PRIVACY POLICY

1. General 

1.1. MosaicLab (ABN 29 650 739 230) ('us, we, or the Business’) is committed to privacy protection.  At www.mosaiclab.com.au (‘this Site’), we understand the importance of keeping personal information private and secure.   

1.2. This privacy policy (‘Privacy Policy’) describes generally how we manage personal information and safeguard privacy. 

1.3. Access to our privacy policy is free. If you would like us to post you a copy of our privacy policy or have any questions about it or its contents, please email us at info@mosaiclab.com.au

1.4. This Privacy Policy forms part of, and is subject to, the provisions of our Website Terms of Use, which you can access at www.mosaiclab.com.au/terms-of-use

1.5. From time to time, we may update this Privacy Policy. The most recent version of this Privacy Policy will be available on our website www.mosaiclab.com.au/privacy-policy

2. The Australian Privacy Principles 

2.1. The Privacy Act 1988 (Cth) (Privacy Act) sets out thirteen (13) key principles in relation to the collection and treatment of personal information.  These are known as the Australian Privacy Principles ('APPs'). The APPs regulate the way many companies collect, use, hold and disclose personal information.  

2.2. We have voluntarily decided to adopt an approach that is consistent with the Privacy Act, the APPs and the APP guidelines. 

2.3. We have ensured our internal practices and procedures are consistent with this Privacy Policy, and that our staff and any external contractors are aware of their obligations under this Privacy Policy.

3. What personal information is collected?  

3.1. We aim only to collect personal information that is necessary to fulfil the purpose for which you have disclosed it or as required by law. 

3.2. Personal information may include your: 

3.2.1. name and date of birth; 

3.2.2. residential and business postal addresses, telephone/mobile/fax numbers and email address; 

3.2.3. bank account and/or credit card details for agreed billing purposes; 

3.2.4. computer and connection information; and 

3.2.5. any information that you otherwise share with us. 

3.3. You will typically be asked to provide contact information (such as your name, telephone number, postal address and email address). You may also be asked for demographic information (such as your age and gender) and/or profile data, particularly when we are recruiting participants for deliberative engagement processes such as Community Panels or Citizens'' Juries. 

3.4. In some instances, we may need to ask you for additional information necessary to provide you with the goods or services you have requested. When we ask you for further information in addition to that which you provide to us initially, we will tell you why we are collecting that information.  

3.5. Information provided to payment or registration gateway providers: 

3.5.1. All purchases or registrations that are made via this site are processed securely and externally by one or more third party gateway providers.  Unless you expressly consent otherwise, we do not see or have access to any personal information that you may provide to such third party gateway providers, other than information that is required in order to process your order and deliver your purchased items to you (such as your name, email address and billing address, but not, for example, details of your specific payment method).

4. Sensitive Information 

4.1. While this Privacy Policy deals specifically with our collection and treatment of personal information, we are aware that a higher standard applies to an individual’s sensitive information.

4.2. Sensitive Information is defined in the Privacy Act as: 

4.2.1. information or an opinion about the following, where it also contains an individual’s personal information: 

4.2.1.1. racial or ethnic origin; 

4.2.1.2. political opinion; 

4.2.1.3. membership of a political association; 

4.2.1.4. religious beliefs or affiliations; 

4.2.1.5. philosophical beliefs; 

4.2.1.6. membership of a professional or trade association; 

4.2.1.7. membership of a trade union;  

4.2.1.8. sexual orientation or practices;  

4.2.1.9. criminal record; or 

4.2.2. health information about an individual; or 

4.2.3. genetic information about an individual that is not otherwise health information; or 

4.2.4. biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or 

4.2.5. biometric templates. 

4.3. We aim to not collect sensitive information, however if it is ever required we will ensure: 

4.3.1. the collection of any sensitive information must be reasonably necessary for MosaicLab’s functions or activities, and 

4.3.2. the individual providing the sensitive information has consented to it being collected.  In order to provide the required consent, the individual must be adequately informed about the collection, must provide their consent voluntarily, their consent must be current and specific, and they must have the capacity to understand and communicate their consent.

5. How we collect personal information 

5.1. We collect personal information in several ways. These include those means summarised below:

5.2. Information You Provide to Us 

5.3. We generally collect personal information to provide you with any goods or services that you request, to update our Sites, to improve the services or products that we offer and to develop our business.

5.4 Specific information on the purposes and services that process personal information via this Site can be found here.

5.5 We aim to only collect the personal information we need as the context requires. The most common ways we collect personal information include:

5.6 Surveys and Submissions: We review, and analyse results and report on these on a de-identified basis.   

5.6.1.1. Online Forms: We collect personal information when individuals subscribe via our website to publications or our marketing or communications lists, where we provide news, information, offers and other services, or when you submit an online expression of interest for one of our panels via our EOI recruitment forms. 

5.6.1.2. Providing Services: We collect the personal information we need in order to provide our services to you. 

5.6.1.3. Telephone, email, written and in-person enquires: We will collect your personal information when you contact or interact with us in person, using email, or via phone.  

5.6.1.4. Events: We will collect personal information when we conduct events via our registration processes.

5.7. IP addresses 

5.7.1. Our Site may collect other information that may or may not be personal information. For each visitor to the Site, our server automatically recognises and stores the individual's "IP address" (e.g., the domain name or Internet Protocol address), the type of Internet browser being used, the address of the Site that "referred" the individual to our website and clickstream data. If this information cannot be used or combined with other data to identify you, it will not be personal information.

5.8. Cookies 

5.8.1. This Site uses “cookies” to help personalise your online experience.  Cookies are used to understand users better and improve the layout and functionality of our Site by collecting information such as date, time and duration of visits and which pages are most accessed.  This tracking is conducted in such a way as to ensure the anonymity of visitors to our Site. While cookies may identify the computer, they should not identify the individual. With most internet browsers, users can erase cookies from their computer's hard drive, block all cookies or receive a warning before a cookie is stored.  However, some parts of this Site may not function fully for users that disallow cookies.

5.8.2. This Site uses cookies in order to: 

5.8.2.1.  remember your preferences for using this site;

5.9. facilitate e-commerce transactions;

5.10. show relevant notifications to you (eg. notifications that are relevant only to users who have or have not, subscribed to newsletters or email or other subscription services); and

5.10.1.1 remember details of data that you choose to submit to us (eg. through online contact forms).

5.10.1.2. Many of these cookies are removed or cleared when you log out but some may remain so that your preferences are remembered for future sessions.

5.11. Third party cookies:

5.12. In some cases, third parties may place cookies through this Site.  For example: 

5.12.1.1. Google Analytics, one of the most widespread and trusted website analytics solutions, may use cookies de-identified data about how long users spend on this Site and the pages they visit;

5.13. Google AdSense, one of the most widespread and trusted website advertising solutions, may use cookies to serve more relevant advertisements across the web and limit the number of times that a particular advertisement is shown to you; and 

5.14. Third party social media applications (e.g. LinkedIn, , YouTube etc.) may use cookies in order to facilitate various social media buttons and/or plugins in this Site. 

5.15 Our Cookie Policy provides further information on cookies, third party trackers, and how to manage your preferences and withdraw consent from the use of cookies and trackers.

6. Links to third-party websites  

6.1. Our Sites contain links to third-party websites for individual's convenience and information. Individuals should be aware that when they access a third-party website, we are not responsible for the privacy practices or policies of that third party and will not be liable for any use or disclosure of your personal information by any third party to whom your information is sent. We suggest that you review the privacy policy of each website you visit.

7. How we may use your personal information 

7.1 Your personal information may be used in order to: 

7.1.1. verify your identity; 

7.2. select participants for a panel process after you have completed an online expression of interest form for taking part in a panel; 

7.3. manage rsvps and attendances at workshop sessions;

7.3.1. assist you to place orders through this Site;

7.3.2 process any purchases of products and/or services that you may make through this Site, including charging, billing and collecting debts;

7.3.3. respond to any queries or feedback that you may have;

7.4. conduct appropriate checks for credit-worthiness and for fraud;

7.4.1. prevent and detect any misuse of, or fraudulent activities involving this Site;

7.4.2. conduct research and development in respect of our products and/or services;

7.4.3. gain an understanding of your information and communication needs or obtain your feedback or views about our products and/or services in order for us to improve them; and/or

7.5. maintain and develop our business systems and infrastructure, including testing and upgrading of those systems. 

7.5.1 In some instances, where you have provided consent, or consent is deemed to have been supplied or conferred in compliance with the APPs and the Spam Act 2003 (Cth) (Spam Act), we may use your personal information to send you marketing communications, including by electronic means such as email, SMS, MMS for an unlimited period.  

7.5.2. You may opt out of receiving such messages at any time provided we send such messages. We will give you the opportunity to opt out within the message that we send to you. You may also opt out by contacting us (using the details provided below).

8. Storage of personal information  

8.1 Any information we collect about you will be kept securely by us unless an event beyond our control disrupts the measures we have in place. We use a range of measures to ensure the security of the data we keep and to prevent unauthorised access, destruction, use, modification or disclosure. We have procedures in place with regards to staff access to personal information and ensure that only those staff who need to know to have access to your information. 

8.2 We will only store personal information for so long as it is required either to fulfil the purpose for which it was collected or to fulfil our obligations at law. We will conduct regular reviews of the personal information we hold and destroy or de-identify information no longer required.

9. Disclosure of personal information  

9.1 Generally, personal information will not be disclosed to individuals or organisations outside of MosaicLab without your prior consent. However, in the circumstances described below, personal information may be disclosed to: 

9.1.1. Essential service providers: There may be other companies that we rely on to provide goods or services to you. We may be required to provide your personal information to these companies to ensure that we can deliver products or services to you. 

9.1.2. Law enforcement or government bodies: There are exceptions under the Privacy Act with regards to the provision of personal information to law enforcement or government bodies. When a legitimate request is sent to us by law enforcement or government body, we will comply with that request and may provide personal information about you without your consent.  

9.1.3. Companies related to us or who take control of part or all of our business: In providing personal information to us, you will need to be aware of the possibility that, in future, another company may take control of part or all of our business. In that case, your personal information will be provided to that company.

9.2. If we disclose personal information to a third party under outsourcing or contracting arrangements (a service provider), we will take reasonable steps to ensure that these organisations are bound by confidentiality and privacy obligations in relation to the protection of your personal information.

10. Access to personal information  

10.1. Under the Privacy Act, you have the right to seek access the personal information that we hold about you.  We will handle requests for access to your personal information in accordance with the APPs.  If you wish to exercise your right under the Privacy Act to seek access to the personal information we hold, you should make the request in writing to the Contact Details stated at the end of this Privacy Policy.  

10.2. Ordinarily, we will not charge for providing access/copies of personal information we hold about you and will generally respond to access requests of this type within 30 days. If we anticipate there being a fee (for the time we spend locating and compiling the information you have asked for), we will provide you with an estimate before proceeding. If a fee is payable, it will be based on an hourly rate plus the cost of photocopying or other out of pocket expenses.   

10.3. For legal and administrative reasons, we may also store records containing personal information in archives. Access to these historical records may result in a charge being incurred (an estimate will be provided to you prior). Due to the nature of the archive, requests for access to historical records may take longer to process than with current records.   

10.4. In some cases, we may refuse to give you access to personal information that we hold about you.  This may include circumstances where giving you access would: 

10.4.1. Be unlawful (e.g. where a record that contains personal information about you is subject to a claim for legal professional privilege by one of our contractual counterparties); 

10.4.2. Have an unreasonable impact on another person’s privacy; or 

10.4.3. Prejudice an investigation of unlawful activity. 

10.5. We may also refuse access where the information relates to existing or anticipated legal proceedings, and the information would not be accessible by the process of discovery in those proceedings. 

10.6. If we refuse to give you access, we will provide you with reasons of our refusal. 

10.7. Correcting your personal information: 

10.7.1. You may correct the personal information we hold about you at any time. You should make the request in writing to the Contact Details stated at the end of this Privacy Policy. We do not charge a fee to correct personal information held.

10.7.2 On review of your request, if we agree that the personal information held is not accurate, complete and up to date, it will be corrected by the appropriate person. If we do not agree, you will be provided with the reason(s) for the views and the opportunity to make a statement of your view and have it included with the information held.

11. GDPR 

11.1. MosaicLab welcomes the General Data Protection Regulation (GDPR) of the European Union (EU) as an important step forward in streamlining data protection globally.  We intend to comply with the data handling regime laid out in the GDPR in respect of any personal information of data subjects in the EU that we may obtain.

11.2. GDPR Rights: 

11.2.1 The requirements of the GDPR are broadly similar to those set out in the Privacy Act and include the following rights: 

11.2.1.1. You are entitled to request details of the information that we hold about you and how we process it.  For EU residents, we will provide this information for no fee; 

11.2.1.2 You may also have a right to: 

11.2.1.2.1. Have that information rectified or deleted; 

11.2.1.2.2 Restrict our processing of that information; 

11.2.1.2.3. Stop unauthorised transfers of your personal information to a third party; 

11.2.1.2.4. In some circumstances, have that information transferred to another organisation; and 

11.2.1.2.5. Lodge a complaint in relation to our processing of your personal information with a local supervisory authority; and 

11.2.1.2.6. Where we rely upon your consent as our legal basis for collecting and processing your data, you may withdraw that consent at any time. 

11.2.2 If you object to the processing of your personal information, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations.  However, please be aware that: 

11.2.2.1. Such objection or withdrawal of consent could mean that we are unable to provide our services to you, and could unduly prevent us from legitimately providing our services to other customers/clients subject to appropriate confidentiality protections; and 

11.2.2.2. Even after you have chosen to withdraw your consent, we may be able to continue to keep and process your personal information to the extent required or otherwise permitted by law, in particular: 

11.2.2.2.1To pursue our legitimate interests in a way that might reasonably be expected as part of running our business and which does not materially impact on your rights, freedoms or interests; and 

11.2.2.2.2 In exercising and defending our legal rights and meeting our legal and regulatory obligations.

11.3. Storage and processing by third parties 

11.3.1 Data that we collect about you may be stored or otherwise processed by third party services with data centres based outside the EU, such as Google Analytics, Microsoft Azure, Amazon Web Services, Apple, Stripe, ChatGPT etc and online relationship management tools.  We consider that the collection and such processing of this information is necessary to pursue our legitimate interests in a way that might reasonably be expected (for example, to analyse how our customers/clients use our services, develop our services and grow our business) and which does not materially impact your rights, freedom or interests. 

11.3.2. MosaicLab requires that all third parties that act as “data processors” for us provide sufficient guarantees and implement appropriate technical and organisational measures to secure your data, only process personal data for specified purposes and have committed themselves to confidentiality.

11.4. Duration of retention of your data 

11.5. We will only keep your data for as long as is necessary for the purpose for which it was collected, subject to satisfying any legal, accounting or reporting requirements.  At the end of any retention period, your data will either be deleted completely or anonymised (for example, by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning).  In some circumstances, you can ask us to delete your data.

11.6. Keeping your information up-to-date

11.7 To ensure that your personal information is accurate and up to date, please promptly advise us of any changes to your information by contacting a member of our Privacy Compliance Crew in writing by using the Contact Details stated at the end of this Privacy Policy.

12. Complaints 

12.1. You have a right to complain to us if you are concerned about your privacy, how we have dealt with your personal information or in relation to the Privacy Act.  

12.2. If you are concerned about how we have dealt with your personal information you should first contact us (using the details set out below), we will endeavour to send you a written response within ten business days. 

12.3. If you are not satisfied with the way we have managed or attempted to resolve your complaint you may complain to the Office of the Australian Information Commissioner by calling them on 1300 363 992, via their website at www.oaic.gov.au or by mail to the Office of the Australian Information Commissioner, GPO Box 5218 Sydney NSW 2001.

13. Acceptance of this policy 

13.1 By using the Sites, you signify your acceptance of this privacy policy. If you do not agree with this policy, please do not use our Sites or provide us with your personal information.

14. Contact details 

Business Name: MosaicLab.
Telephone: 0417 110 861
Email: info@mosaiclab.com.au
Mailing address: 14 Cabane Circuit Mt Duneed 3217 AUSTRALIA 

If you require any further information about the Privacy Act and the Australian Privacy Principles you can visit the Office of the Australian Privacy Commissioner’s website: www.oaic.gov.au