What is personal information?
"Personal information" is information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual or an individual who is reasonably identifiable or data about an individual who can be identified from that data, or from that data and other information to which we have or are likely to have access.
Personal information may include sensitive information. "Sensitive information" is personal information which is about your racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, health information, genetic information and biometric information or templates.
What personal information do we collect about you?
The personal information we collect and hold about you may include:
- identity information, such as first and last names, job title, organisation or employer names, gender and date of birth;
- contact information including mailing or street address, telephone numbers and email addresses;
- payment and transaction information including billing address details about payments to and from you and other details of products or services you have purchased from us, bank account and credit card details;
- profile information, including your username and password, your interests, preferences and any feedback you provide;
- information about your business organisation such as a company name, industry, company size, company contact information;
- information about your use of our services, including:
- formal learning tracking information (including your course completion status, final results/score, certificates); and
- questions/answers tracking (including your assessment results);
- customer service information, including your customer service enquiries and comments;
- records of our interactions and correspondence with you whether by submitting of a web form, telephone, email, text message, social media or otherwise;
- If you apply for a job with us, we will collect your application material, reference checks and other information we need to assess your application.
How we collect your personal information
We collect your personal information in various ways including:
(a) directly from you when you:
i. become our customer;
ii. visit, access or use our websites or services;
iii. create an account on our websites or platforms or via other means;
iv. subscribe to our service or publications;
v. enter a competition, promotion or survey;
vi. request marketing to be sent to you or respond to it;
vii. give us feedback;
viii. submit payments to us; or
ix. correspond with us by telephone, email or post,
(b) from publicly available sources (such as from your organisation’s website, from media and publications and from other publicly available sources);
(c) automatically when you interact with our website, communications or online advertisements using cookies and tracking technology (please see the “Cookies” section below for more details); and
(d) information we may obtain from our affiliated websites or related companies;
(e) indirectly from third parties including:
i. utilising customer databases to cross match information for the purpose of identifying mutual opportunities
Purpose for collecting, holding and using your personal information
We collect and use your personal information to:
- provide our products and services to you;
- create a user account for you;
- contact you and make suggestions and recommendations about our and third-party products, services, events and offers that may be of interest to you;
- communicate directly with you, such as sending you email marketing messages or direct mail and recording your communication preferences. We may also send you service-related emails or messages (e.g., account verification, change or updates to features of our products and services, technical and security notices);
- process, manage and deliver our services;
- research, monitor and evaluate our services so we can continue to improve the quality and outcomes of our services as well as develop new services;
- manage our relationship with you, including dealing with any complaints;
- comply with our statutory and regulatory reporting obligations;
- complete internal and/or external audits within our group;
- comply with our legal obligations and other compliance requirements;
- administer and protect our organisation and websites (including troubleshooting, data analysis, testing, system maintenance, support, reporting, hosting of data, and network, security and fraud protection activities);
- reasonable third-party use for the issuance of supplier related content, completion/credentialing;
- improve our website, products or services, marketing, client relationships and experiences including through analysis and business intelligence techniques; and
- any other purpose notified to you at the time your personal information is collected or that you have consented to.
What happens if you don’t provide us with your personal information?
If you choose not to provide the personal information as requested, we may not be able to supply you with our products or services.
Legal basis for using your personal information
If you are an individual or entity who is either based in a region governed by the General Data Protection Regulation (GDPR) (European Union or the United Kingdom), we will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. We will make sure that we only use your personal information for the purposes set out above and where we are satisfied:
- we need to use your personal information to perform a contract or take steps to enter into a contract with you;
- we need to use your personal information to comply with a relevant legal or regulatory obligation that we have; or
- we have your consent to using your personal information for a particular activity.
Disclosure of personal information
We may share your personal information with the persons set out below:
- our related companies which means our subsidiaries, our ultimate holding company and its subsidiaries, including in addition to Allara Global Pty Limited (ABN 66 652 022 010), Tactical Training Group Pty Limited (ABN 57 094 224 076) and WG Learning Pty Limited (50 112 062 647), all of whom are wholly owned subsidiaries of Allara Investments Pty Limited (ABN 76 110 564 264) (trading as Allara Learning);
- third parties who help improve and manage our business and provide our services, including our third-party service providers, such as payment system operators, IT suppliers including customer and sales platform solutions, online learning management systems, identity and fraud protection services, marketing (including direct marketing) and market research services, identifying and serving targeted advertisements services, mailing services, analytic services, or web hosting services
- professional advisers, including lawyers, accountants, audit assessors, other advisers and financial institutions who provide consultancy, banking, legal or accounting services;
- our insurers;
- any other entities notified to you at the time of collection;
- buyers of our assets or shares when we are a seller; and
- courts, law enforcement, regulators and other government agencies so we may respond to their reasonable requests for information or comply with all applicable laws, regulations, rules and our legal obligations.
We are not liable for any loss, claim or damage that arises from another person’s use of personal information where we were authorised to provide that information.
Transfer of personal information overseas
We may disclose your personal information to third-party service providers and/or our related companies based around the world who may use, hold or access your information from a place outside your place of residence including in:
- the European Union
- New Zealand
- United States of America
- United Arab Emirates
When we take reasonable steps, we will ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights and transfers are limited to either countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights. To this end:
- where we transfer your personal information either outside our group or to third parties who help provide our services, we ensure these third parties have robust Privacy Policies and data protection processes in place to protect your information; or
- where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal information is disclosed.
You have a right to contact us for more information about the safeguards we have put in place to ensure the adequate protection of your personal information when this is transferred as mentioned above.
Your obligations when you provide personal information of others
You must not provide us with personal information (including any sensitive information) of any other individual (including any of your employees or customers) unless you have the express or implied consent of that individual to do so. If you do provide us with such information about another individual, before doing so you:
- must tell that individual that you will be providing their information to us; and
- warrant that you have that individual’s consent to provide their information to us.
Your obligations when we provide you with personal information
If we give you, or provide you access to, the personal information of any individual, you must only use it:
- for the purposes we have agreed to; and
You must also ensure that your agents, advisers, employees and contractors meet the above requirements.
Accuracy, access and correction of your personal information
We take reasonable steps to ensure that your personal information is accurate, complete and up-to-date whenever we collect, use or disclose it. However, we also rely on you to advise us of any changes to your personal information. All personal information identified as being incorrect is updated in our database and, where applicable and appropriate, on our third-party databases, such as payment system operators, IT suppliers including customer and sales platform solutions and online learning management systems.
Please contact us using our contact details at the end of this policy as soon as possible if there are any changes to your personal information or if you believe the personal information we hold about you is not accurate, complete or up-to-date. These requests will be actioned within 28 days of receiving the request in writing. We are not liable for any information that is provided to us that is incorrect.
You may access the Personal Information we hold about you and update and/or correct it, subject to certain exceptions. If you wish to access your Personal Information, please contact us in writing using the contact details at the end of this policy. If you make an access request, we will provide you with access to the personal information we hold about you unless otherwise required or permitted by law. We will notify you of the basis for any denial of access to your personal information. Allara Global may charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive. We may also charge the reasonable cost of third parties who assist us in complying with the access request.
Additional rights under the GDPR
If you are an individual based in or a resident of the European Union or the United Kingdom, there are additional rights available to you. Please see below your detailed rights including rights of access, erasures, rectification and portability of your personal data. Individuals over 16-years-old can consent to the processing of personal data, but anyone younger needs the consent of their parent or guardian.
|Right||What this means|
You can ask us to:
|Rectification||You can ask us to rectify inaccurate personal information. We may seek to verify the accuracy of the data before rectifying it.|
You can ask us to erase your personal information, but only where:
We are not required to comply with your request to erase your personal information if the processing of your personal information is necessary:
for the establishment, exercise or defence of legal claims.
You can ask us to restrict (i.e., keep but not use) your personal information, but only where:
We can continue to use your personal information following a request for restriction, where:
to protect the rights of another natural or legal person.
You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format but only where:
the processing is carried out by automated means.
You can object to any processing of your personal information which has our ‘legitimate interests’ as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests.
Once you have objected, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Economic Area.
We may redact data transfer agreements or related documents (i.e., obscure certain information contained within these documents) for reasons of commercial sensitivity.
|Supervisory authority||You have a right to lodge a complaint with your local supervisory authority about our processing of your personal information. For example, in the UK, the supervisory authority for data protection is the ICO (https://ico.org.uk/). We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.|
If you wish to access any of the above-mentioned rights, we may ask you for additional information to confirm your identity and for security purposes, in particular before disclosing personal information to you.
Security of personal information
We take steps to protect personal information that we hold from misuse, interference and loss, and from unauthorised access, alteration and disclosure. For example, we maintain physical security over our paper and electronic data stores and premises, such as locks and security systems. We also maintain computer and network security.
We use SSL encryption and even though we use reputable third-party providers whose platforms regularly undergo independent verification of security, privacy, and compliance controls, achieving certifications against global standards, we are not responsible for the privacy or security of third parties and these may be subject to separate security and privacy policies.
Given the nature of online transactions, and despite our best efforts to ensure your personal information is secure, the security of online transactions cannot be guaranteed and as such, each individual who provides information to us via electronic means, does so at their own risk and we are unable to accept responsibility for the loss or misuse of personal information where this is outside of our control.
Links to third-party sites
Our website may contain links to other third-party websites. Clicking on those links may allow third parties to collect or share data about you in accordance with their own privacy policies. We do not endorse or otherwise accept responsibility for the content on those websites or privacy practices of those third parties or any products or services offered by them. We recommend that you check the privacy policies of these third-parties to find out how these third parties may collect and deal with your personal information.
Like many website operators, we may use standard technology called cookies on our website. Cookies are small data files that are downloaded onto your device when you visit a particular website. Cookies help provide additional functionality to the site or to help us analyse site usage more accurately. For instance, our server may set a cookie that keeps you from having to enter a password more than once during a visit to one of our sites. You can disable cookies by turning them off in your browser; however, our website may not function properly if you do so.
You can adjust the settings in your web browser to determine whether sites can set cookies on your device. If you’ve visited this site before, there may be previously set cookies on your device. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.
Direct marketing and how to opt out
Retention of personal information
We retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements which is usually at least seven years.
We may be required to delete personal information in the following circumstances:
(a) where the information is no longer necessary for the purpose it was collected and we are no longer required to hold the information by law;
(b) where consent has been withdrawn from the individual;
(c) where the information is in relation to a child;
(d) where the information collected breached the Privacy Act or GDPR; and/or
(e) where we are legally required to remove or delete the information.
We may refuse to remove personal information we hold in relation to an individual where the information was collected:
(a) to exercise right of freedom of expression and to information;
(b) to comply with legal obligations in relation to public interest or exercise of official authority
(c) archiving purposes or public health purposes in public interest, statistical purposes or scientific research; or
(d) for the defence of legal claims.
Where we become aware or suspect that there has been unauthorised access to, or unauthorised disclosure of, Personal Information or Personal Information has been lost in circumstances where unauthorised access to, or unauthorised disclosure of, the Personal Information may occur (a “Data Breach”) then we will:
(a) immediately establish the severity of the Data Breach and the associated risks;
(b) immediately disclose to the other party all information relevant to that actual or suspected Data Breach;
(b) co-operate with the other party in investigating whether a Data Breach has occurred and the circumstances surrounding that Data Breach; and
(d) disclose to required third parties (including any government agency or privacy regulator) the existence or circumstances surrounding any Data Breaches where it is required to do so by Applicable Law.
(e) disclose the facts relating to the Data Breach, actions being taken in relation to the Data Breach and undertake to put preventative measures in place to avoid a similar Data Breach in the future.
We will contact you if we require any additional information from you and will notify you in writing of the outcome of the investigation. We will try to resolve any complaint within 30 days. If this is not possible, you will be contacted within that time to let you know how long it should take us to resolve your complaint.
If you are not satisfied with our response, you can contact us to discuss your concerns and you can complain to the relevant local data protection supervisory authority for your place of habitual residence, place of work or place of alleged infringement. This is the Australian Privacy Commissioner in Australia (at www.oaic.gov.au).
How to contact us
Suite 19.02, Level 19
227 Elizabeth Street
Sydney, NSW, 2000 Australia
Local data protection supervisory authorities
You may be able to find out further information about privacy laws in your jurisdiction from your local data protection supervisory authority, including:
- in Australia, the Office of the Australian Information Commissioner at www.oaic.gov.au/ or
- in New Zealand, the New Zealand Privacy Commissioner at www.privacy.org.nz or
- in Singapore, the Personal Data Protection Commission at www.pdpc.gov.sg or
- in the UK / Europe, the Information Commissioner's Office at www.ico.co.uk
Updated: 25 October 2022