Privacy and Confidentiality Policy
Beaton Research + Consulting (ACN 135 310 459) (‘beaton’) respects your rights to privacy and our Privacy and Confidentiality Policy (‘Policy’) outlines how we uphold those rights under the Australian Privacy Principles (‘APPs’), as written into the Privacy Act 1988 (Cth) (‘Privacy Act’). The APPs govern how private organisations in Australia handle ‘personal information’, which is information from which you can be identified. For more information about the Privacy Act and the APPs visit www.oaic.gov.au
In recognition of the growing interest in the responsible and transparent collection, storage and usage of data, the Policy also outlines the steps beaton has taken to ensure its processes are compliant with the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'). This applies to the processing of data about and from individuals in the European Economic Area.
There are four main categories of individuals on whom beaton holds personal information:
What personal information about you does beaton collect and hold?
More detailed explanations can be found in the following sections.
What are the purposes for which beaton uses and handles your personal information?
To whom will beaton disclose your personal information?
beaton does not provide information to third parties for their own marketing purposes and we do not undertake promotional mailings for third parties, unless with your explicit consent. We will not disclose any personal information to a third party for a purpose other than pursuing our legitimate business interests or the legitimate interests of our clients (outlined above), unless specifically stated otherwise or we are required to do so by an Australia law or court/tribunal order.
We may use third party experts in order to conduct best practice research and deliver excellent service to our clients. This may involve the disclosure of personal data in order for these providers to deliver their service. It is appropriate to use third party experts whose domain knowledge ensures personal information is processed with the most up-to-date and secure methods. beaton will take reasonable steps to ensure the service provider, their employees, and their contractors do not breach the APPs and have privacy policies that provide equivalent protections to those described in the Policy.
When our third party experts are located internationally, we will take reasonable steps to ensure that privacy rights are protected, their security and confidentiality is in accordance with local data protection laws and that individuals have the ability to enforce these rights.
How does beaton protect your personal information?
Our internal processes encourage data protection by design and by default. Only authorised personnel have access to personal information and they are required maintain its confidentiality, unless with the specific and affirmative consent of the individuals involved or to third party experts as outlined above.
We take all reasonable steps to hold your personal information in a secure location, protected from misuse, interference, loss, unauthorised access, modification or destruction. When beaton holds information in a location other than our identified business address, we will take reasonable steps to ensure these locations comply with the APPs and the Privacy Act.
In the unlikely event of a suspected data breach, within 30 days beaton will assess and evaluate whether a data breach has occurred. However, beaton does not believe that it holds any information such that a breach would cause serious harm to the individuals involved. If our evaluation determined that a breach had occurred and that it may cause serious harm, the Office of the Australian Information Commissioner and all affected individuals will be notified. beaton will take steps, depending on the nature of the breach, to secure the data and/or minimise the potential for harm.
We will destroy or de-identify personal information as soon as practicable once it is no longer needed for our purposes. However, beaton may in certain circumstances be required by law to retain personal information. In this case, the personal information will continue to be protected in accordance with the Policy. If we destroy personal information, we will do so by taking reasonable steps and using up-to-date techniques and processes.
What are your rights on how beaton processes your personal information?
All individuals covered by the Policy have rights surrounding how beaton collects, uses or otherwise processes personal information. These are:
The right to transparent explanation of how personal information is used and your rights
i.e. the Policy
The right to access the information beaton holds about you
The right to correct any inaccurate personal information we may hold about you
The right to object to us using your data for profiling you or making automated decisions about you
We do not use your data for profiling or automated decision-making
The right to object to us using your data
i.e. by unsubscribing from our email invitations to surveys
The right to data erasure ('be forgotten')
This applies to contact details only, as it is not practicable to remove survey data once it has been used to calculate averages and other statistical summary metrics and used in reports to our clients
Note that total erasure also means being removed from our 'do not email' lists. This means that if your contact details are provided again in future, we will not know that you do not wish to be contacted for surveys
The right to lodge a complaint
Please contact us first, using the below details, so we have the opportunity to address your concerns.
If you would like to exercise any of the above rights, have any questions about the Policy or believe that we have at any time failed to handle your personal information in the manner required by the Privacy Act, the APPs or GDPR, please contact us immediately using the following contact details:
Suite 9.12, Level 9, 9 Yarra St South Yarra VIC 3141
+61 3 8373 2600
We will respond within one month (or let you know within one month if we need an extension of up to two months to process a complex request) and, where applicable, advise you whether we agree with your complaint or not. If we do not agree, we will provide reasons. If we do agree, we will advise what (if any) action we consider it appropriate to take in response. If you are still not satisfied after having contacted us and given us a reasonable time to respond, then we suggest that you exercise your right to contact the Office of the Australian Information Commissioner by:
Phone: 1300 363 992
If calling from overseas (including Norfolk Island): +61 2 9284 9749
TTY: 1800 620 241 (hearing impaired only)
TIS (Translating and Interpreting Service): 131 450
Post: GPO Box 2999 Canberra ACT 2601 Australia
Fax: +61 2 9284 9666
In the Policy, ‘personal information’ has the same meaning as under the Privacy Act.
The Policy is effective from 25 May 2018. We may change the Policy from time to time; the APPs recommend regular review of privacy policies to make them ‘living documents’. Although we intend to observe the Policy at all times, it is not legally binding on beaton in any way. From time to time, we may regard it as necessary or desirable to act outside the Policy. beaton may do so, subject only to any other applicable contractual rights you have and any statutory rights you have under the Privacy Act or other applicable legislation.