.svg)
Sandbox Company (ABN 45 149 990 189) is committed to providing quality services to its clients. This policy outlines our ongoing obligations regarding how we manage personal information.We respect and uphold your rights under the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The APPs govern how we collect, use, disclose, store, secure and dispose of your Personal Information.A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at www.aoic.gov.au
What Personal Information do we collect and how?
When undertaking research on behalf of our clients
As a human-centred design agency, we ask people to share their opinions, behaviours, attitudes and experiences to inform our design of services. We will generally collect your personal information directly from you in the course of you participating in our research and/or surveys.
The personal information we collect about you depends on the nature of the research we conduct or what you choose to share with us.
Examples of personal information we collect may include names, email address, age, phone number, mailing address, occupation, place of work.
This personal information is obtained in a number of ways including interviews, correspondence, by telephone, video conference and email, from your website and from other publicly available sources. Depending on the nature of the research we conduct, we may also collect sensitive information from you, including, for example, political opinion, or health information.
Sensitive information will only be collected with your prior consent and only if it is directly related to, or reasonably necessary for, the research we conduct.
Collecting information from third parties
We may also collect your information through third parties, for example directly from our client or from a research participant recruitment agency. This information is collected for the purpose of identifying your appropriateness as a research participant, and for contacting you regarding participation in our research. In each case the third party we understand will have obtained your consent to disclose this information for research purposes.
How do we use your personal information?
We collect your personal information for the purpose of coordinating and conducting research that informs the development of new products and services on behalf of our client. We will share research information with our client – this is anonymised where possible unless we have your express consent.
We may also use your personal information for secondary purposes closely related to the primary purpose in circumstances where you would reasonably expect such use or disclosure, for example referring to research notes for a similar or related internal project for the same client.
When we collect personal information, we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it. We do not collect and record information that is not required for the purposes of coordinating and carrying out research.
Disclosure of personal information
We do not use or disclose your personally identifiable information for advertising, promotion or direct marketing activities.
Your personal information may be disclosed in a number of circumstances including the following:
• Third parties where you consent to the use or disclosure (our client); and
• Where required or authorised by law.
Security of personal information
Your personal information is stored in a manner that reasonably protects it from misuse and loss and from unauthorised access, modification or disclosure. This includes taking measures to restrict access to only personnel who need that personal information to effectively conduct and carry out research. We have technological measures in place including; anti-virus software, fire walls, business grade network security and multi-factor authentication practices.
We may use data storage providers that are located overseas. A list of these providers can be accessed on request
Should a data breach involving personal information occur:
• Sandbox will take positive steps to address the breach in a timely manner and take remedial action such that the data breach does not cause serious harm.
• Sandbox will undertake reasonable and expeditious assessment to determine if it is an ‘eligible data breach’, that is a breach likely to cause serious harm to any individual affected.
Access to your personal information
You have the right to access the personal information we hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access your personal information, please contact us in writing.
Sandbox will not charge any fee for your access request. We may charge an administrative fee for providing a copy of your personal information.
To protect your personal information we may require identification from you before releasing the requested information.
Retention and destruction of information
We will de-identify or destroy personal information when it is no longer needed for the reason it was initially obtained. Personal information may be stored for longer than required at the request of our client – security for storage will be agreed with the client.
Sandbox website
We use Google Analytics to collect information about your visit to our website; including your device, operating system, browser, screen resolution, the date and time of your visit, pages accessed, duration of your visit. We will use this information to assess and improve the design of our website.
Policy updates
This Policy may change from time to time and is available on our website.
Questions and complaints
If you have any queries or complaints about our Privacy Policy please contact us at:
Sandbox Company
Managing Director:
tim@sandboxcompany.com.au
+61 415 213 309