THE EVOLVED GROUP – POLICY INFORMATION HANDLING AND PRIVACY

Last updated: 2nd November 2020

1.     Introduction

The Evolved Group provides market insights consulting, enabling technology and strategic advisory services.  We provide a range of products and services, including:

·       Human Listening

·       Employee Listening

·       Customer Listening

·       Research Consulting

·       Web Development

·       Evolved Communities

·       Superfund Listening

·       Retail Listening

·       Tailored, industry listening solutions

Some of these services are provided through our websites (Sites) and some are provided in-person.  All of our services, products and Sites are collectively referred to as our Services.

This Policy describes how we collect and handle personal information through our Services, and through other engagements with you.  In this Policy, we, us and our means Evolved Insights Pty Ltd ACN 141 289 705 and our related companies (which are also referred to collectively as The Evolved Group).

This Policy applies generally to all personal information we collect, with section 5 of this Policy applying specifically to all personal information we collect from market and social research.  This information is protected by the Australian Privacy Act 1988 (Cth).  Information about this Act can be found on the website of the Office of the Australian Information Commissioner (OAIC) – https://www.oaic.gov.au/.  In addition, information we collect from market and social research is protected by the Association of Market and Social Research Organisations’ Privacy (Market and Social Research) Code 2014 (AMSRO Code).  A copy of the AMSRO Code and further information about it can be found on the links below:

·       AMSRO Code; and

·       AMSRO website.

2.     What is considered personal information

When used in this policy, the term personal information or Personal Data means: any information relating to a person who can be directly or indirectly identified by reference to an identifier such as a name, an identification number, financial/payment information, social media information, location data, or an online identifier. In general terms, it means any information that can be used to personally identify you.

3.     What personal information we collect and hold

We may collect data from you both through your actions in directly providing it to us and through other methods where it is collected automatically through your use of our Services.

3.1     Information you provide us

1. Account Data

You provide this data directly to us when you create an account on our services (Account), when you administer your organisation’s account or when you purchase a service or subscription from us.

We may collect the following Account Data from you:

(a)   name;

(b)   mailing or street address;

(c)   passwords;

(d)   email address;

(e)   social media account information;

(f)    telephone number;

(g)   age or birth date;

(h)   profession, occupation or job title.

The legal basis for this processing is based on:

(a)   your consent through your voluntary submission of the form and agreeing to these terms such as by clicking an “I Agree button”;

(b)   the Personal Data being necessary for the performance of a contract with you or your organisation;

(c)   for carrying out pre-contractual measures; and/or

(d)   any other legitimate interests as detailed below.

The registration of an account and voluntary provision of Personal Data is intended to enable us to offer you Services that may only be available to registered users.

2. Payment Data

When you make a purchase, we (or our third party service provider) will collect all information necessary to complete the transaction, including your name, credit card information, debit card information and/or billing information.

The Personal Data we collect will be the data that you input in any payment area on the Site.

The legal basis for this processing is based on:

(a)   your consent through your voluntary submission of the form and agreeing to these terms such as by clicking an “I Agree button”;

(b)   the Personal Data being necessary for the performance of a contract with you or your organisation; and/or

(c)   any other legitimate interests as detailed below.

This Personal Data is needed to enable us to process your payment for the Services.  We retain information on your behalf, such as domain names, URLs, time zone preferences, invoices, transactional history, messages and any other information that you store using your Account.

3. Interaction Data

If you provide us feedback or contact us via an online form, e-mail, or other means including by phone call or by contracting with us, we will collect your name and e-mail address, as well as any other content included in the form, e-mail or conversation, in order to send you a reply. We will store and process your communications and information as needed. When you participate in one of our surveys, we may collect additional information.

This Interaction Data also includes:

(a)   details of the Services you have purchased from us or which you have enquired about, together with any additional information necessary to deliver those Services and to respond to your enquiries;

(b)   any additional information relating to you that you provide to us directly through our Sites or indirectly through use of our Site or online presence through our representatives or otherwise;

(c)   information you provide to us through our service centre, customer surveys or visits by our representatives from time to time.

The legal basis for this processing is based on:

(a)   your consent through your voluntary submission of the form and agreeing to these terms such as by clicking an “I Agree button”;

(b)   by your voluntary submission of data to us in other means;

(c)   the Personal Data being necessary for the performance of a contract with you or your organisation;

(d)   for carrying out pre-contractual measures (this includes for stages where you request to learn more about our services); and/or

(e)   any other legitimate interests as detailed below.

By submitting the form or making contact with us such Personal Data is transmitted on a voluntary basis and you consent to its collection.

4. Subscription Data

On the Site you may have the ability to subscribe to various newsletters or other notifications. We may collect the data when you input your details for subscription purposes.

The Personal Data is processed for the purpose of informing you of information regularly by means of a newsletter or other notification. The personal information collected during the subscription will only be used for marketing purposes or for reasons made known on the form.

The legal basis for this processing is based on:

(a)   your consent through your voluntary submission of the form and agreeing to these terms such as by clicking an “I Agree button”; and/or

(b)   any other legitimate interests as detailed below.

By submitting the form and voluntarily providing us with your Personal Data, you are providing consent to the use of such data by us. For the purpose of revocation of consent there is a corresponding unsubscribe link found in each subscription email.

5. Public Data

Please keep in mind that if you directly disclose personal information or personally sensitive data through The Evolved Group public message boards and/or communities, this information may be collected and used by others.

This Personal Data includes information such as your profile information, your time zone and any information you input. You are responsible for what you make public.

The legal basis for this processing is based on your consent through your voluntary submission of the form and agreeing to these terms such as by clicking an “I Agree button”.

We may also collect Personal Data at other points in our Site that state that Personal Data is being collected. In some circumstances, Personal Data is provided to us by third parties such as our related entities, service providers or other organisations conducting activities on your behalf. With your express consent, your Personal Data may be used and disclosed to us this way. The purposes as outlined above may include the processing of such Personal Data to the extent necessary for us to comply with a law, regulation or legal request or to protect the safety of any person or to prevent fraud.

3.2      Information we collect as you use our Services

1. Log Data

The Evolved Group also automatically collects information about your computer hardware and software. This may include: IP address, browser type, domain names, access times and referring site addresses. This information is used by The Evolved Group for the operation of the Services, to maintain quality of the Services, and to provide general statistics regarding use of the Site.

The legal basis for this processing is based on:

(a)   the Personal Data being necessary for the performance of a contract to which you are a party;

(b)   for carrying out pre-contractual measures; and/or

(c)   the legitimate interests of carrying out our business, providing personalised Services to you and any other legitimate interests as detailed below.

The Evolved Group keeps track of the pages our customers visit within our Sites, in order to determine what Services are the most popular. This data is used to deliver customized content and advertising within our Sites to customers whose behaviour indicates that they are interested in a particular subject area.

2. Google Analytics

We currently use Google Analytics as well as Google Analytics for Display Advertising. Google Analytics collects information anonymously and reports Site trends without identifying individual visitors. Google Analytics uses its own cookie to track visitor interactions. Site owners can view a variety of reports about how visitors interact with their site so they can improve their site and how people find it. Please see the following links for more information about Google Analytics: http://www.google.com/analytics/, : http://www.google.com/privacy.html and http://www.google.com/analytics/tos.html. You can also opt-out of Google Analytics for Display Advertising by going to the Google Ads Preferences Manager.

3.3      Information we collect as a data processor

1. Client Data

We may collect Personal Data about you that our clients have chosen to share with us, that is collected by their services or applications.

As a data processer, The Evolved Group does not choose the information that will be sent to it by its clients and follows the instructions of its clients in connection with the processing of such information.

4.     How we collect, hold, use and disclose personal information

The primary purpose for which we collect information about you is to enable us to perform our business activities and functions and to provide best possible quality of customer service. We collect, hold, use and disclose your personal information for the following purposes:

(a)   to provide Services to you;

(b)   for any market or social research project;

(c)   to provide you with news, information or advice about our existing and new Services;

(d)   to communicate with you including by email, mail or telephone;

(e)   to manage and enhance our Services;

(f)    to personalise and customise your experience;

(g)   to provide you with access to protected areas of our Sites;

(h)   to verify your identity;

(i)    to provide as part of business data to third parties if you have authorised us to do so;

(j)    to conduct business processing functions for operation of our Sites or our business;

(k)   for our administrative, marketing (including direct marketing), promotional, planning, Service development, quality control and research purposes, or those of our contractors or external service providers;

(l)    to provide your updated personal information to us, our contractors or external service providers;

(m) to enforce this Policy;

(n)   to investigate any complaints about or made by you, or if we have reason to suspect that you are in breach of any of our terms and conditions or that you are or have been otherwise engaged in any unlawful activity;

(o)   to comply with our legal obligations, a request by a governmental agency or regulatory authority or legally binding court order;

(p)   to combine or aggregate your personal information with information we collect from third parties and use it for the purposes set out this Policy;

(q)   to aggregate and/or make anonymous your personal information, so that it cannot be used, whether in combination with other information or otherwise, to identify you;

(r)    to resolve disputes and to identify, test and resolve problems;

(s)   to notify you about the Site and updates to the Site from time to time;

(t)    to supply you with generalised, targeted or personalised marketing, advertising and promotional notices, offers and communications, and measure and improve our marketing, advertising and promotions based on your ad customisation preferences; or

(u)   to protect a person’s rights, property or safety.

The Evolved Group does not sell, rent or lease its customer lists to third parties. When we process Personal Data about you, we do so with your consent and/or as necessary to provide the Services you use, operate our business, meet our contractual and legal obligations, protect the security of our systems and our customers, or fulfil other legitimate interests of The Evolved Group as described in this Policy.

The Evolved Group may, from time to time, contact you on behalf of external business partners about a particular offering that may be of interest to you. In those cases, your unique personally identifiable information (email, name, address, telephone number) is not transferred to the third party. In addition, The Evolved Group may share data with trusted partners to help us perform statistical analysis, send you email, social media messages or postal mail, provide customer support, or arrange for deliveries. All such third parties are required to agree to only use your personal information to provide these services to The Evolved Group, and to maintain the confidentiality of your information.

The Evolved Group does not use or disclose sensitive personal information, such as medical information, race, religion, or political affiliations, without your explicit consent.  Your personal information will not be shared, sold, rented or disclosed other than as described in this Policy.

4.1     How we disclose your personal information

We may disclose your personal information to:

1. Affiliates and Acquisitions

We may share some or all of your Personal Data with our employees, our existing or potential agents, business partners, joint venture entities, partners, subsidiaries, or other companies under a common control, in which case we will require them to honour this Policy. In the event we are involved in a merger, acquisition or sale of assets we may disclose Personal Data collected by us to such entities that we propose to merge with or be acquired by, and will assume the rights and obligations regarding your Personal Data as described in this Policy. This includes the disclosure of information to our clients where we act as a data processor.

2. Service Providers

We may share your Personal Data with services providers (and if necessary, data processors) including:

(a)   independent contractors or external service providers for the purposes described in this Policy;

(b)   information technology service providers such as web hosting providers, IT systems administrators, electronic network administrators;

(c)   financial service providers such as payment processing providers and debt collectors;

(d)   professional advisers such as accountants, solicitors, insurers, business advisors and consultants;

(e)   marketing providers, such as email marketing distributors; or

(f)    your social media account provider, if you connect your account with The Evolved Group and your social media account.

 3. Third parties with your consent

We may disclose your Personal Data to other third parties to whom you expressly ask us to send the Personal Data to or to third parties you consent to us sending your Personal Data to.

We may also, with your consent or at your direction, disclose your Personal Data to your authorised representatives.

4. Other disclosures

Regardless of any choices you make regarding your Personal Data (as described below), The Evolved Group may disclose Personal Data if it believes in good faith that such disclosure is necessary:

(a)  in connection with any legal investigation;

(b)  to comply with relevant laws, regulations, enforceable governmental requests or to respond to subpoenas or warrants served on The Evolved Group;

(c) to protect or defend the rights or property of The Evolved Group or users of the Services;

(d) to investigate or assist in preventing any violation or potential violation of the law or any of our policies or procedures;

(e) to protect the safety of any person or to protect the safety or integrity of our platform including for security reasons;

(f) to detect, prevent or otherwise address fraud, security, technical issues or any other act that poses a risk of being illegal, unethical or legally actionable;

(g) to respond to an emergency; or

(h) as otherwise permitted under the Privacy Act 1988 (Cth).

We may share your Personal Data with such third parties subject, to the extent permitted by law, to obligations consistent with this Policy and any other appropriate confidentiality and security measures, and on the condition that the third parties use your Personal Data only on our behalf and pursuant to our instructions.

We will take reasonable steps to ensure that anyone to whom we disclose your personal information respects the confidentiality of the information and abides by the Australian Privacy Principles, the GDPR (if applicable), the Australian Market & Social Research Society’s Code of Professional Behaviour or equivalent privacy laws.

Where we act as a data processor the client may also provide us with instructions to disclose your information to other third parties and we may comply with such requests.

4.2     If we can’t collect your data

If you do not provide us with the personal information described above, some or all of the following may happen:

(a)   we may not be able to provide the requested Services to you, either to the same standard or at all;

(b)   we may not be able to provide you with information about Services that you may want; or

(c)   we may be unable to tailor the content of our Sites to your preferences and your experience of our Sites may not be as enjoyable or useful.

5.     Market and Social Research

This Section 5 applies to our management of information in the context of market and social research.  See also Sections 8, 11, 12 and 15 of this Policy, which also apply in this context.

5.1     Definitions

In this section 5, the following terms have the corresponding definitions:

Client means an organisation, agency etc that requests, commissions or subscribes to a given Market and Social Research project; ie the ultimate beneficiary of the research findings.

Contact Details means a record of identifying information such as names, companies, position titles, addresses and phone numbers, collected and retained in order to contact individuals in a research sample.

De-identification or De-identify means a process of ensuring that Identifiable Research Information is rendered permanently non-identifiable, i.e. without retaining a means by which the information could be re-identified. De-identification is thus a permanent and irreversible process.

Identifiable Research Information means Personal Information about survey participants, respondents, or subjects to which the AMSRO Code applies.  It includes Contact Details, Research Status and Research Data.  It does not include any unsolicited information.

Market and Social Research means consensual investigation of the behaviour, needs, attitude, opinions, motivations or other characteristics of a whole population or a particular part of the population, in order to provide accurate and timely information to Clients (government, commercial and not-for-profit organisations) about issues relevant to their activities, to support decision-making processes.

Research Data means a record of the responses provided by individuals participating in Market and Social Research at the time of collection in order to obtain a representation of a population’s or sub-population’s behaviour, needs, attitudes, opinions and motivations at a given point in time.

Research Purpose means the handling of information in order to carry out any function considered essential to the conduct or communication of the results of a Market and Social Research project.

Research Status means information in relation to whether or not an individual has been contacted or has participated in a Market and Social Research exercise, but does not include Research Data.

5.2      What Identifiable Research Information we collect and hold

Identifiable Research Information we collect and hold may include the information specified in section 3.1 of this Policy, specifically Interaction Data.

5.3    How we collect, hold and use Identifiable Research Information

The primary purpose for which we collect Identifiable Research Information about you is to enable us to perform Market and Social Research on behalf of our Clients.  We will not use or disclose your Identifiable Research Information for any other purpose, including direct marketing, except:

(a)    with your consent;

(b)    if required by law; or

(c)    if otherwise permitted under the AMSRO Code.

1.  Anonymity and pseudonymity

Wherever it is lawful, you have the option of not identifying yourself, or of using a pseudonym when dealing with us unless it is impracticable for us to deal with you if you do not identify yourself or if you use a pseudonym.

2.  Personal information other than sensitive information

We will not collect Identifiable Research Information from you (other than sensitive information) unless the information is reasonably necessary for our Research Purpose.

3.  Sensitive information

We will only collect your sensitive information where you have consented, and the information is reasonably necessary for a Research Purpose, or if the collection is required by Australian law or a court/tribunal order.

4.  Means of collection

We will collect Identifiable Research Information only by lawful and fair means.

We will collect Identifiable Research Information about you only from you unless it is unreasonable or impracticable to do so, in which case we may collect information about you from third parties.

5.  Unsolicited personal information

In the unlikely event that we receive unsolicited Identifiable Research Information from you, we will, within a reasonable period after receiving the information, determine whether or not we could have lawfully collected the information if we had solicited the information. We may use or disclose the information for the purpose of making the determination.

If we determine that we could not have lawfully collected the Identifiable Research Information we will, as soon as practicable destroy the information or ensure it is De-identified or, if it is not lawful or practicable to do either, we will handle the information in accordance with applicable privacy laws.

5.4     Notification of the collection of Identifiable Research Information

At or before the time (or, if that is not practicable, as soon as practicable after) we collect Identifiable Research Information about you from you, we must take reasonable steps to ensure that you are aware of the important matters set out below.

Important matters you should be aware of

·       Idenitifiable Research Information about you is being collected for Research Purposes.

·       The Identifiable Research Information collected will be used only for Research Purposes and no other use will be made of the information, either during the research or afterward.

·       Unless you agree otherwise, Identifiable Research Information is routinely De-identified.

·       The Identifiable Research Information provided is likely to remain identified for seven (7) years.

·       Your name and contact details are likely to be retained to enable re-contact for research purposes for seven (7) years.

·       Having participated in research, there is a reasonable likelihood that you will be re-contacted for research purposes except where we and/or our Client organisations have reasonable grounds to decide that there are genuine research concerns.

·       While the Identifiable Research Information remains identifiable, you may, at your discretion: access that information and/or have part or all of that information destroyed, corrected, deleted or de-identified.  See section 10 for further details.

·       You may contact us and obtain further information about the research, via: support@theevolvedgroup.com

·       The source of our research samples is the Client organisation.

·       The Client organisation is the organisation that has requested we undertake the research project in respect of which you have received an invitation.

·       We will disclose information to our Client organisation to be used for research purposes. You have consented to this disclosure by electing to participate in this research.

·       The Client organisation may be overseas.

·       The organisations (or the types of organisations) to which we usually disclose your information are our Clients who represent a wide variety of industries.

·       The main consequences (if any) for you if all or part of the Identifiable Research Information is not provided is that your information will not form part of the research data.

·       If it is reasonable to do so, we must collect Identifiable Research Information about you only from you.

·       We may collect information about you from third parties.

5.5     Security of your Identifiable Research Information

Section 7 of this Policy sets out details of how we ensure the security of personal information and the same security standards apply in relation to your Identifiable Research Information. 

5.6     Managing your Identifiable Research Information

Section 10 of this Policy sets out details of how we manage your personal information, and the same provisions apply in relation to management of your Identifiable Research Information, except that in respect of deletion the provisions below apply.

1. Deletion

We will retain your Identifiable Research Information only while the details of your identity continue to be necessary for Research Purposes.

If we wish to De-Identify the Identifiable Research Information that exists in a physical form that makes de identification impracticable (eg on paper), the information will be moved to another medium and the physical records destroyed.

We will take reasonable steps to destroy or permanently de-identify the Identifiable Research Information if it is no longer needed for any purpose for which the information may be used or disclosed under the AMSRO Code unless we are required by or under an Australian law or a court/tribunal order to retain the information.

Where it is necessary to retain Identifiable Research Information, we will, where practicable, store identifying details separately from other information, with measures in place to ensure the identity of the individuals cannot be readily revealed from other information.

6.     Cookies Policy

In some cases we may also collect your personal information through the use of cookies. When you access our Site, we may send a “cookie” to your computer.

1.     What are cookies?

Cookies are small data files containing small amounts of information that are placed on your device when you visit the Site. Cookies are widely used by site owners to help them remember things about your visit to the site such as preferred language choices.

Cookies set by us are called “first party cookies”. Cookies set by other parties other than us are called “third party cookies”.

2.     Why do we use cookies?

We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Site. This enables us to recognise your computer when you visit our Site, without bothering you with a request to register or log-in. It also helps us keep track of Services you view, so that we can send you news about those Services. We also use cookies to measure traffic patterns, to determine which areas of our Sites have been visited, and to measure transaction patterns in the aggregate. We use this to research our users’ habits so that we can improve our online products and services. We may also log IP addresses (the electronic addresses of computers connected to the internet) to analyse trends, administer the Site, track user movements, and gather broad demographic information.

We may also collect anonymous data (which is not personal information) relating to your activity on our Sites (including IP addresses) via cookies, or we may collect information from you in response to a survey. We generally use this information to report statistics, analyse trends, administer our services, diagnose problems and target and improve the quality of our Services. To the extent this information does not constitute personal information because it does not identify you or anyone else, the Australian Privacy Principles (and other relevant privacy laws) do not apply and we may use this information for any purpose and by any means.

     3. Do we serve targeted advertising?

Third parties may serve cookies on your computer or mobile device to serve advertising through our Site. These companies may use information about your visits to this and other websites in order to provide relevant advertisements about goods and services that you may be interested in. They may also employ technology that is used to measure the effectiveness of advertisements. This can be accomplished by them using cookies or web beacons to collect information about your visits to this and other sites in order to provide relevant advertisements about goods and services of potential interest to you. The information collected through this process does not enable us or them to identify your name, contact details or other personally identifying details unless you choose to provide these.

4.     How do you control cookies?

Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of The Evolved Group services or websites you visit. As the means by which you can refuse cookies through your web browser controls vary from browser-to-browser, you should visit your browser’s help menu for more information.

7.     Security of your personal information

We use reasonable organisational, technical, and administrative measures to secure your personal information from unauthorised access, use or disclosure. We use multiple layers of security to protect personal information. The Evolved Group seeks to secure the personal information you provide on computer servers in a controlled, secure environment, protected from unauthorised access, use or disclosure. When personal information (such as a credit card number) is transmitted to other websites, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol.

Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. By providing us with any personal information you expressly and unconditionally release and hold harmless The Evolved Group and our subsidiaries, affiliates, directors, officers, employees and agents from any and all liability for any injuries, loss or damage of any kind arising from or in connection with the use and/or misuse of your collected personal information. In addition, while we take efforts to ensure the proper and appropriate use of data provided by us to third party companies, promotional partners or vendors, we are not liable for any injuries, loss or damage of any kind arising from or in connection with the use and/or misuse of your collected personal information by us or the above-mentioned third parties.

This section operates to the fullest extent allowed by law. If this section is wholly or partly unenforceable under applicable laws, the offending section will be severed from this Policy and the remaining sections not affected.

If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account with us has been compromised), please immediately notify us.

8.     Notifiable Data Breach

We take data breaches very seriously. Depending on where you reside our policy is:

1. If you reside in Australia

We will notify of any data breach where legally required to do so. This will include mandatory reporting of any notifiable data breaches in accordance with the Notifiable Data Breach Scheme under Australian law.

In the event that there is a data breach and we are required to comply with the notification of eligible data breaches provisions in Part IIIC of the Privacy Act 1988 (Cth) or any other subsequent sections or legislation which supersede this Part IIIC, we will take all reasonable steps to contain the suspected or known breach where possible and follow the following process set out in this clause.

We will take immediate steps to limit any further access or distribution where possible. If we have reasonable grounds to suspect that the data breach is likely to result in serious harm to any individuals involved, then we will take all reasonable steps to ensure an assessment is completed within 30 days of the breach or sooner if possible. We will follow the guide published by the Office of the Australian Information Commissioner (if any) in making this assessment.

If we reasonably determine that the data breach is not likely to result in serious harm to any individuals involved or any remedial action we take is successful in making serious harm no longer likely, then no notification or statement will be made.

Where, following an assessment and undertaking remedial action (if any), we still have reasonable grounds to believe serious harm is likely, as soon as practicable, we will provide a statement to each of the individuals whose data was breached or who are at risk. The statement will contain details of the breach and recommendations of the steps each individual should take. We will also provide a copy of the statement to the Office of the Australian Information Commissioner.

2. If you reside in the European Union or EFTA States:

We will endeavour to meet the 72 hour deadline as imposed by the GDPR, to report any data breach to the supervisory authority where a data breach occurs that will likely be a risk to you.

Further, where there is likely to be a high risk to your rights we will endeavour to contact you without undue delay.

We will review every incident and take action to prevent future breaches.

9.     Direct marketing materials

We may send you direct marketing communications and information about Services that we consider may be of interest to you. These communications may be sent in various forms, including mail, SMS or email, in accordance with applicable direct marketing laws. If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so.

In addition, at any time, you may opt-out of receiving marketing communications from us by contacting us (details below) or by using the opt-out facilities provided (e.g. an unsubscribe link). We will then ensure that your name is removed from our mailing list. We do not provide your personal information to other organisations for the purposes of direct marketing.

If you receive communications from us that you believe have been sent to you other than in accordance with this Policy, or in breach of any law, please contact us using the details provided below.

10.   Managing Your Personal Data

Subject to the privacy laws which apply to your Personal Data, you may request to access the Personal Data we hold about you by contacting us using the contact details set out in Section 15. All requests for access will be processed within a reasonable time.

1.              Accessing or Rectifying your Personal Data

If required by law and if reasonably practicable, we may provide you with tools and account settings to access or rectify (where Personal Data is inaccurate or incomplete) the Personal Data you provided to us. You can download and access certain information you provide to us by emailing us. In the event that you are unable to access your account to access or rectify your Personal Data, you may submit a request to us to correct, or modify your Personal Data and we can download the data for you.

2.              Deletion

We keep data for as long as it is needed for our operations. If you deactivate and delete your account your data will no longer be visible on your account. Please keep in mind that third parties may still retain copies of information you have made public through our Site.

If required by law we may provide you with the tools to delete the Personal Data you provided to us.

If you wish to have us delete your Personal Data please contact us.

3.              Object, Restrict, or Withdraw Consent

You may submit a request to us if you object to any Personal Data being stored, or if you wish to restrict or withdraw any consent given for the collection of your Personal Data.

You may withdraw your consent to the processing of all your Personal Data at any time. If you wish to exercise this right you may do so by contacting us.

You may withdraw your consent or manage your opt-ins by either viewing your account on the Site or clicking the unsubscribe link at the bottom of any marketing materials we send you.

4.              Portability

We may provide you with the means to download the information you have shared through our services in a structured, commonly used and machine-readable format. If you require such information, please email us. You may also have the right to transmit that data to another controller.

Where we hold information that you are entitled to access, we will try to provide you with suitable means of accessing it (for example, by mailing or emailing it to you). We will not charge for simply making a request and will not charge for making any corrections to your personal information. However, we may charge an administrative fee for the provision of information in certain circumstances such as if you make repeated requests for information or where the information is held by a third party provider. If you make an access request, we will ask you to verify your identity. There may be instances where we cannot grant you access to the personal information we hold. If that happens, we will give you written reasons for any refusal.

Where we act as a data processor, we do so on behalf of our relevant client and in accordance with their instructions. This means that should you wish to access, review, correct, transfer, modify or delete any Personal Data we process on behalf of a client you should contact the client with your request.

11.   Retention of Data

We keep personal information from active accounts as long as it is reasonably needed for our operations and to fulfil the purposes set out in this Policy. We will also keep personal information from accounts that have been deactivated where we are legally required to and also where it is necessary to stop fraud, collect outstanding fees, troubleshoot problems, or otherwise enforce our other policies accessible on the Site.

12.   Disclosure of personal information in other countries

The Evolved Group primarily processes personal information in Australia, however your personal information may be collected in any country where you give us the data from and may be stored and processed in any country where we have facilities or in which we engage service providers.

Where we transfer Personal Data of people located in the European Union outside of the European Union or EFTA States, we ensure an adequate level of protection for the rights of data subjects based on the adequacy of the receiving country’s data protection laws.

Where we act as a data processor The Evolved Group complies with our client’s requests in respect of how we deal with end customer data.

13.   Links

Our Site may contain links to other sites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third party site and we are not responsible for the privacy policies or the content of any third party site. Third party sites are responsible for informing you about their own privacy practices. Please be aware that the terms of this Privacy do not apply to these outside sites or content, or to any collection of data after you click on links to such outside sites.

14.   Children

Our service is not offered to persons under the age of 16. We do not knowingly collect Personal Data from such visitors without parental or guardian consent and require our clients to fully comply with applicable law in the data collected from children under the age of 16.

If you become aware that a child has provided us with information please contact us. Any information that is in breach of this provision will be deleted.

15.   Contact Information

If you believe your privacy has been breached by us or have any questions or concerns about this Policy please contact us using the contact information below and provide details of the incident so that we can investigate it.

Once The Evolved Group receives a complaint, whether it is in writing or verbal means, we will commence an investigation. The investigator will endeavour to determine the nature of the breach and how it occurred. We may contact you during the process to seek any further clarification if necessary. If a breach is found, we will escalate the matter to management so that the process can be rectified to prevent any further breaches from taking place. We will also contact you to inform you of the outcome of the investigation. We will endeavour to resolve all investigations within a reasonable time.

We will treat your requests or complaints confidentially. A representative of The Evolved Group will contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in a timely and appropriate manner.

Please contact The Evolved Group at:

Email:              support@theevolvedgroup.com

Phone:            +61 3 9670 1909

Address:          Level 2, 405 Bourke Street, Melbourne 3000 Australia

Attention:         Privacy Officer

If we do not resolve your enquiry, concern or complaint to your satisfaction or you require further information in relation to any privacy matters, please contact the Office of the Australian Information Commission at:

Telephone:      1300 363 992

Email:              enquiries@oaic.gov.au

Office Address: Level 3, 175 Pitt Street, Sydney NSW 2000

Postal Address: GPO Box 5218, Sydney NSW 2001

Website:          www.oaic.gov.au

16.   Changes to our Privacy Policy

We may change this Policy from time to time. Any updated versions of this Policy will be posted on our Site.  It is your responsibility to check this Policy periodically for changes. Continued use of our Services shall indicate your acknowledgement of that it is your responsibility to review this Policy periodically and become aware of any modifications.