Privacy is your right
Our Privacy Promise
We respect and protect your right to privacy
We actively practice Privacy by Design and believe that privacy is your human right; the power to control what you do and don’t share. We will do everything we can to secure your information and maintain your privacy.
Your data is yours
We believe that you should control your data. We will treat any personal information you choose to share with us as a temporary custodianship. We will only use it for the specific purpose agreed when you chose to share it with us.
The choice is yours
The information you choose to share with us is entirely up to you. We actively practice data minimisation, so any time we ask you to share data with us, say to contact us or purchase one of our digital products, it’ll be the least amount of information required to fulfil our end of the bargain. Although we work with information heavy businesses, we are inherently and deliberately information light.
How to contact us
Contact us on email@example.com if you have privacy related comments, questions, queries or concerns.
Alternatively, you can write to us;
Voir Tous Investments Pty Ltd ‘ta’ Greater Than X
PO Box 237
Stones Corner Qld 4120
Why and how we process personal information
We keep all data processing as simple and limited as possible. As stated above, we are very deliberately an information light business.
In essence, we process data only to deliver a service to you. That might mean contacting you back, sending you an invoice if we’re fortunate enough to work with you, or it might mean selling you one of our digital products directly via the eCommerce function of our website.
We use any information you share with us via our contact form to contact you back.
We deliberately limit the information you can provide us via this form to an email address and free text message.
When you submit a message by pressing or clicking on “Send now” this information is sent directly to firstname.lastname@example.org, an email address managed by G Suite.
We use G Suite by Google Cloud to manage internal and external communications via their service, Gmail.
We also use Google Docs, Google Slides, Google Sheets, Google Contacts, Google Hangouts and Google Calendar.
Gmail, Google Contacts, Google Hangouts and Google Calendar are the only places the personal information you choose to share with us may be stored and accessed.
Your email, name, phone number, work address and any other information you share with us directly as part of an email exchange will be stored within Gmail. We only use this information to contact you directly if you have requested we do so. We do not take this data and use it in any other way, such as an EDM campaign or any other marketing function.
We currently review this information at the end of each calendar month and delete all email exchanges that are no longer active and relevant to our work.
Your name, email, phone number and any other information you share with us when sending or accepting a meeting request will be stored within Google Calendar. The same goes for Google Hangouts if you set up a meeting and invite us or we setup a meeting and invite you.
We currently review this information at the end of every calendar month and delete all meeting records that are no longer active or relevant to our work.
When you email us Google Contacts creates a new contact that comprises your name and email.
We currently review this information at the end of every month and delete all contact records that are no longer active or relevant to our work.
We use information you share with us whilst purchasing a copy of Designing for Trust: The Data Transparency Playbook to authenticate a valid transaction and send you the product you’ve purchased.
Here's how Stripe works.
We practice data minimisation, and have worked with Stripe directly to configure a payment flow that limits the information you are required to submit.
This is the minimum data set required for tokenisation: Credit card number, CVV, expiration month and year, and IP address as it's automatically received as part of the transaction.
Email address, phone number for second-factor authentication (if relevant), and physical address comprise the minimum data set that provides the greatest chance your payment is approved.
Here’s the information Stripe’s Payment module stores:
Stripe risk evaluation: (evaluation)
ID:ch_1B3KxbCww5IUyJoE7TQTVhTc (illustrative only)
Description: Charge for email@example.com
ID: 5cc199af676dkl6e1e199127 (illustrative only)
orderId: 000 (illustrative only)
Shipping_recipient: First Last
websiteId: 57754a9bn45a7c5g145jkb89 (illustrative only)
Address: Street, Suburb
City, Post Code
CVC check: Status
Street check: Status
Zip check: Status
ID: card_1D3KwICxx5TYyJlZebWdDg2l (illustrative only)
Name: First Last
Number: ···· XXXX (we actually see the last 4 digits)
Fingerprint: bZP3FTi98YH4LWLm (illustrative only)
Expires: MM / YYYY
Type: <brand> <card type> i.e. Visa debit card
Payout: po_1D64Y2Cjr5QIdJoETkHyT9j0 (illustrative only)
Email history: No email sent
200 OK POST /v1/charges/ch_1D3KwICxx5TYyJlZebWdDg2l (illustrative only) 2018/03/08 10:21:51
A payment for $54.99 AUD was updated 2018/03/08 10:21:51
A successful payment was made for $54.99 AUD 2018/03/08 10:21:51
The information we have communicated above is secured with strict role-based access rights. We do not access it or use it for any other purpose that delivering you the product you've paid for.
We use Squarespace as our content management system. This enables us to design, host, and sell products via our website, greaterthanexpereince.design.
Within Squarespace’s Content Management System there are three modules that have the ability to capture personal and related information. These are; Orders, Customers and Analytics.
The Orders module within Squarespace details the following information about people who have purchased one of our digital products;
Order date and time
Zip or Post code
Phone number (if provided), and
Charge ID (which then links to Stripe’s payment module referenced above)
This information is secured with strict role-based access rights. We do not use this information for any purpose outside of ensuring you get the product you paid for.
The Customers module within Squarespace is much the same as Orders. The primary difference is that it presents the data in a slightly different format.
The information this module presents is:
Billing address consisting of address, suburb, city, post code and country
Order number, and
This information is secured with strict role-based access rights, and as above, we do not use this information for any purpose outside of ensuring you get the product you paid for.
Our default mode for this module is "do not track". We achieve this by activating SQUARESPACE ANALYTICS RESTRICTION.
This prevents Squarespace from sending Analytics cookies to visitors.
Unfortunately this isn’t something Squarespace actively promotes. We’ve actually had a number of support discussions with them, provided guidance as to how they might approach various data minimisation practices and hope they work towards making it easier for their CMS customers (like us) to practice data minimisation in the context of analytics.
Please note: We have recently deleted our Facebook and Instagram accounts due to increasing concerns relating to data ethics and the various intended and unintended consequences of using such platforms. We’re not suggesting you do the same, only that you learn as much as you can about what they do with your information so you are empowered to make choices about how you use their services.
We publish some of our content on our LinkedIn business page. LinkedIn’s business page gives us the ability to see anonymised like visitors, update impressions and followers. We can also see social notifications. These notifications show likes, shares comments and mentions, along with the person who has made that action.
In the most simple terms this means we can see what people are saying about our brand on LinkedIn, along with whether or not they’re engaging with the content we share.
We do not use any of this data outside of the LinkedIn platform. Our use of this information is limited to liking, commenting, or sharing a post someone has shared about us.
As you might expect, it’s lovely when people say nice things about your work. We try show our gratitude in the simplest, least intrusive way possible.
As is the case with the entire suite of products and services we use to run our business, this information is secured with strict role-based access rights.
We publish some of our content on our Twitter business page. Twitter gives us the ability to see people’s open profiles, view their commentary, engage in discussions that are meaningful to us and share our point of view on topics we have deep experience and expertise in.
We have not activated Twitter analytics and have no intention to do so. The information we have access to via this account is open and publicly available. We do not use this information in any context outside of the Twitter platform. Our use of this information is limited to liking, retweeting and commenting via the open platform.
As with LinkedIn, this information is secured with strict role-based access rights.
We use the YouTube platform to publish video content we have produced. We do not have access to any personal data via this platform and do not use the YouTube platform for any other reason that publishing our content.
We manage the commercial function of our business via Xero. In terms of data, almost all data that is accessible or stored within Xero relates to our business. However, to produce and send an invoice some personal data is required. This includes;
An email address, and
The name of a recipient or project contact
As it stands these are the products and services we’re using that store, process or analyse data. If this changes, we’ll update this policy. If the changes we make affect you, we will notify you directly.
How we collect data
We only collect data from you directly. We don’t collect data via any other means. If you haven’t shared it with us then we don’t have it.
Do we perform automated decision-making and automated profiling?
No, we do not.
We do not use your personal data to automatically evaluate or make inferences about who you are as a person, your personality traits or anything related to you.
We do not use your personal data to make automatic decisions about you.
It might seem odd but we would rather speak to you, engage in a conversation and figure out if there’s any mutual value in continuing our conversations and our relationship.
Is the personal data we hold accurate?
We hope so, because the only way we get it is directly from you.
Having said that, you can contact us on firstname.lastname@example.org at any time to view the data we have on you, correct it if it’s not accurate and request we delete it if you no longer want us to use it in any way.
Do we share personal data?
We don’t and will never engage in the direct exchange of your data. That’s not our business.
The services we use act as data processors for our business. Because of this they do have access to your personal data. As an example, when you choose to buy one of our digital products, Stripe, our Payment Services Provider, processes this data on our behalf. They take care of everything related to processing the payment, from actually processing the payment to managing the potential risks associated with it.
In the context of the European General Data Protection Regulation, this means we are a controller ("A controller determines the purposes and means of processing personal data") and Stripe is a processor ("A processor is responsible for processing personal data on behalf of a controller).
The exact services and data we/they have access to is detailed in the second clause of this policy above.
Is your personal data secure?
We secure your personal data;
- with appropriate technical measures,
- with appropriate organisational measures,
- with an appropriate level of security,
- against unauthorised processing,
- against unlawful processing,
- against accidental or unlawful loss,
- against accidental or unlawful destruction, and
- against accidental or unlawful damage.
If we believe a data breach may have occurred we execute an operational process aligned to the recommendations made by the OAIC as part of the Notifiable Data Breaches Scheme.
We will work to assess the incident, mitigate the impact, communicate with relevant stakeholders and ensure any preventable weaknesses are improved as quickly as possible.
If we make a mistake we will own it and ensure we don't make it again.
Let’s keep this simple. Your data is yours, you should control it and you should benefit from sharing it - if you choose to do so.
So, if you’ve shared your data with us directly in the past and want to;
View what we have
Receive a copy of what we have
Edit what we have, or
Delete what we have
Then you are more than welcome to do it.
To make this, or anything else you’d like to discuss about your data with us happen, email email@example.com.
We won’t take weeks to get back from you. We’ll respond within 48 hours and work with you to ensure you are fully in control of your data and how you choose to allow us to use it.
Oh, and we’ll do it for free. It’s a bit ridiculous to charge you.
To protect your privacy and the privacy of others, we will need evidence of your identity before we can grant you access to information about you.
This website is bound by the provisions of the Privacy Act 1988 (Cth), including the Australian Privacy Principles. But don’t think we’re limited to that. We want to do whatever we can to make our use of data as person-centric as possible. We focus first and foremost on doing the right thing by you. Regulations and requirements are simpler to get right when that’s the approach you rely on.
This version is dated the 04/04/2018.
If we make any changes to our policy that affect you directly, we will let you know and work with you to ensure you’re happy with the way we’re using or not using your data.