Last Updated: 10 June 2020
We use the terms “personal information” and “personal data” to mean any information relating to an identified or identifiable individual. If you are located in the European Economic Area (“EEA”), please also see our Supplemental EEA Privacy Statement below. If you are a resident of California, please also see our Supplemental California Consumer Privacy Act Disclosures.
Should you have any questions regarding this Policy, you can contact our Data Protection Officer by email at firstname.lastname@example.org.
What Types of Personal Information Do We Collect?
Information You Actively Submit on our Site: If you create an account, fill out a form, send an email to our team, or otherwise send us information through the Site, we collect personal information about you. The Site has webpages that allow you to submit a variety of personal information to us, including contact information such as your name, email address and physical address, social media information such as your social media account name, login information such as a user name and password, and other information such as survey responses, photo uploads, and forum posts. In each instance, you will know what personal information we collect because you will actively submit it.
Information from Other Sources: We collect personal information through other sources such as third party data providers, social media platforms and joint marketing partners to help us offer our services to you. This personal information generally consists of business contact information such as email address, title, phone number and similar information.
Combined: We may link information that you automatically provide with information that we collect from other sources and/or information you actively submit. When such a linkage occurs, we treat all of the combined data as personal information.
How Do We Use Your Personal Information?
We use personal information that we collect about you as follows:
• Upon request, to create an account for you;
• To enable you to use online interactive forums that we may offer;
• To provide requested services and information;
• To respond appropriately to your inquiries and requests;
• To discharge our contractual obligations to you;
• To send you invites and service emails if you become a member of our communities as part of your ongoing membership;
• To contact you to administer rewards such as sweepstakes/contests;
• To comply with any legal obligations that apply to us;
• If you submit an employment application, to administer and evaluate your application and comply with legal obligations we have in relation to your application; and
• To secure, optimize and customize your experience on the Site.
To the extent permitted by applicable law, we may use your personal information to contact you with sales and marketing communications. You may at any time choose to stop receiving marketing emails from us by using one of the unsubscribe options we provide. Please see the Your Choices section of this Policy for more information about opting-out of communications. Service-related communications that Potentiate sends to our own customers are covered in the Our Clients section of this Policy.
For How Long Do We Keep Your Personal Information?
We generally retain your personal information for as long as you have a business relationship with us and for 3 years thereafter, unless we are required to delete or anonymize it sooner. If you do not have a direct business relationship with us, for example where we have received your personal information from a third party data provider, we shall retain your personal information for 3 years following our last communication with you unless we are required to delete or anonymize it sooner. In some cases, we may be required to retain personal information for a longer period of time based on laws or regulations that apply to our business or for other necessary business purposes. Where possible, we aim to anonymize the information or remove unnecessary identifiers from records that we may need to keep for periods beyond the original retention period.
To Whom Do We Disclose Your Personal Information?
We do not share your personal information with third parties, except in the following cases:
• with your consent;
• with affiliated and unaffiliated services providers that act on our behalf and under our instructions to help us operate our business (data processors);
• in redacted or aggregated form that cannot be used to identify you individually;
• if required or permitted by law, including as necessary to comply with the law, to protect the rights or safety of Site users, other users, or third parties (e.g., for fraud protection and credit risk reduction purposes; for protecting and defending the rights or property of Potentiate, its customers, other users, or members of the public); or
• with a buyer of all or substantially all of our assets relating to a particular business line or division, or in connection with a merger, acquisition, reorganization or restructuring.
You have a variety of choices regarding which personal information we may collect, process and use and for what purposes. Wherever reasonably practical, we will provide you with the ability to use the features of the Site without submitting personal information to us or to use a pseudonym. Some areas of the Site however, such as registration forms, questionnaires and submissions to our Careers section require you to provide accurate and up to date personal information and your choice is to not use such areas and features.
You can contact us to request that we correct or stop using your personal information, or to find out what personal information we have collected about you:
• Email Communications – You may opt-out of receiving marketing and other promotional emails from us at any time by clicking the unsubscribe links embedded within the emails we send, or by contacting us directly at email@example.com. Members of communities we own can opt-out of participating by using the unsubscribe links embedded in emails, or by using the subscription preference options in the Profile / Settings section of the member hub. Some emails are transactional in nature, including emails we send to our clients regarding the services they have purchased. These emails do not provide the ability to opt-out.
• Data Access, Correction & Deletion – You may request access to your personal information to confirm that it is in our possession, to ensure that it is accurate and to make corrections, or to request that it be removed/anonymized. We will respond to your request as quickly as possible and will need to verify your identity before providing you with access to the personal information we hold about you.
In some cases, we may be unable to accommodate your request if we are unable to verify your identity, if we are prohibited by law, if disclosure would result in the disclosure of the personal information of others, or if the request is unreasonable or impractical. If we are unable to process your request for these or any other reasons, we will provide you with an explanation of the reason for denial, and you will be permitted to request a review.
All requests for information should be sent by email to firstname.lastname@example.org or to the mailing address listed above.
International Considerations and Data Transfers
Information collected on this Site may be processed outside of the country you are visiting from. We process personal information in the United States, Australia, the European Union, the United Kingdom, Malaysia and Japan. Occasionally, we use service providers located in these and other jurisdictions including Thailand, Israel and India to process data on our behalf and under our instructions. When transferring your personal information, we take appropriate measures to protect it in accordance with applicable laws and this Policy.
We have implemented commercially reasonable safeguards and precautions to protect your personal information, including technical and organizational measures against unauthorized access, improper use, alteration, unlawful or accidental destruction, and accidental loss. These measures include utilizing secure Transport Layer Security (“TLS”) connections for data collected via our platform, employee training, policies, and secure facilities. Access to personal information is restricted to employees and contractors who have a need to know and who are required to maintain the confidentiality and security of information. Please note that despite our use of the safeguards described above, we cannot guarantee that personal information you submit to us will never be accessed, disclosed, altered, or destroyed in a manner that is inconsistent with this Policy.
• AUP / Reporting Abuse – Potentiate has a comprehensive Acceptable Use Policy (“AUP”), available upon request outlining the acceptable use of our services and our clients are required to abide by the terms of the AUP at all times. Potentiate disclaims any responsibility for clients who use our services to engage in illegal or unethical behavior and will take any action we deem necessary should we discover such activity is taking place including suspension or termination of service. If you suspect a breach of the AUP, or have concerns with the manner in which our clients are using our services, please immediately contact us at email@example.com. If you have general questions including requesting to opt-out of our client’s use of your data, please use the support link provided within your member hub.
• Potentiates Communications with our Clients – When we are required to do so in order to provide services to our clients, we may send service-related emails such as maintenance notifications, responses to support inquiries, billing notices, account management emails, and password reset emails. Generally, you may not opt-out of these types of communications as they are not promotional in nature. We will occasionally send promotional emails as well, which do provide you the ability to opt-out of similar communications. We may also communicate with you by phone or postal mail.
This site is not intended for or directed at children and we do not knowingly collect personal information from any person under the age of 13. If we discover that we have inadvertently collected personal information from a person under 13 years of age, we will promptly take commercially reasonable measures to delete such information from our systems.
Changes to This Policy
We may change the terms of this Policy at any time at our sole discretion so please review it periodically.
Supplemental EEA Privacy Statement
European Union Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“EU GDPR”), requires Potentiate as the data controller to provide additional and different information about its data processing practices to data subjects in the EEA. If you are accessing the Site from a member state of the EEA, this Supplemental EEA Online Privacy Statement applies to you in addition to the Policy above.
Our GDPR-specific representative is Potentiate GmbH. Our Data Protection Officer may be contacted at firstname.lastname@example.org.
What Are Our Legal Bases for Processing Personal Data?
We process the personal data of users of our Site on several different legal bases, as follows:
• Legitimate Interests: We process the personal data of users of our Site as necessary to pursue the following legitimate interests, pursuant to Article 6(1)(f) of the EU GDPR: To provide a good user experience, to maintain, secure and improve our Site and products, to tailor our communications and services to our users, to market and promote our products and services and to support and provide requested services.
• Legal Obligations: If we are subject to a lawful access request, engaged in a legal proceeding or suspect a user of illegal conduct, we may need to process your personal data to comply with relevant laws, regulatory requirements and to respond to lawful requests, court orders, and legal process, pursuant to Article 6(1)(c) of the EU GDPR.
• Consent: If we are required to obtain your consent to send you marketing communications, place certain cookies on your device, or engage in other processing activities associated with the Site, we may perform such processing on the basis of your consent if you have provided it, pursuant to Article 6(1)(a) of the EU GDPR. In such cases, you may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. Providing your consent is voluntary, however we will not be able to provide you with a service for which we require your consent unless it is provided.
• Vital Interests: In extenuating circumstances, we may need to process your personal data to protect the vital interests of you or another natural person, pursuant to Article 6(1)(d) of the EU GDPR.
Where Do We Transfer Personal Data and How Do We Protect Such Transfers?
We disclose your personal data to recipients in the following jurisdiction or jurisdictions outside of the EEA which provide adequate protection to personal data according to the European Commission: Canada, Israel, and the United States (limited to the Privacy Shield framework). In each case, the transfer is thereby recognized as providing an adequate level of data protection from a European data protection law perspective (see Article 45 of the EU GDPR).
We disclose your personal data to recipients in the following jurisdiction or jurisdictions outside of the EEA which do not provide adequate protection to personal data according to the European Commission: Australia, the United States (where the Privacy Shield framework has not been applied), South Africa, Singapore, Hong Kong, Japan and India. By entering into appropriate data transfer agreements based on Standard Contractual Clauses (2010/87/EU and/or 2004/915/EC) as referred to in Article 46(5) of the EU GDPR or other adequate means, we have established that all such recipients will provide an adequate level of data protection and that appropriate technical and organizational security measures are in place to protect personal data against accidental or unlawful destruction, loss or alteration, unauthorized disclosure or access, and against all other unlawful forms of processing. Any onward transfer (including to our affiliates outside the EEA) is subject to appropriate onward transfer requirements as required by the applicable contract or applicable law. You can ask for a copy of such appropriate data transfer agreements by contacting email@example.com.
What Data Subject Rights Do You Have?
Under the conditions set out under the EU GDPR and any other national data protection laws in the EEA, you have the following rights:
• Right of access: You have the right to obtain from us confirmation as to whether your personal data is being processed, and, where that is the case, to request access to the personal data. The access information includes, among other things, the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipients to whom the personal data have been or will be disclosed. You have the right to obtain a copy of the personal data undergoing processing. Subject to applicable law, we may charge a reasonable fee for copies, based on administrative costs.
• Right to rectification: You have the right to obtain from us the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
• Right to erasure: You have the right to ask us to erase your personal data to the extent it is not required for legally required purposes.
• Right to restriction of processing: You have the right to request restriction of processing of your personal data, in which case, it would be marked and processed by us only for certain purposes.
• Right to data portability: You have the right to receive your personal data which you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit the personal data to another entity without hindrance from us.
• Right to object: You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us and we can be required to no longer process your personal data. If you have a right to object and you exercise this right, your personal data will no longer be processed for such purposes by us. Exercising this right will not incur any cost. Such a right to object may not exist, in particular, if the processing of your personal data is necessary to take steps prior to entering into a contract or to perform a contract already concluded.
• Right to Submit Complaints: You have a right to lodge a complaint with a supervisory authority.
Please note that these rights may be limited under the applicable national data protection law. To exercise your rights please contact us at firstname.lastname@example.org.
Are You Required to Provide Personal Data?
You are not required to provide any personal data to us, but if you do not provide any personal data to us, you may not be able to use certain features of the Site, such as those available to account holders, such as participants on our platform, job applicants, among others. You can use the Site without consenting to cookies that are not strictly necessary; which will mean that your experience on the Site will be less tailored to you and certain features of the Site may not function as intended. You can also use the Site without consenting to receiving marketing communications from us; which will mean that you may not receive marketing communications that you may be interested in.
Last Updated: 10 June 2020
Should you have any questions regarding this Policy, you can contact our Privacy Officer by email at email@example.com
What are Cookies?
When you visit the Site, Potentiate or a third party may send you a cookie. Cookies are small text files that may be placed in your browser directory on your computer or mobile device. When a website is accessed, a cookie that is placed on a device will send information to the party that has placed the cookie. Cookies are extremely common and used on most websites. Each cookie will typically contain the name of the domain from which the cookie has come, the "lifetime" of the cookie, and a value (usually a unique number). For a more thorough explanation of what cookies are and how they operate, please visit www.aboutcookies.org or www.allaboutcookies.org.
Why are Cookies useful?
In general, the purpose of cookies is to improve the performance of the Site and your experience while visiting the Site. Cookies help make your visits easier by recognizing you upon return and providing a customized experience. Cookies also allow us to do useful things; for example, cookies allow us to find out whether you have visited the Site previously. Cookies help us make the Site work more efficiently, enable extra functionality, and provide us with additional information about your visit. Cookies also allow us to track overall Site usage and determine areas that users prefer.
First Party and Third Party Cookies
Our Site may place first party cookies and allow third parties to place cookies on your device. The difference between a first party cookie and a third party cookie relates to the control of the party who serves the cookie. First party cookies are cookies that are specific to the website that created them. Their use enables us to operate an efficient service and to track the patterns of behavior of visitors to the Site. Third party cookies, on the other hand, are placed on your device by a third party (i.e., not by Potentiate). While we may allow third parties access to the Site to place these cookies on users’ devices, for example by embedding functionality such as Social Media widgets, we do not retain control over the information supplied by the cookies, nor do we retain access to that data in many cases. Some third party cookies have the ability to track your browsing activity across sites, such as ad networks which are intended to deliver relevant, targeted ads to you including ads for Potentiate products and services delivered on external websites. This information is controlled wholly by those third parties in accordance with their respective privacy policies.
Session and Persistent Cookies
Our Site may place session and persistent cookies on your device. Whereas the difference between a first party and third party cookie relates to the party controlling the initial placement of the cookie on your device, the difference between a session and a persistent cookie relates to the length of time the cookie lasts. Session cookies are cookies that typically last for as long as you are using your browser, also known as a browser session. When you end your browser session, the cookie expires. Persistent cookies, as the name implies, are persistent and will last after you close your browser. This allows for quicker and often more convenient access to our Site among other functionality.
Potentiate utilizes software platform build by Vision Critical called the Sparq platform which sets a number of cookies in order to function properly and to facilitate authentication, remember preferences, and maintain sessions. Vision Critical clients who use the Sparq platform, their community members, and Potentiate’s own community members will receive these cookies when interacting with the platform. Generally, users and community members may not opt-out of these cookies directly, and we recommend that they do not delete or block these cookies to ensure a proper user experience. Most of these cookies are proprietary, although a small number are generated by third parties. For more information on Sparq cookies, please see the help article located here.
Linking of Cookie data with other data
Information gathered through usage of a cookie is not generally linked to any direct personal identifiers (e.g., your name or e-mail address). Once you submit personal data on our sites however (e.g., by signing up to receive information from us, becoming a customer, etc.), we may link such personal data with cookies or other data that are associated with your visit(s) to our Site. This linkage allows us to create a ‘profile’ of your preferences so that we may tailor Site content, offers, and promotions to your interests.
This Site uses Google Analytics, a popular website analytics service of Google Inc. (“Google”) which sets its own cookies. Google uses this information on behalf of the Site in order to analyze the use of the Site, to compile reports on Site activities, and to provide further services in connection with the Site. The IP address transmitted by your browser within the context of Google Analytics will not be combined with other Google data.
Disabling, Deleting, or Opting Out of Cookies
If you do not want to have cookies placed on your device by third parties, many of them offer ways to opt-out.
You may prevent the collection of your data by Google Analytics by downloading and installing the Browser Plugin located here: https://tools.google.com/dlpage/gaoptout.
Information on opting-out of ad networks can be found at www.aboutads.info. If you are in the European Union, please visit www.youronlinechoices.eu.
There are other technologies that perform a similar function to cookies. These include web beacons and clear gifs, local shared objects (also known as “LSOs” or “Flash cookies”), and digital fingerprints. These technologies may be used in conjunction with cookies to help us generate additional functionality and data:
• Web beacons/clear gifs - When we send you newsletters or other messages we use these technologies so that we can track email open and click rates, which in conjunction with cookies helps us understand your interests and send you more relevant, targeted messages.
• Digital fingerprinting – We may use "digital fingerprinting" technology to help us uniquely identify you, to aid in retargeting, to ensure the integrity of survey results by suppressing duplicate/fraudulent accounts and responses, and for other, similar purposes. To create the digital fingerprint, we use third party technology to collect data points about your computer and to generate a unique identifier by combining those data points. Such data points include, but are not limited to your location. The digital fingerprint cannot reveal your personal identity on its own.
• Local shared objects (“LSO’s” or “Flash cookies”) – When you interact with certain functions of the site such as viewing videos, LSOs may be used by third parties to store information on your computer. LSO’s differ from regular cookies in a number of ways, including their storage location, which means that they cannot be deleted using any of the instructions described previously. More information about LSO’s and how you can remove them is here.
Do Not Track Signal
Some browsers allow you to send a ‘Do Not Track’ request when you visit a website. Aside from the cookie related settings listed above, this Site does not process Do Not Track signals sent by your browser.
Changes to This Policy
We may change the information contained in this Policy at any time at our sole discretion so please review it periodically.
Our Privacy Officer can be contacted by via:
We will always endeavour to investigate your complaint and respond to you as soon as practicable after receipt, generally within 30 days. If you are not satisfied with our response, you may refer the matter to the Office of the Australian Information Commissioner.
Corporate social responsibility and Anti-Bribery company policy
Last updated: 26 August 2020
Policy brief & purpose
Our Corporate Social Responsibility (CSR) and Anti-Bribery company policy refers to our responsibility toward our environment. Our company’s existence is not lonely. It's part of a bigger system of people, values, other organizations and nature. The social responsibility of a business is to give back to the world just as it gives to us.
What is corporate social responsibility?
Our Corporate Social Responsibility (CSR) company policy outlines our efforts to give back to the world as it gives to us.
This policy applies to our company and its subsidiaries. It also refers to our suppliers and partners.
We want to be a responsible business that meets the highest standards of ethics and professionalism.
Our company’s social responsibility falls under two categories: compliance and proactiveness. Compliance refers to our company’s commitment to legality and willingness to observe community values. Proactiveness is every initiative to promote human rights, help communities and protect our natural environment.
Our company will:
● Respect the law
● Honor its internal policies
● Ensure that all its business operations are legitimate
● Keep every partnership and collaboration open and transparent
We'll always conduct business with integrity and respect to human rights. We'll promote:
● Safety and fair dealing
● Respect toward the consumer
● Anti-bribery and anti-corruption practices
Examples of Corporate Social Responsibility
Protecting the environment
Our company recognizes the need to protect the natural environment. Keeping our environment clean and unpolluted is a benefit to all. We'll always follow best practices when disposing garbage and using chemical substances. Stewardship will also play an important role.
We'll ensure that we:
● Don't risk the health and safety of our employees and community.
● Avoid harming the lives of local and indigenous people.
● Support diversity and inclusion.
Our company is dedicated to protecting human rights. We are a committed equal opportunity employer and will abide by all fair labor practices. We’ll ensure that our activities do not directly or indirectly violate human rights in any country (e.g. forced labor).
Donations and aid
Our company preserves a budget to make monetary donations. These donations will aim to:
● Advance the arts, education and community events.
● Alleviate those in need.
Our company will encourage its employees to volunteer. They can volunteer through programs organized internally or externally. Our company seeks to sponsor volunteering events from other organizations.
Preserving the environment
Apart from legal obligations, our company will proactively protect the environment. Examples of relevant activities include:
● Conserving energy
● Organizing reforestation excursions
● Using environmentally-friendly technologies
Supporting the community
Our company may initiate and support community investment and educational programs. It can provide support to nonprofit organizations or movements to promote cultural and economic development of global and local communities.
We actively invest in R&D. Our company will try to continuously improve the way it operates.
Our company is committed to the United Nations Global Compact. We'll readily act to promote our identity as a socially aware and responsible business. Management communicates this policy on all levels. Senior managers are also responsible for resolving any CSR issues.
Ethical Sourcing and Modern Slavery Policy
Last updated: 26 August 2020
The business plays an important role in respecting and promoting human rights and eradicating modern slavery . We recognise that modern slavery is a complex problem, best tackled by collective commitment and responsibility to bring it to an end and we are committed to working with all our stakeholders to fulfil this common goal.
The purpose of this Policy is to ensure that the Potentiate group of companies:
• are compliant with local, national and other applicable laws and regulations in the areas in which the businesses operate;
• group companies source products and services in accordance with legal obligations and community expectations while working with suppliers to improve their social and environmental practices;
• group companies act to prevent, mitigate and where appropriate, remedy modern slavery in their operations and supply chains .
Suppliers and group companies Shall;
(a) Not use forced labour
(b) Not use child labour
(c) Maintain professional, transparent wages and benefits book-keeping.
(d) Comply with work hour laws
(e) Provide an equal opportunity workplace
(f) Ensure no harassment of abuse
(g) Provide Freedom of association, grievances mechanisms and recourses
(h) provide a safe and hygienic working environment that is without risk to health, taking into consideration knowledge of the relevant industry and any specific hazards.
(i) Not engage in bribery
(j) Ensure Subcontractors maintain the same standards
(k) Comply with local environmental laws
(l) Ensure animals are treated humanely
(m) Ensure migrant workers shall have the same entitlements as local workers as stipulated by local law.
(n) Provide each employee with an employment contract
The Australian Modern Slavery Act 2018 took effect on 1 January 2019, and while it does not require Potentiate to make annual public reports (Modern Slavery Statements). Potentiate has elected to provide a policy to manage risks in their operations and supply chains.
1 Modern slavery includes the crimes of human trafficking, slavery and slavery like practices such as servitude, forced labour, forced or servile marriage, the sale and exploitation of children, and debt bondage. Source: Walk Free Foundation.
2 'Suppliers’ is defined as factories, supplier sites and providers of goods or services to Wesfarmers and its divisions/business units.
3 ‘Operations’ is defined as activity controlled by Wesfarmers and its divisions/business units.
4 ‘Supply chains’ is defined as suppliers and service providers to Wesfarmers and its divisions/business units.
5 ‘Child labour’ is defined as any work by a child or young person, which does not comply with the provisions of the relevant ILO standards, and any work that is likely to interfere with that person’s education, or to be harmful to that person’s health or mental, spiritual, moral or social development. ‘Child (or Children)’ is defined as a person under the age of 15, or below the age at which school attendance is not compulsory under local law, whichever is older. ‘Young Person’ is defined as a person under the age of 18 but not classified as a child.