Effective as at May 2024
Your privacy is important to us and we are committed to ensuring that your Personal Information is managed in accordance with the Privacy Act 1988 (Cth) (the Act) and the Australian Privacy Principles (the Principles).
What is a Privacy Policy?
This Privacy Policy (Policy) sets out, in accordance with the Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles (APPs) (if applicable) the way in which STAGE Academy Pty Ltd & the Trustee of the STAGE Holdings Trust (ABN 30 241 679 044), together with its organisational representative, STAGE Holdings Pty Ltd and principal Vinh Giang (‘we’, ‘us’, or ‘our’) may collect, store, use, disclose, manage and protect your Personal Information in order to carry out our services and functions. In this Privacy Policy “you” or “your” refers to the reader as an individual.
If you are a resident of a foreign jurisdiction, there may be additional provisions that apply to you, and which are set out in this policy below. In those cases, the law that will apply (in addition to the Privacy Act) will be:
For EU & EMEA Residents: The European General Data Protection Regulation (GDPR);
For United Kingdom residents: Data Protection Act 2018 (UK GDPR)
For U.S. Residents: relevant U.S. privacy laws, and for California Residents: California Consumer Privacy Act of 2018 (CCPA);
For New Zealand Residents: Privacy Act 2020 (New Zealand); and
For Canadian Residents: Personal Information Protection and Electronic Documents Act (PIPEDA) and relevant provincial laws.
This Privacy Policy may be supplemented or amended from time to time, and may be subject to privacy statements that are specific to certain areas of our website or services provided by us. By accessing our website and/or using our services you agree to be bound by the Privacy Policy that is in effect at the time you access our website and/ or use our services. The Last Revised date of this Privacy Policy in section 17.2 will inform you as to whether it has been updated since your last visit. This Privacy Policy is publicly available via our website or by contacting us and requesting the same.
By using our services, accessing, requesting information on, enquiring about, using, receiving or providing feedback in relation to our operations or services (online, in writing, by telephone or in person), seeking employment or becoming a business partner or affiliate with us; or otherwise providing, or consenting to the collection of, Personal Information by us or our officers, agents or employees, after this Policy has been brought to your attention, you acknowledge and consent to the use, collection, storage or disclosure of your Personal Information by us in accordance with this Policy and the Privacy Act.
If you do not agree to us handling your Personal Information in the manner set out in this Policy, we will not be able to provide our services to you and you should not provide us with any Personal Information.
What is Personal Information?
We follow the definition of personal given in the Privacy Act: “Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not.” Personal Information may include “Sensitive Information” being:
information or an opinion about an individual’s:
racial or ethnic origin; or
political opinions; or
membership of a political association; or
religious beliefs or affiliations; or
philosophical beliefs; or
membership of a professional or trade association; or
membership of a trade union; or
sexual orientation or practices; or
criminal record;
health information about an individual; or
genetic information about an individual that is not otherwise health information; or
biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or
biometric templates,
however if the information is not Personal Information, it cannot then be Sensitive Information.
What kinds of Personal Information might we collect and hold?
General Personal Information
The Personal Information we may collect, hold, use and disclose about you depends upon your relationship with us, the service you have requested from us and how you interact with us. This information may vary depending on our specific needs, and may include but is not limited to:
your name;
your contact information, including:
postal and residential address(es);
telephone number(s); and
email address(es);
your financial information, including:
bank account or credit card details; and
PayPal account details;
records of your communications and other interactions with us; and
any content that you provide in connection with the use of our website including, but not limited to, postings on any blogs, forums, wikis and other social media applications and services that we may provide.
Non-Personal Information
We may also collect, hold, use and disclose information about you that is not necessarily Personal Information (but which could in some circumstances be re-identifiable, making it Personal Information) including, but not limited to:
data relating to your activity on our website or interaction with our emails via tracking technologies such as analytic, cookie and session tools, which can include:
the identity of your internet browser;
the type of operating system or mobile operating system you use;
your IP address;
the type of mobile device you use;
the mobile device unique ID;
the domain name of your internet service provider;
the pages accessed on our site; and
Non-identifiable details of any survey responses you provide.
We may use this Non-Personal Information for internal purposes including, administering our services, diagnosing problems, generating statistics and trends and improving the quality of our products and services.
How do we collect Personal Information?
We generally collect Personal Information directly from you, this can be:
when we contact you or you contact us;
when information is uploaded into our systems by you;
through applications or other forms that you complete and provide to us including surveys;
when you attend an event we have organised or sponsored;
when we communicate with you including, recording the information you provide during communication;
when you post about us on any blogs, forums, wikis and other social media applications and services; and
any other means by which you directly communicate or provide the information to us.
We only collect Personal Information about you that is necessary for us to perform the services you are seeking and when it is reasonably necessary and directly related to our services and functions.
If we receive your Personal Information in an unsolicited manner, within a reasonable period after receiving the information, we will determine whether or not we could have collected the information under the Act and the Principles as if we had solicited the information and:
if we determine we could not have collected your Personal Information and your Personal Information is not contained in a Commonwealth record, we will, as soon as practicable but only if it is lawful and reasonable to do so, destroy your Personal Information or ensure that your Personal Information is de-identified; or
if we determine we could have collected your Personal Information or your Personal Information is contained in a Commonwealth record, we will collect, hold, use and disclose your Personal Information in accordance with this Privacy Policy and any requirements of the Act and the Principles.
How do we hold and secure your Personal Information?
We will generally hold your Personal Information as electronic records on third party servers and in accordance with the storage and security of Personal Information procedures detailed below.
We have in place reasonable commercial standards of technology and operational security to protect all Personal Information provided to us from misuse, interference, loss, unauthorised access, modification or disclosure. We take steps to protect the Security of your Personal Information by regularly assessing risk and taking measures to address any potential risk.
We store your Personal Information digitally (unless legally required to retain in hard copy format). Any hard copy material is secured at our headquarters in Adelaide, South Australia. All digital material is secured using password protected computers and databases.
We primarily use a global data storage provider (ActiveCampaign) with servers located throughout the world. Some data may potentially be stored overseas and where appropriate, we have agreements with our storage providers to keep all Personal Information they store secure, using reasonable and appropriate security methods. We conduct regular audits of our compliance with this Policy and the Privacy Act to ensure that our privacy framework is in line with industry best-practice.
We destroy or de-identify Personal Information in a secure manner when we no longer need it, subject to any legal requirement to maintain Personal Information for a specific period of time.
Why do we collect, hold, use and disclose Personal Information?
We offer a wide range of products and services to our clients and we need to collect certain Personal Information in order to be able to provide these effectively. We will collect, hold, use and disclose your Personal Information where it is reasonably necessary to:
provide or offer you relevant products and services;
respond to your requests or inquiries;
establish, manage and maintain any relevant products and services provided to you;
any other purpose you may reasonably expect;
any other purposes that have been disclosed to and authorised by you (including but not limited to those you consent to below); and
any purpose authorised or required by law, a court or tribunal including those required by the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), the Corporations Act 2001 (Cth), and the US Foreign Account Tax Compliance Act (US).
These primary purposes may include disclosures to organisations or third parties that handle information on our behalf or provide us with technical support services and professional advice.
If we have collected Personal Information (other than a government related identifier) for a primary purpose, we will not use of disclose the Personal Information for another purpose (other than for Direct Marketing) unless:
you have consented to the use or disclosure of the Personal Information; or
you would reasonably expect us to use or disclose the Personal Information for the other purpose and the other purpose is:
if the information is Sensitive Information – directly related to the primary purpose; or
if the information is not Sensitive Information – related to the primary purpose; or
otherwise authorised by law, a court or tribunal.
By providing us with your Personal Information, you consent to us collecting, holding, using and disclosing your Personal Information (including holding by, using by and disclosure to any third parties or overseas recipients):
in the manner set out in this Privacy Policy;
for the primary purposes referred to above;
for the secondary purposes referred to above;
for any other purpose(s) specified in this Privacy Policy;
to provide you with news and information about our products and services or events;
for any purpose necessary or incidental to the provision of our products and services (including mobile applications);
to provide you with functionality on our website;
to personalise your experience with our products and services (e.g., via use of blogs, forums, wikis and other social media applications and services);
for internal purposes including administering our services, diagnosing problems, generating statistics and trends and improving the quality of our products and services;
to send you marketing and promotional material (including Direct Marketing) that we believe you may be interested in;
to seek your feedback on our products and services, or for market research purposes;
as part of a corporate transaction such as a sale, divesture, merger or acquisition; and
for any other purpose required or authorised by law, a court or tribunal.
Your Personal Information may also be used and disclosed in order to protect our rights or property and that of our users and, where appropriate, to comply with legal processes, which may include disclosure to law enforcement, regulatory or government agencies.
Who do we share your Personal Information with?
We may share your Personal Information with third parties for the reasons referred to in section 6, or where the law otherwise allows or requires us to.
The types of third parties include:
contracted service providers and specialist advisers we engage to provide us with services such as administrative, financial, insurance or research services;
third party suppliers (each a Third Party Supplier) who provide us with necessary hardware, software, networking, connectivity, functionality, storage and related technology required to provide our products and services (including our website and online courses) some of whom may contact you on our behalf;
courts, tribunals and other dispute resolution bodies in the course of a dispute;
anyone authorised by you or to whom you have provided your consent (either expressly or impliedly); and
anyone to whom we are required or authorised by law to disclose your Personal Information (e.g., law enforcement agencies and national and international government and regulatory authorities including but not limited to the Australian Taxation Office, the Australian Prudential Regulation Authority, The Australian Securities and Investments Commission, the Australian Transaction Reports and Analysis Centre and the United States Internal Revenue Service.
Do we use your Personal Information for Direct Marketing purposes?
We may use your Personal Information to communicate directly with you to promote our products and services and provide you with information about our products, services and activities that we believe you may be interested in (Direct Marketing).
If you receive Direct Marketing material from us, and do not wish to continue receiving it, please contact us by any of the methods stated in this Policy, asking to be removed from all future Direct Marketing programs. Once we have received your opt-out request, we will remove you from our Direct Marketing programs as soon as reasonably practicable.
SMS Communications Policy
We may contact you by SMS (text message) for the following purposes: promotions and special offers, reminders and alerts (e.g., event or account updates), service notifications, surveys, and important operational updates relating to our products and services.
How we obtain your number & consent
You will only receive SMS from us if you have provided your mobile number and consented (e.g., by ticking a box, completing a web form, purchasing with consent, or texting a designated keyword to opt in). You can withdraw consent at any time (see Opt-out below).
Use and sharing of mobile numbers
Your mobile number is used solely to deliver the SMS communications described above. We do not sell or share mobile numbers for third-party marketing. We may disclose your number to contracted service providers who send messages on our behalf, under confidentiality obligations and only for this purpose.
Message frequency
Message frequency varies by program and your activity, but you can generally expect up to 4 messages per month for promotions and up to 8 messages per month during active programs, launches, or events. Operational or security notices may be sent as needed.
Charges disclosure
Message and data rates may apply, depending on your mobile plan and carrier. We are not responsible for any charges imposed by your carrier.
Opt-out / unsubscribe
You can stop receiving SMS at any time by replying STOP to any message. After you send STOP, we will send a one-time confirmation SMS and then cease messaging that program. To resume, follow the original opt-in method or contact us. For help, reply HELP or contact the Privacy Officer (see Contact Us).
Delivery, availability and eligibility
Delivery of SMS may be delayed or unavailable due to your carrier or network. Some programs may be limited to certain countries or carriers. We are not liable for delayed or undelivered messages.
International compliance notice
We aim to comply with applicable laws in the regions where messages are sent, including the Spam Act 2003 (Cth) and ACMA guidance (Australia), PECR/UK GDPR (UK), GDPR (EU when applicable), TCPA/CTIA guidance (US), CASL (Canada), and Unsolicited Electronic Messages Act 2007 (New Zealand). If local rules provide additional rights or requirements, we will honour them.
If you have questions about our SMS program or your preferences, please contact our Privacy Officer using the details in the Contact Us section.
Do we transmit your information via the internet?
Where appropriate we use secure transmission facilities; however, no transmission of information over the internet can be guaranteed to be completely secure and we do not warrant the security of any information transmitted by or to us over the internet. Users enter our website and use our other products and services at their own risk.
What about social networking services and linked websites?
We may use social networking services such as Twitter, Facebook, LinkedIn, Instagram, TikTok and YouTube to communicate with you and the public at large about our work. When you communicate with us using these services we may collect your Personal Information, but we only use it to help us to communicate with you and the public. The social networking service will also handle your Personal Information for its own purposes. These social networking services have their own privacy policies and we strongly recommend that you review them.
Our websites may contain links to external third party websites or mobile applications that we believe may be of relevance or use to you. This Privacy Policy does not apply to any of these linked websites or mobile applications and they are not subject to our privacy standards and procedures. A linked website or mobile application may contain its own privacy statement and we strongly recommend that you review it before using the website or mobile application.
What about Cookies and analytics?
Our website and emails may use a range of tools provided by third parties, including ActiveCampaign, Facebook Marketing and our web hosting company to collect or view website and internet traffic information. These sites have their own privacy policies.
We may also use cookies and session tools to improve and customise your experience when accessing our websites. Cookies are frequently used on the internet and you can choose if and how a cookie will be accepted by changing your preferences in your browser. You may not be able to access some parts of our website if you choose to disable the cookies, particularly the secure parts of the website. We therefore recommend you enable cookie acceptance to benefit from all the services on the website.
Do we send your information overseas?
We are a South Australian based organisation, however we may disclose your Personal Information to our servers, agents and employees, Third Party Suppliers, and other third parties and service providers located overseas (each an Overseas Recipient) including holding your Personal Information on third party servers located overseas. The country in which an overseas recipient is likely to be located is the United States.
In the event that your information is sent overseas, we will use our best endeavours to ensure that any overseas supplier will keep all Personal Information secure.
We will only do so with your consent (including your consent given above or any implied consent) or otherwise in compliance with the Privacy Act and the Principles. We will inform you as far as reasonably practical of the countries in which overseas recipients are likely to be located.
When you communicate with us through a social network service such as Facebook or Twitter, the social network provider and its partners may also collect and hold your Personal Information overseas across a large multitude of countries. These social networking services have their own privacy policies and we strongly encourage you to review them.
How can you access and/or correct your Personal Information?
We will take reasonable steps to ensure that your Personal Information is accurate, complete, up to date and relevant whenever it is collected, used or disclosed. We rely on the accuracy of the information you, and anyone authorised by you, provides to us. If you think that we may hold information about you that is incorrect in any way, please contact us. If your Personal Information is found to be inaccurate, not up to date, incomplete, irrelevant or misleading having regard to the purpose for which it is held, we will take reasonable steps to correct your Personal Information.
You may request access to your Personal Information by contacting the Privacy Officer. You are also welcome to contact our Privacy Officer to:
seek more information about anything contained in this Privacy Policy;
request a copy of this Privacy Policy in a different format;
update or correct your Personal Information;
ask about accessing or correcting your Personal Information that we hold;
opt-out of receiving Direct Marketing information; or
make a privacy related complaint.
Subject to us being permitted or required by law to withhold your Personal Information, we would be happy to advise you what Personal Information we hold about you. We will respond to all requests within a reasonable period. An administrative fee may be charged to cover our costs in providing you with access to such information. This fee will be explained to you before it has been incurred.
You may request access to Personal Information we hold about you. Upon receiving an access request, we may request further details from you to verify your identity. The steps appropriate to verify an individual’s identity will depend on the circumstances and we seek the minimum amount of Personal Information needed to establish an individual’s identity.
We reserve the right not to provide you with access to Personal Information that we hold about you if we cannot verify your identity to our reasonable satisfaction.
We will respond to your access or correction request within a reasonable period of time.
If we refuse to provide you with access, we will notify you of our reasons and mechanism by which you can complain about our decision. Access may be denied where:
we believe your request is frivolous or vexatious;
we are entitled to reject a request by law;
we are unable to verify your identity; or
you have not paid the administrative fee (if any).
If you believe that the Personal Information we hold about you is inaccurate or otherwise requires correction, you may send us a correction request by contacting us. If we make a correction and we have disclosed the incorrect information to others, you can ask us to tell them about the correction. We must do so unless there is a valid reason not to.
How to make a complaint
You may contact our Privacy Officer at the contact details below at any time if you have any questions or concerns about this Policy or about the way in which we handle your Personal Information.
The Privacy Officer will first consider your complaint to determine whether there are simple or immediate steps which can be taken to resolve the complaint. We will generally respond to your complaint within a week.
If your complaint requires more detailed consideration or investigation, we will acknowledge receipt of your complaint within a week and endeavour to complete our investigation into your complaint promptly. We may ask you to provide further information about your complaint and the outcome you are seeking. We will then typically gather relevant facts, locate and review relevant documents and speak with individuals involved.
In most cases, we will investigate and respond to a complaint within 30 days of receipt of the complaint. If the matter is more complex or our investigation may take longer, we will let you know.
If you are not satisfied with our response to your complaint, or you consider that we may have breached the Australian Privacy Principles or the Privacy Act, a complaint may be made to the Office of the Australian Information Commissioner (OAIC) (for the most up-to-date contact details, please go to the OAIC’s website www.oaic.gov.au). The OAIC is independent to us.
If you have a question or complaint, you can raise it with us by contacting our Privacy Officer on the details below.
Contact us
Our Privacy Officer’s contact details are:Name: Daniel Yeow
Email: dan@vinhgiang.com
Phone: 0401 272 060 (please ask for the Privacy Officer)
By post: Privacy Officer,
STAGE Academy Pty Ltd & the Trustee of the STAGE Holdings Trust
3-5 Louis St
Stepney SA 5069
Australia
Does this Policy ever change?
From time to time, we may make changes to this Policy, with or without notice to you. We recommend that you visit our website to keep up to date with any changes.
This policy was last reviewed on 2 May 2024.
GDPR and UK GDPR – Notice
This notice is to European residents and residents of the United Kingdom and is supplementary to our Privacy Policy to explain your additional or specific rights as a European resident.
The GDPR is the European Union (EU) data protection law. The UK GDPR is the law implementing the GDPR in the United Kingdom. Australian-based organisations that offer goods or services to persons in the EU/UK or who may access their website. This provision will not apply to a significant portion of the persons who use our site or services.
From time to time, we may capture or collect Personal Information that passes through the EU or UK. This might occur, for example, if a person in the EU or UK accesses the Site and we collect analytical data about them, enquiries about our services from the EU or UK, or if one of our customers gives us information about a person in the EU or UK. If this occurs, we will treat the Personal Information received in accordance with this policy.
Where data is processed or monitored in the EU or UK, you may have additional rights, such as:
the right to request that we delete your Personal Information (unless we require that information to comply with a legal obligation, or need it to bring or defend a legal claim);
the right to restrict our processing of your Personal Information (where it is inaccurate, would be unlawful to process, or where it has not been deleted due to us needing it to meet a legal obligation);
the right to receive your Personal Information in a readable format (Right to Data Portability); and
the right to object to the processing of Personal Information.
A complete list of your rights may be viewed here: General Data Protection Regulation (GDPR) – Official Legal Text (gdpr-info.eu)
We also have certain obligations in relation to the management of a data breach, including:
We must advise the relevant statutory authority of a data breach within 72 hours of becoming aware of the breach; and
We must advise affected persons.
CCPA – Notice
This notice is to California residents and is supplementary to our Privacy Policy to explain your additional or specific rights as a Californian resident (if we are deemed a CCPA Business). This provision will not apply to a significant portion of the persons who use our site or services.
You have the right to:
request access to Personal Information we collect, use, disclose and if relevant sell up to two times per year;
request we delete Personal Information we collect from you, subject to applicable legal exceptions;
(if relevant) opt-out of sale of Personal Information.
To make an access or deletion request please contact the email specified in paragraph 16 above.
PIPEDA – Notice
This notice is to Canadian residents and is supplementary to our Privacy Policy to explain your additional or specific rights as a Canadian resident (if we are deemed a PIPEDA Business). This provision will not apply to a significant portion of the persons who use our site or services.
You have the right to:
access your Personal Information;
challenge the accuracy of your Personal Information;
challenge our compliance with the PIPEDA by raising your concerns with our Privacy Officer.
To make an access request, request correction of your Personal Information or challenge our compliance with the PIPEDA please contact the email specified in paragraph 16 above.
NZ Privacy Act – Notice
This notice is to New Zealand residents and is supplementary to our Privacy Policy to explain your additional or specific rights as a resident of New Zealand (if we are deemed to come under the Privacy Act 2020).
You have the right to:
be told how, when and why we are collecting your Personal Information;
be told what will happen if you do not give us your Personal Information;
have your Personal Information kept safe; and
see your information and request that it be corrected.
To make an access or correction request please contact the email specified in paragraph 16 above.