Think Impact respects and upholds your rights under the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (Privacy Act). Think Impact also adheres to the Privacy (Market and Social Research) Code 2021 (Code) published by The Office of the Australian Information Commissioner.
This policy is not legally binding but intends to outline our approach to ensuring your rights are protected in line with the APPs and the Code. To read more about the Privacy Act, the APPs and the Code visit the Office of the Australian Information Commissioner website.
This policy outlines how Think Impact manages data and information obtained or collected during project delivery and related business activities.
It applies to those that we engage through the course of project delivery (our clients and their stakeholders or beneficiaries) as well as to those that we engage when performing other business and marketing functions (see How we collect information). The policy uses the second person, ‘you’, to denote this.
Consent is relevant to the operation of a number of APPs. Consent means ‘express or implied consent’. The four key elements of consent are:
Express consent is given openly and obviously, either verbally or in writing. For example, when you sign your name (by hand, or by an electronic or voice signature). An organisation or agency must get your express consent before handling your sensitive information.
An organisation or agency doesn’t need express consent to handle non-sensitive personal information; but they need to reasonably believe that they have the individual’s implied consent.
It’s not sufficient for an organisation or agency simply to inform people of their collection, use or disclosure of personal information. Unless an opt-out option is provided, implied consent cannot be assumed.
Personal information includes a broad range of information, or an opinion, that could identify an individual. What is personal information will vary, depending on whether a person can be identified or is reasonably identifiable in the circumstances.
For example, personal information may include:
Sensitive information is personal information that includes information or an opinion about an individual’s:
Generally, sensitive information has a higher level of privacy protection than other personal information.
Think Impact collects personal information for the following purposes:
Think Impact has adopted the APPs for the way that personal information is obtained, collected and handled.
The types of personal information Think Impact obtains or collects from you may include:
We will not collect personal information unless reasonably necessary. At times, our clients will supply us with data that may contain personal information.
Think Impact will generally seek your express (verbal or written) consent before handling your sensitive information. We will, as far as practicable, implement procedures and systems to obtain and record consent.
Information regarding the project, the client and the purpose of the project will be supplied prior to obtaining or collecting any information and before the consent process.
Other ways in which Think Impact may obtain or collect personal information includes when you:
- some information may be automatically collected through the use of ‘cookies’ on our website (managed by craft cms). Although ‘cookies’ do not access information stored on your computer or any personal information, they do allow collection of identifiable information.
- craft’s default cookies are only used to communicate with your craft installation for the purposes of user authentication, form validation/security, and basic web application operations. The cookies are stored on the server as temporary files for the duration of the server session.
- via google analytics
- if you prefer to not receive marketing and promotional material from us, you may withdraw your consent at any time by contacting us directly or by using the unsubscribe option in our emails.
We will only use or disclose your information for the purposes outlined in Why we collect information and in line with this privacy policy.
We will only use or disclose your personal information for the reason that we obtained or collected it. Exceptions include:
We will take reasonable steps to obtain information that is already de-identified for the purposes of research.
If you notify us that you wish to withdraw your participation in any process that involves the collection of your personal information, any personal information you have supplied to that point will be destroyed. You have the right to be anonymous and to request the use of a pseudonym in place of your personally identifying information.
If you have provided personal information to us, or if your personal information has been supplied to us by a client, you have the right to request any and all of the information that was obtained or collected from you. This extends to having full information as to how your data was processed, where and for what purpose.
You can request this information by contacting Suzi Young (see How to make an enquiry or complaint). You can expect that Think Impact will acknowledge your request for access within two weeks and resolve your request within a reasonable timeframe. Where it is reasonable and practical to do so Think Impact will provide you access to your information in the form that you have requested it. You have the right for your personal data to be erased or corrected and for us to cease it being disseminated further.
Our employee code of conduct requires our team members to adhere to a high standard of ethics and integrity when conducting research and managing any personal information.
For internal file management, security of digital data is supported by cloud-based technology that provides a high level of data protection as data is automatically synchronised and saved on servers in a secure data centre managed by Microsoft (Microsoft Privacy Statement).
We also use third-party vendors for the collection, aggregation and analysis of some survey and other data, and for marketing and promotional purposes. The information collected via these vendors is transmitted and stored securely on servers in either Australia or the United States and is accessed in accordance with the relevant privacy policy. We will take reasonable steps to ensure that any overseas third-party vendors deal with personal information in a way that is consistent with the Privacy Act however in providing your information to us via third-party platforms, you acknowledge that we cannot prevent the use (or misuse) of personal information by others.
At the time of writing, these vendors include, but are not limited to:
If completing a survey or form through a third-party provider, we advise that you examine the relevant privacy and security policies.
If you choose to engage with Think Impact via social media including LinkedIn or Facebook you should also be aware of the following:
If you have any questions about Think Impact's privacy policy or if you wish to make a complaint believing we have not met the APPs, the Privacy Act or the Code you can contact the person below:
Suzi Young, Director
suzi@thinkimpact.com.au
Phone: 0412 808 647
Document ref no: | POL PP | Authority: | Directors |
Issue: | B | Current issue date: | February 2024 |
Original issue date: | May 2020 | Next review date: | December 2024 |
Lightbox content