Our Commitment to Privacy
At Global Data Pty Ltd, our dedication to safeguarding your privacy is unwavering. As a certified ISO27001 Data and Information Services Provider located in Australia, we uphold the Privacy Act 1988 Cth and the Australian Privacy Principles with the utmost integrity. Our Privacy Policy clearly describes our approach to managing your personal information with absolute transparency and care.
In our primary role, we offer sophisticated automated data solutions to industries reliant on precise and reliable data. This encompasses the collection, aggregation, and validation of substantial data sets for purposes including but not limited to;
- Know Your Customer (KYC) protocols
- Identity Verification
- Fraud Prevention
- Risk Assessment
- Marketing Insights
- Social Media Profile Verification
- Document Verification
- Anti-Money Laundering & Counter Terrorism Financing
A fundamental component of our operations involves the application of data in bolstering Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) initiatives. Equally critical is our role in supporting law enforcement agencies in identifying and apprehending individuals engaged in illicit activities, including but not limited to, stalking, catphishing, financial fraud, and other nefarious actions, through the misuse of fabricated data.
We are steadfast in our commitment to protecting the personal information of consumers. We engage in secure and ethical handling practices for Personally Identifiable Information (PII), ensuring our security measures and risk controls are regularly reviewed and audited in line with our ISO certifications. It is our promise to you to be transparent about the personal information we handle, its purposes, origins, and your entitlement to have it suppressed or deleted upon request.
We assure that access to our data is strictly provided to entities demonstrating a legitimate legal business intent. Unauthorised individuals or organisations without a clear purpose are categorically denied access. We keep a detailed record of all access to our data systems for regulatory compliance and enforcement.
Types of information we collect
At Global Data Pty Ltd, our data collection is pivotal to delivering state-of-the-art data solutions. The type of information we gather hinges on the specific data we are aggregating, purchasing, or collecting at any given time. We may collect personal details such as a person’s full name, gender, age or age range, residential address, phone numbers (both mobile and landline), email addresses, social media details, employment information, IP address geographics, occupancy history, and specific buying and consumer behaviour demographics. While this list is not exhaustive, it outlines the scope of our data collection, purchase, and enhancement activities.
As an approved Gateway Service Provider (GSP) for the Document Verification Service (DVS) by the Australian Attorney-General, we also perform identity verification checks that require us to collect government identifiers from driver’s licenses, passports, and other Australian Identity Documents. We are also a trusted and ‘approved’ Data Services Broker (DSB) for the Australian Coordinating Registry and the Australian Death Check.
We are committed to handling your data responsibly. We want to assure you that while we do collect some personal details for verification and business purposes, we do not gather sensitive information such as medical or health records, racial or religious affiliations, or your political and sexual preferences. All our data collection processes are designed to respect your privacy and adhere strictly to the highest standards of data protection laws and certifications. We want to assure you that all data that we collect is only used for the purpose that it was collected for and in accordance with the Australian Privacy Principles.
We do not knowingly collect data on minors. All data that we purchase, license or aggregate undergoes a data cleansing process to eliminate such records when identified. There may be instances where a minor uses an adult’s contact information, for example, in an online sponsored competition or for a social media account set-up. When such records are detected, they are immediately removed from our data universe and are no longer commercially available.
We also leverage and license expanded datasets from third party data partners, which can include those in the Credit Bureau sector, Superannuation and Payroll sector, Government sector, and affiliate Marketing sector. These partners are subject to a stringent onboarding process to ensure their compliance with the Privacy Act 1988 Cth, our ISO risk controls, and adherence to the same processes and compliance standards as Global Data.
How & where do we collect personal information?
We value transparency in our data collection methods:
Direct from you: Your information is primarily obtained directly with your consent.
Consent Declaration: We clearly state how your data will be used, ensuring you’re informed before consenting to share your personal information.
From Public and Partner Sources: We responsibly collect personal data from public records and trusted partners, always with your consent or when you would reasonably expect such collection.
Third-Party Verification: When we collect personal information from third parties, we seek confirmation that the information was acquired in accordance with the requirements of the Privacy Act 1988 Cth, that they are entitled to provide it to us, and that they can authorise us to use it for the purposes for which they are supplying it and our business solutions.
Use and Disclosure: Personal information collected is only used and disclosed under the following circumstances:
- Your consent or permission was obtained in relation to the use or disclosure of the information.
- Such consent has not been withdrawn or suppressed with Global Data or its Data Partners.
- Your information was available in the public domain, and it is reasonably expected that you would receive contact.
- It is used for the purpose for which the information was collected and published.
- We are required to or authorised to under Australian Law or orders from any competent court.
Please note that it may be impractical for Global Data to contact and notify each individual in the public domain about their information being collected due to the nature and volume of information that we receive. However, we ensure that such data will not be used for any marketing communications and only used for consumer insights and identity data verification. We will attempt to notify the individual as soon as practical if no direct consent was given to collect an individual’s personal information in the public domain, or indirect consent was provided through a third party.
Why do we collect personal information and how do we use it?
The personal information we collect serves the fundamental business needs of our customers. Its primary business use is for:
Business Operations: Enabling activities like fraud prevention, locating individuals for various verification processes, and police investigations.
Enhanced Services: We provide advanced SaaS and API commercial products that allow our clients to perform business activities associated with identity verification, document verification, fraud prevention, skip tracing, data enrichment and marketing related activities.
Compliance and Safety: We assist in Identity Verification, KYC solutions, and crucially, support Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) endeavours.
As a reputable Australian Information Services provider, we ensure data is made available only to thoroughly vetted enterprises, maintaining our commitment to data protection and ISO-certified standards.
In certain cases, our services include offering global data on individuals worldwide. This information comes from our approved and compliant network of third-party data providers. Such provision is typically for business activities requiring social media verification or when tracing and verifying an Australian resident uncovers information related to individuals or records of associated residents outside of Australia.
To whom do we disclose personal information?
We disclose personal information exclusively to our business enterprise customers, under strict compliance protocols:
- Consent-Based Use: Access to personal information is granted to enterprise customers only for its intended or consented purposes.
- Commercial Supply: We supply data through our automated SaaS portals and APIs, in line with the Australian Privacy Principles and our Service and Data Terms of Use found here:
- Third-Party Data Partners: For approved Identity Verification, Social Media Intelligence, KYC, Document Verification (DVS), and AML/CTF services, we may provide personal information to our third-party data partners to deliver our supported solutions.
- Customer Compliance: Access is restricted to customers who adhere to our data terms of use.
- Legal Disclosure: We may disclose information as required by Australian law or for enforcement-related activities, like police investigations.
How secure is your personal information?
At Global Data Pty Ltd, we understand the paramount importance of safeguarding your personal information and data from unauthorised access. Here’s how we ensure the security of your data:
- ISO 27001 Certification: We are ISO 27001 certified and trusted, a testament to our commitment to maintaining high standards of data security.
- Regular Audits and Testing: We conduct regular audits and system penetration testing to identify and rectify any potential vulnerabilities.
- Data Storage: As an Australian company, we store our data within Australia on AWS servers located in Sydney, ensuring compliance with local data protection regulations.
- Access Controls: We implement IP address access controls and Multi-Factor Authentication (MFA) for all data services, providing an additional layer of security.
- Encryption: All information, both in transit and at rest, is encrypted using industry-standard secure encryption methods.
- Limited Access: Your personal information is only provided to those who require access to perform their business functions. This may include users and subscribers of our products and services, and any law enforcement agency to whom we are required by law to provide your personal information.
- Policy Review: We regularly review this policy and assess our performance against it to ensure we are meeting and continue to meet our obligations under the Privacy Act 1988 Cth.
- Employee Training: All employees and agents of Global Data are required to undergo proficient training on data handling and the rules of disclosure under the Australian privacy principles.
- Automated Security Systems: We have automated security and intrusion detection systems in place, along with detailed event logging and automated auditing systems, to further secure our systems.
Our data and compliance team are committed to maintaining the highest standards of data security and privacy. We continually strive to enhance our security measures to protect your personal information. Such security measures are comprehensively detailed in our security control documents.
How do we maintain the quality of your personal information?
Global Data recognises the importance that any data information we hold is up to date and accurate. The information we receive from the users of our products and services and the data we collect as described throughout this policy, are subject to various enhancements to ensure the information is as accurate as possible. Where updated or enhanced information is available, we incorporate it into our datasets and products without delay. We update our full universe dataset weekly, however, enhance and append daily, through our highly advanced Pango data engine. Our automated systems clean and repair all data records on delivery. The system removes all known bot attributes and inappropriate filter block words. We then match, validate and enhance with cross-referenced trusted and highly scored data records. This process utilises numerous trusted datasets to validate and clean the data.
In addition to our internal processes, when utilising data from third-party vendors for KYC, Identity Verification, or AML/CTF purposes, we apply stringent quality standards. Each third-party source undergoes a rigorous vetting and auditing process. This ensures that their data quality aligns with our high standards, guaranteeing the integrity and reliability of the information we use and provide.
Access to our data from outside Australia
We place paramount importance on protecting consumer’s personal information from unauthorised and unethical use. As an Australian company, we adhere strictly to the Privacy Act 1988 Cth and our ISO27001 security compliance procedures. Here’s how we manage international access to our data:
- No Foreign Access Without Consent: We do not permit access to our data platforms from outside Australia unless prior written consent has been provided.
- International Vetting Application: Any entity seeking access from outside Australia must complete and receive approval through our rigorous International Vetting application. This application records full identity particulars on the organisation and person seeking access.
- Record Keeping: Approved applications are securely stored and can be provided to relevant government bodies such as the OAIC, ACCC, or the ACMA, should the need arise.
- Strict Consequences for Breach: Any unapproved attempts to access our data systems from outside Australia is a breach of our Terms and Conditions and will result in the suspension of the client account pending a full review. Misuse of any of our data, whether within Australia or internationally, will result in immediate suspension or cancellation of our services to the client.
- VPN Use: Customers using a VPN to mask their IP address will not be granted access to our systems. For more details, refer to our Terms and Conditions here.
When engaging in AML/CTF or Identity Verification processes, it may be necessary for Global Data to collaborate with international data partners. In such instances, we ensure these partners are in full compliance with the Australian Privacy Act and Australian Privacy Principles. For operations involving social media validations, the data shared is always de-identified to protect individual privacy. Furthermore, for all other data-sharing purposes, we ensure that all data information is securely encrypted during transit, upholding our commitment to data security and privacy standards.
We are committed to protecting consumer’s right to privacy. No access to a company outside of Australia will be granted unless we approve them and their use case for the data.
Email / SMS Data & Spam Act
Global Data is committed to upholding the integrity of the data we provide and ensuring compliance with the Spam Act 2003. We do not support any unauthorised practices that could lead to spamming or unwanted contact for consumers.
When we supply mobile numbers or emails to our clients through any of our data platforms, the client/user agrees not to use any third-party validator or ‘Pinger’ outside of those supplied within our automated solutions. The use of unknown phone or email validators can result in unwanted spam for consumers, which is something we actively work to prevent.
If a client is found to be using a third-party service to validate or ‘ping’ email addresses supplied by us, we will suspend or cancel their access in support of the Spam Act 2003 and the consumer’s right to privacy. Any misuse or harassment of consumers via SMS, Telemarketing or email will also result in immediate suspension or cancellation of our services to the client.
When a consumer is contacted by digital communication for marketing purposes, such as Email or SMS, our clients must provide the option for the consumer to unsubscribe or opt-out. Global Data clients have access to an opt-out manager feature within its Quester Marketing Portal. Consumers have the right to request the client to add them to the opt-out register database and cease contacting them. This action should be performed immediately upon the opt-out request by the consumer for both the client’s and consumer’s protection.
In addition to our existing practices, we conduct comprehensive vetting and auditing of our clients’ use of marketing data. This process ensures that our clients clearly define and adhere to the intended use of the marketing data we provide. We carefully verify that their usage aligns with both the consent obtained from consumers and the requirements of the Spam Act 2003. This proactive approach highlights our commitment to responsible data management and compliance with relevant privacy and communication laws.
For more information, please refer to our Services and Data Terms of Use, and ensure full compliance with the relevant Spam rules and regulations.
Complaints, Access and Corrections
You will not be charged for making a request to suppress or remove your personal information held by us. However, we may charge a fee to provide you with access to your information to cover our administrative costs in some unusual cases. We will inform you of the fee at the time the request is made, if applicable. Should you wish to gain access to, correct, remove, or suppress your personal information, you may contact the Privacy Officer as per the contact details below:
ATTN: Privacy Officer
Global Data Pty Ltd
Bourke Place, Level 16, 600 Bourke Street, Melbourne, VIC 3000 Australia
Phone: 03 8370 2323
Email: suppression@globaldata.net.au
If you would like us to update your information or believe that any of the information we hold is incorrect, please let us know and it will be corrected or removed from our database at your request. All requests for access and corrections including complaints and suppression’s, will be handled expeditiously and in writing only, we do not under any circumstances reveal any personal information over the phone or by email unless we have identified you as the person to whom the record relates. We reserve the right to deny any privacy requests where we cannot adequately identify you or request further identity information.
We aim to resolve all privacy request issues within 30 days or sooner if practical. We do not disclose, suppress or reveal personal information on any record over the phone and will require our standard privacy forms to be completed. This is for the protection of the individual, to ensure only they access their information. For clarity, where a consumer wishes to discover the source of their personal information held by Global Data, we will only release their personal information on the sources directly to them or their appointed legal representative and in writing only and where we have accurately identified them. Our Privacy access process is restricted to the consumer in question and as such, we cannot provide information to third parties and breach our internal compliance procedures. We do not store any data you provide us in the Privacy form within our data universe and it is only used for the purpose of identifying and suppressing your information from further commercial use and actioning your privacy suppression request.
Refusal to Complete Our Privacy Compliance Forms
You are welcome to choose not to complete our privacy compliance forms if you prefer. However, without these forms, we won’t be able to share or confirm any details about the record you’re enquiring about. To process requests such as suppressing, accessing, or releasing your personal information, we need the forms completed and returned.
If you decide not to complete the forms, the only action we can take is to add the details you provide to our suppression list (blacklist). This means that if we receive that record in the future, it will be immediately flagged and prevented from being used. Additionally, if the record is already within our data, it will be suspended from further use. This suppression can only take place if the limited information you provide is enough for us to identify and act on the record.
If you are not satisfied with the handling of your complaint by Global Data, you have the right to escalate the matter. You may refer your complaint to the Office of the Australian Information Commissioner (OAIC). For further information or to lodge a complaint, you can visit their website at https://www.oaic.gov.au or contact them directly on 1300 363 992. We encourage you to engage with us directly in the first instance, as we are committed to resolving your concerns swiftly and fairly.
Website Data Collection and Use
At Global Data Pty Ltd, we prioritise your privacy while navigating our website. Here’s an overview of how we handle your data:
Data Collection: When you visit our site, we collect information through enquiry forms and emails. This includes personal details provided by you and your IP address, which our web server automatically recognises.
Purpose of Data Use: The collected data aids in identifying potential customers, providing requested services, addressing inquiries, conducting customer and marketing research, and informing you about our products and services. We ensure the security of any financial transactions and do not store sensitive financial information.
Cookie Usage: Our website enhances your experience using cookies, small data files stored on your browser. These cookies, categorised as Essential, Performance and Analytics, and Advertisement and Targeting, serve various functions:
- Essential Cookies: Crucial for website functionality, ensuring proper operation.
- Performance and Analytics Cookies: Remember your past choices, enhancing website interaction.
- Advertisement and Targeting Cookies: Anonymously track website usage, pages visited, and links clicked for improved content relevance.
Cookies contribute to a more personalised, efficient, and secure browsing experience. Most browsers accept cookies by default, but you can adjust your browser settings to manage cookie preferences. Please note, disabling cookies may limit access to certain website features.
Rest assured, all information collected is handled in accordance with our overarching Privacy Policy, and we are committed to not selling your personal information or using it beyond the stated purposes.
** The online web version of this document is the most recent. It is the responsibility of the company or individual relying on this policy to ensure that any printed version of this Privacy Policy is the most recent version. Any printed version of this document is superseded by our online digital version.**
Version 2.1 – 16 September 2024