Effective: 1 July 2023
Lapis is committed to protecting and respecting your privacy. Please read the following carefully to understand how Lapis uses your personal information and for information about your privacy rights.
This policy applies to lapisit.com.au and all other sites, forms, or services, in addition to any event attendance or general interactions you may have with Lapis or its representatives (collectively “Lapis Services”).
What personal information do we collect and process?
The personal information we may collect includes name, email address, employer, job title, business address, telephone number, location or any additional information you elect to provide directly to us.
In providing Lapis Services, we may also log technical information such as your Internet Protocol (IP) address, browser type, cookie information, access times and device type.
How do we collect personal information?
We obtain personal information from you when you provide it directly to us, for example when you engage with our staff, fill in a form on our website, or use Lapis Services. We also obtain personal information indirectly from you when you visit our websites, including technical information about your device and browsing such as IP address and your interactions with the sites, and via cookies.
We may also receive information about you from third parties, for example from one of our partner organisations, or from individuals or third party organisations who may introduce you to us.
We may collect your information from publicly available sources, such as your organisation’s or employer’s website (for example, your business contact details including your email address). Depending on your privacy settings for social media services, we may access information from those accounts or services, including from LinkedIn, Facebook, Instagram and Twitter.
How and why do we use this personal information?
We may use your personal information in a number of ways, including:
- To provide you with services or information that you have requested and to communicate with you in general.
- To facilitate your, or your organisation’s, participation in Lapis’ network or one of our programs and/ or events – and to administer those programs and events.
- To provide you with information about our services and products, including Lapis and third party events, work and other services that we think may be of interest to you.
- To analyse and improve our work, including our services, products and activities and to report on the impact and effectiveness of our work.
- For administration purposes including to create an account for you if you register with us; to notify you about changes to Lapis Services; to keep Lapis Services safe and secure; and to ensure that content is presented in the most effective manner.
- For company administration purposes including to satisfy legal obligations which bind us (e.g. in relation to tax and law enforcement bodies), for the prevention of fraud or misuse of services, and for the establishment, defence and/or enforcement of legal claims.
We may provide you separately with specific further information about our use of your personal information (for example, if you apply to work at Lapis). Also, if we anticipate processing your information in a way that could reasonably be considered outside of what of what you could reasonably expect, then we will notify you in advance, obtain your consent, where appropriate, or refrain from processing your information in the new way.
What is our lawful basis for using your personal information?
The General Data Protection Regulation (GDPR), where it applies to our activities, requires us to rely on one or more lawful basis to process your personal information. The following are relevant to us:
- Where you give consent (for example, to receive our newsletter).
- We have entered into a contractual arrangement or taken steps at your request prior to entering into one (with you).
- Where necessary to comply with a legal obligation to which we are subject.
- Where there is a legitimate interest in us doing so provided our use is fair, balanced and does not unduly impact your rights and freedoms – in general, Spatial Vision ’s legitimate interests (for example, company governance and reporting, delivering services and programs, and networking and campaigning).
Do we share your personal information with anyone else?
We provide your information to our contractors, suppliers and partners who provide services on our behalf, or with whom we collaborate, to the extent necessary to enable us to provide you with Lapis Services – provided we are satisfied that they provide sufficient guarantees in respect of safeguarding your personal information and privacy rights, and that we have in place an appropriate agreement with them.
We may also need to disclose your information to local authorities or law enforcement agencies, if required to do so by law, or as expressly permitted under relevant data protection regulations. If we merge or undergo a reorganisation, in doing so we may acquire or transfer personal information as part of that transaction but your personal information would continue to be used for the same purposes.
Lapis will never sell, rent, or disclose your personal information to third-party entities, except as described in this policy.
As an Australian organisation, we will occasionally need to transfer data into and outside the European Economic Area – including when we use suppliers and engage with other third parties based inside the European Economic Area. Please note that some countries outside of the EEA may have a lower standard of protection for personal information, including lower security requirements and fewer rights for individuals. In these instances, adequate safeguards, such as contractual clauses and/or technical measures, are put in place to adequately protect personal information.
Lapis is committed to keeping your personal information safe and secure. We take appropriate and proportionate measures to ensure that your personal information is kept secure and to prevent its loss, destruction and misuse. We use strict procedure and security features, such as encryption, permission controls, and audit logging, to ensure your data is handled securely. However, you should be aware that the transfer of information over the Internet is not entirely secure and although we will do our best to protect your personal data we cannot guarantee the security or integrity of any personal information which is transferred online.
Links to External Websites
We use service providers including those listed below. You may wish to visit the links to learn about their privacy policies.
- Google Analytics: http://www.google.com/analytics/learn/privacy.html
- Mailchimp: https://mailchimp.com/legal/privacy/
- Linkedin: https://www.linkedin.com/legal/privacy-policy
- Facebook: https://www.facebook.com/policies/cookies/
Social Media Buttons
Your privacy rights and choices
If we rely on your consent to use your personal information (for example if you sign up for one of our newsletters and consent to us providing you with marketing information), you can withdraw that consent (including the right to ‘opt–out’ of our using your information for marketing purposes generally) at any time by contacting us or by clicking “Unsubscribe” at the bottom of any marketing email.
You also have the following rights:
- To request from us a copy of your personal information.
- To ask us to update your personal information if it is inaccurate (and you can ask us to check if you are unsure).
- To ask us to delete your personal information in some cases.
- To ask us to restrict processing, if there is disagreement about its accuracy or legitimate usage.
- To object to processing where we are (i) relying on the basis of legitimate interests, or (ii) using your personal information for direct marketing or (iii) using your personal information for statistical purposes.
- To data portability in certain circumstances – where we are processing your personal information (i) on the basis of your consent, (ii) because the processing is necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract, and the processing is carried out by automated means, you may ask us to provide it to you or another service provider in a machine-readable format.
If you do not wish to receive promotional or marketing communications from Lapis, you may opt-out at any time by clicking the “unsubscribe” link at the end of our emails or other communications. If you choose to unsubscribe, we will retain your contact information to ensure that we do not contact you again.
To exercise your rights, contact us. Please note that these rights are subject to exemptions and may only apply in limited circumstances. We may also ask for additional information to confirm your identity and for security purposes before we are able to comply.
If your data is subject to the GDPR, you have the right to lodge a complaint to the Supervisory Authority in your country, if you believe that we have not complied with the requirements of the GDPR with regards to your personal information (in the UK, for example, this would be the Information Commissioner’s Office, or ICO – www.ico.org.uk/global/contact-us ).
How long will we keep your personal information?
In general terms, we will retain your information for as long as necessary to fulfil the purposes for which it was collected and/or it is used. However, if (i) your personal information is no longer required in connection with such purpose(s), (ii) we are no longer lawfully entitled to process it or (iii) you validly exercise your right of deletion, we will remove it from our records at the relevant time.
Where required, in some cases we will keep personal information at least as long as necessary to comply with relevant regulatory or statutory requirements. We will also retain information, when and as long as necessary, to resolve legal disputes.
Changes to this Policy
NOTIFIABLE DATA BREACH (NDB) SCHEME
Lapis is required to observe the NDB scheme which came into effect in February 2018. To meet our obligations, Lapis has developed a policy and procedure which has been adopted by our Board.
In addition to our already comprehensive data and system security and privacy measures, Lapis will now formally assess any potential data breach event to determine if it is an “eligible data breach”. In the event of any such eligible data breaches, we will then analyse the breach to determine if it is likely to result in serious harm to any individual affected, meaning it is a Notifiable Data Breach. In such a case, we would notify the individuals affected and the Australian Information Commissioner.
In the event that the potential breach involves data being held on behalf of a client, Lapis will advise the client if we determine that it is an “eligible data breach” and work with them to assess whether the breach is Notifiable and if so, the most effective means of notifying the affected individuals.
If you have a complaint concerning the handling of your personal information please contact our Privacy Information Officer and request an Access Request Form. We will process your request for access to your personal information promptly after you have completed that form and delivered it to us.
Level 8, 575 Bourke Street
Melbourne VIC 3000
Phone: 0498 800 300
Fax: (03) 9691 3001