Privacy and Data Management Policy

PRIVACY STATEMENT

Any Personal Information you provide to T4 Consulting is private, confidential, and will be treated in accordance with applicable laws, including the General Data Protection Regulation (GDPR). T4 Consulting is bound to comply with the Privacy Act 1988 (Cth), GDPR, and this Privacy and Data Management Policy. Your personal information will be handled in accordance with this policy, which may be updated from time to time.

This policy sets out your rights and processes to: complain about a breach of privacy, access and correct your personal information held by T4 Consulting, and exercise your rights under the GDPR. Your involvement is voluntary, and you are free to withdraw consent at any time. Should you have any queries, please contact T4 Consulting at privacy@t4.consulting.

T4 Consulting and Your Personal Information

This is our Privacy and Data Management Policy, which sets out what personal information T4 Consulting collects about you.

It explains how we collect, hold, use, and disclose your personal information. It also sets out how you may access and seek correction of your personal information or complain about a breach of your privacy under applicable laws, including GDPR. This Privacy Policy may be amended from time to time if our practices change.

On our website, you may find links to other websites not operated by us. This Privacy Policy does not apply to those websites—always check the Privacy Policy of any other website you enter.

What Kinds of Personal Information Do We Collect and How?

The personal information we collect depends on the research we are conducting. It may include:

Your contact details (such as name, address, email address, and phone number)
Your views on the importance of, and satisfaction with, various needs being studied
Broad demographic information (e.g., career status, marital status, etc.)
Your feedback on concepts being tested and complaints.

Sometimes we may also collect sensitive information about you, such as your race, age, and health information. This may happen, for example, through surveys or interviews. We will only collect sensitive information from you or about you with your explicit consent unless otherwise required or authorized by law. You may withdraw your consent at any time by contacting us at privacy@t4.consulting.

When Do We Collect Your Personal Information?

We may collect your personal information when you participate in research studies with us, typically during interviews or surveys.

Lawful Basis for Processing Personal Information

T4 Consulting processes your personal data in compliance with the GDPR. We rely on the following lawful bases for processing personal data:

Consent: Where you have given explicit consent for us to process your personal information.
Contractual necessity: Where processing is necessary for the performance of a contract with you.
Legitimate interest: Where processing is necessary for our legitimate business interests, such as improving our products or services, provided this does not override your rights.
Legal obligation: Where processing is necessary to comply with a legal obligation.

Why Do We Collect the Information and How Do We Use or Disclose It?

We collect, hold, use, and disclose your personal information:

To conduct research into your needs and the needs of people similar to you.
To develop our clients’ product strategies.
To comply with our legal obligations.

Can You Choose to Remain Anonymous?

You may elect not to identify yourself or use a pseudonym in your dealings with us, except where it is impracticable for us to provide our services without identifying you. You can always choose not to provide your information or remain anonymous.

How Can You Request Not to Receive Direct Marketing?

Beyond invitations to participate in our research, we do not conduct direct marketing.

Who Do We Disclose Your Personal Information To?

We may disclose your personal information (including, in certain limited circumstances, your sensitive information):

To companies that commission our research to help improve their products and services.
Where required by law, or to government agencies or individuals responsible for investigating and resolving disputes or complaints concerning our products or services.

How Do We Hold Your Personal Information and Keep It Secure?

We hold your personal information in electronic files and may store it with one or more third-party data storage providers. We take all reasonable steps to protect your personal information from misuse, interference, loss, and unauthorized access, modification, or disclosure. Where we store your information with third-party providers, we require them to keep it secure and only use or disclose it for the purpose it was provided.

If you become aware of or suspect any unauthorized use of your personal information, please notify us immediately at privacy@t4.consulting.

International Transfers of Personal Data

If we transfer your personal data outside the European Economic Area (EEA), we will ensure appropriate safeguards are in place to protect your privacy rights, in accordance with GDPR. This may include Standard Contractual Clauses or adequacy decisions from the European Commission.

Data Retention

We will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law. Once your personal data is no longer needed for these purposes, it will be securely deleted or anonymized. Our retention periods are based on the type of information and the purposes for its collection.

Your Rights Under GDPR

Under GDPR, you have the following rights regarding your personal data:

Right of access: You may request access to the personal information we hold about you.
Right to rectification: You may request correction of inaccurate or incomplete information.
Right to erasure: You may request the deletion of your personal data (the “right to be forgotten”).
Right to restrict processing: You can request a restriction in how we process your personal data.
Right to data portability: You can request your personal data in a structured, machine-readable format or have it transferred directly to another controller.
Right to object: You can object to the processing of your personal data, particularly in cases where we rely on legitimate interest.
Right not to be subject to automated decision-making: You have the right not to be subject to decisions based solely on automated processing that significantly affect you.

To exercise any of these rights, contact us at privacy@t4.consulting. We will respond to your request within one month.

Data Breach Notification

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours, unless the breach is unlikely to result in a risk to your rights. If the breach poses a high risk, we will also notify you without undue delay. Should you suspect unauthorized access or misuse of your data, contact us immediately at privacy@t4.consulting.

How Can You Seek Access to, and Correction of, Your Information?

You may request access to your personal information by contacting us at privacy@t4.consulting. We will verify your identity before providing access and will endeavour to respond within one month. In certain cases, we may deny access if required or permitted by law, and we will provide an explanation for any refusal.

If any personal information we hold about you is inaccurate, incomplete, or out-of-date, you may request correction. If we refuse to correct your data, we will provide an explanation.

How Can You Seek Further Information or Complain About a Breach of Your Privacy?

If you have any questions or believe we have breached your privacy, you can contact us at:

T4 Consulting
1/33 Avenue Rd
Mosman, NSW 2088, Australia
Email: privacy@t4.consulting
Telephone: +61 4 2528 2422

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner:

GPO Box 5218
Sydney NSW 2001
Tel: 1300 363 992
www.oaic.gov.au