GYST Consulting is committed to safeguarding the privacy and confidentiality of all team members' personal information, as well as client and company information. In alignment with the Privacy Act 1988, Australian Privacy Principles, and General Data Protection Regulation (GDPR) for users in the European Union (EU) and the United Kingdom (UK). This policy outlines our approach to managing personal data and sets out the obligations of employees regarding the protection of information.

Purpose

This policy establishes the principles and practices for managing personal information, ensuring compliance with Australian privacy and employment laws, and outlines employees' responsibilities for maintaining the privacy of client and company information.

Collection of Personal Information

• Legal Basis: Personal information will be collected in accordance with relevant legislation. The collection will be necessary when processing is necessary for our legitimate interests, such as for the conduct of business or marketing.
• Method: Information may be collected through digital interaction, including form submission.
• Types of Information: Includes personal identification details, contact information, program of interest, location, digital interaction (clicks, length on page etc.).

Use of Personal Information

• Purpose: Personal information will be used for:
  • Marketing & Sales Analytics (e.g., analysing how visitors use our Site)
  • Communication (e.g., responding to inquiries or requests)
• Consent: Users will be informed of the purpose of data collection and their consent will be sought where required.

Storage and Security

• Data Protection: Personal information will be securely stored using appropriate measures to prevent unauthorised access, loss, or misuse.
• Retention: Personal data will be retained for the duration required by law and for as long as necessary to fulfil the purpose for which it was collected.

Disclosure of Personal Information

• Internal Disclosure: Personal information may be shared within Gyst Consulting as necessary for business and marketing-related purposes.
• External Disclosure: Information will not be disclosed to external parties without consent, except where required and authorised by law or regulatory bodies. Accepted external  disclosure also includes HubSpot and Google for data storage, analytics, or marketing
  services.
• Modifying, Deleting or Accessing Data: If you wish to:
  • Confirm whether we hold any personal data about you.
  • Access, correct, or delete your personal data.
  • Exercise any other rights under the GDPR or the Privacy Act 1988

Use of Cookies

Our website uses cookies to enhance your experience and improve our services. These include:

• Functional cookies – to remember your settings and preferences.
• Analytical cookies – to understand how visitors use our site and help us improve it.
• Targeting cookies – to tailor marketing content to your interests.
• Third-party cookies – from providers such as HubSpot and Google to track engagement.

Data Breach Notification

We have an internal procedure for handling data breaches. If a breach compromising your personal data occurs:

• We will notify relevant supervisory authorities and affected individuals within 72 hours, if required by law.
• We will provide details specifying the nature of the breach and any recommended steps for affected users to protect themselves further.

Liability and Third-Party Links

Our website may contain links to other websites. We are not responsible for the privacy policies or practices of linked sites. We accept no liability for their usage of your data. We recommend that you review the privacy policies of any third-party sites you visit.

Modifications

We may amend this Privacy Policy from time to time to remain compliant with the law or to reflect changes in our data collection practices. When we update our Privacy Policy, we will revise the “Effective Date” at the top. In some cases, we may also notify you via email.

Further information

For further information on this policy or relevant policies and procedures please contact the Head of Operations.