HomePolicies › Privacy Policy

Privacy Policy

Last updated: 26 November 2023 Controller: Elev8 Advisory Pty Ltd

Elev8 Group respects your privacy and is committed to protecting your personal data. This Privacy Policy tells you what information we collect when you visit our website or use our products and services, how we use it, and when we share it. This policy applies to all personal data collected by or on behalf of Elev8 Advisory Pty Ltd. It may change from time to time — please check this page regularly. Our website, products, and services are not intended for children and we do not knowingly collect data relating to children.

Data Controller

Elev8 Advisory Pty Ltd is the data controller responsible for your personal data — referred to as "Elev8", "we", "us", or "our" throughout this policy.

You have the right to make a complaint at any time to the Office of the Australian Information Commissioner (OAIC) — the Australian supervisory authority for data protection — at www.oaic.gov.au. We would appreciate the chance to address your concerns directly before you approach the OAIC, so please contact us in the first instance.

1. The Data We Collect

We collect and process the following categories of personal data about you. We do not collect any Special Category data — including data relating to race or ethnicity, religious beliefs, health, sexual orientation, political opinions, trade union membership, or genetic and biometric information — nor any information about criminal convictions.

Category 1
Identity Data
First name, last name, username or similar identifier, and title.
Category 2
Contact Data
Work address, email address, and telephone numbers.
Category 3
Technical & Usage Data
IP address, login data, browser type and version, time zone, device information, pages visited, and links followed on our website.
Category 4
Profile Data
Job title, employer, interests, preferences, feedback, and survey responses.
Category 5
Marketing & Communications Data
Your preferences for receiving marketing from us, and your communication preferences.

We also collect, use, and share Aggregated Data — statistical or demographic data that does not identify you individually. Where Aggregated Data is combined with personal data in a way that allows you to be identified, we treat the combined data as personal data under this policy.

2. How We Collect Your Data

  • Direct interactions
    You provide us with Identity and Contact Data directly when you:
    • Request our products or services, or meet with a member of our team
    • Complete a form or subscribe to our publications on our website
    • Participate in an event, survey, competition, or promotion we have organised
    • Use our diagnostic tools or contribute to an information-gathering exercise
    • Submit a job application, make a complaint, or provide feedback
    • Request marketing material or contact us by any other means
  • Automated technologies
    As you interact with our website, we automatically collect Technical & Usage Data using cookies and similar technologies. See the Cookies section below for details.
  • Third parties and public sources
    We may receive data about you from analytics providers, advertising networks, search information providers, and publicly available sources such as professional directories and business registries.

3. How We Use Your Data

We only use your personal data when the law permits. Our primary legal bases are legitimate interests — where we have assessed that our interests do not override your rights — and legal obligation. We do not generally rely on consent for processing, though you always have the right to opt out of marketing.

Registering you as a new customer or user
Data used
Identity Contact Profile
Legal basis
Legitimate interests — to perform our obligations to enterprise customers and their authorised users.
Managing our relationship with you — including orders, payments, enquiries, complaints, and policy updates
Data used
Identity Contact Profile Marketing & Comms
Legal basis
Legitimate interests (manage relationships, recover debts) and legal obligation.
Administering and protecting our business and website — including troubleshooting, security, and system maintenance
Data used
Identity Contact Technical & Usage
Legal basis
Legitimate interests (running our business, IT security, fraud prevention) and legal obligation.
Delivering relevant website content and advertisements, and measuring their effectiveness
Data used
Identity Contact Technical & Usage Profile Marketing & Comms
Legal basis
Legitimate interests — to study how customers use our services, grow our business, and inform our marketing strategy.
Using data analytics to improve our website, services, marketing, and customer experience
Data used
Technical & Usage
Legal basis
Legitimate interests — to improve our website and services and define the types of customers who use them.
Making suggestions and recommendations about services that may interest you
Data used
Identity Contact Technical & Usage Profile
Legal basis
Legitimate interests — to develop our products and services and grow our business.
Enabling participation in surveys, prize draws, competitions, or diagnostic tools
Data used
Identity Contact Profile Technical & Usage Marketing & Comms
Legal basis
Legitimate interests — to provide our products and services and gather research insights.
Marketing

You will receive marketing communications from us if you have requested information from us, purchased our services, or provided your details in connection with an event or promotion — and have not opted out. You can opt out at any time by following the unsubscribe link in any marketing message or by contacting us directly.

4. Cookies

Our website uses cookies and similar technologies to distinguish you from other users, provide a good browsing experience, and improve our site. We may also use these technologies to display targeted advertisements on third-party websites and social media platforms. You can set your browser to refuse all cookies or alert you when cookies are set — though some parts of our website may not function properly if you do.

Strictly Necessary
Essential for the website to operate. These cookies enable you to move around the site, use its features, and log into secure areas. They cannot be disabled.
Functionality
Recognise you when you return to our website, enabling us to personalise content, remember your preferences, and greet you by name.
Analytical / Performance
Collect information about how visitors use our website — such as pages visited and navigation paths — to help us improve the site's performance and usability.
Targeting
Deliver advertisements relevant to your interests. Remember that you have visited our website and the content you engaged with. This information may be shared with advertising partners.

Third parties — including advertising networks and web analytics providers — may also use cookies on our website over which we have no control. Contact us if you would like information about the specific cookies we use.

5. Who We Share Your Data With

We may share your personal data with the following parties, for the purposes set out in Section 3. We require all third parties to respect the security of your personal data and to treat it in accordance with applicable law. We do not permit third-party service providers to use your personal data for their own purposes.

  • Other Elev8 Group entities — where necessary for delivering our services.
  • Third-party service providers — including IT service providers, data hosting partners, and organisations that help us deliver our products and services, conduct background checks, or perform other functions on our behalf.
  • Professional advisers — including lawyers, auditors, bankers, and insurers who provide consultancy, legal, financial, and accounting services to Elev8.
  • Advertising and analytics partners — who help us deliver targeted advertising and analyse website traffic and customer behaviour.
  • Regulatory and legal authorities — where we are required to disclose data by law, or where disclosure is necessary to fulfil a government or regulatory request, comply with legal process, or protect our legal rights or property.
  • Business acquirers or successors — in the event of a sale, transfer, or merger involving our business or assets. Any new owner will use your personal data in the manner described in this policy.

6. International Data Transfers

This section applies to users located in the European Union or European Economic Area. We may share your personal data within the Elev8 Group and with third-party service providers based outside the EEA. Whenever we transfer your personal data out of the EEA, we ensure an equivalent level of protection applies through at least one of the following mechanisms:

  • Transferring only to countries deemed by the European Commission to provide an adequate level of data protection.
  • Using Standard Contractual Clauses (SCCs) approved by the European Commission, which give personal data the same protection it has in Europe.
  • Relying on other lawful transfer mechanisms recognised under applicable EU data protection law at the time of transfer.
Note: Contact us if you would like further information about the specific transfer mechanism used for any particular data flow.

7. Data Security

We have put in place appropriate technical and organisational measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorisation. Access to your personal data is limited to those employees, agents, contractors, and third parties who have a legitimate business need to know it. All such parties process your personal data only on our instructions and are subject to a duty of confidentiality.

We have procedures in place to manage any suspected personal data breach and will notify you and any applicable regulator where we are legally required to do so.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected — including satisfying any legal, accounting, or reporting requirements. When determining the appropriate retention period, we consider the volume, nature, and sensitivity of the data; the potential risk of harm from unauthorised use or disclosure; the purposes for which we process the data; and applicable legal requirements.

In some circumstances we may anonymise your personal data so that it can no longer be associated with you — in which case we may use that data indefinitely without further notice. You can request details of specific retention periods by contacting us.

9. Your Legal Rights

Where you are located in the European Union or European Economic Area, you have the following rights in relation to your personal data. To exercise any of these rights, contact us using the details at the bottom of this page.

Access
Right to access
Request a copy of the personal data we hold about you and verify that we are processing it lawfully.
Correction
Right to correct
Request that we correct any incomplete or inaccurate personal data we hold about you.
Erasure
Right to erasure
Ask us to delete your personal data where there is no good reason for us to continue processing it. Note that certain legal reasons may prevent us from complying in all cases.
Objection
Right to object
Object to processing based on legitimate interests where your specific situation justifies it, or object to processing for direct marketing purposes at any time.
Restriction
Right to restrict
Ask us to suspend processing of your data — for example, while verifying accuracy, pending objection resolution, or for the purposes of legal claims.
Portability
Right to portability
Request that we transfer your personal data to you or a third party in a structured, machine-readable format — where processing was based on consent or contract.
Withdrawal
Right to withdraw consent
Where we rely on consent to process your data, withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
How we handle rights requests
No fee
You will not normally be charged a fee to exercise your rights. A reasonable fee may apply if a request is clearly unfounded, repetitive, or excessive.
Identity verification
We may need to verify your identity before processing a request to ensure personal data is not disclosed to an unauthorised person.
Response time
We aim to respond to all legitimate requests within one month. Complex or multiple requests may take longer — we will notify you if this is the case.
Third-party links: Our website may contain links to third-party websites, plug-ins, and applications. Clicking those links may allow third parties to collect data about you. We do not control these sites and are not responsible for their privacy practices. We encourage you to read the privacy policy of every website you visit.
Questions about this Privacy Policy or to exercise your rights?
Contact Elev8 directly via elev8group.io/contact. Please mark your correspondence clearly with the nature of your request. For complaints, you may also contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.