Think Impact Privacy Policy


Think Impact respects and upholds your rights under the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (Privacy Act). Think Impact also adheres to the Privacy (Market and Social Research) Code 2021 (Code) published by The Office of the Australian Information Commissioner.

This policy is not legally binding but intends to outline our approach to ensuring your rights are protected in line with the APPs and the Code. To read more about the Privacy Act, the APPs and the Code visit the Office of the Australian Information Commissioner website.


This policy outlines how Think Impact manages data and information obtained or collected during project delivery and related business activities.

It applies to those that we engage through the course of project delivery (our clients and their stakeholders or beneficiaries) as well as to those that we engage when performing other business and marketing functions (see How we collect information). The policy uses the second person, ‘you’, to denote this.

It covers:

  • why we collect information
  • the type of information we collect
  • how we collect information
  • how we use and disclose information
  • how to access and correct information
  • data security and storage
  • how to make an enquiry or complaint.



Consent is relevant to the operation of a number of APPs. Consent means ‘express or implied consent’. The four key elements of consent are:

  • the individual is adequately informed before giving consent
  • the individual gives consent voluntarily
  • the consent is current and specific
  • the individual has the capacity to understand and communicate their consent.

Express consent

Express consent is given openly and obviously, either verbally or in writing. For example, when you sign your name (by hand, or by an electronic or voice signature). An organisation or agency must get your express consent before handling your sensitive information.

Implied consent

An organisation or agency doesn’t need express consent to handle non-sensitive personal information; but they need to reasonably believe that they have the individual’s implied consent.

It’s not sufficient for an organisation or agency simply to inform people of their collection, use or disclosure of personal information. Unless an opt-out option is provided, implied consent cannot be assumed.

Personal information

Personal information includes a broad range of information, or an opinion, that could identify an individual. What is personal information will vary, depending on whether a person can be identified or is reasonably identifiable in the circumstances.

For example, personal information may include:

Sensitive information

Sensitive information is personal information that includes information or an opinion about an individual’s:

  • racial or ethnic origin
  • political opinions or associations
  • religious or philosophical beliefs
  • trade union membership or associations
  • sexual orientation or practices
  • criminal record
  • health or genetic information

    Generally, sensitive information has a higher level of privacy protection than other personal information.


Why we collect information

Think Impact collects personal information for the following purposes:

  • to deliver services, such as research/evaluation, on behalf of third parties with whom we have a contractual relationship
  • to manage our business affairs
  • to allow you to access and use our website
  • for marketing and promotional purposes
  • to send you communications, respond to your enquiries or to provide information requested by you.

Think Impact has adopted the APPs for the way that personal information is obtained, collected and handled.

The type of information we collect

The types of personal information Think Impact obtains or collects from you may include:

  • identifying information such as your name and contact details (such as your first and last name, email address, mobile number and state of residence)
  • the organisation and type of organisation you work for
  • demographic information (such as age, gender and language spoken at home)
  • information you provide to us directly or indirectly through the use of our website.

How we collect information

When delivering services

We will not collect personal information unless reasonably necessary. At times, our clients will supply us with data that may contain personal information.

Think Impact will generally seek your express (verbal or written) consent before handling your sensitive information. We will, as far as practicable, implement procedures and systems to obtain and record consent.

Information regarding the project, the client and the purpose of the project will be supplied prior to obtaining or collecting any information and before the consent process.

When performing other business and marketing functions

Other ways in which Think Impact may obtain or collect personal information includes when you:

  • use our website

- some information may be automatically collected through the use of ‘cookies’ on our website (managed by craft cms). Although ‘cookies’ do not access information stored on your computer or any personal information, they do allow collection of identifiable information.

- craft’s default cookies are only used to communicate with your craft installation for the purposes of user authentication, form validation/security, and basic web application operations. The cookies are stored on the server as temporary files for the duration of the server session.

- via google analytics

  • communicate with us either directly or via the enquiry form on our website
  • join our mailing list

- if you prefer to not receive marketing and promotional material from us, you may withdraw your consent at any time by contacting us directly or by using the unsubscribe option in our emails.

  • enrol in a training course with us.

How we use and disclose information

We will only use or disclose your information for the purposes outlined in Why we collect information and in line with this privacy policy.

We will only use or disclose your personal information for the reason that we obtained or collected it. Exceptions include:

  • you’ve consented to Think Impact using or disclosing your personal information for a secondary purpose
  • Think Impact uses or discloses your personal information because we think it’s reasonably necessary for enforcement-related activities carried out by, or on behalf of, an enforcement body
  • a secondary purpose is required or authorised under an Australian law, or court or tribunal order.
  • If you have been a research participant in one of our projects, we will only re-contact you if this was agreed prior to participating in the research or if there is a genuine reason that justifies re-contact.

We will take reasonable steps to obtain information that is already de-identified for the purposes of research.

How to access and correct information

If you notify us that you wish to withdraw your participation in any process that involves the collection of your personal information, any personal information you have supplied to that point will be destroyed. You have the right to be anonymous and to request the use of a pseudonym in place of your personally identifying information.

If you have provided personal information to us, or if your personal information has been supplied to us by a client, you have the right to request any and all of the information that was obtained or collected from you. This extends to having full information as to how your data was processed, where and for what purpose.

You can request this information by contacting Suzi Young (see How to make an enquiry or complaint). You can expect that Think Impact will acknowledge your request for access within two weeks and resolve your request within a reasonable timeframe. Where it is reasonable and practical to do so Think Impact will provide you access to your information in the form that you have requested it. You have the right for your personal data to be erased or corrected and for us to cease it being disseminated further.

Data security and storage

Our employee code of conduct requires our team members to adhere to a high standard of ethics and integrity when conducting research and managing any personal information.

For internal file management, security of digital data is supported by cloud-based technology that provides a high level of data protection as data is automatically synchronised and saved on servers in a secure data centre managed by Microsoft (Microsoft Privacy Statement).

We also use third-party vendors for the collection, aggregation and analysis of some survey and other data, and for marketing and promotional purposes. The information collected via these vendors is transmitted and stored securely on servers in either Australia or the United States and is accessed in accordance with the relevant privacy policy. We will take reasonable steps to ensure that any overseas third-party vendors deal with personal information in a way that is consistent with the Privacy Act however in providing your information to us via third-party platforms, you acknowledge that we cannot prevent the use (or misuse) of personal information by others.

At the time of writing, these vendors include, but are not limited to:

How to make an enquiry or complaint

If you have any questions about Think Impact's privacy policy or if you wish to make a complaint believing we have not met the APPs, the Privacy Act or the Code you can contact the person below:

Suzi Young, Director

Phone: 0412 808 647

Document control

Document ref no:






Current issue date:

February 2024

Original issue date:

May 2020

Next review date:

December 2024