To download a PDF copy of our privacy policy, click here.

Lasted updated May 2017

Effective Governance Pty Ltd (CAN 122 322 301) and its Related Bodies Corporate (eG).

In this Privacy Policy, the expressions “eG”, “we”, “us” and “our” are a reference to Effective Governance Pty Ltd (ACN 122 322 301) and its Related Bodies Corporate (as defined by the provisions of the Corporations Act 2001 (Cth)).

This Privacy Policy applies to personal information collected by us.  We are bound by the Australian Privacy Principles and the Privacy Act  1988 (Cth), which govern the way private sector organisations collect, use, keep secure and disclose personal information.

The purpose of this Privacy Policy is to generally inform people of:

  • how and when we collect personal information;
  • how we use and disclose personal information;
  • how we keep personal information secure, accurate and up-to-date;
  • how an individual can access and correct their personal information; and
  • how we will facilitate or resolve a privacy complaint.

If you have any concerns or complaints about the manner in which your personal information has been collected, used or disclosed by us, we have put in place an effective mechanism and procedure for you to contact us so that we can attempt to resolve the issue or complaint.  Please see Section 12 for further details.

If you have any concerns or questions, please contact us and our privacy officer at zac.zahner@effectivegovernance.com.au or call us on (07) 3510 8111 and our privacy officer will then attempt to resolve the issue.

We recommend that you keep this information for future reference.

1. What is personal information?

The Privacy Act  1988 (Cth) defines “personal information” to mean any information or an opinion about an identified individual, or an individual who is reasonably identifiable:

  • whether the information or opinion is true or not; and
  • whether the information or opinion is recorded in a material form or not.

2. The kinds of personal information collected, used and disclosed by eG

We will only use or disclose your personal information for the primary purposes for which it was collected or as consented by you.

At or around the time we collect personal information from you, we will endeavour to provide you with a notice which details how we will use and disclose that specific information.

We set out some common collection, use and disclosure instances in the table below.

Purpose Type of Information Uses Disclosures
General enquiries / Website “Contact Us” / Governance Action Plan survey Contact information: such as your name, company name, address, billing address (if different to address), email address, board membership details and phone numbers.
Transaction sales: (where applicable to your enquiry) such as:
Delivery information.
Billing and account details.
Payment card details.
Customer Service: information collected in connection with your enquiry by our customer services department and staff.
Governance Action Plan survey: any personal information you provide to us in completing our online Governance Action Plan survey.
The types of uses we will make of personal information collected for this type of purpose include:
Identity verification: if required, the verification of your identity, and to protect eG’s websites from security threats, fraud or other criminal activities.
Services: using your personal information in the provision of our services to you including:
assisting you with payment processing, including charging, credit card authorisation, verification and debt collection;
and
providing other customer service functions, including handling customer enquiries and complaints.
Marketing: using your personal information for the purposes set out in “Marketing” section below.
Governance Action Plan survey: using your personal information to assess your governance practice and make recommendations for you.
General administrative and security use:
The use for the administration and management of eG.
The maintenance and development of our products and services, business systems and infrastructure.
In connection with the sale of any part of eG’s business or a company owned by an eG entity.
For quality assurance purposes.
The types of disclosures we will make of personal information collected for the type of purposes listed include, without limitation, to:
Third parties connected with the sales process including ecommerce, payment gateway providers and financial institutions.
Service providers (including IT service providers and consultants) who assist eG in providing our products and services.
Related bodies corporate of eG (including related entities).
Third parties in connection with the sale of any part of eG’s business or a company owned by an eG entity.
Third parties connected with the marketing process who assist us in providing our products and services to you.
As required or authorised by law.
New assignment New and potential assignments:
Your name, company name, address, billing address (if different to address), email address, board membership details and phone numbers.
Alternative contact (name, address and phone number).
Bank account (including bank statements), credit or debit card details.
Any personal information recorded in documentation or business cards that you provide to us during or prior to your engagement of eG to provide our services to you.
For full details relating to uses of personal information in relation to the use of credit information, please refer to our Credit Reporting Policy.
Provision of services: the provision of our services to you, including by contacting you for information on your governance practices and to provide you with governance advice.
Vendor and supplier payments: the processing of any payments and refunds, credit card authorisation, verification and debt collection if applicable.
Credit checks: using director details to conduct checks for financial standing and credit-worthiness (as detailed in our Credit Reporting Policy).
Marketing: using your personal information for the purposes set out in “Marketing” section below.
General administrative and security use as detailed in the Uses column for “General enquiries / Website “Contact Us” / Governance Action Plan survey”.
For full details relating to disclosures of personal information in relation to any credit information, please refer to our Credit Reporting Policy.
In summary, we may disclose this type of personal information to:
Our contractors, agents and third party providers who undertake billing and credit services on our behalf.
Third party providers who assist us in providing our products and services to you.
Third parties, such as external debt recovery agents, court or other entities to which we are required by law to disclose personal information.
The parties listed in the Disclosure column for “General enquiries / Website “Contact Us” / Governance Action Plan survey”.
p;
Marketing Contact information: Such as your name, company name, email address, current postal and residential addresses, and phone numbers.
eG News blog: Information such as:
your name and email address; and
any other personal information you provide as contained in the message section of your comment on our eG News blog.
Newsletter subscriptions: the personal information you provide us in order to subscribe to our newsletter, such as your name, organisation name and email address.
Competitions: any personal information you provide to us as part of your entry into our competitions, such as our business card draw.
Social media activity: including “likes”, comments posted, any of your oppositions or feedback, photos posted or uploaded and other information pertaining to your social media activities which concern, or relate, to eG.
General marketing and consumer analytics: using your personal information:
To aggregate with other information and to then use it for marketing and consumer analytics.
To offer you updates on products, events or information that may be of interest to you, including same from our related entities.
For marketing and promotional activities by us and our related entities (including by direct mail and email) such as our email alerts, product awareness information and to send you our newsletters.
For the Uses detailed above in “General enquiries / Website “Contact Us” / Governance Action Plan survey.
Online accounts or social media: If you participate in our social media platforms (such as Twitter and LinkedIn) and you provide us your personal information, we will use it for:
Adding account holders to the marketing database.
Customer service related contact.
Responding to social media messages.
Fulfilling social media platform rules.
We may disclose your personal information to:
Third parties connected with the marketing process who assist us in providing our products and services to you.
The parties listed in the Disclosure column for “General enquiries / Website “Contact Us” / Governance Action Plan survey”.
Human Resources Contact information: such as your name, e-mail address, current postal and residential address, phone numbers, country of residence, next of kin contact details.
Employee record information
Identifying information: such as your photo, passport and residency details, date of birth.
CV, resume or application related information: Such as the details provided in your resume or CV, your eligibility to work in Australia, your education, previous employment details, professional memberships or qualifications.
Tax, superannuation and payroll information: Such as your Tax File Number and ATO Declaration, Superannuation details and financial institution details.
Background check information: Information obtained from you or third parties to perform background checks.
Medical or health information which you voluntarily provide to us as part of pre-employment medicals, random drug and alcohol testing or such other information which may be related to an incident which has occurred during the course of your employment.
Performance related information: Pre-employment testing and other information collected by eG’s systems in the course of the employee or contractor’s engagement with eG.
Information collected from referees
Security information: Such as CCTV footage and photographs taken our premises.
Background checks: Utilising the information collected for the purpose of assessing candidate suitability for role, including by obtaining:
Verification of your identity and age.
Criminal history background checks including publically available information including Facebook, Twitter, Instagram, YouTube.
Confirmation of eligibility to work in Australia.
Confirmation of education and qualifications.
Confirmation of previous employment.
Consideration regarding medical leave.
Administration and performance monitoring use: Utilising the information collected for the purpose of:
Dealings related to the employer/employee relationship or the contractor/principal relationship (as the case may be).
Use of such information whether or not the employment or contractor relationship is prospective, current or past.
Use of such information to monitor systems, performance and time usage and internet usage.
The use of your personal information collected in the administration and management of eG.
In connection with the sale of any part of eG’s business or a company owned by an eG entity.
We may disclose your personal information to:
Relevant superannuation company.
Government agencies, including but not limited to The Australian Taxation Office, Centrelink and Child Support Agency.
Relevant Worker’s Compensation organisation (e.g. WorkCover etc).
Third party referees provided by you in connection with an application made to eG.
Service providers (including IT service providers and payroll providers), if any.
Recruitment agents used in connection with your application with us.
Third parties in connection with the sale of any part of eG’s business or a company owned by a eG’s entity.
Third party parties in connection with obtaining any background checks, pre-employment screening.
Financial institutions for payroll purposes.
As required or authorised by law.

3. How eG Collects and holders personal information

3.1. Collection generally

As much as possible or unless provided otherwise in this Privacy Policy or a notification, we will collect your personal information directly from you.

Where you are a board member of a company to whom we provide our governance services, we generally collect your personal information from the company secretary of that company.

When you engage in certain activities, such as filling out a survey or sending us feedback, we may ask you to provide certain information.  It is completely optional for you to engage in these activities.

Depending upon the reason for requiring the information, some of the information we ask you to provide may be identified as mandatory or voluntary.  If you do not provide the mandatory information or any other information we require in order for us to provide our products or services to you or address an enquiry you have, we may be unable to provide our products or services to you or answer your enquiry in an effective manner, or at all.

3.2. Other collection types

We may also collect personal information about you from other sources, such as competitions and also from third parties. Some examples of these alternative collection events are:

  1. when we collect personal information about you from third parties; or
  2. when we collect personal information about you from publically available sources including but not limited to, court judgments, directorship and bankruptcy searches, Australia Post, White Pages directory, and social media platforms (such as Facebook, Twitter, Google, Instagram etc).

3.3. Notification of collection

If we collect details about you from someone else, we will, whenever reasonably possible, make you aware that we have done this and why, unless special circumstances apply, including as described in this clause 3.3(a) to 3.3(c) below.

Generally speaking, we will not tell you when we collect personal information about you in the following circumstances:

  1. where information is collected from any personal referee you have listed on any application form (including any employment application) with eG;
  2. where information is collected from publically available sources including but not limited to court judgments, directorship and bankruptcy searches, social media platforms (such as Facebook, Twitter, Google, Instagram etc); or
  3. as otherwise required or authorised by law.

3.4. Unsolicited personal information

In the event we collect personal information from you, or a third party, in circumstances where we have not requested or solicited that information (known as unsolicited information), and it is determined by eG (in its absolute discretion) that the personal information is not required, we will destroy the information or ensure that the information is de-identified.

In the event that the unsolicited personal information collected is in relation to potential future employment with eG, such as your CV, resume or candidacy related information, and it is determined by eG (in its absolute discretion) that it may consider you for potential future employment, eG may keep the personal information on its human resource records.

3.5. How we hold your personal information

Once we collect your personal information, we will either hold it securely and store it on infrastructure owned or controlled by us or with a third party service provider who has taken reasonable steps to ensure they comply with the Privacy Act  1988 (Cth). We provide some more general information on our security measures in Section 10 (Data security and quality).

3.6. Cookies and IP addresses

If you use our website, we may utilise “cookies” which enable us to monitor traffic patterns, trends and to serve you more efficiently if you revisit our website.  In most cases, a cookie does not identify you personally but may identify your internet service provider or computer.

We may gather your IP address as part of our business activities and to assist with any operational difficulties or support issues with our services.  This information does not identify you personally.

However, in some cases, cookies may enable us to aggregate certain information with other personal information we collect and hold about you.  eG extends the same privacy protection to your personal information, whether gathered via cookies or from other sources, as detailed in this Privacy Policy.

You can set your browser to notify you when you receive a cookie and this will provide you with an opportunity to either accept or reject it in each instance.  However, if you disable cookies, you may not be able to access certain areas of our websites or take advantage of the improved web site experience that cookies offer.

4. Uses and discloses of personal information

4.1. Use and disclose details

We provide a detailed list at Section 2 of some common uses and disclosures we make regarding the personal information we collect.

4.2. Other uses and disclosures

We may also use or disclose your personal information and in doing so we are not required to seek your additional consent:

  1. when it is disclosed or used for a purpose related to the primary purposes of collection detailed above and you would reasonably expect your personal information to be used or disclosed for such a purpose;
  2. if we reasonably believe that the use or disclosure is necessary to lessen or prevent a serious or imminent threat to an individual’s life, health or safety or to lessen or prevent a threat to public health or safety;
  3. if we have reason to suspect that unlawful activity has been, or is being, engaged in; or
  4. if it is required or authorised by law.

4.3. Use and disclosure procedures

In the event we propose to use or disclose such personal information other than for reasons set out in the above table at Section 2 or as otherwise outlined in this Privacy Policy, we will first notify you or seek your consent prior to such disclosure or use.

Your personal information is disclosed to these organisations or parties only in relation to the products or services we provide to you or for a purpose permitted by this Privacy Policy.

We take such steps as are reasonable to ensure that these organisations or parties are aware of the provisions of this Privacy Policy in relation to your personal information.

4.4. Communications opt-out

If you have received communications from us and you no longer wish to receive those sorts of communications, you should contact us via the details set out at the top of this document and we will ensure the relevant communication ceases.  Any other use or disclosure we make of your personal information will only be as required or authorised by law or as permitted by this Privacy Policy or otherwise with your consent.

5. Sensitive information

5.1. Sensitive information generally

Sensitive information is a subset of personal information.  It means information or opinion about an individual’s racial or ethnic origin, political opinions, membership of a political organisation, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, health information about an individual, genetic information, biometric information that is to be used for the purpose of automated biometric verification or biometric identification or biometric templates.

5.2. Collection and use of sensitive information

In general, we attempt to limit the collection of sensitive information we may collect from you, but depending on the type of services you wish to procure from us this may not always be possible.  However, we do not collect sensitive information from you without your consent.

The type of sensitive information we may collect about you is dependent on the services provided to you by eG, and will be limited to the purpose(s) for which it is collected.  We set out some types of sensitive information we may collect about you in the “Human resources” section of the table at Section 2 above.

We do not use sensitive information to send you Direct Marketing Communications (as set out in Section 6 below) without your express consent.

5.3. Consent

We may collect other types of sensitive information where you have consented and agree to the collection of such information. Generally speaking, we will obtain this type of consent from you at (or around) the point in time in which we collect the information.

6. Direct Marketing

6.1. Express informed consent

You give your express and informed consent to us using your personal information set out in:

  1. the “General enquiries / Website “Contact Us” / Governance Action Plan survey” section
  2. the “New assignment” section; and
  3. the “Marketing” section,

of the table at Section 2 of this document above to provide you with information and to tell you about our products, services or events or any other direct marketing activity (including third party and related entity products, services, and events) which we consider may be of interest to you, whether by post, email, SMS, messaging applications and telephone (Direct Marketing Communications).

6.2. Inferred consent and reasonable expectations of direct marketing

Without limitation to paragraph 6.1, if you have provided inferred or implied consent (e.g. not opting out where an opt-out opportunity has been provided to you) or if it is within your reasonable expectation that we send you Direct Marketing Communications given the transaction or communication you have had with us, then we may also use your personal information for the purpose of sending you Direct Marketing Communications which we consider may be of interest to you.

6.3. Opt-out

If at any time you do not wish to receive any further Direct Marketing Communications from us or others under this Section 6, you may ask us not to send you any further information about products and services and not to disclose your information to other organisations for that purpose.  You may do this at any time by using the “unsubscribe” facility included in the Direct Marketing Communication or by contacting us via the details set out at the top of this document.

7. Credit Information and our Credit Reporting Policy

7.1. Credit information generally

The Privacy Act  1988 (Cth) contains provisions regarding the use and disclosure of credit information, which applies in relation to the provision of both consumer credit and commercial credit.

7.2. Credit information and eG

As we provide terms of payment of accounts which are greater than 7 days, we are considered a credit provider under the Privacy Act  in relation to any credit we may provide you (in relation to the payment of your account with us).

We use credit related information for the purposes set out in the “Credit information” section of the table at Section 2 above and our Credit Reporting Policy which includes but is not limited to using the information for our own internal assessment of your credit worthiness.

7.3. Storage and access

We will store any credit information you provide us, or which we obtain about you, with any other personal information we may hold about you.

You may request to access or correct your credit information in accordance with the provisions of Section 11 and the provisions of our Credit Reporting Policy.

7.4. Complaints

Please see Section 12 and the provisions of our Credit Reporting Policy if you wish to make a complaint in relation to our handling of your credit information.

7.5. Our Credit Reporting Policy

Please see our Credit Reporting Policy for further information as to the manner in which we collect, use, store and disclosure credit information.

8. Anonymity and pseudo-anonymity

Due to the nature of the services we provide, we do not generally provide you with the option of dealing with eG on an anonymous basis or through the use of a pseudonym.  Your personal information is generally required in order to provide you or your company with our products and services or to resolve any issue you may have.

9. Cross Border Disclosure

9.1. Cross border disclosures

Any personal information collected and held by eG may be disclosed to, and held at, a destination outside Australia, including but not limited to the US and Canada, where we utilise third party service providers to assist eG with providing our services to you.  Personal information may also be processed by staff or by other third parties operating outside Australia who work for us or for one of our suppliers, agents, partners or related companies.

As we use service providers and platforms which can be accessed from various countries via an Internet connection, it is not always practicable to know where your information may be held.  If your information is stored in this way, disclosures may occur overseas.

In addition we may utilise overseas IT services (including software, platforms and infrastructure), such as data storage facilities or other IT infrastructure. In such cases, we may own or control such overseas infrastructure or we may have entered into contractual arrangements with third party service providers to assist eG with providing our products and services to you.

9.2. Provision of informed consent

By submitting your personal information to eG, you expressly agree and consent to the disclosure, transfer, storing or processing of your personal information outside of Australia.  In providing this consent, you understand and acknowledge that countries outside Australia do not always have the same privacy protection obligations as Australia in relation to personal information.  However, we will take steps to ensure that your information is used by third parties securely and in accordance with the terms of this Privacy Policy.

The Privacy Act  1988 requires us to take such steps as are reasonable in the circumstances to ensure that any recipients of your personal information outside of Australia do not breach the privacy principles contained within the Privacy Act  1988.  By providing your consent, under the Privacy Act  1988, we are not required to take such steps as may be reasonable in the circumstances.  However, despite this, we acknowledge the importance of protecting personal information and have taken reasonable steps to ensure that your information is used by third parties securely and in accordance with the terms of this Privacy Policy.

9.3. If you do not consent

If you do not agree to the disclosure of your personal information outside Australia by eG, you should (after being informed of the cross border disclosure) tell eG that you do not consent. To do this, either elect not to submit the personal information to eG after being reasonably informed in a collection notification, or please contact us via the details set out at the top of this document.

10. Data security and quality

10.1. eG’s security generally

We have taken steps to help secure and protect your personal information from unauthorised access, use, disclosure, alteration, or destruction.  You will appreciate, however, that we cannot guarantee the security of all transmissions or personal information, especially where human error is involved or malicious activity by a third party.

Notwithstanding the above, we will take reasonable steps to:

  1. make sure that the personal information we collect, use or disclose is accurate, complete and up to date;
  2. protect your personal information from misuse, loss, unauthorised access, modification or disclosure both physically and through computer security methods; and
  3. destroy or permanently de-identify personal information if it is no longer needed for its purpose of collection.

10.2.Accuracy

The accuracy of personal information depends largely on the information you provide to us, so we recommend that you:

  1. let us know if there are any errors in your personal information; and
  2. keep us up-to-date with changes to your personal information (such as your name or address).

We provide information about how you can access and correct your information in Section 11.

11. Access to and correction of your personal information

You are entitled to have access to any personal information relating to you which we hold, except in some exceptional circumstances provided by law (including the Privacy Act  1988 (Cth)).  You are also entitled to edit and correct such information if the information is inaccurate, out of date, incomplete, irrelevant or misleading.

If you would like access to or correct any records of personal information we have about you, you are able to access and update that information (subject to the above) by contacting us via the details set out at the top of this document.

12. Resolving Privacy Complaints

12.1. Complaints generally

We have put in place an effective mechanism and procedure to resolve privacy complaints.  We will ensure that all complaints are dealt with in a reasonably appropriate timeframe so that any decision (if any decision is required to be made) is made expeditiously and in a manner that does not compromise the integrity or quality of any such decision.

12.2. Contacting eG regarding complaints

If you have any concerns or complaints about the manner in which we have collected, used or disclosed and stored your personal information, please contact us:

Telephone: (07) 3510 8111

Email: zac.zahner@effectivegovernance.com.au

Please mark your correspondence to the attention of the Privacy Officer.

12.3. Steps we take to resolve a complaint

In order to resolve a complaint, we:

  1. will liaise with you to identify and define the nature and cause of the complaint;
  2. may request that you provide the details of the complaint in writing;
  3. will keep you informed of the likely time within which we will respond to your complaint; and
  4. will inform you of the legislative basis (if any) of our decision in resolving such complaint.

12.4. Register of complaints

We will keep a record of the complaint and any action taken in a Register of Complaints.

13. Consent, modifications and updates

13.1. Interaction of this Policy with contracts

This Privacy Policy is a compliance document prescribed by law rather than a legal contract between two or more persons. However, certain contracts may incorporate all, or part, of this Privacy Policy into the terms of that contract. In such instances, eG may incorporate the terms of this policy such that:

  1. certain sections or paragraphs in this policy are incorporated into that contract, but in such a way that they do not give rise to contractual obligations onto eG, but do create contractual obligations on the other party to the contract; and
  2. the consents provided in this policy become contractual terms provided by the other party to the contract.

13.2. Acknowledgement

By using our website, purchasing a product or service from eG, where you have been provided with a copy of our Privacy Policy or had a copy of our Privacy Policy reasonably available to you, you are acknowledging and agreeing:

  1. to provide the consents given by you in this Privacy Policy; and
  2. that you have been informed of all of the matters in this Privacy Policy.

13.3. Modifications and updates

We reserve the right to modify our Privacy Policy as our business needs require. We will take reasonable steps to notify you of such changes (whether by direct communication or by posting a notice on our website).  If you do not agree to our continued use of your personal information due to the changes in our Privacy Policy, please cease providing us with your personal information and contact us via the details set out at the top of this document.