We acknowledge the importance of information security and the protection of privacy
We adhere to the principles of privacy by design and privacy by default
We have implemented an information security and privacy management system (ISPM) to meet the ISO 27001 & 27701 standards
To demonstrate compliance to the latest regulations, such as GDPR, we continually seek improvement via the ISPM
A risk assessment has shown how your data is being used in our processes
We have implemented measures to ensure adequate protection of data, both in transit and at rest
Processes have been adjusted to make sure data is never stored longer than necessary to perform our services
If you want to find out which measures and security controls have been implemented, we have prepared an Assurance statement which is available upon request
Lumify Work's commitment to continual improvement is demonstrated through our risk assessment and treatment process and Incident management process which includes the assessment of privacy practices and management of Personally Identifiable Information (PII)
To provide, improve, and properly manage our products and services we continually improve by developing new products, responding to requests or queries, verifying your identity, conduct surveys, and seek your feedback
1. Privacy at Lumify Work
DDLS Australia Pty Ltd (ABN 55 133 222 241), trading as Lumify Work, understands the importance of protecting your personal information. Lumify Work deals with personal information in accordance with the Australian Privacy Principles (APPs) which are contained in the Privacy Act 1988 (Privacy Act) and this privacy policy.
2. What is personal information?
When used in this privacy policy, the term “personal information” has the meaning given to it in the Privacy Act. Personal information is any information that can be used to personally identify you. This includes such things as your name, address, telephone number, email address and profession or occupation.
3. What personal information do we collect?
We collect personal information in order to provide our training services, to conduct our business and to improve customer service. The types of personal information we collect will depend on how you interact with us.
Typically, we collect the following personal information:
name
title or position
business address
e-mail address
phone number
Information you provide to us through customer surveys, evaluation forms and when you register for Lumify Work events and seminars
We do not normally collect sensitive information about you such as information relating to your health, religion, political beliefs, date of birth or race. If we do collect sensitive information which is reasonably necessary for the operation of our business functions or activities, we will obtain your consent to do so.
If your organisation is a Lumify Work client and you do not agree to provide us with your personal information, this may limit our ability to provide our services to your organisation. When PII is collected backups will capture this information and procedure is in place to responsibility restore the recent changes to maintain PII data accuracy. Backups are retained for a period of 28 days and two weeks would be required for restoration of systems including PII.
4. How do we collect personal information?
We collect personal information directly from you unless it is unreasonable or impracticable to do so. We may collect your personal information in the following ways:
when you purchase our services
when we respond to your inquiries and requests
during conversations or email exchanges between you and our representatives
when we obtain feedback from you about our services including through student evaluation forms
when we conduct our administrative and business functions
when you register for our events or subscribe to our mailing lists and newsletters
when we market our services to you
through your access and use of our websites
Personal information may be obtained directly from you, through another contact in your company if you are a corporate client, or through a third party by who we have been informed that your details may be provided to us.
We may at times obtain personal information that relates to you through third parties. Where we do so, we will ask any third parties to confirm in writing that they have legally obtained your personal information and that we have the right to acquire it from them and to use it.
5. For what purposes do we collect, hold, use and disclose personal information?
We collect, hold, use and disclose personal information for the following purposes:
to send communications
to manage and maintain our business relationships
to respond to inquiries and requests
to improve the services we provide
to inform you about our services
to obtain feedback from you on our services
to organise training certification exams
to provide access to online portals
to provide you with a more personalised experience when you interact with us
to conduct administrative and business functions
to provide our services
to update our records and keep contact details up to date
to enable you to subscribe to our website, newsletters and mailing lists and to register for Lumify Work events
to assess the performance of our website and to improve its operation
to process and respond to privacy complaints
to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority of any country
The Personal Information we collect will only be that which is necessary for the conduct of our business and our relationship with you or your company. We will not share, sell, rent or disclose your personal information other than as described in this privacy policy.
6. To whom do we disclose personal information?
We may disclose your personal information to our employees and related bodies corporate for the purposes set out in clause 5 above. We may combine or share any information that we collect from you with information collected by any of our related bodies corporate.
We may also disclose your personal information to:
contractors, suppliers, vendors, partners, and other third parties with whom we have a commercial relationship for business, marketing, and related purposes
any organisation for any authorised purpose with your express consent
Except as set out above, Lumify Work will only disclose personal information if this is required by law or a court/tribunal order or otherwise permitted under the Privacy Act.
7. Do we disclose personal information to anyone outside Australia?
We may disclose your personal information to service providers located outside Australia such as the United Kingdom, the United States of America, Singapore, and the Netherlands for some of the purposes set out in clause 5 above. We will take steps to contractually ensure that overseas recipients of your personal information provide a level of protection for your personal information which is equivalent to the APPs.
8. How do we store and secure personal information?
We store personal information to ensure that we can manage and maintain communications with organisations with whom we do business. Contact may be verbal, electronic or written. We will only store your personal information if it is relevant to your organisation conducting business with us. We do not normally store information that is sensitive information.
We take all reasonable precautions to ensure that personal information is protected from misuse, interference, loss, unauthorised access, modification or disclosure using a combination of physical, administrative and technical safeguards. We hold personal information in either paper-based records in secure access controlled premises or in electronic form in databases and email files which require logins and passwords. Lumify Work personnel are also contractually bound by confidentiality obligations.
Lumify Work’ website is linked to the internet, and as the internet is inherently insecure, we cannot provide any assurance regarding the security of transmission of information you communicate to us online. We also cannot guarantee that the information you supply will not be intercepted while being transmitted over the internet. Accordingly, any personal information or other information which you transmit to us online is transmitted at your own risk.
If your personal information is no longer needed, we will take reasonable steps to either delete it from our systems or de-identify it, except where Lumify Work is required by law or a court/tribunal order to retain the information.
9. Direct marketing
We may send you direct marketing communications and information about our services that we consider may be of interest to you. We may send communications in various forms including mail, SMS, and email, in accordance with applicable laws, such as the Spam Act 2003 (Cth). You consent to us sending you those communications by any of those methods. If you indicate a preference for a method of communication, we will use reasonable endeavours to use that method whenever practical to do so.
If you do not wish to receive electronic communications from us, you may opt-out of receiving them by contacting us using the contact details set out at the end of this privacy policy or by using the opt-out mechanisms provided in those communications. We will then remove your name from our mailing list.
We do not provide your personal information to other organisations for the purposes of direct marketing.
10. How can you access and correct personal information?
We will take all reasonable steps to ensure that the personal information we hold about you is accurate, up to date and complete. You may request access at any time to personal information that we hold about you and we will give you access in the manner that you request where it is reasonable and practicable to do so, except where we deny access as permitted by the Privacy Act. For example, we may need to refuse access if granting access would interfere with the privacy of others, is unlawful or would result in a breach of confidentiality. You may also request that we correct your personal information when it is inaccurate, incomplete or out of date.
If you wish to access or correct your personal information, please send a written request to our Privacy Officer using the contact details set out below or by using the customer portal services. Our Privacy Officer will respond to your request within 30 days after you make the request. If we deny your request for access to or correction of your personal information, we will provide you with written reasons for refusing your request and the mechanisms available to you to complain about our refusal.
11. How can you complain about a breach of your privacy?
If you have concerns about how your personal information is being handled by Lumify Work or you wish to make a complaint about a breach of the APPs by Lumify Work, please send your complaint in writing to the Privacy Officer using the contact details set out below. The Privacy Officer will respond to you in writing within 30 days of receiving your complaint, setting out what action Lumify Work will take as a result of your complaint or alternatively providing an explanation to you if there has been no breach of the law.
12. Using our website
When you access our website, we may send cookies (which is a small summary file containing a unique ID number) to your computer. This enables us to recognise your computer and greet you each time you visit our website without bothering you with a request to register. We may use cookies to measure traffic patterns and to determine which areas of our website have been visited. If you do not wish to receive cookies, you can set your browser so that your computer does not accept them.
Any activity you participate in on our website may be monitored. We may log IP addresses (that is, the electronic addresses of computers connected to the internet) to analyse trends, administer the website, track users movements, and gather broad demographic information. We do not use cookies to track your internet activity before or after you leave the Lumify Work environment.
Our website may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third party website and we are not responsible for the privacy policies or the content of any third party website.
13. Changes to our privacy policy
We may change this privacy policy from time to time. Any updated versions of this privacy policy will be posted on our website. Please review it regularly.
This privacy policy was last updated on 4 March 2024.
14. Consent withdrawal
You may request for your personally identifiable information consent withdrawal at any time by contacting Lumify Work using the channels below. We may require the request to be in writing depending on the data being withdrawn, as well as proof of identity. Click for more information on your Personal Information Rights.
15. Contacting us
If you have any questions about this privacy policy or requests for a Data Protection Agreement, please contact our Data Protection Officer as follows:
Email: [email protected]
Phone: 1800 U LEARN (853 276)
Post: Data Protection Officer, Lumify Work, PO Box K975, Haymarket NSW 1240, Australia