Privacy Policy
Allara Global Pty Limited (Australian Company Number 652 022 010) (“we”, “us”, “our") is committed to providing quality services to you and to ensuring the protection of the privacy of our Clients. This Privacy Policy sets out how we collect, store, use and disclose your personal information (including sensitive information). This Privacy Policy is effective 23rd April 2024.
Purpose and reach of our Privacy Policy
The Privacy Policy has been created and implemented to ensure we have the measures in place to protect our Client’s information that has been collected for the purpose of providing our service offerings. This Privacy Policy applies to all of our Content and product offerings, across our LMS and our mobile app (the “Content”).
This Privacy Policy follows the standards set in the Australian Privacy Act 1988 (Cth) and the principles set by the European Union’s General Data Protection Regulation (GDPR) and the United Kingdom’s Data Protection Act 2018.
What is personal information?
"Personal information" is information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual or an individual who is reasonably identifiable or data about an individual who can be identified from that data, or from that data and other information to which we have or are likely to have access.
Sensitive information
Personal information may include sensitive information. "Sensitive information" is personal information which is about your racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, health information, genetic information and biometric information or templates.
What personal information do we collect about you?
The personal information we collect and hold about you may include:
- identity information, such as first and last names, job title, organisation or employer names, gender and date of birth;
- identification documents such as driver’s licences, passports, Medicare card, birth certificates and photo cards;
- contact information including mailing or street address, telephone numbers and email addresses;
- information relating to prior education;
- information relating to disabilities;
- cultural information;
- payment and transaction information including billing address details about payments to and from you and other details of products or services you have purchased from us, bank account and credit card details;
- profile information, including your username and password, your interests, preferences and any feedback you provide;
- information about your business organisation such as a company name, industry, company size, company contact information;
- information about your use of our services, including:
- formal learning tracking information (including your course completion status, final results/score, certificates); and
- questions/answers tracking (including your assessment results);
- customer service information, including your customer service enquiries and comments;
- records of our interactions and correspondence with you whether by submitting of a web form, telephone, email, text message, social media or otherwise;
- information about your use and interaction with our website, portals and online services advertisements or communications including, the links you click on, the files and attachments you view or download, traffic data and location data. Please refer to our Cookies sections for more information about how we use cookies and other technologies to collect data about you; and
- If you apply for a job with us, we will collect your application material, reference checks and other information we need to assess your application.
How we collect your personal information
We collect your personal information in various ways including:
- directly from you when you:
- become our customer;
- visit, access or use our websites or services;
- create an account on our websites or platforms or via other means;
- subscribe to our service or publications;
- enter a competition, promotion or survey;
- request marketing to be sent to you or respond to it;
- give us feedback;
- submit payments to us; or
- correspond with us by telephone, email or post,
- from publicly available sources (such as from your organisation’s website, from media and publications and from other publicly available sources);
- automatically when you interact with our website, communications or online advertisements using cookies and tracking technology (please see the “Cookies” section below for more details); and
- information we may obtain from our affiliated websites or related companies;
- indirectly from third parties including:
- utilising customer databases to cross match information for the purpose of identifying mutual opportunities
Purpose for collecting, holding and using your personal information
We collect and use your personal information to:
- provide our products and services to you;
- create a user account for you;
- contact you and make suggestions and recommendations about our and third-party products, services, events and offers that may be of interest to you;
- communicate directly with you, such as sending you email marketing messages or direct mail and recording your communication preferences. We may also send you service-related emails or messages (e.g., account verification, change or updates to features of our products and services, technical and security notices);
- process, manage and deliver our services;
- research, monitor and evaluate our services so we can continue to improve the quality and outcomes of our services as well as develop new services;
- manage our relationship with you, including dealing with any complaints;
- comply with our statutory and regulatory reporting obligations;
- complete internal and/or external audits within our group;
- comply with our legal obligations and other compliance requirements;
- administer and protect our organisation and websites (including troubleshooting, data analysis, testing, system maintenance, support, reporting, hosting of data, and network, security and fraud protection activities);
- reasonable third-party use for the issuance of supplier related content, completion/credentialing;
- improve our website, products or services, marketing, client relationships and experiences including through analysis and business intelligence techniques; and
- any other purpose notified to you at the time your personal information is collected or that you have consented to.
What happens if you don’t provide us with your personal information?
If you choose not to provide the personal information as requested, we may not be able to supply you with our products or services.
Legal basis for using your personal information
If you are an individual or entity who is either based in a region governed by the General Data Protection Regulation (GDPR) (European Union) or the United Kingdom’s Data Protection Act 2018 the United Kingdom), we will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. We will make sure that we only use your personal information for the purposes set out above and where we are satisfied:
- we need to use your personal information to perform a contract or take steps to enter into a contract with you;
- we need to use your personal information for our legitimate interest as a commercial organisation. For example, we may collect your personal details so that we can respond to enquiries submitted via our website. In all such cases, we will look after your information at all times in a way that is proportionate and respects your privacy rights and you have a right to object to processing as explained in the “Accuracy, access and correction of your personal information” section of this Privacy Policy below;
- we need to use your personal information to comply with a relevant legal or regulatory obligation that we have; or
- we have your consent to using your personal information for a particular activity.
We may from time to time process sensitive personal information about you, such as information about prior education, disabilities and cultural information. We will only process your sensitive personal information if:
- we have a lawful basis for doing so, i.e. to perform a contract or take steps to enter into a contract with you;
- you have given explicit consent;
- the processing is necessary for the purposes of exercising our or your obligations;
- the processing relates to personal data which is manifestly made public by you; or
- the processing is necessary for reasons of substantial public interest.
Disclosure of personal information
We may share your personal information with the persons set out below:
- our related companies which means our subsidiaries, our ultimate holding company and its subsidiaries, including in addition to Allara Global Pty Limited (ABN 66 652 022 010), Tactical Training Group Pty Limited (ABN 57 094 224 076) and WG Learning Pty Limited (50 112 062 647), all of whom are wholly owned subsidiaries of Allara Investments Pty Limited (ABN 76 110 564 264) (trading as Allara Learning);
- third parties who help improve and manage our business and provide our services, including our third-party service providers, such as payment system operators, IT suppliers including customer and sales platform solutions, online learning management systems, identity and fraud protection services, marketing (including direct marketing) and market research services, identifying and serving targeted advertisements services, mailing services, analytic services, or web hosting services
- professional advisers, including lawyers, accountants, audit assessors, other advisers and financial institutions who provide consultancy, banking, legal or accounting services;
- our insurers;
- any other entities notified to you at the time of collection;
- buyers of our assets or shares when we are a seller; and
- courts, law enforcement, regulators and other government agencies so we may respond to their reasonable requests for information or comply with all applicable laws, regulations, rules and our legal obligations.
We are not liable for any loss, claim or damage that arises from another person’s use of personal information where we were authorised to provide that information.
Transfer of personal information overseas
We may disclose your personal information to third-party service providers and/or our related companies based around the world who may use, hold or access your information from a place outside your place of residence including in:
- the European Union
- New Zealand
- Malaysia
- Philippines
- Vietnam
- United States of America
- Singapore
- Thailand
- United Arab Emirates
Transfer of your personal information will only be made for one or more of the purposes specified in this Privacy Policy.
When we take reasonable steps, we will ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights and transfers are limited to either countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights. To this end:
- we ensure transfers within Allara Global and associated company Allara Learning, are covered in this same Privacy Policy to ensure personal information receives an adequate and consistent level of protection wherever it is transferred within our group of companies.
- we use standard contractual clauses approved by the European Commission or other approved mechanisms;
- where we transfer your personal information either outside our group or to third parties who help provide our services, we ensure these third parties have robust Privacy Policies and data protection processes in place to protect your information; or
- where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal information is disclosed.
You have a right to contact us for more information about the safeguards we have put in place to ensure the adequate protection of your personal information when this is transferred as mentioned above.
Your obligations when you provide personal information of others
You must not provide us with personal information (including any sensitive information) of any other individual (including any of your employees or customers) unless you have the express or implied consent of that individual to do so. If you do provide us with such information about another individual, before doing so you:
- must tell that individual that you will be providing their information to us; and
- warrant that you have that individual’s consent to provide their information to us.
Your obligations when we provide you with personal information
If we give you, or provide you access to, the personal information of any individual, you must only use it:
- for the purposes we have agreed to; and
- in compliance with applicable Privacy Laws and this Privacy Policy.
You must also ensure that your agents, advisers, employees and contractors meet the above requirements.
Accuracy, access and correction of your personal information
We take reasonable steps to ensure that your personal information is accurate, complete and up-to-date whenever we collect, use or disclose it. However, we also rely on you to advise us of any changes to your personal information. All personal information identified as being incorrect is updated in our database and, where applicable and appropriate, on our third-party databases, such as payment system operators, IT suppliers including customer and sales platform solutions and online learning management systems.
Please contact us using our contact details at the end of this policy as soon as possible if there are any changes to your personal information or if you believe the personal information we hold about you is not accurate, complete or up-to-date. These requests will be actioned within 28 days of receiving the request in writing. We are not liable for any information that is provided to us that is incorrect.
You may access the Personal Information we hold about you and update and/or correct it, subject to certain exceptions. If you wish to access your Personal Information, please contact us in writing using the contact details at the end of this policy. If you make an access request, we will provide you with access to the personal information we hold about you unless otherwise required or permitted by law. We will notify you of the basis for any denial of access to your personal information. Allara Global may charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive. We may also charge the reasonable cost of third parties who assist us in complying with the access request.
Additional rights under the GDPR and UK Data Protection Act 2018
If you are an individual based in or a resident of the European Union or the United Kingdom, there are additional rights available to you. Please see below your detailed rights including rights of access, erasures, rectification and portability of your personal data.
All Content is aimed at individuals who are at least 16 years of age. Individuals who are the age of 16 years or older can consent to the processing of personal data, but anyone younger needs the consent of their parent or guardian. If you are the age of 13 years or older but younger than the age of 16 years, you may only provide your personal data on our LMS or our mobile app after you have been given consent by (one of) your parent(s) or legal guardian(s). If you are younger than the age of 13 years, we do not permit you to provide your personal data on our LMS or our mobile app. We do not knowingly collect and do not envisage collecting personal data from individuals below the age of 16. We make no representation that the Content is available or appropriate for use by individuals below the age of 16. The Content is not intended to be viewed or used by children without the involvement and approval of (one of) their parent(s) or legal guardian(s).
Right | What this means |
Access | You can ask us to:
|
Rectification | You can ask us to rectify inaccurate personal information. We may seek to verify the accuracy of the data before rectifying it. |
Erasure | You can ask us to erase your personal information, but only where:
We are not required to comply with your request to erase your personal information if the processing of your personal information is necessary:
|
Restriction | You can ask us to restrict (i.e., keep but not use) your personal information, but only where:
We can continue to use your personal information following a request for restriction, where:
|
Portability | You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format but only where:
|
Objection | You can object to any processing of your personal information which has our ‘legitimate interests’ as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests. Once you have objected, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms. |
International transfers | You can ask to obtain a copy of, or reference to, the safeguards under which |
Supervisory authority | You have a right to lodge a complaint with your local supervisory authority about our processing of your personal information. For example, in the UK, the supervisory authority for data protection is the ICO (https://ico.org.uk/). We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time. |
If you wish to access any of the above-mentioned rights, we may ask you for additional information to confirm your identity and for security purposes, in particular before disclosing personal information to you.
Security of personal information
We have appointed a Data Protection Officer (the “DPO”) to oversee this Privacy Policy and its compliance with the Australian Privacy Act, the GDPR and the United Kingdom’s Data Protection Act 2018.The DPO may be assisted by internal and external professionals and advisors. . The DPO can be contacted regarding any privacy-related inquiries or concerns by using the email address provided under ‘How to contact us’.
We take steps to protect personal information that we hold from misuse, interference and loss, and from unauthorised access, alteration and disclosure. For example, we maintain physical security over our paper and electronic data stores and premises, such as locks and security systems. We also maintain computer and network security.
We use SSL encryption and even though we use reputable third-party providers whose platforms regularly undergo independent verification of security, privacy, and compliance controls, achieving certifications against global standards, we are not responsible for the privacy or security of third parties and these may be subject to separate security and privacy policies.
Given the nature of online transactions, and despite our best efforts to ensure your personal information is secure, the security of online transactions cannot be guaranteed and as such, each individual who provides information to us via electronic means, does so at their own risk and we are unable to accept responsibility for the loss or misuse of personal information where this is outside of our control.
Links to third-party sites
Our website may contain links to other third-party websites. Clicking on those links may allow third parties to collect or share data about you in accordance with their own privacy policies. We do not endorse or otherwise accept responsibility for the content on those websites or privacy practices of those third parties or any products or services offered by them. We recommend that you check the privacy policies of these third-parties to find out how these third parties may collect and deal with your personal information.
Cookies
Like many website operators, we may use standard technology called cookies on our website. Cookies are small data files that are downloaded onto your device when you visit a particular website. Cookies help provide additional functionality to the site or to help us analyse site usage more accurately. For instance, our server may set a cookie that keeps you from having to enter a password more than once during a visit to one of our sites. You can disable cookies by turning them off in your browser; however, our website may not function properly if you do so.
You can adjust the settings in your web browser to determine whether sites can set cookies on your device. If you’ve visited this site before, there may be previously set cookies on your device. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.
Direct marketing and how to opt out
We may use your personal information to send you direct marketing communications about our products, services and special offers, those of our related entities and other third parties. If you are in the European Union or the United Kingdom and subscribe to receive any of our email newsletters or marketing communications, then you will be subscribed to receive our direct marketing communications once you consent to it. If you are not within the European Union or the United Kingdom, you may be automatically subscribed to receive our direct marketing communications once you opt in to receive any of our (free) products and/or services and/or purchase any products and/or services.
If you no longer wish to receive such information, you can opt out by following the unsubscribe/opt out link at the bottom of our marketing emails or contacting us using our contact details at the end of this policy. If an individual believes they are receiving information from us when they have not elected to opt-in to our marketing communications, they should contact us immediately using the details provided at the end of this Privacy Policy.
Retention of personal information
We retain your personal information only for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
We will only retain your personal information until the earlier of the following events:
- the information is no longer necessary for the purpose it was collected and we are no longer required to hold the information by law;
- consent has been withdrawn by the individual;
- you have requested us to delete the information;
- the information is in relation to a child younger than the age of 13;
- the information is found to be outdated;;
- it is too costly to maintain further retention of Your personal data;
- we discontinue our business or services;
- the information collected breached the Australian Privacy Act, the GDPR or the United Kingdom’s Data Protection Act 2018;
- our decision to cease using our existing data providers; or
- we are legally required to remove or delete the information.
We may refuse to remove personal information we hold in relation to an individual where the information was collected:
- to exercise right of freedom of expression and to information;
- to comply with legal obligations in relation to the public interest or exercise of official authority;
- archiving purposes or public health purposes in the public interest, statistical purposes or scientific research; or
- for the defence of legal claims.
We will provide reasons if we do not intend to comply with any of your requests regarding your personal data.
Policy updates
We may amend our Privacy Policy from time to time. Any amended Privacy Policy will be posted on our website or, where appropriate, we will communicate the changes to you by email or other means. You are unable to opt out of these communications.
Data breach
Where we become aware or suspect that there has been unauthorised access to, or unauthorised disclosure of, Personal Information or Personal Information has been lost in circumstances where unauthorised access to, or unauthorised disclosure of, the Personal Information may occur (a “Data Breach”) then we will:
- immediately establish the severity of the Data Breach and the associated risks;
- when the Data Breach is likely to result in a high risk to the rights and freedoms of natural persons, disclose without undue delay to the relevant data subject(s) to whom the Data Breach relates all information relevant to that actual or suspected Data Breach;
- co-operate with the other party in investigating whether a Data Breach has occurred and the circumstances surrounding that Data Breach; and
- disclose to required third parties (including any government agency or privacy regulator) the existence or circumstances surrounding any Data Breaches where it is required to do so by applicable law. Where notification of a Data Breach is required under the GDPR or the United Kingdom’s Data Protection Act 2018, we will notify the relevant supervisory authorities not later than 72 hours after having become aware of it. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.
- disclose to required third parties the facts relating to the Data Breach, actions being taken in relation to the Data Breach and undertake to put preventative measures in place to avoid a similar Data Breach in the future.
Additional work
We may take additional actions to ensure the privacy of personal information is secure and to ensure we comply with the Australian Privacy Act, the GDPR and the United Kingdom’s Data Protection Act 2018. Nothing in this Privacy Policy should be taken to be non-compliant with or deem us to not have complied with the Australian Privacy Act, the GDPR and the United Kingdom’s Data Protection Act 2018.
Privacy Policy complaints and enquiries
If you wish to make a complaint about a breach of this Privacy Policy or any breach of applicable privacy laws, you can contact us using the contact details at the end of this policy. You will need to provide us with sufficient details regarding your complaint.
We will contact you if we require any additional information from you and will notify you in writing of the outcome of the investigation. We will try to resolve any complaint within 30 days. If this is not possible, you will be contacted within that time to let you know how long it should take us to resolve your complaint.
If you are not satisfied with our response, you can contact us to discuss your concerns and you can complain to the relevant local data protection supervisory authority for your place of habitual residence, place of work or place of alleged infringement. This is the Australian Privacy Commissioner in Australia (at www.oaic.gov.au).
How to contact us
If you wish to gain access to your personal information, want us to correct or update it, have a complaint about a breach of your privacy or any other query relating to our Privacy Policy, please contact our Data Privacy Officer by email using the following email helpdesk@allaraglobal.com. These requests will be responded to within 28 days of receipt by us of your email. We may extend the aforementioned period of 28 days by up to two months when necessary, taking into account the complexity of your request and the number of your requests, in which case you will be provided notice of such extension together with the reasons for such delay:
Allara Global
Suite 19.02, Level 19
227 Elizabeth Street
Sydney, NSW, 2000 Australia
Local data protection supervisory authorities
You may be able to find out further information about privacy laws in your jurisdiction from your local data protection supervisory authority, including:
- in Australia, the Office of the Australian Information Commissioner at www.oaic.gov.au/ or
- in New Zealand, the New Zealand Privacy Commissioner at www.privacy.org.nz or
- in Singapore, the Personal Data Protection Commission at www.pdpc.gov.sg or
- in the UK, the Information Commissioner's Office at www.ico.co.uk
Updated: 23rd April 2024