This Policy explains how GAIA Innovations PTY LTD (GAIA) and any group companies handle personal information, including how we collect, use and disclose personal information.
GAIA is committed to complying with the Australian Privacy Principles (‘APPs’) in the Privacy Act 1988 (‘The Privacy Act’) and, to the extent applicable, the EU General Data Protection Regulation (‘GDPR’). We are committed to being open and transparent about our information handling practices. We respect the confidentiality of the personal information we hold and take steps to safeguard that information.
The kinds of personal information we collect and hold (and why)
GAIA needs to collect personal information to provide services to our clients. We may collect and hold the following personal information:
- our clients’ names and contact details (including address details);
- personal information (including sensitive information) about our clients or a third party in the course of providing, or considering to provide, our clients with a service;
- our clients’ credit card and/or banking details; and
- personal information provided to us in applications for employment with us.
How we collect personal information
Where it is practical to do so, we aim to collect personal information directly from the individual it relates to. However, there may be circumstances where we need to collect personal information from a third party (such as a client we are providing services to). Also, we may collect personal information indirectly because it is included in a communication with us. Some examples of how we collect personal information include (but are not limited to):
- directly from individuals and clients during telephone calls or in meetings;
- through our websites, including but not limited to at, www.gaia.ag ,www.projectgaia.ai and www.consilium.technology through other forms of communication such as when clients email us or communicate with our customer support;
- through our social media pages and social media networks;
- through third party arrangements;
- from data sets provided by our clients for use in project development;
- from publicly available sources of information;
- when you provide feedback or respond to surveys and/or promotions; and
- when we are permitted or required to collect the personal information by or under law.
Storage and security of personal information
We take the security of the personal information we hold seriously. All GAIA staff handle personal information sensitively and in accordance with our obligations under the APPs or the GDPR (if applicable).
We take all reasonable steps to protect the personal information we hold from misuse, interference and loss; and from unauthorised access, modification or disclosure. These steps include using electronic and physical security measures, including password protected software and hardware.
If we no longer need the personal information we hold physical copies of, we take reasonable steps to destroy or de-identify that information. It may be necessary for us to retain personal information to comply with our legal obligations, or for insurance or audit purposes. Personal information stored electronically may be stored securely indefinitely for IT back up and electronic audit trail purposes.
How we use personal information and for what purposes
We use personal information in order to provide our clients with services, manage our business and our relationship with our clients, and to enhance the services we provide.
Where necessary, we may also use personal information for the purpose of confirming your identity or confirming a representation that you have made to us and complying with any applicable laws (for example any obligations we may have under legislation).
We may use personal information for audit or quality assessment purposes; billing and invoicing; and/or for staff training.
During project development for our clients, we may be provided with data that includes personal information. In that case, we take reasonable steps to ensure that the data used is de-identified to the extent that de-identification is possible and practicable.
We only use personal information in accordance with the APPs and, to the extent applicable, the GDPR, and while maintaining client confidentiality.
Disclosure of personal information
In order to provide our services and conduct our business, we may disclose personal information to third parties.
In some, limited circumstances this may include sensitive information as defined in the Privacy Act. We do not disclose sensitive information about you unless you agree, would reasonably expect us to do so or if it is permitted under the Privacy Act. or, to the extent applicable, the GDPR.
We may disclose personal information:
- if the person to whom the information relates agrees to the disclosure;
- where the disclosure is for the purpose the personal information was collected;
- in circumstances where the person about whom the personal information relates would reasonably expect this disclosure to occur;
- where required or permitted to do so by law.
General Data Protection Regulation (GDPR) for the European Union (EU)
We will comply with the principles of data protection set out in the GDPR for the purpose of fairness, transparency and lawful data collection and use.
We process your personal information as a Processor and/or to the extent that we are a Controller as defined in the GDPR.
The legal basis for which we collect your personal information depends on the data that we collect and how we use it and we will only collect your personal information with your express consent for a specific purpose and any data collected will be to the extent necessary and not excessive for its purpose. We will keep your data safe and secure.
We will also process your personal information if it is necessary for our legitimate interests, or to fulfil a contractual or legal obligation.
We do not collect or process any personal information from you that is considered “Sensitive Personal Information” under the GDPR, such as personal information relating to your sexual orientation or ethnic origin unless we have obtained your explicit consent, or if it is being collected subject to and in accordance with the GDPR.
You must not provide us with your personal information if you are under the age of 16 without the consent of your parent or someone who has parental authority for you. We do not knowingly collect or process the personal information of children.
Your rights under the GDPR
If you are an individual residing in the EU, you have certain rights as to how your personal information is obtained and used. We shall comply with your rights under the GDPR as to how your personal information is used and controlled if you are an individual residing in the EU
Except as otherwise provided in the GDPR, you have the following rights:
- to be informed how your personal information is being used;
- access your personal information;
- to correct your personal information if it is inaccurate or incomplete;
- to delete your personal information (also known as “the right to be forgotten”);
- to restrict processing of your personal information;
- to retain and reuse your personal information for your own purposes;
- to object to your personal information being used; and
- to object against automated decision making and profiling.
How you can access the personal information we hold about you
How to update or correct your personal information
You can request to update or correct personal information we hold about you which you believe is inaccurate or out of date. To do so, you may contact us using the address under the ‘Contact details’ section.
How to make a privacy complaint
If you have any concerns about our information handling practices you can contact us at email@example.com so that we can try and resolve the issue quickly and directly.
If we are unable to resolve your privacy complaint, you may contact the Office of the Australian Information Commissioner at:
GPO Box 5218, Sydney NSW, 2001, www.oaic.gov.au (telephone 1300 363 992).
You may request access to the personal information we hold about you, or make a privacy complaint, by contacting us at firstname.lastname@example.org.