Legal

Privacy Policy

Effective Date: 01 March 2025Version 1.0

This Privacy Policy explains how Inaix Group collects, uses, and protects your information in connection with the Global AI Adoption Benchmark™ (GAAB), the Enterprise AI Adoption Benchmark, and related benchmarking and advisory services.

1. Introduction and Scope

This Privacy Policy ("Policy") relates to the personal information we collect when you complete a GAAB assessment, engage the Enterprise AI Adoption Benchmark, participate in a benchmarking cohort, receive benchmark reports, or otherwise interact with Inaix Group in connection with these services. We are committed to transparency about the types of information we collect, how we use it, with whom we share it, and your rights regarding your personal information.

1.1 Application of This Policy

This Policy applies to:

  1. Users completing the Global AI Adoption Benchmark™ (GAAB) assessment;
  2. Enterprise clients engaging the Enterprise AI Adoption Benchmark;
  3. Participants in benchmarking cohorts and follow-on advisory engagements;
  4. Recipients of GAAB communications and benchmark reports;
  5. Visitors to GAAB websites operated by Inaix Group.

1.2 Services Covered

This Policy applies only to information collected through:

  1. The Global AI Adoption Benchmark™ website and assessment;
  2. Enterprise AI Adoption Benchmark engagements;
  3. Related benchmarking and advisory services provided by Inaix Group;
  4. Direct interactions with the GAAB team.

It does not apply to information collected through other means or by third-party services, except where specifically noted.

1.3 Global Compliance

Inaix Group is committed to complying with applicable privacy laws worldwide, including:

  1. Australian Privacy Act 1988 (Cth);
  2. European Union General Data Protection Regulation (GDPR);
  3. California Consumer Privacy Act (CCPA);
  4. Other relevant privacy laws in jurisdictions where we operate.

2. Information About Us

2.1 Data Controller Information

In relation to the personal information we collect about you, Inaix Group ABN 12 669 302 863 ("Inaix Group", "we", "us", "our") determines how your personal information is handled and used. Inaix Group operates the Global AI Adoption Benchmark™ (GAAB) and the Enterprise AI Adoption Benchmark, and provides related benchmarking and advisory services.

2.2 Contact Information

Postal Address: PO Box 731, Gordon, NSW, 2072, Australia

Email: gaab-privacy@inaixgroup.com

Websites:

2.3 Data Controller Designation

For users within the EU, EEA, UK, Switzerland and other countries under GDPR law (the "GDPR Areas"), Inaix Group is your "data controller" and determines how personal information about you is processed in relation to your use of our services.

3. Information We Collect

We collect personal and non-personal information from you in three primary ways:

  1. Information you provide directly through forms, registrations, and interactions;
  2. Information collected automatically through cookies and tracking technologies;
  3. Information provided to us by third parties with your consent.

3.1 Information You Provide Directly

3.1.1 Registration and Account Information

To create an account or profile, we require:

  1. Full name and contact details (email address, phone number);
  2. Country of location and business address;
  3. Company information (if applicable), including company name, ABN/tax ID, physical and postal addresses, website links;
  4. Professional role and industry information;
  5. Other information you provide when completing your profile.

3.1.2 Service Usage Information

When using our services, we collect:

  1. Responses you submit through GAAB and Enterprise AI Adoption Benchmark assessments;
  2. Communications and correspondence with our team;
  3. Support requests and feedback;
  4. Event and webinar registrations and participation information.

Assessment responses are also used to produce anonymous aggregate benchmarks — see §4.5 below.

3.1.3 Payment Information

For paid services, we may collect:

  1. Payment method details (processed securely through third-party payment processors);
  2. Billing addresses and contact information;
  3. Transaction history and subscription details.

Note: Credit card information is processed solely by our payment service providers (such as Stripe) in accordance with their privacy policies.

3.2 Information Collected Automatically

3.2.1 Technical Information

When you access our services, we automatically collect:

  1. Device information (IP address, device type, operating system, browser type);
  2. Usage analytics (pages visited, features used, time spent, click patterns);
  3. Location data (based on IP address);
  4. Session information and user preferences.

3.2.2 Analytics Tools

We use analytics services including Google Analytics to collect aggregate usage information. This helps us understand how our services are used and improve user experience.

3.3 Information from Third Parties

We may collect information about you from:

  1. Authentication services (such as Google OAuth) when you use single sign-on;
  2. Third-party integrations you authorize through our platforms;
  3. Business partners and referral sources;
  4. Publicly available sources for business contact verification;
  5. Other users who mention you in content or invite you to our services.

3.4 Device Permissions

With your consent, we may request access to:

  1. Contact lists (for invitation features);
  2. Camera and photo gallery (for content uploads);
  3. Notifications (for service alerts and updates);
  4. Location services (where relevant to service functionality).

You can withdraw these permissions at any time through your device settings.

4. How We Use Your Information

4.1 Primary Purposes

We collect and use personal information to:

  1. Provide and maintain our services;
  2. Process registrations and manage user accounts;
  3. Facilitate communications and interactions;
  4. Process payments and manage subscriptions;
  5. Provide customer support and technical assistance;
  6. Improve and develop our services and features.

4.2 Communication Purposes

We use your contact information to:

  1. Respond to inquiries, complaints, and support requests;
  2. Send administrative messages about service changes, updates, or security matters;
  3. Provide account notifications and service-related updates;
  4. Send newsletters and marketing communications (with your consent);
  5. Deliver verification codes for identity authentication.

4.3 Business Operations

We may use your information for:

  1. Legal compliance and regulatory reporting;
  2. Fraud prevention and security monitoring;
  3. Enforcement of our Terms and Conditions;
  4. Business analytics and performance measurement;
  5. Market research and service improvement.

4.4 Marketing and Promotional Activities

With appropriate consent, we may use your information to:

  1. Send promotional materials about our services;
  2. Invite you to events, webinars, and workshops;
  3. Share relevant industry insights and thought leadership content;
  4. Conduct market research and surveys.

4.5 Benchmarking and Aggregate Analysis

Responses provided through GAAB and Enterprise AI Adoption Benchmark assessments are used to produce anonymous aggregate benchmarks across geography, industry sector, and organisation size. Aggregate benchmarking outputs do not contain personally identifiable information and cannot be used to identify any individual or organisation. Aggregate, de-identified data may be retained indefinitely to maintain longitudinal benchmarks and improve the global cohort dataset.

5. Legal Bases For Processing

5.1 GDPR Legal Bases

For users in GDPR Areas, we process personal information based on:

5.1.1 Contract Performance

Most personal information is processed to perform our contractual obligations and provide the services you have requested.

5.1.2 Legitimate Interests

We process some information based on our legitimate business interests, including:

  1. Service security and fraud prevention;
  2. Analytics and service improvement;
  3. Direct marketing to existing clients;
  4. Business operations and administration.

5.1.3 Consent

We rely on your explicit consent for:

  1. Marketing communications to prospects;
  2. Device permissions and data access;
  3. Cookies and tracking technologies (where required);
  4. Special categories of personal data (if applicable).

5.1.4 Legal Obligations

We process information to comply with:

  1. Tax and accounting requirements;
  2. Regulatory reporting obligations;
  3. Law enforcement requests;
  4. Court orders and legal proceedings.

6. Data Retention

6.1 Retention Principles

We retain personal information only as long as necessary for the purposes for which it was collected, unless:

  1. Longer retention is required by law;
  2. Information is needed for legal proceedings;
  3. Retention is necessary for business continuity.

6.2 Specific Retention Periods

6.2.1 Account Information

Account and registration information is retained until you request deletion or your account is terminated.

6.2.2 Communication Records

Email communications and support records are retained for seven (7) years for business and legal compliance purposes.

6.2.3 Payment Information

Payment and transaction records are retained as required by tax and accounting laws (typically seven years in Australia).

6.2.4 Content and Interactions

User-generated content, posts, and platform interactions may persist indefinitely as part of the service functionality.

6.3 Data Deletion

Upon account termination or deletion request:

  1. We will delete personal information where technically feasible;
  2. Some information may remain in backups and archives;
  3. Information required for legal compliance will be retained as necessary;
  4. Anonymized data may be retained for analytics purposes.

7. Disclosure of Personal Information

7.1 General Principle

We do not sell personal information to third parties for profit. We only share personal information in the limited circumstances described below.

7.2 Service Providers and Sub-Processors

We share information with trusted service providers who assist in delivering our services, including:

7.2.1 Technology Partners

  1. Google (authentication, analytics, cloud services);
  2. Stripe (payment processing);
  3. Mailgun (email delivery);
  4. ClickUp (project management);
  5. Twilio (communications);
  6. AI service providers (OpenAI, Anthropic, Cohere, xAI);
  7. Cloud infrastructure providers;
  8. Other service providers as specified in our Terms and Conditions.

7.2.2 Service Provider Obligations

All service providers are contractually required to:

  1. Maintain confidentiality of personal information;
  2. Use information only for providing services to us;
  3. Implement appropriate security measures;
  4. Comply with applicable privacy laws.

7.3 Business Operations

We may share information with:

  1. Professional advisors (lawyers, accountants, consultants);
  2. Business partners for joint service delivery;
  3. Potential acquirers in business transactions;
  4. Related entities within the Inaix Group.

7.4 Public Disclosure

Information may be publicly visible when you:

  1. Create public profiles or content;
  2. Participate in forums or community features;
  3. Engage in public interactions on our platforms;
  4. Consent to use of your information in case studies or testimonials.

7.5 Legal Requirements

We may disclose information when required by:

  1. Court orders, subpoenas, or legal process;
  2. Law enforcement agencies;
  3. Regulatory authorities;
  4. Legal obligations under applicable laws.

We may also disclose information to:

  1. Investigate suspected illegal activities;
  2. Enforce our Terms and Conditions;
  3. Protect our rights, property, or safety;
  4. Protect the rights and safety of our users or the public.

8. International Data Transfers

8.1 Cross-Border Transfers

Inaix Group operates globally and may transfer personal information to countries outside your jurisdiction, including:

  1. Australia (our primary operations base);
  2. United States (cloud services and technology partners);
  3. Other countries where our service providers operate.

8.2 Transfer Safeguards

When transferring personal information internationally, we ensure appropriate safeguards through:

8.2.1 GDPR Transfers

For transfers from GDPR Areas, we use:

  1. European Commission adequacy decisions;
  2. Standard Contractual Clauses (SCCs);
  3. Other approved transfer mechanisms.

8.2.2 General Protections

For all transfers, we ensure:

  1. Contractual data protection obligations;
  2. Appropriate technical and organizational measures;
  3. Compliance with applicable privacy laws;
  4. Regular review of transfer arrangements.

9. Cookies and Tracking Technologies

9.1 Use of Cookies

We use cookies and similar tracking technologies to:

  1. Authenticate users and maintain sessions;
  2. Remember user preferences and settings;
  3. Analyze website usage and performance;
  4. Deliver personalized content and advertisements;
  5. Enhance security and prevent fraud.

9.2 Types of Cookies

9.2.1 Essential Cookies

Required for basic website functionality, including:

  1. Session management and authentication;
  2. Security features;
  3. Load balancing and performance optimization.

9.2.2 Analytics Cookies

Used to understand how visitors use our website:

  1. Google Analytics and similar services;
  2. Performance monitoring tools;
  3. User behavior analysis.

9.2.3 Marketing Cookies

Used for advertising and promotional purposes:

  1. Targeted advertising delivery;
  2. Social media integration;
  3. Campaign effectiveness measurement.

9.3 Cookie Management

You can control cookies through:

  1. Browser settings and preferences;
  2. Our cookie consent management tools;
  3. Opt-out mechanisms provided by analytics services;
  4. Industry opt-out services.

Note: Disabling essential cookies may affect website functionality.

10. Data Security

10.1 Security Measures

We implement comprehensive security measures to protect personal information, including:

10.1.1 Technical Safeguards

  1. Encryption of data in transit and at rest using industry-standard protocols (SSL/TLS);
  2. Secure authentication systems including two-factor authentication options;
  3. Regular security monitoring and vulnerability assessments;
  4. Access controls and user permission management;
  5. Secure data backup and recovery systems.

10.1.2 Organizational Safeguards

  1. Employee training on data protection and privacy;
  2. Background checks for personnel with data access;
  3. Confidentiality agreements and data handling policies;
  4. Regular review and updating of security procedures;
  5. Incident response and breach notification procedures.

10.2 Security Limitations

While we implement robust security measures:

  1. No internet-based system is completely secure;
  2. We cannot guarantee absolute security of personal information;
  3. Users are responsible for maintaining the security of their account credentials;
  4. Third-party service security is governed by their respective policies.

10.3 Data Breach Response

In the event of a data breach:

  1. We will investigate and contain the incident promptly;
  2. Affected individuals will be notified as required by law;
  3. Relevant authorities will be notified within required timeframes;
  4. We will take steps to prevent future incidents.

11. Your Rights and Choices

11.1 Access and Correction Rights

You have the right to:

  1. Access personal information we hold about you;
  2. Request correction of inaccurate or incomplete information;
  3. Receive a copy of your personal information in a portable format;
  4. Update your account information and preferences.

11.2 Deletion and Restriction Rights

You may request to:

  1. Delete your personal information (subject to legal retention requirements);
  2. Restrict processing of your personal information;
  3. Object to processing based on legitimate interests;
  4. Close your account and remove associated data.

11.3 GDPR-Specific Rights

For users in GDPR Areas, you additionally have the right to:

11.3.1 Data Portability

Receive your personal information in a structured, commonly used format and transfer it to another service provider.

11.3.2 Automated Decision-Making

Object to decisions based solely on automated processing, including profiling, that produce legal or significant effects.

11.3.3 Consent Withdrawal

Withdraw consent for processing based on consent (without affecting the lawfulness of processing before withdrawal).

11.4 Marketing Communications

You can opt out of marketing communications by:

  1. Using unsubscribe links in emails;
  2. Updating your account preferences;
  3. Contacting us directly;
  4. Managing cookie preferences for advertising.

11.5 Exercising Your Rights

To exercise any of these rights:

  1. Contact us at gaab-privacy@inaixgroup.com;
  2. Use account management features where available;
  3. Provide verification of your identity as required;
  4. Specify the nature of your request clearly.

We will respond to valid requests within:

  1. 30 days for general requests;
  2. One month for GDPR requests (extendable to three months for complex requests);
  3. Timeframes required by applicable law.

12. California and Nevada Privacy Rights

12.1 California Consumer Privacy Act (CCPA)

California residents have the right to:

12.1.1 Information Rights

  1. Know what personal information we collect, use, disclose, and sell;
  2. Access specific pieces of personal information we have collected;
  3. Request deletion of personal information (subject to exceptions);
  4. Opt-out of the sale of personal information (we do not sell personal information).

12.1.2 Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

12.1.3 Authorized Agents

You may designate an authorized agent to make requests on your behalf, subject to verification requirements.

12.2 Nevada Privacy Rights

Nevada residents may opt out of the sale of personal information. We do not sell personal information, but if you wish to make such a request, contact us at gaab-privacy@inaixgroup.com.

13. Children's Privacy

13.1 Age Restrictions

Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16.

13.2 Parental Notice

If we become aware that we have collected personal information from a child under 16:

  1. We will delete such information promptly;
  2. We will not use the information for any purpose;
  3. Parents may contact us to request deletion of their child's information.

14. Third-Party Links and Services

14.1 External Links

Our services may contain links to third-party websites, applications, or services. This Policy does not apply to such third-party services.

14.2 Third-Party Responsibility

We are not responsible for:

  1. Privacy practices of third-party services;
  2. Content or functionality of external websites;
  3. Data collection by third-party advertisers or analytics services.

14.3 Recommendation

We recommend reviewing the privacy policies of any third-party services you use in connection with our services.

15. Changes To This Policy

15.1 Policy Updates

We may update this Policy from time to time to reflect:

  1. Changes in our services or business practices;
  2. Updates to applicable privacy laws;
  3. Feedback from users and stakeholders;
  4. Evolution of technology and security practices.

15.2 Notification of Changes

When we make material changes:

  1. We will update the "Effective Date" at the top of this Policy;
  2. We will notify users via email or prominent notice on our website;
  3. For significant changes, we may seek renewed consent where required;
  4. Changes will take effect as specified in the notification.

15.3 Continued Use

Your continued use of our services after policy changes indicates acceptance of the updated Policy.

16. Contact Information

16.1 Privacy Inquiries

For questions, requests, or concerns about this Policy or our privacy practices:

Email: gaab-privacy@inaixgroup.com

Postal Address: PO Box 731, Gordon, NSW, 2072, Australia

16.2 Data Protection Officer

For GDPR-related inquiries, you may contact our Data Protection Officer at gaab-privacy@inaixgroup.com.

16.3 Supervisory Authorities

If you are in a GDPR Area and are unsatisfied with our response to your privacy concerns, you have the right to lodge a complaint with your local supervisory authority.

16.4 Response Times

We aim to respond to privacy inquiries within:

  1. 5 business days for acknowledgment;
  2. 30 days for substantive responses;
  3. Timeframes required by applicable law.