Our privacy obligations

Last updated: 28 July 22

Nosworthy Group is based in Australia. We design and deliver learning experiences for organisational leaders and teams. Sometimes, to do our work, we collect personal information.

‘Personal information’ or ‘personal data’ means information or an opinion about an identified individual, or an individual who is reasonably identifiable (personal information).

When we collect personal information, we are governed by the Australian Privacy Principles under the Privacy Act 1988 (Cth). When we collect personal information about residents of other countries, we are also governed by local laws. For example:

• when we collect personal information in the United States of America (USA), we align with the California Consumer Privacy Act, and
• when we collect personal information in the European Union (EU) or the United Kingdom of Great Britain and Northern Ireland (UK), we are also governed by the EU or UK General Data Protection Regulations (EU GDPR and UK GDPR).

This Privacy Policy sets out how Nosworthy Group handles the personal information that we collect. We review this policy regularly, and we update it from time to time. You can always find the most up-to-date version on our website.

When we collect and hold personal information

We collect and hold personal information where it is reasonably necessary to do our work and run our business:

• We collect personal information about individuals who work for or represent our partners.
• We collect personal information about our staff, suppliers and third party service providers (Service Providers), as well as the contact details of individuals who work for contractors, suppliers and Service Providers, and other types of professional associates and contacts.
• We may collect personal information in the course of providing services or products with or to our partners, such as information about participants in our learning sessions.

We collect personal information when you consent, or otherwise where it is required for our legitimate interests – that is, to run our business and provide our products and services. Where you have consented to our collecting your personal information, you may withdraw your consent at any time.

The types of personal information we collect and hold

We may collect the following types of personal information:

• Partners: Name, role, and business contact details.
• Service Providers, contractors: Name, role, and business contact details for business representatives and relevant staff, and other information required to administer the business relationship.
• Staff: Name, role, contact details, health information, payment details, next of kin, and other information required to administer the employment relationship.  
• Others: The information we collect may vary depending on the products or services we provide. We provide specific details in the Collection Notices for those products or services. This information could include, for example, name, role, and business contact details, and information provided by participants in our learning sessions, interviews, discussions and questionnaires.

How we collect personal information

Information that you specifically give us

We may ask you to provide us with certain types of personal information if you wish to obtain a particular service or product from us, or where we have been engaged by a partner to deliver a product or service that requires us to collect personal information. This might happen digitally through emails, video conferencing or other web applications, on paper or through face-to-face interactions. When we collect your personal information, we will give you a Collection Notice which will explain what we are asking for and how we will use it. The notice may be written or verbal.

You might also provide your personal information to us without us directly asking for it. For example, if you engage with us on social media.

If you apply for a job with us, we will collect the personal information that you provide in your application.

You may also give us personal information during the course of a product or service we provide.

Information that we collect from others

If you apply for a job with us, we may collect personal information about you from a recruiter acting on your behalf, and from your referees. With your consent, we may also use a third party service provider (Service Provider) to ensure your employment, educational and identity records are valid.

We may check some details about our Service Providers against publicly available sources such as the Australian Business Register and other Australian Securities and Investment Commission databases.

We may collect personal information about you from other sources in the course of providing a product or service.

Information that we generate ourselves

If you work with us as an employee, contractor or volunteer, we will create personal information for the purpose of administering the employment or professional relationship. For example, payment records, performance reviews, and workplace safety and compliance records. We may also monitor your use of our devices and systems for security purposes.

If you are one of our partners, we maintain records of the interactions we have with you, including the products and services we have provided to you, notices and withdrawals of consent, and requests to access and update personal data. We may create collaborative documents in the course of our work, such as a shared spreadsheet, which may include identified comments. During the course of our in-person or digital sessions we may generate personal information in different formats,  including, for example video recordings, photography, graphics and live-stream transcripts. If our services involve participant evaluation, we may generate personal information, such as opinions or assessments, when writing reports.

We collect limited, non-identified information about users of our website for diagnostic and analytic purposes. We use cookies and gather IP addresses to do so, but we do not trace these back to individual users.

Links to other sites

On our website, we may provide links to third party websites. These linked sites are not under our control, and we cannot accept responsibility for the conduct of companies linked to our website. Before providing your personal information via any other website, we advise you to examine the terms and conditions of using that website and its privacy policy.

How we use personal information

We may use your personal information for the following purposes:

• to provide the service or product requested by our partners
• to answer your enquiry about our services, or to respond to a complaint
• to manage our employment or business relationship with you
• to promote our other programs, products or services which may be of interest to you (unless you have opted out from such communications)
• to comply with legal and regulatory obligations, or
• for other purposes with your consent, unless you withdraw your consent.

We will keep personal information about you, to use for the above purposes, for no longer than necessary to perform our services, unless we are required by law to keep it for a longer time.

When we disclose personal information

Our service providers

The personal information of our partners, staff, suppliers, Service Providers and other contacts may be held on our behalf outside Australia, including ‘in the cloud’, by our Service Providers. Our Service Providers are bound by contract to only use your personal information on our behalf, under our instructions, and to keep it secure.

Currently our key Service Providers include Microsoft Office 365, Slack, Dropbox, Mailchimp, and Xero.

Other disclosures and transfers

We may also disclose your personal information to third parties for the following purposes:

• if necessary to provide the product or service you have requested
• if otherwise permitted or required by law, or
• for other purposes, with your consent.

Where our partners or Service Providers are outside of Australia, we may need to send personal information to other countries in order to deliver out products and services. This currently includes the United States of America.

Security of your personal information

We will take reasonable security measures to protect personal information from loss, unauthorised access, use, modification or disclosure. We perform annual network security assessments, have implemented a mobile device security policy, have established and maintain access rights management procedures, and encrypt data across networks.

We take reasonable steps to ensure that we do not keep personal information longer than necessary to do our work and comply with the law, and that it is disposed of securely.

Your personal rights

You have the right to request access to the personal information that Nosworthy Group holds about you. Unless an exception applies, we must allow you to see the personal information we hold about you, within a reasonable time period, and without unreasonable expense.

You also have the right to request the correction of the personal information we hold about you. We will take reasonable steps to make appropriate corrections to your personal information so that it is accurate, complete and up-to-date. Unless an exception applies, we must update, correct, amend or delete the personal information we hold about you within a reasonable time period.

If you live in the EU or the UK, you also have the right to:

• ask that your personal data be erased if it is no longer needed or if the processing of it is unlawful
• object to or request to restrict the processing of your personal information; and
• ask for a machine-readable copy of your personal information.

Unless an exception applies, we must comply with these requests within a reasonable time period, and without unreasonable expense.  

To exercise any of your personal rights, please contact our Privacy Officer.

To contact our privacy officer

If you have an enquiry or a complaint about the way we handle your personal information, or to seek to exercise your privacy rights in relation to the personal information we hold about you, you may contact our Privacy Officer as follows:

Our privacy officer is:

‍Erin Love
Business Manager — Nosworthy Group
Telephone: +61 02 8091 6063
Email: hello@nosworthygroup.com

While we endeavour to resolve complaints quickly and informally, if you wish to proceed to a formal privacy complaint, we request that you make your complaint in writing to our Privacy Officer, as above. We will acknowledge your formal complaint within 10 working days. If your complaint is in connection to your employer, whom we perform services for, then we will refer to your employer’s channels to exercise your data subject rights.

If we do not resolve your privacy complaint to your satisfaction, you may lodge a complaint with a relevant privacy regulator.

In Australia, the privacy regulator is the Office of the Australian Information Commissioner (OAIC). You may contact the OAIC by calling them on 1300 363 992, online at www.oaic.gov.au, or writing to them at OAIC, GPO Box 5218, Sydney NSW 2000.

If you live EU or the UK, you may also lodge a complaint with the privacy regulator in your own country.

• You can find a list of EU privacy regulators on the website of the EU Data Protection Board: https://edpb.europa.eu/about-edpb/about-edpb/members_en
• The privacy regulator in the UK is the Information Commissioner’s Office (ICO). You may contact the ICO by calling them on 0303 123 1113, or online at https://ico.org.uk.

If you live in the USA, you may be able to lodge a complaint with your state government.