Privacy Policy
This Privacy Policy sets out our commitment to protecting the privacy of personal information provided to us, or otherwise collected by us, offline or online, including through this website. In this Privacy Policy we, us or our means Peak Usability trading as PeakXD ABN 33018701610. When we collect, store and use your personal information, we do so in accordance with the rules set down in the Australian Privacy Act 1988 (Cth) and, to the extent applicable, by the European Union General Data Protection Regulation (EU) 2016/279 (the GDPR). For more information about the Privacy Act, the Australian Privacy Principles and the Code visit https://www.amsro.com.au/privacy. In this Privacy Policy we “you” or “your” a lot in this Privacy Policy. To better understand what information is most relevant to you, see the following useful definitions. All parties You have provided your personal details to us for any reason. Email subscribers You have provided your email address and contact details to us and have opted into our newsletter either digitally or in writing after a training course. Research participants You have provided consent to participate in research sessions which may take the form of interviews, usability test sessions, focus groups, surveys or diary studies. Website visitor You are just visiting our website. Clients You have signed up or agreed for us to conduct research or usability tests or you are collaborating on, commenting on, or reviewing usability tests.
All parties
Personal information The types of personal information or personal data we may collect about you include:
- your name;
- your contact details, including email address and/or telephone number;
- information about your company or organisation;
- your role within the company or organisation;
- your demographic information, such as age or gender;
- your preferences and/or opinions;
- information you provide to us through surveys, interviews and test sessions;
- your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, and/or browsing behaviour;
- information about your access and use of our Site, including through the use of Internet cookies, your communications with our Site, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider;
- additional personal information that you provide to us, directly or indirectly, through your use of our Site, through being asked to participate in a survey by a business you are connected with, associated applications, associated social media platforms and/or accounts from which you permit us to collect information; and
- any other personal information requested by us and/or provided by you or a third party. We may collect these types of personal information directly from you or from third parties.
Collection and use of personal information We may collect, hold, use and disclose personal information for the following purposes:
- to enable you to access and use our Site, associated applications and associated social media platforms;
- to contact and communicate with you;
- to provide our clients with feedback regarding their products and services, where you have chosen to participate in research or testing of these products, services or websites;
- for internal record keeping and administrative purposes;
- for analytics, market research and business development, including to operate and improve our Site, associated applications and associated social media platforms;
- to run competitions and/or offer additional benefits to you;
- for advertising and marketing, including to send you promotional information about our services that we consider may be of interest to you;
- to comply with our legal obligations and resolve any disputes that we may have; and
- where you apply for employment with us; to consider your employment application.
We may disclose your personal information to:
- third party service providers for the purpose of enabling them to provide their services, including (without limitation) IT service providers, data storage, web-hosting and server providers, and payment systems operators;
- our employees, contractors and/or related entities;
- our UX Accelerator training students working on our training project;
- our existing or potential agents or business partners;
- payment systems operators;
- promoters of any competition we run our client for the purposes of identifying and notifying competition winners;
- anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred;
- credit reporting agencies, courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;
- courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights;
- third parties, including agents or sub-contractors, who assist us in providing information and services to you.
This may include parties located, or that store data, outside of Australia; and third parties to collect and process data, such as Google Analytics or other relevant businesses. This may include parties that store data outside of Australia.
Customers (training students)
Personal information in addition to the above we may collect about you include: your credit card information or details (stored securely with our third-party payment service provider);
Email subscribers
If you wish to subscribe to PeakXD's email newsletter, we ask for contact information such as name and email address. By signing up for an email newsletter you are explicitly giving consent to store your email address and receive our newsletter, but may opt-out or unsubscribe from the newsletter at any time by following the simple instructions at the bottom of each newsletter. The secure email service we use explicitly prevents resending to any addresses that have opted out and any email addresses provided are never passed on to, traded or sold to third parties.
Research participants
PeakXD values your privacy and follow the User Experience Professionals’ Association Code of Professional Conduct. We "Respect privacy, confidentiality, and anonymity" of research participants. What we do with your personal details:
- You will never be asked to provide, and we do not store private information such as credit card details, address, bank details, any identity documents, or date of birth.
- We typically only collect and store your name, email, phone, and don't provide these details to our clients.
- We only use your contact details to contact you to participate in a research study.
- We may provide your first name only and some basic demographic information about you to our clients but will not pass on any personal identifying information without your express consent and permission. Express consent and permission typically involves providing consent for us to share video footage of your research session with clients, their digital vendors and our training participants. Whilst your name and personal details will not be shared with these parties, it is possible that you may be identified via video footage of your face.
- If you have opted in for research via our Survey Monkey collector form, we may provide your personal details to third parties such as our client or recruitment partner, Chitchat Research or another research agency to assist with recruitment for that research only, however, your details will not be used for any other purposes. Where we disclose your personal information to third parties, we will request that the third party handle your personal information in accordance with our Privacy Policy.
- If evaluating our client’s secure sites or systems that require you to log in. Generally, a login will be provided but in rare circumstances, we may need to provide your personal details to our clients in order to test these systems such as your student number or employee number. However, we will not store or record any login details and provide these to any other parties.
- All your personal details are stored on our secure network in a secure office. Videos may be shared with our clients via private and secure cloud-based platforms with a clear request not to share or distribute the files outside of the project team.
- In the event of a tax audit, we provide your full name to the ATO if you have received any payments from us and any associated signed statements or consent forms we have received from you.
- If you participated in a research study we can provide to you a copy of personal data we have on file for you. We can remove that personal data from our database at any time if requested by you but may not remove all your data in the event that it will render impossible or seriously impair the achievement of our research objectives” (GDPR Article 17(3)(d)).
In the course of conducting our research we may rely on third party service providers to host or store the data we collect who are located overseas. Please note that we use the following third parties to process your personal information:
- Survey Monkey
- Loop11
- Optimal Workshop
- Google Analytics
- UsabilityHub
- Hotjar
What we will not do with your personal details:
- We will never share your personal details with other parties or our clients apart from that stated above.
- We will not spam you or send you lots of emails. We will only ever contact you by phone or email to participate in a study.
By providing us with personal information, you consent to the disclosure of your personal information to third parties who reside outside Australia and, if you are a European Union (EU) citizen, to third parties that reside outside the EU. Where the disclosure of your personal information is solely subject to Australian privacy laws (and not subject to the GDPR), you acknowledge that we are not required to ensure that those third parties comply with Australian privacy laws. How we treat personal information that is also sensitive information Sensitive information is a sub-set of personal information that is given a higher level of protection under the Australian Privacy Principles.
Website visitor
We may disclose personal information to:
- MailChimp
- Google Analytics
- Keap
- Hotjar
- Eventbrite
For marketing purposes. We, or our service providers and other third parties we work with, place cookies when you visit our website and other websites or when you open emails that we send you, in order to provide you with more tailored marketing content (about our services or other services), and to evaluate whether this content is useful or effective. For instance, we evaluate which ads are clicked on most often, and whether those clicks lead users to make better use of our tools, features and services Google Analytics. In addition to the above, we have implemented on our websites and other services certain Google Analytics features that support Display Advertising, including re-targeting. Visitors to our websites may opt out of certain types of Google Analytics tracking, customize the Google Display Network ads by using the Google Ad Preferences Manager and learn more about how Google serves ads by viewing its Customer Ads Help Center. If you do not wish to participate in Google Analytics, you may also download the Google Analytics opt-out browser add-on.
Clients
Your detailed are stored in Highrise, our CRM system. PeakXD agrees not to disclose your personal details including your name, address, email address, telephone number, fax number to third parties, unless it is in the course of providing services to you or to our recruitment agency for the sole purpose of recruitment for research studies. We may disclose personal information to:
- MailChimp
- Google Analytics
- Highrise
Our responsibilities and your rights
Our responsibilities Our responsibilities as a ‘controller’ under the GDPR. Controllers are defined by the GDPR as natural or legal persons, a public authority, agency or other body to which personal information or personal data has been disclosed, whether via a third party or not, and who determines the purposes and means of processing personal information. We are a controller under the GDPR as we collect, use and store your personal information to enable us to provide you with our goods and/or services. As a controller, we have certain obligations under the GDPR when collecting, storing and using the personal information of EU citizens. If you are an EU citizen, your personal data will:
- be processed lawfully, fairly and in a transparent manner by us;
- only be collected for the specific purposes we have identified in the ‘collection and use of personal information’ clause above and personal information will not be further processed in a manner that is incompatible with the purposes we have identified;
- be collected in a way that is adequate, relevant and limited to what is necessary in relation to the purpose for which the personal information is processed;
- be kept up to date, where it is possible and within our control to do so (please let us know if you would like us to correct any of your personal information);
- be kept in a form which permits us to identify you, but only for so long as necessary for the purposes for which the personal data was collected;
- be processed securely and in a way that protects against unauthorised or unlawful processing and against accidental loss, destruction or damage.
We also apply these principles to the way we collect, store and use the personal information of our Australian customers or clients. Your rights Some of you (in particular, European users and those whose information we receive under the EU-U.S. Privacy Shield) have certain legal rights to obtain information about whether we hold personal information about you, to access personal information we hold about you, and to obtain its correction, update, amendment or deletion in appropriate circumstances. Some of these rights may be subject to some exceptions or limitations. Rights which you are entitled to are:
- Data access rights
- Right to restrict processing
- Right of Rectification
- Right to Erasure (Right to be Forgotten)
- Right to object to processing; and
- Right to withdraw consent.
Questions and complaints
We will respond to your request to exercise these rights within a reasonable time (and in all cases within 30 days of receiving a request). If you have any questions about this Privacy Policy, wish to have your personal data removed or believe that we have at any time failed to keep one of our commitments to you to handle your personal information in the manner required by the Privacy Act or GDPR, then we ask that you contact us immediately using the following contact details: Privacy officer Peak Usability trading as PeakXD Level 2 North Tower 10 Browning St South Brisbane 4104 +61 7 31297070 [email protected] Last update: 25 May 2018