Privacy Policy

Effective Date: 25 May 2018

1.  Our Commitment to Your Privacy

1.1

The Gordian group of companies (“We/Us/Our”) respect your privacy. So that you may understand how We deal with your Personal Information (please see section 3 below setting out details of the type of information that this may include), We have set out how and why We collect, hold, use, manage, process and transfer Personal Information in this Privacy Policy. You may print a copy of this Privacy Policy. Please read the following carefully to understand our views and practices regarding your Personal Information and how we will treat it.

1.2

Where your personal information is protected by the GDPR, We will process that data in accordance with the GDPR.

1.3

Where you personal information is protected by other law, such as the Australian Privacy Act 1988 (Cth), We will, at a minimum, process that information in accordance with that law. However, where it is lawful and practical to do so, We will also extend to all individuals the similar rights as those that are provided to data subjects who are protected under GDPR, in respect of the:

1.3.1 
Right of access;
1.3.2 
Right to object;
1.3.3 
Right of portability;
1.3.4 
Right of erasure or the right to be forgotten.

1.4

Where legal services are provided by Gordian Lawyers Pty Ltd then Gordian Lawyers Pty Ltd is bound by local law and relegations that require lawyers and law firms to keep all information provided to them by their clients secret and confidential, and to use it only in the interests of their clients, subject to the lawyers duty to the court and the administration of justice. Notwithstanding anything else in this Privacy Policy, Gordian Lawyers Pty Ltd will not make any disclosure or use of any information in contravention of those professional laws and regulations.

1.5

The GDPR Representative of Gordian Services Pty Ltd is Gordian GDPR Representative Ltd. You can contact the Representative and our Privacy officer at:

1.5.1 
2nd Floor College House, 17 King Edwards Road, Ruislip, London, HA4 7AE, United Kingdom; and
1.5.2 
via the Contact Us page on our website.

1.6

We will update this Privacy Policy from time to time at Our discretion, so you should visit Our website regularly to see the latest copy of the Privacy Policy.

1.7

This Privacy Policy binds the following companies in the Gordian group of companies, being:

1.7.1 
Gordian GDPR Representative Ltd (UK Company number 11325831);
1.7.2 
Gordian Services Limited (UK Company number 11325863);
1.7.3 
Gordian Services Pty Ltd (Australian Company ABN 86 160 629 685);
1.7.4 
Gordian Lawyers Pty Ltd (Australian Company ABN 78 121 066 733),

and this Privacy Policy should be interpreted so that “We/Us/Our” includes any of these companies.

1.8

The Gordian group of companies is engaged in the following business activities:

1.8.1 
promoting, offering, selling and performing representative services as defined in Article 27 of GDPR, in particular Gordian GDPR Representative Limited;
1.8.2 
promoting, offering, selling and performing professional services relating to privacy advice and compliance, including consulting, training, supporting online services and Data Protection Officer Services as defined by Article 37-39 of GDPR, in particular:

1.8.2.1 
Gordian Services Limited;
1.8.2.2 
Gordian Services Pty Ltd;

1.8.3 
providing legal services as defined under the law of New South Wales, Australia, being Gordian Lawyers Pty Ltd;
1.8.4 
any business activities related or ancillary to any of the activities set out above.

1.9

This Privacy Policy relates to how We collect, hold, use, manage, transfer and disclose Personal Information that We collect.

1.10

Some of the key phrases that are used in this Privacy Policy include:

1.10.1 
Australian Privacy Law means the Australian Privacy Act 1998 (Cth).
1.10.2 
GDPR means the privacy laws that applies to the European Union, General Data Protection Regulation 2016/679.
1.10.3 
Personal Information:

1.10.3.1 
has the same meaning as defined in the Australian Privacy Law, where the Australian Privacy Law applies; or
1.10.3.2 
has the same meaning as defined in the GDPR, where the GDPR applies;

1.10.4 
Sensitive Information has the same meaning as defined in the Australian Privacy Law.
1.10.5 
Special Category Data has the same meaning as defined in the GDPR.
1.10.6 
Regulator is the legal entity that is responsible for the supervision of the relevant privacy law in Australia or the relevant Member State of the EU, as applicable.

2.  Consent

2.1

By continuing to use Our website, allowing Us to perform our business activities or functions or services for you, or by providing Us with your Personal Information, You give Us consent to collect, hold, hold, use, transfer and process your Personal Information in accordance with this Privacy Policy to the extent that it is lawful to give Us consent in this way.

2.2

We may also seek your consent through Our data collection notices that are located at key points where you may be providing Us with Personal Information.

2.3

We may also collect, hold, hold, use, transfer and process your Personal Information in any other way that is permitted by law, including applicable privacy legislation.

2.4

Where you provide Us with Personal Information about a third party and We are subject to GDPR, We may be required by GDPR to disclose that Personal Information the third party. You must not provide Us with any Personal Information about third parties unless you have their explicit consent to Us being provided with that Personal Information and for its use in accordance with this Privacy policy. This clause does not apply to Gordian Lawyers Pty Ltd.

3.  What Personal Information do We Collect and Hold?

3.1

We may collect and hold the following types of Personal Information:

3.1.1
name, date of birth and relationship to other individuals (e.g. record of next of kin or emergency contact);
3.1.2 
address, phone number, fax number, email address, Skype address and other addresses/contact details/identifiers used in electronic communications or business cards;
3.1.3 
voicemail recordings left in Our phone system and images that individuals have made publicly available or provided to Us;
3.1.4 
video and sound recordings from Our security systems;
3.1.5
demographic information such as postcode, preferences or interests;
3.1.6 
information, including data, images, video and sound recordings, that you, or people authorised by you enter into our software programs and services or use the features in our software programs or services to import from other software applications;
3.1.7 
information about the products or services that you purchase or consider purchasing from Us, Our suppliers or business associates;
3.1.8 
information about enquiries made to Us, Our suppliers or business associates;
3.1.9 
information you provide when you raise a support enquiry or when We are working with you to resolve a technical or administrative query;
3.1.10 
information that you provide in response to market research, surveys or competitions that are conducted by or for Us;
3.1.11 
information that is provided in respect of employment, contract work, work experience or similar, whether solicited or unsolicited;
3.1.12
credit card or details of other payment methods used on Our website, software programs or services, to purchase Our products and services or in connection with Our support of community or charitable causes; and/or
3.1.13
the information set out in section 9 below, which may be identifiable in conjunction with any of the information set out above.

3.2

As a rule We do not collect or hold Sensitive Information or Special Category Data. The only exceptions to this rule are:

3.2.1
where the Sensitive Information or Special Category Data is directly linked to the individual’s employment records and Our collection, holding and use is permitted by applicable law for the purpose managing the individual’s employment record;
3.2.2
where Sensitive Information or Special Category Data is provided to Us in connection with the individual seeking employment, internship, work experience, contract work or similar, whether solicited or unsolicited;
3.2.3
health related information that is provided by attendees at our offices, events or training venues that is used for the purpose of providing appropriate access, hospitality, food or beverage.

4.  How do We Collect and Hold Personal Information?

4.1

We collect Personal Information in a number of ways, including:

4.1.1
through Our website;
4.1.2
through communications with you, including letters, emails, telephone calls, voicemail messages, facsimiles, surveys, competitions and via social media applications;
4.1.3
through communications with others;
4.1.4
in the course of you using our software programs and services, when you or people authorised by you load those details into the software programs or services;
4.1.5
in the course of providing Our products and services to you, including providing support through Our support service;
4.1.6
in the course of Our business functions and activities.

4.2

We hold Personal Information:

4.2.1
in Our hard copy files;
4.2.2
in the databases associated with the software programs or services that you have licensed from Us;
4.2.3
in other systems that We use in connection with Our business, some of which may be owned and operated by Our suppliers (please also see section 7); and
4.2.4
in the database associated with Our website.

4.3

We will only ask for personal information where it is necessary, and is to be processed for a lawful purpose.

4.4

If you elect not to provide Us with Personal Information then We may not be able to provide you with the information, products, services or support that you may want.

4.5

We may receive other unsolicited Personal Information in the course of Our business, for example, where you send us a resume (which includes your name, address and work history) without us specifically asking you to. We will notify you when we receive any such unsolicited information; confirm to you the purposes for which we intend to use that Personal Information; and deal with this unsolicited Personal Information in accordance with our legal obligations.

5.  The Purposes for which We use Personal Information

5.1

We collect, hold, use and disclose Personal Information for the following purposes:

5.1.1
pursuing Our business activities and functions;
5.1.2
where required by law, communicating with appropriate Regulators and individuals who are communicating with you or Us, or with whom We have a lawful obligation to communicate;
5.1.3
seeking legal advice, or other professional advice, in the support of Us performing Our business functions and activities;
5.1.4
allowing the technical support personnel to provide assistance to you (or your employer), if needed;
5.1.5
facilitating authorised transactions between you (or other people who you are acting for) and Us or between you (or other people who you are acting for) and other people and organisations who are accessible via Our website or other electronic means;
5.1.6
facilitating payment for the purchase of products or services through Our website or otherwise. In this case you may be directed to (or We may use to facilitate the transaction) a third party website (a secure internet payment gateway) approved by the relevant financial institution within your country of access with whom you bank to enter your credit/debit/charge card or other payment mechanism details. This third party may in turn integrate the payment software with a third party payment application provider who assists in managing the payment transaction. Where you are redirected in this way, you will be subject to the privacy policies of the third party providers;
5.1.7
performing certain functions via Our website, e.g. conducting surveys, market research, mail outs, competitions or using social media;
5.1.8
conducting surveys, market research, mail and competitions off line;
5.1.9
improving the quality of Our website and Our products and services;
5.1.10
allowing you to participate in interactive features of our service, when you choose to do so;
5.1.11
developing or adding additional products and services from Us or existing or new people and organisations that are accessible via Our website;
5.1.12
Our training and quality assurance purposes;
5.1.13
Our website safety and security purposes;
5.1.14
Our administrative purposes;
5.1.15
allowing technical support personnel to manage Our infrastructure, systems, databases other applications or tools;
5.1.16
statistical analysis of the usage of Our website or applications or tools that are accessed via the website; and/or
5.1.17
complying with applicable laws, including relevant privacy legislation.

6.  Direct Marketing

6.1

We also collect, hold, use and disclose Personal Information for the purpose of direct marketing of any of Our other services or products which We consider may be of interest to you where you have given Us your lawful consent to Us using Personal Information for this purpose and you have not opted-out in accordance with sections 6.3 and 6.4 below.

6.2

We do not provide Personal Information to third parties except as in accordance with this Privacy Policy, any agreement We have with you or as required by applicable law.

6.3

If you have given Us your lawful consent to provide you with direct marketing communications We may collect, hold, use and disclose Personal Information in accordance with that consent to enable Us to provide you (or other people who you are acting for) information about, and offer you (or other people who you are acting for), other products and services that We offer and which We consider may be of interest to you.

6.4

If you give Us lawful consent to provide you with direct marketing communications We will provide a simple means where you can request not to receive direct marketing communications. Where you have consented to Us providing your Personal Information to any of Our named suppliers or business associates in order for them to provide you with direct marketing communications, You may request that We stop sharing any such Personal Information with that supplier or business associate. We shall only obtain Personal Information about you from a third party source for the purpose of direct marketing where such Personal Information has been processed lawfully by the third party who has provided. You may request that We disclose the source of that information. We will respond to any request made under this clause within a reasonable period in accordance with applicable law and at no cost to you.

6.5

We will seek specific lawful consent by way of opt-in or other affirmative action for any direct marketing that We intend to carry out using your Personal Information.

7.  Storage and Disclosure of Personal Information (including overseas transfers)

7.1

We take appropriate measures to secure personal data and protect it from loss or unauthorised disclosure or damage. All Personal Information provided to Us will be held for so long as we reasonably require to deliver services to you or to or your employer or as otherwise required for regulatory or other legal purposes and will be hold on secure servers. Any payment transactions processed by us or any applicable third party will be encrypted using SSL technology.

7.2

In accordance with this Privacy Policy, We may send Personal Information to third parties, including those located outside of the territory in which the individual’s Personal Information is gathered for processing by staff who work for Us or for one of our suppliers, including staff engaged in, among other things, the fulfilment of service delivery, the processing of payment details and the provision of support services. Transfers of Personal Information to overseas jurisdictions will take place in the following circumstances:

7.2.1
where We have a group company assisting Us with Our business activities and functions;
7.2.2
where We have a supplier assisting Us with providing assistance with Our business activities and functions;
7.2.3
where Our website, or any hosting service We use to support Our software or software as a service, is hosted by Us or a third party, and the hosting facilities and/or the back-up/disaster recovery sites are located overseas;
7.2.4
where a third party application is being used in connection with Our interactions with you, e.g. when We use email or Skype, the third party providers of the relevant application have their applications hosted overseas;
7.2.5
where We use credit referencing agencies to verify your creditworthiness and/or report back to the credit organisation on your payment history or other details of the financial relationship between us;
7.2.6
where analytics and search engine providers assist Us in the improvement and optimisation of Our website.

7.3

The countries in which We know that Personal Information may be processed and/or transferred to include:

7.3.1
the United States of America;
7.3.2
United Kingdom; and
7.3.3
Australia.

7.4

We will only transfer personal information outside of the country of collection in accordance with applicable law. Wherever Personal Information is transferred outside of the country of collection, we will take all steps reasonably necessary in accordance with applicable law to ensure that such Personal Information is treated securely and in accordance with this Privacy Policy.

7.5

Where We have given you (or where you have chosen) a password which enables you to access certain parts of our website or any part of our services, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

7.6

Unfortunately, the transmission of information via the internet is not completely secure. Although We will do our best to protect your Personal Information, We cannot guarantee the security of your Personal Information transmitted to our site; any transmission is at your own risk. Once We have received your information, We will use strict procedures and security features to try to prevent unauthorised access.

8.  Use of Social Media

8.1

Our websites use social media includes blogs, Twitter feeds, and links to other social media, including Facebook, Linked In, Twitter etc. The nature of social media is that these applications actively enable exchange and disclosure of any information, whether personal or otherwise, that is included within those applications. All information, including Personal Information that you enter in those applications may be used, hold, handled and disclosed in any way that is consistent with the privacy policies of the relevant applications, if any. All information that is posted by you in a blog, twitter feed or other social media in connection with the website should be considered as public information that may be used, copied and adapted by any person for any means and should not be posted unless you are prepared to specifically state what restrictions on use there may be with that information or are prepared to accept that it may be used, copied, adapted, hold, handled and disclosed to any other person in any way. We accept no responsibility or liability for any Personal Information that you decide to publish on any social media outlet.

9.  Cookies, Metadata and Site Data Activity

9.1

A cookie is a small piece of computer code which remains on your computer and contains information which helps Us identify your browser.

9.2

When you visit Our website and applications and tools on it, the cookie records the authentication to allow your user id to login. We use the information gathered by cookies to identify your web browser so that when you log in on the next occasion your use of the website and other applications and tools on it is easier and faster because the website has remembered your details.

9.3

If you do not want Us to use cookies then you can easily stop them, or be notified when they are being used, by adopting the appropriate settings on your browser. If you do not allow cookies to be used some or all of the website or other applications or tools on it might not be accessible to you.

9.4

Sometimes information that you upload is provided with associated metadata. If you do not want Us to use the metadata you must remove it by erasure from the underlying document/materials properties before uploading it onto the website and other applications and tools.

9.5

We may collect data that is associated with your visit, including the pages your visit, the activities you undertake on our website, the preferences you indicate, the applications and tools you use, the purchases you make, and the competitions you enter, etc. We may also collect information relating to the computer, mobile phone or other device including the device type, browser, location, IP address and search words used. We may collect, use, disclose and hold such information in any of the ways set out in this Privacy Policy.

10.  Links to other Websites and Applications

10.1

Our website includes links to other websites, applications and tools that are not owned or operated by Us. We not responsible for the content of those websites, applications or tools, nor for any products, services or information contained in them or offered through them. You should review the privacy policies and terms and conditions of use of those websites, applications and tools when you visit them. We do not endorse, recommend, condone or represent the companies or any content on any third party linked website and may terminate the link or linking program at any time.

11.  How to Use any of your Rights as a Data Subject or to Complain

11.1

Under applicable privacy legislation We must ensure that your Personal Information is accurate and up to date. Therefore, please advise Us of any changes to your information.

11.2

If you want to find out what Personal Information We hold on you, or you believe any of your Personal Information that is held by Us is inaccurate, out of date, incomplete, irrelevant or misleading or it is not necessary for Us to continue to hold it, or that We are not processing it lawfully and you require Us to suspend or stop processing it, or you wish for Us to delete or port your Personal Information to a third party provider, you can contact Us, and We will either provide you with access to the Personal Information (in so far as We are legally able and required to do so by applicable law,) or We will delete it or correct it (and/or add supplementary information) or satisfy your rights as a data subject, as applicable, within a reasonable period, in accordance with applicable privacy legislation. Where your Personal Information is subject to GDPR We will provide you these rights in accordance with GDPR. Where your Personal Information is subject to Australian Privacy Law, then We will provide you these rights at least in accordance with Our obligations under Australian Privacy Law, and where it is lawful and practical for Us to do so, to the same extent as if GDPR applied.

11.3

For clarity, nothing in this Privacy Policy subjects any Gordian group company to the jurisdiction of GDPR, unless and to the extent that GDPR lawfully extends its jurisdiction to the relevant Gordian company.

11.4

You can contact Us for any of these purposes by:

11.4.1
email at the following email address DataProtectionOfficer@gordian.com; or
11.4.2
using the contact Us web form on Our website.

11.5

If you wish to complain about a breach of any breach of applicable privacy laws or codes, or this Privacy Policy you should contact Us by:

11.5.1
email at the following email address DataProtectionOfficer@gordian.com; or
11.5.2
using the contact Us web form on Our website.

11.6

If you make any such complaint, We may be obliged to report that complaint to the relevant local regulator within the time frames set out in the relevant local legislation. We may also be obliged to self report breach of privacy to the relevant local regulator within the time frames set out in the relevant local legislation.

11.7

We will aim to respond to any complaint within 10 business days of the date of receipt. We will attempt to resolve your complaint to your satisfaction. If you are not satisfied with how We deal with your complaint you may contact the relevant regulatory authority in your country.