Privacy Policy

Enixa Privacy Policy

In this Privacy Policy, “we”, “us” and “our” means Enixa Digital Pty Ltd (ACN 628 803 752).
Our mobile and web applications, and the service we provide (together the Services) are designed to help individuals, teams and entire organizations transform, based on an approach to transformation that has been developed and refined over two decades, while providing you with the best possible experience. In order to do this, and to understand how you use and interact with the Services, we need to collect and process your personal information.

We understand and respect how important your privacy and the security of your personal information is to you, and the trust you have placed in us to safeguard your privacy and personal information.
This Privacy Policy explains how and why we collect, store, disclose, and use your personal information, and the choices and controls you have around the handling of your personal information.
By installing our mobile or web application, or using or accessing our Services, you agree to the collection and processing of your personal information in accordance with this Privacy Policy. If we are not able to collect, store, disclose and use your personal information we may not be able to provide you with
our Services.

In this Privacy Policy, ‘personal information’ has the meaning given to it in the Privacy Act 1988 (Cth) and includes any information or opinion, whether true or not, about an identified individual or an individual who is reasonably identifiable.

Collection of Personal Information

Collection of Personal Information

The information that we collect depends on the nature of your interactions with us.

Registration

When you register for our Services, install our mobile or web applications, we collect personal information from you such as your email address, name, company, payment details and other information which helps us in conducting our business. In the course of using the Services, you may also be providing the personal information of other individuals, such your work colleagues, friends or family. We also collect certain information from the device or browser you use to access the Services such as information about the device or browser, public IP address (in server logs), images uploaded by the user and access logs. As a general rule we do not collect ‘sensitive information’, as that term is defined in the Privacy Act.

Using Enixa

Depending on how you continue to use the Services, we will collect information uploaded by you onto your account such as: quantitative information from surveys and interaction points that are collected at an aggregated level. As well as qualitative inputs including perspectives, goals, deliverables, behaviour shifts, drumbeat, shared aspirations, purpose, stories, symbols, images, notes and tasks. From the nature of the Services, we must process this type of information in order to provide the Services, for example we will; process your deliverables and behaviour shifts to enable the presentation of your scorecard. All qualitative inputs are encrypted and individual data cannot be accessed by us. You are responsible for ensuring the accuracy of the personal information you provide to us, inaccurate information may affect your ability to use the Services or our ability to contact you. If you chose not to provide certain information about yourself, we may not be able to provide the Services.

As we continuously work to improve our Services, additional personal data may be collected from you. In such cases, we will notify you when the personal data collection takes place.

How do we collect and hold personal information?

We generally collect your personal information directly from you when you register for our Services, install our mobile or web applications, complete activities in the mobile or web applications, email us, meet with us or otherwise contact us.

Use of Personal Information

How do we use your personal information?

For individual transformation, your personal information will be used to provide insights to help you on your journey.
For team and organizational transformation, your personal information will be used to help you on your journey and will also be used to generate insights and averages for the group that you belong to.
Personal information gathered through the app may also be used to generate average figures and insights to be used in public reporting.

Why do we collect, hold, use and disclose personal information?

As described above, we generally collect, store, disclose, and use your personal information for the primary purpose for which is was collected – to provide our Services and conduct our business, develop, manage and enhance our Services, including our apps and websites, to comply with our legal obligations and to communicate with you to provide or promote our Services.
We may also use or disclose your personal information for other purposes which you consent to or which are required or permitted by law. This may include for a secondary purpose that is related to a purpose for which we collected it, and for which you would reasonably expect us to use or disclose your personal information. For example, to inform you of future content or marketing communications.
If at any time you would like to unsubscribe from receiving future content, surveys, features or other marketing information or communications, we include in all electronic messages a statement that may send an unsubscribe message to us using the contact details provided in that electronic message, alternately you can contact us using the ‘Contact us’ details set out below to unsubscribe or update your preferences.

How do we use cookies?

A cookie is a small text file created by the websites visit and apps you use, and contains information about you and keeps track of your preferences. These text files are stored on your device and can, among other things, keep you from having to remember your password. Information from cookies may be used to improve the user experience and/or the Services and to target marketing campaigns and offers to our customers. Cookies are also used for secure communications with the app specific CSRF tokens. User sessions are secured mainly using an authenticated token via the drawbridge link.
We use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your device for a set period of time or until you delete them). If your internet browser is set and configured to accept cookies, you consent to the use of cookies.
If you do not accept cookies, you can prevent cookies from being saved on your device by changing the settings of your web browser. You can also delete cookies which have been previously stored. In such cases, please refer to the help section of your internet browser. If you choose not to accept cookies, you can still use our Services, but their functionality may be somewhat limited.

How do we protect your information?

The security and integrity of your personal information is very important to us. We use accepted industry standards, technologies, and procedures, such as firewalls, security software, etc., in order to protect the integrity of your personal data and to prevent any unauthorised access.
While we take reasonable steps to secure the personal information you provide to us, please be aware that despite our best efforts, no system can be 100% secure and we cannot guarantee the absolute security of your data. To assist in protecting your information, we urge you to:

  • limit access to your mobile phone, tablet, computer, and browser; and
  • use a unique and strong password, and protect that password;
  • log out after having used the Services.

Where required by applicable law, we will notify you, and the Office of the Australian Information Commissioner and/or other relevant regulatory authorities, of data breaches.

Disclosure of Personal Information

Who do we disclose your personal information to?

We may disclose your personal information (including, in certain limited circumstances, your sensitive information) for the purposes for which it was collected (as described above) to: entities who assist us in providing our Services (including as hosting providers, companies carrying out system monitoring, customer support system providers and payment service providers); and where we are required or authorised to do so by law or with your consent.

Are we likely to disclose your personal information overseas?

We may utilise the services of overseas companies or individuals to assist us in providing the Services
or who perform functions on our behalf (such as AWS for image handling, application hosting and data storage, video processing and hosting; Stripe for subscription and invoice processing and discount
code management).
You can view a list of the countries in which those overseas organisations are located at www.enixa.co.

Data Storage

In order for us to maintain a high availability of our Services across the globe, services for Enixa will be available at a range of IP addresses, however personal data is only ever stored and maintained within the United States.
In some situations, we may be required or authorised by law to disclose to your personal information overseas, and in other situations you may authorise us to disclose your personal information overseas (for example where you need to obtain feedback from an individual based overseas).

How you can access, correct and delete your personal information?

Subject to any exceptions set out in the Privacy Act 1988 (Cth), you have the right to request access to, and correction or deletion of, your personal information held by us. You can make a request by contacting the Data Protection Officer using the details below. We will require you to verify your identity, and will notify you in advance of any costs associated with processing your request.
Alternatively, you can also amend or delete your personal data within your account via your profile section of the Services.

How can you make a privacy related compliant?

If you have any questions about privacy-related issues or wish to complain about a breach of your privacy or the handling of your personal information by us, please contact our Data Protection Officer at:

Data Protection Officer
Email: [email protected]
Tel: +61 2 9321 7000

We may ask you to lodge your complaint in writing. Any complaint will be investigated by the Data Protection Officer and you will be notified of the making of a decision in relation to your complaint as soon as is practicable after it has been made, usually within 30 days.
If we are unable to satisfactorily resolve your concerns about our handling of your personal information, you can contact the Office of the Australian Information Commissioner:

GPO Box 5218
Sydney NSW 2001
Email: [email protected]
Tel: 1300 363 992
Online: www.oaic.gov.au

Application of European privacy laws

If you are an individual in a country in the European Economic Area (EEA), we may be required to comply with the EU General Data Protection Regulation 2016/679 (the GDPR) which applies to us when processing the personal data of individuals (data subjects) who are in countries in the EEA in relation to offering you our products or services or if we monitor any of your behaviour when in those countries. You can read our GDPR Collection Notice below. This includes additional information we are required to tell you about in relation to your privacy, including the basis on which we collect your personal information and your data subject rights under the GDPR.

Updates to this Policy

This Privacy Policy will be reviewed from time to time to take account of new laws and technology, changes to our operations and practices and the changing business environment. The most current version of this Privacy Policy is located at www.enixa.co/privacy-policy and can also be obtained by contacting our Data Protection Officer at [email protected].

GDPR Collection Notice

Identity and contact details of data controller

This notice applies to the collection and processing of your personal data if you are in a country that is a member of the European Economic Area (EEA) by or on behalf of Enixa Digital Pty Ltd (‘we’, ‘us’, ‘our’).
This notice tells you how we collect and process your personal data and the legal basis for processing it, what we use it for and who we share it with. It also explains particular rights you have in relation to the processing of your personal information and reflects some key features of our Privacy Policy available at www.enixa.co/privacy-policy.
For the purposes of GDPR, Enixa Digital Pty Ltd, with the address Level 10, 49-51 York Street, Sydney NSW 2000, is a data controller responsible for the processing of your personal information.

Contact Us

Please contact us if you have any questions or comments about this notice, our Privacy Policy, or you wish to exercise the rights you have under applicable privacy laws, which are explained further below.
The contact details of our Data Protection Officer responsible for monitoring and advising on compliance with the GDPR are as follows:

Data Protection Officer
Email: [email protected]
Tel: +61 2 9321 7000

Categories and sources of personal data

The categories of information that we collect from you and other sources are explained in our Privacy Policy.

Building profiles based on your use

The purpose of Enixa and our Services is to enable transformation for individuals, teams and entire organizations.
To help us improve Enixa and our Services, and to be able to offer you the most relevant features of the Services, we also analyse the usage of the Services, and develop user profiles. Profiling means we process your and other users’ personal information to analyse or predict aspects of your use of the Services and the likely outcomes. We also track actions taken by you to monitor how engaged users are in different features of the Service, to find out ways to make the Service more effective and better match your individual patterns and preferences, and to help you achieve your goals.
Profiling of aggregated user data may also be used for marketing to potential customers on platforms other than the Services, such as social media platforms like Instagram and business forums such as LinkedIn.

Purposes of processing

In connection with our legitimate interests in carrying on our business

We may use your information for our legitimate interests (where we have considered these are not overridden by your rights and which you have the right to object to as explained below) in:

  • identifying opportunities to improve our service to you and improving our service to you
    (including ‘profiling’);
  • allowing us to run our business and perform administrative and operational tasks
    (such as training staff, risk management; developing and marketing our products and services, undertaking planning, research and statistical analysis; and systems development and testing);
  • verifying identity, preventing or investigating any fraud or crime, or any suspected fraud or crime.

GDPR Collection Notice

We may also use and process your personal information where we are required by applicable laws, regulations or codes that bind us.

With your consent

Where required, we will only use your personal information for the purpose for which you have given your valid or explicit consent for, which we will ensure we have obtained before we process your information.

For direct marketing

With your consent where required by law, we may communicate with you (through the preferred communication channel(s) you have selected, which may include by emails, notifications, or any other electronic means including via social networking forums) to tell you about products, services, events and offers that may be of interest to you.
If you have provided your consent to receive direct marketing, you can withdraw it at any time without detriment, generally you can do this by using the opt-out features that are available in mobile or web application settings, or by clicking the ‘unsubscribe’ link at the bottom of such message, alternately you can contact us using the ‘Contact us’ details set out above and we will process your request as soon as practicable.

Transferring your information overseas

We may need to share some of the information we collect about you from the EEA with service providers both inside and outside Australia, sometimes we may need to ask you before this happens.
You can view a list of the countries in which those overseas organisations are located at www.enixa.co.
Your personal data is only ever stored and maintained within the United States. However, as electronic or networked storage can be accessed from various countries via an internet connection, it’s not always practicable to know in which country your information may be accessed or held. If your information is stored in this way, disclosures may occur in countries other than those listed.
If we or our service providers transfer any of your personal information we collect from you out of the EEA, it will only be done with relevant protections in place. We will take steps to ensure that your personal information will be afforded the level of protection required of us under and in accordance with our Privacy Policy and applicable data protection laws and in accordance with current legally recognised data transfer mechanisms, such as where the country has been deemed adequate by the European Commission, where a valid Privacy Shield certification exists (in the case of a data transfer to a Privacy Shield certified US recipient – https://www.privacyshield.gov/welcome or by adopting appropriate EC approved standard contractual clauses (see [https://ec.europa.eu/info/law/law-topic/data-protection_en)
If you wish to know whether or not the country to which the overseas disclosure is intended to be made has been deemed adequate by the European Commission, please refer to this link:

https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en#dataprotectionincountriesoutsidetheeu

Overseas organisations may be required to disclose information we share with them under an applicable foreign law.

What happens when we no longer need your information?

When we no longer require your information for business operations or applicable laws, we’ll ensure that your information is destroyed or de-identified.
Keep in mind however that there will be residual information that will remain within our databases, access logs and other records, which may or may not contain your personal information.
We may also retain a record of any stated objection by you to receiving marketing for the purpose of ensuring we can continue to respect your wishes and not contact you further.

Your personal information rights

How to access your information, including right to portability

Subject to applicable laws, you have the right to access your personal information and to receive a copy of that information, provided that such request does not adversely affect the rights and freedoms of others
You can ask us to access your personal information that we hold by contacting our Data Protection Officer using the contact details below. You can also ask that personal information provided by you to us is transmitted to another party.
We may need to verify your identity to respond to your request. We will respond to any request within a reasonable period permitted under applicable privacy laws and will generally give access unless an exemption applies to certain information.
We will give you access to your information in the form you want it where it’s reasonable and practical. We may charge you a small fee under certain circumstances to cover our costs when giving you access but we’ll always confirm this with you first.
If we can’t give you access, we will tell you why in writing and how you can make a complaint about our decision.

How to correct your personal information

You have the right to correction (rectification) of personal information and can contact us if you think there is something wrong with the information we hold about you. Alternately, you can also correct certain elements of your personal information via the settings in the mobile or web applications.
If you are worried that we have given incorrect information to others, we will tell them about the correction. If we can’t, then we’ll let you know in writing.

Your right to erasure of your information

You also have in certain circumstances the right to request that the personal information collected from you is erased. If we refuse any request you make in relation to this right, we will tell you why in writing and how you can make a complaint about our decision. To request that your personal information be erased, email [email protected]

Your right to object to or restrict processing of your information

You may also request that further processing of your personal information is restricted in certain circumstances, including while we investigate your concerns with this information.

Your right to withdraw consent at any time

You may also withdraw your consent where provided or object to the further processing of your personal information under certain circumstances. If we refuse any request you make in relation to this right,
we will write to you to explain why and how you can make a complaint about our decision.
The withdrawal of your consent will not affect the processing of your information that you had
consented to.

How do you make a complaint?

If you have a complaint about how we handle your personal information, we want to hear from you. Please email our Data Protection Officer at: [email protected]
You have the right to make a complaint to the relevant data protection authority (for example in the place you reside or where you believe we breached your rights).
Need more help?

Office of the Australian Information Commissioner
Online: www.oaic.gov.au/privacy
Phone: 1300 363 992
Email: [email protected]

Office of the UK Information Commissioner
Online: www.ico.gov.uk
Phone: 0303 123 1113
Live chat: https://ico.org.uk/global/contact-us/live-chat

I introduced Enixa to my top 100 leaders to create more capability and alignment across the team. Within a few short months, its powerful impact was evident, individually and collectively.

Andy PennCEO, Allied Pinnacle