General Privacy Notice

Privacy notices can be long and full of legal jargon that is hard to understand.

So we’ve pulled out the most important questions that you might have about our privacy notice and answered them below in the Summary. It will take about 5 minutes or so to read.

If you wish, you can read the full privacy notice at the bottom of this page.

Summary

Who are we?

We are Reset Tech Australia. We are an independent Australian charity, but we are part of a global network, with a Reset.Tech in Germany, the US and the UK.

What personal data do we collect and why?

That depends on who you are and our relationship with you. We’ve set out a few examples below:

• If you sign up to our communications we will use your name, email address, role, and organization to keep in touch with you about our work.
• If you apply for a job we’ll use your CV (or resumé), contact information, interview content, and references to decide whether you’re a good fit for Reset Tech.
• If we fund you (or consider funding you), we will use the contact information for the relevant staff to stay in touch, we will use the name of your senior leadership and board to run background checks, and we may use the information about your staff and beneficiaries if you include it in your reports.
• If you are a stakeholder or expert in our sector, we will use your name, contact information, role, organisation and information about your areas of interest or expertise to inform our work.

If you are a vendor we will use the contact details of those at your organisation. And if you’re a sole trader, then we will use your bank details to pay you.

For all of the above, we will keep records of our interactions with you (for example, our email correspondence and notes of meetings).

What about sensitive personal data?

Some personal data are more sensitive than other data (for example, information about your health, your sexual orientation or sex life, your political affiliation, or your race and ethnicity). We try to minimise our collection of sensitive personal data, but sometimes it’s necessary (for example, if you’re a politician we will naturally keep a record of your political party). We will always make sure we collect and use such information lawfully.

Do we keep your personal data secure?

We try as hard as we can to keep your data safe. For example, we make sure that only people who need to can see your data, we encrypt data where we can, we have strict contracts with our vendors handling personal data, and we train our staff.

Do we share your personal data?

Yes. We share your personal data with the different entities within Reset Tech, and with contractors who provide services to us. We may share your personal data in other circumstances (for example, with funders or to comply with legal obligations on us).

Do we transfer your personal data internationally?

Yes. Reset Tech is a global network and our entities share systems. We also use vendors in different countries. We try as hard as we can to keep your personal data secure when shared internationally, including carefully vetting our vendors, entering into agreements guaranteeing the security of personal data and your rights, and - of course - only transferring personal data which is necessary.

What are your rights?

You have rights over your personal data and how we use it. If we’ve asked for your consent to use your personal data (for example, for our newsletter), you can withdraw your consent at any time. In certain circumstances, you can object to our use of your personal data or ask us to delete it, however we may not be able to fully do so. For more details about your rights and how you exercise them - see Your Rights section below.

Who can I contact?

If you have any questions, you can email our Data Protection Officer, Molly Waiting, at [email protected]. If you feel like we haven’t addressed your concerns, you can always contact your data protection authority (for example, the OAIC in Australia).

Full Privacy Notice

1. Who Are We?

Reset Tech operates through a global network of entities. These include:

United States

Reset Tech and Reset Tech Action: 6218 Georgia Avenue NW Suite #1, PMB 3134 WASHINGTON, DC 20011, USA

United Kingdom

Reset Tech UK Limited: Thames Exchange, 10 Queen Street Place, London EC4R 1BE, UK

Germany

Reset Tech GmbH: Friedrichstr. 114A, 10117 Berlin, Germany

Australia

Reset Tech Australia: Suite 403, 418 A Elizabeth St, Surry Hills, NSW 2010

In this notice, we refer to Reset Tech as a single organization and so (unless specified otherwise) we mean the entities outlined above.

2. Who does this Privacy Notice apply to?

We collect and use personal data about people with whom we work, people interested in Reset Tech’s work, and people we believe could be helpful in Reset Tech’s work.

These include:

• Partners (those we fund via contracts or grants) and prospective partners.
• Stakeholders - for example, funders, advisors, public sector figures, leaders in our sector, and in the nonprofit community.
• Applicants for jobs at Reset Tech
• Contacts at vendors who provide services to Reset Tech
• Online contacts, including visitors to our websites (https://au.reset.tech/, https://www.childrensprivacycode.org.au/ etc), those who sign up to our newsletters, and those engage with us on social media.
• Attendees at our events.

The notice also provides information about how we will use your personal data and your rights in relation to your personal data.

Note that we have separate notices for our staff and our research - as our use of personal data differs for these categories of individuals.

If you are a staff member, please contact: [email protected]h for a copy of the Staff Privacy Notice.

If you have questions about how we handle personal data as part of our research, please email [email protected] for a copy of our Research Privacy Notice.

If we start a new project or activity, we may provide you with additional privacy notices with more information

3. What types of personal data do we collect?

What is Personal Data? By personal data we mean any information which identifies you or which could be used to identify you. At its simplest, this could be your name and/or email address. Personal data also includes information about your expertise in a particular area and contributions you may make (for example, when we ask you to contribute to reports).

Type	Partners	Stakeholders	Applicants (not relevant in Australia)	Vendors	Online contacts	Attendees
Name	✓	✓	✓	✓	✓	✓
Role & Organisation	✓	✓	✓	✓		✓
Contact Details (email address, potentially phone and postal address)	✓	✓	✓	✓	✓ (usually email only)	✓
References from third parties	✓		✓	✓
Social media accounts	✓	✓	✓	✓	✓	✓
Records of our communication	✓	✓	✓	✓	✓	✓
Records relating to our relationship with you (for example, contracts, invoices, funding reports)	✓		✓	✓
Bank details and tax information	✓ (if we reimburse you for expenses)	✓ (if we reimburse you for expenses)		✓
CVs, experience, background information	✓ (if submitted as part of your funding package)	✓	✓	✓ (if provided as part of your contract bid)
{.overflow-table}

The personal data we collect depends upon your relationship with us, and so we have set out below the types of information we collect and from whom we collect it.

Certain types of personal data are sensitive and merit more protection. For example, information about your race or ethnic origins, political opinions, sex life or sexual orientation, religious beliefs, health information, biometric and genetic data. Criminal information (information about convictions or allegations about convictions) also merits additional protection and special consideration. Financial information (bank details, identity documents, etc) can also cause harm when misused, so we endeavor to treat these as sensitive, as well.

We do not usually collect sensitive personal data about you. We will only process these types of personal data about you if we have a valid reason for doing so and only if the law allows us to do so. The two exceptions are if you are a job applicant or if you are on the leadership team or board of a prospective partner. In these cases, we may collect sensitive personal data about you as part of the application process / due diligence process. See sections 7 (job applicants) and 8 (partners) for more information.

4. Where do we get your personal data?

We collect your personal data from three different types of sources:

• Directly from you. For example, when you sign up for our newsletter or send us an email.
• Indirectly from another source. For example, when we run compliance checks on potential partners.
• When it is available publicly. For example, if you write an article about an area in which we are interested.

5. How and why we use your personal data?

What is a “lawful basis”? We can only use your personal data if we have a valid reason. In Europe, this is known as a lawful basis of processing. Below we explain the lawful bases which we think apply to our use of personal information. Processing sensitive personal data requires additional conditions of processing.

Lawful Bases and Conditions

Legitimate interests is a flexible lawful basis which allows us to use your personal data provided that:

• We have a good reason to do so. For example, to evaluate whether we should invest in a potential partner.
• You can reasonably expect that we would use your personal information in this way. In other words, our use of your personal information shouldn’t be a surprise.
• It fits with your rights and it doesn’t affect you unfairly. Your rights are explained in section 14.

When we rely upon legitimate interests as a lawful basis, our use of your personal information must be fair and balanced, and we need to consider the points above.

Consent is when we ask for your permission to use your personal information for a specific purpose. For example, if we ask to use a quote from you to promote our work. You always have the right to withdraw your consent. Just send us an email or contact us using the details set out in section 1.

We may also need to process your personal information to comply with a legal obligation on us.

We may also need to process personal information in order to perform our contract with you. For example, where you provide us with your bank details for payment.

Finally, we all hope to avoid litigation where possible, but we may need to use your personal data as part of a legal claim.

We use your personal data for the following reasons (and the most relevant lawful bases are listed afterwards):

Promoting our work, our partners’ work, and our principles, for example through our newsletters, research reports and speaking engagements.

Consent and Legitimate Interests

Evaluating our impact and areas for improvement, for example considering whether and how to support new and existing partners, sectors, and jurisdictions.

Legitimate Interests

Administering our funding, for example due diligence, background checks, disbursing funding, receiving reports, etc.

Legitimate Interests and Legal Obligation

Report on our use of funding and seek further funding. In relation to compliance with obligations on our funding, for example the background checks explained in section 8 below.

Legitimate Interests and Legal Obligation

Running and participating in events. For example, where we need to confirm that our use of funding did not violate legal restrictions.

Consent and Legitimate Interests

Handling any concerns or queries which arise during the course of our work, and if we need to process dietary or accessibility information, explicit consent.

Legitimate Interests, Legal Obligation

Procuring and receiving services from vendors; if we’re legally obliged to respond, and potentially to address Legal Claims

Legitimate Interests, Contract, Legal Obligation

Requesting advice and guidance from our stakeholders and partners; and potentially to address Legal Claims.

Consent and Legitimate Interests

Recruit talented staff to support our work.

Consent, Legitimate Interests and Legal Obligation

Where we need to check immigration status or - in very rare cases - the ability to work with kids or other vulnerable individuals.

6. When will we get in touch?

We may contact you when you give us your contact details or when we believe that you may wish to hear from us. Some of these communications may be administrative (for example, to respond to a query or request from you) and some may be promotional (for example, a newsletter with updates about our work).

We’ll only contact you when we’re allowed to do so. And you can request that we cease contacting you with promotional material at any time. Though please note that we may still send you administrative communications (for example, if you’re a contact at a partner, we will contact you about your funding).

7. What if you’re a job applicant?

We handle personal data of those who apply to work with us slightly differently than we have discussed above, so we’ve included a dedicated section. When you apply to work at Reset Tech, we will collect and use your information for the purposes of evaluating your application as part of our recruitment process.

We will collect the following types of personal information:

• Information you provide on your CV or resumé and any associated covering letter or email.
• Information you provide during the course of the recruitment process (for example, during the interview phase).
• Information provided by third parties about you, including former employers and named references.
• Information recorded in our notes and records.

We will use the personal information we collect about you to:

• Assess your skills, qualifications, and suitability for the role.
• Carry out background checks and reference checks (where applicable).
• Communicate with you about the recruitment process.
• Keep records about our recruitment process.
• Comply with other legal and regulatory requirements.
• If successful, enter into a contract of employment with you.

It is in our legitimate interests to decide whether to appoint you to the role, since it would be beneficial to Reset Tech to appoint a qualified and appropriate person to the role. Please note that if you fail to provide us with the relevant details that we request, we will not be able to process your application.

If you are successful in your application, we will transfer the personal information collected as part of your recruitment process to your employment record. We will also provide you with a staff specific privacy notice.

If you are unsuccessful with your application we usually retain your personal data for two years after we communicated the decision to you, unless otherwise required to do so by law (for example, where immigration regulations require the retention of recruitment notes).

8. Do we share your personal data?

Reset Tech operates as a federated network of entities. These entities share systems and staff, and so your personal data will be shared among these entities.

We also use vendors to help us operate. For example, we use MailChimp to send our newsletters, we use Google Workspace for our emails and document storage, we use Submittable to manage our partner information, and we use a service to check bank details of our partners in the US.

We have written agreements with our vendors that require them to help keep your personal data safe.

There are other circumstances in which we may share your information:

• If we spin out our operation or part of our operation to another organization;
• With co-funders or other stakeholders;
• With our professional advisors (for example, lawyers and accountants)
• If we’re under a legal or regulatory obligation to do so; and
• In connection with any legal proceedings or prospective legal proceedings, in order to establish, exercise or defend our legal rights.

If we share your personal data with any other third party, we will let you know in advance, where possible.

We will not sell your personal data.

9. Links to other websites and social media

Our websites include links to other websites. This notice only covers how Reset Tech uses personal data and does not cover these other websites. We encourage you to read the privacy notices on other websites you visit.

The success of Reset Tech depends in part on people amplifying our messages, and we have provided social media links to allow you to easily share content from our website with your networks. In doing so your personal data may be disclosed to these social media platforms. When you share content using these buttons, a new page will pop up from the relevant social media platform. If you’re already logged into your account on that social media platform, then you will probably be automatically logged into this pop-up page.

We have no control over how social media platforms use your personal data. We encourage you to read the privacy notices on the various social media platforms you use (and engage with their privacy tools).

Find out more about how these social media platforms use your personal data:

• (https://twitter.com/en/privacy)
• LinkedIn
• Mastodon

10. How we keep your information safe

Security of information (particularly personal data) is important to us. We make sure to appropriate measures to protect personal data, including:

• Requiring third parties to use appropriate measures to protect the confidentiality and security of personal data.
• Restricting access to personal data within Reset Tech to those who have a need to know the information for the purposes described above. This may include your managers and their designees, personnel in People Operations, IT, Legal, Finance and Accounting and Internal Audit. All personnel will generally have access to employees’ business contact information such as name, position, telephone number, postal address and email address.
• Global policies on IT security and data protection, with training provided to staff, as needed.
• Implementing industry best practices in data protection, such as zero trust models, least privilege access, encryption of data at rest and in transit, and cross-platform authentication services

11. Where your information is used

Reset Tech Australia is part of a global network. We have offices in Washington DC, Berlin, London and Australia. We also have staff working throughout Europe and vendors working all over the world. This means that we transfer your personal data to these various locations (as necessary for the purposes outlined above).

We remain under an obligation to make sure your information remains safe and secure. We vet our suppliers and have strict contracts in place covering the transfer of personal data to other countries

12. How long we keep your information for

We keep your personal data for as long as we reasonably need it for the purposes set out in sections 5, 7 (job applicants) and 8 (partners).

We have set out below a few examples of the periods of time that we retain certain types of records:

• Partner records: 10 years following the end of our funding
• Unsuccessful potential partners: 3 years’ from our decision not to fund
• Unsuccessful job applicants: 2 years from the communication of decision
• Vendor contracts (and related records): 7 years from the end of the contract.

13. Your rights

You are in control of your personal information. When we use your personal information you have the right to:

• Ask for a copy of the personal information we hold about you. We may ask you for proof of your identity. We will give you a copy of your personal information unless we consider that an exemption applies. If we withhold any of your personal information, we’ll explain why.
• Ask that we erase the personal information we hold about you. We may not be able to erase your information (for example, we may be legally obliged to keep your personal information), but we will consider and respond to your request.
• Ask that we correct any personal information that we hold about you that you believe to be incorrect.
• Ask that we restrict the use of your personal information if you believe the information we hold is incorrect, or if we don’t have a valid reason for using your personal information.
• To change your mind and withdraw your consent.
• Ask us to stop using your personal information, if we are relying on legitimate interests as our lawful basis.

Other rights may apply under various legal regimes, which will not obviously apply to the way in which we use your personal data. For example, European data protection law allows you to port (or transfer) your personal data to a third party in certain circumstances.

14. Who to contact

If you have questions about Reset Tech, this privacy notice or how we handle personal data, please contact our Data Protection Officer, Molly Waiting, at [email protected]

If you have any concerns about the way we are handling your personal information, or if you’ve raised a question or a complaint that we haven’t dealt with, you can (in certain cases) contact your data protection regulator directly. For example, the Office of the Australian Information Commissioner.

16. Updates to this notice

We may update this notice from time to time. If we update this notice in a way that significantly changes how we use your personal data we will bring these changes to your attention where reasonably possible. Otherwise, you can access the latest version on our website.

Last updated: 15 March 2024