To the extent legally permissible in your jurisdiction, we may collect the following types of personal information:
We do not ordinarily collect sensitive information as defined in the GDPR.
We may also collect some information that is not personal information because it does not identify you or anyone else. For example, we may collect general company information, anonymous answers to surveys or aggregated information about how users use our website.
To the extent legally permissible we collect personal information in a number of ways, including:
To the extent legally permissible, we collect, hold, use, and disclose your personal information for purposes including to:
Cookies are small files which are stored on a user's computer. They are designed to hold a modest amount of data specific to a particular client and website, and can be accessed either by the web server or the client computer.
For the purposes set out above (under “How do we use your personal information”) we may disclose your personal information to organisations or persons outside the company, to the extent this is legally permissible. If we need to disclose your personal information for any other purpose, we will only do so with your consent or—if this is legally permissible, where you may otherwise reasonably expect us to do so.
Where appropriate, these disclosures are subject to privacy and confidentiality protections and—as the case may be—other requirements under the GDPR. The organisations and persons to which we usually disclose information include:
Some of these organisations or persons may be located in other countries. The countries in which these organisations or persons are located will vary, but, in the course of our ordinary operations, we generally disclose personal information to organisations or persons located in Europe.
We keep your personal information secure by implementing physical and electronic security systems, limiting who can access your personal information, and training our staff to keep your information safe and secure. We also have online and network security systems in place so that the information you provide us with is protected and secure.
Under the GDPR, you are (among other things) entitled to:
If you do make a complaint or allege a breach, the company will investigate your complaint and use reasonable endeavours to respond to you in writing within 28 days of receiving the written complaint. If we fail to respond to your complaint within 28 days of receiving it in writing, or if you are dissatisfied with the response that you receive from us, you have the right to make a complaint to the Information Commissioner. In the case of the Privacy Act, the applicable regulator is the Office of the Australian Information Commissioner’s Office in the UK. See: ico.org.uk/make-a-complaint and/or ico.org.uk/for-organisations/report-a-breach