(a) At Go1, we are passionate about lifelong learning, making learning accessible to people in all parts of the world and providing those people with a digital learning record.
(b) We operate in numerous countries, including Australia, EU countries, the US and several Asian and African countries and are continually expanding our global reach. The business of Go1 includes an online marketplace for e-learning resources (alongside software and services to produce and deliver such training and resources) (hereinafter the “Platform”), which are made available by and through a number of partners, including content partners, distribution partners and implementation partners, (collectively, “Partners”).
(c) We acknowledge our obligations to all recipients of our products and services (hereinafter the “Services”), including visitors (hereinafter the “Visitors”) to our website at www.go1.com (hereinafter the “Website”), our registered users and administrators (hereinafter the “User”) of our Platform on behalf of our customers (hereinafter the “Customer”) (hereinafter together the “Data Subject” or “you” and “your”) to collect, manage, process and use their personal information (hereinafter the “Personal Data”) in accordance with the laws and regulations of each of the countries in which we operate, including:
(i) the Privacy Act 1988 (Cth) and the Australian Privacy Principles;
(ii) the General Data Protection Regulation (EU) 2016/679 (“GDPR”);
(iii) the French Data Protection Act (“FDPA");
(iv) the Data Protection Act 2018 (UK); and
(v) the California Consumer Privacy Act 2018 (“CCPA”).
(Hereinafter together the “Data Protection Law”)
(d) Under the CCPA, we are required to provide certain information for Californian residents, which we do in our California Privacy Disclosure available here. Where the terms “Go1”, “we”, “us” and “our” are used throughout this privacy policy (hereinafter the “Policy”), they mean Go1 Pty Limited, Apiom, Inc and any of our corporate affiliates including but not limited to:
(i) Go1 USA LLC;
(ii) Go1 UK Learning Limited; and
(iii) Go1 Singapore PTE. LTD.
(e) By accessing and using the Website and the Platform, you confirm that you have read and fully understood this Policy, that you agree to the collection and the usage of your own and others’ Personal Data in accordance with this Policy and that you have the authority to provide us with all Personal Data submitted by you via the Website and the Platform. By registering for or using Go1’s Services you consent to the collection, transfer, processing, storage, disclosure and other uses of your Personal Data described in this Policy.
Our Policy explains:
(a) the Personal Data we collect about you when you use the Website, the Platform, when you contract with us, or otherwise interact with us (for example, by attending our premises or events or by communicating with us); and
(b) your rights surrounding how we use your Personal Data, which include how you can object to certain uses of your Personal Data and how you can access and update your Personal Data (for more details see section 7).
3.1 General
(a) We collect Personal Data, including:
(i) the name, email address, phone number and country of residence;
(ii) where relevant, name of employer and title;
(iii) other information volunteered by the Data Subject (e.g. information entered on our Platform or our Website or provided to our team) or given to us with consent;
(iv) information derived by use of cookies (e.g. IP addresses – please refer to the Cookie Policy here); and
(v) Personal Data about the learning activities undertaken by the User, including course completion, and use of features, links and third-party integrations.
(b) The information described in section 3.1(a)(v) forms part of a User’s profile, which is created when a Data Subject first opens an account with an email address and password and which forms the basis of the User’s learning record.
(c) In addition to the Personal Data we collect about Users, we also collect Customer Personal Data that is required for your contract with us, such as company affiliation, contact information, invoicing data, and physical address.
(d) We may receive Personal Data about you from other Go1 Users or Partners, from third-party services, from our related companies, social media platforms, public databases, and from our business and channel partners. We may combine this Personal Data with Personal Data we collect through other means described above. This helps us to update and improve our records, identify new customers, create more personalized advertising and suggest Services that may be of interest to you.
3.2 Sensitive Information and Personal Data of children
(a) Under the Customer Terms, Users must be over the age of 18 or above the age of 16 using the Services with the supervision and approval of a parent or guardian. In the case of Users over the age of 16 using the Services, we rely on the consent granted by the parent or guardian supervising and approving the use of the Services. Go1 does not solicit, collect, or knowingly process the Personal Information of children.
(b) Go1 does not solicit, collect or knowingly process sensitive information (as defined under the Privacy Act 1988 (Cth) or sensitive personal data (as defined under GDPR, the FDPA and the UK Data Protection Act 2018).
3.3 Credit card details
The credit card details provided by Customers, when they pay for our Services, are passed directly to our payment processor and are not retained by us.
4.1 Collection from an individual
We collect Personal Data directly from Data Subjects via the Website and the Platform, including when you submit a query and via correspondence if you contact us (including via email or phone).
This Personal Data may include your name, email address, phone number, company, role, and any other information you provide us.
We also collect Personal Data directly from Customers when you contract with us for the provision of our Services.
4.2 Collection from authorised representatives
We collect information from employers and organisations on behalf of their employees, contractors, consultants, volunteers and other parties that they wish to register for our Services.
This information may include the name, email address, role, and further contact information of the Users if necessary or volunteered by the disclosing authorised representative.
4.3 Collection via Cookies and log files
(a) We receive information via third parties including the employer / company / organisation when it is provided to us by such an authorised representative to enable the use of the Services.
(b) This information may include the name, email address, phone number, company, role and other User’s information as provided to us by the authorised representative.
4.4 Collection via cookies and log trackers
We allow limited use of various technologies to collect and store Personal Data when Visitors visit our Website, which may include using cookies (i.e. a string of unique data that a website stores on a Visitor’s computer and that the Visitor’s browser provides to the Website each time the Visitor returns) or similar technologies to identify the Data Subject’s browser or device. Further information is available here.
5.1 Legal basis for collecting and processing Personal Data (European Economic Area only)
(a) If you are a Data Subject from the European Economic Area or the UK, our legal basis for collecting and using Personal Data will depend on the type of Personal Data and the purposes for which we collect it.
(b) However, we will normally process Personal Data from you:
(i) where we have your consent to do so;
(ii) where we need the Personal Data to perform a contract with you; or
(iii) where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms.
(c) In some cases, we may also have a legal obligation to collect your Personal Data or may otherwise need the Personal Data to protect your vital interests or those of another person (e.g. other Users).
(d) If we ask you to provide your Personal Data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Data is mandatory or not (as well as of the possible consequences if you do not provide your Personal Data).
(e) Similarly, if we collect and use your Personal Data in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.
(f) When we rely on our legitimate interests as a lawful ground to process your Personal Data:
(i) we do so considering the potential impact on your privacy; and
(ii) we offer the right to object to, or opt out from, processing, as described in section 7 below.
5.2 Data processing activities
We act as a data processor to perform our contracts with our Customers and process User’s Personal Data that Customers have provided us with for the following purposes:
(i) performing the Services;
(ii) User registration;
(iii) User enrolment (into courses);
(iv) User learning record creation (once a course is completed);
(v) User reminder notifications (via email) to Users when learning is due; and
(vi) issuing an administrative report to determine overall User process.
If required, a Data Processing Agreement (DPA) which complies with the Data Protection Law requirements will be signed between Go1 and each Customer that receives Go1 Services.
5.3 Reasons for use
The reasons we collect, store, process and use your Personal Data include:
(a) to perform, personalise and administer our Services;
(b) to identify and authenticate Users;
(c) to allow Users within an organisation (e.g. within an employer) to communicate with each other;
(d) for support or response purposes, including when Data Subjects request support or make an inquiry;
(e) to plan, improve, tailor, optimise, market and promote our Services for and to Data Subjects including by asking Users for feedback on our Services;
(f) to provide Data Subjects with relevant information and offers of courses and other services that we believe might be of interest to Data Subjects, which we may do by email;
(g) to manage Users’ accounts;
(h) to send Users prizes, certificates or scholarships to use our courses and other products and services;
(i) to provide Users with a digital learning record;
(j) for contractual and other lawful, regulatory or legitimate business purposes or for the establishment, exercise, response, consideration or defence of or regulatory claims or proceedings;
(k) to perform the agreement Go1 entered into with the Customer;
(l) to perform any other functions described in our terms and conditions or this Policy;
(m) to communicate with you about your account or transactions, and provide you with product-related communications, such as information about new features and Policy updates;
(n) to manage, analyse, understand and develop our relationship with Data Subjects;
(o) responding to your queries or complaints; and
(p) to act pursuant to your consent, for specific purposes e.g. with your consent, we may send you marketing communication or post your testimonial along with your name on our Website. If you wish to update or delete your testimonial, please contact us using the details in section 12 below.
5.4 Disclosure to third parties
(a) We may share or internally transfer your Personal Data within our Go1 entities. In such case, only our authorised personnel will process your Personal Data and only in the framework of their functions.
(b) We may share or transfer your Personal Data to our third party service providers (including Partners and processors) in order to fulfill the purposes described above. These third parties have access to your Personal Data only for the purpose of performing these purposes on our behalf.
(c) Go1 currently uses processors notably:
(i) to provide infrastructure Services;
(ii) to help us provide Customer support and email notifications;
(iii) for marketing and advertising purposes;
(iv) for billing and invoicing purposes; and
(v) to provide additional content in the case of our content Partners.
Prior to engaging any processor, Go1 performs due diligence to evaluate their privacy, security and confidentiality practices, and executes an agreement which complies with the Data Protection Law.
(d) All Go1’s entities and third parties are contractually obligated to comply with the same laws and regulations that we are required to comply with regards to the Personal Data, wherever they are located in the world, and we require them to adopt and apply data protection policies and practices that are consistent with this Policy.
(e) We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process, to protect the property and rights of Go1 or a third party, to protect the safety of the public or any person, or to prevent or stop any activity we may consider to be, or to pose a risk of being, illegal, unethical, inappropriate or legally actionable.
(f) We may share or transfer your Information (including your Personal Data) in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. You will be notified on any change in ownership or uses of your Personal Data, as well as any choices you may have regarding your Personal Data.
(g) However, please note that once Personal Data is shared with another company, the Personal Data received by the other company also becomes subject to its privacy policies and practices.
(h) Users need to understand that their choice not to provide certain Personal Data, as described above, will limit or prevent their ability to access and use our Services.
(a) We hold Personal Data only for so long as is necessary for the purposes set out in this Policy, unless a longer retention period is required or permitted by law.
(b) We are guided by our contractual obligations and by other lawful legitimate business interests.
(c) How long we keep the Personal Data we collect depends on:
(i) the type of information;
(ii) the purpose for which it is used;
(iii) how sensitive it is;
(iv) whether we have an ongoing relationship with the individual it relates to (e.g. you have an account with us, you are subscribed to receive communication from us or regularly visit or use our Services or Website); and
(v) our legitimate interests (e.g. defending claims, resolving disputes, enforcing our rights and agreements, and statistical analysis or research).
(d) The Personal Data may be retained in intermediate archiving, if it is necessary (i) for Go1 to fulfill its legal obligations or (ii) to provide evidence in case of litigation (data retention only during the local legal statute of limitations).
(e) Aggregated or anonymised information, since this is not Personal Data, may be stored indefinitely.
(a) Go1 respects your rights as a Data Subject. You have the right to request from Go1 access to and rectification or erasure of your Personal Data, or restriction of processing concerning you, or to object to processing as well as the right to data portability.
(b) Upon registration, Users have ongoing access to their Go1 accounts. Users can correct any inaccuracies, or update or add any information themselves through their online accounts.
(c) Additionally, you can request, via email to dataprotection@go1.com (for EU or UK Data Subjects) or privacy@go1.com (for all other locations), that we:
(i) rectify any inaccurate Personal Data relating to you;
(ii) send to you, or transmit to another controller, all of your stored Personal Data (in which case we will do so in a structured, commonly used and machine-readable format);
(iii) under certain conditions, restrict or object to processing of your Personal Data;
(iv) under certain conditions, delete your Personal Data; or
(v) withdraw your consent for the use of your Personal Data for the purposes which requested consent.
(d) You may unsubscribe to any or all emails from us through the automated facility sent with each email.
(e) Any actions or requests made in accordance with section 7(c) may limit the ability of Data Subjects to access and use our Services.
(f) It may be the case that, for contractual or other lawful, regulatory or legitimate business purposes, we retain and use an archived version of Data Subjects’ Personal Data, which may be pseudonymised, anonymised or otherwise de-identified.
(g) We have facilities in place to request Partners and other third parties, as necessary, to amend or delete Personal Data held on their systems.
(h) When Go1 processes User’s Personal Data on behalf of and as instructed by its Customers, our Customers are responsible to the Users and such User(s) should contact the respective Customer, acting, for example as their employer, for exercising their rights. In these circumstances, Go1 does not respond directly to the User’s requests for the exercise of their rights that we are notified of, but we inform the relevant Customer without delay and provide all reasonable assistance to satisfy the User’s requests in accordance with instructions of the Customer.
(a) We work hard to protect Go1 and the Data Subjects from misuse, interference, loss, unauthorised access, modification or disclosure of information we hold, including Personal Data.
(b) We apply technical and organisational measures to ensure a level of security appropriate to the risk, including:
(i) analysing and assessing privacy and security issues, risks and impacts during the design and development of new features and solutions for our products, services and delivery platform, governed by guidelines and security standards for our IT developers;
(ii) ensuring confidentiality, integrity, availability and resilience of processing systems and services (for instance, we restrict access to personal information to Go1 employees, contractors, Partners and other third parties described above, who need the information for the purposes described above and who are subject to strict contractual privacy and confidentiality obligations);
(iii) ensuring the ability to promptly restore availability and access to Personal Data in the event of an incident;
(iv) regularly reviewing and testing our information collection, storage and processing practices, including physical security measures, aimed to ensure security of data processing; and
(v) as we deem necessary, pseudonymising and encrypting (e.g. using SSL) data (e.g. for the purpose of transfers, when Personal Data is encrypted and access is restricted at rest).
(c) In implementing and carrying out these security measures, we are guided by:
(i) ISO/IEC 27001:2013, the international standard that describes best practice for an information security management system; and
(ii) by the ‘Guide to securing personal information (‘Reasonable steps’ to protect personal information)’, dated January 2015, issued by the Office of the Australian Information Commissioner.
(a) Given that Go1 operates internationally, Personal Data of Data subjects that we collect Personal Data from, including via the Website and the Platform, may be transferred across national and continental borders, including for contractual and other lawful legitimate business purposes or at the request of Data subjects including to the following locations:
(i) Australia;
(ii) Countries in the European Union;
(iii) The United Kingdom;
(iv) The United States of America;
(v) Malaysia;
(vi) Vietnam;
(vii) Singapore;
(viii) The Philippines;
(ix) South Africa; and
(x) Chile.
(b) Within the Go1 organisation, international transfers from the EU and the UK between Go1’s entities based outside the EEA are governed by internal controls and rules, consistent with this Policy and the Data Protection Law, such as standard contractual clauses (SCCs).
(c) For international transfers from the EU and the UK to and from Partners and other third parties based outside the EEA, Go1 has in place enforceable agreements containing privacy and data protection obligations consistent with this Policy and the Data Protection Law, such as standard contractual clauses (SCCs).
(a) We acknowledge the various data breach obligations in each of the jurisdictions in which we operate, including in Australia.
(b) We commit to promptly identifying and responding to any breaches, to act to prevent harm and to report, if and as required, to the relevant supervisory authority and the concerned Data Subjects.
(a) Our Policy may change from time to time.
(b) We will not reduce Data Subjects’ rights under this Privacy Policy without their explicit consent.
(c) We will post any changes on this page and, if the changes are significant, we will provide a more prominent notice (which may include email notification of Policy changes). We encourage you to check this page from time to time and take notice of any changes we make.
(d) We will also keep prior versions of this Policy in an archive for review by Data Subjects upon request.
(a) Privacy complaints, enquiries, and requests to exercise your rights regarding your Personal Data can be made to:
Privacy Officer
Units 4 & 5, 2904 Logan Rd
Underwood QLD 4119
OR
Level 1, 33-39 Riley St
Woolloomooloo NSW 2011
(b) If you are a European Union or United Kingdom resident wishing to make a request, complaint or enquiry regarding your rights regarding your Personal Data, please contact:
Data Protection Officer
Or by mail to:
Frédéric Sardain
Jeantet
11 rue Galilée
75016 Paris
France
(c) If you are not satisfied with our answers related to your complaint or enquiries related to your Personal Data, you have a right to lodge a complaint with the competent supervisory authority. We will gladly provide the contact details of the relevant supervisory authorities within the countries in which we operate.
(d) We aim to respond to all privacy requests, enquiries and complaints within 30 days. Where a different timeline for response is prescribed by law, we will respond within the prescribed time period.
Last updated: 9 May 2022