Privacy Policy
Effective Date: March 2026 · Last Updated: March 2026
1. Introduction
BNNOVATE Pty Ltd ("BNNOVATE", "we", "us", or "our") is committed to protecting the privacy of individuals who interact with our services, website, and communications.
This Privacy Policy explains how we collect, hold, use, and disclose personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where we provide services to individuals in the United States, this policy also addresses obligations under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other applicable US federal and state privacy laws.
By using our website at bnnovate.com ("the Website") or engaging our services, you acknowledge that you have read and understood this Privacy Policy.
2. Who We Are
BNNOVATE is a strategy, management, research and development consultancy based in Brisbane, Australia. We serve organisations across Australia, New Zealand, the United Kingdom, the United States, and Canada.
Contact for privacy enquiries:
Privacy Officer
BNNOVATE Pty Ltd
Email: privacy@bnnovate.com.au
3. Information We Collect
3.1 Personal Information
We may collect the following categories of personal information:
Identity and contact information — name, email address, phone number, job title, and company name provided when you submit a contact form, subscribe to our newsletter, or download a resource from our website.
Professional information — your role, organisation, industry, and the nature of your enquiry or engagement, collected during consultations or through our forms.
Technical information — IP address, browser type, device information, pages visited, time spent on pages, and referring URLs, collected automatically when you visit our website through analytics tools and server logs.
Engagement information — records of our communications with you, including email correspondence, meeting notes, and service delivery records, collected during the course of an engagement.
Financial information — billing details and payment information where necessary to process payments for our services. We do not store credit card details on our systems.
3.2 Sensitive Information
We do not intentionally collect sensitive information (as defined under the Privacy Act 1988) such as health information, racial or ethnic origin, political opinions, or biometric data.
3.3 Information from Third Parties
We may receive personal information from third parties in limited circumstances, such as referrals from existing clients or publicly available professional information.
4. How We Collect Information
- Contact forms, newsletter signup forms, and resource download forms on our website
- Email, telephone, and video conferencing communications
- In-person meetings and consultations
- Automated collection through website analytics (see Section 8)
- Third-party referrals and publicly available sources
5. How We Use Your Information
Service delivery — to provide our consulting, advisory, and professional services.
Communication — to respond to your enquiries, schedule consultations, and communicate about our services.
Marketing — to send you our newsletter, insights, and information about our services where you have opted in. You may opt out at any time.
Website improvement — to understand how visitors use our website and to improve the user experience.
Business operations — to manage our internal operations, including billing, record keeping, quality assurance, and compliance.
Legal compliance — to comply with applicable laws, regulations, and professional standards.
6. How We Disclose Your Information
Service providers — third-party providers who assist us in operating our website and delivering our services, including email platforms, CRM systems, analytics providers, and cloud hosting providers.
Professional advisors — our accountants, lawyers, and other professional advisors where necessary.
Partner network — where you have engaged us for services delivered through our partner network, we may share relevant project information with the partner delivering the work.
Legal requirements — where we are required to disclose information by law, regulation, court order, or governmental authority.
We do not sell personal information to third parties.
7. Our Third-Party Service Providers
| Category | Purpose | Data Location |
|---|---|---|
| Website hosting | Hosting and delivery | United States (Vercel) |
| Content management | Managing website content | United States (Sanity) |
| CRM and marketing | Lead management and email | United States (Salesforce / Pardot) |
| Analytics | Website usage analytics | Google Analytics via GTM |
8. Website Analytics and Cookies
We use Google Analytics (via Google Tag Manager) to understand how visitors use our website. We do not use advertising cookies or third-party tracking cookies beyond what is necessary for analytics.
We honour Do Not Track (DNT) browser signals where technically feasible.
9. Data Retention
Enquiry and contact data — retained for 2 years from the last interaction unless an engagement proceeds.
Client and engagement data — retained for 7 years from the completion of the engagement.
Newsletter subscribers — retained until you unsubscribe.
Website analytics data — retained in aggregated form for up to 2 years.
10. Data Security
We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, and disclosure. Our security measures include encryption of data in transit (TLS), access controls, use of reputable cloud service providers, and regular review of our security practices.
11. Your Rights — Australia
Under the Australian Privacy Principles, you have the right to access the personal information we hold about you, request correction of inaccurate information, and lodge a complaint if you believe we have breached the APPs.
Contact our Privacy Officer at privacy@bnnovate.com.au. We will respond within 30 days.
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.
12. Your Rights — United States
California residents have additional rights under the CCPA/CPRA including the right to know, delete, correct, and opt out of sale or sharing of personal information. We do not sell or share personal information for cross-context behavioural advertising.
We comply with applicable state privacy laws including those in Virginia, Colorado, Connecticut, and other states with consumer privacy legislation.
13. Marketing Communications
We send marketing communications only to individuals who have opted in. Every marketing email includes an unsubscribe link. We comply with the Australian Spam Act 2003 and the US CAN-SPAM Act of 2003.
14. Contact Us
If you have questions about this Privacy Policy, wish to exercise your privacy rights, or wish to make a complaint, please contact:
Privacy Officer
BNNOVATE Pty Ltd
Email: privacy@bnnovate.com.au
Website: bnnovate.com/contact