Our Privacy Policy

 

This Privacy Statement explains how The Policy Place Ltd collects, uses, stores, and shares personal information. In this statement, “we”, “us” and “our” refer to The Policy Place Ltd.

We provide online policies and procedures, regular reviews, policy updates, and related tools to subscribers in Australia and Aotearoa New Zealand. For individuals in Australia, this Privacy Statement is intended to align with the Privacy Act 1988 (Cth), including the Australian Privacy Principles.

1. Who we are

The Policy Place and Good Practice Hub are operated by The Policy Place Ltd.

2. Information we collect

We may collect the following personal information:

  • account information such as your name, organisation name, email address, role, and login or account details;
  • organisation and billing information, such as key contact details, subscription details, and payment or invoicing contact information;
  • technical information such as browser type, device information, IP address, session data, and usage analytics;
  • service use information such as policy views, training or induction activity, practice history, and interactions with platform tools, including AI features; and
  • communications such as support requests, feedback, and other correspondence with us.

We generally collect personal information directly from you, from your organisation when it sets up or administers your access, and automatically through your use of the platform.

If we collect personal information about you from another source, we will take reasonable steps to notify you of that collection and the matters required by Australian privacy law, unless an exception applies.

We do not intend to collect sensitive information unless it is reasonably necessary for our functions or activities and you have consented, or the collection is otherwise permitted by law.

3. How we use personal information

We use personal information to:

  • provide, administer, and support the service;
  • set up and manage organisation accounts and user access;
  • generate organisation reports, including user-level policy engagement and usage statistics;
  • send transactional communications such as sign-in messages, staff invitations, reminders, feedback requests, and policy updates;
  • send marketing communications where permitted by law;
  • process payments and manage subscriptions;
  • maintain platform security, prevent misuse, and troubleshoot issues;
  • monitor and test AI tools, including limited review of prompts and outputs for quality assurance, safety, and service improvement; and
  • improve the service using aggregated or de-identified analytics where appropriate.

You do not have to provide personal information to us, but if you do not provide information that we reasonably require, we may not be able to provide some or all of the service to you or your organisation.

Do not enter health information or other sensitive personal information into AI tools. You are responsible for ensuring that any content entered into AI features does not include sensitive personal information.

4. Organisation access

Your organisation is responsible for its own handling of personal information and for complying with its own privacy obligations.

If your organisation adds you to its team on the platform, its authorised administrators, such as Master Admins and Admins, may be able to see your name, email address, and policy view statistics. This helps the organisation manage induction, training, and compliance obligations.

Your organisation may use information available through the platform for its own internal employment, training, governance, or compliance purposes. That use is the organisation’s responsibility.

Your personal PracticeLab and ProofKit remain associated with you. If you leave an organisation or are removed from its team, the organisation may retain historical analytics and reporting data relating to your time with that organisation.

5. Data sharing and overseas disclosure

We do not sell personal information.

We may share personal information with:

  • your organisation, as described in section 4;
  • service providers who help us operate the platform, such as IT support, hosting, backup, content delivery, email, payment, analytics, and AI providers;
  • professional advisers, auditors, or insurers where reasonably necessary; and
  • regulators, law enforcement, or other third parties where required or permitted by law.

Our current service providers may include Camino Dev Solutions, DigitalOcean, Cloudflare, Anthropic and OpenAI, or replacement providers from time to time.

Personal information may be stored or processed outside Australia. Our current service provider locations are Australia, New Zealand, Spain and the United States. Where we disclose personal information overseas, we take reasonable steps to ensure overseas recipients handle that information in a manner consistent with Australian privacy law.

6. Data storage and security

We take reasonable steps to protect personal information from misuse, interference, and loss, and from unauthorised access, modification, or disclosure. These safeguards may include access controls, authentication measures, backups, system monitoring, and secure hosting arrangements.

If we no longer need personal information for a permitted purpose, we will take reasonable steps to destroy it or de-identify it, unless we are required or authorised by law to retain it.

No method of storage or transmission is completely secure, so we cannot guarantee absolute security.

Where applicable, we will comply with the Notifiable Data Breaches scheme in relation to eligible data breaches.

7. Your rights

Subject to applicable law, you may request access to the personal information we hold about you and request correction of personal information that is inaccurate, out-of-date, incomplete, irrelevant, or misleading.

You may also ask us to delete or de-identify personal information where appropriate. We will consider such requests subject to our legal obligations, legitimate business needs, and technical limitations.

  • You may opt out of marketing communications at any time.
  • To exercise any of these rights, or to make a privacy complaint, contact us at [email protected].
  • We aim to respond within 30 days.

8. Cookies and local storage

We use essential cookies and similar technologies to keep users signed in, maintain session security, and support core platform functions. We may also use browser local storage to remember preferences and save in-progress activity.

We do not use third-party advertising cookies. We may use analytics tools to understand and improve service performance.

9. Marketing communications

We may send marketing emails to key contacts or users where relevant to the service and permitted by law. You can unsubscribe from marketing emails at any time.

Transactional messages, such as sign-in emails, invitations, deadline reminders, and policy updates, are service-related and may still be sent even if you opt out of marketing.

We handle direct marketing in accordance with Australian Privacy Principle 7 and commercial electronic messages in accordance with the Spam Act 2003 (Cth).

10. Data retention

We retain personal information for as long as reasonably necessary to provide the service, maintain records, support historical organisation analytics, meet legal, tax, and accounting obligations, resolve disputes, enforce our agreements, and maintain backups and security logs.

Retention periods may vary depending on the type of information and the purpose for which it was collected. When personal information is no longer required, we will delete it or de-identify it where reasonably practicable. Backup copies may remain for a limited period before they are overwritten or securely deleted.

11. Children

Our services are designed for adult professionals in health and community services and are not intended for children under 16 years of age. We do not knowingly collect personal information directly from children under 16.

12. Changes to this policy

We may update this Privacy Statement from time to time. If we make a material change, we may notify registered users by email or through the platform. The “Last updated” date shows when this statement was last revised.

13. Contact us and complaints

If you have questions, want to make a privacy request, or wish to raise a complaint about how we handle personal information, please contact us:

  • The Policy Place Ltd
  • Email: [email protected]
  • Address: c/o Level 4, 240 Queens St, Brisbane, QLD 4000
  • Phone: 1300 328 010

If you are not satisfied with our response, you may make a complaint to the Office of the Australian Information Commissioner.

14. Website

This section applies to users of our website and should be read together with the rest of this Privacy Statement.

14.1 Collection and use

When you use our website, we may collect personal information that you provide directly, such as your name, organisation, email address, phone number, and the contents of any enquiry, booking, form, feedback, or other communication you send to us.

We may also collect technical and usage information automatically through the website, including your IP address, browser type, device information, session data, pages viewed, referring website, date and time of access, cookies, local storage, and website usage analytics.

We use website-related personal information to:

  • respond to enquiries;
  • provide information about our services;
  • manage bookings and subscriptions;
  • maintain and improve the website;
  • monitor performance and security;
  • prevent misuse; and
  • send service-related or marketing communications where permitted by law.

We generally collect personal information directly from you and automatically through your use of the website. We may also receive personal information from your organisation or another person connected with your enquiry or access request. If we collect personal information about you indirectly, we will take reasonable steps to notify you of that collection and the matters required by Australian privacy law, unless an exception applies.

We do not sell personal information. We may share website-related personal information with service providers who help us operate the website or our services, such as hosting, content delivery, analytics, security, email, payment, customer support, and IT providers, as well as professional advisers, your organisation where relevant, and regulators, law enforcement, or other third parties where required or permitted by law.

14.2 Storage and security

Website-related personal information may be stored or processed outside Australia. Our current overseas service provider locations are Spain for Camino Dev Solutions and the United States for other current providers. Where this occurs, we take reasonable steps to ensure overseas recipients handle personal information in a manner consistent with Australian privacy law.

We take reasonable steps to protect website-related personal information from misuse, interference, and loss, and from unauthorised access, modification, or disclosure. These safeguards may include access controls, authentication measures, backups, monitoring, and secure hosting arrangements.

No method of storage or transmission is completely secure, so we cannot guarantee absolute security.

We retain website-related personal information only for as long as reasonably necessary for the purposes for which it was collected, to maintain records, respond to enquiries, manage subscriptions, meet legal obligations, resolve disputes, and maintain backups and security logs. When personal information is no longer required, we will delete it or de-identify it where reasonably practicable.

14.3 Access and correction

Subject to applicable law, you may request access to, and correction of, website-related personal information we hold about you. You may also ask us to delete or de-identify personal information where appropriate, and we will consider that request subject to our legal obligations, legitimate business needs, and technical limitations.

14.4 Cookies

We use essential cookies and similar technologies to keep the website secure, maintain sessions, and support core functions. We may also use analytics tools and browser local storage to understand website use, remember preferences, and improve performance. We do not use third-party advertising cookies.

You can manage cookies through your browser settings, but some website functions may not work properly if cookies are disabled.

14.5 Marketing and data breaches

We may send marketing communications where permitted by law. You can unsubscribe from marketing emails at any time. Service-related communications, such as replies to enquiries, account messages, invitations, and updates, may still be sent where necessary.

We handle direct marketing in accordance with Australian Privacy Principle 7 and commercial electronic messages in accordance with the Spam Act 2003 (Cth).

If we become aware of an eligible data breach involving personal information held through the website, we will assess it and notify affected individuals and the Office of the Australian Information Commissioner where required by law.

If you have questions, want to make a privacy request, or wish to raise a complaint about how we handle website-related personal information, please contact us at [email protected]. If you are not satisfied with our response, you may make a complaint to the the Office of the Australian Information Commissioner at www.oaic.gov.au or GPO Box 5288, Sydney NSW 2001 in Australia.

Last updated: May 2026

false