Privacy Policy

This Policy explains how Green Brain (‘Green Brain’) and any group companies handle personal information, including how we collect, use and disclose personal information.

Green Brain is committed to complying with the Australian Privacy Principles ('APPs') in the Privacy Act 1988 ('the Privacy Act') and, to the extent applicable, the EU General Data Protection Regulation ('GDPR'). We are committed to being open and transparent about our information handling practices. We respect the confidentiality of the personal information we hold and take steps to safeguard that information.

The kinds of personal information we collect and hold (and why)

Green Brain needs to collect personal information to provide services to our clients and third parties. We may collect and hold the following personal information:

  • names and contact details (including address details) of our clients and key persons;
  • personal information (including sensitive information) about our clients or a third party in the course of providing, or considering to provide, our services;
  • our clients' credit card and/or banking details;
  • personal information provided by persons who make enquiries of or contact us;
  • personal information of third parties that we deal with in the course of our day-to-day business operations; and
  • personal information provided to us in applications for employment with us.

How we collect personal information

Where it is practical to do so, we aim to collect personal information directly from the individual it relates to. However, there may be circumstances where we need to collect personal information from a third party. Also, we may collect personal information indirectly because it is included in a communication with us. Some examples of how we collect personal information include (but are not limited to):

  • through our websites, including but not limited to at https://greenbrain.ag, and through other forms of communication such as when clients email us or communicate with our customer support;
  • directly from individuals and clients during telephone calls or in meetings;
  • through our social media pages and social media networks;
  • through third party arrangements;
  • through open days, presentations, conferences, product displays and similar events;
  • from data sets provided by our clients for use in project development;
  • from publicly available sources of information;
  • when you provide feedback or respond to surveys and/or promotions; and
  • when we are permitted or required to collect the personal information by or under law.

Storage and security of personal information

We take the security of the personal information we hold seriously. All Green Brain staff handle personal information sensitively and in accordance with our obligations under the APPs or the GDPR (if applicable)

We take all reasonable steps to protect the personal information we hold from misuse, interference and loss; and from unauthorised access, modification or disclosure. These steps include using electronic and physical security measures, including password protected software and hardware.

The transmission and exchange of information is carried out at your own risk. We cannot guarantee the security of any information that you transmit to us, or receive from us. Although we take measures to safeguard against unauthorised disclosure of information, we cannot assure you that personal information that we collect will not be disclosed in a manner that is inconsistent with this Privacy Policy.

If we no longer need the personal information we hold, we take reasonable steps to destroy or de-identify that information. It may be necessary for us to retain personal information to comply with our legal obligations, or for insurance or audit purposes or for the purposes of machine learning and the development of algorithms and/or other instructions or software. Personal information stored electronically may also be stored securely indefinitely for IT back up and electronic audit trail purposes.

Much of the information we hold about you will be stored electronically in secure data centres located in Australia. We also store information in data centres of our contracted service providers (including cloud storage providers), and some of these data centres may be located outside Australia. Our contracted service providers or parties who we work with, that operate overseas, are likely to be located in, but not limited to, the United States, New Zealand, the Philippines, United Kingdom, Singapore and Malaysia.

We use a range of physical, electronic and other security measures to protect the security, confidentiality and integrity of the personal information we hold both in Australia and overseas.

How we use personal information and for what purposes

We use personal information in order to provide our clients with services, manage our business and our relationship with our clients and potential clients, and to enhance the services we provide.

Where necessary, we may also use personal information for the purpose of confirming your identity, confirming a representation that you have made to us, to directly offer you information, products and/or services that we believe may be of interest and value to you, complying with any applicable laws (for example any obligations we may have under legislation) and for the exception purposes specified in the Privacy Act.

We may also use personal information for audit or quality assessment purposes; billing and invoicing; and/or for staff training

During project development for our clients, we may be provided with data that includes personal information. In that case, we take reasonable steps to ensure that the data used is de-identified to the extent that de-identification is possible, reasonable and practicable.

We only use personal information in accordance with the APPs and, to the extent applicable, the GDPR, and while maintaining client confidentiality.

Disclosure of personal information

In order to provide our services and conduct our business, we may disclose personal information to third parties.

In some, limited circumstances this may include sensitive information as defined in the Privacy Act. We do not disclose sensitive information about you unless you agree, would reasonably expect us to do so or if it is permitted under the Privacy Act or, to the extent applicable, the GDPR.

We may disclose personal information:

  • if the person to whom the information relates agrees to the disclosure;
  • where the disclosure is for the purpose the personal information was collected;
  • in circumstances where the person about whom the personal information relates would reasonably expect this disclosure to occur; and/or
  • where required or permitted to do so by law.

Also, our website uses cookies to analyse website traffic and help us provide a better website visitor experience. We may store this web traffic information overseas.

General Data Protection Regulation (GDPR) for the European Union (EU)

We will comply with the principles of data protection set out in the GDPR for the purpose of fairness, transparency and lawful data collection and use.

We process your personal information as a Processor and/or to the extent that we are a Controller as defined in the GDPR.

The legal basis for which we collect your personal information depends on the data that we collect and how we use it and we will only collect your personal information with your express consent for a specific purpose and any data collected will be to the extent necessary and not excessive for its purpose. We will keep your data safe and secure.

We will also process your personal information if it is necessary for our legitimate interests, or to fulfill a contractual or legal obligation.

We do not collect or process any personal information from you that is considered “Sensitive Personal Information” under the GDPR, such as personal information relating to your sexual orientation or ethnic origin unless we have obtained your explicit consent, or if it is being collected subject to and in accordance with the GDPR.

You must not provide us with your personal information if you are under the age of 16 without the consent of your parent or someone who has parental authority for you. We do not knowingly collect or process the personal information of children.

Your rights under the GDPR

If you are an individual residing in the EU, you have certain rights as to how your personal information is obtained and used. We shall comply with your rights under the GDPR as to how your personal information is used and controlled if you are an individual residing in the EU.

Except as otherwise provided in the GDPR, you have the following rights:

  • to be informed how your personal information is being used;
  • access your personal information;
  • to correct your personal information if it is inaccurate or incomplete;
  • to delete your personal information (also known as “the right to be forgotten”);
  • to restrict processing of your personal information;
  • to retain and reuse your personal information for your own purposes;
  • to object to your personal information being used; and
  • to object against automated decision making and profiling.

Please contact us at any time to exercise your rights under the GDPR at the contact details in this Privacy Policy. We may ask you to verify your identity and location before acting on any of your requests.

How you can access the personal information we hold about you

You may request access to the personal information we hold about you in accordance with the terms of this Privacy Policy, by contacting us at the email address below under 'Contact details'. We will need to verify your identity and may charge a fee to cover the cost of providing you with access. If a fee is charged for providing access, you will be informed of the details of the fee prior to provision of access.

How to update or correct your personal information

You can request to update or correct personal information we hold about you which you believe is inaccurate or out of date. To do so, you may contact us using the address under the 'Contact details' section.

How to make a privacy complaint

If you have any concerns about our information handling practices you can contact us at admin@greenbrain.ag so that we can try and resolve the issue quickly and directly.

If we are unable to resolve your privacy complaint, you may contact the Office of the Australian Information Commissioner at:

GPO Box 5218, Sydney NSW, 2001, www.oaic.gov.au (telephone 1300 363 992).

Currency

This Privacy Policy was last updated on 20 April 2022. The most recent version of the Privacy Policy can be obtained by contacting us via our 'Contact details' below.

Contact details

You may request access to the personal information we hold about you, or make a privacy complaint, by contacting us at admin@greenbrain.ag.