THE BEHAVIOURAL ARCHITECTS AUSTRALIA PTY LTD

ABN 55 159 835 784


PRIVACY POLICY

1. About this policy.

The Behavioural Architects Australia Pty Ltd ABN 55 159 835 784 (‘[BAA] ‘ we ’, ‘ us ’ or ‘ our ’) is committed to protecting the privacy of your personal information in accordance with Australian privacy laws.

Our Privacy Policy sets out how we and our related entities collect, use, disclose and manage your personal information.

Our Privacy Policy evidences our commitment to the Australian Privacy Principles set out in the Privacy Act 1988 (Cth) as amended from time to time (‘Privacy Act’). BAA also complies with the Privacy (Market and Social Research) Code 2014, which governs the collection, retention, use, disclosure and transfer of information about the subjects of and participants in market and social research.

When you engage us to provide you with any services, communicate with us through email, by telephone, in writing, participate in any of our research activities, or use any of our other services, including our websites, you agree to the use and disclosure of your personal information in the manner described in this policy. This policy is also relevant and applies to other individuals we deal with in connection with commercial credit we provide, such as guarantors and directors.

We may from time-to-time review and update this Privacy Policy so please check our website periodically to stay informed of any updates. All personal information collected and held by us will be governed by the most recently updated Privacy Policy.

2. Types of personal information we collect.

The kinds of personal information we may collect from you will depend on what type of interaction you have with us. Personal information we may collect from you includes, among other things:

3. Types of sensitive information we collect.

It may be necessary in some circumstances for us to collect some forms of sensitive information that is specifically relevant and necessary for the purposes of our business activities and functions.

Sensitive information includes information or opinion about an individual’s racial or ethnic origin, political opinion, membership of a political association, religious beliefs, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation, criminal record, health information, genetic information or biometric information.

We only collect and use sensitive information with your consent and in accordance with this privacy policy and applicable laws.

4. The purpose for collecting your personal information.

We will generally only collect and use your personal information for the primary purposes of:

Your personal information is only collected by lawful and fair means and where practicable, only from you or from a person acting or authorised to act on your behalf.

Where you have applied for commercial credit account with us, we may also make enquiries in respect of commercial credit with third parties with your consent. This could include persons nominated by you as trade references, credit reporting bodies (“ CRBs ”) and your bankers.

We will take reasonable steps to ensure that you are aware of:

5. How we may use and disclose your personal information.

We anonymise all personal information we gather as part of conducting our research. The exception to this is photographs or video images of your face and audio recordings of your voice which will remain identifiable and only shown to you if you have explicitly provided your consent to do so.

We may use your personal information for:

We may disclose personal information we collect from you:

Where the Privacy Act permits us to do so, we may also disclose your credit related information (in respect of commercial credit) to CRBs such as Veda or Dunn & Bradstreet, if you apply for commercial credit or request to increase in your commercial credit limit with BAA.

Where BAA collects information that we are likely to disclose to a CRB, please note:

We do not disclose your personal information for any secondary purposes unless your consent has been given or as required by law, and we will not sell or license any personal information that we collect from you.

6. How your personal information is stored and secured.

We take reasonable steps to protect your personal information from loss, misuse or unauthorised access by restricting access to the information in electronic format and by appropriate physical and communications security.

If a substantial data breach has or may have occurred (for example, your personal information was shared with unauthorised persons) we will notify you in accordance with the Privacy Act.

We only keep your personal information for as long as it is required for the purpose for which it was collected or as otherwise required by law. We will take appropriate measures to destroy or permanently de-identity your personal information if we no longer need to retain it. These measures may vary depending on the type of information concerned, the way it was collected and how it was stored.

7. How long we keep your information.

Any personal data you provide will be used solely for the purposes of research and held for no longer than is necessary. Most personal information captured about you will be deleted 12 months after the completion of the project, with the following exceptions: (1) selected photographs, video footage and audio recordings may be included in a final report, (2) signed consent forms, (3) signed acceptance of incentive forms, (4) longitudinal research – which will explicitly inform you about the timelines for personal data.

As an output of this project, the above-mentioned client and their partner agencies i.e. marketing partners, will receive a report that may contain selected photographs, video footage and audio recordings. This material will be used for internal conferences, internal presentations or as part of an internal intranet and is not to be released to the general public nor to be used for general broadcast.

Signed consent forms and incentive acceptance sheets will be held as a record of your participation for up to seven years, as required by HMRC.

8. Using our Website and Cookies.

As with most websites, when you visit our website or use an application on our website, we may record anonymous information such as IP address, time, date, referring URL, pages accessed, and documents downloaded type of browser and operating system.

We also use “cookies”. A cookie is a small file that stays on your computer until, depending on whether it is a sessional or persistent cookie, you turn your computer off or it expires. Cookies may collect and store your personal information. You may adjust your internet browser to disable cookies.

If cookies are disabled you may still use our website, but the website may be limited in the use of some of the features.

Our website may also contain links to or from other websites. We are not responsible for the privacy practices of other websites. This privacy policy applies only to the information we collect on our website. We encourage you to read the privacy policies of other websites you link to from our website.

9. Marketing and Opting-Out.

We may use your personal information for:

We may exchange your personal information between our related entities and so they can also assist in the marketing of our products and services to you. We will only offer you products or services, where we reasonably believe that they could be of interest or benefit to you.

At the point we collect information from you, you may be asked to “opt in” to consent to us using or disclosing your personal information. You will generally be given the opportunity to “opt out” from receiving marketing communications from us. You may “opt out” from receiving these communications by clicking on an unsubscribe link at the end of an email or by contacting us with this request.

10. Cross border disclosure.

Your personal information may also be processed by, or disclosed to employees, representatives, or other third parties operating outside of Australia who work for, or are engaged by us in other countries, including the United Kingdom and China.

We will take reasonable steps, in the circumstances, before your personal information is disclosed to an overseas recipient, to ensure that the overseas recipient does not breach privacy laws in relation to your personal information (‘the reasonable steps’).

The reasonable steps may not apply if you consent to the disclosure of your personal information to an overseas recipient and we reasonably believe that the overseas receipt is subject to laws that are suitability similar to privacy laws in Australia.

If you consent to the disclosure of your personal information to an overseas recipient, the overseas recipient may not be accountable under the Privacy Act, and you will not be able to seek redress for breaches under the Privacy Act.

11. Specific rights of European Residents.

BAA is committed to ensuring its compliance with the European Union General Data Protection Regulation (‘ GDPR ’).

Although our Privacy Policy explains how BAA meets all of its obligations for Australian individuals, BAA may also have some individuals who are habitually located in the European Union (‘EU Residents’) that have additional rights in respect of their Personal Data.

Personal Data is defined as: “Any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier”. This should be considered fundamentally interchangeable with the Australian expression “Personal Information” for the purposes of this Privacy Policy.

Under the GDPR, BAA is primarily a “ controller ” of Personal Data, as opposed to being a “ processor ”. As part of its GDPR compliance, BAA provides its services in a way that ensures:

Personal Data (i.e. Personal Information) is:

Processed Personal Data (i.e. Personal Information that is used, held or disclosed by ‘BAA) is:

Whilst BAA strives to provide all individuals with appropriate access and control over their data, individuals covered by the GDPR are also able to:

BAA will allow and assist individuals that are EU Residents to exercise these rights, unless we have compelling and legitimate legal grounds not to (e.g. a legal obligation under Australian legislation, or if the Personal Data has been fully anonymised).

12. Accurate and up-to-date information.

We take reasonable steps to ensure your personal information is accurate, up-to-date and not misleading by updating its records whenever true and correct changes to the data come to its attention.

You have rights that you can exercise involving any personal information BAA holds on you such as:

If you believe your information is incorrect, incomplete or not current, you can request that we update this information by contacting our Privacy Officer. To contact our Privacy Officer please see contact details below.

We will correct information we hold about you if we discover, or you are able to show to a reasonable standard, the information is incorrect. If you seek correction and we disagrees that the information is incorrect, we will provide you with its reasons for taking that view.

We disregard information that seems likely to be inaccurate or out-of-date by reason of the time that has elapsed since it was collected or by reason of any other information in our possession.

13. Access to your personal information

We acknowledge that you have a general right of access to information concerning you, and to have inaccurate information corrected. You are able to access the personal information we hold about you by contacting our

Privacy Officer. If access is refused to your personal information for reasons permitted by the Privacy Act, we will give you a notice explaining our decision to the extent practicable and your options.

To contact our Privacy Officer please see contact details below. If you make an access request, we may ask you to verify your identity and put your request in writing for security reasons. We may charge a reasonable administration fee to cover the costs of meeting your request. We will reply to your request for access within 30 days of notification by you.

14. Dealing with unsolicited information.

We take all reasonable steps to ensure that all unsolicited information is destroyed or de-identified immediately.

15. Anonymity when dealing with us.

Only where it practicable to do so, we may allow you the option not to identify yourself when dealing with us.

16. Government identifiers.

We do not use government identifiers (e.g. tax file numbers or Medicare numbers) to identify individuals.

17. Complaints and disputes

If you have reason to believe that we have not complied with our obligations relating to your personal information under this Privacy Policy or under the Privacy Act, please refer any compliant to queries to our Privacy Officer (details below).

We will ensure your compliant is handled by our Privacy Officer in an appropriate and reasonable manner. Where necessary we may consult with our related entities and partners in order to deal with your complaint. A written notice of our decision regarding your complaint will be provided to you. If you are not satisfied with the outcome, then you may contact the Office of the Australian Privacy Commissioner:

Office of the Australian Information Commissioner

Website: www.oaic.gov.au

Phone: 1300 363 992

18. Who should you contact for further information?

Please refer any queries or complaints about our Privacy Policy or privacy issues to our:

Sam Paul - Privacy Officer

The Behavioural Architects Australia Pty Ltd

310/19a Boundary Street, Darlinghurst NSW 2010

Phone: +61 2 9358 3855

Email: sam@thebearchitects.com

Our Privacy Officer will consider your question or complaint and respond to you in a reasonable timeframe.

Last Updated February 2023