Keogh is committed to protecting your privacy. We act consistently with the Australian Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles (APPs) and the European General Data Protection Regulation (GDPR), which regulate how we collect, use and disclose personal data. We will only ever process your personal data in compliance with applicable law.
Personal data we collect
‘Personal data’ (or ‘personal information’ under the Privacy Act) essentially means any information or an opinion about you (whether true or not) that identifies you or from which your identity is reasonably identifiable.
We collect personal data about you that we reasonably need for our business functions and activities, which primarily consists of providing business consultancy services to our clients.
Keogh collects the following categories of personal data:
- Contact data: We may collect your name and contact information, including your email address and phone number, in order to communicate with you and provide our services to you. We generally only collect this information if you provide it to us directly (for example, through our website enquiry form).
- Response data: If you choose to respond to one of our surveys, we will collect your responses to that survey. Depending on the survey, this may include information about your age, gender, tenure of employment and ethnic origin. We will not generally seek your personal data as part of conducting our surveys, but in some instances your survey responses, in combination, could be used to identify you even if you have not provided us with your name or contact information.
- Services data: If you are an employee of one of our clients, we may also collect your personal data (for example, your name, job title and tenure of employment) in the course of providing our business consultancy services to your employer. We will only use this information to the extent necessary to provide our services to that client.
- Information from third parties and publicly available sources: We may collect your personal data from third parties where, for example, you give permission for that third party to share your personal data with us, or in circumstances where you have made that information publicly available online.
- Website visitor and device information: When you visit our website, we may collect information about your visit such as your IP address, information about the device you use to access our website, and the pages you visit while on our website.
Keogh may collect and hold sensitive information about you, including information about your ethnic origin, if you choose to provide us with that information (for example, by responding to one of our surveys). We will generally only collect sensitive information (or ‘special categories’ of information under GDPR) about you with your consent.
Where we collect information about you in the ways described above, we do so on the basis that it is in our legitimate interests to collect and process this data.
Aggregate response data and activity
As part of our service offering to our clients, we may collect, analyse, and share aggregated data such as statistical or demographic data. Such information is used by us to facilitate the business consultancy services we provide our clients. For example, aggregated survey response data may be used by us to identify attitudes and behaviours among employees of a client, which may then be analysed and shared by us to help shape strategic direction for that client and improve workplace culture.
We may also use aggregated data, such as data about how respondents interact with our surveys, for the purpose of improving our services and increasing survey response rates.
Why do we collect, use and disclose your personal data?
We will only process your personal data for purposes that would be considered relevant and reasonable in the circumstances. We collect personal data to offer and administer our services, which primarily consist of business consultancy services.
We collect, hold, use and disclose personal data to:
- offer and provide our services to our existing and prospective clients;
- provide you with the information and services that you request from time to time;
- communicate with you, including by sending you invoices and marketing material;
- seek feedback and improve our services, surveys and website;
- comply with our legal and regulatory obligations; and
- otherwise to manage our business.
We may also collect and use your personal data for activities in support of our primary business functions such as processing payments, administration, marketing, IT, legal, and customer support.
Under data protection laws, we are only permitted to process your personal data where we have a legal basis for doing so. We consider that we have a legal basis for processing your personal data where:
- you have given us consent to process your personal data for the specific purposes that we have informed you of;
- it is necessary for us to process your personal data in order for us to provide you with the information or services that you have requested;
- it is necessary in order to fulfil our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; or
- the law otherwise permits or requires it.
Disclosure of your personal data
We will only share your personal data with your consent or in accordance with this policy.
We may disclose your personal data to:
- our related entities;
- data processors, such as SurveyMonkey, that we use to create and manage our surveys;
- third party providers that we engage to help us conduct research with survey response data, including analysis;
- digital marketing agencies that we engage to analyse our website traffic; and
- other third parties such as our suppliers, auditors, providers of technical and support services, and professional advisors.
We share aggregated survey response data with our clients. Aggregated survey response data will not generally contain any personal data about you. However, if you choose to provide personal data to us through one of our surveys, you consent to us using and disclosing that data, in aggregated form, for the purposes of:
- providing your employer with business consultancy services; and
- research in the social sciences field.
If our business enters into a joint venture with or is merged with another business entity, or Keogh sells its business or assets, or a part of them, your information may be disclosed to our new business partners or the purchaser of our business or assets.
If we disclose information to a third party, we generally require that third party to protect your information to the same extent that we do. Where we provide personal data to a service provider, we grant that third party access to personal data solely for the purposes of providing their services to us, and not for any other purpose.
How do we collect personal data?
We generally collect personal data from you directly, such as when you complete the enquiry form on our website, or when you respond to one of our surveys.
We will collect and hold your personal data in a fair and lawful manner, and not in an intrusive way. Where it is reasonably practical to do so, we will collect your personal data directly from you. We do this through some of the following means:
- when you submit information through our website, such as when you submit an enquiry using our online enquiry form;
- when you contact us via telephone or email with an enquiry, complaint or feedback; and
- when you choose to provide us with responses to our one of our surveys.
In some circumstances we may collect information from third parties or publicly available sources if we have a legitimate basis for doing so and if it is impractical to collect that information from you directly. For example, if you are an employee of one of our clients, we may also collect your personal data (for example, your name, job title and tenure of employment) from your employer in the course of providing business consultancy services to your employer.
If we collect personal data about you from a third party (such as your employer) we will, where appropriate, request that the third party inform you that we are holding such information, how we will use and disclose it, and that you may contact us to gain access to and correct and update the information.
Do you need to provide us with your personal data?
If you are a client, it is generally not practical for you to remain anonymous or to use a pseudonym when dealing with Keogh as we usually need to use your personal data to provide services to you. In some limited circumstances, such as if we ask you to participate in a survey, you may deal with us anonymously (without giving us your name and contact details) or by using a pseudonym or nickname.
If you choose not to provide us with your personal data, we may not be able to provide you with requested services, or provide you with requested information concerning a query or complaint.
Protection of personal data
We store personal data in different ways, including in paper and in electronic form. We maintain appropriate physical, procedural and technical security, such as secure login and password processes, for our offices and information storage facilities so as to prevent any loss, misuse, unauthorised access, disclosure, or modification of personal data. This also applies to disposal of personal data.
We will destroy or de-identify personal data once it is no longer needed for a valid purpose or required to be kept by law.
Like most businesses, marketing is important to our continued success. We believe we have a unique service offering that we provide to our clients at a high standard. We therefore seek to stay in touch with our clients and provide them with relevant updates on our services.
If you subscribe to our newsletter, we will use your email address to send you marketing communications and updates on our services via email. We will not use your survey response data, or any other personal data we hold about you, to send you marketing communications, and in no circumstances will Keogh ever sell your personal data to third parties for marketing purposes.
You may opt out at any time if you no longer wish to receive marketing communications from us. You may do this by using the ‘unsubscribe’ function embedded in our marketing emails, or by contacting our privacy officer on the details provided at the end of this policy.
We understand the importance of protecting the privacy of children, especially in an online environment. For this reason, our websites are not intentionally designed for, or directed at, children under the age of 16. Keogh will never knowingly collect information about any person under the age of 16, except with the consent of the parent or guardian of that person, or as otherwise required by law.
We are based in Australia. We may disclose your personal data to our service providers, such as SurveyMonkey. These service providers are typically located in Australia, the USA and the EU.
By providing your personal data to us, you consent to us disclosing your personal data to any such overseas recipients for purposes necessary or useful in the course of operating our business, and agree that APP 8.1 will not apply to such disclosures. For the avoidance of doubt, in the event that an overseas recipient breaches the APPS, that entity will not be bound by, and you will not be able seek redress under, the Privacy Act.
If you do not want us to disclose your information to overseas recipients, please let us know by contacting our privacy officer on the details provided at the bottom of this policy.
Accessing and correcting your personal data
You may contact our privacy officer to request access to the personal data that we hold about you, or to make corrections to that information, at any time. We will deal with your request within a reasonable time. If we refuse to grant you access to, or to make a correction to, your personal data, we will give you a written notice that sets out the reasons for our refusal (unless it would be unreasonable to provide those reasons), including details of the avenues available to you to make a complaint.
GDPR – additional rights for EU residents
If you are a resident of the European Economic Area the additional rights contained in this section also apply to you.
We are a data controller of your personal data for the purposes of the GDPR. The GDPR grants you certain rights in relation to your personal data, including the right to:
- request access to your personal data (known as a data subject access request);
- request rectification of incomplete or inaccurate personal data that we hold about you;
- request erasure of your personal data (we must comply with such a request unless there is a reason for us to continue to hold and process it);
- object to processing of your personal data in certain circumstances, for example, if you feel our processing impacts on your fundamental rights and freedoms;
- request restriction of processing of your personal data;
- request the transfer of your personal data to you or to a third party; and
- withdraw your consent if we are relying on consent to process your personal data.
To exercise any of the above rights, please contact our privacy officer on the details below.
Who to contact
Keogh Consulting Pty Ltd
Address: 331-335 Hay St, Subiaco WA, Australia 6008
Telephone: 1800 4KEOGH (453644)
We take all complaints seriously, and will respond to your complaint within a reasonable period.
For data subjects located in Australia: if we are not able to satisfactorily resolve your questions, concerns, or complaints, or if you believe we have breached the Australian Privacy Principles, you have the right to refer your complaint to the Office of the Australian Information Commissioner. Contact information for the Office of the Australian Information Commissioner can be found here: Office of the Australian Information Commissioner.
For data subjects located in the EU: if we are not able to satisfactorily resolve your questions, concerns, or complaints, or if you believe that the processing of your personal data infringes on your rights under applicable data protection laws, you have the right to refer your complaint to a supervisory authority, in particular, in the Member State of your residence, place of work or place of the alleged infringement. Contact information for the supervisory authorities may be found here: EU Data Protection Authorities.