CONTENTS
USER CONSENT
CHILDREN
TYPES OF PERSONAL DATA WE COLLECT
INFORMATION YOU PROVIDE TO US:
ACCOUNT DATA
PAYMENT DATA
INDIVIDUAL DATA AND ADDITIONAL DATA
PUBLIC DATA
SUBSCRIPTION DATA
INFORMATION WE COLLECT AS YOU USE OUR SERVICES:
LOG DATA
GOOGLE ANALYTICS
HOW WE COLLECT PERSONAL DATA
DISCLOSURE OF YOUR PERSONAL DATA
IF WE CAN’T COLLECT YOUR DATA
COOKIES POLICYRETENTION OF DATA
DIRECT MARKETING
MANAGING YOUR PERSONAL DATA
PROTECTION OF INFORMATION WE COLLECT
THIRD PARTY WEBSITES
INTERNATIONAL TRANSFER AND DISCLOSURE OF PERSONAL DATA
NOTIFIABLE DATA BREACHES
AUTOMATED INDIVIDUAL DECISION-MAKING, INCLUDING PROFILING
ANONYMITY AND PSEUDONYMITY
PRIVACY COMPLAINTS AND ENQUIRIES
Overview
We have prepared this Privacy Policy to describe to you our practices regarding personal data we collect from users of our Website and Services (as defined in the Terms of Use). Capitalised terms not defined in this Privacy Policy have the meanings given in our Terms of Use.
Our processing of Personal Data will always be undertaken in line with the Australian Privacy Principles contained in the Privacy Act 1998 (Cth) (“Privacy Act”), the General Data Protection Regulation (“GDPR”), and in accordance with country-specific data protection regulations applicable to Metrix Group.
For the purposes of the GDPR the Data Controller is Metrix Group Pty Ltd ABN 70 843 196 558.
User Consent
Children
Our service is not offered to persons under the age of 13. We do not knowingly collect Personal Data from such visitors without parental or guardian consent and require our clients to fully comply with applicable law in the data collected from children under the age of 13.
If you become aware that a child has provided us with information, please contact us. We will delete any information that is in breach of this provision.
Types of Personal Data We Collect
“Personal Data” means any information that could be used to identify you, including, by way of example, your name, address, telephone number, email address, as well as any other non-public information about you that is associated with or linked to any of the foregoing data.
We only collect Personal Data from you if necessary for us in connection with the purposes for which it is processed or incidental purposes related to our business. Personal Data we may collect and hold includes information you provide to us and information we collect as you use our services.
INFORMATION YOU PROVIDE TO US:
Account Data
You do not need to create an account with us to use our services.
Payment Data
When you make a purchase, we (or our third party service provider) will collect all information necessary to complete the transaction, including your name, credit card information, debit card information, billing information and/or PayPal information.
The Personal Data we collect will be the data that you input in any payment area on the Website.
The legal basis for this processing is based on:
• your consent through your voluntary submission of the form and agreeing to these terms;
• the Personal Data being necessary for the performance of a contract to which you are a party including the payment of goods or services; and/or
• any other legitimate interests as detailed below.
This Personal Data is needed to enable us to process your payment for the goods or services.
We retain information on your behalf, such as domain names, URLs, time zone preferences, Invoice Service invoices, transactional history, messages and any other information that you store using your Account.
Individual Data and Additional Data
If you contact us via email, or through a form or any other means including by telephone call or by contracting with us, we will collect your name, email address, company details as well as any other content that is necessary for us to communicate with you or provide a service to you (including data in the correspondence).
We use this data in order to send you a reply or a quote or to assist us in providing a service to you (in precontractual matters). We will store and process your communications and information as needed.
When you participate in a survey, we may collect additional profile information.
The legal basis for this processing is based on:
• either through your consent through your voluntary submission of the form and agreeing to these terms or by your voluntary submission of data to us in other means;
• the Personal Data being necessary for the performance of a contract to which you are a party;
• for carrying out pre-contractual measures; and/or
• any other legitimate interests as detailed below.
By submitting the form or making contact with us such Personal Data is transmitted on a voluntary basis and you consent to its collection.
Public Data
When you post messages on our Website, the information contained in your posting will be stored on our servers and other users will be able to see it. You should be aware that any information you provide in the manner contemplated above may be made broadly available for others.
This Personal Data includes information such as your profile information, your time zone and any information you input. You are responsible for what you make public.
The legal basis for this processing is based on your consent through your voluntary submission of the form and agreeing to this policy.
Subscription Data
On the Website you may have the ability to subscribe to various newsletters or other forms of communications. We collect data when you input your details for subscription purposes.
The Personal Data is processed for the purpose of informing you regularly about our business and will be used for marketing materials or for reasons made known on the form.
The legal basis for this processing is based on:
• your consent through your voluntary submission of the form and agreeing to these terms;
• any other legitimate interests as detailed below.
By submitting the form and voluntarily providing us with your data, you are providing consent to the use of such data by us. For the purpose of revocation of consent there is a corresponding unsubscribe link found in each subscription email.
We may also collect Personal Data at other points in our Website that state that Personal Data is being collected. In some circumstances, Personal Data is provided to us by third parties such as our related entities, service providers or other organisations conducting activities on our behalf. With your express consent, your Personal Data may be used and disclosed to us this way.
The purposes as outlined above may include the processing of such Personal Data to the extent necessary for us to comply with a law, regulation or legal request or to protect the safety of any person or to prevent fraud. While in some circumstances you may not need to provide us with personal information, there are many circumstances when dealing with us that you must provide your personal information to us. For example, we are unable to process any order for our Goods or Services without personal information from you.
We will endeavour to ensure that any personal information obtained from you is complete, accurate, up to date and relevant.
We will generally not be required to collect sensitive information about you. We will only do so if it is considered reasonably necessary for us to collect such information for us to perform our functions or activities and you consent, or collection is required by law or another exception under relevant law applies.
Information we collect as you use our services :
Log Data
To make our Website and Services more useful to you, our servers (which may be hosted by a third party service provider) collect information from you, including your browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to your computer when you use the Internet, which may vary from session to session), domain name, and/or a date/time stamp for your visit.
This data may be processed for the purposes of operating our Website, providing our services, ensuring the security of our Website and services, maintaining back-ups of our databases and communicating with you.
The legal basis for this processing is based on:
• the Personal Data being necessary for the performance of a contract to which you are a party;
• for carrying out pre-contractual measures; and/or
• the legitimate interests of carrying out our business, providing personalised Services to you and any other legitimate interests as detailed herein.
Google Analytics
We currently use Google Analytics as well as Google Analytics for Display Advertising. Google Analytics collects information anonymously and reports Website trends without identifying individual visitors. Google Analytics uses its own cookie to track visitor interactions. Website owners can view a variety of reports about how visitors interact with their Website so they can improve their Website and how people find it. Please click (https://policies.google.com/privacy?hl=en-US) and (https://support.google.com/analytics/answer/2838718?hl=en) for links to more information about Google Analytics. You can also opt-out of Google Analytics for Display Advertising by going to the Google Ads Preferences Manager.
How We Collect Personal Data
Generally speaking there are two types of information we collect:
1. Information that you specifically give to us; and
2. Other information obtained from your use of our services including but not limited to our Website.
When we collect information about you, we will provide you with notification as required by applicable laws.
Metrix Group collects information about you in the following circumstances:
• Where we are providing a product or service that you have requested. For example, booking you into one of our events;
• Where you have applied for a position with us, are employed by us or are completing work experience or other related work with us;
• Where you have provided the information to us through correspondence written, verbal or electronic communication. For example; if you have requested any information from us;
• When you access our Website and or other online services;
• When you download a file and fill in your details.
Use of Your Personal Data
We only collect Personal Data which is necessary for the purposes noted in this Privacy Policy which include the following purposes:
• to conduct our business;
• to administer contracts including to negotiate, execute and or manage a contract with you;
• for any marketing purposes;
• identify you as a user in our system;
• research, develop and improve our Website and Services;
• customise content to match your preferences;
• prevent suspended users from re-registering;
• provide Goods and Services;
• send you a welcome email to verify ownership of the email address provided when your Account was created;
• provide you with access to protected areas of the site and to authenticate your account;
• send you administrative email notifications, such as security or support and maintenance advisories;
• respond to your inquiries and requests;
• to make telephone calls to you, from time to time, as a part of secondary fraud protection or to solicit your feedback;
• to send newsletters, surveys, offers, and other promotional materials related to our Services and for other marketing purposes of Metrix Group;
• detect, investigate and prevent potentially unlawful acts or omissions or acts or omissions with the potential to breach our Terms of Use accessible on the Website (“Terms of Use”), this Privacy Policy or any other policy;
• enforce our Terms of Use, this Privacy Policy or any other policy;
• verify information for accuracy or completeness (including by way of verification with third parties);
• comply with our legal obligations, a request by a governmental agency or regulatory authority or legally binding court order;
• combine or aggregate your personal information with information we collect from third parties and use it for the purposes set out this Privacy Policy;
• aggregate and/or make anonymous your personal information, so that it cannot be used, whether in combination with other information or otherwise, to identify you;
• resolve disputes and to identify, test and resolve problems;
• notify you about the Website and updates to the Website from time to time;
• supply you with generalised, targeted or personalised marketing, advertising and promotional notices, offers and communications, and measure and improve our marketing, advertising and promotions based on your ad customisation preferences; or
• protect a person’s rights, property or safety.
If you access the Website from a shared device or a device of a third party (such as in an internet café or public wifi), your personal information may also be available to other persons who access that device.
Disclosure of Your Personal Data
We may disclose your Personal Data to third parties for the purposes contained in this Privacy Policy, including without limitation to:
1. Service Providers
We may share your Personal Data with service providers to:
• provide you with the Services that we offer you through our Website;
• to conduct quality assurance testing;
• to facilitate creation of accounts;
• to provide technical support; and/or
• to provide other services to Metrix Group.
The service providers (and if necessary data processors) include:
• information technology service providers such as web host providers and analytical providers;
• booking providers;
• CRM providers;
• mailing houses such as Mailchimp;
• market research organisations to enable them to measure the effectiveness of our advertising; and
• specialist consultants.
These third party service providers are required not to use your Personal Data other than to provide the services requested by Metrix Group.
2. Staff and affiliates
We may share some or all of your Personal Data with our staff, committee members, subsidiaries, joint ventures, or other companies under a common control (“Affiliates”), in which case we will require our Affiliates to abide by this Privacy Policy. In the event we are involved in a merger, acquisition or sale of assets we may disclose Personal Data collected by us to such entities that we propose to merge with or be acquired by, and will assume the rights and obligations regarding your Personal Data as described in this Privacy Policy. This includes the disclosure of information to our clients where we act as a data processor.
3. Other third parties with your consent
We may disclose your Personal Data to third parties to whom you expressly ask to us to send the Personal Data to or to third parties you consent to us sending your personal information to.
We may also, with your consent or at your direction, disclose your personal information to your authorised representatives.
4. Other disclosures
Regardless of any choices you make regarding your Personal Data (as described below), Metrix Group may disclose Personal Data if it believes in good faith that such disclosure is necessary:
• in connection with any legal investigation;
• to comply with relevant laws, regulations;
• to protect or defend the rights or property of Metrix Group or users of the Services;
• to investigate or assist in preventing any violation or potential violation of the law, this Privacy Policy, or Terms of Use
• to protect the safety of any person or to protect the safety or integrity of our platform including for security reasons
• to detect, prevent or otherwise address fraud, security or technical issues
• where there is a credit risk.
We may share your Personal Data with such third parties subject to obligations consistent with this Privacy Policy and any other appropriate confidentiality and security measures, and on the condition that the third parties use your Personal Data only on our behalf and pursuant to our instructions. We agree to not use or disclose this information for a secondary purpose unless you consent to us doing so, or under the circumstances involved we believe you would reasonably expect us to use or disclose the information for a secondary purpose and that that secondary purpose is related to the primary purpose.
In the unlikely event that we hold sensitive information about you, we will only disclose or use that information with your consent or another exception applies under relevant laws.
We will take reasonable steps to ensure that anyone to whom we disclose your personal information respects the confidentiality of the information and abides by the Australian Privacy Principles the GDPR or equivalent privacy laws.
We will not share, sell, rent or disclose your personal information in ways different from what is disclosed in this Privacy Policy.
If we can't collect your data
If you do not provide us with the personal information described above, we may not be able to:
• provide the requested products or services to you, either to the same standard or at all;
• run the competitions and promotions in a way that benefits you;
• provide you with information about products and services that you may want; or
• tailor the content of our Websites to your preferences and your experience of our Websites may not be as enjoyable or useful.
Cookies Policy
What are cookies?
A cookie is a small text file that a Website saves on your computer or mobile device when you visit the Website. It enables the Website to remember your actions and preferences (such as login, language, font size and other display preferences) over a period of time, so you do not have to keep re-entering them whenever you come back to the Website or browse from one page to another.
We also use cookies and URL information to gather information regarding the date and time of your visit and the information for which you searched and which you viewed. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Website. Persistent Cookies can be removed by following Internet browser help file directions. Cookies may enable automatic logins when you visit in the future and may enable content customisation.
We sometimes use cookies to show marketing communications via third party networks like Google Display network and Facebook. To opt out of these communications please visit the Network Advertising Initiative opt out page.
How to control cookies
You can control and/or delete cookies as you wish, for details see this helpful Website put together by a third party: aboutcookies.org.
Retention of Data
Information collected by us is stored electronically and in some cases manually.
We generally keep user data on our server or in our archives for as long as we reasonably need it for our operations and to fulfil the purposes set out herein and for taxation, insurance or legal purposes.
We may alter this practice according to changing requirements. For example, we may delete some data, if needed, to free up storage space. We may keep other data for longer periods if the law requires it. In addition, information posted in a public forum could stay in the public domain indefinitely.
Direct Marketing
Where we engage in direct marketing we only do so in compliance with the Privacy Act and the GDPR, and any other relevant laws.
We ensure that those we send direct marketing to have given their consent, except where consent is not required under applicable laws.
We will always provide a simple means by which you are able to request to be removed from our email list and each direct marketing email we send will contain an opt-out link.
We may also send you correspondence from time to time regarding an order you have made or a product you have purchased.
Managing Your Personal Data
Subject to the Privacy Act and the GDPR you may request to access the personal information we hold about you by contacting us. All requests for access will be processed within a reasonable time. We will take all steps reasonable in the circumstances to ensure that the personal data we collect from you is accurate, up to date and complete.
1. Accessing or Rectifying your Personal Data
We may, if required, provide you with tools and account settings to access, correct, delete, or modify the Personal Data you provided to us. You can find out more about how to do this by contacting us. In the event that it is not possible for you to access your account to access or rectify your Personal Data, you may submit a request to us to correct, delete or modify your Personal Data and download the data for you.
2. Deletion
We keep data for as long as it is needed for our operations. If you deactivate and delete your account, your data will no longer be visible on your account. Please keep in mind that third parties may still retain copies of information you have made public through our website.
If you wish to have us delete your data, please contact us.
3. Object, Restrict, or Withdraw Consent
If you have an account on the Website, you will be able to view and manage your privacy settings. Alternatively, if you do not have an account, you may manually submit a request to us if you object to any Personal Data being stored, or if you wish to restrict or withdraw any consent given for the collection of your Personal Data.
You may withdraw your consent to the processing of all your Personal Data at any time. If you wish to exercise this right, you may do so by contacting us.
You may withdraw your consent or manage your opt-ins by either viewing your account on the Site or clicking the unsubscribe link at the bottom of any marketing materials we send you.
4. Portability
We may, if required and possible, provide you with the means to download the information you have shared through our services. Please contact us for further information on how this can be arranged.
We may retain your information for fraud prevention or similar purposes. In certain instances, we may not be required or able to provide you with access to your personal information. If this occurs, we will give you reasons for our decision not to provide you with such access to your personal information in accordance with the Privacy Act and the GDPR.
There is no application fee for making a request to access your personal information. However, we may charge an administrative fee for the provision of information in certain circumstances such as if you make repeated requests for information or where the information is held by a third-party provider.
Protection of information we collect
We are committed to protecting the security of your Personal Data. We (and our third-party service providers) use a variety of industry-standard security technologies and procedures to help protect your Personal Data from unauthorised access, use or disclosure. We use secure web services to collect your information and we store certain kinds of data in encrypted form.
We follow reasonable technical and management practices to help protect the confidentiality, security and integrity of data stored on our system. While no computer system is completely secure, we believe the measures implemented by us reduce the likelihood of security problems to a level appropriate to the type of data involved. We use Secure Sockets Layer (SSL) and encryption technology that works with Microsoft Internet Explorer, Firefox, Safari, and Google Chrome browsers, with the objective that only we can read your personal information.
We encourage you to be vigilant about the protection of your own information when using digital services, such as social media. While we will endeavour to ensure that any relationships we have with third parties include an appropriate level of protection for your privacy, we will be limited in our ability to control any electronic platform operated by a third party.
On site, all our access to your Personal Data is limited password protected with employees needing to sign confidentiality agreements. Access to our site is restricted only to those employees that have a key or are authenticated. Security systems on site include an alarm system.
Third Party Websites
Our Website may contain links to third party websites.
We are not responsible for the privacy practices or the content of these websites even if you access those sites using links from us. Your use of these third-party websites is entirely at your own risk and we recommend that you check the privacy and security policy of each website you visit. Clicking on a third-party link will take you to a third party’s website. We make no representation or warranty as to the effectiveness, quality, legitimacy or data protections of any third-party website.
International Transfer and Disclosure of Personal Data
Where we transfer Personal Data outside of the European Union or EFTA States, we ensure an adequate level of protection for the rights of data subjects based on the adequacy of the receiving country’s data protection laws.
We may disclose personal information to our related bodies corporate and third-party suppliers and service providers located overseas for some of the purposes listed above. We take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information.
We may disclose your personal information to entities located outside of Australia, including the following:
• our related bodies corporate;
• our data hosting and other IT service providers, located in various countries; and
• other third parties located in various foreign countries.
We may disclose your personal information to entities within Australia who may store or process your data overseas.
Notifiable Data Breaches
We take data breaches very seriously. Depending on where you reside our policy is:
1. If you reside in Australia:
In the event that there is a data breach and we are required to comply with the notification of eligible data breaches provisions in Part IIIC of the Privacy Act 1988 (Cth) or any other subsequent sections or legislation which supersede this Part IIIC, we will take all reasonable steps to contain the suspected or known breach where possible and follow the following process set out in this clause.
We will take immediate steps to limit any further access or distribution where possible. If we have reasonable grounds to suspect that the data breach is likely to result in serious harm to any individuals involved, then we will take all reasonable steps to ensure an assessment is completed within 30 days of the breach or sooner if possible. We will follow the guide published by the Office of the Australian Information Commissioner (if any) in making this assessment.
If we reasonably determine that the data breach is not likely to result in serious harm to any individuals involved or any remedial action we take is successful in making serious harm no longer likely, then no notification or statement will be made.
Where, following an assessment and undertaking remedial action (if any), we still have reasonable grounds to believe serious harm is likely, as soon as practicable, we will provide a statement to each of the individuals whose data was breached or who are at risk. The statement will contain details of the breach and recommendations of the steps each individual should take. We will also provide a copy of the statement to the Office of the Australian Information Commissioner.
2. If you reside in the European Union of EFTA States:
We will endeavour to meet the 72 hour deadline as imposed by the GDPR, to report any data breach to the supervisory authority where a data breach occurs that will likely be a risk to you.
Further, where there is likely to be a high risk to your rights we will endeavour to contact you without undue delay.
We will review every incident and take action to prevent future breaches.
Automated individual decision-making, including profiling
If you reside in the European Union or EFTA States, you shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you, or similarly significantly affects you, as long as the decision is not necessary for entering into, or the performance of, a contract between us, or is not authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or is not based on your explicit consent. If you wish to exercise your rights, please contact us.
Anonymity and pseudonymity
We will allow its customers to transact with it anonymously or by using a pseudonym, wherever that is reasonable and practicable.
However, this will not be possible if we are required or authorised by law or other instrument to deal with customers who have been appropriately identified; or where it is impracticable for us to deal with individuals who have not identified themselves or who would prefer to use a pseudonym.
Privacy Complaints and Enquiries
We want to ensure that we keep your personal information confidential and will do our best to do this, however, if you do have any questions or complaints regarding our use, collection or storage of your personal information, please feel free to contact us to discuss these issues:
If you reside in Australia:
You can confidentially contact our Privacy Officer at:
Privacy Officer:
By email: info@MetrixGroup.com.au
By telephone: 1300 792 493
By mail: 35 Kalman Drive Boronia VIC 3155
If we do not resolve your enquiry, concern or complaint to your satisfaction or you require further information in relation to any privacy matters, please contact the Office of the Australian Information Commissioner at:
Telephone: 1300 363 992
Email: enquiries@oaic.gov.au
Office Address: Level 3, 175 Pitt Street, Sydney NSW 2000
Postal Address: GPO Box 5218, Sydney NSW 2001
Website: www.oaic.gov.au
If you reside in the European Union or EFTA States:
The data controller that is responsible for your Personal Data is the Privacy Officer listed above.
Our EU Representative contact details will be provided on request.
If you wish to raise a concern about our use of your information you have the right to do so with your local supervisory authority.