THE CURIOSITY TO CHALLENGE CONVENTIONS. THE COURAGE TO FIGHT FOR WHAT IS RIGHT.
Privacy Policy
Revised: 03 Sept 2024
Tobias is committed to ensuring the fair and appropriate handling of your personal data.
This Privacy Policy explains how we handle your personal data, whether you are here to review what we have to offer, one of our clients (aka: a client conducting research), or a prospective research participant.
We use the term personal data for simplicity throughout this document to refer to personal information as described in the Australian Privacy Principles (APPs), the framework for Australia's Privacy Act 1988
Tobias follows the privacy principles set out in Australia’s Privacy Act 1988. The privacy principles direct our approach to collecting and managing your personal data. Specifically, we:
- maintain transparency in how we handle your personal information,
- limit the collection of personal data to what is essential for our operations,
- clearly define our data purposes and restrict the use and disclosure of personal data accordingly,
- take appropriate measures to ensure the security of the personal data in our possession.
Our approach to privacy includes meeting personal data handling requirements and standards set out by the Office of the Australian Information Commissioners, the UK General Data Protection Regulation (GDPR), the NZ Privacy Act 2022 and other relevant data protection laws where our client's or participants are from outside of Australia.
Tobias provides design user research and Usability Testing services for our client's and in some cases finds suitable participants for the research studies being conducted for our clients.
The services have a number of data collection points:
- During design projects, prospective user research participants can register and apply to participate in research opportunities for our clients.
- There is an application and screening process for each research opportunity. Our team create a series of screening questions to ask prospective participants to meet the project requirements.
- Based on participant registration and screening question responses, our team selects (i.e., recruit) participants for their research opportunities, schedule research sessions and send messages to participants via the method selected e.g email or SMS.
- Some clients will ask chosen participants to complete the relevant research studies on-location, however most research is performed online or virtually. We can facilitate our clients' research sessions through video-conferencing tools hosted by MSTeams or Zoom. Video or Audio files created are stored by us for the duration of the research for analysis purposes on our secure data storage platform. De-identified notes or transcripts are made from the session and files.
- Clients may choose to outsource the completion of recruitment for research studies to trusted third party recruitment partners in which case the personal details of the participants are held by the partner. In this case Tobias will hold the consent form and the research data as above.
Why we collect and process your personal data
Tobias collects and processes your personal data to provide our Design research services. Specifically, we use personal data for the following purposes and under the legal bases set out below. Tobias will not use personal data for a purpose not related to its services or functions.
Consent
We don't use any cookies on our site. However we do use Google Analytics to collect anonymised user traffic to understand user behaviours.
(Anyone) We receive your response to a marketing offer we made via our website or social media pages
(Participants) You can choose whether we collect sensitive information about you, including as part of the screening process for client studies.
Participant Research
We screen participants based on the information they provide to us for client studies (using screening questions supplied by the client or our design research team).
We verify the accuracy of participant applications and responses to screening questions.
We connect our clients with research participants.
We set up research study session times.
We facilitate communication between our clients and our design research team.
We collect and process research study data to meet our agreed services for our clients.
What types of personal data do we collect and process?
Personal data is information that identifies you (or could reasonably lead to you being identified). The types of personal data we collect and process depends on our relationship with you. We explain this below:
Analytics data - We collect and use analytics data collected from your use of the website. We only collect this data from website visitors. All analytics data is anonymised.
Enquiries data - When you contact us or use social media channels, we use your personal data to communicate with you and answer your enquiries.
Client data - As our clients are generally companies, personal data required for the service of clients is generally limited to details of a company’s nominated contact person or team of people.
Participant data - We collect and process participant personal data to screen and schedule participants for research sessions.
Screening Data - We collect and process participant personal data as part of the screening process for an upcoming research study.
Research study data - When participants undertake client studies we collect and process this data to provide our agreed services to the client.
Video response data - When participants provide video responses in design research interviews, we collect and process this data to provide our agreed services to the client.
Contact data - We collect and process this data to contact clients and participants about upcoming research study opportunities or scheduled studies.
Request for access or correction data - When you submit a request to access or correct your data, Tobias uses this data to process your request and communicate with you.
The following sections set out specific information on how we collect and process personal data that relates to:
- General collections of personal data
- Our clients, and
- Participants.
When we collect and process your personal data - General
Tobias collects and processes your personal data in a number of instances, which have been set out below. We may share your personal data with our external service providers in some of these instances.
Visiting our website
Analytics - When visiting our website Tobias collects data about your navigation of the websites to help us monitor and improve our platform and your user experience.
The data collected and processed when you visit our website includes your:
- IP Address
- Browser version
- Pages visited
- Time and date of your visit
- Time spent on pages
- Approximate location
Cookies - We don’t use cookies on our site. However we do use Google Analytics to better understand user behaviours and which content is being interacted with. Google Analytics does not collect any personal information.
When enquiring about our services
When you contact us we use your personal data to communicate with you and provide you with information about our services. We may collect and use your name, email, phone number and enquiry details.
Responding to a marketing offer
If you choose to respond to a marketing offer that we make on our website or social media pages, we will collect some of your personal data, including your email, approximate location, the landing page ID and the time you visited the page.
When you access or correct your personal data, or submit a privacy complaint
When you submit a request to access or correct your personal data, or submit a privacy complaint, Tobias uses this data to process your request or investigate your concern and to communicate with you.
We collect and use your name, contact information and details regarding your request or concern.
When we collect and process your personal data
Clients - as our clients are generally companies (and/ or corporations, organisations, government agencies), personal data collected from clients is usually limited to details of the nominated contact person or team of people, which we process in a number of circumstances, set out below.
We may share personal data with our external service providers in some circumstances.
When receiving email notifications
Tobias collects and processes a client’s contact person’s email address when receiving email notifications.
Facilitating Meeting Sessions
Tobias uses virtual conferencing tools such as MS Teams for meeting sessions. Tobias may ask for an audio and visual recording of client meeting sessions and the individuals involved in the session.
When we collect and process your personal data
Participants - Tobias collects and processes participant personal data in a number of instances, which have been set out below.
We may share your personal data with our external service providers in some of these instances.
During participant registration
When you apply to Tobias as a participant for a research study, we collect and use a range of personal data to screen, register for, and schedule research sessions, including:
- Name
- Gender
- Mobile phone number
We only ask for details that are relevant to the research study. Tobias only use research information (including any personal data) for the purpose of conducting research studies, and not for any other purpose.
When applying for research study opportunities
When you apply for a research opportunity, we may collect certain information about you in addition to your name, gender, age, as described above, where it relates to the type of participants required for the study (for example, whether you are working in a “profession”).
During the application process, you will be asked to answer a number of screening questions. The screening questions are in relation to the particular research studies we are conducting.
Tobias uses your answers to assist in narrowing down the participant pool from which to select people to participate in a particular study. Tobias does not use these answers to build a database of information about you; rather, the answers are held only in order to match you with the research opportunities we are seeking participants for.
Screening questions may include details about your:
- Language
- Occupation
Where we ask for personal data about you that is considered sensitive information, we will ask for your permission first before we collect and use that information.
For quality assurance, it is important that all screening questions are answered by you to the greatest degree of accuracy. As part of the application process, we also collect details regarding your availability to participate in each research opportunity.
When participating in studies
To participate in and complete research studies, you are required to provide details about yourself, including your opinions and preferences. The exact personal data that you are required to provide is dependent on the study being conducted and is determined by Tobias or our client
In some study projects you may be recorded, via audio or visual recording (or both), including when you participate in an interview or provide an opinion verbally. We will always ask for your permission to use your video response, prior to the recording.
When you get paid
We pay you when you participate in research studies. We call this an incentive payment. The personal data we collect and process in order to pay you includes:
- The payment amount (what you earned - eGift card)
- Your email address
- The status of the payment (when you can expect to receive the payment)
When we communicate with you
We may contact you in a number of circumstances, including when we notify you of potential research opportunities, provide communication from our clients, or remind you of your upcoming study sessions. We collect and process your personal data when we communicate with you, including:
- Phone number
- Email or SMS message
How we share your personal data
Tobias will not sell or share your personal data with advertisers, sponsors, content providers or anyone else – unless:
- We have your express permission (e.g. you have expressly chosen to receive marketing materials), or
- There is a lawful ability or requirement for us to do so (e.g. we receive a court order to produce the information)
How we store your personal data
Tobias will only store your personal data in electronic format, either on-site or in 'the cloud'. Tobias uses MS Teams and Dropbox for cloud storage, depending on client requirements. Tobias also uses other third-party service providers to store specific types of personal data (such as payment processing data, email and communications data). The personal data stored by third party providers, relates to their functions and services. A full list of our service providers is available on request.
How we secure your personal data
At Tobias, we securely manage and dispose of personal data, by implementing a range of data security practices, including (but not limited to):
- Data stored securely on a cloud database with strong automated security features
- Access to personal data is only provided to staff that require the information to undertake their role
- Encryption of data and backups
Protection of personal data from unauthorised access and disclosure is a priority for us. Any concerns about the security of personal data held by Tobias should be reported to us without delay, by email: privacy@designtobias.com or phone: +61 (0) 403 290 715.
How long we keep your personal data
We retain your personal data for differing periods, depending on the purpose for which it was collected. We will only keep your personal data for the periods set out below, before your personal data is securely destroyed:
- 2 years of inactivity on the client account, or where the company is registered as no longer trading
- Financial transaction information is retained for 7 years
- Answers to screening questions are retained for 90 days, or until the relevant research opportunity has concluded (whichever is the sooner).
- Video or audio recordings and transcriptions, and the personal data contained therein, will be deleted by Tobias within 90 days of the recording. It is noted however that the client may have copies of this data, with any personal data information removed.
In the event you would like your personal data to be completely removed, you can request us to delete your data at any time. Deletion may, however, not occur instantly, as we will require time to delete your data from our backups and from any of our platform service provider locations. If you would like us to delete the personal data we hold about you, please write to us at privacy@designtobias.com.
Can I access and update my personal data?
If we hold personal data about you, we are happy to tell you what it is. We will not, however, tell someone else what personal data we hold about you (unless you permit us or there is a lawful ability or requirement for us to do so).
If you think the personal data we hold about you is incorrect or out of date you can:
- Update your details
- Write to us at privacy@designtobias.com - we are happy to provide access to, and correction of, your personal data. We will need you to provide us with an adequate form of identification, to ensure you are really you.
We will not charge you to access or correct your personal data, and we will get back to your request within 24 hours.
Your rights
Under the UK General Data Protection Regulation, people in the UK have certain rights regarding their personal data held by Tobias, including:
- Right of erasure - the right to require Tobias to delete all personal data held about you
- Right to object - the right to object at any time to certain types of processing of your personal data
- Right to data portability - the right to receive the personal data Tobias holds about you in an accessible format
- Right to restrict processing - in certain circumstances you have the right to obtain a restriction on the processing of your personal data
If you are in the UK and have queries about the above, please write to us at privacy@designtobias.com
Will we update our Privacy Policy?
We will update this document from time to time to ensure that our personal data handling practices are correctly reflected. This may occur without notice, however we will always post a 'last revised' date for your information.
Any questions or concerns?
If you have a question about our Privacy Policy or a concern or complaint about our personal data handling practices, please get in touch with us. You can submit a Privacy Complaints Form (available on request) or contact us at:
Email: privacy@designtobias.com
Phone: +61 (0) 403 290 715
We will confirm receipt of your questions or complaint within 24 hours. In most cases, we will be able to assist you immediately, however there are some circumstances where we may need additional time to respond to you (such as where additional details are needed to understand your concern or investigate the matter).
If you have made a privacy complaint and are not happy with our response to your concerns, you are able to contact the Office of the Australian Information Commissioner via their website – www.oaic.gov.au.