1. INTRODUCTION

This page sets out the privacy policy of WhitlamCo Advisory Pty Ltd ACN 670 374 277 (referred to in this privacy policy as ‘we’, ‘us’, or ‘our’). For the purposes of applicable data protection law, (in particular, the General Data Protection Regulation (EU) 2016/679 (the “GDPR”) and the UK Data Protection Act 2018), your data will be controlled by us.

This privacy policy applies whenever we collect your personal information and/or personal data (your personal data). This includes between you, the visitor to this website https://www.whitlamco.com/  (whether directly as our customer or as personnel of our customer), and us, the owner and provider of this website and also where we are directed by a third party to process your personal data. This privacy policy applies to our use of any and all data collected by us or provided by you in relation to your use of the website and the provision of our services to you.

We take our privacy obligations seriously. Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data in connection with your use of our website. It also explains your rights in relation to your personal data and how to contact us or a relevant regulator in the event you have a complaint.

2. TYPES OF PERSONAL INFORMATION WE COLLECT

The personal data we collect may include the following:

(a)               name;

(b)               mailing or street address;

(c)                email address;

(d)               social media information;

(e)               telephone number and other contact details;

(f)                 age;

(g)               date of birth;

(h)               credit card or other payment information;

(i)                 when we use analytical cookies, your device identity and type, I.P. address, geo-location information, page view statistics, advertising data and standard web log information;

(j)                 information about third parties; and

(k)                any other information provided by you to us via this website, in the course of us providing services to you, or otherwise required by us or provided by you.

3. HOW WE COLLECT PERSONAL INFORMATION

We endeavour to ensure that information we collect is complete, accurate, accessible and not subject to unauthorised access.

We may collect personal data either directly from you, or from third parties, including where you:

(a)               contact us through on our website;

(b)               communicate with us via email, telephone, SMS, LinkedIn or otherwise;

(c)                engage us to perform services to you;

(d)               when you or your organisation offer to provide, or provides, services to us;

(e)               interact with our website, social applications, services, content and advertising; and

(f)                 invest in our business or enquire as to a potential purchase in our business.

4. COOKIES

We may also collect personal data from you when you use or access our website or our social media pages. This may be done through use of web analytics tools (e.g. Google Analytics or Google Tag Manager), ‘cookies’ or other similar tracking technologies that allow us to track and analyse your website usage.

Our website uses cookies to help us understand how visitors use our site and to improve your experience. Cookies are small files stored on your device that allow us to recognise your browser and capture certain information, such as the pages you visit, the time spent on each page, and your device type.

We use this information in a non-identifiable form through Squarespace’s built-in analytics tool. We do not use cookies to collect personal information unless you voluntarily provide it via a form on our site.

You can choose to disable cookies through your browser settings, but please note that some parts of the site may not function properly if you do so.

5. USE OF YOUR PERSONAL INFORMATION

We collect and use personal data for the following purposes:

(a)               to provide products or services or information to you;

(b)               for record keeping and administrative purposes;

(c)                to comply with our legal obligations, resolve disputes or enforce our agreements with third parties;

(d)               where we have your consent, including to send you marketing and promotional messages and other information that may be of interest to you. In this regard, we may use email, SMS, social media or mail to send you direct marketing communications. You can opt-out of receiving marketing materials from us by using the opt-out facility provided (e.g. an unsubscribe link);

(e)               for our legitimate interests including:

(i)                 to develop and carry out marketing activities and to conduct market research and analysis and develop statistics;

(ii)                to improve and optimise our service offering and customer experience;

(iii)               to send you administrative messages, reminders, notices, updates and other information requested by you;

(iv)               to consider an application of employment from you; and

(v)                the delivery of our services.

6. SHARING YOUR DATA

We may share your personal data in certain circumstances, as follows:

(a)               where there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer to the extent permissible at law our user databases, together with any personal data and non-personal data contained in those databases. This information may be disclosed to a potential purchaser under an agreement to maintain confidentiality. We would seek to only disclose information in good faith and where required by any of the above circumstances;

(b)               credit-checking agencies for credit control reasons;

(c)                disclosures required by law or regulation; and

(d)               service providers and other affiliated third parties to enable us to provide our services or products to you including suppliers, sub-processors, other professional advisers such as accountants, disaster recovery service providers or auditors and/or overseas counsel.

7. SECURITY

We take reasonable steps to ensure your personal data is secure and protected from misuse or unauthorised access. Our information technology systems are password protected, and we use a range of administrative and technical measures to protect these systems. However, we cannot guarantee the security of your personal data.

8. LINKS

Our website may contain links to other websites. Those links are provided for convenience and may not remain current or be maintained. We are not responsible for the privacy practices of those linked websites and we suggest you review the privacy policies of those websites before using them.

9. DATA BREACH NOTIFICATION

In the event of a data breach, we will notify affected users within 72 hours, as per the GDPR requirements. We will inform you of the nature of the breach, the data affected, and the measures taken to mitigate potential harm. We will also provide guidance on what steps you should take.

10. YOUR RIGHTS

You have various rights with respect to our use of your personal data:

(a)               Access: You have the right to obtain access to your information (if we’re processing it) and certain other information (similar to that provided in this privacy notice). This is so that you’re aware and can check that we’re using your information in accordance with data protection law. We aim to respond to access requests within 30 days of receipt, although this may be extended in certain circumstances.

(b)               Be informed: You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this privacy policy.

(c)                Rectification: We aim to keep your personal data accurate, current, and complete. We encourage you to contact us using our contact form to let us know if any of your personal data is not accurate or changes, so that we can keep your personal data up-to-date. We aim to respond to rectification requests within 30 days.

(d)               Objecting: You also have the right to object to processing of your personal data in certain circumstances, including processing for direct marketing. If you object to the processing, we will consider your request and respond within 30 days.

(e)               Restricting: You have the right to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. When processing is restricted, we can still store your information but may not use it further. We will respond to requests for restriction within 30 days.

(f)                 Erasure: You have the right to ask us to erase your personal data when the personal data is no longer necessary for the purposes for which it was collected, or when, among other things, your personal data have been unlawfully processed. Requests for erasure will be responded to within 30 days, unless the data needs to be retained for legal or other obligations.

(g)               Portability: You have the right to request that some of your personal data is provided to you, or to another data controller, in a commonly used, machine-readable format. We will respond to portability requests within 30 days.

(h)               Complaints: If you believe that your data protection rights may have been breached, you have the right to lodge a complaint with the applicable supervisory authority. In the UK, the supervisory authority is the Information Commissioner’s Office.

(i)                 Withdraw consent: If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time. This includes your right to withdraw consent to us using your personal data for marketing purposes.

You may, at any time, exercise any of the above rights, by contacting our email address provided below. We will respond to your request within 30 days, though this may be extended in certain situations if the request is complex or if we are dealing with a high volume of requests.

11. STORAGE

We store personal information on secure servers located in Australia, including within our client relationship management (CRM) system and internal cloud-based storage systems (e.g., OneDrive). We take reasonable steps to ensure that your personal information is protected from misuse, interference, loss and unauthorised access, modification or disclosure.

12. HOW LONG WE KEEP DATA

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. We will securely destroy your personal data in accordance with applicable laws and regulations.

If you would like further information about our specific retention periods for your personal data, please contact us using our email address provided below.

13. CONTACT US

For further information about our privacy policy or practices, or to access or correct your personal data, or make a complaint, please contact us using the details set out below:

Email: hello@whitlamco.com

We may change this privacy policy from time to time by posting an updated copy on our website and we encourage you to check our website regularly to ensure that you are aware of our most current privacy policy. Where we make any significant changes, we will endeavour to notify you by email.