Privacy Policy

INFORMOTION PRIVACY POLICY

Effective as of 1 March 2025.

This policy (Privacy Policy) explains how Informotion protects the Personal Information of Individuals. Informotion is committed to protecting the safety and security of the Personal Information of Individuals whose information Informotion has access to, including the customers and employees of prospective and current Informotion clients, and other persons with whom Informotion interacts (each an Individual or you).

In this Privacy Policy:

Informotion or us means the Informotion group of entities, which includes Informotion Pty Ltd (ACN 161 716 007) and Informotion EMEA Ltd (CN 11626507).

Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not.

The Privacy Policy has been developed in accordance with data protection laws of Australia, the European Union, the United Kingdom and the United States.

Please read this Privacy Policy carefully in order to understand how your Personal Information is collected, held, used, or otherwise processed by us.

Informotion reserves the right to make changes or updates to this Privacy Policy from time to time. If this happens we will update this Privacy Policy and notify you of any changes, most likely via email. However, you should also periodically check this Privacy Policy for any updates.

1. ABOUT INFORMOTION

Informotion is an Information Management ISV and Consulting Firm specialising in Data Governance and AI, Modern Work, Records Management and Information Privacy. We provide professional services to help organisations solve their most important data management challenges and unlock information value and reduce risk, and resell the software platforms of leading software vendors (Software Platforms), including without limitation EncompaaS, Microsoft and OpenText (together, Services)

Informotion’s contemporary approach leverages our extensive experience, analytics and AI technologies to augment people, automate process and enhance software investments, helping organisations to digitally transform and prepare their data to meet business and regulatory requirements at scale.

Headquartered in Sydney Australia, with offices in the UK, Informotion’s expert team has a deep understanding of records and information management, data governance and sensitive data management, and is trusted by highly regulated organisations worldwide.

2. HOW INFORMOTION COLLECTS YOUR PERSONAL INFORMATION

Informotion may collect Personal Information in one of three main ways:

(a) Directly from Individuals, when they interact with Informotion or the Services (e.g. enquire about Informotion or Software Platforms);
(b) Passively from Individuals, when they interact with the Services (e.g. through recording technical data generated while we implement and configure a Software Platform); and
(c) From third-parties in certain, specific circumstances (e.g. if Personal Information about an individual is provided to Informotion by a Software Platform in the process of providing Services).

The specifics of Personal Information collected in each situation is discussed further below.

3. WHEN INFORMOTION COLLECTS INFORMATION FROM INDIVIDUALS AND WHAT WE COLLECT

(a) Personal Information collected directly

When an Individual makes an enquiry or sends us an expression of interest on our website or via other elements of our Services, the following types of Personal Information may be directly and consensually collected:

• Basic contact information, including your name, email, phone number, organisation and role;
• Individuals’ identity information, including your residential address, date of birth, government identification number (drivers licence or passport number), photographs and signature;
• Enquiry information, such as the details of indications of interest in Services or Software Platforms, or other information provided by in an enquiry; and
• Your social media handle, social media account information and any content that you post and submit to Informotion and our social media pages, which includes any content from third-party platforms.

If an Individual is appointed as their organisation’s point of contact with Informotion, we may collect basic contact information (including an Individual’s name, email, phone number and role).

When Individuals order Services, we may directly and consensually collect the Personal Information outlined in the relevant correspondence or form. Ordinarily this will include basic contact information required for our record keeping purposes.

When Individuals respond to a survey we may directly and consensually collect the Personal Information disclaimed and explained on the survey form.

When Individuals use a Software Platform, Informotion may directly and consensually collect the Personal Information made available by Individuals through their normal use of the Software Platform.

When Individuals provide Informotion with unsolicited feedback or otherwise interact with Informotion on their own accord we may collect any contact information provided (including Personal Information), as well as any feedback.

When Individuals make an application for employment at Informotion, we may collect any Personal Information provided within that application, such as the contents of a personal statement made in support of an application.

(b) Personal Information collected passively

As Individuals come into contact with, or otherwise interact with the Services, Software Platforms or Informotion’s advertisements, we may collect the following types of Personal Information about their experience:

• Content that is posted and submitted, including posts on our social media accounts or in discussion threads, as well as similar content that is posted about Individuals by others;
• If an Individual’s organisation has requested specific user accounts to be generated for their employees over a Software Platform, we may collect background account information about those individuals (e.g. notification and other account settings).
• The following types of browser, system and device information regarding Informotion’s and other devices Individuals use to access the Services:
  • Locational information, such as in the form of the IP address from which Services are accessed, particularly when accessing the internet;
  • Web data tracking information, such as data from cookies stored on Individuals’ devices, including cookie IDs and settings, as well as logs of your usage of the Services;
  • Device information provided by devices Individuals link to the Services(e.g. device information from a smartphone) which at times might result in us collecting other secondary information about Individuals; and
  • System usage information, including logs of an Individuals’ access and use of the Services.

(c) Personal Information collected from third parties

In certain specific situations, Informotion may collect Personal Information about Individuals from third parties. The types of Personal Information collected include:

• Publicly available basic contact and biographical information (e.g. details available on LinkedIn, or any other biographical, display picture or other information);
• Third-party account information made available to us if Individuals link their account or usage from the Services to third-party services or platforms; and
• Web data tracking information that fit certain parameters of who we think could become Informotion clients (e.g. heat maps developed through Google Analytics which track patterns of individual interactions with our web pages).

Informotion may also collect Personal Information through pseudo-anonymised data sets acquired from clients or other third parties. These data sets might contain Personal Information that is not immediately attributable to identifiable individuals, but might come to constitute Personal Information when combined with other information available to Informotion.

4. WHY INFORMOTION COLLECTS YOUR PERSONAL INFORMATION AND WHAT WE USE IT FOR

Although Informotion collects Personal Information from Individuals in a number of circumstances, Informotion will only collect this information in order to develop and provide the Services, including appropriate services that support and enhance the Software Platforms. Here are the main ways we may use Personal Information to achieve these objectives:

(a) Communicating with Individuals

Informotion may use basic contact, enquiry and feedback in order to communicate with Individuals about their enquiries or feedback, interest in Services, and for other administrative purposes related to the specific reason for which the Personal Information was collected.

If Individuals have consented, Informotion may also use these types of Personal Information to share relevant news and updates about Informotion and the Services.

(b) Administration and delivery of Services

Informotion may use Personal Information it collects in order to administer and deliver the Services to Individuals. For example, Informotion may use Personal Information:

• in the normal course of Individuals’ use of Services to enable Individuals to effectively use the Services.
• when Individuals complete an opt-in form to request a Webinar or Demo of Software Platforms, or download content such as a Whitepaper, in order to commence a marketing relationship or engage in a sales activity with the Individual.
• for administrative purposes (e.g. resetting account information or permissions as applicable).

(c) Ensuring User safety

Informotion may use any type of information collected to prevent and address risks to all Individuals (e.g. Informotion may use information to investigate suspicious or threatening activity).

(d) Research and development

Informotion may use the following types of information to develop, test and improve the Services :

• Survey and feedback information, as well as any content that is submitted;
• Basic account preferences;
• Publicly available information; and
• Any other relevant information.

Together these types of Personal Information may be used to provide us with an overview of how the Services are being used, any shortcomings the Services may have, and subsequently to highlight the best means of improving experiences for all Individuals.

Informotion’s preference is to de-identify these types information first, and then use it for this purpose in conjunction with de-identified browser and device information.

(e) Marketing

Where Individuals have consented, or subject to law, Informotion may use basic contact, enquiry and organisational information to provide Individuals with relevant marketing materials and offers in accordance with applicable laws. To unsubscribe from Informotion’s e-mail database or opt-out of communications, please use the opt-out facilities provided in the communication or contact Informotion using the details below.

Further, Informotion may use Personal Information:

• collected from social media platforms (e.g. LinkedIn) to target contacts for sales and marketing activities.
• in sales campaigns or marketing events in order to raise interest in Software Platforms and Services offerings.

5. INFORMOTION’S DISCLOSURE OF PERSONAL INFORMATION

Generally, Informotion does not disclose Personal Information to any third parties except:

• Service providers Informotion engages to help us provide, develop or manage Informotion Service offerings (e.g. cloud service providers);
• In some specific circumstances, Individuals’ employers (e.g. the organisation of an Individual); and
• Law enforcement agencies, or another party that has a legitimate legal right to access the information.

The above disclosures would only be made in circumstances where the recipient has provided an undertaking that they will maintain the confidentiality of the information and that they recognise the appropriate limitations placed on the use of the information. Disclosures would also always be in accordance with this Privacy Policy. In the case of Individuals’ organisations, Informotion may seek the explicit consent of the Individual before disclosing their information.

International Disclosure

Informotion may disclose Personal Information to third parties located internationally. This is particularly the case for our cloud service providers which have servers in the United States, Europe and the United Kingdom that Informotion currently uses.

Sometimes, subject to relevant law, we may also disclose Individuals’ Personal Information to agents of Individuals, or their organisations, that are located internationally.

As with disclosures to third party service providers, international disclosures are always made once Informotion has taken all reasonable steps to determine the information will be treated as at least as favourably as the relevant privacy laws applicable to the Privacy Policy.

6. INFORMOTION TREATMENT AND STORAGE OF INFORMATION

(a) Informotion’s general approach

Informotion will keep your Personal Information confidential and not sell or knowingly divulge Individual information to any external third-parties, unless:

• We believe, in good faith, that we are required to share the Personal Information with a third-party in order to comply with legitimate legal obligations;
• The disclosure is to a third-party processor of Personal Information that acts on our behalf and/or under our instruction in order to enable us to deliver the Services;
• Other entities which may acquire ownership or operation of Services or the Software Platforms; and/or
• To protect the safety of Individuals, and the security of the Software Platforms.

Informotion seeks the informed and voluntary consent of Individuals whenever it collects their information, or as soon as possible after.

Individuals can always refuse or revoke this consent, but sometimes this will affect Informotion’s ability to provide them with the Services. Informotion will advise Individuals if this is the case.

(b) De-identification

De-identified information refers to information that cannot reasonably be used to identify a particular Individual.

De-identified information that will never be able to personally identify particular Individuals is referred to as anonymised information (e.g. statistics that show 90% of Users were happy with a Software Platform). Additionally, de-identified information that can identify individuals only if it is combined with another, separate piece of information is referred to as pseudonymised information (e.g. account ID numbers for a particular Software Platform).

Where possible Informotion will aim to collect, store and use anonymised information as a first preference, and if not, then pseudonymised information.

However, sometimes it will be impractical for Individuals’ information to be de-identified or treated in this way, and in this case, Informotion will continue to use and hold the information in a personally identifiable state. For example, if Informotion needs to reply to an Individual’s enquiry we will have to use the contact information provided.

(c) Security

Informotion is committed to information security. We will use all reasonable endeavours to keep the Personal Information we collect, hold and use in a secure environment. To this end we have implemented technical, organisational and physical security measures that are designed to protect Personal Information, and to respond appropriately if it is ever breached. For example, access to all systems used by Informotion requires a valid company username and password with multi-factor authentication. Access to Software Platforms is controlled by authorised personnel, and every access to any record in this platform is audited and retained indefinitely.

When information collected or used by Informotion is stored on third-party service providers (e.g. Azure, AWS or OpenText cloud servers), Informotion takes reasonable steps to ensure these third parties use industry standard security measures that meet the level of information security Informotion owes Individuals.

As part of our privacy framework we endeavour to routinely review these security procedures and consider the appropriateness of new technologies and methods.

(d) Data Breaches

In the circumstances where Informotion suffers a data breach that contains Personal Information, we will execute our Data Breach Response Plan.

If an individual believes that their privacy has been breached, please contact Informotion using the contact information below and provide details of the incident so that it can be investigated. Informotion requests that complaints about breaches of privacy be made in writing, so that we can be sure about the details of the complaint. Informotion will attempt to confirm as appropriate and necessary with you your understanding of the conduct relevant to the complaint and what you expect as an outcome. After Informotion completes its enquiries, we will contact you to advise the outcome and invite a response to our conclusions about the complaint. If we receive a response from you, we will assess it and advise if we have changed our view.

7. RETENTION AND MANAGEMENT OF INFORMATION

(a) Retention and Deletion of Personal Information

Informotion retains Personal Information until it is no longer needed to provide or manage the Services or Software Platforms, or until the individual who the Personal Information concerns asks us to delete it, whichever comes first. You can request Informotion to permanently delete your Personal Information by emailing Informotion using the contact details available below. It may take up to 30 days to delete Personal Information from our systems following a valid request for deletion.

However, Informotion will retain:

• Personal Information in circumstances where we have legal and regulatory obligations to do so (e.g. for law enforcement purposes, employment law, corporate or tax record keeping, and where the information is relevant to legitimate legal proceedings, or in keeping with its’ requirements under other Australian record keeping legislation); and
• anonymised information for analytic and service development purposes.

The information we retain will be handled in accordance with this Privacy Policy.

(b) Accessing and ensuring the accuracy of Personal Information

Informotion takes reasonable steps to ensure that the Personal Information we collect and hold is accurate, up to date and complete.

Individuals have a right to access and request the correction of any of Personal Information we hold about them at any time. Any such requests should be made by directly contacting us at the details set out below. Informotion will grant access to the extent required or authorised by applicable laws, and will take all reasonable steps to correct the relevant Personal Information where appropriate.

There may be circumstances in which Informotion cannot provide Individuals with access to information. We will advise you of these reasons if this is the case.

8. SPECIFIC RIGHTS OF AUSTRALIAN RESIDENTS

Individuals who are located in Australia have additional rights in respect of their Personal Information. These rights are primarily governed by the Privacy Act 1988 (Cth) (AU PA).

(a) Data Breaches

In the circumstances where Informotion suffers a data breach that contains Personal Information of individuals residing in Australia, we will endeavour to take all necessary steps to comply with the Notifiable Data Breach Scheme outlined under the AU PA. This means we will immediately make an objective assessment of whether a breach of Personal Information is likely to result in serious harm to Individuals, and if this is the case, endeavour to notify the affected Individual(s) and the Australian Information Commissioner.

9. SPECIFIC RIGHTS OF EUROPEAN AND UK RESIDENTS

Individuals who are habitually located in the European Union (EU Residents) and in the United Kingdom (UK Residents) have specific rights under their local laws in respect of their Personal Data. These rights are primarily governed by: (1) with respect to EU Residents, the European Union General Data Protection Regulation (Regulation (EU) 2016/679) (EU GDPR), (2) with respect to UK Residents, (a) the Retained Regulation (EU) 2016/679 as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of s 3 of the European Union (Withdrawal) Act 2018 and as amended by Schedule 1 to the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (SI 2019/419) (UK GDPR), and (b) the UK Data Protection Act 2018.

Personal Data is defined in the EU GDPR and UK GDPR as: “Any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier”. This should be considered fundamentally interchangeable with the term “Personal Information” for the purposes of this Privacy Policy.

Under the EU GDPR and UK GDPR important distinctions are drawn between a “Controller” or “Processor” of Personal Data, where:

• “Controller” means a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; and
• “Processer” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

To the extent that Informotion is primarily a “controller” or “processor” of Personal Data as part of its EU GDPR and UK GDPR compliance, Informotion provides Services in a way that ensures:

• Personal Data is:
  • processed fairly, lawfully and in a transparent manner; and
  • collected and processed only for specified and lawful purposes.

• Personal Data that is ‘processed’ (i.e. used, held, disclosed or transferred by Informotion) is:
  • adequate, relevant and not excessive;
  • accurate and, where necessary, kept up to date;
  • kept secure, and no longer than necessary;
  • not transferred to countries outside the European Economic Area (EEA) or the United Kingdom without adequate protection; and
  • treated in accordance with Individuals’ legal rights.

Whilst Informotion strives to provide all Individuals with appropriate access and control over their data, individuals covered by the EU GDPR and UK GDPR are also able to:

• Prescriptively restrict, limit or otherwise provide instructions to Informotion regarding how we can use their Personal Data. This includes being able to object to how and why their Personal Data is used (e.g. by the removal of their consent for particular functions);
• Verbally request the erasure (i.e. deletion) of their information; and
• Request Informotion provides all Personal Data held about them in a portable format, meaning in a way that is structured, commonly used and machine-readable. Individuals who exercise this right to data portability are also able to direct Informotion to transmit this data to other entities who they intend to allow to process their Personal Data.

Informotion will allow and assist Individuals who are EU or UK Residents to exercise these rights, unless we have compelling and legitimate legal grounds not to (e.g. Personal Data has been fully anonymised).

10. SPECIFIC RIGHTS OF US RESIDENTS

Individuals who are habitually located in the United States (US Residents) may be entitled to certain rights with respect to their Personal Information depending on which state the Individual lives in (including California, Colorado, Connecticut, Utah, and Virginia). These are described below.

• Right to Know: Individuals may have the right to know what Personal Information Informotion has collected about them, including the categories of personal information, the categories of sources from which it is collected, the business or commercial purposes for collecting, selling, or sharing it, and the categories of third parties to whom we disclose it.
• Targeted Advertising: Informotion does not sell Individuals’ Personal Information for monetary or valuable consideration. Individuals may have the right to opt-out of having their Personal Information shared for purposes of targeted advertising.
• Access and Data Portability: Subject to certain exceptions, Individuals may have the right to request a copy of the Personal Information that Informotion has collected about them during the 12 months before their request.
• Deletion: Individuals may have the right to request that we delete Personal Information that Informotion collected from them and retained, subject to certain exceptions.
• Personal Information: Companies who collect, use, and disclose Individuals’ Personal Information for purposes other than to provide Individuals with the services are required to provide Individuals with the right to limit the use and disclosure of their Personal Information by providing a “Limit the Use and Disclosure of My Sensitive Personal Information” link. Informotion only collects, uses, and discloses Individuals’ Personal Information to provide Services to Individuals, therefore Informotion is not required to provide this link.
• Correct Inaccurate Information: Individuals may have the right to request that Informotion corrects inaccuracies in the Personal Information we maintain about them.
• Opt-Out Preference Signals: Informotion will honour any opt-out preference signals as required by law.
• Appeals: You may appeal Informotion’s decision with respect to a request you have submitted by contacting us as described in the ‘Contacting Informotion’ section below.
• Categories of Personal Information Notice: Individuals who are California residents can request a notice disclosing the categories of Personal Information Informotion has shared with third parties for the third parties’ direct marketing purposes. To request a notice, please contact us as described in the ‘Contacting Informotion’ section below.
• Children under 13: Informotion must obtain parental consent before collecting, using or disclosing any Personal Information of children under the age of 13.

Informotion will allow and assist US Residents to exercise these rights, unless we have compelling and legitimate legal grounds not to (e.g. Personal Information has been fully anonymised).

11. CONTACTING INFORMOTION

For all privacy related matters and to assist in ensuring our compliance with our privacy obligations, please email privacy@informotion.com.au or use below contact details, and your query or complaint will be actioned by one of our privacy officers.

Informotion Pty Ltd
ATT: Privacy Officer

Level 8, 341 George Street, Sydney, NSW, 2000

Email: privacy@informotion.com.au
Phone: 1300 474 288

Informotion EMEA Ltd

ATT: Privacy Officer
Waterside, 1650 Arlington Business Park, Theale, Reading, Berkshire, RG7 4SA
Email: privacy@informotion.com.au
Phone: +44 (0) 1184 050090

If you have any queries or wish to make a complaint about a breach of this policy or applicable laws, you can contact or lodge a complaint to one of our privacy officers using the contact details above. You will need to provide sufficient details regarding your complaint as well as any supporting evidence and/or information.

The relevant privacy offer will respond to your query or complaint as quickly as possible. Informotion will contact you if we require any additional information from you and will notify you in writing (which includes electronic communication via email) of the relevant determination. If you are not satisfied with the determination, you can contact us to discuss your concerns or discuss your concerns or complain to a regulator in the applicable territory below.

Australia
Australian Privacy Commissioner

United Kingdom
Information Commissioner’s Office

European Union
European Data Protection Board

United States
Federal Trade Commission
California Privacy Protection Agency 

This Privacy Policy was last updated on 1 March 2025.