Privacy Policy

1. INTRODUCTION

1.1. Elevia Group Pty Ltd (ACN 673 635 320) ("Elevia Group", "we", "our" or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, process, store, share and disclose your personal information in connection with our consulting Services—including strategic and financial modelling tailored to the needs of SMEs and PE/VC portfolio companies—as well as via our website and related online interactions (collectively, the “Services”). You can also refer to our Terms and Conditions for further details regarding your rights and our obligations.

1.2. This Privacy Policy is designed to comply with the Australian Privacy Principles (“APPs”) contained in the Privacy Act 1988 (Cth) and should be read in conjunction with our Terms and Conditions. By using our Services or accessing our website, you consent to the collection, use and disclosure of your personal information as described in this Privacy Policy.

2. PERSONAL INFORMATION WE COLLECT

2.1. Types of Personal Information

We define personal information as any information that relates to an identified or identifiable individual. The types of personal information we may collect include:

• Identification and Contact Details:
  Your full name, mailing address, email address, telephone number(s), date of birth, gender, and, where applicable, your professional role and company details.
• Billing and Payment Information:
  Billing details such as your ABN, credit or debit card information (processed securely via our payment service providers) and any other information required to manage invoicing.
• Technical Information:
  IP address, browser type, device information, operating system, screen resolution, and other similar data collected automatically when you access our website.
• Usage Data:
  Information regarding your interactions with our website and online Services—including pages viewed, session information, and statistics—to help us monitor and improve our Services.
• Communication Data:
  Records of your correspondence with us, whether by email, phone, or other means.
• User-Provided Content and Feedback:
  Any content you choose to provide on our website (for example, via surveys, contact forms or other interactive features) including any comments, queries or feedback.

2.2. Sensitive Information:
We do not generally collect sensitive information as defined in the Privacy Act 1988 (Cth). (which includes, for example, details relating to racial or ethnic origin, political opinions, health, etc). If sensitive information is required for a specific purpose, we will only collect it with your explicit consent or as otherwise authorised by law.  We ask that you do not provide such information unless expressly required and with your clear consent.

3. HOW WE COLLECT PERSONAL INFORMATION

3.1. We collect personal information through various channels, including:

• Direct Interactions:
  When you contact us via email, telephone, post, or in person during meetings or consultations, and when you complete forms on our website.
• Automated Technologies:
  As you interact with our website, we may automatically collect technical and usage data via cookies and other tracking technologies.
• Third Parties and Public Sources:
  We may receive personal information from third parties, such as business partners or public sources, to verify or supplement the information you provide.

4. PURPOSE OF COLLECTION AND USE OF PERSONAL INFORMATION

4.1. We use your personal information for purposes directly related to the provision and improvement of our Services. These purposes include, but are not limited to:

• Provision of Services:
  To deliver, manage, and improve our Services and tailor our Service offerings to your business requirements.
• Improving Our Website and Services:
  Analysing website usage, enhancing functionality and performance, and developing new service features.
• Client Relationship Management:
  To communicate with you regarding our Services, respond to inquiries, and provide customer support.
• Administrative and Legal Purposes:
  To process payments, manage accounts, comply with legal obligations, conduct audits, and resolve disputes.
• Marketing and Communications:
  To inform you about our Services, updates, or events that may be of interest to you. We will obtain your consent before sending any direct marketing communications.
• Security and Fraud Prevention:
  To verify your identity, protect against unauthorised access, and prevent fraud or other harmful activities.

4.2. We will only use or disclose your personal information for the primary purposes for which it was collected or for secondary purposes if:

• (a) You have consented to the use or disclosure;
• (b) You would reasonably expect such use or disclosure in relation to the primary purpose; or
• (c) The use or disclosure is required or authorised by law.

5. DISCLOSURE OF PERSONAL INFORMATION

5.1. We may disclose your personal information to:

• Our Employees, Consultants, and Service Providers:
  Who require the information to provide or support our Services. These parties are contractually bound to handle your personal information securely and confidentially.
• Regulatory and Government Authorities:
  As required by law, regulation, or legal process.
• Other Third Parties:
  With your consent, or where permitted or required by law, for purposes such as business transfers, mergers, or restructuring.

5.2. All third parties with whom we share your personal information are required to protect it in a manner consistent with this Privacy Policy and the APPs.

6. INTERNATIONAL DATA TRANSFERS

6.1. As our Services are provided exclusively in Australia, your personal information will be collected, stored, and processed within Australia.
6.2. We do not transfer your personal information to recipients outside Australia. In the unlikely event that an international transfer is necessary, we will take reasonable steps to ensure that the recipient complies with the APPs and provides a similar level of protection.

7. DATA RETENTION

7.1. We will retain your personal information for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, or reporting requirements.
7.2. Specific retention periods may vary depending on the type of information and the nature of our relationship with you. For example:

• Account and Transaction Information: Retained for the duration of your engagement plus a period required by law (typically up to 7 years).
• Usage and Technical Data: Retained for a period sufficient for analysis and improvement of our Services, generally not exceeding 2 years, unless a longer retention period is required.

8. YOUR RIGHTS AND CHOICES

8.1. Under Australian privacy law, you have the following rights regarding your personal information:

• Access: You have the right to request access to the personal information we hold about you.
• Correction: You may request that we correct any inaccurate or incomplete information.
• Deletion: In certain circumstances, you may request that we delete your personal information.
• Objection: You have the right to object to our processing of your personal information in certain circumstances.
• Withdrawal of Consent: Where we rely on your consent to process your personal information, you may withdraw that consent at any time.
• Opt-out of Marketing: You have the right to opt out of receiving marketing communications from us.

8.2. To exercise these rights, please contact us using the details provided in Section 16. We will respond to your request within a reasonable timeframe, usually within 30 days.

9. ACCESS, MANAGEMENT OR DELETION OF PERSONAL INFORMATION – EUROPE

9.1. Although our Services are provided exclusively in Australia, if you reside in the European Union you may have enhanced rights under the General Data Protection Regulation (GDPR). These rights include:

• Access and Correction: Requesting access to and correction of your personal information.
• Deletion and Portability: Requesting deletion or data portability of your personal information under certain conditions.
• Objection and Restriction: Objecting to or restricting our processing of your personal information.

9.2. To exercise any of these rights, please contact us using the details provided in Section 16. We may charge a reasonable fee where permitted by law to cover the costs of providing access to your personal information.

10. SECURITY MEASURES

10.1. We take commercially reasonable steps to protect your personal information from unauthorised access, modification, disclosure, or loss. Our security measures include, but are not limited to:

• Encryption: Use of industry-standard encryption (e.g. SSL/TLS) for data in transit and at rest.
• Access Controls: Implementation of access controls and authentication measures.
• Regular Reviews: Regular review and updating of our security practices and procedures.
• Employee Training: Ongoing security awareness and training for our staff.

10.2. Please note that while we strive to protect your personal information, no security system is impenetrable and we cannot guarantee absolute security.

11. COOKIES AND TRACKING TECHNOLOGIES

11.1. We use cookies and similar tracking technologies on our website to collect technical and usage information. This helps us to improve the performance and user experience of our website.

12. TYPES OF COOKIES WE USE

12.1. Essential Cookies:
Necessary for the proper functioning of our website and cannot be switched off.

12.2. Performance Cookies:
Allow us to collect information on how visitors use our website, which helps us to enhance its performance.

12.3. Functionality Cookies:
Enable the website to remember your preferences and provide enhanced functionality.

12.4. Targeting Cookies:
May be set by us or our third-party partners to build a profile of your interests and display relevant advertisements.
12.5. You can adjust your browser settings to manage or block cookies. However, please note that some parts of our website may not function properly if cookies are disabled.

13. LINKS TO THIRD PARTY WEBSITES

13.1. Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites and encourage you to review their privacy policies before providing any personal information.

14. CHILDREN’S PRIVACY

14.1. Our website and Services are not directed towards children under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have inadvertently collected personal information from a child under 18, we will take prompt steps to delete such information.

15. CHANGES TO THIS PRIVACY POLICY

15.1. We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons.
15.2. Any material changes will be communicated by updating the "Last Updated" date on this Privacy Policy and, where appropriate, by notifying you directly.
15.3. We encourage you to review this Privacy Policy periodically to stay informed about our information practices and your privacy rights.

16. CONTACT US

16.1. If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact our Privacy Officer at:

• Elevia Group Pty Ltd
  Level 3, 8-10 King Street
  Rockdale NSW 2216
  Australia
• Email: info@eleviagroup.com

16.2. We will endeavour to respond to your enquiry within 30 days.

17. COMPLAINTS

17.1. If you believe that we have breached this Privacy Policy or the APPs, you may lodge a complaint with our Privacy Officer using the contact details in Section 16.
17.2. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at:

• Office of the Australian Information Commissioner
  GPO Box 5218
  Sydney NSW 2001
  Australia
• Phone: 1300 363 992
• Email: enquiries@oaic.gov.au
• Website: www.oaic.gov.au

18. ANONYMITY AND PSEUDONYMITY

18.1. Where practicable, we provide you with the option of not identifying yourself or using a pseudonym when dealing with us. However, certain interactions or Services may require you to provide your personal information.

19. DIRECT MARKETING

19.1. We may use your personal information to send you marketing communications about our Services, events, or other information that we believe may be of interest to you.
19.2. You can opt out of receiving marketing communications at any time by following the unsubscribe instructions in the communication or by contacting us using the details in Section 16.

20. GOVERNMENT IDENTIFIERS

20.1. We do not use government identifiers (such as tax file numbers or Medicare numbers) as a means of identifying individuals in our records.

20.2. By using our Services or visiting our website, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your personal information as described herein.

This Privacy Policy forms part of the contractual arrangements between you and Elevia Group Pty Ltd and is intended solely for the purposes of our service provision within Australia.