Privacy Policy

Effective: 23 September 2019
Last Updated: 25 June 2025

In Plain English

We take your privacy seriously and have designed our privacy practices to meet the highest global standards, including Australian privacy laws and the European Union’s GDPR requirements. This policy explains how we handle your personal information when you use our learning management system (LMS) and other services.

Quick Summary:

  • We only collect information we need to provide our services
  • We protect your data with strong security measures
  • You have control over your personal information
  • We’re transparent about how we use and share your data
  • We comply with privacy laws in Australia, the EU, and other regions where we operate

Who We Are

Automated Learning Technologies, a division of the Pyrmonte Group, (ACN 076 601 762) is an Australian company with our head office at Office 1108, 50 Lorimer street, Docklands,VIC 3008, Australia. We provide learning management systems and related services to organizations worldwide, from small Australian businesses to large multinational corporations.

Contact Us:
Privacy Officer:
Privacy Office of the Pyrmonte Group
Privacy-Officer@pyrmonte.com.au

Australian Privacy Matters:  
Office of the Australian Information Commissioner
(OAIC) at enquiries@oaic.gov.au

How This Policy Applies to You

We operate in different roles depending on the service you’re using. Understanding these roles helps you know who to contact for privacy matters.

LMS Subscription Services (Most Common)

When any organization subscribes to our LMS to deliver training – whether to employees, customers, suppliers, or course participants – that organization becomes “The LMS Administrator.”

The LMS Administrator’s Role:

  • Data Controller AND Primary Data Processor for all end user data
  • Controls all aspects of the relationship with end users (trainees/participants)
  • Responsible for all privacy compliance with end users
  • Must meet GDPR standards as required by our LMS Agreement
  • Handles all end user privacy requests (access, deletion, correction, etc.)
  • Determines training content, user access, and data collection practices

Our Role:

  • Secondary Data Processor providing technical support services only
  • Cannot resolve individual privacy issues – you must contact The LMS Administrator
  • Process data only as instructed by The LMS Administrator
  • Support The LMS Administrator in meeting their privacy obligations through technical capabilities

For End Users: If you have privacy questions about data in the LMS, contact The LMS Administrator (your employer, training provider, or course organizer), not us directly.

Direct Services (We Are Data Controller)

When we collect and control your information directly:

Examples:

  • Visiting our website
  • Signing up for newsletters or webinars
  • Direct-to-consumer services
  • Sales and marketing communications
  • Support requests about our services

Our Role:

  • Data Controller and/or Primary Data Processor
  • Full responsibility for privacy compliance to GDPR standards
  • Handle all privacy requests directly
  • This policy governs our handling of your data

For Direct Users: Contact us directly for any privacy questions or requests.

What Information We Collect

Information You Give Us Directly

  • Contact details: Name, email address, phone number, job title, company
  • Account information: Username, password, profile preferences
  • Payment information: Billing details (we don’t store credit card numbers – these are securely processed by our payment providers)
  • Communications: Messages you send us, support requests, feedback

Information We Collect Automatically

  • Usage data: How you interact with our services, features used, time spent
  • Technical data: IP address, browser type, device information, cookies
  • Performance data: System performance, error logs (to improve our services)

Information from The LMS Administrator

Important: This applies when The LMS Administrator uses our LMS subscription service.

When The LMS Administrator (your employer, training provider, or course organizer) uses our LMS:

  • The LMS Administrator controls what information is collected and how it’s used
  • We only see this data when providing technical support to The LMS Administrator
  • Typical data may include: Name, email, participant ID, course progress, quiz results
  • The LMS Administrator determines what additional information to include

Key Point: We cannot access, modify, or delete your LMS data directly. The LMS Administrator (as the Data Controller and Primary Data Processor) manages all aspects of your personal data in the LMS.

How We Use Your Information

Note: This section applies to information we collect directly (when we are the Data Controller). For LMS subscription users, The LMS Administrator controls how your data is used.

Legal Basis (Why We’re Allowed to Use Your Data)

For Australian customers: We collect and use information that is reasonably necessary for our business functions and with your consent where required.

For EU customers and global best practice: We process your personal data based on:

  • Contract performance: To provide the services you’ve purchased
  • Legitimate interests: To improve our services, prevent fraud, and ensure security
  • Legal obligations: To comply with accounting, tax, and other legal requirements
  • Your consent: For marketing communications and optional features (you can withdraw consent anytime)

What We Do With Your Information (Direct Services Only)

  • Provide our services: Deliver requested services, process payments, provide support
  • Improve our offerings: Analyze usage patterns to enhance features and performance
  • Communicate with you: Send service updates, respond to inquiries, provide customer support
  • Ensure security: Protect against fraud, abuse, and security threats
  • Meet legal requirements: Comply with applicable laws and regulations
  • Marketing (with permission): Send newsletters and product updates if you’ve opted in

LMS Technical Support Services

When providing technical support for LMS subscriptions:

  • Access is limited to what’s necessary for technical support only
  • No individual user interaction – we work with The LMS Administrator
  • Data processing follows The LMS Administrator’s instructions and our LMS Agreement
  • We cannot modify or delete individual user data without The LMS Administrator’s instruction

How We Share Your Information

We Don’t Sell Your Data

We never sell, rent, or trade your personal information for marketing purposes.

When We Do Share Information

Service Providers: We work with trusted companies that help us operate our services:

  • Cloud hosting providers (data storage and processing)
  • Payment processors (subscription and transaction processing)
  • Support tools (customer service platforms)
  • Analytics services (to understand how our services are used)

Legal Requirements: We may disclose information when required by law, such as:

  • Court orders or legal proceedings
  • Government investigations
  • Protecting our rights or the safety of others

Business Transfers: If we merge with or are acquired by another company, your information may be transferred as part of that transaction.

The LMS Administrator (LMS Subscription Users):

  • The LMS Administrator has full access to all data they control in the LMS
  • They determine what data to collect and how to use it
  • They handle all privacy compliance with end users
  • We support them technically but cannot override their data management decisions

International Data Transfers

We Operate Globally

As an Australian company serving customers worldwide, we may transfer your data internationally to:

  • Other countries where our service providers operate
  • Your organization’s global offices (for multinational customers)
  • Secure data centers that provide our cloud infrastructure

How We Protect International Transfers

Australia to EU: Protected by the European Commission’s adequacy decision recognizing Australia’s privacy standards

Australia to Other Countries: We ensure protection through:

  • Contractual safeguards that require equivalent privacy protection
  • Standard Contractual Clauses approved by privacy authorities
  • Other appropriate security measures

For Business Customers: We follow your instructions about where data should be processed and stored, including your selection of the country where computer servers and data storage devices will operate. Data may be transferred from that jurisdiction to other jurisdictions where local laws allow, however it is your responsibility as The LMS Administrator to:

  • Be aware of applicable local laws in all relevant jurisdictions
  • Ensure compliance with all local data protection and transfer laws
  • Only authorize data transfers when legally permitted
  • Obtain any required approvals or notifications for cross-border transfers

How Long We Keep Your Information

For LMS Subscription Customers: The LMS Administrator follows their own retention policies for data in the LMS. We retain LMS data according to The LMS Administrator’s instructions and our LMS Agreement terms.

For Direct Services: We don’t keep your personal information longer than necessary. Retention periods include:

  • LMS subscription agreements: Duration of subscription plus up to 7 years for legal compliance
  • Direct customer accounts: Duration of your subscription plus 7 years for financial records
  • Website analytics: 12 months
  • Marketing communications: Until you unsubscribe
  • Support communications: 3 years
  • Legal/compliance records: As required by law (typically 7 years)

Important for LMS Users: Data retention in the LMS is controlled by The LMS Administrator, not us. Contact The LMS Administrator about their data retention policies.

Your Privacy Rights

Important: Your rights depend on whether you’re using our direct services or accessing our services through your organization’s LMS subscription.

For LMS Subscription Users

Contact The LMS Administrator first – they are the Data Controller and Primary Data Processor:

  • The LMS Administrator handles all privacy rights requests for LMS data
  • They are responsible for GDPR compliance with end users
  • We cannot respond directly to individual privacy requests about LMS data
  • We support The LMS Administrator in providing the technical capabilities to meet your rights

For Direct Service Users

Contact us directly – we are the Data Controller:

Rights for Everyone

  • Access: Request a copy of the personal information we hold about you
  • Correction: Ask us to fix incorrect or incomplete information
  • Complaint: Contact the relevant privacy authority if you’re unhappy with our practices

Additional Rights (EU Residents and Our Global Standard)

  • Data portability: Get your data in a portable format to transfer to another service
  • Erasure (“right to be forgotten”): Request deletion of your personal information
  • Restrict processing: Ask us to limit how we use your information
  • Object to processing: Opt out of certain types of data processing
  • Withdraw consent: Remove permission for activities that require your consent

How to Exercise Your Rights

For Direct Services: Contact us at privacy@pyrmonte.com.au

For LMS Data: Contact The LMS Administrator’s privacy officer or designated contact

Response time: We’ll respond within 30 days for direct services (or sooner as required by local law)

Privacy Authorities

Australia: Office of the Australian Information Commissioner – www.oaic.gov.au
EU: Your local supervisory authority or our EU representative
Other regions: Contact us for information about relevant authorities

Keeping Your Information Secure

We implement strong security measures to protect your personal information:

  • Encryption: Data is encrypted both in transit and at rest
  • Access controls: Only authorized personnel can access personal information
  • Regular security audits: We continuously monitor and improve our security practices
  • Secure facilities: Our data centers meet international security standards
  • Staff training: Our team is trained on privacy and security best practices

Data Breaches

If a security incident occurs that could affect your personal information, we’ll:

  • Notify privacy authorities within 72 hours (where required)
  • Inform affected individuals without undue delay if there’s a high risk to your rights
  • Take immediate action to secure the affected systems and prevent further issues

Cookies and Website Analytics

What Are Cookies?

Cookies are small files stored on your device that help websites function properly and remember your preferences.

How We Use Cookies

  • Essential cookies: Required for basic website functionality (login, security)
  • Analytics cookies: Help us understand how visitors use our website
  • Preference cookies: Remember your settings and choices

Your Cookie Choices

You can control cookies through your browser settings. Note that disabling certain cookies may affect website functionality.

For detailed information about our cookie practices, see our Cookie Policy.

Children’s Privacy

Our services are designed for organizations and adult learners. We don’t knowingly collect personal information from children under 13 (or the relevant age in your jurisdiction) without parental consent.

If you’re under 18 and using our LMS through your school, your school is responsible for ensuring appropriate permissions are in place.

If we discover we’ve collected a child’s information without proper consent, we’ll delete it promptly.

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. When we make material changes:

  • We’ll post the updated policy on our website
  • We’ll update the “Last Updated” date at the top
  • We’ll notify you of significant changes via email or prominent website notice
  • For LMS users: We’ll also notify your organization

We encourage you to review this policy periodically to stay informed about how we protect your information.

Additional Information for Business Customers

LMS Subscription Agreements

For our LMS subscription services, The LMS Administrator operates as both Data Controller and Primary Data Processor. Our agreements include:

LMS Agreement Terms:

  • GDPR compliance requirement: The LMS Administrator must meet GDPR standards as minimum
  • Their dual role: Data Controller and Primary Data Processor for all end user data
  • Our role: Secondary Data Processor providing technical support services only
  • End user responsibility: The LMS Administrator handles all privacy compliance and individual requests
  • Technical capabilities: We provide tools to help The LMS Administrator meet privacy obligations

Data Processing Framework:

  • The LMS Administrator controls: Data collection, use, sharing, retention, and deletion
  • We provide: Technical infrastructure and support services only
  • No direct end user contact: All privacy matters go through The LMS Administrator
  • GDPR-compliant technical measures: Our systems support The LMS Administrator’s compliance obligations

Direct Services (We Are Data Controller)

For services where we act as Data Controller, we provide separate agreements detailing:

  • Our responsibilities for privacy compliance
  • Direct relationship with data subjects
  • Our own retention and deletion policies
  • Direct privacy rights handling

Customer Controls for LMS Subscriptions

We provide technical tools that enable The LMS Administrator to meet privacy obligations:

  • User access management: Control who can access different parts of the system
  • Data export capabilities: Extract data in portable formats for data portability requests
  • Audit logs: Track system usage and access for compliance reporting
  • Data deletion tools: Remove data when The LMS Administrator determines it’s no longer needed
  • Regional data storage: Options for data localization where available
  • Privacy controls: Technical features to support consent management and rights requests

Remember: As the Data Controller and Primary Data Processor, The LMS Administrator is responsible for configuring and using these tools appropriately to meet their privacy obligations.

Contact Information

Privacy Questions: privacy@pyrmonte.com.au
General Inquiries: Inquiries@pyrmonte.com.au
Phone: +61 41 248 3963
Address:
Automated Learning Technologies
Office 1108
50 Lorimer Street
Docklands VIC 3008
Australia

Australian Privacy Authority:
• Office of the Australian Information Commissioner
• Website: www.oaic.gov.au
• Phone: 1300 363 992
• Email: enquiries@oaic.gov.au

This privacy policy is designed to comply with Australian privacy laws, the EU General Data Protection Regulation (GDPR), and other applicable privacy regulations worldwide. Where multiple laws apply, we follow the highest standard of protection.