Privacy policy

Last updated 11 December 2023

Circle In Pty Ltd (ABN 74 609 227 018) (Circle In, us, we, our) is committed to protecting your Personal Information. This Privacy Policy outlines our commitment to your privacy and protection of your data and describes how we comply with applicable privacy and data protection laws.

Circle In complies with the requirements of the Privacy Act 1988 (Australia) (Privacy Act), the European General Data Protection Regulation (GDPR), the UK Data Protection Act 2018 (DPA), the California Consumer Privacy Act 2018 (CCPA) and other applicable privacy and data protection laws (together, the Privacy Laws) in the collection, storage, transfer, processing, retention and deletion of the Personal Information that we collect from (you, your).

We will never sell your Personal Information to any third party.

In this Privacy Policy:

“Platform” means both of the following Circle In platforms:

  • Circle In online employee engagement platform; and
  • Well™ by Circle In psychological safety tool.

Website” means the Circle In website domains and subdomains and any online applications that we make available in relation to the Platform, as defined above.

This Privacy Policy applies to the information and data collected by Circle In as a data controller (as defined in the GDPR and the DPA), including the information collected on our Website and Platform, or through other channels described below. It also describes your rights regarding the use, access and correction of your Personal Information.

  1. Your consent in relation to Personal Information By providing Personal Information to us, you consent to our collection, retention, use and disclosure of your Personal Information in accordance with this Privacy Policy. If you do not agree with the provisions of this Privacy Policy then you should not provide us with your Personal Information and/or you should notify us which provision you do not agree to.
  2. What is Personal Information? The Privacy Act defines ‘Personal Information’ as information or an opinion about an identified individual, or an individual who is reasonably identifiable:
    • whether the information or opinion is true or not; and
    • whether the information or opinion is recorded in a material form or not.

    Whilst the definitions of personal information in the CCPA and personal data in the GDPR and DPA are not exactly the same as the Privacy Act definition of Personal Information, they are similar enough such that references to Personal Information on this Policy should be interpreted as Personal Information or personal data covered by each of the applicable privacy regimes.

  3. What types of Personal Information do we collect from you? The Personal Information that we collect from you may include your contact information, such as your name, email address, company name, address, phone number, and other information about yourself or your business.Personal Information includes Navigational Information where such information can directly or indirectly identify an individual. Navigational information refers to information about your computer and your visits to our Website such as your IP address, geographical location, browser type, referral source, length of visit and pages viewed. Please see the description of “Use of Navigation Information” in Section 8 below. Except for this, we do not collect Sensitive Information from you.

    If you are an employee of one of our employer clients, Personal Information may include your name, email address, your parenthood stage, gender, whether you manage people, your manager’s name and email; and any other Personal Information that you submit to us, via our site or otherwise.

    When you view content provided by us, we automatically collect information about your computer hardware and software. This information can include your IP address, browser type, domain names, internet service provider, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, clickstream data, access times and referring website addresses. This information is used by Circle In to provide general statistics regarding use of our Website. For these purposes, we do link this automatically-collected data to Personal Information such as name and email address.

  4. Collection of sensitive information (a) We do not require you to submit sensitive information (as defined in the Privacy Act). Examples of sensitive information under the Privacy Act include credit or debit card numbers, personal financial account information, Social Security numbers, passport numbers, driver’s license numbers or similar personal identifiers, racial or ethnic origin, physical or mental health condition or information, or other employment, financial or health information.(b) Some of our services allow you to provide sensitive information to us voluntarily (for example as part of Circle In’s ‘Journey’s feature). You consent to us collecting any sensitive information which you provide to us voluntarily. If we need to collect any sensitive information for a specific purpose, we will ask for your specific consent to that purpose.
  5. When do we collect your Personal Information? When you visit our WebsitesWhen you visit the Website, use our Platform, or request assets, we request that you provide Personal Information about yourself. You are free to explore the Website without providing any Personal Information about yourself.

    Through your use of our Services

    When you register with us, access and use our services, contact our support team, make an enquiry, respond to our surveys or provide feedback or comments or otherwise interact with us or provide your Personal Information to us. Personal information may include your name, email address, telephone number and employment-related information.

    Indirectly from your employer

    When your employer uses our services, your employer may provide your information to us on your behalf, for example when they register you as a user of our services or contact our support team for issues relating to your account. We may collect your name, email address, journey stage, manager’s name and employment-related information. Where we receive Personal Information about you from your employer, we require that your employer has provided you with the information set out in this Privacy Policy, has collected and disclosed that information with your knowledge or consent and ensure you have not objected to our processing of your Personal Information.

    In association with your current or prospective employment with Circle In

    If you are a Circle In employee or a prospective employee of Circle In, we may collect Personal Information directly from you or indirectly from recruitment agencies, your referees or past employers as part of the recruitment process and human resources management. This may include name, address, phone number, employment history and experience and other employment-related information. If you are an employee, we may also collect sensitive information about you and you consent to us collecting this information.

  6. Personal Information collected from other sources If someone other than you provides us with Personal Information about you that we did not ask for, or you provide us with unsolicited Personal Information, we will only hold, use or disclose this information if we determine that we could have collected this information from you had we asked for it. In this circumstance, we will take all reasonable steps to notify you of the collection of that information. If we could not have collected this Personal Information, we will lawfully de-identify or destroy that Personal Information.
  7. Security of your Personal Information We use a variety of security technologies and procedures to protect your Personal Information from misuse, interference and loss, as well unauthorized access, use or disclosure. We secure the Personal Information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. All Personal Information is protected using appropriate physical, technical and organizational measures and is restricted to authorized staff on a strict need-to-know basis. Further, in appropriate cases, we require our external service providers with access to personal data to sign data processing agreements (pursuant to Article 28 of the GDPR and Section 59 of the DPA) that require them to take the necessary and reasonable steps to protect the personal data provided to them.Despite these reasonable steps, no security system is impenetrable and, due to the inherent nature of the internet, we cannot guarantee that information, during transmission through the internet or while stored on our systems or otherwise, will be absolutely safe from unauthorized access by others.
  8. How do we use your Personal Information? Our use of your Personal Information will depend on our relationship with you, the circumstances of collection and the types of products and services you request from us.In addition to the uses identified elsewhere in this Privacy Policy, we may use your Personal Information to:
    • improve your browsing experience by personalizing our Website and to improve our Platform and Website;
    • send information or Circle In content to you which we think may be of interest to you by email, or other means and send you marketing communications relating to our business;
    • promote use of our services to you and share promotional and information content with you in accordance with your communication preferences; and
    • send information to you regarding changes to our Customer Terms of Service, Privacy Policy (including the Cookie Policy), or other legal agreements.

    Use of Navigational Information

    We use Navigational Information to operate and improve our Website. We may also use Navigational Information alone or in combination with Personal Information to provide you with personalized information about Circle In.

    Customer Testimonials and Comments

    We post customer testimonials and comments on our Websites, which may contain Personal Information. We obtain each customer’s consent via email prior to posting the customer’s name and testimonial.

  9. Who do we disclose your Personal Information to? We may disclose Personal Information in accordance with the applicable law and for the purposes described above, including:
    • if you are an employee of one of our clients, to that client;
    • to our related bodies corporate;
    • to anyone to whom our assets or businesses (or any part of them) are transferred;
    • when we may be required, authorised or permitted by law, including to government agencies, regulatory bodies and law enforcement agencies; and
    • to any other third party where you have provided your consent.

    We may also disclose Personal Information to third parties such as our contractors, suppliers, agents and service providers who help us deliver, administer and support our functions and activities, including:

    • hosting our servers and website;
    • delivering marketing and digital marketing services;
    • conducting research, surveys and data analysis;
    • providing IT services;
    • data processing, storage and back-up; and
    • processing payments.
     

    Disclosure to our service providers

    We employ other companies and people to provide services to visitors to our Websites and our customers and users of the Platform and may need to share your information with them to provide information, products or services to you. Examples may include removing repetitive information from prospect lists, analysing data or performing statistical analysis, providing marketing assistance, supplementing the information you provide us in order to provide you with better service, and providing customer service or support. In all cases where we share your information with such agents, we explicitly require the agent to acknowledge and adhere to our privacy and customer data handling policies.

    Disclosure for the purposes of corporate transactions

    If we (or our assets) are acquired by another company, whether by merger, acquisition, bankruptcy or otherwise, that company would receive all information gathered by Circle In on our Website and the Platform. In this event, you will be notified via email and/or a prominent notice on our website, of any change in ownership, uses of your Personal Information, and choices you may have regarding your Personal Information.

    Compelled disclosure

    We reserve the right to use or disclose your Personal Information if required by law or if we reasonably believe that use or disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a law, court order, or legal process.

  10. International transfers of Personal Information Some of the third parties we disclose your Personal Information to may be based or have servers located overseas in various countries, including the USA. Before we disclose your information to our overseas recipients, we will take all reasonable steps to ensure that your information is only processed for authorised purposes and adequately protected using the appropriate technical, organisational, contractual or other lawful means. You consent to us disclosing your Personal Information to overseas recipients on this basis.Circle In is based in Australia, the USA and the UK and your information is stored in servers located in Australia, the USA and UK respectively. Please be aware that as Australia is where our central operations are located, any information you provide us, may be transferred from your country of origin to Australia. Your decision to provide such information to us or allow us to collect such information constitutes your consent to this information transfer.

    For users based in the European Economic Area (EEA) and the United Kingdom, we confirm that we are entitled to outsource the processing of personal data (completely or partially) to external service providers which are acting on our behalf as data processors in the meaning of Article 4 no. 8 of the GDPR, as applied in the UK under Section 5 of the DPA. When such third-party service providers are located outside of the EEA or UK (as applicable), for the purpose of transfers of data outside of the EEA we will put in place the relevant European Standard Contractual Clauses (SCCs) and appropriate safeguards in accordance with the requirements set by law and data protection authorities (including the UK Addendum to the SCCs) to ensure that your personal data is duly protected.

  11. How to exercise your rights in relation to your Personal Information You have the following rights in relation to the Personal Information that you provide us:
    • you can request access, correction, updates or deletion of your Personal Information;
    • you can object to processing of your Personal Information, ask us to restrict processing of your Personal Information or request portability of your Personal Information;
    • if we have collected and process your Personal Information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on lawful processing grounds other than consent; and
    • you have the right to complain to a data protection authority about our collection and use of your Personal Information. Contact details for the major data protection authorities in Europe are available here.)

    If you are resident in an EEA country or the UK then you have the following specific rights under Chapter 3 of the GDPR or Chapter 3 of the DPA (as applicable):

    • right to information
    • right to rectification;
    • right to deletion (right to be forgotten);
    • right to restrict processing;
    • right to data portability; and
    • right to object.

    To exercise any of these rights, please contact us at: privacy@circlein.com

    or by mail to:

    Circle In Pty Ltd
    c/o The Commons South Melbourne
    Level 4, 80 Market Street
    South Melbourne, VIC 3205
    Attn: Privacy.

    We will respond to your request to change, correct, or delete your information within a reasonable timeframe and notify you of the action we have taken.

    Accuracy of your Personal Information

    We will take all reasonable steps to ensure that the Personal Information we collect, use or disclose is accurate, complete and up-to-date, and we will try to confirm your details through our communications with you and promptly add updated or new Personal Information to existing records when we are advised. However, we rely on the accuracy of Personal Information as provided to us both directly and indirectly. We encourage all users (whether of the Website, on our Social Channels or Platform) to regularly review and update their Personal Information. If any of your details change, please notify us as soon as you can at the contact details above, or log into your online profile or subscription centre to update it. If you believe we are holding information about you that is inaccurate, incomplete, irrelevant or misleading, you can ask us to correct it, or delete it altogether.

    To unsubscribe from our communications

    You may unsubscribe from our marketing communications by clicking on the “unsubscribe” link located on the bottom of our emails, updating your communication preferences, or by contacting us at the details above. Customers cannot opt-out of receiving transactional emails related to their account with us.

  12. How long do we keep your Personal Information We retain Personal Information that you provide to us where we have an ongoing legitimate business need to do so (for example, as needed to comply with our legal obligations, resolve disputes and enforce our agreements).When we have no ongoing legitimate business need to process your Personal Information, we securely delete the information or anonymise it or, if this is not possible, securely store your Personal Information and isolate it from any further processing until deletion is possible. We will delete this information at an earlier date if you so request, as described in Section 11 “How to exercise Your rights in relation to your Personal Information”.

    If you have elected to receive marketing communications from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our content, products, or services, such as when you last opened an email from us or ceased using your Circle In account. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.

  13. Cookies and similar technologies
    Cookies 
    Circle In and its partners use cookies and similar technologies (such as web beacons) to analyse trends, administer our Website, track users’ movements around our Website, and to gather demographic information about our user base as a whole. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the Site. Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not.Advertising

    We partner with third party ad networks to either display advertising on our Web site or to manage our advertising on other sites. Our ad network partners use cookies and Web beacons to collect information about your activities on this and other websites to provide you targeted advertising based upon your interests. If you wish to not have this information used for the purpose of serving you targeted ads, you may opt-out by clicking here: http://preferences.truste.com/ (or if located in the European Union, by clicking here: http://www.youronlinechoices.eu/). Please note this does not opt you out of being served advertising. You will continue to receive generic ads.

    Third Party Tracking Technologies

    The use of cookies and web beacons by any tracking utility company is not covered by this Privacy Policy.

    Specific Cookie Information

    Circle In uses the following specific cookie and similar technologies on the CircleIn.com website and/or the Circle client platforms.

    Google Analytics: Google Analytics (GA) is a web analytics service offered by Google that tracks and reports website traffic. Circle In uses GA to distinguish users and filter requests from bots.

    Cookie nameRetention period
    _ga2 years
    _gid1 day
    _gat1 minute

    Google Tag Manager: Circle In uses Google Tag Manager to store and track conversions.

    Cookie nameRetention period
    _gcl_au3 months
    _gat_UA-*1 minute

    Facebook: Facebook cookies are used to distinguish and keep track of unique users

    Cookie nameRetention period
    _fbp3 months

    HubSpot: Circle In uses HubSpot cookies and tracking technologies to: (i) keep track of sessions (ii) determine if the visitor has restarted their browser; and (iii) distinguish users. HubSpot cookies are only used on the CircleIn.com consumer website – i.e. not the client platforms.

    Cookie nameRetention period
    __hssc30 minutes
    __hssrcSession
    __hstc13 months
    hubspotutk13 months

    Hotjar: Hotjar is a is a behavior analytics service. Circle In uses Hotjar cookies to track pageview behaviour. Hotjar cookies are only used on the CircleIn.com consumer website – i.e. not the client platforms.

    Cookie nameRetention period
    _hjid1 year

    Complianz: Complianz is Privacy Compliance Software. Circle In uses Complianz cookies to store accepted cookie policy ID.

    Cookie nameRetention period
    complianz_policy_id1 year

    MailOptin: MailOptin is a WordPress plugin used to increase user registrations and conversions.

    Cookie nameRetention period
    mo_has_visitedPersistent
    mo_is_new1 year
    mo_page_views_counterSession

    WordPress: Circle In uses WordPress cookies on its client platform sites to maintain users’ logged in status on those sites.

    Cookie nameRetention period
    wordpress_logged_in_*Persistent

    Planhat: Circle In uses the Planhat software for data insights and improve user experience. The cookies have a retention period of 1 year and are confined to Circle In’s client platform sites.

    Cookie nameRetention period
    _plantrack1 year

    ShareThis: Circle In uses ShareThis to collect information on browsing and sharing activities. Circle In uses ShareThis on the CircleIn.com website and on client platform sites.

    Cookie nameRetention period
    fpestid1 year

    Heap: Heap is a web analytics service that tracks and reports website traffic. Circle In uses Heap to distinguish users.

    CookieDescriptionPersists for
    _hp2_id.APP_IDUser cookie (stores user_id, identity, other ids)13 months
    _hp2_ses_props.APP_IDSession properties cookie (stores timestamp and cookie domain/path)30 minutes
    _hp2_props.APP_IDEvent properties cookie (stores properties set by addEventProperties API)13 months
    _hp2_hld.*Used to determine which domain a cookie can be set on (since public suffix domains block setting cookies on the top level)Should not persist
  14. Information About Children
    Neither the Website Now our Services are intended for or targeted at children under 16, and we do not knowingly or intentionally collect information about children under 16. If you believe that we have collected information about a child under 16, please contact us at privacy@circlein.com, so that we may delete the information.
  15. Social Media Features
    Our Websites include Social Media Features and widgets, such as the Share This button or interactive mini-programs that run on our sites. These features may collect your IP address, which page you are visiting on our sites, and may set a cookie to enable the feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our Websites. This Privacy Policy does not apply to these features. Your interactions with these features are governed by the privacy policy and other policies of the companies providing them.
  16. External Websites
    Our Websites provide links to other websites. We do not control, and are not responsible for, the content or practices of these other websites. Our provision of such links does not constitute our endorsement of these other websites, their content, their owners, or their practices. This Privacy Policy does not apply to these other websites, which are subject to any privacy and other policies they may have. The privacy policies that apply to those other websites may differ substantially from this Privacy Policy, so we encourage individuals to read them before using those websites.
  17. Public Forums
    We offer publicly accessible blogs. Please keep in mind that if you directly disclose any information through our public blogs, this information may be collected and used by others. We will correct or delete any information you have posted on our Website if you so request, as described in “Opting Out and Unsubscribing” below.
  18. Direct Marketing
    If you are our client, we may, from time to time, send direct marketing communications to you about our activities and services and other material that we consider you would find interesting or useful. If you do not wish to receive such direct marketing communications, you can always opt out. If you are receiving email communications from us, there will be a mechanism to opt out contained in each of those emails. To stop receiving other communications from us, you can contact us via any of the channels listed below.If you choose to opt out of all direct marketing communications, please note that Circle In may still contact you and your employees for other reasonable purposes, including information that Circle In is legally required to send, notifications of changes to Circle In services or policies and information regarding the use, rights, benefits or obligations of users of our services.
  19. Legal basis for processing Personal Information of European users
    If you are a user of the Website and/or Platform located in the EEA, our legal basis for collecting and using the Personal Information described above will depend on the Personal Information concerned and the specific context in which we collect it. However, we will normally collect Personal Information from you only where we have your consent to do so, where we need the Personal Information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect Personal Information from you.If we ask you to provide Personal Information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Information is mandatory or not (as well as of the possible consequences if you do not provide your Personal Information). Similarly, if we collect and use your Personal Information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.
  20. California residents – California Consumer Privacy Act (CCPA) provisions
    The CCPA provides California resident users of the Website or the App (referred to in this section as California users) with specific rights regarding their Personal Information. This section describes California users’ rights and explains how they can exercise them. Access to Specific Information and Data Portability Rights:

    California users have the right to certain information about our collection and use of their Personal Information over the past 12 months. This Privacy Policy describes the types of Personal Information that we collect, how we process it and the third parties with whom we share such information and the purpose for that sharing.

    Exercising Access, Data Portability, and Deletion Rights:

    California users have the right to request that we delete any of their Personal Information collected from them, subject to certain exceptions set out in the CCPA. These rights may be exercised by contacting us via privacy@circlein.com or by mail to Circle In Pty Ltd c/o The Commons South Melbourne, Level 4, 80 Market Street, South Melbourne, VIC 3205. Attn: Privacy. 

    Only the relevant California consumer, or a person registered with the California Secretary of State that is authorized to act on a California consumer’s behalf, may make a verifiable consumer request related to that California consumer’s Personal Information. California users can also make a verifiable consumer request on behalf of their minor child. California users may only make a verifiable consumer request for access or data portability twice within a 12-month period.

    The verifiable consumer request must:

    • provide sufficient information that allows us to reasonably verify identity; and
    • describe the request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

    Response Timing and Format:

    We will endeavour to respond to a verifiable consumer request within forty-five (45) days of its receipt. If more time is required (up to 90 days), we will inform you of the reason and extension period in writing. There is no fee for processing verifiable consumer requests unless it is excessive, repetitive, or manifestly unfounded.

    Non-Discrimination:

    We will not discriminate against any California users for exercising any of their CCPA rights.

    Other California Privacy Rights:

    California’s “Shine the Light” law (Civil Code Section § 1798.83) permits California users to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please contact us via privacy@circlein.com or by mail to Circle In Pty Ltd c/o The Commons South Melbourne, Level 4, 80 Market Street, South Melbourne, VIC 3205. Attn: Privacy. 

  21. Amendments to this Privacy Policy
    We periodically update this Privacy Policy. We will post any privacy policy changes on this page and, if the changes are significant, we will provide a more prominent notice by sending you an email notification. While we will notify you of any material changes to this Privacy Policy prior to the changes becoming effective, we encourage you to review this Privacy Policy periodically. Any revised Privacy Policy will take effect when it is published on our website and your continued use of our website or services will constitute your consent to these changes. If you have any questions about this Privacy Policy or our treatment of the information you provide us, please write to us by email at privacy@circlein.com or by mail to Circle In Pty Ltd c/o The Commons South Melbourne, Level 4, 80 Market Street, South Melbourne, VIC 3205. Attn: Privacy.
  22. Making A Complaint
    We take your complaints seriously and we will attempt to resolve any issues quickly and fairly. If you think that an act or practice of Circle In has interfered with your privacy in relation to your Personal Information, you can contact us using the details below. Please include your name, email address, telephone number and clearly describe your complaint. Contact
    Email: privacy@circlein.com

    Post:
    Privacy Officer
    Circle In Pty Ltd
    c/o The Commons South Melbourne
    Level 4, 80 Market Street
    South Melbourne, VIC 3205

    If we cannot resolve your complaint to a satisfactory standard, you are entitled to lodge your complaint:

    With the Office of the Australian Information Commissioner at: http://www.oaic.gov.au; or
    For residents of the European Economic Area, with the relevant supervisory authority. A list of European Union national data protection authorities can be found on the European Commission website at: https://ec.europa.eu/info/strategy/justice-and-fundamental-rights/data-protection_en.In the United States you can contact the Federal Trade Commission and lodge a complaint through the process set out at: www.ftccomplaintassistant.gov
    In the UK you have the right to lodge a complaint with the UK Information Commissioner’s Office which you can contact under https://ico.org.uk/global/contact-us/.

For questions and notices, please contact us at:

Circle In Pty Ltd (ABN 74 609 227 018)

Address: Circle In Pty Ltd
c/o The Commons South Melbourne, Level 4, 80 Market Street, South Melbourne, VIC 3205. 

Email: hello@circlein.com