Privacy Policy

We respect your privacy


GRIST respects your right to privacy and is committed to protecting the personal information of our clients, partners, and website visitors. We comply with the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cth) and regularly review our practices to ensure continued alignment with the law.

GRISTworks is ISO 27001 accredited, demonstrating our commitment to the secure and compliant management of user and client data.

This policy explains how we collect, use, disclose and protect your personal information including any data processed through AI technologies or behavioural tools used in our consulting and coaching services.

What is personal information?

“Personal information” means information that identifies or could reasonably identify you. This may include contact details, employment or performance data, session notes, or behavioural observations gathered during coaching or consulting engagements.

1. Collection of personal information

We may collect personal information:

When you engage our services or participate in coaching programs

When you register for an event, complete a form or sign up for updates

Through consulting sessions, workshops or training interactions

Via third-party systems (e.g. HR or learning platforms) where integrated

Through our website, analytics tools, or communications (email, phone, video)

Examples of information collected:

Name, email address, and contact details

Role, employer, team structure, and performance objectives

Coaching goals, feedback, workshop insights, and behavioural data

Transcripts or summaries of coaching interactions

Website usage data (e.g. through cookies or analytics tools)

2. How we use personal information

We use your information to:

  • Deliver and tailor our consulting, coaching, and development services

  • Provide tools, insights and reports that support capability and performance

  • Evaluate and improve leadership, coaching, or operational rhythms

  • Communicate important updates or event information

  • Comply with legal obligations and internal governance standards

We may also use de-identified or aggregated data to improve our methodologies, research outcomes, or product development. De-identified data is not considered personal information under the Privacy Act.

3. Use of AI and behavioural data

Where AI tools are used—for example, to summarise session notes or assess behavioural patterns - we ensure this is transparent, ethical, and supports human decision-making. We do not rely on fully automated decision-making for any outcome with legal or significant personal impact.

Any use of AI or automated analysis will be disclosed, and where required, your consent will be obtained. AI outputs are designed to support - not replace - human expertise in coaching and consulting.

4. Disclosure of personal information

We may disclose your personal information:

  • To GRIST team members, contractors or service providers who support delivery

  • To trusted partners for platform, data storage, or AI processing - subject to appropriate data security standards

  • When required by law (e.g. court orders, regulatory authorities)

  • In the context of a business restructure, merger, or acquisition - with confidentiality safeguards

If your personal information is transferred outside Australia, GRIST ensures appropriate protections are in place in accordance with Australian law.

5. Your rights

You have the right to:

  • Request access to personal information we hold about you

  • Correct any inaccurate or incomplete information

  • Withdraw consent to the use of your data (where applicable)

  • Know when AI tools are being used in relation to your information

  • Raise any concerns about how your information is handled

6. Security of personal information

We take reasonable steps to protect your personal information from misuse, interference, loss, or unauthorised access. These include:

  • Data encryption and secure storage

  • Access controls and staff training

  • Ongoing monitoring and review of data practices

However, please note that no method of transmission over the internet is completely secure. While we work to safeguard your data, we cannot guarantee absolute security.

7. Access, corrections and complaints

To request access to, or correction of, your personal information, or to lodge a complaint about how we handle your data, please contact us:

Email: info@gristconsulting.com.au
Mail: GRIST, Level 23, 727 Collins Street, Melbourne VIC 3008

We take privacy concerns seriously and aim to resolve all issues in a fair and timely manner.

8. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in law, technology, or how we operate. The latest version will always be available on our website.

9. Website, cookies and third-party services

Our website uses cookies and similar technologies to analyse traffic and improve the user experience. You can disable cookies through your browser settings.

Our site may include links to third-party websites or tools (e.g. LinkedIn, Google Analytics). GRIST is not responsible for the privacy practices of those external sites.