Skip to main content
Client Login

Privacy Policy

HZ Empowerment Group Pty Ltd (ABN 63 690 555 483), trading as HZ Empowerment Group, takes your privacy seriously. This Privacy Policy explains how we handle personal information in line with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

Effective date: 22 April 2026

1. Who this policy applies to

This policy covers personal information we collect from visitors to hzempower.com.au, prospective and current clients, contacts at client organisations, end users we interact with while delivering services to a client, suppliers, job applicants, and anyone who contacts us.

2. What is personal information

Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not, and whether it is recorded in material form or not. Sensitive information is a subset of personal information with stricter handling requirements, for example information about health, race, political views, religious beliefs, or union membership.

3. What personal information we collect

The personal information we collect depends on how you interact with us. Typical categories include:

• Identity and contact details, for example your name, job title, employer, email address, phone number, and postal address.

• Enquiry and correspondence content, for example the content of any message you send us through the Website, by email, or in a meeting, together with metadata like date, time, and device.

• Client relationship information, for example organisation details, billing details, project history, and notes we keep to manage the engagement.

• Service delivery information, which may include administrative or technical information about systems we are engaged to support (such as user lists, configuration data, audit findings, or screenshots) where that information is needed to deliver the agreed services under a Statement of Work.

• Marketing preferences, for example whether you have opted in to our mailing list and which topics interest you.

• Website usage information, for example pages viewed, referring URLs, approximate location derived from IP address, browser type, and device type, collected through cookies and analytics tools (see our Cookies and Tracking Notice).

• Recruitment information, if you apply to work with us, including your CV, cover letter, referee details, and any information we collect through interviews or background checks conducted with your consent.

We generally do not collect sensitive information. If we need to, we will ask for your consent first and only collect what is reasonably necessary.

4. How we collect personal information

Wherever practical, we collect personal information directly from you, for example when you fill in a form on the Website, send us an email, sign a proposal or Statement of Work, or meet with us. We may also collect personal information:

• from your employer or a colleague at your organisation when they introduce you or include you on a project,

• from publicly available sources such as LinkedIn, company registers, or your organisation's website, where that is relevant to a business relationship,

• from third-party systems we are engaged to administer on your organisation's behalf, where the Statement of Work authorises that access,

• automatically through cookies and similar technologies when you visit the Website, as explained in our Cookies and Tracking Notice.

If we receive personal information we did not ask for and could not have lawfully collected ourselves, we will delete or de-identify it unless it is part of a Commonwealth record or we are legally required to keep it.

5. Why we collect, use, and disclose personal information

We collect, use, and disclose personal information for the following purposes:

• to respond to enquiries and provide information you request,

• to provide services under a Master Services Agreement and Statement of Work, including running audits, performing assessments, implementing configurations, providing support, and producing reports and deliverables,

• to manage our relationship with you or your organisation, including billing, accounting, client communications, and relationship development,

• to send you marketing communications where you have opted in or where permitted by law, with a clear option to unsubscribe in every message,

• to improve the Website, our services, and our internal processes, including analysing usage patterns and collecting feedback,

• to assess job applications and manage recruitment,

• to meet our legal, regulatory, and contractual obligations, including record-keeping, tax, anti-money-laundering, and responding to lawful requests from authorities,

• to protect our rights, property, and safety, and those of our clients, staff, and other users, including preventing and investigating fraud, security incidents, and misuse of the Website.

6. Who we share personal information with

We treat personal information as confidential. We only share it where it is necessary for one of the purposes set out above, and only with parties who are bound by appropriate confidentiality and data-handling obligations. The parties we may share personal information with include:

• our personnel (employees, contractors, and advisors) on a need-to-know basis,

• third-party service providers who help us run our business, such as cloud hosting providers, email and productivity platforms, CRM and marketing tools, accounting and billing systems, IT support tools, analytics providers, and professional advisors,

• vendors whose products or services we are engaged to configure or administer under a Statement of Work, where sharing the information is necessary to deliver the agreed services,

• your organisation, where you are a contact at a client organisation and the information relates to the services we are providing to that organisation,

• law enforcement, regulators, or other authorities where required or authorised by law,

• a purchaser or prospective purchaser of our business, in the context of a sale or restructure, subject to appropriate confidentiality arrangements.

7. Overseas disclosure

Some of the cloud and productivity tools we use are operated by providers with infrastructure outside Australia, which means personal information may be stored or processed in countries including the United States, the European Union, and the United Kingdom. Before we use an overseas provider we take reasonable steps to confirm that the provider has appropriate security and privacy practices, and where possible we configure the service to keep data in Australian data centres. If you would like to know the countries where your personal information is likely to be disclosed, please contact us using the details at the end of this policy.

8. Direct marketing

We may send you information about our services, events, insights, and case studies. We only send marketing by email where you have opted in or where we are otherwise permitted to under the Spam Act 2003 (Cth). Every marketing email includes a way to unsubscribe, and we action unsubscribe requests promptly. If you no longer want to receive marketing, you can also email us at privacy@hzempower.com.au and ask to be removed from all lists.

9. Cookies and Website analytics

The Website uses cookies and similar tracking technologies to help the Website work, to remember your preferences, and to understand how the Website is used. For Details, see Cookies and Tracking Notice.

10. How we store and secure personal information

We hold personal information in a combination of cloud-based systems and, where relevant, on managed devices used by our personnel. We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, and disclosure. These steps include multi-factor authentication (a sign-in check that uses more than one type of proof, such as a password plus a code on your phone) for staff access, role-based access controls, encryption in transit and at rest for our core platforms, logging and monitoring, staff training, written confidentiality obligations, and vetting of the third-party providers we use.

Despite these steps, no system is perfectly secure. If a data breach occurs that is likely to result in serious harm, we will respond in line with the Notifiable Data Breaches scheme, including notifying affected individuals and the Office of the Australian Information Commissioner where required.

11. How long we keep personal information

We only keep personal information for as long as we need it for the purposes it was collected, or for as long as we are required to keep it under law (for example, tax and corporations law record-keeping obligations). When we no longer need personal information and are not required to retain it, we take reasonable steps to delete or de-identify it.

12. Accessing and correcting your information

You can ask for access to the personal information we hold about you, and you can ask us to correct it if it is inaccurate, incomplete, or out of date. To make a request, contact us using the details below. We will respond within a reasonable period, typically within 30 days. We do not usually charge for access requests, though we may charge a reasonable fee for complex requests that take significant effort to fulfil. In limited circumstances we may need to refuse access, for example where the law requires us to withhold information, and if we do we will explain why in writing.

13. Anonymity and pseudonymity

Where it is lawful and practical to do so, you can interact with us anonymously or under a pseudonym, for example when you browse the Website or ask a general question. For most of our business activities (such as engaging us for services, invoicing, or recruitment) we need to know who we are dealing with, so anonymity will not be practical.

14. Making a complaint

If you think we have mishandled your personal information or breached the Australian Privacy Principles, please contact us first using the details below. We will acknowledge your complaint promptly, investigate it, and aim to resolve it within 30 days. If you are not satisfied with our response, you can complain to the Office of the Australian Information Commissioner at oaic.gov.au or on 1300 363 992.

15. Changes to this policy

We may update this policy from time to time. The current version will always be available on the Website with the effective date shown at the top. If a change is significant, we will take reasonable steps to bring it to your attention, for example through a notice on the Website or a direct message.

16. Contact us

If you have a question, request, or complaint about your personal information or this policy, please contact:

Privacy, HZ Empowerment Group Pty Ltd

Email: privacy@hzempower.com.au

Post: Level 19, 10 Eagle Street, Brisbane City, QLD 4000

General enquiries: hello@hzempower.com.au