Our primary business function involves offering automated data solutions to various industries that depend on data and information services. This involves the collection, purchase, aggregation, and verification of extensive data repositories. Our premium products and services cater to diverse needs such as KYC, Identity Verification, Fraud Prevention, Risk Assessment, Skip Tracing, and Marketing Insights.
We place paramount importance on the protection of consumer’s personal information. We adhere to responsible and secure handling practices of Personal Identifiable Information (PII), with our security and risk controls continually audited under our ISO controls. We understand your privacy concerns and are committed to transparency about the type of personal information we hold, its usage, its source, and your right to request its suppression or removal from our systems.
Type of personal information we collect
The type of information we gather hinges on the specific data we are aggregating, purchasing, or collecting at any given time. Primarily, we may collect personal details such as a person’s full name, gender, age or age range, residential address, phone numbers (both mobile and landline), email addresses, social media details (if applicable), employment information, IP address geographics, occupancy history, and specific buying and consumer behaviour demographics. While this list is not exhaustive, it outlines the scope of our data collection, purchase, and enhancement activities.
As an Information Services and Data Supplier, our core business function involves the purchase, aggregation, and analysis of vast quantities of data. In this process, we may acquire data containing personal information such as names, addresses, and other contact details. However, we do not collect sensitive information such as medical or health records, Medicare records, driver’s license or passport records, race, religion, and so on. We also do not knowingly collect data on minors. All data that we purchase or aggregate undergoes a data cleansing process to eliminate such records when identified. There may be instances where a minor uses an adult’s contact information, for example, in an online sponsored competition or for social media account set-up. When such records are detected, they are immediately removed from our data universe and are no longer commercially available.
We also utilise expanded datasets from our data partners. These partners are subject to a stringent onboarding process to ensure their compliance with the Privacy Act 1988 Cth, our ISO risk controls, and adherence to the same processes and compliance standards as Global Data.
We are a trusted and ‘approved’ Data Services Broker (DSB) of the Australian Coordinating Registries and the Australian Death Check. We have undergone rigorous vetting and scrutiny of our commercial data handling and storage processes. Additionally, we are a pre-approved Gateway Service Provider (GSP) by the Department of Home Affairs for the Document Verification Service (DVS).
How & where do we collect personal information?
We strive to maintain transparency and directness in our data collection process. Here’s how we go about it:
- Direct Collection: Whenever possible, we collect information directly from the individual. We ensure transparency in our data collection process and usage when obtaining consent from Australian consumers.
- Consent Declaration: All Australian consumers are provided with the following typical consent declaration when they share their private information with Global Data:
“Your details will be shared with Global Data Pty Ltd, and their clients for the below key purposes:
Identity Protection – This includes identity verification for anti-fraud actions, crime deterrence, asset recovery, debt collection, skiptracing and Know Your Customer (KYC) procedures.
Customised Marketing & Advertising – We use data analysis, matching, profiling, and behavioural prediction to deliver personalised advertisements to you through SMS, Email, Telemarketing, or Direct Mail.
In some limited cases, we may collect and use personal information from publicly available sources and from data partners. However, we only do so if the individual has consented to such collection of their information, would reasonably expect us and our clients to collect their personal information in this way and communicate with them, or if it is necessary for a specific purpose such as the investigation of a privacy complaint.
- Third-Party Confirmation: When we collect personal information from third parties, we seek confirmation that the information was acquired in accordance with the requirements of the Privacy Act 1988 Cth, that they are entitled to provide it to us, and that they can authorise us to use it for the purposes for which they are supplying it.
- Use and Disclosure: Personal information collected is only used and disclosed under the following circumstances:
- Your consent or permission was obtained in relation to the use or disclosure of the information.
- Such consent has not been withdrawn or suppressed with Global Data or its Data Partners.
- Your information was available in the public domain and it is reasonably expected that you would receive contact.
- It is used for the purpose for which the information was collected and published.
- We are required to or authorised to under Australian Law or orders from any competent court.
Please note that it may be impractical for Global Data to contact and notify each individual in the public domain about their information being collected due to the nature and volume of information that we receive. However, we ensure that such data will not be used for any marketing communications and only used for consumer insights and data verification. We will attempt to notify the individual as soon as practical if no direct consent was given to collect an individual’s personal information in the public domain, or indirect consent was provided through a third party.
Why do we collect personal information and how do we use it?
The information that we hold is primarily used and required by our customers for their business purpose. Such purposes may extend to marketing communication, fraud detection / prevention, location of persons across Australia, Identity Verification, Police Investigations and other related business activities. We are in the business of providing our business customers with automated SaaS and API commercial products that include; marketing insights, audience targeting and data enrichment services. We help them improve their business processes and services and provide the data commercially for locating individuals across Australia for various activities such as Identity Verification, fraud prevention and Know Your Customer (KYC) solutions. Global Data is a trusted Australian Information Services provider, ISO certified and only provides data information to vetted enterprises on subscribed access.
To whom do we disclose personal information?
Only business enterprise customers have access to our products and services, which include the use of personal information that we have collected or purchased. Here’s how we ensure the responsible use of this information:
- Consent-Based Use: We ensure that our customers seeking access to your personal information are doing so for the purposes it was intended or consented to only.
- Legal Disclosure: In certain circumstances, we may be required to disclose your personal information if it is required by or under an Australian law or a court/tribunal order. We may also disclose the information if we reasonably believe that the use or disclosure of the information is necessary for one or more enforcement-related activities conducted by, or on behalf of an enforcement body. Examples of such circumstances could include police investigations or federal enquiries.
How secure is your personal information?
At Global Data Pty Ltd, we understand the paramount importance of safeguarding your personal information and data from unauthorised access. Here’s how we ensure the security of your data:
- ISO 27001 Certification: We are ISO 27001 certified and trusted, a testament to our commitment to maintaining high standards of data security.
- Regular Audits and Testing: We conduct regular audits and system penetration testing to identify and rectify any potential vulnerabilities.
- Data Storage: As an Australian company, we store our data within Australia on AWS servers located in Sydney, ensuring compliance with local data protection regulations.
- Access Controls: We implement IP address access controls and Multi-Factor Authentication (MFA) for all data services, providing an additional layer of security.
- Encryption: All information, both in transit and at rest, is encrypted using industry-standard secure encryption methods.
- Limited Access: Your personal information is only provided to those who require access to perform their business functions. This may include users and subscribers of our products and services, and any law enforcement agency to whom we are required by law to provide your personal information.
- Policy Review: We regularly review this policy and assess our performance against it to ensure we are meeting and continue to meet our obligations under the Privacy Act 1988 Cth.
- Employee Training: All employees and agents of Global Data are required to undergo proficient training on data handling and the rules of disclosure under the Australian privacy principles.
- Automated Security Systems: We have automated security and intrusion detection systems in place, along with detailed event logging and automated auditing systems, to further secure our systems.
Our data and compliance team are committed to maintaining the highest standards of data security and privacy. We continually strive to enhance our security measures to protect your personal information.
How do we maintain the quality of your personal information?
Global Data recognises the importance that any data information we hold is up to date and accurate. The information we receive from the users of our products and services and the data we collect as described throughout this policy, are subject to various enhancements to ensure the information is as accurate as possible. Where updated or enhanced information is available, we incorporate it into our datasets and products without delay. We update our full universe dataset weekly, however, enhance and append daily, through our highly advanced Pango data engine. Our automated systems clean and repair all data records on delivery, remove known bot attributes, inappropriate filter block words, match validate and enhance with cross-referenced trusted and highly scored data records. This process utilises over 100 trusted datasets to validate and clean data.
Access to our data from outside Australia
We place paramount importance on protecting consumer’s personal information from unauthorised and unethical use. As an Australian company, we adhere strictly to the Privacy Act 1988 Cth and our ISO27001 security compliance procedures. Here’s how we manage international access to our data:
- No Foreign Access Without Consent: We do not permit access to our data platforms from outside Australia unless prior written consent has been provided.
- International Vetting Application: Any entity seeking access from outside Australia must complete and receive approval through our rigorous International Vetting application.
- Record Keeping: Approved applications are securely stored and can be provided to relevant government bodies such as the OAIC, ACCC, or the ACMA, should the need arise.
- Strict Consequences for Breach: Any unapproved attempts to log in from outside Australia is a breach of our Terms and Conditions and will result in the suspension of the client account pending a full review. Misuse of any of our data, whether within Australia or internationally, will result in immediate suspension or cancellation of our services to the client.
- VPN Use: Customers using a VPN to mask their IP address will not be granted access to our systems. For more details, refer to our Terms and Conditions here.
We are committed to protecting consumer’s right to privacy. No access to a company outside of Australia will be granted unless we approve them and their use case for the data.
Email / SMS Data & Spam Act
Global Data is committed to upholding the integrity of the data we provide and ensuring compliance with the Spam Act 2003. We do not support any unauthorised practices that could lead to spamming or unwanted contact for consumers.
When we supply mobile numbers or emails to our clients through any of our data platforms, the client/user agrees not to use any third-party validator or ‘Pinger’ outside of those supplied within our automated solutions. The use of unknown phone or email validators can result in unwanted spam for consumers, which is something we actively work to prevent.
If a client is found to be using a third-party service to validate or ‘ping’ email addresses supplied by us, we will suspend or cancel their access in support of the Spam Act 2003 and the consumer’s right to privacy. Any misuse or harassment of consumers via SMS or email will also result in immediate suspension or cancellation of our services to the client.
When a consumer is contacted by digital communication for marketing purposes, such as Email or SMS, our clients must provide the option for the consumer to unsubscribe or opt-out. Global Data clients have access to an opt-out manager feature within its Quester Marketing Portal. Consumers have the right to request the client to add them to the opt-out manager database and cease contacting them. This action should be performed immediately upon the opt-out request by the consumer for both the client’s and consumer’s protection.
Complaints, Access and Corrections
You will not be charged for making a request to suppress or remove your personal information held by us. However, we may charge a fee to provide you with access to your information to cover our administrative costs in some rare cases. We will inform you of the fee at the time the request is made, if applicable. Should you wish to gain access to, correct, remove, or suppress your personal information, you may contact the Privacy Officer as per the contact details below:
ATTN: Privacy Officer
Global Data Pty Ltd
Bourke Place, Level 16, 600 Bourke Street, Melbourne, VIC 3000 Australia
Phone: 03 8370 2323
If you would like us to update your information or believe that any of the information we hold is incorrect, please let us know and it will be corrected or removed from our database at your request. All requests for access and corrections including complaints and suppression’s, will be handled expeditiously and in writing only, we do not under any circumstances reveal any personal information over the phone or by email unless we have identified you as the person to whom the record relates. We reserve the right to deny any privacy requests where we cannot identify you.
We aim to resolve all privacy request issues within 30 days or sooner if practical. We do not disclose, suppress or reveal personal information on any record over the phone and will require our standard privacy forms to be completed. This is for the protection of the individual, to ensure only they access their information. For clarity, where a consumer wishes to discover the source of their personal information held by Global Data, we will only release their personal information on the sources directly to them or their appointed legal representative and in writing only and where we have identified them. Our Privacy access process is restricted to the consumer in question and as such, we cannot provide information to third parties and breach our internal compliance procedures. We do not store any data you provide us in the Privacy form within our data universe and it is only used for the purpose of identifying and suppressing your information from further commercial use and actioning your privacy suppression request.
If you have an access request or correction, then please contact us and we will forward you the required forms. We will begin processing your request once we receive the completed Suppression form along with any required identification if we cannot identify you. If you are not satisfied with the handling of any complaint, we encourage all efforts to first be between Global Data and you. Global Data will make all reasonable attempts to resolve or meet your requests if possible. Where you are still not satisfied and prefer alternate dispute resolution or an external complaint process to resolve the issue, you may direct your complaint to the Privacy Commissioner at www.oaic.gov.au and lodge an official complaint under their guidelines.
Information collected through this website
We collect information from visitors (your visits) to this website using enquiry forms and every time you e-mail us your queries or details. Where that information is personal information, it is collected and handled in accordance with the general Privacy Statement set out above. In addition, we log your IP address (this is the technical standard which ensures messages get from one host to another and that the messages are understood) which is automatically recognised by the web server.
Use of personal information on this website
We process personal information collected via this website for the purposes of:
- Identifying potential customers or subscribers
- Providing you with the services that you have subscribed to or registered for
- Dealing with your requests and enquiries
- Carrying out customer and marketing research and modelling
- Providing you with information about products and services.
WE DO NOT sell personal information collected through this website or use your personal information for any other purpose than those stated above.
Any financial transactions completed through our website are secured as described above with encryption software and we do not store any financial data such as credit cards or bank account details at all.
Version 1.8 – 31 July 2023