Last updated: 9 September 2020
Your privacy is important
This statement outlines the policy of Gradient Institute (“the Institute”) on how the Institute uses and manages personal information provided to or collected by it.
About the Gradient Institute
The Institute is an independent, not-for-profit research institute whose purpose is to progress the research, design, development and adoption of ethical artificial intelligence systems. The Institute is bound by the Australian Privacy Principles contained in the Commonwealth Privacy Act.
How to contact the Institute
If you have any concerns or complaints about the way your information is handled and safeguarded, or you believe there has been a breach of privacy, please contact the Institute.
How is personal information collected?
The Institute collects personal information from you by way of:
● web forms
● phone calls
● video conferences
What personal information is collected and held?
We collect the following types of personal information:
● residential addresses
● email address, telephone number, and other contact details
● dates of birth
● bank account details
● employment details such as company, position, and professional interests
We don’t usually collect or hold sensitive information (this includes information such as information about your health, political opinions, or sexual orientation). If we do, we take additional measures to protect this information and ensure it is disposed of once we no longer need to keep it.
For what purposes does the Institute collect information?
|Website analytics||Using analytics tools (such as Google Analytics) to understand usage of the Gradient Institute website.|
|Mailing lists||Collecting and storing contact details and other basic details about individuals (such as company, position and interests) for use for providing information to the individuals such as news about Gradient Institute work, promoting courses and events, etc.|
|Training course and event|
|Collecting and storing contact details and other basic details about individuals (such as company, position, experience, special requirements) for use in organising training courses and events. Additionally, feedback from participants is collected and stored in training courses and events.|
|Data science research projects||Receiving and storing data sets provided by customers and partners that are used in data science research projects.|
|Recruitment||Receiving, storing and using information provided by a candidate or agent in relation to employment, internship, fellowships or volunteering|
You do have the right to seek to deal with us anonymously or using a pseudonym, but in almost every circumstance, it will not be practicable for us to deal with you or provide any services to you except for the most general responses to general inquiries, unless you identify yourself.
If you subscribe to one of our mailing lists, you may do so using a pseudonym.
How will the Institute use the personal information you provide?
The Institution will use the personal information it collects from you for the purposes listed above, and for secondary purposes that are related to the purposes and that would be reasonably expected, or any other purposes you have consented to.
When you give us your personal information, we will ask you for your consent to use it for direct marketing (for example, to promote courses and events). You do not have to consent to this. If we received your personal information from someone else, we will only use it for direct marketing with your consent or if it is impracticable to obtain your consent.
Where we send you direct marketing by email, we comply with the Spam Act.
You may opt out of direct marketing at any time.
Updating or correcting Personal Information
The Institute endeavours to ensure that the personal information it holds is accurate and up-to-date. You may seek to update the personal information held by the Institute by contacting the Institute at any time.
The Australian Privacy Principles require the Institute not to store personal information longer than necessary.
You have the right to access any personal information the Institute holds about you.
If you think that information we hold about you is incorrect, you can ask us to correct it. You can also ask us to delete your personal information.
Please note that there are some legal limits to these rights. For example in some cases we are legally required to retain some personal information. If we are not able to fulfil your request, we will let you know why.
To make a request to access any information the Institute holds about you, please contact the institute by email. The Institute will try to respond to requests within 30 days.
The Institute may require you to verify your identity and specify what information you require.
How does the Institute handle complaints about privacy?
If you have a complaint about privacy, please contact us. We will respond to your complaint as soon as we can, and in any case within 30 days. If we receive a complaint, we will acknowledge receipt of the complaint, seek further information from the complainant if necessary, investigate the complaint, respond to the complainant with the outcome of the investigation and provide feedback to the relevant internal stakeholders.
If you are not satisfied with our response to your complaint then you can complain to the Office of the Australian Information Commissioner via:
Personal information of applicants, staff members, contractors, interns and fellows
In these circumstances, the Institute’s purpose for collection of the information is to assess and (if successful) to engage the individual, as the case may be.
The purposes for which the Institute uses personal information of job applicants, staff members and contractors are:
● for contacting individuals;
● for making recruiting decisions;
● for insurance purposes; and
● to satisfy the Institute’s legal obligations.
Where the Institute receives unsolicited job applications these will usually be dealt with in accordance with the unsolicited personal information requirements of the Privacy Act.
Management and security of personal information
The Institute’s staff are required to respect the confidentiality of personal information and the privacy of individuals.
The Institute has in place an Information Security Policy which requires the protection of confidential information, including personal information, which the Institute holds.
The Information Security Policy specifies that:
● The information only be accessible to persons who have a genuine need to access the information;
● Access to the information requires login using a unique ID and password;
● Confidentiality obligations are reinforced to those who have access; and
● The information must not be stored on portable storage devices (including CDs, DVDs, tapes, disk drives, USB and other removable media) without encryption.
When you use our website, having cookies enabled allows us to maintain the continuity of your browsing session and remember your details when you return.
If you adjust your browser settings to block, reject or delete these functions, the webpage may not function in an optimal manner. We may also collect information about your IP address.
Who does the Institute disclose personal information to?
The Institute discloses personal information, including sensitive information, held about an individual to:
● companies providing services to the Institute (for example, event management platform
providers and mailing list platform providers); and
● anyone you authorise the Institute to disclose information to.
Sending information overseas
The Institute will not disclose personal information about an individual outside Australia without:
● obtaining the consent from you; or
● otherwise complying with the Australian Privacy Principles or other applicable privacy laws.
We prioritise use of Australian-based cloud IT services but also use overseas providers of cloud IT services (such as Google Cloud and Amazon Web Services).
How long will the Institute keep my information?
Under our destruction and de-identification policies, your personal information that is no longer required to be kept will be de-identified or destroyed.
Changes to this policy
The Policy was last updated on 9 September 2020.