We aim to comply fully with the Australian Privacy Act and the European General Data Protection Regulation.
Please also refer to any Terms of Service or contractual agreement between yourself or your company and TeamHQ.
TeamHQ is subject to both the Australian Privacy Act 1988 (Cth), which regulates how TeamHQ may process personal data within Australia; and the General Data Protection Principals (GDPR) (EU) 2016/679 that regulates how TeamHQ may process personal data of people resident in the UK and European Union. We also aim to adhere to Section 5 of the Federal Trade Commission Act in the USA and The New Zealand Privacy Principles contained in The Privacy Act 1993.
Personal information that we receive from our Users is owned by the Users, and only processed by us as described below.
1.1 Other relevant Privacy Policies
1.2 GDPR Data Controller and Data Processor
In European data protection law (GDPR), a Data Controller is the entity that collects your information and makes decisions on how it is used. A Data Processor is a 3rd party that performs duties on behalf of the Data Controller.
Where we act as a Data Processor, our activities are strictly limited to what we’re asked to do by the Data Controller. Typically, this would include activities such as displaying information as well as providing remote support.
2. What personal data do we collect and why?
Depending on our products, the types of personal information that we collect, hold, use and disclose may include:
- date of birth;
- email address;
- phone number(s);
- family situation;
- identity of your parent, carer, child or other family members;
- marital status;
- academic results;
- IP address;
- occupation or position of employment;
- details of your school, business or company;
- details of the school your child attends;
- a record of the pages you visit on our website.
We may also collect sensitive information, which is a subset of personal information that is afforded a higher level of privacy protection. The kinds of sensitive information we collect and hold may include:
- health information;
- visa, passport, driver’s license and
- religious affiliation;
If you apply for a job with us, then in addition you will typically provide your employment history and any such information that might appear on your CV / application. Employees will also be expected to provide reference information, financial information such as bank details and tax identifiers, and sensitive information such as criminal record history and Working With Children check.
NOTE: TeamHQ does not store personal information outside of Australia.
3. How do we collect personal information?
We usually collect personal information directly from our customers (for example, we may collect personal information about a student or parent from their school database).
We may also collect personal information in connection with the use of our services when:
- You request us to provide you with a quote;
- You register or complete an application form to use our services;
- You enter details through our website forms;
- A third party engaged by you contacts us or provides information to us on your behalf;
- You use a form which has been integrated with our software;
- You communicate with us via phone or email;
- You make changes on your account with us;
- You subscribe to our mailing list;
- You accept or follow links to our website; and
- You follow us through social media or post to one of our social media sites.
We will also handle large datasets from customers as part of the onboarding process when they adopt one of our products. Such datasets are always transferred safely using our secure data transfer system which has strict retention policies and full auditing capability.
4. How do we use your personal data?
We process your information for many purposes such as providing products and services to our customers.
TeamHQ will use your personal data for a variety of purposes. Typically, these purposes include:
- administering and providing our products and services to you and your organisation;
- sending customers informational notifications and alerts;
- responding to enquiries;
- managing training and events;
- evaluating and improving TeamHQ products and services.
5. GDPR – Lawful basis
Under the GDPR, a company must have a valid lawful basis wherever they process personal data. This means that for each processing activity, the company must determine at least one lawful basis to use.
At TeamHQ, we typically rely on one of the following lawful bases:
- Legitimate interests: where the processing is necessary for your legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
- Contract: where the processing is necessary for a contract a company has with an individual, or because they have asked the company to take specific steps before entering into a contract
- Legal obligation: where the processing is necessary for a company to comply with the law
- Vital interests: where the processing is necessary to protect someone’s life
- Consent: where the individual has given clear consent for a company to process their personal data for a specific purpose. Note that consent is only used in limited circumstances and you have the right to withdraw your consent at any time.
If you no longer wish to receive any communications, please follow the unsubscribe link contained in the relevant electronic communication, or our Privacy Officer at firstname.lastname@example.org
6. Who do we disclose your personal data to?
We may share your information amongst TeamHQ entities for the purposes outlined above. We also make use of Cloud Services. Where information is shared outside of your country, we will ensure adequate safeguards are in place to remain compliant with data protection law.
Personal data which is collected by one department or team of TeamHQ may be used by and disclosed to other areas of TeamHQ, for the purposes described in this policy.
7. Cloud Services
TeamHQ uses cloud services (Amazon Web Services) to store and process personal data. Where we provide services to host our products in the cloud, we store data in our Australian Sydney data centre or a local data centre in your nominated region, all of which comply with ISO 27001, ISO 9001, ISO 27018 and IRAP. Where we use cloud services, we will ensure that we maintain effective control of your information at all times and ensure that we can enforce the relevant data protection law.
If we transfer personal data outside of the source country, we will ensure that we have the necessary safeguards in place to protect your information. Occasionally, we may rely on your consent to use Cloud Services, and when it's required, your consent will be opt-in and freely given.
As well as cloud service providers, TeamHQ makes use of other companies and services to help us operate our business. Collectively, we refer to these companies and cloud service providers as sub-processors. From time-to-time we will change sub-processors may be required to let you know. When we do, we will contact you via email detailing the change.
The key cloud-based services and other sub-processors that TeamHQ uses to process personal data are available here.
- TeamHQ will not disclose personal data to third parties for marketing purposes.
- Under no circumstances will TeamHQ sell (or otherwise receive payment for licensing or disclosure of) your personal data.
9. Business Transfers
10. Website Data Collection
When you visit an TeamHQ website or use a product or service hosted by TeamHQ, the following information will normally be collected about you:
the unique identifier from an TeamHQ cookie (necessary cookies only unless others are consented to);
- the date and time of your visit;
- the pages, documents and files you requested and when;
- the address of the resource which provided the link followed, if any, to an TeamHQ website;
- the type of browser and, in some cases, the operating system used.
If you later decide to register with us, the above information will be matched with your registered information to enable a more personalised profile. This information is only available to a limited number of TeamHQ staff.
11. Google Analytics and Web Beacons
Another tool we use to help us improve our sites and understand how they are used is Google Analytics. For more information on how Google Analytics collects and processes data, please see https://policies.google.com/technologies/partner-sites.
You can opt-out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on, available here: https://tools.google.com/dlpage/gaoptout.
We also sometimes use ‘web beacons’. Web beacons are tiny transparent graphical images that are sometimes embedded in our notification and marketing emails. They allow us to understand when an email has been opened and help us gauge the effectiveness of our customer communications. You can block web beacons by preventing pictures from automatically downloading in your email client. This is normally found in your browser/computer settings.
12. Data Retention
At TeamHQ, we are committed to only keeping personal data for as long as is necessary. Once data has come to the end of its useful purpose or lawful retention period, we will securely erase or anonymise the data.
13. Your rights
13.1 Anonymity and pseudonymity
When you interact with us, you have the option of not identifying yourself (anonymity; or being anonymous), as well as the option to use a false name (a pseudonym). We are happy to help you unless it's impractical to do so without knowing who you really are. We will also have to identify you if the law or a court order requires us to.
13.2 Can I correct and have access to my personal data?
TeamHQ takes reasonable steps to ensure that the personal data it stores is accurate, complete and up to date. You have the right to ask us to correct your information, which we will happily facilitate at no cost to yourself.
You also have the right to request access to your personal data held by TeamHQ. We will aim to provide you with an appropriate means of accessing your data, normally by a secure email or registered post. In some jurisdictions such as Australia, we reserve the right to charge reasonable costs in providing the requested information to you. However, we will not charge for simply making the request.
Sometimes it’s not possible to give you access to the personal data we hold. An example of where this might happen is where granting access may impact the privacy of others or if the information may cause significant harm or distress. We will give you written reasons for any refusal.
13.3 Your rights under GDPR
UK & EU residents have the following additional rights:
- The right to be informed – that’s why we have this document. We will also provide you information at the point that we collect data from you.
- The right to rectification – You are able to ask us to correct your data, as per the section above.
- The right to erasure – You have the right to ask us to delete your data under certain circumstances, unless we have a valid and lawful reason to keep it.
- The right to restrict processing – You are able to ask us to limit any further use of your data
- The right to data portability – You have the right to ask us to provide you with access to your data in a common, machine readable format such as a CSV file.
- The right to object – You can object to us processing your data if you wish, for example if you don’t want your information to be used for direct marketing.
- To exercise any of these rights, please contact our Privacy Officer at email@example.com
13.4 Other jurisdictions
Our main offices are in Sydney, Australia. We do have customers globally, and if you would like to talk to us about compliance or your rights under any other jurisdiction, please get in contact with firstname.lastname@example.org
14. Contact us
TeamHQ has a Privacy Officer who oversees company activities to ensure that personal data is handled lawfully and in line with legal obligations wherever we operate. You can contact the Privacy Officer using the details below.
By Post: TeamHQ Pty Ltd, Suite 61, 89-97 Jones Street, ULTIMO NSW 2007 Australia
By Phone: (02) 8387 7321 (Monday to Friday, 9.00am to 5.00pm AEST)
By Email: email@example.com
To make a complaint in regards to privacy, we would urge you in the first instance to always contact our Privacy Officer at firstname.lastname@example.org. If you have spoken to us but would still like to take the matter further, then you have the right to make a complaint to the relevant supervisory authority, as per the below:
Australia: Office of the Australian Information Commissioner (OAIC)
Phone: 1300 363 992
16. Changes to this notice
V2.1 Updated 1 September 2023