Privacy Policy

Allara Global Pty Limited (Australian Company Number 652 022 010) (“we”, “us”, “our") is committed to providing quality services to you and to ensuring the protection of the privacy of our Clients. This Privacy Policy sets out how we collect, store, use and disclose your personal information (including sensitive information). This Privacy Policy is effective 25th October 2022.

Purpose and reach of our Privacy Policy

The Privacy Policy has been created and implemented to ensure we have the measures in place to protect our Client’s information that has been collected for the purpose of providing our service offerings. This Privacy Policy applies to all of our Content and product offerings, across our LMS and our mobile app.

This Privacy Policy follows the standards set in the Australian Privacy Act 1988 (Cth) and the principles set by the European Union’s General Data Protection Regulation (GDPR).

What is personal information?

"Personal information" is information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual or an individual who is reasonably identifiable or data about an individual who can be identified from that data, or from that data and other information to which we have or are likely to have access.

Sensitive information

Personal information may include sensitive information. "Sensitive information" is personal information which is about your racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, health information, genetic information and biometric information or templates. 

What personal information do we collect about you?

The personal information we collect and hold about you may include: 

  • identity information, such as first and last names, job title, organisation or employer names, gender and date of birth;
  • contact information including mailing or street address, telephone numbers and email addresses;
  • payment and transaction information including billing address details about payments to and from you and other details of products or services you have purchased from us, bank account and credit card details;
  • profile information, including your username and password, your interests, preferences and any feedback you provide;
  • information about your business organisation such as a company name, industry, company size, company contact information;
  • information about your use of our services, including:
    • formal learning tracking information (including your course completion status, final results/score, certificates); and
    • questions/answers tracking (including your assessment results);
  • customer service information, including your customer service enquiries and comments;
  • records of our interactions and correspondence with you whether by submitting of a web form, telephone, email, text message, social media or otherwise;
  • information about your use and interaction with our website, portals and online services advertisements or communications including, the links you click on, the files and attachments you view or download, traffic data and location data. Please refer to our Cookies sections for more information about how we use cookies and other technologies to collect data about you; and
  • If you apply for a job with us, we will collect your application material, reference checks and other information we need to assess your application.

How we collect your personal information

We collect your personal information in various ways including:

(a) directly from you when you:

i. become our customer;
ii. visit, access or use our websites or services;
iii. create an account on our websites or platforms or via other means;
iv. subscribe to our service or publications;
v. enter a competition, promotion or survey;
vi. request marketing to be sent to you or respond to it;
vii. give us feedback;
viii. submit payments to us; or
ix. correspond with us by telephone, email or post,

(b) from publicly available sources (such as from your organisation’s website, from media and publications and from other publicly available sources);

(c) automatically when you interact with our website, communications or online advertisements using cookies and tracking technology (please see the “Cookies” section below for more details); and

(d) information we may obtain from our affiliated websites or related companies;

(e) indirectly from third parties including:

i. utilising customer databases to cross match information for the purpose of identifying mutual opportunities

Purpose for collecting, holding and using your personal information

We collect and use your personal information to:

  • provide our products and services to you;
  • create a user account for you;
  • contact you and make suggestions and recommendations about our and third-party products, services, events and offers that may be of interest to you;
  • communicate directly with you, such as sending you email marketing messages or direct mail and recording your communication preferences. We may also send you service-related emails or messages (e.g., account verification, change or updates to features of our products and services, technical and security notices);
  • process, manage and deliver our services;
  • research, monitor and evaluate our services so we can continue to improve the quality and outcomes of our services as well as develop new services;
  • manage our relationship with you, including dealing with any complaints;
  • comply with our statutory and regulatory reporting obligations;
  • complete internal and/or external audits within our group;
  • comply with our legal obligations and other compliance requirements;
  • administer and protect our organisation and websites (including troubleshooting, data analysis, testing, system maintenance, support, reporting, hosting of data, and network, security and fraud protection activities);
  • reasonable third-party use for the issuance of supplier related content, completion/credentialing;
  • improve our website, products or services, marketing, client relationships and experiences including through analysis and business intelligence techniques; and
  • any other purpose notified to you at the time your personal information is collected or that you have consented to.

What happens if you don’t provide us with your personal information?

If you choose not to provide the personal information as requested, we may not be able to supply you with our products or services. 

Legal basis for using your personal information 

If you are an individual or entity who is either based in a region governed by the General Data Protection Regulation (GDPR) (European Union or the United Kingdom), we will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. We will make sure that we only use your personal information for the purposes set out above and where we are satisfied:

  • we need to use your personal information to perform a contract or take steps to enter into a contract with you;
  • we need to use your personal information for our legitimate interest as a commercial organisation. For example, we may collect your personal details so that we can respond to enquiries submitted via our website. In all such cases, we will look after your information at all times in a way that is proportionate and respects your privacy rights and you have a right to object to processing as explained in the “Accuracy, access and correction of your personal information” section of this Privacy Policy below;
  • we need to use your personal information to comply with a relevant legal or regulatory obligation that we have; or
  • we have your consent to using your personal information for a particular activity.

Disclosure of personal information

We may share your personal information with the persons set out below: 

  • our related companies which means our subsidiaries, our ultimate holding company and its subsidiaries, including in addition to Allara Global Pty Limited (ABN 66 652 022 010), Tactical Training Group Pty Limited (ABN 57 094 224 076) and WG Learning Pty Limited (50 112 062 647), all of whom are wholly owned subsidiaries of Allara Investments Pty Limited (ABN 76 110 564 264) (trading as Allara Learning);
  • third parties who help improve and manage our business and provide our services, including our third-party service providers, such as payment system operators, IT suppliers including customer and sales platform solutions, online learning management systems, identity and fraud protection services, marketing (including direct marketing) and market research services, identifying and serving targeted advertisements services, mailing services, analytic services, or web hosting services
  • professional advisers, including lawyers, accountants, audit assessors, other advisers and financial institutions who provide consultancy, banking, legal or accounting services;
  • our insurers;
  • any other entities notified to you at the time of collection;
  • buyers of our assets or shares when we are a seller; and
  • courts, law enforcement, regulators and other government agencies so we may respond to their reasonable requests for information or comply with all applicable laws, regulations, rules and our legal obligations.

We are not liable for any loss, claim or damage that arises from another person’s use of personal information where we were authorised to provide that information.

Transfer of personal information overseas

We may disclose your personal information to third-party service providers and/or our related companies based around the world who may use, hold or access your information from a place outside your place of residence including in: 

  • the European Union
  • New Zealand
  • Malaysia
  • Philippines
  • Vietnam
  • United States of America
  • Singapore
  • Thailand
  • United Arab Emirates

Transfer of your personal information will only be made for one or more of the purposes specified in this Privacy Policy.

When we take reasonable steps, we will ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights and transfers are limited to either countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights. To this end:

  • we ensure transfers within Allara Global and associated company Allara Learning, are covered in this same Privacy Policy to ensure personal information receives an adequate and consistent level of protection wherever it is transferred within our group of companies.
  • where we transfer your personal information either outside our group or to third parties who help provide our services, we ensure these third parties have robust Privacy Policies and data protection processes in place to protect your information; or
  • where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal information is disclosed.

You have a right to contact us for more information about the safeguards we have put in place to ensure the adequate protection of your personal information when this is transferred as mentioned above.

Your obligations when you provide personal information of others

You must not provide us with personal information (including any sensitive information) of any other individual (including any of your employees or customers) unless you have the express or implied consent of that individual to do so. If you do provide us with such information about another individual, before doing so you:

  • must tell that individual that you will be providing their information to us; and
  • warrant that you have that individual’s consent to provide their information to us.

Your obligations when we provide you with personal information 

If we give you, or provide you access to, the personal information of any individual, you must only use it:

  • for the purposes we have agreed to; and
  • in compliance with applicable Privacy Laws and this Privacy Policy.

You must also ensure that your agents, advisers, employees and contractors meet the above requirements.

Accuracy, access and correction of your personal information

We take reasonable steps to ensure that your personal information is accurate, complete and up-to-date whenever we collect, use or disclose it. However, we also rely on you to advise us of any changes to your personal information. All personal information identified as being incorrect is updated in our database and, where applicable and appropriate, on our third-party databases, such as payment system operators, IT suppliers including customer and sales platform solutions and online learning management systems.

Please contact us using our contact details at the end of this policy as soon as possible if there are any changes to your personal information or if you believe the personal information we hold about you is not accurate, complete or up-to-date. These requests will be actioned within 28 days of receiving the request in writing. We are not liable for any information that is provided to us that is incorrect.

You may access the Personal Information we hold about you and update and/or correct it, subject to certain exceptions. If you wish to access your Personal Information, please contact us in writing using the contact details at the end of this policy. If you make an access request, we will provide you with access to the personal information we hold about you unless otherwise required or permitted by law. We will notify you of the basis for any denial of access to your personal information. Allara Global may charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive. We may also charge the reasonable cost of third parties who assist us in complying with the access request.

Additional rights under the GDPR

If you are an individual based in or a resident of the European Union or the United Kingdom, there are additional rights available to you. Please see below your detailed rights including rights of access, erasures, rectification and portability of your personal data. Individuals over 16-years-old can consent to the processing of personal data, but anyone younger needs the consent of their parent or guardian. 

RightWhat this means
Access

You can ask us to:

  • confirm whether we are processing your personal information;
  • give you a copy of that data; and

provide you with other information about your personal information such as what data we have, what we use it for, who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it for, what rights you have, how you can make a complaint, and where we got your data from, to the extent that information has not already been provided to you in this Privacy Policy.

RectificationYou can ask us to rectify inaccurate personal information. We may seek to verify the accuracy of the data before rectifying it.
Erasure

You can ask us to erase your personal information, but only where:

  • it is no longer needed for the purposes for which it was collected; or
  • you have withdrawn your consent (where the data processing was based on consent); or
  • following a successful right to object (see ‘Objection’ below); or
  • it has been processed unlawfully; or
  • to comply with a legal obligation to which we are subject.

We are not required to comply with your request to erase your personal information if the processing of your personal information is necessary:

  • for compliance with a legal obligation; or

for the establishment, exercise or defence of legal claims.

Restriction

You can ask us to restrict (i.e., keep but not use) your personal information, but only where:

  • its accuracy is contested (see ‘Rectification’ above), to allow us to verify its accuracy; or
  • the processing is unlawful, but you do not want it erased; or
  • it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
  • you have exercised the right to object, and verification of overriding grounds is pending.

We can continue to use your personal information following a request for restriction, where:

  • we have your consent;
  • to establish, exercise or defend legal claims; or

to protect the rights of another natural or legal person.

Portability

You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format but only where:

  • the processing is based on your consent or on the performance of a contract with you; and

the processing is carried out by automated means.

Objection

You can object to any processing of your personal information which has our ‘legitimate interests’ as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests.

Once you have objected, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.

International transfers

You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Economic Area.

We may redact data transfer agreements or related documents (i.e., obscure certain information contained within these documents) for reasons of commercial sensitivity.

Supervisory authorityYou have a right to lodge a complaint with your local supervisory authority about our processing of your personal information. For example, in the UK, the supervisory authority for data protection is the ICO (https://ico.org.uk/). We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.

If you wish to access any of the above-mentioned rights, we may ask you for additional information to confirm your identity and for security purposes, in particular before disclosing personal information to you.

Security of personal information

We have appointed a Data Protection Officer to oversee this Privacy Policy and its compliance with the Australian Privacy Act and the GDPR. This officer may be assisted by internal and external professionals and advisors. 

We take steps to protect personal information that we hold from misuse, interference and loss, and from unauthorised access, alteration and disclosure. For example, we maintain physical security over our paper and electronic data stores and premises, such as locks and security systems. We also maintain computer and network security. 

We use SSL encryption and even though we use reputable third-party providers whose platforms regularly undergo independent verification of security, privacy, and compliance controls, achieving certifications against global standards, we are not responsible for the privacy or security of third parties and these may be subject to separate security and privacy policies. 

Given the nature of online transactions, and despite our best efforts to ensure your personal information is secure, the security of online transactions cannot be guaranteed and as such, each individual who provides information to us via electronic means, does so at their own risk and we are unable to accept responsibility for the loss or misuse of personal information where this is outside of our control.

Links to third-party sites

Our website may contain links to other third-party websites. Clicking on those links may allow third parties to collect or share data about you in accordance with their own privacy policies. We do not endorse or otherwise accept responsibility for the content on those websites or privacy practices of those third parties or any products or services offered by them. We recommend that you check the privacy policies of these third-parties to find out how these third parties may collect and deal with your personal information.

Cookies

Like many website operators, we may use standard technology called cookies on our website. Cookies are small data files that are downloaded onto your device when you visit a particular website. Cookies help provide additional functionality to the site or to help us analyse site usage more accurately. For instance, our server may set a cookie that keeps you from having to enter a password more than once during a visit to one of our sites. You can disable cookies by turning them off in your browser; however, our website may not function properly if you do so.

You can adjust the settings in your web browser to determine whether sites can set cookies on your device. If you’ve visited this site before, there may be previously set cookies on your device. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.

Direct marketing and how to opt out

We may use your personal information to send you direct marketing communications about our products, services and special offers, those of our related entities and other third parties. If you no longer wish to receive such information, you can opt out by following the opt-out links in electronic communications, de-activating the push notification or alert to your mobile phone or contacting us using our contact details at the end of this policy. If an individual believes they are receiving information from us when they have not elected to opt-in to our marketing communications, they should contact us immediately using the details provided at the end of this Privacy Policy.

Retention of personal information

We retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements which is usually at least seven years. 

We may be required to delete personal information in the following circumstances:

(a) where the information is no longer necessary for the purpose it was collected and we are no longer required to hold the information by law;

(b) where consent has been withdrawn from the individual;

(c) where the information is in relation to a child;

(d) where the information collected breached the Privacy Act or GDPR; and/or

(e) where we are legally required to remove or delete the information.

We may refuse to remove personal information we hold in relation to an individual where the information was collected:

(a) to exercise right of freedom of expression and to information;

(b) to comply with legal obligations in relation to public interest or exercise of official authority

(c) archiving purposes or public health purposes in public interest, statistical purposes or scientific research; or

(d) for the defence of legal claims.

Policy updates

We may amend our Privacy Policy from time to time. Any amended Privacy Policy will be posted on our website or, where appropriate, we will communicate the changes to you by email or other means. You are unable to opt out of these communications. 

Data breach

Where we become aware or suspect that there has been unauthorised access to, or unauthorised disclosure of, Personal Information or Personal Information has been lost in circumstances where unauthorised access to, or unauthorised disclosure of, the Personal Information may occur (a “Data Breach”) then we will:

(a) immediately establish the severity of the Data Breach and the associated risks;

(b) immediately disclose to the other party all information relevant to that actual or suspected Data Breach;

(b) co-operate with the other party in investigating whether a Data Breach has occurred and the circumstances surrounding that Data Breach; and

(d) disclose to required third parties (including any government agency or privacy regulator) the existence or circumstances surrounding any Data Breaches where it is required to do so by Applicable Law.

(e) disclose the facts relating to the Data Breach, actions being taken in relation to the Data Breach and undertake to put preventative measures in place to avoid a similar Data Breach in the future. 

Additional work

We may take additional actions to ensure the privacy of personal information is secure and to ensure we comply with the Australian Privacy Act and the GDPR. Nothing in this Privacy Policy should be taken to be non-compliant with or deem us to not have complied with the Australian Privacy Act and privacy laws and the GDPR.

Privacy Policy complaints and enquiries

If you wish to make a complaint about a breach of this Privacy Policy or any breach of applicable privacy laws, you can contact us using the contact details at the end of this policy. You will need to provide us with sufficient details regarding your complaint.

We will contact you if we require any additional information from you and will notify you in writing of the outcome of the investigation. We will try to resolve any complaint within 30 days. If this is not possible, you will be contacted within that time to let you know how long it should take us to resolve your complaint.

If you are not satisfied with our response, you can contact us to discuss your concerns and you can complain to the relevant local data protection supervisory authority for your place of habitual residence, place of work or place of alleged infringement. This is the Australian Privacy Commissioner in Australia (at www.oaic.gov.au).

How to contact us

If you wish to gain access to your personal information, want us to correct or update it, have a complaint about a breach of your privacy or any other query relating to our Privacy Policy, please contact our Privacy Officer in writing using the details provided below and these requests will be actioned within 28 days:

Allara Global

Suite 19.02, Level 19
227 Elizabeth Street
Sydney, NSW, 2000 Australia

helpdesk@allaraglobal.com 

Local data protection supervisory authorities 

You may be able to find out further information about privacy laws in your jurisdiction from your local data protection supervisory authority, including:

  • in Australia, the Office of the Australian Information Commissioner at www.oaic.gov.au/ or
  • in New Zealand, the New Zealand Privacy Commissioner at www.privacy.org.nz or
  • in Singapore, the Personal Data Protection Commission at www.pdpc.gov.sg or
  • in the UK / Europe, the Information Commissioner's Office at www.ico.co.uk

 

Updated: 25 October 2022

We acknowledge all Aboriginal and Torres Strait Islander peoples as the First Australians and Traditional Custodians of the lands where we live, learn and work