Ground Up Consulting (Ground Up) is a specialist privacy consultancy based in Queensland, Australia. We provide services to organisations to support their privacy programs. In doing so, we are committed to ensuring the fair and appropriate handling of personal information.
This Privacy Policy explains how we handle your personal information, whether you are an existing client or you are simply reviewing what we have to offer.
As a small business, Ground Up applies on a policy basis the privacy principles set out in Australia’s Privacy Act 1988. The privacy principles guide how we collect and manage your personal information, including (but not limited to):
- being transparent about our personal information handling practices
- limiting collection of personal information to that which is necessary for our functions
- understanding our business purposes, and restricting our use and disclosure of personal information in that regard
- taking reasonable steps to keep the personal information we have secure.
Personal information:
Personal information is information that identifies you (or could reasonably lead to you being identified). Ground Up holds limited personal information.
The types of personal information we hold depends on our relationship with you. Generally, it is about our:
- website visitors
- prospective clients
- clients
- events attendees
Collecting personal information:
We collect personal information when you:
- send us an email or get in touch with us in some other way
- fill out a form or other paperwork at our request (electronically or on paper)
- interact with us when we provide a service
- attend an event we are hosting
We do not require a lot of personal information to provide our services, and we take care to ask only for what is necessary. As a professional services firm, Ground Up generally interacts with organisations on a business level, as opposed to a personal level. For example, when interacting with our clients about work they have engaged us to do, the personal information we gather is generally limited to information about a contact person. However, where specific services are provided, such as delivery of training or the completion of a privacy maturity assessment, we will interact with individuals (i.e., staff members) associated with the client relationship, and may collect personal information to provide these services.
From time to time we host professional events, whether electronically or in person (such as webinars, professional networking, topic-specific seminars or privacy awareness sessions), which are not part of our suite of client services.
Additional details about our collection of personal information (what we collect and why) is set out below:
| WEBSITE VISTORS | PROSPECTIVE CLIENTS | CLIENTS | EVENT ATTENDEES (outside of our suite of client services) | |
| Contact details | if you have asked us via the Contact Us page to be in touch with you | to be in touch with you at your request, if you have used the Contact Us page or made a request in some other way (e.g., via social media, via direct email, by giving us your business card) | to be in regular contact with you in relation to services we are providing to you
to follow up with you in relation to the services provided to you |
to be in touch with you if you have registered to attend an event we are hosting |
| Authorisation details (e.g., your formal title and signature)
|
x | x | if you are formally providing authorisation for our engagement as (or on behalf of) a client
|
if you are formally providing your organisation’s authorisation for one or more people to attend an event we are hosting
|
| Position/ role details (e.g., of individual staff members)
|
x | x | to understand organisational structure and individual roles
to accurately record meeting participation to accurately plan stakeholder engagement otherwise, where required as part of delivering a service |
to tailor event content
manage event participation |
| Payment details
**Ground Up does not retain credit card information
|
x | x | (e.g., in rare cases where payment is made via a personal card/ account of a client contact person)
to process payment for a service supplied |
(e.g., where payment is made via a personal card or account of an event participant)
to process payment for event participation |
| Recordings of your image, voice and/ or opinion | x | x | to document a meeting or other information gathering associated with delivering a service | where an online event is recorded in full or in part
where an in-person is recorded in full or in part where photographs are taken at an in-person event ** participants at our events can opt-out of being recorded. |
| Dietary preferences | x | x | x | if you have communicated a dietary preference to us in relation to a catered event |
Accuracy:
Before we use your personal information (e.g. to send you an invoice), we may double check with you to make sure it is accurate, complete and up to date.
What we do with personal information, and who we give it to:
We use and disclose your personal information only for the purpose for which we collected it (e.g. getting in touch with you, or requesting payment for professional services we have supplied to you).
Ground Up will not sell or share your personal information with advertisers, sponsors, content providers or anyone else – unless:
- You are our client, and our ability to do so is set out and agreed as part of our Engagement Terms with you
- We have your express permission otherwise, or
- There is a lawful ability or requirement for us to do so.
Keeping your personal information safe:
At Ground Up, we securely manage and dispose of personal information whether it is held in hard copy or electronic format and whether it is stored on-site or in ‘the cloud’.
Protection of personal information from unauthorised access and disclosure is a priority for Ground Up. Any concerns about the security of personal information held by Ground Up should be reported to us without delay, by email: privacy@groundupprivacy.com.au
Our service providers:
Ground Up engages third party service providers in a limited capacity to help us manage aspects of our business, as follows:
- Microsoft 365: to manage data pertaining to our business and services
- Xero: to manage data pertaining to our business accounts and to send you invoices
- Enklo Websites: to manage our website
- Humanitix: for ticketing and registration to our events
- Online Training and Meetings: multimedia facilities, including Microsoft Teams and Zoom, for online meetings, webinars and training. Prior to your online interactions with us, we will provide details of the online facility that we intend to use (alternatively, we will use a facility preferred by you).
Where personal information is collected by us using these services, it may, in turn, be managed in a local or off-shore digital environment (‘the cloud’) by our service providers. It is a condition of our agreements with these providers that we remain in control of what happens to the personal information they manage on our behalf and that it is kept secure.
Accessing and changing personal information we have about you:
If we hold personal information about you, we are happy to tell you what it is. We will not, however, tell someone else what personal information we hold about you (unless you permit us or there is a lawful ability or requirement for us to do so).
If you think the personal information we hold about you is incorrect, out of date or misleading, please let us know. We are happy to correct it.
Please email us if you are seeking access to or correction of your own personal information: privacy@groundupprivacy.com.au
Anonymity:
The nature of our business means that we are unable to provide our professional services to you anonymously.
Cookies:
Our website uses cookies. A cookie is a small piece of data that our website (groundupprivacy.com.au) asks your browser to store on your PC, laptop, smartphone or other device. Cookies act like signposts, markers or tiny pieces of memory that enable us to give you the best experience possible when visiting our website.
Are cookies a risk to my privacy?
No. The cookies deployed by the Ground Up website are a combination of plain and encrypted text stored on your device and, when you access groundupprivacy.com.au, they allow the website to recognise you and provide you with specific content or services. They cannot replicate (i.e., make copies of themselves), execute pre-programmed functions, browse your device directories or otherwise fish for or seek out your personal information. The files are unable to scan, copy, read or retrieve your personal information.
Ground Up does not use cookies to track your movement from our website to other websites.
Do I have to allow the use of cookies?
No. However, the use of cookies by Ground Up supports your use of our website, and disabling our ability to deploy them may prevent you from using our site with ease. If you wish to disable, delete, prevent or clear cookies, you can follow the instructions available on your web browser.
Analytics:
Ground Up has decided not to gather information about visitors to our website, and as such has chosen to disable Google Analytics.
Do not track:
We support the right of individuals and organisations to browse our website without being tracked and without receiving advertising based on browsing history in the future. To this end, we have enabled Do Not Track functions. You can learn more about these functions here.
Updates to the Privacy Policy:
We may update this document from time to time to ensure that our personal information handling practices are correctly reflected. This may occur without notice; however, we will always post a ‘last revised’ date for your information.
Any questions or concerns?
If you have a question about our Privacy Policy or a concern about our personal information handling practices, please be in touch! Please email: privacy@groundupprivacy.com.au
Last revised: 1.08.2024