Fair Supply | Privacy Policy & Data Protection Commitment

Privacy Policy

Fair Supply is committed to protecting your privacy. This Privacy Policy applies to the personal information collected by Fair Supply when you use our website (accessible at https://fairsupply.com.au, https://fairsupply.com) and interact with us through our other channels (for example, by communicating with us) and when you access our products and services.

Under the EU General Data Protection Regulation (GDPR), Fair Supply is a "data processor" and processes personal data on behalf of its customers. This Privacy Policy describes how Fair Supply processes personal information as a data processor for the purpose of providing products and services to our customers under the GDPR and as an "organisation" under the Privacy Act 1988 (Cth).

This Privacy Policy sets out information on:

the categories of personal information we collect;
why we collect an individual's personal information;
how personal information will be used and who it will be disclosed to;
the legal basis of our processing of personal information;
your rights in relation to the personal information we collect;
and your rights and interests that will be affected if you elect not to provide your personal information.

We will review and update this Privacy Policy from time to time. The most current version of the Privacy Policy will be posted on the Fair Supply website. We encourage you to check our website periodically to ensure you are aware of our current Privacy Policy.

This policy was last updated: October 2023

Definitions

In this Privacy Policy:

references to "Fair Supply", "we", "our" or "us" are to Fair Supply Analytics Pty Ltd (ABN 33 637 115 587) and our related entities.
Personal information means any information or an opinion about an identified or reasonably identifiable natural person.
Privacy Act means the Privacy Act 1988 (Cth), including the 13 Australian Privacy Principles (APPs) set out in Schedule 1 of that Act.
Sensitive information is a sub-category of personal information which includes information about an individual's racial or ethnic origin, political opinions, membership of political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association or trade union, sexual preferences or practices, criminal record, health information, genetic or certain biometric information.

Who we are

Fair Supply is an ESG data provider and consultancy. We provide risk assessment and compliance solutions through a proprietary Software-as-a-Service (SaaS) ESG Risk analytics product. Fair Supply helps corporations and institutions assess ESG risks such as modern slavery, forced labour, carbon emissions, biodiversity and other ESG risks to Tier 10 of their supply chain. Fair Supply also provides consulting services including desk based and on site audits, due diligence, training and other related services.

What personal information do we collect, for what purpose and legal basis?

We collect information about you and your interactions with us. The types of personal information we may collect about you will depend upon the nature of our interaction with you. In some circumstances the collection of personal information may be required by law.

Specifically, Fair Supply may collect and process personal information for the purposes and legal basis stated below:

Personal information collected	Purpose	Legal basis for processing
Name	To identify and communicate with you To enable us to provide you with requested information, products or services To send support and administrative messages, reminders, technical notices, updates, security alerts and information to you To respond to any queries or complaints you have made To send self-assessment questionnaires	Consent Legitimate business purposes
Address, locality or country	To identify and communicate with you To enable us to provide you with requested information, products or services To respond to any queries or complaints you have made To enable us to identify assess certain supply chain risks which may be specific to your country or geographical position To improve the services we provide to you	Consent Legitimate business purposes Contractual performance
Telephone number or mobile number	To identify and communicate with you To enable us to provide you with requested information, products or services To respond to any queries or complaints you have made To enable us to identify assess certain supply chain risks which may be specific to your country or geographical position To send self-assessment questionnaires to you	Consent Legitimate business purposes
Occupational and employment details including: employment status position title remuneration bank account details next of Kin name and contact details tax file number health information credit related information (eg. bankruptcy and business interest checks)	To process any job application submitted by you To provide human resources and payroll services to our employees, as well as meet our employment obligations To provide a safe and compliant work environment	Consent Legitimate business purposes Compliance
Information from or in connection with your resume or job application if you apply for a position with us	To process any job application submitted by you	Consent
Email addresses	To communicate with you about our services, including for assessments and billing To send self-assessment questionnaires	Consent Legitimate business purposes
Username and password	To enable us to identify you and provide you with a Fair Supply account	Consent Legitimate business purposes
IP addresses	To optimise our services through the data obtained.	Consent Legitimate business purposes
Cookies	To serve, collect, track and optimise our services through the data obtained	Consent

‍

If the personal information we collect includes sensitive information, including health information, we will ask for your consent to collect this sensitive information, unless the law allows us to collect the information without your consent.

We understand you may not wish to provide us with particular personal information. If so, we may not be able to provide our products or services to you or communicate with you.

We collect and record personal information about individuals such as:

our customers and prospective customers;
our customer's suppliers;
our suppliers, potential suppliers and their representatives, directors, partners, proprietors and shareholders;
our contractors, subcontractors, potential contractors and subcontractors and their representatives in relation to providing goods and services to us;
our past and present employees; and
any other person who comes into contact with us.

How do we collect your personal information?

We may collect personal information directly from you or from a third party. We may collect personal information directly from you when you communicate with us via our website, by email or via third party platforms we use.

Specifically, we may collect your personal information when:

you register an account with us;
you request our services or a demo of our services;
when you register for our newsletter mailing lists;
when you purchase a Fair Supply product or service;
when you register for an event hosted by us;
provide feedback to us;
when you contact us by email; and
when we are otherwise required or authorised by law.

We may collect personal information from third parties such as:

your nominated representatives; and
publicly available sources of information or registers.

If the personal information we collect includes sensitive information, we will ask for your consent to collect this sensitive information, unless the law allows us to collect the information without your consent.

Direct marketing

We may use your personal information to offer you our products and services and provide you information we believe may be of interest to you.

When you receive electronic marketing communications from us, you may opt out of receiving further marketing communications by following the opt-out instructions provided in the communication.

To whom we disclose personal information

We may disclose your personal information to the following third parties:

Service Provider	Function	Location
Adobe	Documents and digital signatures	USA
Alphabet Inc (Google);	Cloud business services and analytics	Australia
Amazon Web Services, Inc	Cloud business services	Australia
Amplitude	Usage analytics	USA
Auth0	Authentication services	Australia
Cookiebot by Usercentrics	Consent Management Platform
Luma	Events registrations and communications	USA
PandaDocs	Proposals and agreements	USA
ProductFruits	User adoption services	Czech Republic
Salesforce Inc	Customer, sales and marketing data	USA
Segment	User insights	USA
Hotjar	User insights	USA
SendGrid	Email services	USA
Slack	Messaging	USA
Xero	Accounting and invoicing	USA
Zoom Inc	Video conferencing	USA

‍

other organisations or individuals who assist us in providing products, events, services and programs to you or to administer our business;
professional service providers and advisors who perform functions on our behalf such as lawyers and accountants;
your nominated representatives;
your referee if you apply for a job with us; and
Government, regulatory authorities or other organisations as required or authorised by law.

‍
We may disclose your personal information to third parties such as external service providers so that they may perform services for us or on our behalf or to assist us in providing our products and services or to administer our business.

We may also disclose your personal information to a purchaser or potential purchaser in connection with the sale or potential sale of Fair Supply, our business or any of our assets, including in insolvency, in circumstances which require the purchaser or potential purchaser to use such personal information consistently with this Privacy Policy.

When we disclose personal information to third parties, we make all reasonable efforts to ensure that we disclose only relevant information and that it is accurate, complete and up to date and that the third party will comply with the Privacy Act in relation to the use, disclosure and storage of your information.

Other permitted disclosures

We may disclose personal information in other circumstances, where the person concerned has consented to the disclosure, or where we are expressly permitted to do so by the Privacy Act or another law. These other disclosures may include where:

you would reasonably expect the disclosure to occur;
we are authorised or compelled by law to disclose;
it will prevent or lessen a serious threat to someone’s life, health or safety or a threat to public health or safety;
it is necessary as part of the establishment or defence of a legal claim;
it is requested by an enforcement agency such as the police; or
it is a necessary part of an investigation following a complaint or incident.

‍
Other uses and disclosures

We may collect, use and disclose your personal information for other purposes not listed in this Privacy Policy. If we do so, we will make it known to you at the time we collect, use or disclose your personal information.

Automated processing

If you are based in the EU, you have the right not to be subject to a decision based solely on automated processing, including profiling, where the decision has a legal consequence or significantly affects you. Fair Supply may engage in automated decisions for such purposes as ensuring you receive relevant communications, marketing or other information.

Fair Supply implements suitable measures to safeguard this right. You have the right to obtain human intervention, to express your point of view and contest the decision. If you wish to exercise the rights concerning automated individual decision-making, or require further information, please contact our Privacy Officer at privacy@fairsupply.com.au.

International Transfers

We may store and transfer personal information on servers and equipment located in Australia and other countries where our service providers are located, including the United States and the European Union.

Overseas transfer of personal information outside of EU

In certain circumstances, we may need to disclose or transfer your personal information to countries outside the country in which your personal information was collected (or, in the case of personal collected within the European Economic Area (“EEA”) to countries outside the EEA).

Where applicable, international transfers of your personal information are protected by appropriate safeguards or undertaken in accordance with legally compliant mechanisms, such as the standard data protection model clauses adopted by the European Commission or any other supervisory authority, which we will incorporate into our agreements with such transferees of personal information.

Overseas disclosure of personal information outside of Australia

Where we disclose information outside of Australia, we will take reasonable steps to ensure any overseas recipient to whom personal information is disclosed will deal with that information in a way that is consistent with the APPs or we will obtain your consent to disclose your personal information to the overseas recipient.

Where we obtain your consent to such disclosure, we will not be responsible for the collection, use, storage and disclosure of your information by the overseas recipient. We will not be responsible under the Privacy Act for the collection, use, storage and disclosure (or breach) of your information by the overseas recipient. You may have rights to enforce the overseas recipient’s compliance with applicable data protection laws, but you may not have recourse against the overseas recipient under the Privacy Act in relation to how it collects and handles your personal information.

Information collected via our website

Cookies

A “cookie” is a small file stored by the web browser software on your computer when you access our website. An explanation of cookies can be found on the Office of the Australian Information Commissioner’s (OAIC) website.

We use cookies and similar technologies to assist us in analysing how visitors and customers use our services to improve the services we provide.

When you interact with our services online, for example, by opening emails or browsing our website, automated technologies like cookies help us to:

Understand how you use and interact with our online services, information and communications;
Customise or otherwise improve our online services to your preferences;
Measure how useful and effective our services and communications are to you; and
Continue to manage and enhance our products and services.
We use session cookies for maintaining contact with a user throughout a web browsing session. Session cookies expire when the browsing session comes to an end or a user shuts down their computer. We may use persistent cookies for statistical purposes and to improve our website.

You may accept all cookies, reject all cookies or be notified when a cookie is set. However, if you refuse the use of cookies by selecting the appropriate settings on your browser, this may prevent you from using the full functionality of the website.

We will deal with any personal information collected by cookies in the same way we handle other personal information under this Privacy Policy.

Analytics

Our website uses third party services to help analyse how users use our website. These services allow us to notice trends to improve the user experience on our website. These services may process personal data, including through the use of cookies, such as: a unique User ID set by the service, the date and time, the title of the page being viewed, the URL of the page being viewed, the URL of the page that was viewed prior to the current page, the screen resolution, the time in local time zone, the files that were clicked on and downloaded, the links clicked on to an outside domain, the type of device, and the country, region, and city.

The information generated by the cookie about your use of our website (including IP address) may be transmitted to and stored on servers in Australia, the United States, or elsewhere.

You may opt out of this tracking at any time by activating the “Do Not Track” setting in your browser.

Third party websites

Our website may link to other websites which are outside our control, and other websites outside our control may link to our website. Whilst we try to ensure that we link to websites which share our privacy and security standards, once you have left our website we cannot be responsible for the protection and privacy of any information which you provide on other websites. You should exercise caution and review third party website privacy statements.

Security of your personal information

We store information about you in computer systems and databases operated by either us or our external service providers.

We implement and maintain processes and security measures to protect personal information which we hold from misuse, interference or loss, and from unauthorised access, modification or disclosure.

However, there are inherent risks in transmitting information across the internet, including the risk that information sent to or from a website may be intercepted, corrupted or modified by third parties.

If the personal information we store is no longer required by us for any purpose for which it was collected and is no longer required by law to be retained by us, we will destroy or de-identify the personal information.

Your rights

If you are a “data subject” under certain data protection laws in regions or countries, including the European Union, United Kingdom or China, you may have the following rights in relation to your personal information held by Fair Supply:

Right to Access: you may request confirmation from Fair Supply as to whether we process your personal data, and if so, you may request a copy of that personal data. However, it may not be possible to give you a copy of the information if it was provided anonymously or if it may lead to harm being done to another person.

Right to Rectification: you have the right to request that we rectify or update any personal information that is inaccurate, incomplete or outdated without undue delay.

Right to Erasure: you have the right to request that we erase your personal information without undue delay in certain circumstances, such as where we collected personal information on the basis of your consent and you withdraw your consent.

Right to Restriction of Processing: you have the right request that we restrict the use of your personal information in certain circumstances, such as while we consider another request that you have submitted, for example a request that we update your personal information.

Right to Withdraw Consent: where you have given us consent to process your personal information, you have the right to withdraw your consent.

Right to Data Portability: you have the right to request that we provide you with a copy of your personal information in a structured, commonly used and machine readable format in certain circumstances.

To exercise your rights as set out above, please contact our Privacy Officer using the contact details set out at the bottom of this Privacy Policy.

Australia

If you reside in Australia, you have the “Right of Access” and the “Right of Rectification” set out above. If we refuse to provide you with access to your personal information or to update your information in the way you request, we will provide you with written reasons. If we refuse to correct or update your information, you may request that we make a note on your record that you are of the opinion that the information is inaccurate, incomplete, out of date, irrelevant or misleading, as the case may be.

Children

Fair Supply considers a child to be anyone under the age of 18. Our website and services are not intended for or targeted at children under 18, and we do not knowingly or intentionally sell products or services for purchase by children or collect personal information from or about children under 18, without the consent of a parent or guardian. If you believe that we have collected personal information about a child, please contact us using the below contact details.

If Fair Supply becomes aware that personal information we collect relates to a child without the consent of a parent or guardian, Fair Supply will use reasonable efforts to delete that personal data from its files as soon as possible. If deletion is not possible, Fair Supply will ensure that the personal information is not used for any purpose.

How can I make a complaint?

If you have a complaint or concern about our handling of your personal information or you think your privacy has been affected, you should contact us using our contact details set out below to raise your complaint or concern.

We will consider your complaint and determine whether it requires further investigation. We will notify you of the outcome of this investigation and any subsequent internal investigation.

If you remain unsatisfied with the way in which we have handled your privacy complaint or concern, you may approach an independent advisor or contact the OAIC or, if you are in the EEA, the data protection authority in your jurisdiction.

See the OAIC website for more information about how to make a complaint, or visit the European Data Protection Board website to find the data protection authority for your jurisdiction.

Contacting us

If you:

have any questions or would like further information about our Privacy Policy or practices,
wish to make a complaint about the way we have collected, used, held or disclosed your personal information;
would like to opt out of receiving our newsletter or information about Fair Supply products or services, or
have any other privacy related enquiries;

please contact our Privacy Officer at privacy@fairsupply.com.au.