Privacy Policy
1. Background
The Culture Equation takes privacy seriously. We are committed to ensuring the protection of your personal information and safeguarding that information in a manner that recognises the trust that you place in us.
We also expect that our staff support us in ensuring our commitment to protecting privacy in compliance with our legal and regulatory obligations and have open and transparent management of personal information.
We hope to engender high standards of care when safeguarding and handling the personal information of our customers, clients, and any other third party.
2. Policy intent
This Customer Privacy Policy:
- sets out our commitment to protecting privacy, in compliance with our legal and regulatory obligations, and core principles for ensuring that compliance; and
- establishes compliance requirements for our customers and their personal information.
3. Who we are and what we do?
The Culture Equation Pty Ltd (ACN 631 803 159) engages with organisations through its experts to help those organisations build empowered and engaged workforces.
It offers a number of services to those organisations and their employees, for example, coaching, diversity training and culture realignment.
Our website is: www.thecultureequation.com.au
4. What is personal information?
Personal information is any information or an opinion about an identified individual or an individual who can be reasonably identified from the information or opinion. Information or an opinion may be personal information regardless of whether it is true.
5. What personal information do we collect and hold?
We collect information about you and your interactions with us, for example, when you use any of our services, participate in our interviews, focus groups, engagement surveys and feedback scores, or otherwise visit our website.
The information we collect from you may include:
- your name, address, email and phone number;
- your employer and previous employers;
- other employer related information, including your employment status, tenure, and other details that may be relevant to us to reasonably provide our services;
- details of any personal matters related to or arising from your sessions with us; and
- opinions on identified individuals.
We may collect information about how you access, use and interact with the website. We do this by using a range of tools such as Google Analytics. This information may include:
- the location from which you have come to the site and the pages you have visited; and
- technical data, which may include IP address, the types of devices you are using to
access the website, device attributes, browser type, language, and operating system.
We use cookies on the website. A cookie is a small text file that the website may place on your device to store information. We may use persistent cookies (which remain on your computer even after you close your browser) to store information that may speed up your use of our website for any of your future visits to the website. We may also use session cookies (which no longer remain after you end your browsing session) to help manage the display and presentation of information on the website. You may refuse to use cookies by selecting the appropriate settings on your browser.
However, please note that if you do this, you may not be able to use the full functionality of the website.
6. Why do we collect, hold, and use your personal information?
We collect, hold, and use your personal information so that we can:
- provide you with our services, and manage our relationship with you;
- engage in interviews, focus groups, engagement surveys and other forms of polling,
in support of and in furtherance of our services; - optimise our services and service offerings to you and other third parties;
- contact you, for example, to respond to your queries or complaints, or if we need to
tell you something important; - comply with our legal obligations and assist government and law enforcement
agencies or regulators; or - identify and tell you about our services that we think may be of interest to you.
There may be other occasions under applicable laws, where we consider that it is necessary to use or disclose your personal information for another reason, and where you would reasonably expect that we use or disclose your personal information for that secondary purpose, and that purpose is related to the primary purpose of our collection of your personal information, or in the case of sensitive information, it is directly related to the primary purpose.
If you do not provide us with your personal information, we may not be able to provide you with our services, communicate with you or respond to your enquiries.
7. How do we collect your personal information?
We will collect your personal information directly from you whenever you interact with us.
The Culture Equation Privacy Policy for Customers December 2021
We may collect information from third parties such as:
- your employer as part of providing our services to that employer, for example, when they assign us to work with you; and
- other employees within your organisation, for example, those who form part of a focus group or other engagement survey or polling.
8. How do we store and hold personal information?
We store most information about you in computer systems and databases operated either by us or our external service providers, such as our contractors. Some information about you is recorded in paper files that we store securely.
We implement and maintain processes and security measures to protect personal information which we hold from misuse, interference, or loss, and from unauthorised access, modification, or disclosure.
These processes and systems include
- the use of identity and access management technologies to control access to systems on which information is processed and stored;
- requiring all employees to comply with internal information security policies and keep information secure;
- requiring all employees to complete training about information security; and
- monitoring and regularly reviewing the organisation’s practise against our own policies and against industry best practice.
We will also take reasonable steps to destroy or de-identify personal information once we no longer require it for the purposes for which it was collected or for any secondary purpose permitted under the APPs.
9. Who do we disclose your personal information to, and why?
We may disclose personal information to external service providers so that they may perform services for us or on our behalf.
We may also disclose your personal information to others where:
- we are required or authorised by law to do so;
- you may have expressly consented to the disclosure, or the consent may be reasonably inferred from the circumstances;
- our professional advisors (legal, financial, business, risk management or other advisors), bankers, auditors for undertaking their professional services for us or our providers;
- our or our providers insurers and insurance brokers for any claim related matter (reporting an adverse incident) or the provision of required insurances to undertake services to you; and
- we are otherwise permitted to disclose the information under the Privacy Act.
If the ownership or control of all or part of our business changes, we may transfer your personal information to the new owner.
Please note that where we engage with individual employees to provide our services in confidential sessions, either one on one or as a group, we will not provide your employers with any personal information.
We only share de-identified results and general themes for the purpose of your employers’ decision making and organisational reviews and for us to effectively consult on culture and leadership.
This is important to engender trust and openness in the dialogue between us and you.
10. Do we disclose personal information to overseas recipients?
In the course of providing our services and managing our operations as an Australian based service provider, we will likely need to disclose personal information to locations outside either the state or the country in which you are physically located. For example, our customers’ which have related bodies corporate overseas and require such information as part of the provision of our services to those related bodies corporate.
Those recipients are likely to be located in U.K.
If you are based in Australia, this will mean that your personal information may be disclosed to, accessible from, held by or used in, a destination outside of Australia, in which privacy laws may not be as comprehensive as in Australia.
Regardless of the location of our disclosure, we will use reasonable commercial endeavours to impose the same privacy protection safeguards that we deploy inside of Australia and implement appropriate measures to ensure that your personal information is protected in accordance with applicable laws.
Similarly, where a third party service provider uses, hold, destroys, correct, or otherwise discloses, personal information on our behalf, we will use reasonable endeavours to ensure that appropriate measures are in place to ensure best practice safeguards against any loss of the disclose information, and any unauthorised access, use, modification or disclosure of the information, and additional measures where required for sensitive information, usually by including compliant contractual clauses in those agreement with such third party service providers.
Please be aware that by consenting to cross boarder disclosures of personal information under this Privacy Policy, we will not be responsible under applicable laws for any use, or in circumstances where the overseas recipient of the personal information is in breach of applicable laws. You will not be able to seek redress from us under applicable laws. You also may not be subject to the same protections under their privacy protections as are afforded under either the Australian Privacy Principles or similarly thereto and may not be in a position to seek redress for how they treat your personal information in the relevant overseas jurisdiction.
11. Do we use your personal information for marketing?
We will use your personal information to offer you services we believe may interest you, but we will not do so if you tell us not to. These services may be offered by us, our other business partners, or our service providers.
Where you receive electronic marketing communications from us, you may opt out of receiving further marketing communications by following the opt-out instructions provided in the communication.
12. How long do we keep your personal information for?
We will retain your personal information for as long as is necessary to fulfil the purpose for which this information was collected and any other permitted linked purposes (in accordance with time limits under relevant laws).
Our retention periods are also based on our business needs and good practice.
13. Access to and correction of your personal information
You may access or request correction of the personal information that we hold about you by contacting us. Our contact details are set out below. There are some circumstances in which we are not required to give you access to your personal information.
There is no charge for requesting access to your personal information, but we may require you to meet our reasonable costs in providing you with access (such as photocopying costs or costs for time spent on collating large amounts of material).
We will respond to your requests to access or correct personal information in a reasonable time and will take all reasonable steps to ensure that the personal information we hold about you remains accurate, up to date and complete.
14. Your rights under the EU GDPR
Under the European Union (EU) General Data Protection Regulation (GDPR), as a data subject you have the right to:
- access your data;
- have your data deleted or corrected where it is inaccurate;
- object to your data being processed and to restrict processing;
- withdraw consent to having your data processed;
- have your data provided in a standard format so that it can be transferred elsewhere; and
- not be subject to a decision based solely on automated processing.
(Data Subject Rights)
We have processes in place to deal with Data Subject Rights requests. Our actions and responsibilities will depend on whether we are the controller or processer of the personal data at issue. Depending on our role as either a controller or processor, the process for enabling Data Subject Rights may differ, and are always subject to applicable law.
Please refer to the Contact Details section of this policy if you have a specific need for assistance with a Data Subject Rights request.
15. Complaints
If you have a complaint about the way in which we have handled any privacy issue, including your request for access or correction of your personal information, you should contact us. Our contact details are set out below.
We will consider your complaint and determine whether it requires further investigation. We will notify you of the outcome of this investigation and any subsequent internal investigation.
If you remain unsatisfied with the way in which we have handled a privacy issue, you may approach an independent advisor or contact the Office of the Australian Information Commissioner (www.oaic.gov.au) for guidance on alternative courses of action which may be available.
16. Contact details
If you have any questions, comments, requests, or concerns, please contact us at:
Hiam Sakakini
CEO
[email protected]
17. Changes to this policy
From time to time, we may change our policy on how we handle personal information or the types of personal information which we hold. Any changes to our policy will be published on our website.
You may obtain a copy of our current policy from our website or by contacting us at the contact details above.