EnterpriseWorks Pty Ltd, ABN 55 691 452 927, respects your privacy and is committed to handling personal information in an open, transparent and responsible way.
This Privacy Policy explains how we collect, use, store, disclose and protect personal information when you interact with EnterpriseWorks.
EnterpriseWorks is an independent research and advisory firm based in Australia. We provide research and advisory services focused on enterprise productivity, workforce capability, technology adoption, responsible AI and better ways of working.
This policy applies when you:
For privacy enquiries, contact us at: contact@enterpriseworks.com.au
EnterpriseWorks is a small business with annual turnover under $3 million. EnterpriseWorks has chosen to opt in to the Privacy Act 1988 (Cth), so that it is treated as an organisation under the Privacy Act once the opt-in is registered by the Office of the Australian Information Commissioner.
From the date EnterpriseWorks is entered on the public opt-in register, we will comply with the Australian Privacy Principles in relation to personal information we hold, unless an exemption or exception applies.
We also comply with the Spam Act 2003 (Cth) in relation to commercial electronic messages.
EnterpriseWorks will comply with any stricter privacy, confidentiality or data security obligations set out in our client contracts.
The personal information we collect depends on how you interact with us. Some information, including technical identifiers or research responses, may be personal information under Australian privacy law depending on how it is used or combined with other information.
We may collect:
We do not generally seek to collect sensitive information, such as health information, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, criminal record information or financial information.
Because our work may involve productivity, workforce wellbeing, burnout, psychological safety or employee experience, some advisory, research, survey, interview or workshop activities may involve sensitive or personal workplace information. Where this occurs, we will handle the information carefully and only where there is an appropriate basis to do so, such as consent, clear notice, de-identification, aggregation or another basis permitted by law.
Our website and services are not directed to children, and we do not knowingly collect personal information about children.
Unless otherwise stated, our surveys are designed to be anonymous. We do not intentionally collect your name, organisation, job title or other information that identifies you as an individual respondent in anonymous surveys.
However, some responses may include information that could identify an individual or organisation, especially where free-text responses, small cohorts, role details, organisation details or specific examples are provided.
Where a survey, interview or research activity is not anonymous, we will make this clear and explain how the information will be used.
Participation in research, surveys and interviews is voluntary where we deal with individuals directly. Where we rely on consent, you may withdraw your consent by contacting us, although there may be limits where information has already been de-identified, aggregated, analysed, published or incorporated into research outputs.
We usually collect personal information directly from you when you submit a form, complete a survey, subscribe to updates, contact us, book or attend a meeting, participate in research or events, or engage us to provide services.
We may also collect personal information from your organisation, a client, a partner, a referral source, publicly available sources or service providers that support our business operations.
We use personal information to:
We do not use personal information for unrelated purposes without consent, unless permitted or required by law.
EnterpriseWorks may publish or share research findings, insights or reports.
Where research findings are published or shared externally, we take reasonable steps to de-identify or aggregate information unless we have permission to identify an individual or organisation.
Our research may be co-published or distributed with partners. Where this occurs, we may share aggregate or de-identified findings with those partners.
We do not share personal information, including email addresses, with research or publication partners without consent.
We may send you research reports, insights, invitations, updates or information about EnterpriseWorks services where you have requested them, consented to them, or where otherwise permitted by law.
Commercial electronic messages will identify EnterpriseWorks as the sender and include a functional unsubscribe option where required. You can opt out of marketing communications at any time by using the unsubscribe option in the message or contacting us directly.
We do not sell, rent or share your email address with third parties for marketing purposes.
Our website and digital communications may use cookies, analytics tools and similar technologies to understand website usage, improve user experience, manage website performance and measure the effectiveness of our content.
We use standard analytics tools to understand aggregate website usage and engagement with our content. We do not use this information to profile individuals for targeted advertising.
You can adjust your browser settings to block or delete cookies, although some website features may not function as intended.
If we introduce marketing, remarketing, advertising, cross-site tracking, profiling or more detailed tracking tools in the future, we will review and update this policy as needed and, where required, provide additional notice or consent mechanisms.
EnterpriseWorks may use technology and AI-enabled tools to support research analysis, drafting, administration, productivity, quality assurance, workflow management or service delivery.
Where practical, we de-identify or aggregate information before using technology or AI-enabled tools for research or analysis.
We do not intentionally enter personal information into public AI tools unless it is necessary, appropriate, authorised and subject to suitable confidentiality, privacy and security controls.
EnterpriseWorks does not use automated decision-making to make decisions about individuals that would significantly affect their rights, interests, employment, access to services or legal position.
We do not sell or trade personal information.
We may disclose personal information to:
We only disclose personal information where it is reasonably necessary for our business, services, research, communications, legal obligations or operations.
Some service providers used by EnterpriseWorks may store or process information outside Australia.
Where this occurs, we take reasonable steps to use reputable providers and to understand relevant privacy, security and data processing arrangements.
EnterpriseWorks will take reasonable steps to comply with applicable cross-border disclosure obligations under the Privacy Act and Australian Privacy Principles.
We will update this policy to identify any countries in which our key service providers store or process personal information, where it is practicable to do so.
If we collect personal information from individuals located outside Australia, additional privacy laws may apply depending on the nature of the interaction, the services provided and the location of the individuals involved. Where required, EnterpriseWorks will take reasonable steps to comply with applicable local privacy requirements.
We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure.
These steps may include using reputable service providers, limiting access to authorised people who need the information for legitimate business purposes, using access controls and secure systems, applying appropriate data handling practices, limiting local storage of personal information where practical, and de-identifying or aggregating research data where appropriate.
No method of transmission or electronic storage is completely secure. If you believe information you have provided to EnterpriseWorks has been compromised, please contact us promptly.
If we become aware of a data breach involving personal information, we will take reasonable steps to contain the breach, assess the risk of harm and take appropriate remedial action.
If EnterpriseWorks is legally required to notify affected individuals, regulators or the Office of the Australian Information Commissioner, we will do so in accordance with applicable law. Even where formal notification is not legally required, we may notify affected individuals where we consider it appropriate and helpful to reduce potential harm.
We retain personal information only for as long as reasonably necessary for the purpose for which it was collected, to manage our relationship with you, to provide services, to maintain business records, or to meet legal, tax, accounting, regulatory or professional obligations.
Anonymous or de-identified research data may be retained indefinitely for research, benchmarking, insight development or publication purposes.
When personal information is no longer required, we will take reasonable steps to destroy or de-identify it.
You may ask us to:
You can make a request or complaint by contacting us at contact@enterpriseworks.com.au.
We will respond within a reasonable timeframe. In some cases, we may need to verify your identity or may not be able to provide access, correction or deletion where legal restrictions, confidentiality obligations, de-identification limits, research integrity, contractual obligations or record keeping requirements apply.
If we are unable to provide access or make a correction, we will tell you why and let you know how you can complain if you are not satisfied with our response.
If you believe we have handled your personal information in a way that breaches applicable privacy law and you are not satisfied with our response, you may be able to lodge a complaint with the Office of the Australian Information Commissioner:
The Privacy and Other Legislation Amendment Act 2024 introduced a statutory tort for serious invasions of privacy, effective from June 2025, which may allow individuals to seek remedies directly through the courts in appropriate circumstances.
This policy is effective from 1 May 2026.
We may update this policy from time to time to reflect changes in our practices, technology, services or legal obligations.
Book a conversation to explore how EnterpriseWorks can help your organisation lift productivity, unlock workforce potential and get greater value from technology and AI.
