Table of Contents
Privacy Policy
Peter Berry Consultancy Pty Ltd (‘PBC’, ‘we’, ‘us’) aims to manage the personal information we collect about you in an open and transparent way and to protect it.
Scope
We conduct our business from Australia and comply with the Privacy Act 1988, which includes the Australian Privacy Principles. Save for our Australian based employees, this policy applies to all the personal information we collect when conducting our business, including personal information we collect through our website at www.peterberryconsultancy.com
If you are an individual based in Europe (in a country within the European Economic Area (EEA) or the UK) this policy also provides further information about our processing of your personal information and your rights and choices in the section ‘Individuals (data subjects) in Europe’.
This policy explains the types of personal information we collect about you and why, from whom, the basis on which we process it and how we use it, to whom we usually disclose your personal information (including overseas), how we hold it and keep it secure and your privacy choices and rights. We may need to update this policy from time to time to reflect changes in our legal obligations, practices and services.
The most current version of this policy is available on our website and in print from our offices and you should check the current policy from time to time to take notice of any changes we make, as they are binding on you.
If you have any questions regarding our policy, wish to exercise your rights or to make a complaint, please contact our Privacy Officer whose details are at the end of this policy.
When do we collect
We collect personal information in the course of providing our contracted services as a consulting and diagnostics provider to our client organisations, to our partners and to our customers directly. This includes when:
- we conduct assessments, testing and surveys
- we carry out profiling, consulting, training and development
- we conduct research
- you participate in an assessment process – either by completing a survey or an assessment
- you book a workshop or event with us
- we provide ad hoc product implementation support to our distributors, customers and client organisations
- we prepare ad hoc group reports for client organisations, customers in response to requests we receive
We also collect your personal information when:
- you contact us either via our website, by email or phone
- visit our website
- we conduct research
- you sign up to our newsletter
- you request access to your personal information
- we comply with our legal obligations
- you apply for a role with us.
We collect personal information directly from you (eg when you complete a survey or an assessment on the survey platform we use) or from others (eg individuals if they rate or assess you; from your employer or other organisation you work with and from our distributors who support client organisations who use our services).
Cookies Policy
Click here https://peterberryconsultancy.com/cookie-policy/ for our cookies policy which explains what information we collect through our use of third party cookies and analytics and for what purposes.
What kind information
What kinds of personal information do we collect and hold about you?
The personal information we collect and hold about you in our records depends on who you are and your relationship with us.
It may include name, title/occupation, employer, business contact details, personal email addresses , credit card details (when placing an order). It may also include information you provide when you answer questions, including testing using standard measures of an individual’s psychological tendencies or abilities
We may also obtain feedback from others about your performance. Reports generated from yours and others’ responses about you are also considered personal information.
We may also collect anonymous information from you if you complete a survey.
If you apply for a role with us we may collect information from your cv, about your job history, education and qualifications, references, residency status and working rights and other information you provide to us during the recruitment process.
If you do not provide us with all of the information we request when you engage with us, you may not be able to complete a survey or testing, we may not be able to provide your organisation with our services or respond to your request or complaint or t process your application.
We do not collect any sensitive information to deliver our products and services.
Dealing with us
Dealing with us anonymously or using a pseudonym
You may choose not to identify yourself when you deal with us or to use a pseudonym. For example, when we conduct surveys of employees in organisations. However, in many cases we will need to identify you in order to provide our services, to assist you, to provide you with access to your personal information and to comply with our legal and contractual obligations.
The purposes
The purposes for which we use and disclose personal information.
We use and disclose the personal information we collect from you to:
- provide our profiling, training, consulting, selection or development services to our client organisations that you may be part of
- manage our relationship with you and/or the organisation you represent.
- conduct research
- develop our products and services
- prepare, submit and follow up payment of our invoices
- send you with your consent where required by applicable law, information about products, services or events and workshops you may be interested in by email
- comply with our legal statutory and contractual obligations
- obtain legal advice and protect and defend our rights and property
- respond to enquiries, requests and complaints, including to verify you
- administer your job application
- we provide ad hoc product implementation support to our distributors and client organisations
- we prepare ad hoc group reports for client organisations in response to requests we receive
- to de-identify and share it with third parties to produce aggregated reporting and reporting for research purposes
Who do we disclose
Who do we disclose or give access to your personal information (including overseas)?
We will need to share the personal information we collect about you with:
- our client organisations who you may be employed with or represent to provide our services to them – they may be located overseas, that is outside the country or region you are in (such as outside Australia or Europe);
- individuals with whom you have worked (who may be located overseas);
- our associates (such as contractors or sub-contractors) who carry our work on our behalf;
- our subcontractors or third party service providers, including our software providers such as our cloud based platform provider who process and store personal information on our behalf in the course of providing our services and to support the operation of our website and IT systems. For more information about our security controls, please see our Security Whitepaper; and
- if we or a part of our business undergo re-organisation or are sold or licensed to a third party, any personal information we hold about you may be transferred to that re-organised entity, licensee or third party.
We will aim to limit access and disclosure to the extent necessary and, any third parties to whom we disclose or permit access to your personal information in the course of providing us with services, will be subject to strict contractual obligations and restrictions to ensure that they protect personal information and keep it confidential, consistent with relevant privacy and data-protection laws and our own legal obligations we may have to parties who share personal information with us.
We will not otherwise disclose your personal information to another party unless:
- we have your consent (express or implied);
- we are disclosing it for a related purpose that you would reasonably expect; or
- we are otherwise permitted to such as if we are required or authorised by applicable laws or relevant professional codes of ethics (e.g., prevention of harm to self or others).
Direct marketing
Opting out of direct marketing
If you have provided your consent to receiving direct marketing from us, you can withdraw it without detriment at any time by contacting us on the details below or by clicking on the unsubscribe link in our electronic communications.
Individuals in Europe
Individuals (data subjects) in Europe
As an Australian organisation and given our activities, we may process limited personal information (which does not include any sensitive categories of personal information) on an ad hoc basis.
If you are based in the UK or in a country in the EEA and we collect and process your personal information, you have certain rights and protections under the EU GDPR, the UK GDPR and/or a Data Protection Agreement that we enter into with our client organisations or our distributors (DPA) who are based in the EEA or UK. These are in addition to your rights under the Privacy Act 1988. A copy of the standard DPA that we will enter into can be provided on request. The DPA includes where applicable the standard “model contractual clauses” approved by the European Commission (and also the UK Information Commissioner) to protect your personal information. (See https://eur-lex.europa.eu/lecial-content/EN/TXT/HTMLJ?uri=CELEX:32021D0914&from=EN for EEA or https://ico.org.uk/media/for-organisations/documents/4019483/international-data-transfer-addendum.pdf for UK.)
If our data processors are located in the US, they may also be a certified member of the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov/list) or another valid scheme.
To find out more about how we support the protection of personal information we process in Australia to help our clients meet their GDPR transfer requirements and recognise your rights, please see our Security Whitepaper.
This section sets out the additional information that may assist you in understanding the basis on which we process your personal information that we access and which is transferred to us, for the purposes of the GDPR.
Legal grounds for processing: The following legal grounds would apply when we process your personal information:
- with your consent – we need your consent to collect and use your personal information when you participate in a program of services we provide to our client organisations you are part of. You can withdraw your consent by contacting us (see above).
- contract performance – we may need to collect and process your personal information to enter into a contract with you or to perform our obligations under a contract with you.
- if it is necessary for our legitimate interests and does not override your rights and interests – this may be when we carry out research, providing services to client organisations and comply with our obligations under contracts with client organisations and distributors, or communicate with you.
- to comply with laws or regulation that apply to us.
Your additional rights and choices: You can do the following things in relation to personal information we process under a Data Protection Agreement –
- obtain information about the processing of your personal information.
- ask us to erase your personal information without undue delay in certain circumstances such as if you withdraw your consent and we are not otherwise legally entitled to retain it.
- object to, and ask us to restrict, our processing of your personal information in certain circumstances, such as while we verify your assertion the information is inaccurate or if we are processing your information for our legitimate interests or for direct marketing purposes (we may be legally entitled to refuse that request).
- in some circumstances such as where we are processing your information with your consent, receive some personal information you have given us in a structured, commonly used and machine-readable format and/or ask us to transmit it to someone else if technically possible feasible.
- withdraw your consent (but we may be able to continue processing without your consent if there is another legitimate reason to do so.
How to access
How to access and correct your personal information that is held by us.
You may access the personal information we have collected and hold about you (including by receiving a copy) subject to any applicable exceptions, and request correction of that personal information. When you make a request to access your personal information, we will need to verify your identity. In some situations, we may charge a fee for our costs in providing the information to you. We may also refuse your request in whole or in part if an applicable exception to access applies, in which case we will notify you of our decision in writing and explain why and how you can complain if you are not satisfied with our decision.
It is important that you ensure the information you provide us is complete, accurate and current. If you believe any of the personal information we hold about you is incorrect, please contact our Privacy Officer.
Storage and retention
Storage and retention of your personal information
We store your personal information in a combination of secure computer files and paper based
files. Information is held on our servers and/or on the servers of our third party software platform service provider whose servers may be located outside Australia including the US and Europe. They are subject to contractual terms that requires them to process data in accordance with applicable privacy and data protection laws. We take steps to protect your personal information and to destroy or de-identify it when we no longer need it. These are further described in our Security Whitepaper.
Data security incident alert
If you believe that any personal information we hold about you may be compromised by a data security breach, please let us know immediately so that we can investigate the incident.
We will generally retain information collected in the course of providing our consulting and diagnostics services programs for a period of three years. We keep client and supplier information for as long as we maintain a relationship and for 7 years afterwards or otherwise as required for our business operations or by applicable laws. We may need to retain certain personal information after a customer or supplier account has been closed or deleted to enforce our terms, to identify, issue or resolve legal claims and/or for proper record keeping purposes. To ensure we can respect your wishes we may also retain a record of: any stated objection by you to receiving our marketing and not to contact you further or any other request you make when you exercise your data subject rights.
We may also retain a record of any stated objection by you to receiving our marketing for the purpose of ensuring we can continue to respect your wishes and not contact you further.
Privacy concerns and complaints
Privacy concerns and complaints
If you believe that we have not handled your personal information consistent with this policy and our privacy obligations, please contact our Privacy Officer on the contact details at the end of this policy so that we can investigate and address your concerns.
We may need to seek further information from you and will aim to respond to your complaint within 14 days.
If you are not satisfied with our proposal to resolve your complaint, you may contact the:
Office of the Australian Information Commissioner
GPO Box 5218
SYDNEY NSW 2001
Website: www.oaic.gov.au
Our contact details
Attention: Privacy Officer
Telephone: +61 (0)2 8918 0888
Email: privacy@peterberryconsultancy.com
Address: Level 8, 201 Miller Street, North Sydney NSW 2060, Australia.
This policy was last updated in August 2024