Select Listing Type

    1       PRIVACY OBLIGATIONS

    ICG is an innovative, information-based business which generates business value for Clients and affiliated Consultants through the sophisticated and responsible use of information, including personal information.

    ICG recognises its ethical, legal and commercial obligations to protect the interests of those who trust ICG with personal information, and has implemented formal policies and operational safeguards to ensure that its obligations in this regard are met throughout every part and stage of its operations.

    These policies and operational safeguards are documented herein and so constitute the “ICG Privacy Policy”.

    This policy is designed to provide specific assurances to several audiences, including:

    • Auditors and Regulators seeking to confirm that ICG is in compliance with the Privacy Act 1988 as amended from time to time.
      http://www.comlaw.gov.au/Details/C2012C00414/Html/Text
    • Consultants considering sharing their personal information with ICG, who seek assurance as to how that information would be managed, shared and safeguarded in a responsible way which protects their interests
    • Directors, Affiliates, Members, Employees and Subcontractors to ICG who wish to understand their own responsibilities and obligations as they carry out their functions within ICG’s operational framework
    • Clients who wish to work with a consulting firm that measurably meets or exceeds the privacy compliance requirements of the jurisdictions in which it operates.

    This ICG Privacy Policy is a living document which is updated as internal policies change.  Persons who are affected by ICG Privacy Policy changes will be notified as and when changes occur.

    2       MANAGING ICG PRIVACY POLICY AS A COLLECTIVE ENTITY

    Internal Consulting Group (“ICG”) functions as a collective of related Affiliates, each of which operates both autonomously (in their role as a freelance consultant or often as a distinct boutique proprietary limited), and simultaneously as an Affiliate of the ICG collective (in such roles as ICG Practice Leadership, ICG Sales Affiliates, ICG Hub leaders and so on) in the service of mutual professional development and promotion.

    The specific rights and responsibilities of each member Affiliate in relation to the collective are described in the ICG Affiliate Agreement, to which each Affiliate is a signatory.  Adherence to the obligations of this ICG Privacy Policy is a binding term of the ICG Affiliate Agreement, and a key component of the ICG Professional Code of Conduct & Ethics.

    Accordingly, Personal Information as defined under this agreement is managed by ICG Affiliates as a collective.

    Personal Information disclosed to any one Affiliate of ICG by an individual person is deemed to have been disclosed to the collective, and may be used by any Affiliate within the collective in any manner consistent with the ICG Privacy Policy.

    Personal Information is deemed to have been disclosed by ICG when it is shared beyond the borders of the collective – to a person or entity which is not a signatory to the ICG Affiliate Agreement.

    From a corporate governance perspective, ICG is managed as a series of Pty Ltd companies, operating in a tiered structure from ICG Global operations down to ICG Hub management in various national jurisdictions.

    Liability for a breach of this Privacy Policy, or of any breach of relevant privacy legislation in the Australian jurisdiction, rests with:

    Internal Consulting Group Australia Pty Ltd ABN: 36 150 763 607

    Professional Indemnity insurance is held by this corporate entity as protection against any liability incurred as a result of privacy breach within the ICG collective.             

    3       PERSONAL INFORMATION

     3.1       Personal Information Defined:

    Personal Information (PI) is defined broadly as any information which describes any part of a person’s identity, physical being (eg: physical location), disability, medical condition, genealogy, origins, status, history, actions, associations, or opinions, whether of a professional, financial, transactional, social or private nature.  Some types of Personal Information (such as racial or ethnic origin) falls under the definition of Sensitive Information and must be handled more rigorously than other PI.

    Refer directly to the Privacy Act 1988 as amended to stay abreast of evolving legislative definitions.

    http://www.comlaw.gov.au/Details/C2012C00414/Html/Text

    Throughout this document, the term “consultant” refers to individual persons participating in the ICG model at every stage of their association with ICG, from being a Friend, through Member, Affiliate, Practice Leader, Fellow or Alumni – or any other designation which ICG may use from time to time.

    3.2       Reasonable Use of Consultant Personal Information:

    Consultants join the ICG network with the implicit intention of networking with other consultants and of being exposed to and connected with buyers of their personal or boutique professional consulting services.  This connection may be direct (for example, the supply of professional labour) or indirect (for example, through the sale of intellectual property).

    Reasonable use of a consultant’s Personal Information is defined as anything which furthers their networking or client interactions through considered and professionally appropriate exposure.  This includes the promotion of consultants by other consultants within the ICG Network, for example in their capacity as ICG Sales Affiliates (either retail or wholesale) in a manner consistent with the privacy principles and practices expressed in this document.

    By becoming an Affiliate of ICG, a consultant consents to the reasonable use of their Personal Information in this way.

     3.3       Commercially Sensitive Information (CSI)

    Personal Information (PI) is not to be confused or conflated with Commercially Sensitive Information (CSI).  PI protocols described in this document are designed for the protection of individual privacy, and should not be confused with protections for Commercially Sensitive Information (CSI).

    The key difference between PI and CSI is that the ownership and control of Personal Information rests ultimately and irrevocably with the individual (not ICG), while CSI does not concern the private details of specific individuals and generally attaches to a business entity.  For example, Intellectual Property owned by a consultant is not protected under the terms of this ICG Privacy Policy, but instead is protected under the terms of the ICG Affiliate Agreement.

    Protections for Commercially Sensitive Information owned by ICG are detailed in the ICG Head Agreement and ICG Affiliate Agreements.

     4       DATA STORAGE, SHARING AND PROTECTION

    ICG stores the personal information it collects on Google’s cloud data service Google Drive.  ICG advises Affiliates that any personal information they disclose to ICG is accessible to third parties, including Google and its partners, according to the terms of the Google Drive Terms of Service.

    Google Drive Terms of Service:

    http://www.google.com/policies/terms/

    Google is an international company with data centres in many locations around the world.  In keeping with its obligations under the Australian Privacy Act 1988, ICG discloses that Google in its various offices around the world is an international recipient of personal information shared by consultants.

    Google Drive files are physically stored in the following global locations:

    http://www.google.com.au/about/datacenters/gallery/#/places

    Excerpt from Google Drive Terms of Service (for commercial Google Apps customers):

     What do Google’s Terms of Service mean for the files I upload to Google Drive?

    As our Terms of Service state, “You retain ownership of any intellectual property rights that you hold in that content. In short, what belongs to you stays yours.”

    We do not claim ownership in any of your content, including any text, data, information, and files that you upload, share, or store in your Drive account. What our Terms of Service do is enable us to give you the services you want — so if you decide to share a document with someone, or want to open it on a different device, we can provide that functionality.

     4.1       Affiliate Consents to the Use of Google Drive

    Once uploaded to the Google Drive platform, further propagation of personal consultant information is facilitated by means of the Google Drive administration interface, via which ICG Affiliates set file permissions which allow access to personal information by other ICG Affiliates and Third Parties.

    ICG advises Affiliates that any personal information they disclose to ICG may be uploaded to Google Drive and so become accessible and therefore disclosed to any ICG Affiliate or Third Party with permission to access relevant files on Google Drive. Personal information stored on Google Drive is most frequently accessed by Sales Affiliates seeking to connect Affiliates with potential Clients who may require consulting services.  Other reasons personal information may be accessed from the Google Drive include inviting Affiliates to participate in ICG events, providing updates on the evolution of the ICG business model, or informing Affiliates of changes which affect them (for example, changes to the Affiliate Agreement or to this Privacy Policy).

    By means of the ICG Affiliate Agreement, the Affiliate grants their consent to their personal information being disclosed via these mechanisms to international recipients and third parties with access to Google Drive files.

    Google Privacy Policy:

    http://www.google.com/policies/privacy/

     Ways in which Google uses personal information: http://www.google.com/policies/privacy/#infouse

    How we (Google) use information we collect

    We use the information we collect from all of our services to provide, maintain, protect and improve them, to develop new ones, and to protect Google and our users. We also use this information to offer you tailored content – like giving you more relevant search results and ads.

    We may use the name you provide for your Google Profile across all of the services we offer that require a Google Account. In addition, we may replace past names associated with your Google Account so that you are represented consistently across all our services. If other users already have your email, or other information that identifies you, we may show them your publicly visible Google Profile information, such as your name and photo.

    When you contact Google, we may keep a record of your communication to help solve any issues you might be facing. We may use your email address to inform you about our services, such as letting you know about upcoming changes or improvements.

    We use information collected from cookies and other technologies, like pixel tags, to improve your user experience and the overall quality of our services. For example, by saving your language preferences, we’ll be able to have our services appear in the language you prefer. When showing you tailored ads, we will not associate a cookie or anonymous identifier with sensitive categories, such as those based on race, religion, sexual orientation or health.

    We may combine personal information from one service with information, including personal information, from other Google services – for example to make it easier to share things with people you know. We will not combine DoubleClick cookie information with personally identifiable information unless we have your opt-in consent.

    We will ask for your consent before using information for a purpose other than those that are set out in this Privacy Policy.

    Google processes personal information on our servers in many countries around the world. We may process your personal information on a server located outside the country where you live.

    5       EMAIL COMMUNICATION

    ICG provides free email addresses for personal use of each Affiliate, managed via the internalconsulting.com domain.

    ICG email addresses are in the form:

    <firstname>.<lastname>@internalconsulting.com

    ICG uses Google Mail, a web- and cloud-based application serviced by Google, as the platform for all ICG email addresses.  In selecting Google as its email service provider, ICG has agreed to the Google platform Terms of Service.

    Through the Google Terms of Service, ICG, Google and others are granted the legal right to read your email communication and to use the content of your emails to implement additional user services.  Examples are services such as recording search history, ad targeting and providing the means for others to communicate with you who would otherwise not have your email address.

    Further details are available under Google’s Information Sharing Policy:

    http://www.google.com/policies/privacy/#infosharing

    Under the Gmail Terms of Service, and using administrative tools provided by Google or third parties,

    ICG’s email administrators are granted the legal right and technical means to read the contents of Affiliate email (for example, for backup purposes or to confirm corporate policy is being followed, such as ICG Privacy Policy).

    However, in order that the privacy of Affiliate email may be appropriately and reasonably protected while in control of ICG, ICG and its email administrators are committed to a formal policy of never reading, copying, backing up, redirecting or otherwise accessing Affiliate email on the internalconsulting.com. domain, unless such access is requested directly by the Affiliate in writing, or unless ICG receives an access request from a law enforcement agency with legitimate jurisdiction and power to so request.  In cases of such access, ICG and its email administrators commit to inform both the ICG Global Partners and the affected Affiliate of said access as soon as practicable.

    5.1       Consultant consents to sharing of Email communication

    ICG consultants who use the ICG email service (using the internalconsulting.com domain) are deemed to have consented to the use and sharing of their email communication with ICG Directors, ICG email administrators and technical staff, with Google, and with Third Parties in partnership with Google (such as ad-serve and search tracking companies).

    Extract from the Google Terms of Service for Email Users

    We will share your personal information:

    We will share personal information with companies, organizations or individuals outside of Google when we have your consent to do so. We require opt-in consent for the sharing of any sensitive personal information.

    With [ICG] domain administrators

    If your Google Account is managed for you by a domain administrator (for example, for Google Apps users) then your domain administrator and resellers who provide user support to your organization will have access to your Google Account information (including your email and other data). Your domain administrator may be able to:

    •       view statistics regarding your account, like statistics regarding applications you install.

    •       change your account password.

    •       suspend or terminate your account access.

    •       access or retain information stored as part of your account.

    •       receive your account information in order to satisfy applicable law, regulation, legal process or enforceable governmental request.

    •       restrict your ability to delete or edit information or privacy settings.

    Please refer to your domain administrator’s privacy policy for more information.

    For external processing

    We provide personal information to our affiliates or other trusted businesses or persons to process it for us, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures.

    With partners

    We may share aggregated, non-personally identifiable information publicly and with our partners – like publishers, advertisers or connected sites. For example, we may share information publicly to show trends about the general use of our services.

    In case of Acquisition

    If Google is involved in a merger, acquisition or asset sale, we will continue to ensure the confidentiality of any personal information and give affected users notice before personal information is transferred or becomes subject to a different privacy policy.

     NOTE ON ICG EMAIL POICY (notwithstanding Google’s terms of service above):

     In order that the privacy of Affiliate email may be appropriately and reasonably protected while in control of ICG, ICG and its email administrators are committed to a formal policy of never reading, copying, backing up, redirecting or otherwise accessing Affiliate email on the internalconsulting.com. domain unless such access is requested directly by the Affiliate in writing, or unless ICG receives an access request from a law enforcement agency with legitimate jurisdiction and power to so request.  In cases of such access, ICG and its email administrators commit to inform both the ICG Global Partners and the affected Affiliate of said access as soon as practicable.

     

    5.2       Consents to collection of email usage patterns when communicating with ICG

    ICG may track user email behaviour from all subscriber and general email accounts in relation to the way users read and respond to email from ICG campaign management tools (for example, recipients of The Insights Review, meeting invitations, or general announcements and correspondence).

    Information is collected such as whether or not the campaign email has been read, and if so how many times it was opened, from which device, at what time, at which geographical location, who the user forwarded the material on to, and how many times it was opened by that reader, and so on.

    In consenting to receive email from the ICG campaign management tool, receivers of ICG communication provide their consent for their reading history to be tracked in this way.

    ICG engages in this industry-standard email direct marketing tracking behaviour as a non-intrusive means of gauging reader interest in ICG communications and content publications, with the aim of improving the relevance of these communications to subscribers and readers.        

    6       PERSONAL INFORMATION CATEGORIES

    ICG collects, stores, curates, manages, and shares specific types of PI, detailed and categorised below.  These categories facilitate dexterous and responsible management, with each category of PI being managed according to its own specified protocols.

    ICG PRIVACY CATEGORIES:

    1. Public Domain – Free Use
    2. BAF – Shared through Key Roles and Affiliate Network with Notification
    3. Email Communication – Shared and Tracked by Service Providers, Key Roles
    4. Invoicing – Restricted to Named Administration and Outsourced Staff Only
    5. Contact – Shielded from Unwarranted Interruption with Opt In/Out

    6.1       Personal Information managed by ICG, Categorised:

     

    1 – PUBLIC DOMAIN – Free Use
     •       Consultant Name

    o        Consultant Name
    o        Specialisation, Subspecialisations (eg: Practice Leadership)
    o        ICG Email Address
    o        Professional Profile as a Consultant for promotional purposes
    o        Boutique or other Commercial Affiliation
    o        Other Email address
    o        Telephone Number
    o        Mobile Number
    o        ICG Title
    o        ICG Practice(s) Leadership or Affiliateship

     •       Networking Interaction and Event Participation

    o        Attendance at Networking Functions
    o        Any Personal Information freely offered by the Consultant at networking functions facilitated by ICG or through similar forums – whether offline (practice meeting) or online (online discussion board)

    Personally identifiable information above may be freely published, for example to the ICG Website, through regular news bulletins such as Adhocracy and the Business Model Updates, which are circulated widely through the ICG Network and beyond.

    Public Domain information also includes any PI which a consultant may choose to share to the group at a member networking event (eg: during their personal introduction), for example their prior association with a particular project or company.  In this circumstance ICG cannot reasonably be expected to control or further manage the confidentiality of this information on behalf of that consultant, as the consultant will be deemed to have voluntarily put that information in the public domain.

     

    2 – BAF – Shared with Key Roles and Affiliate Network with Notification
     •       Consultant BAF Application Material:
    o        ICG Curriculum Vitae and Credentials
    o        Availability for BAF Role
    o        Supporting information additional to ICG Curriculum Vitae (considered confidential)
    o        Negotiation of terms and conditions (on rates, conditions, project durations, location, etc.)•       Consultant Quality Assessment o       Client Feedback
    o        Evaluative comments expressed through the BAF curation process

    There is a reasonable expectation that material in addition to the Professional CV and contact details submitted in support of a BAF application will be kept confidential within the ICG Network, save from those who are engaged in the process of assessing suitability for assignments and for presenting the most suitable candidates to Clients and Potential Clients in relation to a particular BAF.

    Those who are so engaged include:  Sales Affiliates, Practice Leaders, Hub Managers, Administration Staff and other third parties who may play a role in the marketing, sales or curation process.

    Names and contact information for those involved in processing BAF applications are listed on the ICG Website here:

    http://internalconsulting.com/icg-practices/

    ICG and its Sales Affiliates may also share PI with third parties or potential clients in cases where a BAF is not issued, for example in submissions to a client purchasing panel, or in other proactive marketing efforts or sales proposals to prospective clients.

    NOTIFICATION OBLIGATIONS:  Whenever this category of information is shared by ICG or by an ICG Affiliate outside the ICG Network (for example, shared with an existing or potential Client of ICG or of an ICG Affiliate), then ICG or the ICG Affiliate sharing the PI must notify the consultant that his or her details have been shared for the purpose of connecting that consultant with an end client.

    This notification to the consultant must contain the following information, at a minimum:

    •       The name of the person or organisation which has been allowed to view the consultants PI

    •       Contact details for that person or organisation

    •       Where the person or organisation acquiring the PI is deemed relevant under the Privacy Act 1988, a copy of that person or organisation’s Privacy Policy (or a link to same) to allow the consultant to research the ways in which his details may be further shared or otherwise used by that acquiring party.

    Interaction of NOTIFICATION OBLIGATIONS with CONTACT OBLIGATIONS:  In cases of frequent activity the Notification obligations may work against the spirit and aims of the Contact obligations – which are designed to protect consultants from unwarranted interruption.  In that situation, the Contact obligations can be taken into consideration while maintaining the integrity of the notification obligations, by modifying the timing and method of notification.  For example, rather than sending email every time consultant PI is shared with a new Client, a legitimate alternative would be to maintain a list of clients with whom the consultant information has been shared, such list being sent to the consultant weekly or monthly, or accessed on demand.  In all such cases, the consultant must remain in control of the notification method on an Opt In/Out basis.

     

    SHARING PI INTERNATIONALLY:  Special obligations apply when information in this category is shared across International Boundaries with an International Recipient.  In this case, PRIOR TO THE INFORMATION BEING SHARED, ICG must first take reasonable steps to satisfy itself that the International Recipient is legally obligated in their own jurisdiction to treat the PI with a similar level of discretion as would be the case if they were subject to Australian privacy legislation and regulation.

     

    At a minimum, this would require obtaining and becoming familiar with copies of the legislation relevant to the relevant jurisdiction, and a copy of the Privacy Policy (or equivalent document) adhered to by the International Recipient.

     

    For Additional Information, see:

    http://www.oaic.gov.au/images/documents/privacy/engaging-with-you/current-privacy-consultations/Draft-APP-Guidelines2013/Draft_APP_Guidelines_Chapter_8.pdf

     

     

    NOTE: The provisions governing disclosure to International Recipients reinforce the obligation to share only that portion of PI which is directly relevant to the primary purpose for which the information was collected.

     

     

    ICG routinely shares PI internationally in every jurisdiction where it maintains an operational ICG Hub.  A list of countries in which ICG Hubs are currently operational may be found on the ICG website:

    http://internalconsulting.com/icg-practices/

     

    3 – EMAIL COMMUNICATION – Shared and Tracked by Service Providers, Key Roles
     •           Consultant Email

    o     Email correspondence between ICG and External parties on all @internalconsulting.com addresses

    o    Consultant actions (eg: reading or forwarding email correspondence) which is sent by ICG to any email address using the campaign tool and its standard email tracking technology.

    In order that the privacy of Affiliate email may be appropriately and reasonably protected while in control of ICG, ICG and its email administrators are committed to a formal policy of never reading, copying, backing up, redirecting or otherwise accessing Affiliate email on the internalconsulting.com. domain unless such access is requested directly by the Affiliate in writing, or unless ICG receives an access request from a law enforcement agency with legitimate jurisdiction and power to so request.  In cases of such access, ICG and its email administrators commit to inform both the ICG Global Partners and the affected Affiliate of said access as soon as practicable.

    See section titled “EMAIL COMMUNICATION” for further details.

     

    4 – INVOICING – Restricted to Named Administration and Outsourced Staff Only
     CLIENT

     •       Client Billing Information (eg: for Consulting Services)

    o        Name
    o        Contact Details
    o        Invoicing Contact
    o        Business or Boutique Affiliation
    o        Address – Personal and/or Business
    o        Bank Account
    o        Credit Card

    CONSULTANT

    •       Consultant or Boutique Billing Information  (eg: for ICG Membership)

    o        Name
    o        Contact Details
    o        Business or Boutique Affiliation
    o        Address – Personal and/or Business
    o        Bank Account
    o        Credit Card

    •       Consultant Payment Information

    o       Project invoicing Information
    o       Aggregate Earnings through ICG

     Restricted to named administration and outsourced staff only.

                  

    5 – CONTACT – Shielded from Unwarranted Interruption with Opt In/Out
    This category of Personal Information is not defined by the need to protect PI from breach of confidentiality, but instead to protect people from unwarranted interruption.

    In order for the interruption inherent in sending a communication to be warranted, there needs to be reasonable grounds to believe that the communication being sent will be of legitimate interest or value to the recipient, or that the recipient would reasonably expect to receive the communication based on their prior consents granted.

    Further, in each communication the recipient must be provided with tools, including an Opt In/Out mechanism, which allow the recipient to control, limit or block communication of a similar type in future.

    Particular care should be taken when undertaking any type of direct marketing initiative where the content of the communication or notification is not specifically tailored for the recipient, but instead is part of a mass broadcast to a large group of recipients (eg: outbound email communication to groups).  In these cases, the provisions of the Spam Act and the Do Not Call Register must be fully observed.

     •       Client Contact Information
    o      Name
    o      Corporate Affiliation
    o      Corporate Role
    o      Email Address
    o      Telephone Number
    o      Mobile Number

    •       Consultant or Boutique Billing Information  (eg: for ICG Membership)

    o        Name
    o        Boutique or Corporate Affiliation
    o        Email Address
    o        Telephone Number
    o        Mobile Number