case We will provide more details of the purposes for which We use Your Personal Information on the relevant Privacy Collection Notice provided at the time We collect the Personal Information from You.
5. Direct marketing
5.1. We also collect, hold, use, process and disclose Personal Information for the purpose of direct marketing of any of Our other services or products which We consider may be of interest to You or other people how you are acting for only where You have given Us consent in a form that complies with the relevant law.
5.2. If You have given Us Your consent to provide You with direct marketing communications We may collect, hold, use, process and disclose Personal Information in accordance with that consent to enable Us to provide You (or other people who You are acting for) information about, and offer You (or other people who You are acting for), other products and services that We offer and which We consider may be of interest to You or them.
5.3. If You give Us consent to provide You with direct marketing communications We will provide a simple means where You can request not to receive direct marketing communications. Where You have consented to Us providing Your Personal Information to any of Our suppliers or business associates identified to You so they can provide You with direct marketing communications, You may request that We stop sharing any such Personal Information with that supplier or business associate.
5.4. We shall only obtain Personal Information about You from a third party source for the purpose of direct marketing where such Personal Information has been processed lawfully by the third party who has provided. You may request that We disclose the source of that Personal Information. We will respond to any request made under this section within a reasonable period in accordance with applicable law and at no cost to You.
5.5. We will seek specific consent by way of opt-in for any direct marketing that We intend to carry out.
6. Storage and Disclosure of Personal Information (including overseas transfers)
6.1. We take appropriate technological and organisational measures to secure Personal Information and protect it from loss or unauthorised disclosure or damage.
6.2. All Personal Information provided to Us will be held for so long as We reasonably require to deliver services to You or to Your employer or as otherwise required for regulatory or other legal purposes.
6.5. Transfers of Personal Information to overseas jurisdictions will take place in the following circumstances:
6.5.1 where We have a group company or a contractor assisting Us with Our business activities and functions;
6.5.2 where Our website, or any hosting service We use to support Our internal or customer facing software or software as a service, is hosted by Us or a third party, and the hosting facilities and/or the back-up/disaster recovery sites are located overseas;
6.5.3 where a third party application is being used in connection with Our interactions with You, e.g. when We use email or Skype, the third party providers of the relevant application have their applications hosted overseas and/or use the internet through which Personal Information is transported automatically across any country around the world;
6.5.4 where analytics and search engine providers assist Us in the improvement and optimisation of Our website.
6.6. The countries in which We know that Personal Information may be processed and/or transferred to include:
6.6.1 the country in which Our contractor who is assisting Us provide a service to You is located;
6.6.3 the United Kingdom; and
6.6.4 the United States of America.
6.7. Wherever an overseas transfer of Personal Information occurs, it will be made in accordance with applicable law. More details of overseas transfers will be provided on Our Privacy Collection Notices.
6.8. Where We have given You (or where You have chosen) a password which enables You to access certain parts of Our website or any part of Our services, You are responsible for keeping this password confidential. You must not to share a password with anyone.
6.9. Unfortunately, the transmission of information via the internet is not completely secure. Although We will do Our best to protect Your Personal Information, We cannot guarantee the security of Your Personal Information transmitted to Our site; any transmission is at Your own risk. Once We have received Your Personal Information, We will use appropriate procedures and security features to prevent unauthorised access.
7. Use of Social Media
7.3. We accept no responsibility or liability for any Personal Information that You publish on any third party application or social media application.
8. Cookies, Metadata and Site Data Activity
8.1. A cookie is a small piece of computer code which remains on Your computer and contains information which helps Us identify Your browser. A cookie can be used to identify You, either by itself or with other data that is generated by Our website or that We or others may have access to.
8.4. If You do not allow some of the cookies to be used some or all of the website or other applications or tools on it might not be accessible to You. Our Cookie Notices will explain which cookies are important to the use of the website.
8.5. Sometimes information that You upload is provided with associated metadata. If You do not want Us (or third parties) to use the metadata You must remove it by erasure from the underlying document/materials properties before uploading it onto the website and other applications and tools.
9. Links to other Websites and Applications
9.1. Our website includes links to other websites, applications and tools that are not owned or operated by Us. We not responsible for the content of those websites, applications or tools, nor for any products, services or information contained in them or offered through them. You should review the privacy policies and terms and conditions of use of those websites, applications and tools when You visit them. We do not endorse, recommend, condone or represent the companies or any content on any third party linked website and may terminate the link or linking program at any time.
10. How to Access and Seek Correction of Your Personal Information or Complain
10.1. Under applicable privacy legislation We must ensure that Your Personal Information is accurate and up to date. Therefore, please advise Us of any changes to Your Personal Information promptly.
10.2. If You want to find out what Personal Information We hold on You, or You believe any of Your Personal Information that is held by Us:
10.2.1 is not being processed lawfully;
10.2.2 is inaccurate, out of date, incomplete, irrelevant or misleading;
10.2.3 is not necessary for Us to continue to hold it;
10.2.4 is not being processed lawfully and You require Us to suspend or stop processing it,
or You wish for Us to delete or port Your Personal Information to a third party provider, then You can contact Us, and We will either provide You with access to the Personal Information (in so far as We are legally able and required to do so by applicable law,) or We will delete it, correct it or deal with it as applicable, within a reasonable period in accordance with applicable law.
10.3. Where your Personal Information is subject to GDPR We will provide you the rights set out in section 10.2 in accordance with GDPR. Where your Personal Information is subject to Australian privacy laws, We will provide you these rights at least in accordance with Our obligations under Australian privacy law (if any), and where it is lawful and practical for Us to do so, to the same extent as if GDPR applied.
10.4. You can contact Us by email at the following email address email address: firstname.lastname@example.org.
10.6. We will aim to respond to any complaint within 10 business days of the date of receipt. We will attempt to resolve Your complaint to Your satisfaction. If You are not satisfied with how We deal with Your complaint You may contact the relevant regulatory authority in Your country.
10.7. If you make any such complaint, We may be obliged to report that complaint to the relevant regulator within the time frames set out in the relevant legislation. We may also be obliged to self-report breach of privacy to the relevant regulator within the time frames set out in the relevant legislation.
10.8. The privacy regulator in Australia is the Office of the Australian Information Commissioner, whose contact details are on their website at: www.oaic.gov.au
10.9. If You are entitled to the benefits of GDPR then You may send Us any notice or communication through Our “representative” (as provided for under Article 27 of GDPR) whose contact details are:
10.10. You can contact our Privacy Officer at email@example.com or in writing at LIW, Unit 4/2 Daydream Street, Warriewood 2102 NSW, Australia.
10.11. Our LIW data protection officer is Sharon Lindner.