Smarter insights. Better decisions.
Log in

Privacy Policy

Parties

  1. Lighthouse Insights ("the Company"), a company incorporated under the laws of Australia with ABN 26 618 319 010 and having its registered office at L2, 178 Fullarton Road, Dulwich SA 5065.
  2. All individuals whose Personal Data is collected by the Company ("Individuals").

Background

  1. This Privacy Policy sets out how Lighthouse Insights ("the Company") collects, uses and protects personal information from all individuals whose personal data is collected by the Company.
  2. The purpose of this Privacy Policy is to:
    1. Inform Individuals about what personal data relating to them is collected by the Company and how such data is used; and
    2. Ensure Individuals understand how their personal data is processed in accordance with applicable privacy laws, including the Privacy Act 1988 (Cth).
  3. This Privacy Policy applies to all personal data provided to or collected by the Company relating to Individuals. Personal data includes any information that identifies or could identify an Individual, such as names, contact details, usage data and location data.
  4. Some key terms used in this Privacy Policy are explained in Section 1 (Definitions).
  5. This Privacy Policy is designed to comply with Australian privacy laws, including the Privacy Act 1988 (Cth). The Company is committed to ensuring the appropriate and lawful handling of all personal data responsibilities under Australian law.

1. Definitions

  1. Personal data means any information relating to an identified or identifiable natural person.
  2. Usage data means data automatically collected by the Company (or by using cookies), through the use of the service, such as Internet protocol (IP) addresses, browser type, Internet service provider (ISP), date and time stamps, and referring/exit web pages.
  3. Cookies means small files placed on an individual's device. They are designed to aid the individual's access to the service or do things like allow the service to remember an individual's preferences.
  4. Data controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  5. Data processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller.
  6. Data subject means an identified or identifiable natural living person about whom personal data is held by the Company.
  7. Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2. Collection of Personal Data

  1. Personal data collected by the Company includes an individual's name, contact details, usage data, location data, IP address and cookies.
  2. Personal data is collected directly from the individual, from the individual's use of the Company's services and website, and from third parties.
  3. The Company collects personal data for the purposes of:
    1. Providing services and products to the individual;
    2. Communicating with the individual;
    3. Conducting analytics and research to improve the Company's services and products;
    4. Marketing the Company's other services and products; and
    5. Preventing and detecting fraud and other prohibited or illegal activities
  4. By using the Company's services and providing their personal data, individuals consent to the Company collecting their personal data for the purposes described in clause 2.3.
  5. The provision of name and contact details by an individual is mandatory if they wish to use the Company's services. All other personal data is optional for an individual to provide.
  6. If an individual is under 18 years of age, the Company will obtain verifiable consent from their parent or legal guardian before collecting any personal data about that individual.
  7. The Company will retain personal data for the periods described in its data retention policy, which takes into account the type of personal data and purpose of processing.

3. Use of Personal Data

  1. The Company uses Individuals' personal data only for the purposes disclosed to Individuals at the time of collection, which include:
    1. Providing services and products to Individuals;
    2. Communicating with Individuals about their use of the Company's services and products;
    3. Conducting analytics and business development activities to improve the Company's services and products.
  2. If the Company intends to use personal data for any other purpose, it will obtain consent from Individuals prior to such use.
  3. Individuals may withdraw their consent for any new purpose at any time by contacting the Company through the contact details provided in Section 11.
  4. The Company only uses the minimum amount of personal data required to fulfil the disclosed purposes and does not collect additional personal data without consent.
  5. The Company takes reasonable steps to ensure personal data is accurate, complete and kept up to date, including providing a process for Individuals to review and request corrections to their personal data as detailed in Section 6.
  6. Personal data will be stored in a form that identifies Individuals only for as long as necessary to fulfil the disclosed purposes. Thereafter, personal data will be securely deleted in line with the retention periods set out in Section 2.

4. Use of Personal Data

  1. The Company may share an Individual's personal data with its service providers and other third parties for the purposes of providing services to the Individual and/or the Company.
  2. The Company may also share an Individual's personal data to comply with applicable laws and regulations.
  3. The Company will not share an Individual's personal data with any third party for their own direct marketing purposes, unless the Individual has expressly consented to such sharing.
  4. The Company takes reasonable steps to ensure that any third parties with whom it shares personal data also protect such data securely and only use it for the purposes for which it was shared.
  5. Individuals have the right to request details of the personal data about them that has been shared with third parties.
  6. The Company will inform Individuals in a clear and plain language statement about any sharing of their personal data, including sufficient details of the recipients or categories of recipients of the personal data.

5. Security of Personal Data

  1. The Company shall implement appropriate technical and organisational measures to protect Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. Such measures shall provide a level of security appropriate to the risks represented by the processing and the nature of the Personal Data to be protected.
  2. Technical security measures implemented by the Company shall include:
    1. Industry standard encryption technologies are used when transferring or receiving Personal Data via the internet.
    2. Personal Data stored electronically is kept on secure servers that are not accessible from the public internet, with access restricted only to authorised personnel.
    3. Firewalls and intrusion detection systems are used to prevent potential cyber security breaches or data loss.
  3. Physical security measures implemented by the Company shall include:
    1. Paper files containing Personal Data are stored in locked cabinets accessible only to authorised personnel.
    2. Physical access to the Company's premises and storage facilities is restricted through security access systems.
    3. Personal Data stored on portable devices is encrypted.
  4. Organisational security measures implemented by the Company shall include:
    1. Privacy impact assessments are conducted for any new uses or sharing of Personal Data.
    2. Personnel handling Personal Data undertake regular privacy and security training.
    3. Strict disciplinary measures are implemented for any privacy violations.
    4. Regular testing and monitoring of technical security systems and processes involving Personal Data.

6. Access to and Correction of Personal Data

  1. An Individual has the right to request access to any personal data the Company holds about them.
    1. Upon receipt of a written request and verification of identity, the Company will provide access to the Individual's personal data within 30 days.
  2.  An Individual has the right to request correction of any personal data held by the Company that is inaccurate, incomplete, ambiguous, out-of-date or misleading.
    1. Upon receipt of a written request and verification of identity, the Company will correct the personal data within 30 days or provide the Individual with its reasons for refusing to correct the personal data.
    2.  Where a request for correction is refused, the Company will take such steps as are reasonable to associate the requested correction with the relevant personal data.
  3. A request for access to or correction of personal data must be made in writing and provide evidence of identity.
  4. The Company may charge a reasonable fee for processing a request for access to personal data. Any fee will be communicated to the Individual prior to processing the request.
  5. No fee will be charged for processing a request for correction of personal data.

7. Data Breach Notification

  1. While we do not store sensitive financial data such as credit card details, we remain committed to the security of all personal data we hold. In the unlikely event of a data breach that we assess as posing a risk to the rights and freedoms of individuals, we will inform affected individuals and the appropriate regulatory authorities as required by law. We will provide comprehensive information about the nature of the breach, the categories of data involved, and the measures we are taking to address the breach and mitigate its impact.

8. Cookies

  1. The Company uses cookies and similar technologies such as pixels and web beacons (together "Cookies") to collect information about how Individuals use the Company's website.
    1. Cookies are small text files placed on an Individual's device which collect standard internet log information and visitor behaviour information.
    2. The types of information collected include device type, operating system, browser type, domain and internet protocol (IP) addresses, time stamp, referring/exit web pages and possibly the number of clicks.
  2. Cookies are used for purposes including customising content to Individual interests, traffic monitoring to understand how users interact with the website, ensuring website functions properly, analysing website performance and improving the website experience.
    1. Cookies are also used for advertising and analytics purposes.
  3. Individuals can control and manage Cookies through their web browser settings and refuse or block Cookies by adjusting browser settings.
    1. If Cookies are blocked, some features and services on the website may not work properly.
  4. Third parties may also place Cookies on the website. Third parties are external organisations.
    1. Third party Cookies operate in the same way as Company Cookies but are managed by external organisations.

9. Links to Other Sites

  1. The Company's website may contain links to third party websites that are not owned or controlled by the Company.
  2. The Company has no control over, and assumes no responsibility for, the content, privacy policies, or practices of any third party websites.
  3. By using the Company's website, Individuals acknowledge and agree that the Company is not responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods or services available on or through any such websites or resources.
  4. The Company is not responsible for the availability of any such external websites or resources, and does not endorse any advertising, products or other materials on or available from such websites or resources.
  5. Individuals should review the applicable third party privacy policy and terms of use when visiting any other websites.

10. Children's Privacy

  1. The Company will not knowingly collect personal information from any person under the age of 18 without verifiable parental consent.
  2. Any personal information collected from children will only be used for the purpose for which it was provided or such other secondary purposes that are directly related to the primary purpose.
  3. The Company will not use or disclose personal information collected from children for the purposes of direct marketing, profiling or to contact the child.
  4. A parent or legal guardian may submit a written request to the Company to access, correct or delete the personal information of their child held by the Company. Upon receiving such a request, the Company will respond within 30 days.
  5. The Company will maintain appropriate security safeguards having regard to the sensitivity of children's personal information, including protection against unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks. The specific nature of the safeguards will be determined based on the sensitivity of the information.

11. Changes to this Privacy Policy

  1. The Company reserves the right to update or amend this Privacy Policy at any time. Any changes will be posted on the Company's website and Individuals will be notified of such changes by email.
  2. Continued use of the Company's services or website after any updates to this Privacy Policy constitutes deemed acceptance of the updated Privacy Policy.
  3. The date of the last update to this Privacy Policy is stated at the top of the page.
  4. Prior versions of this Privacy Policy will be archived and are available to Individuals upon request.
  5. Material changes to this Privacy Policy that affect the handling of personal information will be notified to Individuals 30 days prior to the changes taking effect by way of email notification and notification on the Company's website upon login.

12. Contact Information

  1. The Company's contact details are:
    1. Name: Lighthouse Insights
    2. Address: L2, 178 Fullarton Road, Dulwich SA 5065
    3. Telephone: +618 8364 2433
    4. Email: [email protected]
  2. Individuals can contact the Company at this address with any questions about this Privacy Policy or their personal data.
  3. Individuals may specify their preferred method of contact as email or telephone.
  4. Individuals have the right to lodge a complaint with the Office of the Australian Information Commissioner if they believe the Company has breached the Privacy Act 1988 (Cth) regarding the handling of their personal data. Details of how to lodge a complaint can be found at www.oaic.gov.au or by contacting 1300 363 992.

Privacy Policy – Lighthouse Insights

Dated: 14th June 2024