Privacy Policy

KIEL ADVISORY GROUP PTY LTD  (acn 625 921 324)

The effective date of this Privacy Policy is 12 August 2021

This Privacy Policy describes how Kiel Advisory Group Pty Ltd (ACN 625 921 324) and its subsidiaries and related group entities (together “Kiel Advisory”, “us”, “our” or “we”) collects, holds, uses and discloses the personal information of our customers and of users (“user”, “users”, “you” or “your”) of the website https://kieladvisory.com/ or any of our other websites or social media profiles (collectively referred to as the “Website”) in accordance with the Australian Privacy Act 1988 (Cth) (the “Privacy Act”)) and the Australian Privacy Principles (the “APPs”) and other relevant privacy laws.

Kiel Advisory provides consulting services on the issue of cultural risk to financial institutions, regulatory agencies and other organisations within the financial and other sectors, and operates the Website and other websites from time to time to facilitate the provision of those services (collectively the “Services”).

Your privacy is very important to us and we recommend that you review this Privacy Policy in full.

The latest version of our Privacy Policy will be published on our Website. We recommend that you check the Website from time to time to access our most up to date Privacy Policy. If we decide to make a significant change to our Privacy Policy, we will post a notice of the update on the homepage of our Website.

By using our Website, you agree to the terms of this Privacy Policy.

Directly from you
We collect personal information from you when you:

• complete forms, interviews, surveys and/or questionnaires in connection with our provision of the Services;
• submit an enquiry to us, for example if you send your resume to us or submit an online enquiry via our Website;
• correspond or communicate with us, for example, via telephone, email, and written and in-person inquiries directed to us ;
• interact with us on our social media for example Facebook, Twitter or Instagram; and
• use the Website to sign up to receive our newsletter and/or subscribe to our mailing list (if applicable).

Indirectly from our partners
We may collect your personal information from our clients (i.e. individuals and businesses who are the recipients of our Services), business partners (including, for example, other businesses with which we engage in promotional activities), and employees, customers or suppliers of our clients or business partners. These partners may share information, including your personal information with us in connection with our delivery of the Services and/or for marketing and promotional purposes.
We will generally require that these business partners have informed you that your personal information may be provided to us and that any personal data they provide to us has been processed in accordance with applicable law. For information on how our business partners handle your personal information please check their privacy policies.

Personal Information

Personal information is defined in the Privacy Act as information about an identified individual or an individual who is reasonably identifiable.

The personal information that we collect includes your first and last name, your email address and information about your occupation, such as your level of seniority and the department in which you work.

We do not intentionally collect any sensitive information, such as your tax file number, health information, criminal records and/or information about your sexuality, religious beliefs and/or political opinions. To the extent that we do actively collect any sensitive information, we will seek your consent prior to making any such collection.

Analytics Information

When you use your device to visit our Website, we may collect information about your device, including the Internet Protocol (“IP”) address of the device that you use to access our Website. We may use web analytics tools (such as Google Analytics) to record how you access and use our Website with your device by collecting information about the advertising ID or IP Address of your device, the date and time of that your device accessed the Website, the pages that your device accessed, if your device accessed our Website from a link on another webpage, details of that referring web page, and “cookies” (as explained below).

We collect and analyse this information so that we can understand how users interact with our website and so that we can improve users’ experience of our Website and the functionality of our Website.

Cookies

A cookie is a data file that our Website stores on your device. We use cookies to record information about how you interact with our Website so that we can improve your experience of using the Website.

We collect, hold, use and disclose your personal information for various purposes associated with providing the Services to you and also in connection with our business, including so that we can:

• inform you about our business;
• administer our relationship with you and maintain contractual relations;
• engage in marketing and business development activities;
• manage your subscription to our mailing lists;
• for security purposes;
• investigate complaints;
• communicate with you and with the relevant authorities in the event that your personal information has been subject to a data breach; and
• comply with other obligations including our legal, tax and accounting obligations.

Generally, we will only disclose your personal information in connection with providing our Services. We may disclose personal information that we collect from you with your consent to a client or business partner where the disclosure of the personal information to the client is a requirement under our contract with that client or business partner – in such circumstances, we will notify you of our intention to disclose the personal information and will seek your express consent prior to doing so.

We may provide your personal information to third party service providers (for example, information technology (IT) service providers (such as data storage providers, archival service and marketing service providers), so that they can provide their services to us and solely where such disclosure is required for the delivery of the services by the third party service provider. Generally the work of these third party service providers is connected to the Services that we provide to you.

If we are legally permitted or required to, we may also disclose your personal information in order to comply with our legal obligations or to protect or enforce our rights.

We do not control, and are not responsible for any other websites or services, including the information or content contained within them, that are accessible via hyperlinks from our Website. Our Privacy Policy does not apply to third-party websites or services and your use of any third-party website or service is governed by the privacy policy and terms of use for that website or service. If you communicate with us via a social media platform, for example, Facebook, then the terms and privacy policy for the social media platform will also apply.

We may also disclose non-personal, de-identified and aggregated information (i.e. information that is not personal information) to third parties for several purposes, including data analytics, research, submissions, thought leadership and promotional purposes.

We will hold copies of your personal information, for as long as we need your personal information in order to provide the Services to you and to undertake any other activities described in sections 3 and 4 of this Privacy Policy. We will also retain a copy of your personal information in connection with administering our business and in order to fulfil our legal obligations.

From time to time, we may contact you by email or other means (“marketing communications”) with information and news about our business that we believe may be of interest to you. If you do not wish to receive these marketing communications, you can follow the instructions in these marketing communications to opt out of receiving these marketing communications from us. You can also contact us using the details in section 11 below to let us know that you wish to opt out of these marketing communications.

If you receive communications from us that you believe have been sent to you other than in accordance with this Privacy Policy, in error, or in breach of any law, or if you suspect that your personal information that we hold has been subject to a data breach, then please contact us immediately using the details in section 11 below.

We take reasonable steps to protect your personal information from loss, unauthorised access, unauthorised disclosure and misuse including by implementing appropriate and up-to-date security measures, resources, policies, practices and procedures.

Without limiting any other rights you may have at law and/or under this Privacy Policy, you can contact us using the details in section 11 to request:

• access to the personal information that we hold about you; and
• if the personal information that we hold about you is incorrect, incomplete or inaccurate, that we update the personal information that we hold about you.

We will endeavour to respond to your request as soon as possible and within 30 days. Due to the fact that we may hold multiple copies of your personal information in our systems, there may be some delay for your requests to be reflected across all of our systems.

Please contact us using the contact information in section 11 below if you have any questions or concerns about how we collect, hold, use or disclose your personal information and we will respond to you within 30 days.

If you are not satisfied with the how we have handled your complaint, you may contact the Office of the Australian Information Commissioner: https://www.oaic.gov.au/.

If you are located in the EU then the GDPR may apply to our processing of your personal data and, as well as the other matters covered in this Privacy Policy, the following matters in this section 10 also apply.

Personal data

Personal data is defined in the GDPR and means information about an identified or identifiable individual. If the GDPR applies to our processing of your personal data, then the references to ‘personal information’ in this Privacy Policy should be read as having the same meaning as personal data.

The types of personal data that we collect include your contact information such as name, email address, telephone number and information about your occupation, employer and role.

We collect this information from you or from our business partners.

Lawful basis for processing

Our processing (including collection, storage, use and disclosure) of your personal data is justified on the following lawful bases:

• the processing of your personal data is necessary for our legitimate interests and in order for us to:
  • inform you about our business;
  • administer our relationship with you and maintain contractual relations;
  • engage in marketing and business development activities;
  • manage your subscription to our mailing lists;
  • for security purposes;
  • investigate complaints;
  • communicate with you and with the relevant authorities in the event that your personal information has been subject to a data breach; and
  • comply with other obligations including our legal, tax and accounting obligations.
• the processing is necessary for us to be able to comply with our legal obligations; or
• you have provided your consent to the processing of your personal data.

Rights under EU GDPR

If you are located in the EU, and if the EU GDPR applies to our processing of your personal data, you have the right to contact us using the contact information in section 11 and request:

• information on how we process your personal data;
• copies of your personal data that we hold;
• that we correct or rectify inaccurate personal data that we hold;
• that we erase all copies of your personal data that we hold;
• that we stop processing your personal data or restrict the way that we process your personal data; and
• to receive your personal data provided to us, or request that this data be provided to another entity.

You can contact us at any time you to withdraw your consent to our processing of your personal data.

Please contact us if you believe the EU GDPR applies to you and you would like to exercise your rights under the EU GDPR. We will respond to your request within 30 days.

You have the right to make a complaint to a data protection supervisory authority about how we have processed your personal data. You can access a list of data protection authorities by EU member state here: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm

The European Data Protection Supervisor

Postal address: Rue Wiertz 60, B-1047 Brussels

Office address: Rue Montoyer 30, B-1000 Brussels

Telephone: +32 2 283 19 00

Email: edps@edps.europa.eu

Website:  www.edps.europa.eu

Transfers of personal data

If we transfer your personal data outside of the European Economic Area (EEA) the transfer of your personal data is subject to an adequate level of data protection and these transfers are made under contracts that contain EU standard contractual clauses governing the transfer of personal data to processors established in third countries outside of the EEA.

KIEL ADVISORY GROUP PTY LTD (ACN 625 921 324)

Elizabeth Arzadon, Kiel Advisory Group

Postal address: Level 13/111 Elizabeth Street, Sydney NSW 2000

Email: enquiries@kieladvisory.com

Tel: +61 2 9199 1033