Privacy Policy
Overview
GRIST Consulting (“GRIST”) is a tactical consulting and behavioural analytics company and as such, provides consulting services to our clients. We collect, hold, use and disclose personal information to carry out activities relating to these services.
We are committed to ensuring the privacy of your information and to complying with the Australian Privacy Principles (“APPs”), which are contained in the Privacy Act 1988 (“Privacy Act”).
This Privacy Policy applies to GRIST and its employees, contractors and associates and covers, in an open and transparent way, GRIST’s information management and handling practices.
Types of personal information collected
The types of personal information we collect is dependent upon the type of activities performed, in addition to our regulatory obligations. This information may include, but is not limited to:
Contact details (name, title, address, email address and contact number)
Date of birth
Gender
Employment records
Financial records
Complaint details
As a general rule, GRIST will not ask to collect sensitive information about you (such as details of your racial or ethnic origin, political affiliation, religious beliefs, sexual preferences, criminal convictions or health information) unless it is needed for the purposes of providing our professional service. However, in circumstances where GRIST requires sensitive information from you, GRIST will first seek your consent to collect it.
Purpose for which personal information is collected and held
At all times, we try and minimise the amount of personal information collected and only collect details required for the particular activity which is being carried out. These activities may include, but are not limited to, the following:
providing professional services as instructed
participating in a GRIST service or program
subscribing to our website or our social media presence
receiving marketing communications and information relating to our services which we think may be of interest to you
attending a GRIST event
applying for a job vacancy with GRIST
registering your interest in employment with GRIST
working with GRIST as an employee or contractor
How personal information is collected and held
The main way we collect personal information about you is when you provide it to us. However, where this is not practicable, we may collect personal information from other third party public sources such as LinkedIn or from organisations on behalf of their employees.
Should sensitive information be processed for any of the purposes stated above, we will do so because either:
(a) You have given us your explicit consent to process that information;
(b) The processing is necessary to carry out our obligations under employment, social security or social protection law; or
(c) The processing is necessary for the establishment, exercise or defence of legal claims.
Collecting through our websites
GRIST’s website is hosted in Australia. There are several ways in which we collect information through our website.
Web analytics
We use Google Analytics to collect data about your interaction with our website. The sole purpose of collecting your data in this way is to improve your experience when using our site. The types of data we collect with these tools include:
device screen size
device type, operating system and browser information
geographic location (city)
referring domain and out link if applicable
search terms and pages visited on our website
date and time when pages were accessed on our website
Social networking services
We use social networking services such as LinkedIn and YouTube to communicate with the public about our work. When you communicate with us using these services, we may collect your personal information, but we only use it to help us to communicate with you and the public. The social networking service will also handle your personal information for its purposes. These services have their own privacy policies. You can access the privacy policies for LinkedIn and YouTube (a Google company) on their websites.
MailChimp and privacy consent
We use MailChimp to send some communications, which provides online tools to create, send and manage emails. MailChimp may collect personal information, such as distribution lists that contain email addresses, and other information relating to those email addresses.
For further information about the type of personal information MailChimp collects, refer to the MailChimp Privacy Policy.
We will only use this information to:
create, send and manage emails relating to the work of GRIST
measure email campaign performance
evaluate your use of our website
provide other services relating to website activity and internet usage.
MailChimp may transfer this information to third parties where required to do so by law, or where such third parties process the information on MailChimp’s behalf.
MailChimp collects information about when you visit the website, when you use the services, your browser type and version, your operating system and other similar information.
MailChimp is based in the United States of America (USA) and the information collected about your use of the website (including your IP address) will be transmitted to and stored by MailChimp on servers located outside Australia.
We are required to inform you that by subscribing to our eNewsletter:
You consent to your personal information being collected, used, disclosed and stored as set out in Mail Chimp’s Privacy Policy and agree to abide by Mail Chimp’s Terms of Use.
You understand and acknowledge that this service utilises a MailChimp platform, which is located in the United States of America (USA) and relevant legislation of the USA will apply.
Australian Privacy Principle 8.1 contained in Schedule 1 of the Privacy Act will not apply.
You understand and acknowledge that MailChimp is not subject to the Privacy Act 1988 (Cth) and you will not be able to seek redress under the Privacy Act 1988 (Cth) but will need to seek redress under the laws of the USA.
You can opt-out of our mailing list if you choose the ‘unsubscribe’ service provided by MailChimp in every email or if you contact GRIST and request to opt-out.
Disclosure
Common situations in which we disclose information are detailed below.
Disclosure to third parties
GRIST may disclose personal information to third parties we engage to assist in providing professional services to our clients or in the operation of our business (i.e. subcontractors, advisors and suppliers). These third parties include:
information technology and other software and systems,
data storage and archiving,
printing services,
advertising and marketing agencies who assist us with our campaigns and programs,
research organisations and consultants who conduct research.
Where we disclose your personal information to third-party service providers, we will take steps to ensure that those recipients protect that information from unauthorised access, modification or disclosure, and from misuse, interference and loss.
Disclosure of sensitive information
We only disclose your sensitive information for the purposes for which you gave it to us or for directly related purposes you would reasonably expect or if you agree, for example, to handle a complaint.
Disclosure of personal information overseas
GRIST’s head office is located in Australia and has a satellite office in New Zealand. Disclosure of personal information between the two countries may take place in the following circumstances:
a request to be contacted is shared with our office overseas to handle the query;
the complainant or respondent to a complaint is based overseas.
Web traffic information is disclosed to Google Analytics when you visit our websites. Google stores information across multiple countries.
When you communicate with us through a social network service such as LinkedIn the social network provider and its partners may collect and hold your personal information overseas.
Storage and security of personal information
We hold personal information in hard copy and electronic formats. We use a range of physical, operational and technological security measures to protect this information. These measures include:
Education and training to ensure our employees are aware of their privacy obligations when handling your personal information;
Administrative and technical controls to restrict access to personal information to only those people who need access;
Technological security measures, including firewalls, encryption and anti-virus software;
Physical security measures, such as staff access passes to the GRIST office.
How to contact us
You can get in touch with us to:
request access to personal information about you that we hold
ask us to correct your personal information if you find that it is not accurate, up to date or complete
make a complaint about our handling of your personal information
To protect your privacy and the privacy of others, we will need evidence of your identity before we can grant you access to information about you or change it.
We undertake to respond within 30 days. If the request or complaint will take longer to resolve, we will provide you with a date by which we expect to respond.
Contact us at:
Privacy Officer
GRIST Consulting
Level 23, 727 Collins Street
Melbourne VIC 3008
Email: info@gristconsulting.com.au
Telephone: +61 3 9101 8001