Last Updated 18 November 2021
Circle In complies with the requirements of the Privacy Act 1988 (Australia) (Privacy Act), the European General Data Protection Regulation (GDPR), the California Consumer Privacy Act 2018 (CCPA) and other applicable privacy and data protection laws (together, the Privacy Laws) in the collection, storage, transfer, processing, retention and deletion of the Personal Information that we collect from (you, your).
We will never sell your Personal Information to any third party.
Circle In’s employee engagement platform (Platform) is available through a personalised website (Website) and accessible on any device. Using our Platform, Circle In builds a personalised portal that helps employees and managers stay connected whilst balancing other caring responsibilities.
- Your consent in relation to Personal Information
- What is Personal Information?
The Privacy Act defines ‘Personal Information’ as information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not.
Whilst the definitions of personal information in the CCPA and Personal Information in the GDPR are not exactly the same as the Privacy Act definition, they are similar enough such that references to Personal Information on this Policy should be interpreted as Personal Information or data covered by each of the applicable privacy regimes.
- What types of Personal Information do we collect from you?
The Personal Information that we collect from you may include you contact information, such as your name, email address, company name, address, phone number, and other information about yourself or your business.
Personal Information includes Navigational Information where such information can directly or indirectly identify an individual. Navigational information refers to information about your computer and your visits to our Website such as your IP address, geographical location, browser type, referral source, length of visit and pages viewed. Please see the description of “Use of Navigation Information” in Section 8 below. Except for this, we do not collect Sensitive Information from you.
If you are an employee of one of our employer clients, Personal Information may include your name, email address, your parenthood stage, gender, whether you manage people, your manager’s name and email; and any other Personal Information that you submit to us, via our site or otherwise.
When you view content provided by us, we automatically collect information about your computer hardware and software. This information can include your IP address, browser type, domain names, internet service provider, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, clickstream data, access times and referring website addresses. This information is used by Circle In to provide general statistics regarding use of our Website. For these purposes, we do link this automatically-collected data to Personal Information such as name and email address.
- We do not purposefully collect sensitive information about you
We do not collect sensitive information about you (as defined in the Privacy Act), unless you provide it to us voluntarily. For example sensitive information refers to credit or debit card numbers, personal financial account information, Social Security numbers, passport numbers, driver’s license numbers or similar personal identifiers, racial or ethnic origin, physical or mental health condition or information, or other employment, financial or health information.
You consent to us collecting sensitive information which you provide to us voluntarily. If we need to collect any sensitive information for a specific purpose, we will ask for your specific consent.
- When do we collect your Personal Information?
When you visit our Websites
When you visit the Website, use our Platform, or request assets, we request that you provide Personal Information about yourself. You are free to explore the Website without providing any Personal Information about yourself.
Through your use of our Services
When you register with us, access and use our services, contact our support team, make an enquiry, respond to our surveys or provide feedback or comments or otherwise interact with us or provide your Personal Information to us. Personal information may include your name, email address, telephone number and employment-related information.
Indirectly from your employer
In association with your current or prospective employment with Circle In
If you are an Circle In employee or a prospective employee of Circle In, we may collect Personal Information directly from you or indirectly from recruitment agencies, your referees or past employers as part of the recruitment process and human resources management. This may include name, address, phone number, employment history and experience and other employment-related information. If you are an employee, we may also collect sensitive information about you and you consent to us collecting this information.
- Personal Information collected from other sources
If someone other than you provides us with Personal Information about you that we did not ask for, or you provide us with unsolicited Personal Information, we will only hold, use or disclose this information if we determine that we could have collected this information from you had we asked for it. In this circumstance, we will take all reasonable steps to notify you of the collection of that information. If we could not have collected this Personal Information, we will lawfully de-identify or destroy that Personal Information.
- Security of your Personal Information
We use a variety of security technologies and procedures to protect your Personal Information from misuse, interference and loss, as well unauthorized access, use or disclosure. We secure the Personal Information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. All Personal Information is protected using appropriate physical, technical and organizational measures and is restricted to authorized staff on a strict need-to-know basis. Further, in appropriate cases, we require our external service providers with access to personal data to sign data processing agreements (pursuant to Article 28 of the GDPR) that require them to take the necessary and reasonable steps to protect the personal data provided to them.
Despite these reasonable steps, no security system is impenetrable and, due to the inherent nature of the internet, we cannot guarantee that information, during transmission through the internet or while stored on our systems or otherwise, will be absolutely safe from unauthorized access by others.
- How do we use your Personal Information?
Our use of your Personal Information will depend on our relationship with you, the circumstances of collection and the types of products and services you request from us.
- improve your browsing experience by personalizing our Website and to improve our Platform and Website;
- send information or Circle In content to you which we think may be of interest to you by email, or other means and send you marketing communications relating to our business;
- promote use of our services to you and share promotional and information content with you in accordance with your communication preferences; and
Use of Navigational Information
We use Navigational Information to operate and improve our Website. We may also use Navigational Information alone or in combination with Personal Information to provide you with personalized information about Circle In.
Customer Testimonials and Comments
We post customer testimonials and comments on our Websites, which may contain Personal Information. We obtain each customer’s consent via email prior to posting the customer’s name and testimonial.
- Who do we disclose your Personal Information to?
We may disclose Personal Information in accordance with the applicable law and for the purposes described above, including:
- if you are an employee of one of our clients, to that client;
- to our related bodies corporate;
- to anyone to whom our assets or businesses (or any part of them) are transferred;
- when we may be required, authorised or permitted by law, including to government agencies, regulatory bodies and law enforcement agencies; and
- to any other third party where you have provided your consent.
We may also disclose Personal Information to third parties such as our contractors, suppliers, agents and service providers who help us deliver, administer and support our functions and activities, including:
- hosting our servers and website;
- delivering marketing and digital marketing services;
- conducting research, surveys and data analysis;
- providing IT services;
- data processing, storage and back-up; and
- processing payments.
Disclosure to our service providers
We employ other companies and people to provide services to visitors to our Websites and our customers and users of the Platform and may need to share your information with them to provide information, products or services to you. Examples may include removing repetitive information from prospect lists, analysing data or performing statistical analysis, providing marketing assistance, supplementing the information you provide us in order to provide you with better service, and providing customer service or support. In all cases where we share your information with such agents, we explicitly require the agent to acknowledge and adhere to our privacy and customer data handling policies.
Disclosure for the purposes of corporate transactions
If we (or our assets) are acquired by another company, whether by merger, acquisition, bankruptcy or otherwise, that company would receive all information gathered by Circle In on our Website and the Platform. In this event, you will be notified via email and/or a prominent notice on our website, of any change in ownership, uses of your Personal Information, and choices you may have regarding your Personal Information.
We reserve the right to use or disclose your Personal Information if required by law or if we reasonably believe that use or disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a law, court order, or legal process.
- International transfers of Personal Information
Some of the third parties we disclose your Personal Information to may be based or have servers located overseas in various countries, including the USA. Before we disclose your information to our overseas recipients, we will take all reasonable steps to ensure that your information is only processed for authorised purposes and adequately protected using the appropriate technical, organisational, contractual or other lawful means. You consent to us disclosing your Personal Information to overseas recipients on this basis.
Circle In is based in Australia, the USA and the UK and your information is stored in servers located in Australia, the USA and UK respectively. Please be aware that as Australia is where our central operations are located, any information you provide us, may be transferred from your country of origin to Australia. Your decision to provide such information to us or allow us to collect such information constitutes your consent to this information transfer.
For users based in the European Economic Area (EEA), we confirm that we entitled to outsource the processing of personal data (completely or partially) to external service providers which are acting on our behalf as data processors in the meaning of Article 4 no. 8 of the GDPR. When such third-party service providers are located outside of the EEA, for the purpose of transfers of data outside of the EEA we will put in place the relevant European Standard Contractual Clauses and appropriate safeguards in accordance with the requirements set by law and data protection authorities to ensure that your personal data is duly protected.
- How to exercise your rights in relation to your Personal Information
You have the following rights in relation to the Personal Information that you provide us:
- you can request access, correction, updates or deletion of your Personal Information;
- you can object to processing of your Personal Information, ask us to restrict processing of your Personal Information or request portability of your Personal Information;
- if we have collected and process your Personal Information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on lawful processing grounds other than consent; and
- you have the right to complain to a data protection authority about our collection and use of your Personal Information. Contact details for the major data protection authorities in Europe are available here.)
If you are resident in an EEA country or the UK then you have the following specific rights under the GDPR:
- right to information, Article 15 of the GDPR;
- right to rectification, Article 16 of the GDPR;
- right to deletion (right to be forgotten), Article 17 of the GDPR;
- right to restrict processing, Article 18 of the GDPR;
- right to data portability, Article 20 of the GDPR; and
- right to object, Article 21 of the GDPR.
To exercise any of these rights, please contact us at: firstname.lastname@example.org
or by mail to:
Circle In, Suite G06, 175 Sturt St
Southbank, Melbourne, VIC 3006.
We will respond to your request to change, correct, or delete your information within a reasonable timeframe and notify you of the action we have taken.
Accuracy of your Personal Information
We will take all reasonable steps to ensure that the Personal Information we collect, use or disclose is accurate, complete and up-to-date, and we will try to confirm your details through our communications with you and promptly add updated or new Personal Information to existing records when we are advised. However, we rely on the accuracy of Personal Information as provided to us both directly and indirectly. We encourage all users (whether of the Website, on our Social Channels or Platform) to regularly review and update their Personal Information. If any of your details change, please notify us as soon as you can at the contact details above, or log into your online profile or subscription centre to update it. If you believe we are holding information about you that is inaccurate, incomplete, irrelevant or misleading, you can ask us to correct it, or delete it altogether.
To unsubscribe from our communications
You may unsubscribe from our marketing communications by clicking on the “unsubscribe” link located on the bottom of our emails, updating your communication preferences, or by contacting us at the details above. Customers cannot opt-out of receiving transactional emails related to their account with us.
- How long do we keep your Personal Information
We retain Personal Information that you provide to us where we have an ongoing legitimate business need to do so (for example, as needed to comply with our legal obligations, resolve disputes and enforce our agreements).
When we have no ongoing legitimate business need to process your Personal Information, we securely delete the information or anonymise it or, if this is not possible, securely store your Personal Information and isolate it from any further processing until deletion is possible. We will delete this information at an earlier date if you so request, as described in Section 11 “How to exercise Your rights in relation to your Personal Information”.
If you have elected to receive marketing communications from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our content, products, or services, such as when you last opened an email from us or ceased using your Circle In account. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.
- Cookies and similar technologies
Third Party Tracking Technologies
Specific Cookie Information
Circle In uses the following specific cookie and similar technologies on the CircleIn.com website and/or the Circle client platforms.
Google Analytics: Google Analytics (GA) is a web analytics service offered by Google that tracks and reports website traffic. Circle In uses GA to distinguish users and filter requests from bots.
Cookie name Retention period _ga 2 years _gid 1 day _gat 1 minute
Google Tag Manager: Circle In uses Google Tag Manager to store and track conversions.
Cookie name Retention period _gcl_au 3 months _gat_UA-* 1 minute
Facebook: Facebook cookies are used to distinguish and keep track of unique users
Cookie name Retention period _fbp 3 months
HubSpot: Circle In uses HubSpot cookies and tracking technologies to: (i) keep track of sessions (ii) determine if the visitor has restarted their browser; and (iii) distinguish users. HubSpot cookies are only used on the CircleIn.com consumer website – i.e. not the client platforms.
Cookie name Retention period __hssc 30 minutes __hssrc Session __hstc 13 months hubspotutk 13 months
Hotjar: Hotjar is a is a behavior analytics service. Circle In uses Hotjar cookies to track pageview behaviour. Hotjar cookies are only used on the CircleIn.com consumer website – i.e. not the client platforms.
Cookie name Retention period _hjid 1 year
Cookie name Retention period complianz_policy_id 1 year
MailOptin: MailOptin is a WordPress plugin used to increase user registrations and conversions.
Cookie name Retention period mo_has_visited Persistent mo_is_new 1 year mo_page_views_counter Session
WordPress: Circle In uses WordPress cookies on its client platform sites to maintain users’ logged in status on those sites.
Cookie name Retention period wordpress_logged_in_* Persistent
Planhat: Circle In uses the Planhat software for data insights and improve user experience. The cookies have a retention period of 1 year and are confined to Circle In’s client platform sites.
Cookie name Retention period _plantrack 1 year
ShareThis: Circle In uses ShareThis to collect information on browsing and sharing activities. Circle In uses ShareThis on the CircleIn.com website and on client platform sites.
Cookie name Retention period fpestid 1 year
- Information About Children
Neither the Website Now our Services are intended for or targeted at children under 16, and we do not knowingly or intentionally collect information about children under 16. If you believe that we have collected information about a child under 16, please contact us at email@example.com, so that we may delete the information.
- Social Media Features
- External Websites
- Public Forums
We offer publicly accessible blogs. Please keep in mind that if you directly disclose any information through our public blogs, this information may be collected and used by others. We will correct or delete any information you have posted on our Website if you so request, as described in “Opting Out and Unsubscribing” below.
- Direct Marketing
If you are our client, we may, from time to time, send direct marketing communications to you about our activities and services and other material that we consider you would find interesting or useful. If you do not wish to receive such direct marketing communications, you can always opt out. If you are receiving email communications from us, there will be a mechanism to opt out contained in each of those emails. To stop receiving other communications from us, you can contact us via any of the channels listed below.
If you choose to opt out of all direct marketing communications, please note that Circle In may still contact you and your employees for other reasonable purposes, including information that Circle In is legally required to send, notifications of changes to Circle In services or policies and information regarding the use, rights, benefits or obligations of users of our services.
- Legal basis for processing Personal Information of European users
If you are a user of the Website and/or Platform located in the EEA, our legal basis for collecting and using the Personal Information described above will depend on the Personal Information concerned and the specific context in which we collect it. However, we will normally collect Personal Information from you only where we have your consent to do so, where we need the Personal Information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect Personal Information from you.
If we ask you to provide Personal Information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Information is mandatory or not (as well as of the possible consequences if you do not provide your Personal Information). Similarly, if we collect and use your Personal Information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.
- California residents – California Consumer Privacy Act (CCPA) provisions
The CCPA provides California resident users of the Website or the App (referred to in this section as California users) with specific rights regarding their Personal Information. This section describes California users’ rights and explains how they can exercise them.
Access to Specific Information and Data Portability Rights:
Exercising Access, Data Portability, and Deletion Rights:
California users have the right to request that we delete any of their Personal Information collected from them, subject to certain exceptions set out in the CCPA. These rights may be exercised by contacting us via firstname.lastname@example.org or by mail to Circle In, Suite G06, 175 Sturt St, Southbank, Melbourne, VIC 3006. Attn: Privacy
Only the relevant California consumer, or a person registered with the California Secretary of State that is authorized to act on a California consumer’s behalf, may make a verifiable consumer request related to that California consumer’s Personal Information. California users can also make a verifiable consumer request on behalf of their minor child. California users may only make a verifiable consumer request for access or data portability twice within a 12-month period.
The verifiable consumer request must:
- provide sufficient information that allows us to reasonably verify identity; and
- describe the request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
Response Timing and Format:
We will endeavour to respond to a verifiable consumer request within forty-five (45) days of its receipt. If more time is required (up to 90 days), we will inform you of the reason and extension period in writing. There is no fee for processing verifiable consumer requests unless it is excessive, repetitive, or manifestly unfounded.
We will not discriminate against any California users for exercising any of their CCPA rights.
Other California Privacy Rights:
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits California users to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please contact us via email@example.com or by mail to Circle In, Suite G06, 175 Sturt St, Southbank, Melbourne, VIC 3006. Attn: Privacy
- Making A Complaint
We take your complaints seriously and we will attempt to resolve any issues quickly and fairly. If you think that an act or practice of Circle In has interfered with your privacy in relation to your Personal Information, you can contact us using the details below. Please include your name, email address, telephone number and clearly describe your complaint.
Circle In, Suite G06
175 Sturt St, Southbank, Melbourne VIC 3006
If we cannot resolve your complaint to a satisfactory standard, you are entitled to lodge your complaint:
With the Office of the Australian Information Commissioner at: http://www.oaic.gov.au; or
For residents of the European Economic Area and the UK, with the relevant supervisory authority. A list of European Union national data protection authorities can be found on the European Commission website at: https://ec.europa.eu/info/strategy/justice-and-fundamental-rights/data-protection_en.In the United States you can contact the Federal Trade Commission and lodge a complaint through the process set out at: www.ftccomplaintassistant.gov
in the UK you have the right to lodge a complaint with the UK Information Commissioner’s Office which you can contact under https://ico.org.uk/global/contact-us/.