Privacy policy

Last updated: 23 May 2023

This privacy policy explains how we, Assemble Technologies Pty Ltd ACN 620 609 430 and our affiliates, including Assemble Technologies UK Ltd company no. 13893380 (collectively Atticus), process your personal information in connection with our services such as our website, content and features, or when you otherwise engage with us online or offline. 

Individuals in the United Kingdom (UK) should also read the “For UK Individuals” section.

If you have any question about your data protection rights or if you do not understand anything explained in this policy, please contact us by email to [email protected].

1. Who does this privacy policy apply to?

We process personal information relating to the following categories of individuals: 

  • our users who access our website, content, features or other online services;
  • our prospective customers identified as such by us or our third parties;
  • our registered users who are our customers;
  • our suppliers and business partners;
  • our job applicants; and
  • anyone else who interacts with us, when you call, email or visit us or otherwise interacts with us.

In addition, as a service provider for our corporate customers, we handle personal information in documents uploaded to our services by our users and customers. However, we only process such personal information for purposes related to providing those services.

In relation to Assemble Technologies Pty Ltd, information that constitutes an ‘employee record’ of a current or former employee is not covered by this privacy policy.

2. What categories of personal information do we process?

Generally, “personal information” means any information that identifies you or relates to you, except for anonymised information that cannot reasonably be linked back to you. 

We group personal information into categories which reflect our data processing activities and, we hope, offer the reader accessible transparency. You can view this here.

3. Why so we process your information?

This table available to view here, explains what personal information is necessary for each purpose. We keep our processes and data collection under review and will update this privacy policy should any personal information no longer be necessary for the given purpose.  

The lawful basis column explains to UK individuals how we comply with a technical legal justification for data processing under relevant data protection laws. Please contact us if you have any questions. 

We will update you about any new purposes of processing of your personal information from time to time, and we will obtain your prior consent for such new purposes where we are required to do so at law.

4. Who else gets to see the data?

Where required in connection with the purposes set out above, we will share your personal information with third parties where it is necessary, proportionate and lawful, including with:

  • our third parties that provide services or advice to us;
  • our marketing, advertising and analytics partners;
  • our affiliated companies;
  • third parties who provide additional services, features or content to you, such as social media plugins;
  • other users who you collaborate with in our document review and other services;
  • persons or authorities where we are compelled by law, responsible practices or for legal claims;
  • the relevant entity in case of a merger, acquisition or collaboration; and
  • other third parties where you have provided your consent.

5. Third parties may process your personal information

Our services may contain links to other websites, third party services, such as LinkedIn and plugins. Some of the third parties who we share your personal information with, such as credit reference agencies, payment services providers or public authorities, process your personal information for their own purposes. 

You should check the privacy statements of these third parties and we are not responsible for how they may process your personal information. Some of our third party service providers may use your anonymised personal information for business administration and product development purposes.

5. How long is your personal information kept?

We will keep your personal information for as long as is necessary for the purposes listed above or longer, as may be required by law. You may contact us for further details or request deletion of your personal information at any time. 

Below we list what general retention periods may apply to specific categories of personal information. However, the periods may vary depending on circumstances in accordance with the law.

  • Account details, general details, call recording data (Retention period: 6 years from collection)
  • CCTV (Retention period: 30 days from capture)
  • Device and browser details, engagement information, preferences and interests, third party data, usage data (Retention period: 6 years from collection)
  • Device and browser details, engagement information, preferences and interests, third party data, usage data (Retention period: 6 years from collection)
  • Professional opportunity records  (Retention period: 6 years from collection)
  • “Customer personal data” held as processor on behalf of our customer  (Retention period: as per instructions in accordance with agreement

7. How do we secure your personal information?

We maintain appropriate organisational and technological safeguards consistent with best international standards to help protect against unauthorised use, access to or accidental loss, alteration or destruction of the personal information we hold. 

We also seek to ensure our third-party service providers do the same. We only appoint service providers under appropriate contract who provide sufficient guarantees about data security in accordance with applicable law.  

We will endeavour to use the least amount of personal information as is required for each purpose. We will employ pseudonymisation and anonymisation techniques, where appropriate.  

Where appropriate, we apply security measures such as encryption or hashing when sharing your personal information with third parties. 

Our staff will access your personal information on a “need to know” basis. 

8. How do we secure your personal information?

Depending on whether you are dealing with us in Australia or the UK, your personal information will generally be held locally. 

However, like most organisations, we use various services and tools and we collaborate with our affiliates and business partners in countries different to your country of residence, including Australia, the US, UK and EU, and we may transfer your personal information as a result. 

Each recipient is subject to appropriate safeguards such as due diligence and the standard contractual clauses or similar contractual provisions for international transfers of personal information

9. Opt-out

If you would like us to stop sending you marketing communications and to process your personal information for direct marketing purposes, please contact us. 

You can request to stop receiving our marketing communications at any time by clicking on the unsubscribe link at the bottom of each marketing message and we will add you to a suppression list or otherwise arrange that you no longer receive marketing communications.

10. Accessing or correcting your personal information

You can access the personal information we hold about you by contacting us using the information below. Sometimes, we may not be able to provide you with access to all of your personal information and, where this is the case, we will tell you why. We may also need to verify your identity when you request your personal information.

If you think that any personal information we hold about you is inaccurate, please contact us and we will take reasonable steps to ensure that it is corrected.

11. Making a complaint

If you wish to make a complaint about the way we have handled your personal information, you can contact us  via [email protected]. Please include your name, email address and/or telephone number and clearly describe your complaint. We will acknowledge your complaint and respond to you regarding your complaint within a reasonable period of time. If you remain unsatisfied with the way in which we have handled a privacy issue, you may approach an independent advisor or your local data protection authority for guidance on alternative courses of action which may be available.

12. Updates

If we make any changes to our privacy policy, you will be able to see them on this page. You should regularly check for updates, as indicated by the “Last updated” date at the top. 

If you do not agree with the changes, please do not continue to use our website or services. Of course, if any such changes significantly affect you, we will ask for your prior consent where we are required to do so by law.

13. For UK individuals 

This section provides further disclosures and describes the rights in relation to your personal data that you may have under UK data protection law if you are an individual in the UK.

A: Controller

Assemble Technologies UK Ltd of Unit 210-211 Canalot Studios, 222 Kensal Road, London, United Kingdom, W10 5BN will process your personal data as “controller” for the purposes and under the legal grounds for processing set out above.

As a service provider or “processor“, we also process personal data in documents uploaded to our services by our users and customers. However, under our customer terms we are required to only process such personal data in accordance with our customers’ instructions and we are unable to process it in any other way. 

B: Personal data

Personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. 

C: Data subject rights

Subject to certain exemptions, limitations and appropriate proof of identity, you will generally have the following rights in relation to your personal data: 

  • Right to information about matters set out in this privacy policy. You may also contact us for further details about our data retention policy and international data transfers.
  • Right to make an access request to receive a copy of your personal information held by us.
  • Right to rectification of any inaccurate or incomplete personal information.
  • Right to withdraw consent previously provided.
  • Right to object to our processing of personal information based on our legitimate interests such as processing for direct marketing purposes.
  • Right to erasure of personal information that is no longer needed, for example, if you object to our profiling for advertising or personalisation purposes and also request erasure.
  • Restriction on the processing of personal information, for example, where necessary while we deal with your enquiry.
  • Right to human intervention in respect of any automated decision-making without human involvement that significantly affected you.
  • Right to data portability from one service provider to another, where applicable.
  • Right to lodge a complaint with the Information Commissioner’s Office.

All requests will be processed without undue delay and no later than within one month. If we cannot process your request within this period, we shall explain why and process it as soon as possible thereafter.