Home » Privacy Policy

Our Commitment to Your Privacy

At Global Data Pty Ltd, we are unwavering in our commitment to protecting your privacy. As an ISO27001-certified Data and Information Services Provider based in Australia, we strictly adhere to the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy clearly outlines our approach to managing your personal information transparently and responsibly.

Our core services involve providing advanced automated data solutions to industries that rely on accurate and dependable information. Our activities include collecting, aggregating, and verifying extensive datasets used specifically for:

  • Know Your Customer (KYC) Services
  • Identity Verification Services
  • Fraud Prevention Services
  • Risk Assessment Services
  • Marketing Insights
  • Social Media Profile Verification
  • ID Document Verification Services
  • Anti-Money Laundering & Counter Terrorism Financing (AML-CTF) Services

A core aspect of our operations involves leveraging data to strengthen Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) initiatives. We also play a critical role in supporting law enforcement agencies by assisting in the identification and investigation of individuals involved in unlawful activities. These may include, but are not limited to: stalking, catphishing, financial fraud, identity manipulation, and other illicit actions involving the misuse of false or fabricated data.

We remain firmly committed to protecting consumers’ personal information. Personally Identifiable Information (PII) is handled securely and ethically, in accordance with the highest industry standards. Our security measures and risk management controls are subject to regular review and audit as part of our ISO27001 compliance obligations. We are transparent about the personal information we collect, the purposes for its use, its sources, and your rights, including the right to request the suppression or deletion of your data where permitted by law.

Access to our data systems is strictly limited to entities that demonstrate a legitimate legal and commercial purpose. Unauthorised individuals or organisations lacking a clear and lawful justification are unequivocally denied access. All access to our data environments is logged and maintained to ensure full regulatory compliance and auditability.

Types of Information We Collect

At Global Data Pty Ltd, the collection of personal information is integral to the delivery of advanced data solutions. The specific types of information we collect vary depending on the dataset we are aggregating, purchasing, licensing, or verifying at any given time. We may collect personal information including, but not limited to your Full name; Gender; Age or age range; Residential address; Mobile and landline telephone numbers; Email addresses; Social media profile details; Employment information; IP address and geolocation data; Residential occupancy history; Consumer and purchasing behaviour demographics. This list is indicative, not exhaustive, and reflects the scope of our data aggregation, acquisition, and enhancement activities.

As an approved Gateway Service Provider (GSP) for the Commonwealth Government’s Document Verification Service (DVS), endorsed by the Australian Attorney-General’s Department, we also perform identity verification checks. These checks may require the collection of government identifiers, including those from Australian-issued driver’s licences, passports, and other identity documents. In addition, Global Data is an authorised and trusted Data Services Broker (DSB) for the Australian Coordinating Registry and the Australian Death Check.

We are committed to handling personal information lawfully, ethically, and with due regard to privacy. We affirm that we do not collect sensitive health or medical information. All data collection is undertaken in compliance with applicable data protection laws and is consistent with our ISO27001-certified privacy and security controls. Personal information is collected only for lawful purposes and is used solely for the purposes for which it was originally collected, in accordance with the Australian Privacy Principles and delivering our commercial solutions.

We do not knowingly collect personal information relating to minors. All datasets that we purchase, license, or aggregate undergo a data cleansing process to identify and remove records associated with individuals under the age of 18. In limited cases where a minor may have used an adult’s contact details—for example, in an online competition or a social media registration—such records are identified and immediately removed from our systems and are not made commercially available.

We may also license or enrich our datasets using information from trusted third-party data partners, including organisations in the credit reporting sector, superannuation and payroll providers, government agencies, and affiliate marketing networks. All data partners are subject to a rigorous onboarding process to ensure they comply with the Privacy Act 1988 (Cth), meet our ISO27001-aligned risk management criteria, and uphold the same privacy and security standards applied by Global Data.

Sensitive Information for AML/KYC Compliance

In accordance with the Privacy Act 1988 (Cth), ‘sensitive information’ includes data such as racial or ethnic origin, political opinions, religious beliefs, sexual orientation, criminal records, and biometric information. Global Data collects sensitive information solely for purposes directly related to our functions or activities, including but not limited to AML/CTF compliance and identity verification. Such information is handled with the highest level of confidentiality and security, in line with our ISO27001 certification.

With your express consent, Global Data may collect certain, sensitive personal information, to meet or perform our obligations under Australian law, including the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act), and to facilitate Know Your Customer (KYC) processes for identity verification and fraud prevention purposes. In delivering these services, the types of sensitive information we may collect include:

  • Facial biometric information: We may capture your photograph or facial scan to verify your identity against official government identification documents.
  • Government identifiers: Information such as your driver’s licence number, passport number, or Medicare number may be collected to verify your identity through official government verification services. We will not adopt or use these identifiers as our own internal identifiers.

Sensitive personal information will only be collected with your express consent, clearly obtained at the time of collection through an explicit opt-in process. If you choose not to provide consent for collection of sensitive information required for our AML/CTF and KYC checks, we may not be able to provide our services to you or your customer. We will not use sensitive information collected for AML/KYC purposes for marketing or unrelated activities without your explicit consent. We also do not disclose sensitive information to overseas recipients without your express consent.

How and Where We Collect Personal Information

At Global Data Pty Ltd, we are committed to transparency in how we collect personal information. Our data collection practices are governed by the Privacy Act 1988 (Cth) and aligned with the Australian Privacy Principles.

We collect personal information through the following means:

Direct Collection from Individuals: We primarily collect information directly from you, with your express or implied consent. At the time of collection, we provide clear information on how your data will be used and obtain your authorisation before proceeding.

Public and Partner Sources: We may collect personal information from publicly available sources (e.g. public registries, online profiles) and from trusted commercial partners. In such cases, we collect data with your consent or in circumstances where you would reasonably expect your personal information to be collected for the stated purpose.

Third-Party Verification Providers: Where we receive personal information from third-party organisations (e.g. verification service providers, commercial data brokers, or institutional partners), we require confirmation that:

  • The information was collected in accordance with the Privacy Act 1988 (Cth).
  • The third party is legally authorised to disclose the information to us.
  • We are permitted to use the information for the purposes for which it was provided and in connection with our business solutions.

Use and Disclosure: We use and disclose personal information only where permitted by law and in accordance with the following principles:

  • You have provided consent for the use or disclosure of your personal information.
  • That consent has not been withdrawn or suppressed, either with Global Data or its data partners.
  • The information is available from a public source and its use is consistent with the reasonable expectations of the individual concerned.
  • The information is used for the purpose for which it was collected, published, or made available.
  • The use or disclosure is required or authorised by or under an Australian law, court order, or regulatory direction.

Due to the nature and volume of information obtained from public and third-party sources, it may be impracticable for Global Data to notify every individual at the time of collection. In such instances, we ensure that:

  • If we have not obtained information directly from you, and it is not impracticable to do so, we will take reasonable steps to notify you as soon as practicable, in accordance with our obligations under APP 5.
  • Personal information sourced from the public domain is not used for direct marketing communications unless expressly permitted.
  • Such information is used strictly for identity verification, fraud prevention, risk assessment, or analytical insight.

Why We Collect Personal Information and How We Use It

The personal information we collect supports the core operational and compliance needs of our clients. Our use of such information is governed by the Privacy Act 1988 (Cth) and the Australian Privacy Principles. The primary purposes for which we collect, use, and disclose personal information include:

1. Business Operations

We collect and process personal information to enable legitimate commercial functions, such as:

  • Preventing and investigating fraud
  • Locating individuals for identity verification, skip tracing, and related processes
  • Assisting authorised investigations by law enforcement agencies
  • Delivering the products and services our clients require to meet their regulatory, verification, and risk management needs

2. Provision of Enhanced Services

We offer a suite of advanced software-as-a-service (SaaS) and API-integrated commercial products that facilitate:

  • Identity and document verification
  • Fraud prevention and mitigation
  • Know Your Customer (KYC) due diligence
  • Data enrichment
  • Skip tracing and location services
  • Consumer profiling and marketing segmentation (where permitted by law)

These services rely on the lawful use of personal information, collected directly or via verified data partners, to enable our clients to perform their business activities efficiently and in compliance with applicable regulations.

3. Regulatory Compliance and Public Safety

We support public and private entities in meeting statutory obligations, including those under:

  • The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth)
  • Commonwealth and State identity verification requirements
  • Sanctions screening and politically exposed persons (PEP) checks
  • Risk-based customer due diligence and AML/CTF reporting

Our services assist clients in meeting their obligations for safe, lawful, and transparent engagement with individuals.

4. Controlled Access and Governance

Global Data ensures that access to personal information is granted only to thoroughly vetted commercial and government entities. All users of our services must demonstrate a legitimate business need and satisfy due diligence criteria. We apply rigorous compliance checks and adhere to our ISO27001-certified information security and risk management standards to maintain the integrity of all data access.

5. International Data Provision (When Applicable)

In limited cases, we may supply global personal information obtained through a trusted network of international, privacy-compliant third-party data providers. This occurs only where it is relevant to:

  • Verifying the identity or history of an Australian resident with offshore connections
  • Identifying publicly available records related to individuals or entities outside Australia as part of lawful skip tracing, fraud investigations, or social media verification efforts

All international data sources used by Global Data undergo a strict review to ensure compliance with equivalent privacy, data handling, and cross-border transfer obligations.

To Whom We Disclose Your Personal or Sensitive Information

Disclosure to Third Parties:

Global Data Pty Ltd discloses personal and sensitive information only in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and our ISO-certified risk and compliance framework. We disclose information solely to vetted third parties and enterprise customers for lawful, consented, and legitimate purposes. The categories of recipients and circumstances of disclosure include:

  1. Enterprise Customer Access: Disclosure of personal information to our enterprise customers is subject to the following conditions:
    • Consent-Based Use: Information is disclosed only for purposes for which the individual has provided consent, or where the use or disclosure is otherwise authorised by law.
    • Commercial Supply: Access is facilitated via our secure SaaS platforms and APIs, governed by the Australian Privacy Principles and our published Service and Data Terms of Use.
    • Contractual Compliance: All customers must enter into binding agreements that incorporate our data handling requirements, permissible use conditions, and obligations regarding suppression and deletion requests.
  2. Third-Party Data Partners: We may share personal and sensitive information with third-party service providers who assist in delivering our solutions. These include, but are not limited to:
    • Identity verification and document validation providers
    • Regulatory compliance and AML/CTF technology partners
    • Social media intelligence solution providers
    • Government-accredited data sources (e.g. DVS, Death Check)
    • All third-party providers are subject to stringent contractual obligations, including confidentiality, information security controls, and adherence to the Privacy Act 1988 (Cth) and the APPs. No personal or sensitive information is sold to third parties for marketing purposes under any circumstances.
  3. Disclosure to Data Partners: In limited circumstances, we may disclose personal information to approved third-party data partners for the purpose of delivering integrated services, including:
    • Identity and document verification (DVS)
    • Social media profiling and intelligence
    • Know Your Customer (KYC)
    • Anti-Money Laundering/Counter-Terrorism Financing (AML/CTF) compliance solutions
    • These data partners are subject to formal onboarding, compliance assessments, and continuous monitoring to ensure their practices align with our obligations under the Privacy Act and our ISO27001 framework.
  4. Legal and Enforcement Disclosures: We may disclose personal information where required or authorised by:
    • Applicable Australian laws or regulations
    • Court orders or legal processes
    • Requests from authorised law enforcement or regulatory bodies conducting lawful investigations
    • Any such disclosure is assessed on a case-by-case basis to ensure that it is lawful, necessary, and proportionate.

How Secure Is Your Personal Information

At Global Data Pty Ltd, we understand the paramount importance of safeguarding your personal information and data from unauthorised access. Here’s how we ensure the security of your data:

  • ISO 27001 Certification: We are ISO 27001 certified and trusted, a testament to our commitment to maintaining high standards of data security.
  • Regular Audits and Testing: We conduct regular audits and system penetration testing to identify and rectify any potential vulnerabilities.
  • Data Storage & Security: All personal and sensitive information collected by Global Data is stored securely on AWS servers located within Australia. We employ advanced security measures, including encryption, firewalls, and intrusion detection systems, to protect data from unauthorised access, disclosure, alteration, or destruction. Regular security audits are conducted to ensure ongoing compliance with our ISO27001 certification and to adapt to emerging security threats.​
  • Access Controls: We implement IP address access controls and Multi-Factor Authentication (MFA) for all data services, providing an additional layer of security.
  • Encryption: All information, both in transit and at rest, is encrypted using industry-standard secure encryption methods.
  • Limited Access: Your personal information is only provided to those who require access to perform their business functions. This may include users and subscribers of our products and services, and any law enforcement agency to whom we are required by law to provide your personal information.
  • Policy Review: We regularly review this policy and assess our performance against it to ensure we are meeting and continue to meet our obligations under the Privacy Act 1988 Cth.
  • Employee Training: All employees and agents of Global Data are required to undergo proficient training on data handling and the rules of disclosure under the Australian privacy principles.
  • Automated Security Systems: We have automated security and intrusion detection systems in place, along with detailed event logging and automated auditing systems, to further secure our systems.

Our data and compliance team are committed to maintaining the highest standards of data security and privacy. We continually strive to enhance our security measures to protect your personal information. Such security measures are comprehensively detailed in our security control documents.

How We Maintain the Quality of Your Personal Information

Global Data recognises the importance that any data information we hold is up to date and accurate. The information we receive from the users of our products and services and the data we collect as described throughout this policy, are subject to various enhancements to ensure the information is as accurate as possible. Where updated or enhanced information is available, we incorporate it into our datasets and products without delay. We update our full universe dataset weekly, however, enhance and append daily, through our highly advanced Pango data engine. Our automated systems clean and repair all data records on delivery. The system removes all known bot attributes and inappropriate filter block words. We then match, validate and enhance with cross-referenced trusted and highly scored data records. This process utilises numerous trusted datasets to validate and clean the data.

In addition to our internal processes, when utilising data from third-party vendors for KYC, Identity Verification, or AML/CTF purposes, we apply stringent quality standards. Each third-party source undergoes a rigorous vetting and auditing process. This ensures that their data quality aligns with our high standards, guaranteeing the integrity and reliability of the information we use and provide.

Access to Our Data from Outside Australia

We place paramount importance on protecting consumer’s personal information from unauthorised and unethical use. As an Australian company, we adhere strictly to the Privacy Act 1988 Cth and our ISO27001 security compliance procedures. Here’s how we manage international access to our data:

  • No Foreign Access Without Consent: We do not permit access to our data platforms from outside Australia unless prior written consent has been provided and unless required for specific services.
  • International Vetting Application: Any entity seeking access from outside Australia must complete and receive approval through our rigorous International Vetting application. This application records full identity particulars on the organisation and person seeking access. It also provides for an assurance or privacy warranty to be provided by the contracting parties responsible privacy officer or managing director.
  • Record Keeping: Approved applications are securely stored and can be provided to relevant government bodies such as the OAIC, ACCC, or the ACMA, should the need arise.
  • Strict Consequences for Breach: Any unapproved attempts to access our data systems from outside Australia is a breach of our Terms and Conditions and will result in the suspension of the client account pending a full review. Misuse of any of our data, whether within Australia or internationally, will result in immediate suspension or cancellation of our services to the client.
  • VPN Use: Customers using a VPN to mask their IP address will not be granted access to our systems. For more details, refer to our Terms and Conditions here. MFA and IP restrictions are mandatory for any granted access.

When engaging in AML/CTF or Identity Verification processes, it may be necessary for Global Data to collaborate with international data partners. In such instances, we ensure these partners are in full compliance with the Australian Privacy Act and Australian Privacy Principles. For operations involving social media validations, the data shared is always de-identified to protect individual privacy. Furthermore, for all other data-sharing purposes, we ensure that all data information is securely encrypted during transit, upholding our commitment to data security and privacy standards.

We are committed to protecting consumer’s right to privacy. No access to a company outside of Australia will be granted unless we approve them and their use case for the data. In such cases, we ensure that the overseas recipient adheres to privacy standards equivalent to those under the Australian Privacy Act 1988 (Cth) and the APPs.

Email / SMS Data & Spam Act

Global Data is committed to upholding the integrity of the data we provide and ensuring compliance with the Spam Act 2003. We do not support any unauthorised practices that could lead to spamming or unwanted contact for consumers.

When we supply mobile numbers or emails to our clients through any of our data platforms, the client/user agrees not to use any third-party validator or ‘Pinger’ outside of those supplied within our automated solutions. The use of unknown phone or email validators can result in unwanted spam for consumers, which is something we actively work to prevent.

If a client is found to be using a third-party service to validate or ‘ping’ email addresses supplied by us, we will suspend or cancel their access in support of the Spam Act 2003 and the consumer’s right to privacy. Any misuse or harassment of consumers via SMS, Telemarketing or email will also result in immediate suspension or cancellation of our services to the client.

When a consumer is contacted by digital communication for marketing purposes, such as Email or SMS, our clients must provide the option for the consumer to unsubscribe or opt-out. Global Data clients have access to an opt-out manager feature within its Quester Marketing Portal. Consumers have the right to request the client to add them to the opt-out register database and cease contacting them. This action should be performed immediately upon the opt-out request by the consumer for both the client’s and consumer’s protection.

In addition to our existing practices, we conduct comprehensive vetting and auditing of our clients’ use of marketing data. This process ensures that our clients clearly define and adhere to the intended use of the marketing data we provide. We carefully verify that their usage aligns with both the consent obtained from consumers and the requirements of the Spam Act 2003. This proactive approach highlights our commitment to responsible data management and compliance with relevant privacy and communication laws.

For more information, please refer to our Services and Data Terms of Use, and ensure full compliance with the relevant Spam rules and regulations.

Complaints, Access and Corrections

Individuals have the right to access the personal information we hold about them and to request corrections if they believe the information is inaccurate, outdated, or incomplete. To make such a request, please contact our Privacy Officer noted below. We will respond to access or correction requests within 30 days, in accordance with the Privacy Act 1988 (Cth).

You will not be charged for making a request to suppress or remove your personal information held by us. However, we may charge a fee to provide you with access to your information to cover our administrative costs in some unusual cases. We will inform you of the fee at the time the request is made, if applicable. Should you wish to gain access to, correct, remove, or suppress your personal information, you may contact the Privacy Officer as noted below:

ATTN: Privacy Officer
Global Data Pty Ltd
Bourke Place, Level 16, 600 Bourke Street, Melbourne, VIC 3000 Australia
Phone: 03 8370 2323 (Automated service)
Email: suppression@globaldata.net.au

If you would like us to update your information or believe that any of the information we hold is incorrect, please let us know and it will be corrected or removed from our database at your request. All requests for access and corrections including complaints and suppression’s, will be handled expeditiously and in writing only, we do not under any circumstances reveal any personal information over the phone or by email unless we have identified you as the person to whom the record relates. We reserve the right to deny any privacy requests where we cannot adequately identify you or request further identity information.

We aim to resolve all privacy request issues within 30 days or sooner if practical. We do not disclose, suppress or reveal personal information on any record over the phone and will require our standard privacy forms to be completed. This is for the protection of the individual, to ensure only they access their information. For clarity, where a consumer wishes to discover the source of their personal information held by Global Data, we will only release their personal information on the sources directly to them or their appointed legal representative and in writing only and where we have accurately identified them. Our Privacy access process is restricted to the consumer in question and as such, we cannot provide information to third parties and breach our internal compliance procedures. We do not store any data you provide us in the Privacy form within our data universe and it is only used for the purpose of identifying and suppressing your information from further commercial use and actioning your privacy suppression request.

Refusal to Complete Our Privacy Compliance Forms

You are welcome to choose not to complete our privacy compliance forms if you prefer. However, without these forms, we won’t be able to share or confirm any details about the record you’re enquiring about. To process requests such as suppressing, accessing, or releasing your personal information, we need the forms completed and returned.

If you decide not to complete the forms, the only action we can take is to add the details you provide to our suppression list (blacklist). This means that if we receive that record in the future, it will be immediately flagged and prevented from being used. Additionally, if the record is already within our data, it will be suspended from further use. This suppression can only take place if the limited information you provide is enough for us to identify and act on the record.

If you are not satisfied with the handling of your complaint by Global Data, you have the right to escalate the matter. You may refer your complaint to the Office of the Australian Information Commissioner (OAIC). For further information or to lodge a complaint, you can visit their website at https://www.oaic.gov.au or contact them directly on 1300 363 992. We encourage you to engage with us directly in the first instance, as we are committed to resolving your concerns swiftly and fairly.

Data Breach Response

In the event of a data breach involving personal or sensitive information, Global Data will promptly assess the situation in accordance with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth). If the breach is likely to result in serious harm, we will notify affected individuals and the OAIC as soon as practicable, providing details of the breach and recommended steps for protection.

Website Data Collection and Use

At Global Data Pty Ltd, we prioritise your privacy while navigating our website. Here’s an overview of how we handle your data:

Data Collection: When you visit our site, we collect information through enquiry forms and emails. This includes personal details provided by you and your IP address, which our web server automatically recognises.

Purpose of Data Use: The collected data aids in identifying potential customers, providing requested services, addressing inquiries, conducting customer and marketing research, and informing you about our products and services. We ensure the security of any financial transactions and do not store sensitive financial information.

Cookie Usage: Our website enhances your experience using cookies, small data files stored on your browser. These cookies, categorised as Essential, Performance and Analytics, and Advertisement and Targeting, serve various functions:

  • Essential Cookies: Crucial for website functionality, ensuring proper operation.
  • Performance and Analytics Cookies: Remember your past choices, enhancing website interaction.
  • Advertisement and Targeting Cookies: Anonymously track website usage, pages visited, and links clicked for improved content relevance.

Cookies contribute to a more personalised, efficient, and secure browsing experience. Most browsers accept cookies by default, but you can adjust your browser settings to manage cookie preferences. Please note, disabling cookies may limit access to certain website features.

Rest assured, all information collected is handled in accordance with our overarching Privacy Policy, and we are committed to not selling your personal information or using it beyond the stated purposes.

** The online web version of this document is always the most recent. It is the responsibility of the company or individual relying on this policy to ensure that any printed version of this Privacy Policy is the most recent version. Any printed version of this document is superseded by this, our online digital version.**

Version 2.2 – 15 April, 2025

(03) 9948 4089
Request a Demo
BACK TO TOP