Privacy Policy

1. Introduction

At gooddept. ("we," "us," or "our"), we are committed to protecting your privacy and handling your personal information in an open and transparent manner. This Privacy Policy sets out how we collect, hold, use, disclose, and otherwise manage personal information in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs) contained in that Act.

This Policy applies to all personal information collected by gooddept. through our website, email communications, client engagements, and any other interactions you may have with us. By using our website or providing personal information to us, you acknowledge that you have read and understood this Privacy Policy.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. We will notify you of any material changes by posting the revised Policy on our website with an updated effective date. We encourage you to review this Policy periodically.

2. What is Personal Information?

Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether it is recorded in a material form or not. This definition is consistent with the meaning given in the Privacy Act.

Personal information does not include information that has been de-identified or aggregated in a manner that means you are no longer reasonably identifiable.

3. Kinds of Personal Information We Collect and Hold

We collect and hold the following types of personal information, depending on the nature of your interaction with us:

Information you provide directly to us:

  • Your name and contact details, including email address, telephone number, and postal address.

  • Your job title, company or organisation name, and professional details where relevant to our engagement with you.

  • Any information you include in correspondence, enquiry forms, or feedback you submit through our website or by email.

  • Payment and billing information where relevant to any services we provide.

  • Any other personal information you voluntarily provide to us in the course of your dealings with gooddept.

Information collected automatically when you visit our website:

  • Your IP address, browser type and version, operating system, and device information.

  • Pages visited, time spent on pages, referring URLs, and other website usage data.

  • Cookie data and information collected through similar tracking technologies (see Section 11 below for further details on cookies).

Information from third-party sources:

  • Publicly available information, such as information from professional networking platforms or public registers.

  • Information provided to us by referees, business partners, or other third parties with your consent or as otherwise permitted by law.

4. How We Collect Personal Information

We collect personal information by lawful and fair means, and only where it is reasonably necessary for, or directly related to, our functions or activities. 

We collect personal information directly from you wherever it is reasonable and practicable to do so. This includes when you:

  • Subscribe to our newsletter or marketing communications via our website.

  • Contact us through our website enquiry form, email, telephone, or other communication channels.

  • Engage us to provide services.

  • Attend events, webinars, or meetings hosted or organised by gooddept.

  • Interact with our social media pages or online content.

  • Provide a business card or other contact details.

In some circumstances, we may collect personal information from third parties where you have consented to such collection, or where it is unreasonable or impracticable to collect the information directly from you.

If we receive unsolicited personal information that we did not request and that we could not have collected the APPs, we will, within a reasonable period, determine whether or not we could have collected that information. If we determine that we could not have collected it, we will destroy or de-identify the information as soon as practicable, provided it is lawful and reasonable to do so. 

5. Purposes for Which We Collect, Hold, Use, and Disclose Personal Information

We collect, hold, use, and disclose your personal information only for purposes that are directly related to our functions and activities, and only where you would reasonably expect us to do so. Those purposes include:

  • Providing our services and fulfilling our contractual obligations to you.

  • Sending you newsletters, updates, marketing materials, and other communications that you have requested or consented to receive.

  • Responding to your enquiries, requests, or feedback.

  • Managing our client relationships and maintaining our business records.

  • Analysing website performance, user behaviour, and improving the functionality and user experience of our website and services.

  • Complying with our legal and regulatory obligations.

  • Protecting our legitimate business interests, including enforcing our terms of use and preventing fraud or misuse of our services.

  • Any other purpose for which you have provided your consent.

We will not use or disclose your personal information for a purpose other than the primary purpose of collection unless one of the exceptions in the APPs applies (for example, where you would reasonably expect us to use or disclose the information for that secondary purpose, where you have consented, or where we are required or authorised by law to do so).

6. Direct Marketing

We may use your personal information to send you direct marketing communications about our services, offerings, and other matters we consider may be of interest to you, where you have opted in to receive such communications or where we are otherwise permitted by law to do so. 

You may opt out of receiving direct marketing communications from us at any time. Every commercial electronic message we send contains a clear and functional unsubscribe mechanism in accordance with the Spam Act 2003 (Cth). We will process all opt-out requests within five (5) business days.

If you opt out of direct marketing, we will stop sending you marketing communications, but we may still contact you for administrative or transactional purposes related to any existing engagement.

You may also request that we provide you with the source of the information used for direct marketing purposes, and we will do so within a reasonable period unless it is impracticable or unreasonable to do so.

7. Disclosure of Personal Information

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.

We may disclose your personal information to the following categories of recipients where it is reasonably necessary for the purposes described in this Policy:

  • Service providers and contractors who assist us in operating our business, including website hosting providers (Squarespace), email and productivity service providers (Google Workspace), email marketing platforms, IT support providers, and professional advisers (such as lawyers and accountants).

  • Related entities of gooddept. (if any) for internal administrative purposes.

  • Government agencies, regulators, or law enforcement bodies where we are required or authorised by law to make a disclosure.

  • Any other party where you have provided your consent to the disclosure.

We take reasonable steps to ensure that any third-party service provider to whom we disclose personal information is bound by obligations to handle that information consistently with the APPs or a substantially similar privacy regime.

8. Cross-Border Disclosure of Personal Information

Some of the third-party service providers we use may store or process personal information on servers located outside of Australia. In particular:

  • Google Workspace (used for email and productivity): data may be stored on servers located in the United States or other countries where Google maintains data centres.

  • Squarespace (used for website hosting): data may be stored on servers located in the United States or other countries.

Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to that information, or that one of the exceptions in the APP applies. You acknowledge and consent to the disclosure of your personal information to these overseas recipients for the purposes described in this Policy.

The countries in which these overseas recipients are likely to be located include the United States of America. If this changes, we will update this Policy accordingly.

9. Data Quality 

We take reasonable steps to ensure that the personal information we collect, use, and disclose is accurate, up-to-date, complete, relevant, and not misleading, having regard to the purpose for which it is collected or used.

We rely on you to provide us with accurate and current information. If you believe any personal information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, please contact us so that we may take reasonable steps to correct it (see Section 12 below).

10. Data Security 

We take reasonable steps to protect the personal information we hold from misuse, interference, and loss, and from unauthorised access, modification, or disclosure. Our security measures include:

  • Using secure, password-protected systems and encrypted communications where appropriate.

  • Restricting access to personal information to authorised personnel who need it to perform their duties.

  • Engaging reputable third-party service providers who maintain appropriate security certifications and standards.

  • Regularly reviewing and updating our security practices and procedures.

Where we no longer need personal information for any purpose for which it may be used or disclosed under the APPs, and the information is not contained in a Commonwealth record, and we are not required by law to retain it, we will take reasonable steps to destroy the information or ensure that it is de-identified.

In the unlikely event of a data breach that is likely to result in serious harm to any individuals whose personal information is involved, we will comply with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act. This includes notifying affected individuals and the Office of the Australian Information Commissioner (OAIC) as soon as practicable after becoming aware of the eligible data breach.

11. Cookies and Tracking Technologies

Our website (hosted by Squarespace) uses cookies and similar tracking technologies to enhance your browsing experience and to collect information about how you use our website.

What are cookies? Cookies are small text files that are placed on your device when you visit a website. They are widely used to make websites work, to improve their efficiency, and to provide analytical information to site operators.

Types of cookies we use:

  • Essential cookies: These are necessary for the website to function properly and cannot be switched off. They are typically set in response to actions you take, such as setting your privacy preferences or filling in forms.

  • Analytics cookies: These allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us understand which pages are the most and least popular and see how visitors navigate the site.

  • Functional cookies: These enable the website to provide enhanced functionality and personalisation based on your interaction with the site.

Managing cookies: You can set your browser to refuse all or some cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, some parts of our website may become inaccessible or not function properly. For more information about cookies and how to manage them, visit www.allaboutcookies.org.

12. Access to and Correction of Personal Information

You have the right to request access to the personal information we hold about you. You also have the right to request that we correct any personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading .

Access requests: To request access, please contact us using the details in Section 14 below. We will respond to your request within a reasonable period (and in any event within 30 days). We will provide access in the manner you have requested, where it is reasonable and practicable to do so.

We may refuse to give you access to personal information in certain circumstances permitted by the APPs, including where giving access would pose a serious threat to the life, health, or safety of any individual or to public health or safety, where the request is frivolous or vexatious, or where giving access would be unlawful. If we refuse a request, we will provide you with written reasons for the refusal and the mechanisms available to you to complain about the refusal.

Correction requests: If you believe that personal information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, you may request that we correct it. We will respond to correction requests within a reasonable period (and in any event within 30 days). If we correct information that has previously been disclosed to another entity, you may request that we notify that entity of the correction, and we will take reasonable steps to do so unless it is impracticable or unlawful.

If we refuse to correct personal information, we will provide you with written reasons for the refusal and information about the complaint mechanisms available to you.

We do not charge a fee for making a request for access or correction, but we may charge a reasonable fee for providing access where the request requires substantial effort on our part. We will inform you of any applicable fee before processing the request so that you may confirm whether you wish to proceed.

13. Complaints

If you believe that we have breached the APPs or otherwise mishandled your personal information, you may lodge a complaint with us. Please direct your complaint in writing to the contact details set out in Section 14 below.

We will acknowledge receipt of your complaint within five (5) business days and will investigate and respond to your complaint within 30 days. If we need additional time to investigate, we will inform you and provide an estimated timeframe for our response.

If you are not satisfied with our response to your complaint, or if you believe we have not resolved your concern, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

  • Online: www.oaic.gov.au

  • Phone: 1300 363 992

  • Post: GPO Box 5218, Sydney NSW 2001

14. Contact Us

For any privacy-related questions, requests for access or correction, or complaints, please contact us at:

gooddept.

ABN: 34 114 650 515

Email: hello@good-dept.com

Postal Address: 5 Athol St., Prahran, VIC 3181

15. Definitions

In this Privacy Policy:

"APPs" means the Australian Privacy Principles set out in Schedule 1 of the Privacy Act.

"Personal information" has the meaning given to it in section 6 of the Privacy Act.

"Privacy Act" means the Privacy Act 1988 (Cth), as amended from time to time.

"Sensitive information" has the meaning given to it in section 6 of the Privacy Act and includes information about an individual's racial or ethnic origin, political opinions, religious beliefs, sexual orientation, criminal record, health information, and biometric information. We do not collect sensitive information unless required by law or with your explicit consent.