Privacy and GDPR Policy

This Privacy and GDPR (European Union General Data Protection Regulation) Policy sets out the commitment of Endeavour Psychology Pty Ltd trading as Grief Action™ (ABN 99659152744) (“Endeavour Psychology Pty Ltd”, “Grief Action”, “we”, “us”, “our”) to protect the privacy of personal information we collect about you, including through this website, www.griefaction.com (“Website”), as well as through our other business operations or directly from you. Please read this Privacy and GDPR Policy carefully and contact us using the details set out below if you have any questions.    

By providing us with personal information, you indicate that you have had sufficient opportunity to access this Privacy and GDPR Policy and that you have read and accepted it and consent to the collection, use, holding and disclosure of your personal information as outlined. If you don’t want to provide personal information to us, then you don’t have to, however this may affect your use of this website.  

1. Types of personal information we collect

The types of personal information we collect may include:

- Identity data (including your name and username or similar identifier);
- Contact data (including your contact details such as your billing and delivery address, email address and telephone number);
- Transaction data (including details about payments to and from you and other details of products you have purchased from us);  
- Technical data (including your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website); profile data (including your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses);
- Usage data (including information about how you use our website, products and services); and
- Marketing and communications data (including your preferences in receiving marketing from us and our third parties and your communication preferences).  

If you’re a customer and would like to deal with us anonymously or use a pseudonym, feel free to do so. By providing us with your data, you warrant to us that you are over 18 years of age.  

2. How we collect personal information

We collect this information from you when you make an enquiry with us (for example, by telephone, email, electronic form, or hard copy), purchase a product from us, sign up for a service via our website or submit a contact enquiry on our website, etc. We may automatically collect certain data from you as you use our website by using cookies and similar technologies.

We are committed to using lawful and fair means to collect personal information and collecting it from others only when it is unreasonable or impracticable to obtain certain information from you directly. We collect personal information about you from:

- You
- Searches and enquiries
- Your use of our website

Third parties may also use cookies, web beacons and similar technology to collect or receive information from our website or from you and from elsewhere on the internet and use that information to provide measurement services and targeted advertising (such as the Facebook pixel, Google Analytics and AdWords). If we receive your personal information from third parties, we will protect it as set out in this Privacy and GDPR Policy.

Online Course platform provider Zenler.com will be a third party data processor of your data. We have entered into a data processing addendum with Zenler to process your data. Other companies in our group who provide IT and system administration services and undertake leadership reporting. Service providers who provide cloud infrastructure, video hosting, live video platforms, email provider, IT and system administration services.

 We will destroy or de-identify information where we form the opinion that the information has been provided to us unlawfully or unfairly.

3. Why we collect, hold, use and disclose personal information

We collect, hold, use and disclose your personal information as is reasonably necessary for us to perform our core functions and activities, including for the following purposes:

- To contact and communicate with you;
- To provide goods and/or services to you;
- To maintain a database of customers, subscribers or similar;
- To market to you and others, including re-marketing (this may involve the use of a Facebook pixel or similar technology to allow us to display our advertising to you elsewhere on the internet, for example, on Google or Facebook);
- For internal record keeping;
- For statistical purposes; and/or
- As required by law

Where we disclose your personal information to third parties for these purposes, we will do our best to ensure that their privacy policy adheres to similar standards of privacy protection and/or request that the third party follow this Privacy and GDPR Policy regarding handling of your personal information. We will also be diligent in ensuring that the personal information we disclose is accurate, up-to-date, complete and relevant.  We will not use or disclose personal information for the purpose of direct marketing unless you have consented to the use or disclosure of the information for that purpose. Your personal information may be disclosed to national or international recipients in as part of our ordinary business functions. Please note that we will not disclose your personal information for any purpose other than the purpose for which it was collected without your consent, unless we are required to do so by law.

4. Use of cookies

As you probably know, a cookie is a small text file that’s placed on your computer to help us remember your preferences, like your login information or location. Cookies are used for a variety of reasons. We use cookies to make it easier and faster for you to use our website. We also use cookies for security purposes to protect you online. We and our third-party vendors may also use cookies to display advertisements to you elsewhere on the internet.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see Cookie Policy.

5. Legal basis for processing

We process your personal data based on the following legal grounds:

- Consent: You have given clear consent for us to process your personal data for a specific purpose.
- Contract: The processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
- Legal Obligation: The processing is necessary for us to comply with the law (not including contractual obligations).
- Legitimate Interests: The processing is necessary for our legitimate interests or the legitimate interests of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.
 

6. Rights of data subjects

As a data subject, you have the following rights:

- Right to Access: You have the right to request access to the personal data we hold about you.
- Right to Rectification: You have the right to request correction of any inaccurate or incomplete personal data.
- Right to Erasure: You have the right to request the deletion of your personal data under certain circumstances.
- Right to Restrict Processing: You have the right to request the restriction of processing of your personal data under certain conditions.
- Right to Data Portability: You have the right to request the transfer of your personal data to another organisation or directly to you, under certain conditions.
- Right to Object: You have the right to object to the processing of your personal data under certain conditions.  

To exercise any of these rights, please contact us via any of the means listed below.

7. Data transfers

For EU-based data subjects, we may transfer your personal data to countries outside the European Union (EU). If we do so, we ensure that appropriate safeguards are in place to protect your personal data, such as standard contractual clauses approved by the European Commission, or we ensure that the country has been deemed to provide an adequate level of protection for personal data by the European Commission.
 

8. Automated decision-making and profiling

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on you. All decisions involving your personal data are made with human intervention to ensure fairness and accuracy.

9. Links to other sites

To help you find more information, we sometimes include links to other helpful websites from our website. Please note that this Privacy and GDPR Policy only applies to information that we collect on our website (not any other site). As we aren’t responsible for data collection on those other sites, our Privacy and GDPR Policy won’t apply. We can’t guarantee any of the privacy practices of other websites, so please be safe and make sure you read their privacy policy before giving them your personal information.

10. How you can access and correct your personal information

Access: You can request details of personal information that we hold about you. We will respond to any request to access information within a reasonable time.

Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details set out below. We rely in part on you advising us when your personal information changes. We will endeavour to promptly correct any information found to be inaccurate, incomplete or out of date and to notify you of the correction, unless it is impracticable or unlawful to do so.

Deletion: If you want us to delete personal information we hold about you or to not collect information from you for a specific purpose, such as targeted advertising, please contact us using the details set out below. Please note that if we agree to delete your information, because of backups and records of deletions, it may be impossible to completely delete your information without retaining some residual information. We will functionally delete the information and we will not sell, transfer, or use personal information relating to you in any way moving forward.

We will respond to any request to access, correct or delete information within a reasonable time.

11. How we maintain the security of your information

We are committed to ensuring that the personal information we hold is secure and protected from misuse, interference, loss and unauthorised access, modification or disclosure. We undertake the following precautions to protect personal information we hold:

- Our website contains pages encrypted with SSL (Secure Sockets Layer) to ensure the safety of any data that is submitted through use of this website;
- We limit access to personal information to a “need-to-know” basis;
- We protect devices we use to collect, hold, use and disclose personal information with industry-standard anti-virus software;
- Our devices are protected by password and are stored in secure premises data is securely stored on cloud servers;
- Our email data is encrypted;
- All hard copies of personal information are kept in secure storage with access by authorised personnel only;
- All conversations involving the discussion of personal information take place in private, where conversations are unable to be overheard by unauthorised personnel; and
- If we no longer need personal information, we take reasonable steps to delete or de-identify the information.

While we take commercially reasonable measures to maintain a secure website and business, electronic communications and databases are subject to errors, tampering and break-ins, and we cannot guarantee or warrant that such events will not take place and we will not be liable to you for any such occurrences. If a data breach occurs involving your personal information and the breach is likely to cause harm to you, we will notify you as soon as possible after the occurrence in accordance with our obligations under the Privacy Act and related legislation.

12. Retention period

We retain your personal data only for as long as is necessary for the purposes set out in this Privacy and GDPR Policy, unless a longer retention period is required or permitted by law. Once the retention period expires, we will securely delete or anonymise your personal data.

13. How you can make a complaint about privacy breach

If you believe that we have breached this Privacy and GDPR Policy and want to make a complaint about that breach, please contact us using the details set out below. If you are unsatisfied with our response, the Office of the Australian Information Commissioner may be able to assist you with a review of our decision. Contact the OAIC for more information.

14. How you can unsubscribe or opt out

We like to keep our customers and website visitors up to date, so from time to time we’ll send you newsletters, invitations and updates. Our emails will always come with an "Unsubscribe" button, so you can opt out at any time. To unsubscribe from our email database, or opt out of communications, use the “Unsubscribe” button in our communication or contact us using the details below.

You can block the use of cookies by selecting the appropriate settings on your browser. You can opt out of third party vendor cookies by visiting your Google’s Ad settings or http://www.networkadvertising.org/managing/opt_out.asp. Please note that the website may not work as well for you if you disable cookies.

You can also opt out of information collecting for advertising targeting by visiting www.aboutads.info/choices.

15. Changes to this policy

If we decide to change our Privacy and GDPR Policy, we'll let you know by posting such changes on our website.

16. Contact details