Privacy policy

Privacy, Confidentiality and Non-Disclosure Policy

Justine Thompson Yoga acknowledges and is committed to upholding the intent of the Privacy Act and the Privacy Amendment (Notifiable Data Breaches) Act 2017.

This policy explains the expectations placed on all employees and management regarding the care and management of confidential information relating to the business activities of Justine Thompson Yoga in the broadest context.

Collection and use of personal data

Throughout the course of employment, employees and managers will unavoidably receive and handle personal and private information about customers, partners and our company. This policy serves to ensure that this information is well-protected.

We collect this data to provide you with the best experience with our classes. Mostly, we gather personal data directly from you, directly from your devices (note ‘cookies’ are used), or directly from someone who communicates on behalf of you with your consent. Some of our collection happens on an automated basis – that is, it is automatically collected when you interact with our systems. In certain instances, you can choose whether to provide personal data to Justine Thompson Yoga, but note that you may be unable to access certain options and services if they require personal data that you have not provided.

Some of this information may be shared with other class participants. For example, all information you share in a class, including personal data about you or others, will be available to all other participants in that class (unless you elect to chat with a subset of participants). If you share a link, ie to a recorded class, with another user who is not already in the class, when that user tries to access the recording he or she will be able to see the contents including other participants.

Justine Thompson Yoga does not exchange your personal data with third parties for payment.

We do not allow marketing companies, advertisers, or anyone else to access personal data in exchange for payment. Except as described above, we do not allow any third parties access to any personal data we collect in the course of providing services to users. We do not allow third parties to use any personal data obtained from us for their own purposes, unless it is with your consent.

During employment, employees and managers may have access to confidential and proprietary data, which is not known by competitors or within the industry sector generally. This information (hereinafter referred to as “Confidential Information”) includes, but is not limited to:

  • data relating to the company’s marketing programs

  • procedures and techniques

  • the criteria and formula used by the company in pricing/valuation of projects/products

  • lists of customers – current and future

  • the identity, authority levels and responsibilities of key contacts on company accounts

    November 2020 Commercial In Confidence Copyright - Created by Solutions To Spec Pty Ltd, 2020

How we use and disclose personal data

We process your personal data (i) with your consent (where necessary), (ii) for the performance of any contract you have with us (such as your agreement with us that allows us to provide you with the classes and/or information), and (iii) for other legitimate interests and business purposes including in a manner reasonably proportionate to providing, running, personalising, improving, operating, maintaining our products and services.

Data retention

How long we retain your personal data depends on the type of data and the purpose for which we collected the data. We will retain your personal information for the period necessary to fulfill the purposes outlined in this policy unless a longer retention period is required by law.

  • the peculiar risks inherent in their operations, sensitive details concerning the structure, conditions and extent of their existing activities/products and/or contract expiration dates

  • details of growth strategies, which may include specific details of future prospecting sites and partnership opportunities

  • all details and materials relating to website design, creation, maintenance and training

  • and proprietary software, web applications and analysis tools.

    All confidential information is a valuable asset of the company as it has often been developed over a long period of time and at substantial expense.

    To protect the company’s interest in this valuable asset, employees must:

  • not use or disclose any such confidential information for their personal benefit or for the benefit of any person or

    entity other than the company, and

  • use their best efforts to limit access to such confidential information to those who have a need to know it for the

    business purposes of the company.

    In addition, employees should minimise those occasions on which they take documents, computer disks/laptop/electronic devices containing such confidential information outside the office. On those occasions where it is necessary, consistent with the best interests of the company and doing their job effectively, to take documents, computer disk or a laptop containing confidential information outside the workplace, all appropriate precautionary and security measures should be taken to protect the confidentiality of the information.

    During the course of employment with Justine Thompson Yoga, employees will be provided with and will generate correspondence, memoranda, literature, photographs, videos, reports, summaries, manuals, proposals, contracts, customer lists, prospect lists and other documents and data concerning the business of the company. Any and all such records and data, whether maintained in hard copy or on a computer or other medium, is the property of the company, regardless of whether it is or contains confidential information. Upon termination of employment at the company, employees are required to return all such records to the company and may not retain any copy of such records or make any notes regarding such records. We reserve the right to search for such information and property in personal items while on company premises such as vehicles, purses, briefcases, electronic devices, etc.

    Confidential and proprietary information is secret, valuable, expensive and/or easily replicated. Common examples of confidential information are:

  • unpublished financial information

  • data of customers/partners/vendors

  • photographs and videos

  • patents, formulas or new technologies

  • customer lists (existing and prospective)

  • data entrusted to our company by external parties

  • pricing/marketing and other undisclosed strategies

  • documents and processes explicitly marked as confidential

  • unpublished goals, forecasts and initiatives marked as confidential

  • website design protocols

  • website content

  • mentoring and training materials
    authorised access to confidential information will be provided to employees at various levels dependent upon their role and necessity for access.

    To manage and ensure the non-disclosure of confidential information, employees should:

  • lock or secure confidential information always

  • shred confidential documents when they are no longer needed

  • make sure they only view confidential information on secure devices

  • only disclose information to other employees when it’s necessary and authorised

  • keep confidential documents inside our company’s premises unless it is absolutely necessary to move them

    November 2020 Commercial In Confidence Copyright - Created by Solutions To Spec Pty Ltd, 2020

  • seek advice from their manager if they are unsure about confidentiality status of any information before disclosing/sharing any such information

  • remove all installations of links to company websites or digital applications from personal device, the company will remove access to assist with this process

  • return any confidential files and delete them from their personal devices when they stop working for the company.

    When managing information and data, employees should not:

  • use confidential information for any personal benefit or profit

  • disclose confidential information to anyone outside of our company

  • replicate confidential documents and files and store them on insecure devices.

    The management of Justine Thompson Yoga will take the following measures to ensure that confidential information is well protected. We will:

  • store and lock paper documents

  • encrypt electronic information and safeguard databases

  • ask employees to sign non-compete and/or non-disclosure agreements (NDAs)

  • ask for authorisation by senior management to allow employees to access certain confidential information

  • assist employees to determine what is confidential information where the employee is uncertain

  • remove access to company information by changing passwords and deleting access to company records, including

    electronic records such as website and digital applications

  • ask customers not to take photographs and/or video footage of any yoga activities (either face to face or online)

    without prior written consent from management.

    Confidential information may occasionally have to be disclosed for legitimate reasons. Examples of this include, but are not limited to:

  • if a regulatory body requests it as part of an investigation or audit

  • if our company examines a venture or partnership that requires disclosing some information (within legal

    boundaries).

    In such cases, employees involved should document their disclosure procedure and collect all needed authorisations. Employees should be mindful to avoid disclosing more information than needed. Where an employee is unsure of the extent of confidential information they should release, they should consult their manager in advance of releasing such information.

    Should management become aware that our data management processes have been breached in any way, we will undertake an investigation and take appropriate steps to minimise risk. Management will manage such occurrences in line with the requirements of the Privacy Act Amendment (Notifiable Data Breaches) including advising persons of potential data breaches where appropriate and notifying the Office of the Australian Information Commissioner.

    The company will investigate every breach of this policy. Employees found to breach this policy may be subject to disciplinary action, up to and including termination, and possibly, legal action.

    This policy is binding during employment and beyond, even after separation of employment.

November 2020 Commercial In Confidence Copyright - Created by Solutions To Spec Pty Ltd, 2020