Privacy Policy

Last updated: 24 April 2025

 

This privacy policy (policy) describes how we, UXBridge Consulting Pty Ltd (we, us, our) handle your personal information when you use our services, participate in our research or otherwise interact with us.

• This policy provides information only as required under data privacy laws and it is not intended, and must not be relied on, as a representation, warranty, contract or an acknowledgement of a duty of care.
• Please read this policy carefully. If you have any questions or if you do not understand anything explained in it, please contact us by email on [email protected]

1. Does this policy apply to you?

 

The policy applies to our website visitors, clients, their representatives, our research participants, our partners, service providers, members of the public, or others who visit us or interact with us online or offline (each referred to as, you, your). This policy applies to you as an individual even if you act as a representative of an organisation (e.g. your employer).

 

2. What personal information do we collect and hold?

 

“Personal information” generally means information about you that identifies you.

 

“Sensitive personal information” means personal information about an individual’s race or ethnicity, political opinions, religious or philosophical beliefs, membership of a professional, trade or political association, sexual orientation or practices, criminal record, health information, genetic data, and biometric data. Our functions and activities do not generally involve any collection of sensitive personal information except for health and safety or research purposes. With the consent of our research participants, we may use facial or body object recognition, heart rate, ECG or EKG measurement and other relevant research tools.

 

The question whether we process your personal information or not may depend on the circumstances of your interaction with us, the source of your information, and our use of the information. Generally, we will not be processing your personal information if, in fact, the information is anonymised or cannot be reasonably linked back to you.

 

For ease of reference, we have grouped personal information into types described in section 11.

 

3. How we obtain your personal information?

 

We may obtain your personal information in the following ways:

 

• From you, when you email or call us, submit an enquiry on our website, participate in our research including briefings, interviews, field research, etc., attend our event, provide information during an interview, when you interact with us on social media, or when you otherwise interact with us, online or offline.

 

• From third parties, such as, where applicable, your employer or colleague, your referee giving an employment reference about you, our analyst if you participate in our research, our service provider, our professional adviser or other third party.

 

• From our CCTV or other security devices when you visit our premises.

 

• From automated processes concerning a device, browser, cookies and other tracking technologies, and from machine generated information, including automatically provided information such as your device’s internet protocol (IP) address, usage data, monitoring data, machine generated outputs, inferences and predictions about you, and similar information.

 

• From the public domain, such as information we obtain from social media, official public records and other public sources.

 

We will rely on the information provided by you as accurate, complete and up to date, and we will be grateful if you would inform us of any changes. Providing incorrect information to us could result in our inability to provide our services, resolve your request or take other appropriate action.

 

If you provide to us another person’s personal information, please only do so if they would reasonably expect it or with their consent.

 

4. Data minimisation

 

You may choose to remain anonymous when interacting with us. However, it will be necessary for us to know your identity, for example, if you become our client, make a complaint or exercise your data rights. Without your relevant personal information in those circumstances, we will be unable to engage with you, provide our services or fulfil our obligations.

 

We take reasonable steps to only collect personal information that is reasonably necessary for our lawful functions and activities and that is pseudonymised or anonymised, where possible. If we receive your personal information which is not necessary, we will destroy or de-identify it as soon as practicable. For example, if you participate in our research we may assign a static or randomised reference number (as appropriate and necessary for our purposes) instead of using your name or other identifier. For some activities such as the technical operation of our website, or information security processes, de-identified information will often suffice and we will not attempt to specifically identify you by name, unless necessary for our purposes.

 

5. Why we collect, hold, disclose or otherwise use your personal information?

 

We list below some (but not all) of the purposes, functions and activities why we collect, hold, disclose and otherwise use your personal information. Other purposes, functions and activities may become obvious or expected by you when we collect your personal information. Please contact us if you have any questions.

 

Purpose	Personal information	How collected and held?	Consequences if not collected
Assisting with your enquiry, if you email or call us in a personal or professional capacity. We may record our calls and other communications with you for record-keeping, training, development and other purposes. We may check your social media or other public profiles, to satisfy ourselves that you are who you say you are.	●         Call recording data ●         Details of your enquiry ●         General details ●         Public data	From you, our records and public sources.	Unable to assist you without all necessary information. Unable to keep records, engage in training and development without appropriate records.
Engaging in our activities and administering our organisation, for example, planning our services, managing our staff, contractors, and service providers, keeping appropriate records, resolving complaints, sending you service communications, seeking your feedback, resolving disputes, collecting debt, complying with our legal obligations and similar activities. We may use our record management systems and engagement tools, identifying opportunities and contacting you.	●         All necessary personal information	From you, our records, and from third parties, such as our service providers, including information generated by automated means.	Unable to perform certain tasks, provide services, administer our organisation and comply with the law without all relevant information and without engaging relevant third parties, such as our service providers, to handle your personal information on our behalf.
Providing our online services to you, such as our website and content. For example, when you visit our website, your browser will provide certain technical information to enable us to display our content in a compatible manner. Some of our features allow you to input your information, for example, to submit a contact form.	●         Device and browser details ●         General details	From you, automatically provided by your device and browser, information generated by automated means, from our records and third parties, such as our technology providers. Some information is collected by cookies and similar technologies, as further explained in section 6.	If our systems do not receive automated technical information, we may be unable to provide our online services. If you block non-essential cookies and similar technologies in your browser, some our online services may be reduced. If you fail to complete our online forms with all required details, we may be unable to contact you.
Undertaking consumer and other research and analytics, for example, recruitment of research participants, assessing fitness and suitability of research participants (e.g. research hardware may not work for people with a health condition), research administration, collaboration and data sharing with third parties, such as our clients who commission our research, surveys, service usage metrics, reviewing your feedback, improving our services, ensuring quality assurance, publishing statistical reports and case studies, and other activities to further our and our clients’ research objectives. Our eye tracking research method involves letting our research participants explore our client’s retail store, ticket office, training environment or other settings while all their consumer behaviour data (e.g. which product on the shelves were looked at for how long) is captured by our wearable device. This may include audiovisual content capturing what any other regular store visitor would be able to perceive. which will be viewed by our analyst or, in limited cases, our client, as is necessary for the research objectives. Sections of this data may be included in our report to the client in de-identified, or, with the research participant’s consent, in identifiable form. Our research may also involve an interview, a survey, review of purchase receipts,  and other research activities.	●         Feedback ●         General details ●         Research participation data	From you, from our records, data collected by enrolled devices used by our research participants, and from third parties, such as our clients, research partners and providers, including information generated by automated means.	Our research output typically includes anonymous or de-identified data and no personal data is required to achieve our or our clients’ research objectives. However, some personal information is necessary initially to engage research participants, conduct face-to-face interviews, ensuring health and safety on-site, and other research administration matters.
Recruitment of staff, for example, interviewing, assessing qualifications, experience and fitness for a particular role, background checks, selecting and hiring staff, determining your terms of engagement and similar activities. We may use automated decision-making to eliminate applicants who fail to meet the basic criteria for a role. We use your identifier information only where reasonably necessary to verify your identity as part of recruitment.	●         Details of your enquiry ●         General details ●         Identifier information	From you, your agent, public sources, and third parties, such as persons providing a reference about you, recruiters, including information generated by automated means.	Unable to make hiring decisions without all necessary information.
Sending you relevant direct marketing communications and displaying ads about our services, events, research, relevant third-party services and collaborations, by email, text, post or other channels if we have an existing relationship or with your consent, where required by law unless we are exempt. We will use profiling for personalisation and targeting, where appropriate, based on information known, observed or inferred from your activity or information about you provided by our third-party marketing and advertising partners.	●         General details ●         Preferences and interests	From you, our records, and from third parties, such as our marketing partners, including information generated by automated means.	Unable to deliver targeted advertising and personalised marketing without all necessary information.
Maintaining health and safety, for example, risk assessments on site, incident management and investigations, making reasonable health and safety adjustments to accommodate your health needs, to act upon our reasonable belief that you or another person is at risk of harm, and similar activities.	●         All necessary personal information, including health information for health and safety purposes	From you, our records, and third parties, such as government agencies and healthcare providers.	Unable to make relevant health and safety assessments without all necessary information.
Maintaining physical security and safety, for example, making enquiries of our visitors where appropriate, deploying physical access control measures, and similar activities.	●         General details ●         Monitoring data ●         Public data	From you, our records about your offline and online activities, from third parties, including information generated by automated means.	Unable to ensure physical security and safety without necessary and proportionate monitoring.
Maintaining information security, for example, by monitoring use of our corporate resources, networks and website for suspicious activities, blocking access, isolating suspicious objects, preventing malicious software distribution and implementing other technical and organisational security measures to ensure the confidentiality, integrity and availability of information.	●        General details ●        Monitoring data, in anonymized or pseudonymized form	From our records which may include your online and network activity and user behaviour, including information generated by automated means.	Unable to ensure information security without monitoring user and network activity.
Assisting law enforcement and other public authorities in detecting, preventing and investigating crime or breach of the law in accordance with the law.	●        All necessary personal information	Received from and disclosed to law enforcement and public authorities.	Unable to assist public authorities without receiving or disclosing your personal information.
Handling personal information as is required for compliance with the law, exercising legal rights and defending legal claims.	●        All necessary personal information	Collected from you, third parties, and public sources.	Unable to comply with the law, exercise right or defend legal claim without the use and disclosure of your personal information.

 

We will update this policy to include any new purposes from time to time and we will obtain your prior consent for such new purposes where we are required to do so at law. We may not require your prior consent if the secondary purpose is related to our primary purpose and reasonably anticipated by you or otherwise authorised or required by law.

 

 

6. Sharing your personal information

 

We will treat your personal information as confidential and only share it with third parties where this is necessary for our functions and activities, where a disclosure is in your best interest or where we are compelled by law.

 

Within our organisation, we restrict access to your personal information to people who have a “need to know” such information. For example, if you participate in our research, only the relevant researchers will have access to your personal information.

 

We will also share your limited personal information with authorised third parties that have a “need to know” or legal authority to access your information, in the following circumstances:

 

• your principal such as your employer when you engage with us in your professional capacity;
• our research partners such as our clients, as appropriate, if you participate in our research studies. However, our research reports shared with our clients are generally de-identified and will not include your personal information that can reasonably identify you;
• our affiliated parties, service providers and contractors who provide services to us to help fulfil our operational needs, such as technology, communications, information security, research, analytics services, word processing and work tools (including Google, Microsoft, Canva, Xero, Askable and other applications), venues and event organisers, marketing service providers and others;
• your bank or payment provider in connection with your payment to us;
• auditors for our annual and ad hoc audits, as required by law or good practice;
• a requestor where it is reasonable in the circumstances to disclose your personal information in complying with a personal information access request or freedom of information request;
• law enforcement if we are compelled or permitted by law to provide your information;
• our external professional advisers such as accountants, insurers, lawyers, forensic experts, public relations experts and others, who are bound by confidentiality, to seek advice in connection with a legal, accounting or other matter;
• a third party in connection with a corporate transaction such as a merger of our organisation; and
• as otherwise required or authorised by law, under a binding disclosure request, court order or with your consent.

 

Whilst we take reasonable steps to implement appropriate measures to safeguard your personal information in the hands of these third parties, we are not responsible for third parties.

 

7. Cross-border disclosure of personal information

 

Generally, your personal information will be stored in Australia, except where:

 

• we engage third party service provider (e.g. cloud provider) to use and hold your personal information on our behalf which may be located in Europe or another country;
• you engage with third party services, such as plug ins (e.g. Instagram ‘like’ button), or on our online properties, where you may be consenting to sharing your personal information with third parties (e.g. Meta in the US);
• we engage third parties outside Australia to provide services to us, such as consultancy, which may include a disclosure of your personal information to them; and in other circumstances.

 

As required by law, before any disclosure to an overseas recipient we endeavour to satisfy ourselves that your information will be protected in a way that, overall, is at least substantially similar to the way it is protected under Australian law. For example, we may enter into an appropriate cross-border data transfer agreements with our recipients.

 

8. How do we store and protect your personal information?

 

We will implement appropriate technical and organisational measures to ensure the information security of your personal information. We carry out regular information security risk assessments which inform our security policy.

 

We protect personal information in several ways, including, as appropriate, access controls, least privilege, passwords, multifactor authentication, and secure servers. Our staff will have limited access privileges to ensure your personal information is accessed on a “need to know” basis. Our staff are required to comply with our information security policies, security processes, attend training and participate in regular audits.

 

We seek to ensure our third-party service providers (e.g. our cloud service provider) apply similar measures. We only appoint service providers under appropriate contracts who provide sufficient guarantees about information security in accordance with applicable law.

 

However, while we take reasonable steps to ensure information security, the transmission of information over the Internet is never completely secure, malicious actors constantly improve their attack vectors and human error cannot be completely ruled out.

 

9. How long will we keep your personal information?

 

We will take such steps as are reasonable in the circumstances to destroy or de-identify your personal information if no longer needed for our purposes, unless its continued retention is otherwise required by law.

 

The actual retention period may be shorter or longer, determined by data type, volume, sensitivity and risk of harm in case of a data breach as well as necessity, our legal obligations and the laws applicable to you. However, by way of example, we may apply the following data retention periods.

 

Type of information	Retention period
Details of your enquiry	6 months from resolution.
Research participation data	6 months from research project completion or earlier as per research objective.
Identifier Information	ID documents not retained after identity verification. ID details retained on file until 7 years following end of relationship.
Device and browser data	One year from collection.

 

10. Your data privacy rights

 

Subject to certain conditions, exemptions and verification of your identity, as appropriate, you have the following data privacy rights in respect of your personal information:

 

• Right to information as provided by us in this policy.
• Right to remain anonymous, where practicable, as described above.
• Right to withdraw consent at any time where our processing is based on your consent.
• Right to access your personal information held by us. You may access your by contacting us.
• Right to correction of your personal information held by us if it is incorrect or incomplete.
• Right to opt out from marketing by using the unsubscribe facility in our communications or by contacting us.
• Right to request the source of marketing information.
• Right to complain to the relevant authority, such as, the Office of the Australian Information Commissioner, if you remain dissatisfied with how we have handled your enquiry or complaint.

 

We will respond within a reasonable time, typically, within 30 days or sooner, as required by law, following your request. If we need more time, we will let you know why and when you can expect our response.

 

We may refuse requests on certain grounds, for example, if they are unreasonably repetitive, disproportionately demanding, impracticable or otherwise exempt. If we refuse your request, we will explain our lawful reason for doing so.

 

We may charge a fee or recover from you our reasonable costs as prescribed or permitted by the law to handle your requests. However, in most circumstances, we will handle your request free of charge.

 

11. Types of personal information

 

We will handle the following information which may constitute your personal information.

Type of information	Description
Call recording data	A recording of your call or video conference with us.
Details of your enquiry	Information in your query, request for services, complaint, research participation, job application or other communication.
Device and browser details	Information automatically provided by your device and browser including mobile device ID, internet protocol (IP) address, cookie ID, online identifiers, operating system, browser type, language, time zone setting, location and date and time of access and other information.
Feedback	Such as information communicated by you to us in online reviews, surveys, when attending our events or otherwise.
General details	Such as your name, role, employer details, email address, phone number, address, your photograph or image or similar information.
Identifier information	Such as national identification number, passport number, driving license, healthcare, and other identifier issued by a public authority.
Monitoring data	Such as CCTV footage, access records, usage data relating to your use of our website and other resources, communications metadata, social media activity, and similar information.
Opportunity records	Your personal and professional details as a prospective business partner, client and other opportunity records.
Preferences and interests	Information about your preferences and interests known, observed or inferred from various sources such as your device and browser details, engagement information including email open rates, clicks, views, active time spent, etc., public data, usage data, your marketing preferences and consents, information about you from our third-party advertising partners and similar information.
Public data	Such as information about you from social media, official records (e.g. electoral, postal, court, bankruptcy records, etc.) and similar information.
Research participation data	Research data including consumer behaviour data (e.g. how you interact with an environment like shopping, using your phone, watching TV, driving or moving through a train station) captured by our wearable device, your interview or survey replies, your preferences as a consumer, in anonymised form where practicable, relevant to the research objective, results based on your participation, a VOX Pop with your consent and similar information.
Usage data	Information about how you navigate and engage with our online services, features, websites, your online activity data such as downloads, clickstream data with URLs visited previously, page interaction, such as scrolling, clicks, and mouse-overs, methods used to browse away from our service, search text you enter, search results returned, information in security logs and similar information.

 

12. Queries and complaints

 

For any enquiry or complaint, please contact us and provide all relevant details.

 

We will endeavour to respond to any queries about data privacy without undue delay. If we receive a complaint from you about how we have handled your personal information, we will determine what (if any) action we should take to resolve the complaint and endeavour to respond to your complaint within 30 days of receipt.

 

If we cannot resolve a complaint related to your personal information or you are dissatisfied with the outcome or handling of your complaint, you may wish to contact, the Office of the Australian Information Commissioner.

 

13. Changes to this policy

 

If we make any changes to our policy, you will be able to see them on this page. You should regularly check for updates, as indicated by the “Last updated” date at the top. If any such changes significantly affect you, we will ask for your prior consent where we are required to do so by law.