1. About this privacy policy

NorthSeat Pty Ltd (ABN 67 690 779 072) ("we", "us", "our") is committed to protecting your privacy.

We are not legally required to comply with the Privacy Act 1988 (Cth) ("Privacy Act") or the Australian Privacy Principles ("APPs"). However, we have adopted privacy practices broadly consistent with the Privacy Act and APPs as a matter of best practice. We do this because our clients expect the highest levels of governance, integrity, and accountability.

This Privacy Policy explains how we handle personal information that we collect and use in the course of our business, including through our website, through client engagements, and through our products and services (including DirectorLens, Governance Tension Points Playbook, and any future offerings).

By engaging with us, visiting our website, or using our services, you consent to our collection, use, and handling of your personal information in accordance with this Privacy Policy.

2. What information we collect

We may collect and hold personal information about you that is reasonably necessary for us to conduct our business and provide our services.
The types of personal information we may collect include (but are not limited to):
1. your name;
2. your contact details (including email address, phone number and mailing address);
3. your organisation and job title;
4. information about your interactions with us, including through our website and social media platforms;
5. information you provide to us through our client onboarding process, proposals, Statements of Work, or during the course of our engagement;
6. payment and transaction details for services or products you purchase from us;
7. information about your use of our products or services (including DirectorLens and Governance Tension Points Playbook and any future offerings); and
8. any other personal information that you provide to us.

3. How we collect personal information

We collect personal information in a variety of ways, including:
1. directly from you when you engage with us, make an enquiry, or provide information to us in the course of a client engagement;
2. through our client onboarding process, proposals, Statements of Work, or other business documents;
3. when you use our website, digital platforms, or social media channels;
4. when you subscribe to our newsletters or marketing communications;
5. when you purchase products or services from us (including through online platforms);
6. when you participate in surveys, events or promotions that we conduct; and
7. from third parties, where you have consented to the disclosure of your personal information to us, or where otherwise permitted by law.
Website and cookies
1. Our website may use cookies and similar technologies to enhance your browsing experience, analyse website traffic, and support marketing activities.
2. You can choose to disable cookies or manage your cookie preferences through your browser settings.
3. We do not use cookies to collect sensitive personal information.

4. How we use personal information

We use personal information for purposes that are reasonably necessary for, or directly related to, our business activities and functions, including to:
1. provide our consulting services, products, and offerings to you (including DirectorLens, Governance Tension Points Playbook, and any future offerings);
2. manage our client relationships and communications;
3. respond to your enquiries or requests;
4. process payments and manage transactions for products or services;
5. deliver marketing communications in accordance with the Spam Act 2003 (Cth) and applicable laws. You can opt out of receiving these communications at any time by using the unsubscribe facility included in our messages or by contacting us directly;
6. conduct events, promotions, surveys or market research;
7. develop and improve our services, products, and client experience;
8. manage our website and digital platforms;
9. comply with our legal and regulatory obligations; and
10. carry out any other purpose which is disclosed to you and to which you have consented.
Retention of personal information
1. We retain personal information for as long as necessary to fulfil the purposes for which it was collected, or as required by law.
2. When personal information is no longer needed, we take reasonable steps to securely destroy or de-identify it.
Children’s privacy
1. Our services are designed for business and professional use.
2. We do not knowingly collect personal information from individuals under 18 years of age

5. Disclosure of personal information

We may disclose your personal information to third parties where reasonably necessary to carry out our business activities or to comply with legal obligations.
The types of third parties to whom we may disclose personal information include:
1. our service providers, contractors, and advisers who assist us in operating our business and providing our services (including IT services, cloud storage providers, payment processors, marketing providers, and professional advisers);
2. third party platforms that we use to deliver products or services (including online sales platforms, and any future platforms we may use);
3. government and regulatory authorities and law enforcement agencies, where required or authorised by law; and
4. any other third party where you have consented to the disclosure or where otherwise permitted by law.
We take reasonable steps to ensure that third parties to whom we disclose personal information handle that information in a manner consistent with the Privacy Act and this Privacy Policy.

6. Overseas disclosure of personal information

We may disclose personal information to third parties located outside Australia where this is reasonably necessary to provide our services, operate our business, or comply with legal obligations.

We may use third party service providers and platforms that store data on servers located in countries outside Australia, including (but not limited to) the United States, the United Kingdom, the European Union, and other countries from time to time.

We take reasonable steps to ensure that any overseas recipients of personal information handle that information in a manner consistent with the Privacy Act and this Privacy Policy.

By providing your personal information to us, you acknowledge that we may disclose it to overseas recipients as described in this Privacy Policy.

7. Security of personal information

We take reasonable steps to protect personal information that we hold from misuse, interference, and loss, and from unauthorised access, modification, or disclosure.

These steps include the use of physical security, access controls, information security technologies, and operational policies and procedures to safeguard information.

While we take reasonable steps to maintain the security of your personal information, no system can be guaranteed to be completely secure. To the extent permitted by law, we exclude liability for any unauthorised access to personal information where we have taken reasonable steps to protect that information.

8. Access to and correction of personal information

You may request access to personal information that we hold about you, or request that we correct any personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading.

We will respond to such requests within a reasonable period and in accordance with the requirements of the Privacy Act.

Requests for access or correction should be made using the contact details set out in this Privacy Policy.

In certain circumstances, we may refuse to provide access to personal information in accordance with the Privacy Act. If we do so, we will provide you with written notice that sets out the reasons for refusal (except where it would be unreasonable to do so) and how you may complain about the refusal.

9. Data breach notification

We take data breaches very seriously and have procedures in place to respond to any actual or suspected data breach involving personal information.

If we believe that a data breach has occurred that is likely to result in serious harm to any individual, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with our obligations under the Privacy Act.

If you believe that your personal information may have been involved in a data breach, please contact us immediately using the contact details set out in this Privacy Policy.

We maintain an internal Data Breach Response Plan to guide our actions in responding to data breaches in accordance with our obligations under the Privacy Act and the Notifiable Data Breaches scheme.

10. How to make a privacy complaint

If you have a concern about the way we have handled your personal information, or believe that we have failed to handle your personal information in line with this Privacy Policy or the standards we align with under the Privacy Act and Australian Privacy Principles, you may make a complaint to us.

Complaints should be made in writing using the contact details set out in this Privacy Policy.

We will respond to all complaints as soon as practicable and in accordance with the requirements of the Privacy Act.

If you are not satisfied with our response, you may also lodge a complaint with the Office of the Australian Information Commissioner (OAIC). For more information, please visit www.oaic.gov.au.

11. How to contact us

If you have any questions about this Privacy Policy, or if you wish to request access to or correction of your personal information, or make a privacy complaint, please contact us at:

NorthSeat Pty Ltd
Email: liam@northseat.com.au
Postal address:
P.O. Box 2676
Toowoomba, QLD 4350