PrimeInsights Privacy Policy
The PrimeInsights Privacy Policy is detailed below. This Application collects some Personal Data from its users.
Data Controller and Owner
PrimeInsights
Currambine, WA, 6028, Australia
Owner contact email (see Data Controller): [email protected]
About this Privacy Policy
PrimeInsights respects your privacy and is committed to handling personal information responsibly and transparently.
This Privacy Policy explains how PrimeInsights collects, holds, uses and discloses personal information in connection with:
- the PrimeInsights website;
- enquiries and communications;
- consulting and advisory services;
- client engagements;
- workshops, meetings and stakeholder consultations;
- invoicing and business administration; and
- other interactions with PrimeInsights.
PrimeInsights is an Australian consulting business, ABN 25 967 289 895, trading as PrimeInsights.
In this Privacy Policy, PrimeInsights, we, us and our refer to the proprietor trading as PrimeInsights.
Our business address is Perth, Western Australia.
We seek to handle personal information consistently with the Privacy Act 1988 (Cth), the Australian Privacy Principles and other applicable Australian privacy requirements.
What is personal information?
Personal information is information or an opinion about an identified individual or an individual who is reasonably identifiable.
Personal information may include:
- a person’s name;
- email address;
- telephone number;
- postal or business address;
- position or job title;
- employer or organisation;
- financial or billing information;
- correspondence and communications;
- professional history or qualifications;
- information provided during interviews, meetings, workshops or consultations;
- photographs, audio recordings or video recordings;
- website usage information; and
- other information that identifies, or could reasonably identify, an individual.
Personal information does not generally include information that has been properly de-identified so that an individual is no longer reasonably identifiable.
Sensitive information
Sensitive information is a category of personal information that is generally afforded a higher level of protection.
It may include information about a person’s:
- racial or ethnic origin;
- political opinions;
- religious or philosophical beliefs;
- professional or trade association membership;
- trade union membership;
- sexual orientation or practices;
- criminal record;
- health or disability;
- genetic or biometric information; or
- other information treated as sensitive under applicable privacy laws.
Due to the nature of consulting work for non-profit and community organisations, PrimeInsights may occasionally receive sensitive information concerning employees, volunteers, members, donors, service recipients, beneficiaries or other stakeholders.
PrimeInsights will only collect sensitive information where:
- it is reasonably necessary for the agreed consulting services;
- the individual has consented;
- the Client has confirmed that it has the necessary authority or consent to provide the information;
- collection is required or authorised by law; or
- another lawful exception applies.
Clients should avoid providing identifiable sensitive information unless it is necessary for the agreed services.
Where reasonably practicable, information should be anonymised or de-identified before being provided to PrimeInsights.
What personal information we collect
The information we collect depends on how you interact with PrimeInsights and the nature of the services being provided.
Website visitors and people making enquiries
We may collect:
- your name;
- email address;
- telephone number;
- organisation and position;
- information included in an enquiry or contact form;
- correspondence with PrimeInsights;
- IP address;
- browser and device information;
- pages viewed and actions taken on the website;
- referring website details; and
- cookie and website analytics information.
Clients and prospective clients
We may collect:
- names and contact details;
- organisation and role information;
- business and operational information;
- project requirements;
- quotations, proposals and agreed scopes of work;
- meeting notes and correspondence;
- payment and invoicing details;
- feedback about our services; and
- information reasonably required to provide the consulting services.
Client personnel and stakeholders
As part of a consulting engagement, we may receive information about:
- board members;
- committee members;
- employees;
- contractors;
- volunteers;
- donors;
- members;
- funding partners;
- service providers;
- community representatives;
- service recipients;
- beneficiaries; and
- other stakeholders connected with the Client.
This information may be collected through:
- documents supplied by the Client;
- interviews;
- surveys;
- workshops;
- meetings;
- stakeholder consultations;
- emails and correspondence;
- research activities; and
- other agreed consulting processes.
Suppliers and professional contacts
We may collect:
- names and contact details;
- organisation and position;
- service and contractual information;
- payment and banking details;
- professional correspondence; and
- records relating to our business relationship.
Financial information
We may collect information required for invoicing, payment processing, bookkeeping and taxation, including:
- billing names and addresses;
- email addresses;
- Australian Business Numbers;
- invoice and payment records;
- bank account information where provided; and
- transaction details.
PrimeInsights does not generally collect or store complete payment card details. Where card payments are offered, those details may be processed directly by a third-party payment provider.
How we collect personal information
We may collect personal information:
- directly from you;
- through the PrimeInsights website;
- through email, telephone or video communications;
- during meetings, interviews, workshops or consultations;
- through surveys or questionnaires;
- when you request information or a quotation;
- when you engage PrimeInsights;
- when you provide documents or project materials;
- from a Client that has engaged us;
- from another person within your organisation;
- from professional advisers or service providers;
- from publicly available sources;
- from government, regulatory or professional databases;
- through website cookies and analytics tools; and
- from third parties where collection is lawful and reasonably necessary.
Where reasonably practicable, we will collect personal information directly from the individual concerned.
In some consulting engagements, it may be impracticable to collect information directly from each individual. For example, a Client may provide internal documents, stakeholder records or aggregated project data.
Where a Client provides personal information about another person, the Client is responsible for ensuring that it has the authority to provide that information and that any required privacy notices or consents have been provided or obtained.
Can you remain anonymous?
Where lawful and practicable, you may interact with PrimeInsights anonymously or by using a pseudonym.
However, we may require your identity and contact details where they are reasonably necessary to:
- respond to an enquiry;
- provide consulting services;
- enter into a business relationship;
- issue invoices;
- meet legal or taxation obligations;
- verify authority to provide instructions; or
- properly handle a complaint or request.
Why we collect and use personal information
PrimeInsights may collect, hold and use personal information to:
- respond to enquiries;
- assess prospective consulting engagements;
- prepare quotations and scopes of work;
- provide consulting, advisory, research and facilitation services;
- communicate with Clients and stakeholders;
- conduct interviews, surveys, workshops and consultations;
- analyse information and prepare reports or recommendations;
- administer Client relationships;
- manage projects and Deliverables;
- issue invoices and process payments;
- maintain accounting, taxation and business records;
- engage suppliers, contractors and professional advisers;
- improve our services and website;
- monitor website performance and security;
- maintain internal records;
- manage complaints and disputes;
- establish, exercise or defend legal claims;
- comply with legal, regulatory and contractual obligations; and
- carry out other purposes disclosed at the time of collection.
We may also use personal information for a related purpose where an individual would reasonably expect us to do so, or where otherwise permitted by law.
Client-supplied information
Clients may provide PrimeInsights with personal information as part of a consulting engagement.
The Client is responsible for:
- determining what information is necessary to provide;
- ensuring it is authorised to disclose the information;
- obtaining any required consents;
- notifying affected individuals where required;
- avoiding unnecessary disclosure of personal or sensitive information;
- de-identifying information where reasonably practicable; and
- notifying PrimeInsights of any specific handling, security, retention or deletion requirements.
PrimeInsights will use Client-supplied personal information only for the agreed services, related administrative purposes, or as otherwise authorised or required by law.
Unless otherwise agreed, PrimeInsights does not independently verify whether Client-supplied information is complete, accurate or lawfully collected.
Disclosure of personal information
PrimeInsights may disclose personal information where reasonably necessary to:
- provide the agreed services;
- administer our business;
- comply with legal obligations; or
- protect our legitimate interests.
Recipients may include:
- the Client that engaged PrimeInsights;
- authorised Client personnel;
- PrimeInsights employees or contractors;
- professional advisers, including accountants and legal advisers;
- information technology and cybersecurity providers;
- website hosting and maintenance providers;
- cloud storage and document management providers;
- email and communications providers;
- videoconferencing and online meeting providers;
- customer relationship and project management providers;
- survey, workshop and collaboration platforms;
- accounting and invoicing providers;
- payment processors and financial institutions;
- government agencies, courts or regulators;
- insurers; and
- other parties authorised by the individual or Client.
PrimeInsights does not sell personal information.
We may disclose information where required or authorised by law, including in response to a lawful request from a court, regulator, government agency or law enforcement body.
Contractors and service providers
PrimeInsights may engage contractors, consultants and third-party service providers to assist with our operations or the delivery of consulting services.
We will take reasonable steps to ensure that parties handling personal information on our behalf:
- only receive information reasonably necessary for their role;
- use the information only for authorised purposes;
- maintain appropriate confidentiality and security; and
- comply with applicable contractual and legal obligations.
Where a Client requires particular contractors, platforms or service providers to be used, the privacy and security practices of those providers may also apply.
Overseas disclosure and storage
Some technology and service providers used by PrimeInsights may store or process information outside Australia.
These providers may operate infrastructure or engage subprocessors in countries including:
- the United States;
- New Zealand;
- the United Kingdom;
- countries within the European Economic Area;
- Singapore; and
- other locations disclosed by the relevant provider.
The countries involved may change as service providers update their infrastructure and subcontracting arrangements.
Where personal information may be disclosed or made accessible overseas, PrimeInsights will take reasonable steps appropriate to the circumstances to protect the information and to use reputable service providers.
However, overseas recipients may be subject to privacy laws that differ from Australian law.
Clients should notify PrimeInsights before providing information that:
- must remain within Australia;
- is subject to a specific data residency requirement;
- is classified or highly sensitive; or
- requires the use of an approved technology environment.
Any special data residency or security arrangements must be agreed before the information is supplied.
Website information and cookies
The PrimeInsights website may automatically collect technical and usage information, including:
- IP address;
- browser type;
- device type;
- operating system;
- approximate location;
- date and time of access;
- pages visited;
- links selected;
- referring website; and
- website errors and security events.
The website may use cookies and similar technologies to:
- operate website functionality;
- remember user preferences;
- understand website traffic;
- measure website performance;
- improve user experience;
- detect fraud or malicious activity; and
- maintain website security.
Cookies are small data files stored on a user’s device.
You can usually configure your browser to refuse or delete cookies. Disabling cookies may affect some website functionality.
Website analytics
PrimeInsights may use website analytics services to understand how visitors interact with the website.
Analytics providers may collect information such as:
- IP address;
- browser and device details;
- pages viewed;
- time spent on the website;
- referral source;
- general geographic area; and
- interactions with website content.
This information is generally used in aggregated form to assess and improve website performance.
Analytics providers may process information outside Australia in accordance with their own privacy policies.
Contact forms and email communications
When you submit a contact form or communicate with PrimeInsights, we may collect the information you provide, together with technical information associated with the communication.
We use this information to:
- respond to your request;
- provide information about our services;
- prepare a quotation or Scope of Works;
- maintain a record of the communication; and
- manage any resulting business relationship.
Website forms may use spam prevention or security services that process technical information about the submission.
You should not submit sensitive information through a general website contact form.
Direct marketing
PrimeInsights may use contact information to send:
- service information;
- business updates;
- invitations;
- articles or resources;
- event information; or
- other communications reasonably relevant to our business relationship.
We will only send direct marketing communications where permitted by law.
You may unsubscribe at any time by:
- using the unsubscribe facility included in the communication; or
- contacting PrimeInsights using the details at the end of this policy.
Operational communications concerning an existing enquiry, engagement, invoice or service are not direct marketing and may continue where reasonably necessary.
PrimeInsights does not provide Client or stakeholder contact lists to third parties for their independent marketing purposes.
Social media and external websites
PrimeInsights may maintain profiles on social media or professional networking platforms.
When you interact with PrimeInsights through those platforms, the platform provider may collect and process personal information under its own privacy policy.
The PrimeInsights website may include links to external websites. PrimeInsights is not responsible for the privacy, security or content of third-party websites.
You should review the privacy policy of any external website or platform before providing personal information.
Security of personal information
PrimeInsights takes reasonable administrative, technical and physical measures to protect personal information against:
- misuse;
- interference;
- loss;
- unauthorised access;
- unauthorised modification; and
- unauthorised disclosure.
Security measures may include:
- access controls;
- passwords and multi-factor authentication;
- device and account security;
- encrypted communications and storage where appropriate;
- reputable hosting and cloud providers;
- software updates and security monitoring;
- backups;
- limiting access to people who require it;
- confidentiality obligations; and
- secure disposal practices.
No method of electronic transmission or storage is completely secure. PrimeInsights cannot guarantee that information will never be affected by a security incident.
Clients should not provide highly sensitive or confidential information through unsecured communication channels unless appropriate arrangements have been agreed.
Data breaches
A data breach may occur where personal information is lost or is subject to unauthorised access, use or disclosure.
If PrimeInsights becomes aware of a suspected data breach, we will assess the incident and take reasonable steps to contain and remediate it.
Where required by law, PrimeInsights will notify affected individuals and the Office of the Australian Information Commissioner.
Where a breach concerns Client-supplied information, PrimeInsights may also notify and cooperate with the relevant Client.
Retention and destruction
PrimeInsights retains personal information only for as long as it is reasonably required for:
- the purpose for which it was collected;
- providing or completing consulting services;
- maintaining project and business records;
- responding to enquiries or disputes;
- insurance and risk management;
- accounting and taxation obligations;
- professional recordkeeping; or
- compliance with legal and contractual obligations.
Different types of records may be retained for different periods.
When personal information is no longer reasonably required, PrimeInsights will take reasonable steps to:
- securely delete it;
- destroy it;
- return it to the Client where agreed; or
- de-identify it.
Deletion may not immediately remove information from backups, archives or systems where immediate deletion is impracticable. Such information will remain protected and will be removed through ordinary system processes.
Clients requiring a specific retention or destruction schedule must agree those requirements with PrimeInsights before providing the information.
Accuracy and correction
PrimeInsights takes reasonable steps to ensure that personal information is accurate, complete, relevant and current for the purposes for which it is used.
You may request correction of personal information held about you if you believe it is inaccurate, incomplete, out of date, irrelevant or misleading.
We may need to verify your identity before making a correction.
If we do not agree to a requested correction, we will explain the reason where required and may record a statement that the information is disputed.
Access to personal information
You may request access to personal information that PrimeInsights holds about you.
Requests should be made using the contact details at the end of this policy.
Before providing access, we may need to:
- verify your identity;
- clarify the information requested; and
- consult with another person or organisation where the request affects their information.
We will respond within a reasonable period.
Access may be refused or limited where permitted by law, including where:
- providing access would unreasonably affect another person’s privacy;
- the information relates to actual or anticipated legal proceedings;
- the request is frivolous or vexatious;
- providing access would be unlawful;
- providing access could prejudice an investigation or enforcement activity; or
- another lawful exception applies.
Where access is refused, PrimeInsights will generally provide the reason unless prohibited from doing so.
PrimeInsights will not ordinarily charge for making an access request. We may charge reasonable costs for locating, compiling or providing extensive information where permitted by law and disclosed in advance.
Information about children and vulnerable individuals
PrimeInsights does not intentionally collect personal information directly from children through its general website.
Consulting engagements involving non-profit, educational, community or service organisations may involve information relating to children or vulnerable individuals.
In those circumstances, PrimeInsights will seek to:
- limit collection to information reasonably necessary for the engagement;
- use de-identified or aggregated information where practicable;
- follow agreed safeguarding and consent arrangements;
- avoid unnecessary direct identifiers; and
- apply additional care to the storage, use and disclosure of the information.
The Client remains responsible for obtaining any necessary parental, guardian, participant or organisational consents unless otherwise agreed.
Government identifiers
PrimeInsights will not use an Australian government-related identifier, such as a Medicare number, Centrelink reference or tax file number, as its own identifier for an individual.
PrimeInsights will only collect, use or disclose government identifiers where reasonably necessary and permitted by law.
Clients should not provide government identifiers unless specifically requested and necessary for an agreed lawful purpose.
Artificial intelligence and automated tools
PrimeInsights may use technology-assisted tools to support administrative, research, analysis, transcription, drafting or productivity activities.
PrimeInsights will take reasonable steps to ensure that personal or confidential information is not entered into publicly accessible artificial intelligence tools where doing so would be inconsistent with:
- the purpose for which the information was provided;
- Client instructions;
- confidentiality obligations;
- applicable privacy requirements; or
- agreed security restrictions.
Where an engagement is likely to involve material use of an artificial intelligence or automated processing service with Client information, PrimeInsights may discuss the proposed use with the Client.
PrimeInsights does not make decisions producing significant legal or similarly significant effects about individuals solely through automated processing.
Privacy complaints
You may contact PrimeInsights if you have a question or complaint about:
- how your personal information has been handled;
- a suspected breach of this Privacy Policy;
- a request for access or correction; or
- our compliance with applicable privacy requirements.
Please provide sufficient information for us to understand and investigate the matter.
PrimeInsights will:
- acknowledge the complaint within a reasonable period;
- investigate the circumstances;
- seek any additional information reasonably required; and
- provide a response or proposed resolution within a reasonable period.
We will ordinarily aim to respond substantively within 30 calendar days.
If you are not satisfied with our response and the Privacy Act applies to the matter, you may be able to lodge a complaint with the Office of the Australian Information Commissioner.
Changes to this Privacy Policy
PrimeInsights may update this Privacy Policy from time to time to reflect:
- changes to our services;
- changes to our information-handling practices;
- changes to technology or service providers;
- legal or regulatory developments; or
- feedback and operational requirements.
The current version will be published on the PrimeInsights website with the date it was last updated.
Material changes will apply from the date the updated policy is published unless stated otherwise.
Contacting PrimeInsights
Questions, requests or complaints concerning privacy may be directed to:
PrimeInsights
ABN: 25 967 289 895
Business address: Perth, Western Australia
Email: [email protected]
Website: https://www.primeinsights.com.au/
Please include enough information for PrimeInsights to identify you and understand your request. We may request proof of identity before providing access to personal information or making material changes to a record.