Privacy Matters

Approved by D.Jones [Director]

March 2022

Review date: March 2024

INTRODUCTION In this Policy, ACG, we, our or us is a reference to Asheville Consulting Group Pty Ltd.

Personal information is any information about you where your identity is apparent, or can reasonably be ascertained, and may include Sensitive Information (defined below).

Sensitive Information is information or an opinion about a person’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, sexual preferences, health or medical information or criminal records. This Policy explains the key measures we have taken to implement the requirements of the Privacy Act 1988 (Privacy Act), the Australian Privacy Principles and where applicable, other data protection laws such as the European Union General Data Protection Regulations (GDPR). This Privacy Policy outlines the Personal Information collection practices utilised by ACG, how that information is collected, used and disclosed and your rights in relation to your Personal Information.

This Policy covers Personal Information collected directly on our website (www.ashevilleconsultinggroup.com), via phone calls and email (collectively Site) from individuals who access, register for, or use our services, features, functions or purchase goods and services offered on our Site (Services).

We endorse fair information handling practices and uses of information in compliance with our obligations under the privacy laws in force in Australia from time to time. Any information provided, including identification of individuals, will be used only for the purpose(s) intended and where the intention includes confidentiality, information will be treated as such unless otherwise required by law. This Policy represents the default position that ACG will take in its treatment of Personal Information. ACG will treat all Personal Information in a manner consistent with this Policy unless you have provided your express consent otherwise.

If there is any inconsistency between the Privacy Act and this Policy, this Policy shall be read and interpreted to comply with the Privacy Act.

WEBSITE TERMS AND CONDITIONS

Your use of our Site is also subject to our terms and conditions. The terms and conditions for your use of our Site may be found here: https://asheville-consulting-group.squarespace.com/s/ACGTerms-Conditions.pdf

WHAT INFORMATION DO WE COLLECT?

We collect information from you when you register on our site. When ordering or registering on our Site, as appropriate, you may be asked to enter your: name, e-mail address, mailing address or phone number. You may, however, visit our Site anonymously. Google, as a third party vendor, uses cookies to serve ads on our Site. Google’s use of the DART cookie enables it to serve ads to your users based on their visit to our Site and other sites on the Internet. Users may opt out of the use of the DART cookie by visiting the Google ad and content network privacy policy.

COLLECTION OF SENSITIVE INFORMATION

In order to comply with relevant Victorian and Federal Government guidelines, mandates or requirements imposed from time to time, we may be required to collect your sensitive health information, including but not limited to your vaccination status.

You consent to us collecting, using, and disclosing your sensitive health information as required by Victorian and Federal Government guidelines. For the avoidance of doubt, the collection, use and disclosure of your sensitive health information will be in accordance with the Privacy Act, GDPR and other relevant law.

HOW DO WE COLLECT PERSONAL INFORMATION?

Personal Information will typically be collected by us when it is provided to us by you directly: – When you contact us through an online form on the Site;

– When you email us;
– During phone calls and other communications between you and us;
– When you sign up to an event run or held by us;
– When you sign up to work in our coworking space; and
– When you apply for employment with us or are offered employment with us.

WHAT DO WE USE YOUR INFORMATION FOR?

Any of the information we collect from you may be used in one of the following ways:
– To personalise your experience (your information helps us to better respond to your individual needs)
– To improve the Site (we continually strive to improve our Site offerings based on the information and feedback we receive from you)
– To improve customer service (your information helps us to more effectively respond to your customer service requests and support needs)
– Collective Exchange and other events/workshops
– Selling projects and advertising

DO WE USE COOKIES?

Yes but we provide the option to opt out, (Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow) that enables the sites or service providers systems to recognize your browser and capture and remember certain information. We use cookies to understand and save your preferences for future visits, keep track of advertisements and compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.

HOW DO WE PROTECT YOUR INFORMATION?

We implement a variety of security measures to maintain the safety of your personal information when you enter, submit, or access your personal information.

All Personal Information collected is stored on secure cloud-based serves such as Dropbox and Mailchimp, that are password protected and will not be transmitted overseas other than for the purposes of storage on these servers.

If we have reasonable grounds to believe that your Personal Information that we hold may be subject to unauthorised access or disclosure (eligible data breach), we will investigate and assess the suspected eligible data breach to determine whether the eligible data breach is likely to result in serious harm to you (Notifiable Data Breach). If a Notifiable Data Breach occurs, then we will notify you and the Australian Information Commissioner as soon as practicable after we become aware of the Notifiable Data Breach in accordance with our obligations under the Privacy Act. We will comply in every way with our obligations under Part IIIC – “notification of eligible data breaches” of the Privacy Act

DO WE DISCLOSE ANY INFORMATION TO OUTSIDE PARTIES?

We do not sell, trade, or otherwise transfer to outside parties your Personal Information, except for as outlined below. We may share your Personal Information with trusted third parties who assist us in operating the Site, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. These include related special purpose Joint Venture entities utilised to provide the Services.

We may share your Personal Information with trusted third parties with whom we partner to provide certain services to you, for example The Passive House Institute for the purposes of providing passive house certification services. To the extent that such third parties have access to your Personal Information, their use is governed by their own privacy policies, the Privacy Act, GDPR and any other relevant law.

We may share Personal Information with employees, service providers, suppliers and affiliates of ACG on a need to know basis to allow the provision of the Services to you as requested by you. We may also disclose your Personal Information to our Site host or service providers in certain limited circumstances, for example when our Site experiences a technical problem or to ensure that it operates in an effective and secure manner. Access to Personal Information by these people is subject to such people protecting your Personal Information to at least the degree set out in this Policy, and such access will be revoked within a reasonable timeframe of access no longer being required. To the extent that these organisations and service providers gain access to Personal Information, their use is governed by their own privacy policies, the Privacy Act, GDPR and any other relevant law.

We may share your sensitive health information to third parties as required by government guidelines, mandates and requirements. To the extent that such third parties have access to your sensitive health information, their use is governed by their own privacy.

policies, the Privacy Act, GDPR and any other relevant law. We will not disclose your sensitive health information to third parties without your written consent.

We may also release your information when we believe release is appropriate to comply with the law, enforce our Site policies, or protect ours or others rights, property, or safety. However, nonpersonally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

THIRD PARTY LINKS

Occasionally, at our discretion, we may include or offer third party products or services on our Site. These third party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our Site and welcome any feedback about these sites.

RETENTION AND DISPOSAL OF PERSONAL INFORMATION

We will retain Personal Information for as long as is required for us to fulfil the purposes for which the Personal Information was collected, including where applicable to provide you with the Services and to comply with legal requirements.

If we no longer require Personal Information for any purpose, including legal purposes, we will take reasonable steps to securely destroy or permanently de-identify the Personal Information.

ACCESS TO PERSONAL INFORMATION

You can access the Personal Information held about you at any time by contacting our Privacy Officer.

We will always endeavour to meet requests for access. However, in some circumstances we may decline a request for access. This includes the following circumstances:

We no longer hold or use the information;
Providing access would have an unreasonable impact on the privacy of other persons;
The request is frivolous or vexatious;
The information relates to existing or anticipated legal proceedings and would not normally be disclosed as part of those proceedings;
Providing access would be unlawful;
Providing access would be likely to prejudice the detection, prevention, investigation and prosecution of possible unlawful activity; or
The information would reveal ACG’s commercially sensitive information.

If we decline a request for access, we will provide reasons for our decision when we respond to the request.

We reserve the right to charge you a reasonable fee for access to your Personal Information. These charges will be limited to the cost of recouping our expenses for providing you with your Personal Information, such as document retrieval, photocopying, labour and delivery.

Despite anything contained in this Policy to the contrary, if the Freedom of Information Act 1982 applies to a person on whose behalf we hold Personal Information, the access and correction requirements in the Privacy Act operate alongside and do not replace other informal or legal procedures by which an individual

can be provided access to, or correction of, their Personal Information.

CHANGING OR DELETING PERSONAL INFORMATION

We will take reasonable steps to ensure that Personal Information is accurate, complete and up-to-date at the time of collecting the Personal Information from you, using or disclosing the Personal Information, or during other interactions with you or suppliers in accordance with this Policy.

If you believe that any Personal Information that we hold about you is inaccurate, incomplete or out-of-date, you may contact our Privacy Officer. We will do our best to correct any Personal Information that is inaccurate, incomplete or out-of-date or dispose of it in accordance with this Policy.

PRIVACY PROTECTION ACT COMPLIANCE

Because we value your privacy we have taken the necessary precautions to be in compliance with the Privacy Act. We therefore will not distribute your personal information to outside parties without your consent.

YOUR CONSENT

By using our Site, or entering into an employment agreement, contractor agreement or licence agreement with us, you consent to our privacy policy.

CHANGES TO OUR PRIVACY POLICY

If we decide to change our privacy policy, we will post those changes on this page, and/or update the Privacy Policy modification date below. This policy was last modified on 5 October 2021.

CONTACTING US

If there are any questions regarding this privacy policy you may contact our Privacy Officer using the information below.

www.ashevilleconsultinggroup.com

Melbourne, Australia

Info@ashevilleconsultinggroup.com