Our privacy promise is that we will aim for best practice in the handling of personal information, by following the privacy principles below unless authorised or required by law to depart from them.
The types of personal information we hold
We hold personal information about our own staff, as well as the contact details of suppliers and other types of professional associates.
We also hold the contact details and transaction history of ‘customer contacts‘, by which we mean individuals with whom we have some form of customer relationship: individuals who have purchased a Compliance Kit, an eLearning module, eBook or other publication from us; been a past training or consulting client; registered or been waitlisted for a training course, webinar or other type of event; downloaded a free Handbook from us; made an enquiry about our publications, training or consulting services; and/or subscribed to our eNews and/or Product News email newsletters.
For customers who have accessed an an eLearning module since December 2022 (‘learners‘), we also hold information about their progress in relation to each module. We can see when a named learner last logged in, how many times they have logged in, whether they have completed the ‘lesson’ part of their module, whether they have attempted the ‘quiz’ part of their module, their quiz results, and their certificate of completion. This information is stored in the Content Management System part of our website, not by any third party.
Our third party service providers
The contact details of our customer contacts (see definition above) or other type of business relationship (including our staff, and individuals who work for our clients, suppliers and others) may be held offshore, including ‘in the cloud’, by our third party service providers.
Our third party service providers are currently:
- Microsoft Office 365 (address book for professional contacts)
- Xero (accounts information for clients and suppliers)
- MailChimp (names and email addresses of customer contacts who receive our eNews and/or Product News newsletters)
- TryBooking (names, email addresses, telephone numbers of individuals who have purchased tickets to our training events or webinars, or who have registered to attend free events; dietary needs / special needs where applicable for in-person public training workshops)
- Stripe (names and email addresses of individuals who have purchased Compliance Kits, eBooks or eLearning modules online using credit or debit card since 5 July 2023), and
- PayPal (names and email addresses of individuals who have purchased Compliance Kits, eBooks or eLearning modules online using PayPal, or using credit or debit card before 5 July 2023).
Financial information about individuals who purchase tickets to training events or webinars is held and processed on our behalf by TryBooking. Financial information about individuals who purchase Compliance Kits, eBooks or eLearning modules online using credit or debit card (since 5 July 2023) is held and processed on our behalf by Stripe. Financial information about individuals who purchased Compliance Kits, eBooks or eLearning modules online using credit or debit card before 5 July 2023, or using a PayPal account, is held and processed on our behalf by PayPal. We do not know, or have access to, any purchaser’s debit or credit card or bank account information. Stripe may use device fingerprinting to prevent fraud, but we do not have any access to device fingerprinting information.
We use Google Analytics to measure how many people visit our website, how they found our site (e.g. organic search, clicking on a link from a tweet, or via an ad), which pages on our site they view, and whether they go on to purchase or download one of our products. This data is not shared with any other third party besides Google technical support (and then only if we require it). While Google Analytics does not directly identify users, as mentioned above we do collect the name and email address of individuals who download or purchase our products online.
We use MS Teams to host ‘live virtual’ meetings with clients and their stakeholders, and to run training events and webinars. For large free webinars we may use Zoom as an alternative to MS Teams. Participants who use in-event functionalities like Chat or Q&A may have their information collected by the hosting platform.
We use SurveyMonkey to seek feedback from people who have attended our training events and webinars. While we design our surveys to avoid collecting information that would allow us to identify survey respondents, and we use pro-privacy settings within the survey platform (e.g. we do not collect IP addresses), in some cases it may be possible for us to identify survey respondents from the content of survey responses. We make this clear at the point of collection for each survey, by warning respondents not to inadvertently reveal identifying information about themselves via their survey answers.
Limiting our collections
We will only collect personal information if:
- it is for a lawful purpose that is directly related to one of our functions, and
- it is reasonably necessary for us to have the information
How we will collect personal information
We will collect personal information directly from the individual concerned unless it is unreasonable or impractical
We will not collect personal information by unlawful means
We will not collect personal information that is intrusive or excessive
We will take reasonable steps to ensure that the personal information we collect is relevant, accurate, up-to-date and complete
When collecting personal information, we will take reasonable steps to inform the person:
- what part of Salinger Privacy will hold and/or have access to their personal information
- what it will be used for
- what other organisations (if any) routinely receive this type of personal information from us (for example, when learners log in to an eLearning module, they see a warning on screen that their progress will be reported back to the organisation which arranged their enrolment)
- how the person can access their personal information held by us
- whether the collection is required by law, and
- what the consequences will be for the person if they do not provide the information to us.
We will enable anyone to know, upon request, whether we are likely to hold their personal information, and if so:
- what type of information we hold about them
- the purposes for which it will be used, and
- how they can access their own personal information.
We will take reasonable security measures to protect personal information from loss, unauthorised access, use, modification or disclosure.
We will take reasonable steps to ensure personal information is stored securely, not kept longer than necessary, and disposed of appropriately.
Data held on our Content Management System is hosted on servers located in NSW. Other data is held on systems operated by our third party service providers (such as MailChimp), as described above. Access to our Content Management System and our account with MailChimp requires two-factor authentication, and access is limited to selected staff and one contracted ICT service provider.
Access and amendment
We will allow people to access their personal information without unreasonable expense or delay
We aim to respond to requests within 30 days
We will only refuse access where authorised by law, and we will provide written reasons
We will allow people to update, correct or amend their personal information where necessary, to ensure it is accurate, relevant, up-to-date, complete or not misleading
Where possible, we will notify any other recipients of any changes
Before using or disclosing personal information, we will take appropriate steps to ensure that the information is relevant, accurate, up-to-date, complete, and not misleading
Use and disclosure
We will use or disclose personal information only for the primary purpose for which it was collected, unless one of these apply:
- the person has consented
- it is for a directly related secondary purpose within the reasonable expectations of the person (for example, to issue a receipt or answer an enquiry about an online purchase; to add a new customer contact to our Product News mailing list; or to report back to customers about their learners’ progress through eLearning modules), or
- it is to a related or associated company for the purpose of providing a service.
It is not practicable for us to provide anonymous services, although subscribers to our email newsletters, and purchasers of our online products, may of course use pseudonyms.
Our Privacy Officer
Our Privacy Officer is our Principal, Anna Johnston. Please contact us to get in touch.