Privacy Policy

Purpose

Endgame Economics Pty Ltd, Cartesian Software Pty Ltd and its related companies (Group) are committed to maintaining the privacy of individuals. This Privacy Policy (Policy) sets out the way in which the Group (“we”, “our” or “us”) collect, hold, disclose, use and protect your personal information. This Policy also outlines and explains the types of personal information we collect, the purposes for which it is collected, how you can request access to and correct personal information that we hold about you and how you can make a privacy complaint or contact us with your enquiries or concerns.

When handling personal information, we will comply with the obligations specified by the Australian Privacy Principles (APP) within the Privacy Act 1988 (Cth) (‘Act’), as amended by the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth) and the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth).

Personal information

‘Personal information’ means any information or opinion, whether true or not, and whether recorded in a material form or not, about an identified individual or an individual who is reasonably identifiable.

What constitutes personal information will vary, depending on whether any individual can be identified or is reasonably capable of being identified in the circumstance. By providing us with personal information, you will be deemed to have consented to us collecting, using and disclosing your personal Information (within and outside Australia) in accordance with this Policy.

Collection of personal information

When personal information may be collected

We may collect personal information from you when you:

• Register for email updates or submit a job application on our website;
• Contact us via the website, email or by phone;
• Interact with us on our social media or online platforms;
• Engage us to perform consultancy or advisory services;
• Provide us information for modelling within our software;
• Provide your personal information to third parties and they refer you to us; or
• Directly or indirectly provide your details to us

Types of personal information collected

The types of personal information that we collect vary based on your particular interaction with us but could include:

• Your name, company name, and primary role or title;
• Date of birth;
• Mailing or residential address;
• Telephone numbers and e-mail address
• Information relating to the matter in which we are providing you a service; or
• Other information you directly provide to us.

You do not need to provide us with your personal information and where possible we will give you the option to interact with us anonymously or by using a pseudonym. However, if you elect to interact with us in this manner or not provide us with your personal information, we may not be able to provide our services to you or provide you with information about our services.

Third parties

Where reasonable and practicable to do so, we will collect your personal information only from you. However, in some circumstances we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.

Use of personal information

Any personal information that we may have about you will not be used or disclosed for any purpose other than in connection with our functions and activities as disclosed in this Policy.

We use your personal information to:

• Provide you with the services you request;
• Respond to your queries;
• Send you marketing and promotional materials;
• Respond to job applications;
• Comply with legal obligations; and
• Support our business activities such as improving our service and offerings.

Disclosure of personal information

We may disclose your personal information between the Group and to third parties in accordance with this Policy or in circumstances where you would reasonably expect us to disclose your information. For example, we may disclose your personal information to:

• Third parties that we engage to assist us in providing advisory and consultancy services to you or in the operation of our business (i.e., advisors, subcontractors)
• Third party service providers who help operate our website; or
• Law enforcement, regulatory or government agencies to comply with legal requests.

Where we disclose your personal information to others, we will take steps to ensure those recipients implement appropriate safeguards to protect that information from unauthorised access, modification or disclosure, and from misuse, interference and loss. We may also share non-personal, de-identified and aggregated information with third parties for several purposes including data analytics and promotional purposes.

Information security and retention

Security
The Group uses commercially reasonable physical, electronic and procedural safeguards to protect your personal information from loss, misuse and unauthorised access, disclosure, alteration and destruction as provided under the Act. We employ safeguards such as data encryption, secure cloud storage, controls on access, employee training and data minimisation.

Whilst we strive to protect your personal information to the best of our abilities, no data security measure can guarantee 100% security all of the time. If we find there has been a breach of security of your personal information, we will take remedial action to minimise risk of harm to you and notify you of the breach as soon as reasonably practicable. If required under the Act, we will also notify the Office of the Australian Information Commissioner.

Retention
We will not keep your personal information for longer than we need to. In most cases, this means that we will only retain your personal information for the duration of your relationship with us unless we are required to retain your personal information to comply with applicable laws, for example record-keeping obligations.

Marketing

From time to time, we may use personal information for direct marketing purposes such as email, telephone, SMS, letters, surveys, and other forms of communication. Any such medium of communication will be limited to circumstances where you reasonable expect us to use or disclose your personal information for that purpose.

You have the right to ‘opt out’ of receiving direct marketing communications or request that we provide the source of your personal information where reasonable and practical.

If you have consented to us providing direct marketing to you and you wish to stop receiving such communication, please contact us on the details outlined in Section 13 or if it is an email communication, by following the “unsubscribe” instructions at the bottom of the email.

Website cookies and analytics

Our websites use cookies to improve your experience and provide analytical data to us so we can improve our services. A cookie is a small file of letters and numbers that is stored on your device when you visit a website. It does not identify you however it helps to recognise your device to distinguish it from other users of the website so that it can personalise your experience and assist us with managing our website.

If you do not wish to accept cookies when visiting our website, you can set your internet browser to block all cookies or receive a warning before a cookie is stored. Please note that if you do not accept our cookies, you may not be able to take advantage of all the features on our website.

Links to external websites

Our website may contain links to external websites that are not operated by us. Please be aware that a link to a third party website is not an endorsement of the accuracy or trustworthiness of that website or its content and we have no control over the content and practices of these sites, and cannot accept responsibility or liability for their respective privacy policies.

Your use of such external websites is subject to the terms of use and privacy policies located on those sites. We recommend reviewing the privacy policies of any external websites you visit through links on our site to understand how they collect, use, and share your information.

Disclosure overseas

Some of our service providers are based overseas or have servers located overseas and we may disclose personal information to those entities, in which case we will take reasonable steps to ensure the overseas recipient does not breach the Act and have appropriate privacy practices to protect the personal information.

We will only disclose personal information overseas if:

• The recipient is subject to similar privacy laws as the Act;
• We reasonably believe disclosure is required or authorised under Australian law; or
• You have provided your consent to such disclosure

Access and correction of personal information

The Group relies on the accuracy of information provided by you and we take reasonable efforts to ensure that personal information held by us is accurate, up to date and complete. We also provide you with the opportunity to access, review, correct or inquire about information that we hold about you as required and permitted under the Act. If you wish to obtain a copy of or correct your personal information held by us, you can make a request to the details outlined in Section 13.

Please provide sufficient details regarding your request as well as any support evidence and/or information so that we can promptly resolve your request. We must be satisfied that you are legally authorised to make the request and will ask you to verify your identification or authority.

We will endeavour to respond to your request within a week and if we decline your request, we will notify you of the reasons for refusal.

Complaints

If you wish to make a complaint about the way in which we handled your personal information, including a breach of this Policy or the Act, you can lodge a formal complaint in writing to the details outlined in Section 13. You will need to provide sufficient details regarding your complaint as well as any supporting evidence and/or information.

We will endeavour to respond to your complaint within a week and if your complaint requires further investigation, we will acknowledge receipt of your complaint within a week and endeavour to complete the investigation promptly within 30 days. We will notify you if we believe the process will take longer than 30 days and we may ask you to provide further information about your complaint and the outcome you are seeking.

We treat any complaints about our handling of personal information seriously. If you are not satisfied with our response to your complaint or consider the Group has breached the Act, you may refer your complaint to the Office of the Australian Information Commissioner by phone on 1300 363 992 or by using the contact details provided on www.oaic.gov.au

Contact us

If you have any questions relating to this Policy, wish to request access to or correct personal information we hold about you, or wish to lodge a complaint about the way we have handled your personal information, please contact our Privacy Officer using one of the methods below:

• In writing at:
  Level 24.01,
  9 Castlereagh St,
  Sydney NSW 2000
• By phone at:
  +61 2 9037 0370
• By email at:
  privacy@cartesian-software.com

You may also contact the Australian Information Commissioner:

• Office of the Australian Information Commissioner
  GPO Box 5218,
  SYDNEY NSW 2001,
• Telephone: 1300 363 992
• Fax: 02 9284 9666
• Website: www.oaic.gov.au

Changes to this Policy

From time, to time, we may modify or amend this Policy to reflect changes to legislation or events. We will notify you of any changes to this Policy and recommend you review this Policy periodically to ensure you are informed as to how we hold, use and protect your personal information.

This policy was last revised on 23 August 2024