15 September 2021
- The personal data we will collect
- Use of collected data
- Who has access to the data collected
- The rights of Site users
For users in the European Union, we adhere to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, known as the General Data Protection Regulation (the “GDPR”). For users in the United Kingdom, we adhere to the GDPR as enshrined in the Data Protection Act 2018.
When the legal basis for us processing your personal data is that you have provided your consent to that processing, you may withdraw your consent at any time. If you withdraw your consent, it will not make processing which we completed before you withdrew your consent unlawful.
1. What personal information do we keep?
The personal information EV20 Consulting Group holds may include:
- Name, address, contact details
- Email address
- Business/company name
- Payment details
- Products and services purchased.
When you visit the website, we may record information about your visit for statistical purposes. The information collected on a daily basis may include:
- your server address
- your domain address
- the date and time you visited the Site
- the pages you accessed
- the type of internet browser
- the type of operating platform you used.
We collect and process personal data about users in the EU only when we have a legal basis for doing so under Article 6 of the GDPR.
We rely on the following legal bases to collect and process the personal data of users in the EU:
- Users have provided their consent to the processing of their data for a specific purpose
- Processing of user personal data is necessary for us or a third party to pursue a legitimate interest. Our legitimate interest is not overridden by the interests or fundamental rights and freedoms of users. Our legitimate interest(s) are to sell our software as a service and provide targeted communication to users
- Processing of user personal data is necessary for us to take, at the request of a user, steps before entering a contract or for the performance of a contract to which a user is a party. Failure to provide the personal data necessary to perform a contract means the service cannot be delivered.
- Processing of user personal data is necessary for us to comply with a legal obligation. If a user does not provide the personal data necessary for us to perform a legal obligation, we cannot provide the service.
2. Where and how do we obtain your personal information?
If it is reasonable and practical to do so, we will collect personal information directly from you. This will include contact details and other information relevant to providing products or services to you. This may take place in a number of ways, such as by telephone, directly in person, electronically, online via a form.
This information will be collected with each purchase, for recurring subscriptions, or alternatively through updates to the online account.
User data will be stored until the purpose the data was collected for has been achieved. You will be notified if your data is kept for longer than this period.
When you visit the Site, the server may attach a “cookie” to your computer’s memory. A “cookie” assists us to store information on how visitors to the Site use it and the pages that may be of most interest. This information may be used to provide users of your computer with information that we think may interest the users of your computer. However, this information is not linked to any personal information you may provide and cannot be used to identify you. If you would prefer to disable this feature, it can be done in your web browser preferences, however some features on our website may be dismantled by such action.
We use the following types of cookies on our Site:
- Functional cookies – used to remember the selections you make on our Site so that your selections are saved fo your next visits
- Analytical cookies – allow us to improve the design and functionality of our Site by collecting data on how you access our Site, for example data on the content you access, how long you stay on our Site
- Targeting cookies – collect data on how you use the Site and your preferences. This allows us to personalise the information you see on our Site for you
- Third-Party Cookies – are created by a website other than ours. We may use third-party cookies to achieve targeted communications.
4. How do we use your personal information?
EV20 Consulting Group uses personal information in accordance with the Australian Privacy Principles. The information that we collect from you will be utilised for the primary purpose of ensuring the ongoing provision of products and services. This can be achieved by facilitating business functions such as providing products and services, direct marketing, or subscription renewal reminders, market research, invoicing and customer service. We may use any postal address, email address or other personal information you provide to us at any time for this purpose.
Additionally, any EV20 Consulting Group correspondence sent to you will give you the opportunity to “opt out” of receiving further marketing or research correspondence. You agree and acknowledge that even if you opt out of receiving marketing material, via the Unsubscribe opt out option, we will still send you essential information that we are legally required to send you relating to the products and services we provide. Once you opt out of receiving marketing material from us, you agree and acknowledge that this removal from our distribution lists may take several business days after the date of you request to be removed.
5. Third Parties and your information
The personal information that we have either in hard copy or on the computer database, can only be accessed by employees of EV20 Consulting Group or authorised personnel engaged for maintenance, IT work or other necessary functions. All computers and databases are equipped with password authorisations, held only by our staff or designated personnel for the purpose of carrying out functions as mentioned above.
In accordance with this policy, we may be required to disclose your personal information to:
- our contractors and service providers performing services including (but not limited to) marketing, market research, mail-house services and product development services
- our existing and future strategic partners in respect of co-branded products and services.
We take reasonable steps to ensure that these organisations are bound by privacy obligations in relation to the protection of your personal information.
In the event of a security incident involving unauthorised access, use or disclosure of personal information where a third party with whom we share personal information is involved, we will seek to work cooperatively with them to protect the personal information we have shared with them.
6. External website links
7. How do we keep your personal information secure?
The personal information that we collect of yours is treated with the intention of keeping it secure and confidential. All information, either housed on hard or soft copy is protected by industry recognised software and protocol. All documentation in hard copy is protected by physical security measures. Additionally, firewalls and the latest security software safeguard information stored on computer devices across our network.
These security measures are designed to ensure your personal information is not subject to unauthorised access, loss or misuse. If you reasonably believe that there has been unauthorised use or disclosure of your personal information, please contact us (see below).
If we no longer need your personal information, unless we are required under Australian law or a court or tribunal order to retain it, we will take reasonable steps to destroy or de-identify your personal information, in accordance with our document and information retention policy.
Notwithstanding the reasonable steps taken to keep information secure, breaches may occur. In the event of a security incident, we have in place procedures within a Data Breach Response Plan to promptly investigate the incident and determine if there has been a data breach involving personal information, and if so, to assess if it is a breach that would require notification. If it is, we will notify affected parties in accordance with Privacy Act requirements.
We will use all reasonable endeavours to keep your personal information in a secure environment, however, this security cannot be guaranteed. Therefore, we will not be liable for any breach of security or unintended loss or disclosure of information due to the Site being linked to the Internet.
8. Is my personal information accurate? Can it be corrected?
The accuracy of your personal information is important to us. We will take reasonable steps to ensure your personal information is accurate, up-to-date, complete, relevant and not misleading, but we rely on you to advise us of any changes to your contact details and any other personal information. If you believe that any personal information, we hold about you is not accurate, up-to-date, complete, relevant and not misleading, please contact us immediately (see below) and we will take all reasonable steps to correct it within a reasonable time.
9. Your consent
11. Access to information we hold about you
If you request access to the personal information we hold about you, we will respond to your request within a reasonable period of time and, where reasonable and practicable, give access to the information in the manner you request. This will be subject to any exemptions allowed under the Privacy Act.
Under the GDPR, you have the following rights:
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object.
You may request this information by writing to:
EV20 Consulting Group
409/10 Century Circuit
Norwest NSW 2153
You may also request to access your data by submitting a query to us via the contact form on the website.
When contacting us you have the option to either not identify yourself or to use a pseudonym. However, this will not apply if it is impracticable for us to communicate with you that way. We are required or authorised under Australian law (or a court or tribunal order) to only deal with individuals who have identified themselves.
If you have any complaints about how we process your personal data, please contact us through the contact methods listed in the Contact Information section so that we can, where possible, resolve the issue. If you feel we have not addressed your concern in a satisfactory manner you may contact a supervisory authority. You also have the right to directly make a complaint to a supervisory authority. You can lodge a complaint with a supervisory authority by contacting the Information Commissioner’s Office in the UK, Data Protection Commission in Ireland.