Privacy Policy
This Privacy Policy explains how Inaix Group collects, uses, and protects your information in connection with the Global AI Adoption Benchmark™ (GAAB), the Enterprise AI Adoption Benchmark, and related benchmarking and advisory services.
1. Introduction and Scope
This Privacy Policy ("Policy") relates to the personal information we collect when you complete a GAAB assessment, engage the Enterprise AI Adoption Benchmark, participate in a benchmarking cohort, receive benchmark reports, or otherwise interact with Inaix Group in connection with these services. We are committed to transparency about the types of information we collect, how we use it, with whom we share it, and your rights regarding your personal information.
1.1 Application of This Policy
This Policy applies to:
- Users completing the Global AI Adoption Benchmark™ (GAAB) assessment;
- Enterprise clients engaging the Enterprise AI Adoption Benchmark;
- Participants in benchmarking cohorts and follow-on advisory engagements;
- Recipients of GAAB communications and benchmark reports;
- Visitors to GAAB websites operated by Inaix Group.
1.2 Services Covered
This Policy applies only to information collected through:
- The Global AI Adoption Benchmark™ website and assessment;
- Enterprise AI Adoption Benchmark engagements;
- Related benchmarking and advisory services provided by Inaix Group;
- Direct interactions with the GAAB team.
It does not apply to information collected through other means or by third-party services, except where specifically noted.
1.3 Global Compliance
Inaix Group is committed to complying with applicable privacy laws worldwide, including:
- Australian Privacy Act 1988 (Cth);
- European Union General Data Protection Regulation (GDPR);
- California Consumer Privacy Act (CCPA);
- Other relevant privacy laws in jurisdictions where we operate.
2. Information About Us
2.1 Data Controller Information
In relation to the personal information we collect about you, Inaix Group ABN 12 669 302 863 ("Inaix Group", "we", "us", "our") determines how your personal information is handled and used. Inaix Group operates the Global AI Adoption Benchmark™ (GAAB) and the Enterprise AI Adoption Benchmark, and provides related benchmarking and advisory services.
2.2 Contact Information
Postal Address: PO Box 731, Gordon, NSW, 2072, Australia
Email: gaab-privacy@inaixgroup.com
Websites:
2.3 Data Controller Designation
For users within the EU, EEA, UK, Switzerland and other countries under GDPR law (the "GDPR Areas"), Inaix Group is your "data controller" and determines how personal information about you is processed in relation to your use of our services.
3. Information We Collect
We collect personal and non-personal information from you in three primary ways:
- Information you provide directly through forms, registrations, and interactions;
- Information collected automatically through cookies and tracking technologies;
- Information provided to us by third parties with your consent.
3.1 Information You Provide Directly
3.1.1 Registration and Account Information
To create an account or profile, we require:
- Full name and contact details (email address, phone number);
- Country of location and business address;
- Company information (if applicable), including company name, ABN/tax ID, physical and postal addresses, website links;
- Professional role and industry information;
- Other information you provide when completing your profile.
3.1.2 Service Usage Information
When using our services, we collect:
- Responses you submit through GAAB and Enterprise AI Adoption Benchmark assessments;
- Communications and correspondence with our team;
- Support requests and feedback;
- Event and webinar registrations and participation information.
Assessment responses are also used to produce anonymous aggregate benchmarks — see §4.5 below.
3.1.3 Payment Information
For paid services, we may collect:
- Payment method details (processed securely through third-party payment processors);
- Billing addresses and contact information;
- Transaction history and subscription details.
Note: Credit card information is processed solely by our payment service providers (such as Stripe) in accordance with their privacy policies.
3.2 Information Collected Automatically
3.2.1 Technical Information
When you access our services, we automatically collect:
- Device information (IP address, device type, operating system, browser type);
- Usage analytics (pages visited, features used, time spent, click patterns);
- Location data (based on IP address);
- Session information and user preferences.
3.2.2 Analytics Tools
We use analytics services including Google Analytics to collect aggregate usage information. This helps us understand how our services are used and improve user experience.
3.3 Information from Third Parties
We may collect information about you from:
- Authentication services (such as Google OAuth) when you use single sign-on;
- Third-party integrations you authorize through our platforms;
- Business partners and referral sources;
- Publicly available sources for business contact verification;
- Other users who mention you in content or invite you to our services.
3.4 Device Permissions
With your consent, we may request access to:
- Contact lists (for invitation features);
- Camera and photo gallery (for content uploads);
- Notifications (for service alerts and updates);
- Location services (where relevant to service functionality).
You can withdraw these permissions at any time through your device settings.
4. How We Use Your Information
4.1 Primary Purposes
We collect and use personal information to:
- Provide and maintain our services;
- Process registrations and manage user accounts;
- Facilitate communications and interactions;
- Process payments and manage subscriptions;
- Provide customer support and technical assistance;
- Improve and develop our services and features.
4.2 Communication Purposes
We use your contact information to:
- Respond to inquiries, complaints, and support requests;
- Send administrative messages about service changes, updates, or security matters;
- Provide account notifications and service-related updates;
- Send newsletters and marketing communications (with your consent);
- Deliver verification codes for identity authentication.
4.3 Business Operations
We may use your information for:
- Legal compliance and regulatory reporting;
- Fraud prevention and security monitoring;
- Enforcement of our Terms and Conditions;
- Business analytics and performance measurement;
- Market research and service improvement.
4.4 Marketing and Promotional Activities
With appropriate consent, we may use your information to:
- Send promotional materials about our services;
- Invite you to events, webinars, and workshops;
- Share relevant industry insights and thought leadership content;
- Conduct market research and surveys.
4.5 Benchmarking and Aggregate Analysis
Responses provided through GAAB and Enterprise AI Adoption Benchmark assessments are used to produce anonymous aggregate benchmarks across geography, industry sector, and organisation size. Aggregate benchmarking outputs do not contain personally identifiable information and cannot be used to identify any individual or organisation. Aggregate, de-identified data may be retained indefinitely to maintain longitudinal benchmarks and improve the global cohort dataset.
5. Legal Bases For Processing
5.1 GDPR Legal Bases
For users in GDPR Areas, we process personal information based on:
5.1.1 Contract Performance
Most personal information is processed to perform our contractual obligations and provide the services you have requested.
5.1.2 Legitimate Interests
We process some information based on our legitimate business interests, including:
- Service security and fraud prevention;
- Analytics and service improvement;
- Direct marketing to existing clients;
- Business operations and administration.
5.1.3 Consent
We rely on your explicit consent for:
- Marketing communications to prospects;
- Device permissions and data access;
- Cookies and tracking technologies (where required);
- Special categories of personal data (if applicable).
5.1.4 Legal Obligations
We process information to comply with:
- Tax and accounting requirements;
- Regulatory reporting obligations;
- Law enforcement requests;
- Court orders and legal proceedings.
6. Data Retention
6.1 Retention Principles
We retain personal information only as long as necessary for the purposes for which it was collected, unless:
- Longer retention is required by law;
- Information is needed for legal proceedings;
- Retention is necessary for business continuity.
6.2 Specific Retention Periods
6.2.1 Account Information
Account and registration information is retained until you request deletion or your account is terminated.
6.2.2 Communication Records
Email communications and support records are retained for seven (7) years for business and legal compliance purposes.
6.2.3 Payment Information
Payment and transaction records are retained as required by tax and accounting laws (typically seven years in Australia).
6.2.4 Content and Interactions
User-generated content, posts, and platform interactions may persist indefinitely as part of the service functionality.
6.3 Data Deletion
Upon account termination or deletion request:
- We will delete personal information where technically feasible;
- Some information may remain in backups and archives;
- Information required for legal compliance will be retained as necessary;
- Anonymized data may be retained for analytics purposes.
7. Disclosure of Personal Information
7.1 General Principle
We do not sell personal information to third parties for profit. We only share personal information in the limited circumstances described below.
7.2 Service Providers and Sub-Processors
We share information with trusted service providers who assist in delivering our services, including:
7.2.1 Technology Partners
- Google (authentication, analytics, cloud services);
- Stripe (payment processing);
- Mailgun (email delivery);
- ClickUp (project management);
- Twilio (communications);
- AI service providers (OpenAI, Anthropic, Cohere, xAI);
- Cloud infrastructure providers;
- Other service providers as specified in our Terms and Conditions.
7.2.2 Service Provider Obligations
All service providers are contractually required to:
- Maintain confidentiality of personal information;
- Use information only for providing services to us;
- Implement appropriate security measures;
- Comply with applicable privacy laws.
7.3 Business Operations
We may share information with:
- Professional advisors (lawyers, accountants, consultants);
- Business partners for joint service delivery;
- Potential acquirers in business transactions;
- Related entities within the Inaix Group.
7.4 Public Disclosure
Information may be publicly visible when you:
- Create public profiles or content;
- Participate in forums or community features;
- Engage in public interactions on our platforms;
- Consent to use of your information in case studies or testimonials.
7.5 Legal Requirements
We may disclose information when required by:
- Court orders, subpoenas, or legal process;
- Law enforcement agencies;
- Regulatory authorities;
- Legal obligations under applicable laws.
We may also disclose information to:
- Investigate suspected illegal activities;
- Enforce our Terms and Conditions;
- Protect our rights, property, or safety;
- Protect the rights and safety of our users or the public.
8. International Data Transfers
8.1 Cross-Border Transfers
Inaix Group operates globally and may transfer personal information to countries outside your jurisdiction, including:
- Australia (our primary operations base);
- United States (cloud services and technology partners);
- Other countries where our service providers operate.
8.2 Transfer Safeguards
When transferring personal information internationally, we ensure appropriate safeguards through:
8.2.1 GDPR Transfers
For transfers from GDPR Areas, we use:
- European Commission adequacy decisions;
- Standard Contractual Clauses (SCCs);
- Other approved transfer mechanisms.
8.2.2 General Protections
For all transfers, we ensure:
- Contractual data protection obligations;
- Appropriate technical and organizational measures;
- Compliance with applicable privacy laws;
- Regular review of transfer arrangements.
9. Cookies and Tracking Technologies
9.1 Use of Cookies
We use cookies and similar tracking technologies to:
- Authenticate users and maintain sessions;
- Remember user preferences and settings;
- Analyze website usage and performance;
- Deliver personalized content and advertisements;
- Enhance security and prevent fraud.
9.2 Types of Cookies
9.2.1 Essential Cookies
Required for basic website functionality, including:
- Session management and authentication;
- Security features;
- Load balancing and performance optimization.
9.2.2 Analytics Cookies
Used to understand how visitors use our website:
- Google Analytics and similar services;
- Performance monitoring tools;
- User behavior analysis.
9.2.3 Marketing Cookies
Used for advertising and promotional purposes:
- Targeted advertising delivery;
- Social media integration;
- Campaign effectiveness measurement.
9.3 Cookie Management
You can control cookies through:
- Browser settings and preferences;
- Our cookie consent management tools;
- Opt-out mechanisms provided by analytics services;
- Industry opt-out services.
Note: Disabling essential cookies may affect website functionality.
10. Data Security
10.1 Security Measures
We implement comprehensive security measures to protect personal information, including:
10.1.1 Technical Safeguards
- Encryption of data in transit and at rest using industry-standard protocols (SSL/TLS);
- Secure authentication systems including two-factor authentication options;
- Regular security monitoring and vulnerability assessments;
- Access controls and user permission management;
- Secure data backup and recovery systems.
10.1.2 Organizational Safeguards
- Employee training on data protection and privacy;
- Background checks for personnel with data access;
- Confidentiality agreements and data handling policies;
- Regular review and updating of security procedures;
- Incident response and breach notification procedures.
10.2 Security Limitations
While we implement robust security measures:
- No internet-based system is completely secure;
- We cannot guarantee absolute security of personal information;
- Users are responsible for maintaining the security of their account credentials;
- Third-party service security is governed by their respective policies.
10.3 Data Breach Response
In the event of a data breach:
- We will investigate and contain the incident promptly;
- Affected individuals will be notified as required by law;
- Relevant authorities will be notified within required timeframes;
- We will take steps to prevent future incidents.
11. Your Rights and Choices
11.1 Access and Correction Rights
You have the right to:
- Access personal information we hold about you;
- Request correction of inaccurate or incomplete information;
- Receive a copy of your personal information in a portable format;
- Update your account information and preferences.
11.2 Deletion and Restriction Rights
You may request to:
- Delete your personal information (subject to legal retention requirements);
- Restrict processing of your personal information;
- Object to processing based on legitimate interests;
- Close your account and remove associated data.
11.3 GDPR-Specific Rights
For users in GDPR Areas, you additionally have the right to:
11.3.1 Data Portability
Receive your personal information in a structured, commonly used format and transfer it to another service provider.
11.3.2 Automated Decision-Making
Object to decisions based solely on automated processing, including profiling, that produce legal or significant effects.
11.3.3 Consent Withdrawal
Withdraw consent for processing based on consent (without affecting the lawfulness of processing before withdrawal).
11.4 Marketing Communications
You can opt out of marketing communications by:
- Using unsubscribe links in emails;
- Updating your account preferences;
- Contacting us directly;
- Managing cookie preferences for advertising.
11.5 Exercising Your Rights
To exercise any of these rights:
- Contact us at gaab-privacy@inaixgroup.com;
- Use account management features where available;
- Provide verification of your identity as required;
- Specify the nature of your request clearly.
We will respond to valid requests within:
- 30 days for general requests;
- One month for GDPR requests (extendable to three months for complex requests);
- Timeframes required by applicable law.
12. California and Nevada Privacy Rights
12.1 California Consumer Privacy Act (CCPA)
California residents have the right to:
12.1.1 Information Rights
- Know what personal information we collect, use, disclose, and sell;
- Access specific pieces of personal information we have collected;
- Request deletion of personal information (subject to exceptions);
- Opt-out of the sale of personal information (we do not sell personal information).
12.1.2 Non-Discrimination
We will not discriminate against you for exercising your CCPA rights.
12.1.3 Authorized Agents
You may designate an authorized agent to make requests on your behalf, subject to verification requirements.
12.2 Nevada Privacy Rights
Nevada residents may opt out of the sale of personal information. We do not sell personal information, but if you wish to make such a request, contact us at gaab-privacy@inaixgroup.com.
13. Children's Privacy
13.1 Age Restrictions
Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16.
13.2 Parental Notice
If we become aware that we have collected personal information from a child under 16:
- We will delete such information promptly;
- We will not use the information for any purpose;
- Parents may contact us to request deletion of their child's information.
14. Third-Party Links and Services
14.1 External Links
Our services may contain links to third-party websites, applications, or services. This Policy does not apply to such third-party services.
14.2 Third-Party Responsibility
We are not responsible for:
- Privacy practices of third-party services;
- Content or functionality of external websites;
- Data collection by third-party advertisers or analytics services.
14.3 Recommendation
We recommend reviewing the privacy policies of any third-party services you use in connection with our services.
15. Changes To This Policy
15.1 Policy Updates
We may update this Policy from time to time to reflect:
- Changes in our services or business practices;
- Updates to applicable privacy laws;
- Feedback from users and stakeholders;
- Evolution of technology and security practices.
15.2 Notification of Changes
When we make material changes:
- We will update the "Effective Date" at the top of this Policy;
- We will notify users via email or prominent notice on our website;
- For significant changes, we may seek renewed consent where required;
- Changes will take effect as specified in the notification.
15.3 Continued Use
Your continued use of our services after policy changes indicates acceptance of the updated Policy.
16. Contact Information
16.1 Privacy Inquiries
For questions, requests, or concerns about this Policy or our privacy practices:
Email: gaab-privacy@inaixgroup.com
Postal Address: PO Box 731, Gordon, NSW, 2072, Australia
16.2 Data Protection Officer
For GDPR-related inquiries, you may contact our Data Protection Officer at gaab-privacy@inaixgroup.com.
16.3 Supervisory Authorities
If you are in a GDPR Area and are unsatisfied with our response to your privacy concerns, you have the right to lodge a complaint with your local supervisory authority.
16.4 Response Times
We aim to respond to privacy inquiries within:
- 5 business days for acknowledgment;
- 30 days for substantive responses;
- Timeframes required by applicable law.