Last updated: 5 December 2025
Overview
This notice sets out Strategic Grants Pty Ltd’s policy on Privacy, Data Retention, Data Protection, and Cyber Security. It outlines how we collect, store, protect, and manage personal and client data across our business operations in Australia and New Zealand.
1. Privacy Policy
Strategic Grants is committed to conducting its business in compliance with all applicable laws and regulations in both Australia and New Zealand, and in accordance with the highest ethical standards. We act in accordance with the Privacy Principles outlined by the Office of the Australian Information Commissioner (OAIC) and the Office of the Privacy Commissioner (OPC) in New Zealand, and comply with the Privacy Act 1988 (Cth) in Australia and the Privacy Act 2020 in New Zealand regarding the collection, storage, and use of your personal information.
We are dedicated to protecting your privacy while you are online and we safeguard your personal information, ensuring that confidentiality is respected and information is stored securely.
Collecting Information
Strategic Grants may collect personal information directly from you when you:
- Telephone us
- Send us correspondence by letter or email
- Contact us via our website
- Attend a workshop
- Meet with a representative of Strategic Grants
Generally, the type of information Strategic Grants collects and holds will include:
- Your name
- Mailing and email addresses
- Telephone number
- Job title and organisation/employer name
If you use the Strategic Grants website to purchase training services, we may also collect financial information from you.
Storage and Security
Strategic Grants will take all reasonable steps to ensure your personal information is kept secure. Your personal information may be stored in hard copies and/or as electronic data in Strategic Grants software or systems. Strategic Grants maintains computer and network security.
When you enter sensitive financial information (such as credit card numbers) on our website, we encrypt that information using secure socket layer technology (SSL). When credit card details are collected, we simply pass them on to be processed as required. We never permanently store credit card details.
If you have any questions about security on our website, please contact us.
Using and Disclosing Information
If you request information, we will use the personal information you provide (e.g. your return email address or phone number) for the purpose of responding to your information request. We may also use the contact information you provide to send periodic emails relating to our services.
If, at any point you no longer wish to receive information from Strategic Grants, or wish to correct your personal information, then please email us.
If Strategic Grants engages third parties to perform services for us, which involves the third party handling personal information that Strategic Grants holds, Strategic Grants prohibits the third party from using personal information about you except for the specific purpose for which Strategic Grants supplies it.
Strategic Grants does not disclose any personal information it collects to third parties for the purpose of allowing them to direct market their products and services. Strategic Grants does not sell or trade personal information.
Strategic Grants reserves the right to disclose your personal information to comply with any legal obligation or when we believe that disclosure is necessary to protect our rights.
Software Integrations
Where the GEMS – Grants Expertise Management System software is integrated with third party software, all data transfers will be one directional from GEMS into the third party software system. GEMS will only ‘push’ grants data into the third party software system. GEMS will not access any data in the third party software system beyond that which it is necessary to interrogate in order to establish a connection to the third party system, to effectively populate the third party system with GEMS data. In no instance will GEMS ‘pull’ data from the third party software system to store that data within GEMS or any other Strategic Grants system.
We use third party user-tracking software across the website and GEMS software, such as Google Analytics and Microsoft Clarity, to capture how you use and interact with our website through behavioural metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine online activity. Additionally, we use this information for site optimisation, fraud/security purposes, and advertising.
Accessing and Correcting Information
You can contact Strategic Grants at any time to access your personal information or for your personal information to be corrected or updated.
Our Website and Use of Internet Cookies
A “cookie” is a device that allows our server to identify and interact more effectively with your computer. Cookies do not identify individual users, but they do identify your ISP and your browser type. A cookie file can be used to track the pages you have visited and your preferences. Strategic Grants may use cookies to assist in site functionality or with website visitor statistics. The only personal information a cookie can contain is information you personally supply.
Effect of This Policy
This Policy does not form a contract between an individual and Strategic Grants. This Policy may change to reflect Strategic Grants business, laws and technology. Whenever you need to refer to this Policy you should refer to our websites: www.strategicgrants.com.au and https://www.strategicgrants.co.nz
Our website contains links to other websites. We are not responsible for the content or privacy practices employed by third-party websites.
2. Data Retention and Data Protection
Strategic Grants is committed to protecting the privacy, confidentiality, and integrity of client data. This policy outlines how we manage, retain, and securely dispose of data provided by clients.
Purpose
We collect and retain client data solely to deliver contracted services. This includes grant strategy development, application support, grants calendar builds, and access to Strategic Grants’ GEMS platform.
Our intent is to always store the minimum client data set required to deliver the contracted services.
Our intent is to dispose of client specific data as soon as it is no longer contractually required by us to deliver services to the client.
Retention Periods
Client data is retained in accordance with our internal Data Retention Policy and Disposal Schedule and what is required by law. Key principles include:
- Active clients: Data is retained for the duration of the engagement.
- Inactive clients: Data is retained for up to 7 years after the conclusion of services, unless otherwise agreed.
- GEMS data: Retained while the organisation remains a client or prospect or becomes inactive. If a client requests deletion of certain data elements, data will be removed from the platform within 7 days, or sooner if specified.
Data Protection and Security
Strategic Grants applies robust technical and organisational safeguards to protect client data from unauthorised access, loss, or misuse. These include:
- Encryption of platform data and secure storage
- Virus and malware protection across company devices
- Staff training in cyber threat awareness and reporting
- Access controls limiting data to authorised personnel only
Data Disposal
When data is no longer required, it is deleted in accordance with its sensitivity and confidentiality. Disposal methods include secure electronic deletion.
Data Residency
All client data is stored in Australia.
Data Encryption and Transmission
Data is encrypted at both rest and in transmission.
Compartmentalisation of your organisations data
From a system perspective, all client data is managed via unique client ids – only users logged in with specific client ids have access to their data – other data isn’t even “touched” so there’s no accidental serving of other client ids
Client Rights
Clients may request access to, correction of, or deletion of their data at any time by contacting us. We will respond promptly and in accordance with applicable laws.
Responsible Technology Use
Strategic Grants is committed to ethical and responsible use of technology, including AI. We apply internal guidance to ensure that any AI-supported processes are transparent, values-aligned, and used to support, not replace, human expertise.
3. Cyber Security Policy
Purpose
This policy outlines Strategic Grants’ commitment to protecting systems and data from cyber-attacks and ensuring robust data protection for all stakeholders, including clients. It applies to all workers, contractors, and visitors interacting with company systems.
Key Preventative Measures
- Regular review and implementation of cyber security advice from authorities
- Virus and malware protection on all company devices
- Mandatory password protection and periodic password changes
- Restrictions on internet access and administrative privileges
- Removal of outdated software
- Ongoing training for staff to identify, avoid, and report cyber threats
- Consultation with external experts as needed
Data Protection
- Personal and commercially sensitive information is safeguarded through strict electronic and physical security measures
- Compliance with privacy laws, including timely notification requirements for data breaches
- Immediate legal advice sought in the event of a personal information breach
Incident Response
- A formal Cyber-Attack Response Plan is in place, detailing notification, reporting, recovery, and investigation procedures
- Immediate analysis and containment actions are taken upon detection of a breach
- Engagement with specialist consultants and legal advisers when necessary
- Transparent communication with affected stakeholders and authorities
Training & Awareness
- All workers receive annual training on cyber security and incident response
- Continuous vigilance is encouraged, with prompt reporting of suspicious communications
Records & Review
- Documentation related to emergency management is retained for at least seven years
- The policy and response plan are reviewed annually to ensure alignment with best practices and evolving threats
Breach Notification
In the event of a data breach involving client data, Strategic Grants will act swiftly and transparently. We will:
- Notify affected clients promptly
- Seek legal advice to meet statutory obligations
- Cooperate with clients to mitigate impact
- Review and strengthen controls to prevent recurrence
Policy Oversight
Our IT Manager oversees compliance with this policy and ensures alignment with relevant data protection legislation and internal standards.
Summary of Client Rights
As a client of Strategic Grants you have the following rights regarding your personal and organisational data:
- Access and Correction: You may request access to your personal information at any time and ask for corrections or updates if needed.
- Data Deletion: You can request the deletion of your data when it is no longer contractually required, and Strategic Grants will remove it promptly, in accordance with legal obligations.
- Data Security: Your data is protected by robust technical and organisational safeguards, including encryption, access controls, and secure disposal methods.
- Transparency: You will be notified promptly in the event of a data breach affecting your information, and Strategic Grants will cooperate with you to mitigate any impact.
- Responsible Use: Strategic Grants is committed to ethical and responsible use of technology, including AI, ensuring your data is handled transparently and in alignment with legal and ethical standards.
Updates to this notice
We may update this notice from time to time. This information was last updated 5 December 2025.
Contact
For any questions, requests, or concerns regarding this policy or your personal information, please contact us at [email protected] or [email protected]
End of Policy