Privacy Policy

TEDESEN PTY LTD (ACN 150 657 891)
including Innovation of Risk (ABN 24 150 657 891) and related bodies corporate

Effective date: 20 April 2026
Last updated: 20 April 2026

This Privacy Policy explains how Tedesen Pty Ltd, including Innovation of Risk, and our related bodies corporate (“Tedesen”, “Innovation of Risk”, “we”, “us” or “our”) collect, hold, use, disclose and otherwise handle personal information.

This Privacy Policy applies to our website, including Innovation of Risk, our social media pages, online tools, self-assessments, downloadable reports, enquiries, marketing activities and the consulting and related services we provide (together, the “Services”).

We handle personal information in accordance with the Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs), and other applicable privacy and data protection laws.

Your privacy matters to us. We encourage you to read this Privacy Policy carefully.

1. Who we collect personal information from

We may collect personal information from:

  • customers and prospective customers
  • users of our website and online tools
  • people who contact us with enquiries
  • subscribers to our newsletters or updates
  • representatives of our clients, suppliers and business partners
  • job applicants or prospective contractors
  • people who engage with us through social media or events.

Our website and services are primarily designed for business and professional users and are not directed to children.

2. What personal information we collect

The personal information we collect will depend on how you interact with us, but may include:

  • your name
  • email address
  • telephone number
  • organisation name
  • job title, role, seniority, department or professional background
  • information you provide in forms, surveys, questionnaires, assessments or enquiries
  • records of correspondence and communications with us
  • subscription and marketing preferences
  • transaction, billing or payment-related information where relevant
  • technical and usage information relating to your use of our website and Services.

Technical and usage information may include:

  • IP address
  • browser type and version
  • device type and operating system
  • pages visited and features used
  • date and time of access
  • referral source
  • approximate location derived from IP address
  • cookies, pixels, local storage and similar technologies.

For some online tools and self-assessments, in-progress entries may be stored in your browser using local storage or similar technology so that your session can continue on the same device and browser. We may also store submitted results, generated reports, administrative records, support logs and aggregated or de-identified analytics relevant to operating and improving the Services.

We do not intentionally collect sensitive information unless it is reasonably necessary for our activities and permitted by law, or you have consented. If you provide sensitive information to us, you consent to us handling it in accordance with this Privacy Policy unless you tell us otherwise and we agree.

3. How we collect personal information

We may collect personal information:

Directly from you, including when you:

  • complete a form, questionnaire, assessment or survey
  • contact us by email, phone, website form or social media
  • subscribe to receive updates or marketing material
  • request information, a proposal, a demo or a report
  • attend a meeting, workshop, webinar or event
  • engage us to provide Services.

Automatically, when you use our website or online tools, through cookies, pixels, local storage, analytics tools, server logs and similar technologies.

From third parties, including:

  • your employer or organisation
  • our clients, referrers, suppliers or business partners
  • service providers who support our website, IT systems, hosting, email, analytics, document generation, payments, CRM or other business operations
  • publicly available sources such as company websites, LinkedIn profiles or regulatory or industry sources
  • social media platforms where you interact with us.

If we collect personal information about you from someone else, we will handle it in accordance with this Privacy Policy.

4. Why we collect, hold, use and disclose personal information

We may collect, hold, use and disclose personal information to:

  • provide, administer and improve our Services
  • respond to enquiries and communicate with you
  • create, deliver or email reports, insights, self-assessment outputs or related materials
  • verify identity, manage accounts and maintain service records
  • provide customer support
  • conduct analytics, testing, troubleshooting and product improvement
  • operate, secure and maintain our website, systems and Services
  • send newsletters, updates, thought leadership and other marketing communications
  • manage our relationships with clients, suppliers and business partners
  • process payments and manage contracts
  • recruit staff and contractors
  • comply with legal, regulatory, tax, accounting and risk management obligations
  • investigate complaints, suspected misconduct, fraud, security incidents or data breaches
  • protect our rights, property, systems, users and business.

We may also de-identify or aggregate information and use it for analytics, benchmarking, service development, research, insights, publications and promotional purposes, provided it no longer identifies an individual.

5. Cookies, pixels and similar technologies

We may use cookies, pixels, tags, local storage and similar technologies to:

  • remember user preferences
  • keep website features functioning
  • understand website traffic and usage
  • improve performance, usability and content
  • measure the effectiveness of campaigns
  • support remarketing, audience measurement or similar advertising activities where used.

You can usually control cookies through your browser settings. If we deploy a cookie banner, consent tool or similar settings interface, you can also manage choices there.

Blocking some cookies or similar technologies may affect the functionality of parts of our website or online tools.

6. AI-assisted features and automated processing

We may use AI-assisted, algorithmic or rules-based tools to support our Services and operations. This may include using software tools to:

  • generate draft summaries, reports or suggested focus areas
  • analyse survey or assessment inputs
  • improve workflows, content or service delivery
  • detect spam, fraud or suspicious activity
  • support customer service or internal administration.

Unless we specifically state otherwise, we do not rely solely on substantially automated processing to make decisions that produce legal effects, or similarly significant effects, about an individual through our website.

Where we use third-party AI or cloud service providers, we aim to use only the information reasonably necessary for the relevant purpose and to put appropriate contractual, security and governance measures in place.

7. When we disclose personal information

We may disclose personal information to:

  • our related bodies corporate
  • our employees, contractors and advisers
  • IT, hosting, cloud, storage, cybersecurity and support providers
  • website, analytics, CRM, email, marketing and communications providers
  • document production, report delivery and workflow providers
  • payment processors and financial service providers
  • professional advisers such as lawyers, accountants, auditors and insurers
  • regulators, government bodies, law enforcement agencies or courts where required or authorised by law
  • actual or prospective purchasers, investors or advisers in connection with a business sale, restructure, merger or asset transfer
  • other parties with your consent or at your direction.

We do not sell personal information.

8. Overseas disclosure

Some of our service providers, technology providers or related parties may be located outside Australia, or may store or process personal information outside Australia.

Accordingly, personal information may be disclosed to recipients in countries outside Australia, including where our cloud, hosting, analytics, email, document, CRM, website support or AI providers operate. Depending on the providers we use from time to time, this is likely to include Australia, the United States, and other countries in which those providers or their sub-processors maintain infrastructure or personnel.

Where we disclose personal information overseas, we take reasonable steps in the circumstances to ensure that the overseas recipient handles that information in a manner consistent with applicable privacy requirements, including through contractual protections, due diligence, internal controls and vendor management measures where appropriate.

9. Direct marketing

From time to time, we may send you marketing communications about our Services, updates, publications, events or offers that we think may interest you.

You can opt out of receiving marketing communications at any time by:

  • using the unsubscribe function in the message, where available
  • contacting us using the details below.

If you opt out, we may still send you non-marketing communications that are necessary for providing Services, managing our relationship with you, or complying with legal obligations.

10. Security of personal information

We take reasonable steps to protect personal information from misuse, interference, loss and from unauthorised access, modification or disclosure.

These steps may include technical, contractual, administrative and organisational measures such as:

  • access controls
  • authentication measures
  • secure hosting and backups
  • network and endpoint protections
  • role-based access
  • staff awareness measures
  • vendor and system governance
  • document and data handling controls.

No method of transmission over the internet or electronic storage is completely secure. Because of this, we cannot guarantee absolute security.

11. Retention and destruction

We retain personal information only for as long as reasonably necessary for the purposes for which it was collected, for related legitimate business purposes, and to comply with legal, regulatory, insurance, tax, accounting, dispute and record-keeping obligations.

When personal information is no longer required, we will take reasonable steps to destroy it or de-identify it, unless we are required or authorised by law to retain it.

12. Data breaches

If we become aware of a data breach involving personal information, we will assess the incident and respond in accordance with our legal obligations and internal procedures.

Where required by law, we will notify affected individuals and the Office of the Australian Information Commissioner.

13. Accessing and correcting your personal information

You may request access to the personal information we hold about you, and request correction of that information if it is inaccurate, out of date, incomplete, irrelevant or misleading.

To make a request, please contact us using the details below.

We may need to verify your identity before responding. In some cases, the law allows us to refuse access or correction, or to impose conditions. If that occurs, we will explain our reasons to the extent required by law.

14. Complaints

If you have a question, concern or complaint about how we handle your personal information, please contact us using the details below.

We will review your complaint and aim to respond within a reasonable time, usually within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

15. Third-party websites and platforms

Our website or communications may contain links to third-party websites, plug-ins, applications or social media platforms.

We are not responsible for the privacy practices, content or security of those third parties. Their own privacy policies and terms will apply to your interactions with them.

16. Individuals in the EEA, UK or similar jurisdictions

If you are located in the European Economic Area, the United Kingdom or another jurisdiction with similar privacy rights, additional rights may apply to the extent required by applicable law.

Depending on the circumstances, our lawful bases for processing may include:

  • your consent
  • performance of a contract or steps taken at your request before entering a contract
  • compliance with legal obligations
  • our legitimate interests, including operating, securing and improving our business and Services.

Subject to applicable law, you may have rights to request access, correction, erasure, restriction, objection, withdrawal of consent and, in some cases, portability of your personal data.

You may also have a right to complain to your local data protection regulator.

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

The latest version will be published on our website. We encourage you to review it periodically. If we make a material change, we may take additional steps to notify users where appropriate.

18. Contact us

TEDESEN PTY LTD (ACN 150 657 891)
INNOVATION OF RISK (ABN 24 150 657 891)

Privacy Officer
Email: privacy@innovationofrisk.com
Phone: +61 432 143 075