Fox Given Privacy Policy
Your data powers your social success, which is why we protect it as if it were our own. We only use what’s necessary to deliver results, backed by enterprise-grade security trusted by thousands of brands.
Definitions
Business Purposes:
The legitimate purposes for which personal data may be used, including:
Providing services to our global client base.
Personnel, administrative, payroll, and business development purposes.
Legal compliance, regulatory obligations, and governance.
Investigations, complaints, or legal proceedings.
Improving customer experience and marketing our services.
Personal Data:
Any information relating to an identified or identifiable individual, including:
Contact details: phone number, email address.
Employment details: job title, CV, pay details.
Demographics: marital status, nationality, education.
Special Categories of Data:
Includes sensitive data such as racial or ethnic origin, health data, political opinions, trade union membership, or biometric data. Processing such data is strictly controlled and requires explicit consent or a lawful basis.
Data Controller:
Fox Given determines the purposes and means of processing personal data.
Data Processor:
An entity or individual processing data on behalf of the controller.
Supervisory Authority:
Our primary supervisory authority in Australia is the Office of the Australian Information Commissioner (OAIC). We also adhere to relevant supervisory authorities where data subjects reside.
Scope
This policy applies to all employees, contractors, and stakeholders globally, and it outlines how we manage personal data, regardless of where it is processed or stored.
We adhere to international data protection standards, including:
The Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).
GDPR for data subjects in the European Economic Area (EEA).
CCPA for clients in California, USA.
Other applicable regional laws where necessary.
Key Principles
We are committed to complying with the data protection principles outlined in the Australian Privacy Act and other relevant laws:
Lawfulness, fairness, and transparency – Personal data must be processed lawfully and transparently.
Purpose limitation – Data must only be collected for specified purposes.
Data minimisation – Only necessary data will be collected.
Accuracy – Data must be accurate and kept up to date.
Storage limitation – Data must not be retained longer than necessary.
Integrity and confidentiality – Data must be kept secure.
Your Rights
Depending on your location, you may have the following rights under relevant data protection laws:
Right to be informed – Clear communication about how data is used.
Right of access – Access to personal data upon request.
Right to rectification – Correct inaccurate or incomplete data.
Right to erasure – Request deletion of data under certain conditions.
Right to restrict processing – Block certain data uses temporarily.
Right to data portability – Transfer data to another service.
Right to object – Object to processing, especially for marketing.
Rights related to automated decision-making – Request human review of automated decisions.
To exercise these rights, contact our Data Protection Officer (DPO) at:
[email protected]
Lawful Basis for Processing
We process personal data under the following lawful bases:
Consent: Clear and explicit consent has been provided.
Contractual Obligation: Processing is necessary for a contract.
Legal Obligation: Compliance with the law.
Legitimate Interests: When processing is essential for business purposes and does not override individual rights.
For clients in specific jurisdictions (e.g., EEA, US, or APAC), additional requirements may apply.
Data Security
We take appropriate technical and organisational measures to safeguard personal data:
Data stored electronically is protected by strong passwords and encryption.
Physical data is secured in locked cabinets and shredded when no longer needed.
Access to sensitive data is restricted to authorised personnel.
Regular backups and cybersecurity measures are implemented.
Data Retention
We retain personal data only as long as necessary for business purposes or to meet legal obligations. Data will be securely deleted once it is no longer required, in compliance with relevant jurisdictional requirements.
International Transfers
For global operations, personal data may be transferred internationally. We ensure appropriate safeguards are in place for such transfers, including:
Adequacy Decisions: For transfers to countries with recognised data protection standards.
Standard Contractual Clauses (SCCs): For transfers to countries without adequacy decisions.
Binding Corporate Rules (BCRs): Where applicable, to ensure consistency across Fox Given entities globally.
Reporting Breaches
Any data breach must be reported to the Data Protection Officer immediately. If a breach is likely to result in significant harm to individuals, we will notify the OAIC (or relevant supervisory authority) within the legally required timeframe, and individuals will be informed if required by law.
Third-Party Processors
We only work with processors who meet strict data protection standards globally. Contracts with third parties ensure compliance with laws in all relevant jurisdictions, including obligations for security, confidentiality, and data processing.
Contact Details
If you have any questions or concerns about this policy or how we handle your data, contact:Data Protection Officer Dayne Hudson Email: [email protected]
You may also lodge a complaint with the relevant supervisory authority:
Office of the Australian Information Commissioner (OAIC): https://www.oaic.gov.au/privacy/privacy-complaints
EEA Supervisory Authorities: Refer to the European Data Protection Board
Other regions: Refer to your local data protection authority.
This policy reflects Fox Given’s commitment to privacy while ensuring compliance with Australian laws and relevant international regulations.