Effective Date: 2 December 2022

Your privacy

Policies

This policy describes how your personal information is collected, used, processed and disclosed when you visit the Website or use the Service. Terms used on this page and not defined have the meanings given in the Terms.

The Website provides a technology platform that is used by governance professionals and business operators to make and implement informed policy decisions. Through the platform, a range of services are made available, including briefings and feedback sessions with policy or subject-matter experts, and access to tools designed to facilitate the creation and management of policies.

The Company values your privacy and considers privacy to be a shared responsibility. Our aim is to maintain the Website as a safe environment that is suitable for the purpose of the Service. This notice describes the information we collect from you or that you may provide when you visit the Website or use the Service and describes how we collect, use, protect and disclose that information.

By using or accessing the Website, you are accepting the practices described in this policy. If you do not agree to this policy, please do not use or access the Website. We may make changes to this policy from time to time and will update the date of the most recent revision above (being the "Effective Date") and take any other steps necessary to comply with applicable law. Your continued use of the Website is deemed to be acceptance of those changes, so please check this policy periodically for updates.

This policy applies to the Website only. Third party processors, or sites that link to the Website are not subject to this policy. Those sites may have policies that are different to this policy. You should consider the policies of those other sites when you follow links to or from the Website.

The categories of personal data we collect depend on how you interact with us and our Services. We collect personal data that you provide to us directly, personal data we collect through automatic data collection activities, and personal data from other sources, such as third-party services and organisations. Types of personal information we collect includes (without limitation):

  1. Identity Data (first name, surname, username, date of birth, nationality)
  2. Workplace Data (employer, job title)
  3. Contact Data (email address, phone number, business address, LinkedIn URL)
  4. Billing Data (bank account details, credit/debit card details) - we use Stripe for processing payments and your data will be processed by Stripe, subject to its policies
  5. Login Credentials (username & password)
  6. Device Data (IP address)
  7. Engagement Data (your location when you visit the Website data, resources that you access on the Website, your interaction with resources provided via the Website)
  8. Message Data (if you send us a message via the Website)
  9. Polling Data (if you respond to polls we conduct, we may store your response)
  10. Forum Data (if you participate in activities in The Forum, we may keep records of that activity)

Your personal information and the information you provide on the Website will only be read by you and, subject to your disclosure settings, by other users of the Service, or in any marketing materials in respect of which you have consented to your personal information being used. The Company provides disclosure tools that you can use to add permissions or restrictions to share information with nominated users. For example, you might disclose an insight in The Forum, with disclosure settings that allow anyone to comment. Other users of the Website may then see your personal information in that context. Your information belongs to you.

You can adjust your dashboard settings to send you email notifications when another user engages with your transaction dashboard content, or an insight you have shared. You can opt out of receiving these emails and instead review activity when you login to the Website.

We may disclose the personal information we collect, or that you provide to Us to:

  1. if you register as a subject matter expert, then your profile will be tagged as such and governance professionals who may seek to engage with you will see your biography - the reason for this is to support engagement between experts an those seeking expertise via the Website
  2. The company uses a range of third party services to provide the Services and maintain the Website. These include technology providers such as AWS and Stripe, and operations experts, who consult on the policy templates and research materials profiled on the Website. We sign standard terms of use with technology partners. You can request a full list of our third party technology partners by issuing a request using the setting in your profile. Our consulting agreement requires consultants to take reasonable measure to protect personal information. You can review a description of the measures taken by an expert in their biography.
  3. Where required by law or requested by reglators, we will comply, without consent of the person whose information is required
  4. If our business is reorganised or subject to a change of control, disclosure may be made. We ask relevant counterparties to sign confidentiality undertakings in such circumstances.

Your profile includes settings to nominate your preferences in relation to accessing your personal information and associated rights in your jusisdiction.

Your personal information will be handled by technology providers that we use. These include AWS, Stripe and Netlify.

Our legal bases for processing personal information are that it is in our legitimate interest to do so in order to create awareness and improve sales of the Services for current and prospective members and to enhance member experience by better matching members who use the Service. We also process personal information to comply with our legal obligations, including to comply with our tax obligations, to cooperate with law enforcement, judicial orders or regulatory requests, and to protect the interests and esnure the safety of members of the Website, third parties and the public. For subject matter experts, we also process personal information to better understand the needs of our members and to provide them with the best possible experience in engaging with the expert. If we become aware of any reason to cease processing personal information and consider the reason to, on balance, legitimately override the interests we have, then, except where required by law or where we have subsequently obtained your express consent, we will cease processing the personal information.

The personal information that we collect may be transferred to, stored, and processed to processors located both within and outside of the EEA (referred to in the GDPR as ‘third countries’) and in Australia and the United States where our servers are located and our central database is operated. The data protection laws of Australia or the United States may not be equivalent or as comprehensive as the data protection laws as those in your country. Consequently, your personal data may be processed outside your jurisdiction, including in countries and jurisdictions that are not subject to an adequacy decision by the European Commission that may not provide for the same level of data protection as your jurisdiction. To ensure that countries to which we transfer your personal data provide appropriate level of protection for your fundamental rights, we will govern the relationship by a with a contract that requires data processors to performa a transfer impact assessment and determine a reasonable basis for transfer exists, if required.

We have implemented measures designed to secure personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. We use AWS for storage and rely on its expertise as our primary method of security. This policy is under development. We will update it as we develop our security measures.

In designing the Website and the Services, our principals include:

  1. Security by Design: security is built into the design of the Website and the Services
  2. Security by Default: security is enabled by default
  3. Security by Obscurity: security is not based on hiding information, but on making it difficult to access
  4. Security by Prevention: security is based on preventing attacks, rather than detecting them
  5. Security by Least Privilege: the default approach taken must be to assume that access is not required, rather than to assume that it is
  6. Need to Know: access is only granted to the information required to perform a role, and no more

No system nor the transmission of personal data via the internet is completely secure. Although we take measures to protect your personal data, we cannot guarantee the security of your personal data that you provide to us. Any transmission of personal data is at your own risk. To the fullest extent permitted by applicable law, we do not accept liability for unauthorised disclosure.

We use cookies for authentication, security, preferences, features, and to conduct analytics and research. Some cookies are automatically placed on your browser by our web server when you visit the Website. Cookies can be read, updated or deleted by the same servers each time you visit the Website. We do not use third-party targeting cookies. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of the Website may then be inaccessible or not function properly.

If you are an EU resident, under European data protection laws you have rights including:

  1. Right of access - You have the right to request access to copies of your personal information.
  2. Right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  3. Right to withdraw consent – You have the right to withdraw previously given consent at any time. This may affect our ability to interact further with you.
  4. Right to erasure - You have the right to ask us to erase your personal information. This is also known as the right to be forgotten.
  5. Right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  6. Right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.
  7. Right to data portability - You have the right to ask that we transfer the personal information you gave us to another organization, or to you, in certain circumstances.
  8. Right to complain to a supervisory authority - You have the right to complain to a supervisory authority about our collection and use of your personal information.
  9. Right to not be subject to automated-decisions - Automated decision-making takes place when an electronic system uses personal data to make a decision without human intervention. We does not currently carry out automated decision-making in connection with our relationship with you by default. You have the right not to be subject to automated decisions that will create legal effects or have a similar significant impact on you, unless: You have given the Company your consent; it is necessary for a contract between you and us, or it is otherwise permitted by law. You also have certain rights to challenge decisions made about you.
  10. Right to object to marketing - You can object to Our marketing communications at any time by opting-out using the unsubscribe/ opt-out function displayed in our communications to you. You may also opt out by adjusting the settings in your profile. Please note that regardless of your request, the Company may still use and share certain information as permitted by this notice or required by applicable law. You may not opt out of certain transactional emails with the Company such as those confirming your requests or updates regarding our privacy notice or other terms.

If you are a resident of California, under CCPA & CalOPPA you have rights including:

  1. Right to rectification – Under CalOPPA, you have the right to review and request changes to any of your ‘personally identifiable information’ which we process pursuant to CalOPPA.
  2. Right to Know - You have a right to request the following information about our collection, use and disclosure of your personal information over the prior 12 months, and ask that we provide you with a copy of the following: categories of and specific pieces of personal information we have collected about you; categories of sources from which we collect personal information; the business or commercial purposes for collecting personal information; categories of third parties to whom the personal information was disclosed for a business purpose; and categories of personal information disclosed about you for a business purpose.
  3. Right to Delete - Under the CCPA, you have a right to request that we delete personal information, subject to certain exceptions.
  4. Right to opt-out / “say no” - Under CCPA you have the right to opt-out or “say no” to having your personal data sold to third parties.
  5. Right to not be discriminated against for exercising any of the above rights.

If you are a resident of Nevada, under Nevada Law SB220 you have the following:

  1. Right to opt-out. Under Nevada Law SB220 you have the right to opt out or “say no '' to having your personal data sold to third parties.
  2. You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

If you are a resident of a place not addressed above, and would like further information in relation to your legal rights under applicable law or would like to exercise them, you may contact us. We will consider all requests and provide our response within the time period stated by applicable law and as otherwise required by applicable law.

Anyone, can object to marketing communications from the Company at any time by opting-out using the unsubscribe/ opt-out function displayed in our communications, or by adjusting the notification settings in your profile. Regardless of your request, the Company may still use and share certain information as permitted by this notice or required by applicable law. You may not opt out of certain transactional emails with the Company such as those confirming your requests or updates regarding our privacy notice or other terms.

The Website and the Services are not intended for children. We do not knowingly collect personal data from children under the age of 13 (or 16 years of age for individuals in the EEA/UK). If you are under 13 years of age (or under 16 years of age in the EEA/UK), please do not use the Website or the Services or provide any personal personal information on or through the Website or the Services, including through on or through any of the features on the Website or the Services. If you are the parent or guardian of a child who has provided us with their personal data, please contact us. If we learn that we have collected personal data from a child under the age of 13 (or 16 years of age for individuals in the EEA/UK), we will take steps to delete such information as soon as possible.

You confirm that each time you visit the Website, and login to your account, you have read and understand, and agree to, the policy.