Privacy Policy

1. Partner Elevate Pty Ltd (ACN 661 596 121) is a Queensland-headquartered B2B services business operating across the Asia-Pacific region. We provide professional services, digital programs, and platform access services exclusively to businesses in the SaaS sector through our innovative, AI-enhanced service delivery model.
2. Our core business activities include strategy workshops, coaching and facilitation, digital learning programs, and access to our proprietary learning management system. We integrate artificial intelligence technology across approximately 35% of our operational functions to enhance service quality, personalization, and efficiency.
3. Partner Elevate is committed to protecting the privacy and personal information of all individuals who interact with our services, whether as client company representatives, program participants, or other stakeholders.
4. This Privacy Policy must be read in conjunction with our consent forms: 
   1. the Partner Elevate Privacy Consent Form (for individual participants) and 
   2. the Client Company Representative Privacy Consent Form (for company representatives). 

These forms are integral parts of our privacy framework and capture specific consent for different types of information processing.

1. This Privacy Policy describes how Partner Elevate collects, uses, processes, stores, and manages personal information in compliance with:
   1. Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs)
   2. Privacy Amendment (Enforcement and Other Measures) Act 2022
   3. EU General Data Protection Regulation (GDPR) for international participants
   4. Notifiable Data Breaches (NDB) scheme
   5. Other applicable international privacy laws
2. This Policy applies to:
   1. Program participants in our professional development programs
   2. Client company representatives who engage our services
   3. Website visitors and platform users
   4. All individuals whose personal information we collect in connection with our services
3. This Policy operates with a two-tier consent structure: 
   1. Individual program participants must provide personal consent for their own information processing; 
   2. Client Company representatives provide separate consent for organizational information and their own personal information as company contacts. Under Australian Privacy Act 1988, employers cannot provide blanket consent for employee personal information.

AI Technology: Artificial intelligence systems, machine learning algorithms, natural language processing tools, and automated decision-making systems used in service delivery.

Client Company: The organization that engages Partner Elevate's services and determines which of their employees participate in programs.

Consent Forms: Means the Partner Elevate Privacy Consent Form for individual participants and the Client Company Representative Privacy Consent Form.

Data Subject: An individual whose personal information is being processed, particularly under GDPR.

Individual Consent: Means consent provided by each program participant for their own personal information processing.

Organisational Consent: Means consent provided by authorized company representatives for organizational information and commercial arrangements.

Personal Information: Information or an opinion about an identified individual, or an individual who is reasonably identifiable (Privacy Act 1988).

Program Participant: An individual employee of a Client Company who participates in Partner Elevate's professional development programs.

Processing: Any operation performed on personal information, including collection, recording, storage, analysis, use, disclosure, and deletion.

Service Provider IP: Partner Elevate's proprietary methodologies, frameworks, templates, digital content, and AI systems.

Tier Model: Partner Elevate's service tiers (Essential, Growth, or Enterprise) with different features and AI applications.

Partner Elevate provides three categories of services:

• Professional Services

1. Strategy workshops and facilitation
2. Executive and team coaching
3. Program onboarding and management
4. Performance assessment and feedback

• Digital Programs

1. Online learning modules and assessments
2. Performance dashboards and analytics
3. Skills gap analysis and development planning
4. Certification and progress tracking

• Platform Access

1. Proprietary learning management system
2. Content library and resource templates
3. Collaboration tools and communication features
4. Technical support and maintenance

All services are enhanced through AI technology to provide personalized, data-driven insights and optimize learning outcomes.

• Categories of Personal Information Collected

1. Program Participant Information:
   1. Identity Data: Full name, preferred name, professional title, contact information (work email, mobile phone, business address)
   2. Employment Data: Current employer, department, role responsibilities, reporting structure, seniority level, years of experience
   3. Program Data: Enrolment details, program tier selection, participation history, completion status, certification records
   4. Performance Data: Assessment scores, skill evaluations, learning progress metrics, coaching feedback, development goals
   5. Engagement Data: Platform usage patterns, content interaction data, session attendance, participation levels, collaboration activity
   6. Communication Data: Email correspondence, chat messages, forum posts, feedback submissions, survey responses
   7. Technical Data: IP address, device information, browser type, operating system, access logs, session recordings
2. Client Company Representative Information:
   1. Contact Information: Name, title, organization, email, phone number, business address
   2. Commercial Data: Contract details, payment information, service requirements, customization preferences
   3. Communication Records: Meeting notes, correspondence, project updates, stakeholder feedback

• Sources of Personal Information

We collect personal information directly from:

1. Program participants during registration and throughout program participation
2. Client company representatives during service engagement and contract management
3. Website visitors through our digital platforms and marketing activities
4. Third parties including Client Companies acting on behalf of their employees, and authorized service providers

• Automatic Data Collection

Our platforms automatically collect:

1. Usage analytics including page views, session duration, feature utilization
2. Performance metrics such as assessment completion times, resource downloads, learning path progression
3. Technical diagnostics for platform optimization and troubleshooting
4. Security logs for access control and incident detection

• AI Processing Overview

Partner Elevate integrates AI technology across multiple business functions and this integration represents a part of our operational efficiency. AI processing enhances service personalization, quality assurance, and operational effectiveness.

• AI Functionalities and Data Processing

1. Program Design & Delivery AI Processing:
   1. Learning Path Optimization: AI algorithms analyse participant profiles, industry requirements, learning objectives, and historical performance data to create personalized learning sequences and progression paths
   2. Content Personalization: AI systems process participant skill levels, role requirements, and learning preferences to customize module delivery, assessment difficulty, and resource recommendations
   3. Coaching Enhancement: AI tools analyse assessment results, participation patterns, and development goals to generate personalized coaching prompts, reflection questions, and targeted development recommendations
   4. Performance Analytics: AI processing of engagement data, assessment scores, and feedback patterns to generate insights for program optimization and individual progress tracking
   5. Content Summarization: AI analysis of anonymized participant inputs, session notes, discussion contributions, and feedback to create structured summaries for coach review and program improvement
2. Content Development AI Processing:
   1. Dynamic Content Generation: AI creation of personalized learning materials, case studies, and practical exercises based on participant industry, role, and skill level data
   2. Content Adaptation: AI modification of existing materials using participant demographic data, organizational culture information, and learning style indicators to ensure relevance and engagement
   3. Language Processing: AI-powered translation and localization of content using participant location data and language preferences for international program delivery
   4. Knowledge Assessment: AI analysis of participant responses, learning patterns, and performance data to generate targeted questions, scenarios, and evaluation criteria
3. Marketing & Engagement AI Processing:
   1. Communication Optimization: AI analysis of participant engagement data, email interaction patterns, and communication preferences to optimize outreach timing, content, and delivery methods
   2. Personalized Recommendations: AI processing of participant learning history, skill assessments, and career goals to suggest relevant programs, resources, and development opportunities
   3. Engagement Prediction: AI analysis of participation patterns, attendance data, and interaction levels to identify at-risk participants and trigger intervention strategies
4. Administrative AI Processing:
   1. Document Generation: AI creation of personalized progress reports, certificates, and administrative communications using participant performance data and program completion records
   2. Workflow Optimization: AI analysis of operational data to streamline processes, predict resource needs, and optimize scheduling based on participant availability and preferences
   3. Quality Assurance: AI monitoring of service delivery metrics, participant satisfaction data, and outcome measurements to ensure consistent service quality

• AI Data Processing Safeguards

1. Privacy-Preserving Techniques:
   1. Data Minimization: AI systems configured to process only the minimum personal information necessary for specific service delivery objectives
   2. Anonymization Protocols: Personal identifiers removed or pseudonymized before AI processing wherever technically feasible, using techniques including k-anonymity and differential privacy
   3. Secure Processing Environments: All AI operations conducted within encrypted, access-controlled environments with comprehensive audit logging and monitoring
   4. Output Sanitization: AI-generated outputs reviewed through automated and human processes to prevent unintended disclosure of personal information
2. Technical Safeguards:
   1. Access Controls: Role-based permissions ensuring only authorized personnel can initiate or oversee AI processing activities
   2. Data Encryption: End-to-end encryption for all personal information during AI processing, storage, and transmission
   3. Audit Trails: Comprehensive logging of all AI processing activities, including data inputs, processing purposes, algorithms used, and outputs generated
   4. Model Security: Protection against adversarial attacks, model inversion, and membership inference attacks that could compromise personal information

• Third-Party AI Services

1. Partner Elevate utilizes selected third-party AI service providers, including:
   1. Large Language Models for content generation and natural language processing
   2. Analytics Platforms for data analysis and insight generation
   3. Translation Services for multilingual content adaptation
   4. Assessment Tools for skills evaluation and progress tracking
2. All third-party AI services are contractually bound to:
   1. Maintain strict confidentiality of processed personal information
   2. Comply with Australian Privacy Principles and GDPR requirements where applicable
   3. Implement appropriate technical and organizational security measures
   4. Delete personal information immediately after processing completion
   5. Provide evidence of compliance through regular audits and certifications

• AI Processing Consent and Control

Participants maintain granular control over AI processing through:

1. Explicit Consent: Clear, specific consent for each category of AI processing
2. Processing Preferences: Ability to specify which AI functionalities may process their personal information
3. Alternative Options: Access to human-only service delivery for participants who opt out of AI processing
4. Transparency Reports: Regular updates on AI processing activities affecting their personal information

Partner Elevate uses personal information for the following primary purposes:

• Service Delivery and Management

1. Program Administration: Managing registrations, tracking participation, issuing certifications, and maintaining program records
2. Personalized Learning: Customizing content, assessments, and learning paths based on individual needs, preferences, and progress
3. Performance Monitoring: Tracking learning outcomes, skill development, and program effectiveness
4. Communication: Providing program updates, sending reminders, delivering feedback, and responding to inquiries
5. Technical Support: Troubleshooting platform issues, providing user assistance, and maintaining service quality

• Business Operations

1. Client Relationship Management: Managing contracts, processing payments, and maintaining client communications
2. Service Improvement: Analyzing usage patterns, gathering feedback, and enhancing program design and delivery
3. Quality Assurance: Monitoring service quality, conducting evaluations, and implementing improvements
4. Compliance: Meeting legal obligations, maintaining records, and reporting as required by law

• Research and Development

1. Program Enhancement: Analyzing anonymized data to improve methodologies, content, and delivery methods
2. Innovation: Developing new services, features, and AI capabilities based on user needs and market trends
3. Benchmarking: Creating industry insights and best practices (using anonymized, aggregated data only)

AI technology is used to enhance service delivery through:

• Learning Optimization

1. Adaptive Learning Paths: AI analysis of progress data to dynamically adjust learning sequences and difficulty levels
2. Content Recommendations: AI-driven suggestions for additional resources, exercises, and development opportunities
3. Skill Gap Analysis: AI identification of development needs based on assessment results and performance patterns
4. Outcome Prediction: AI modelling to predict learning success and identify participants who may need additional support

• Coaching Enhancement

1. Session Preparation: AI generation of coaching prompts and discussion topics based on participant data
2. Progress Tracking: AI analysis of development goals and milestone achievement
3. Intervention Alerts: AI identification of participants requiring additional coaching support
4. Performance Insights: AI-generated reports on coaching effectiveness and participant development

• Content Personalization

1. Industry Relevance: AI adaptation of content to reflect participant industry and organizational context
2. Learning Style Matching: AI optimization of content delivery based on individual learning preferences
3. Cultural Adaptation: AI customization of examples and scenarios for different geographic regions
4. Accessibility Optimization: AI enhancement of content for participants with different accessibility needs

• Legal Consent Requirements

1. Individual Participant Consent: Under Australian Privacy Act 1988, each program participant must provide individual consent for their personal information processing using the Partner Elevate Privacy Consent Form; 
2. Company Representative Consent: Authorized company representatives provide separate consent for organizational information and their role as company contacts using the Client Company Representative Privacy Consent Form; 
3. No Employer Consent for Employees: Client Companies cannot provide consent on behalf of their employees' personal information processing.

• Consent Categories

1. Essential Processing Consent:
   1. Basic personal information collection for service delivery
   2. Communication for program administration and support
   3. Technical data collection for platform functionality and security
2. Enhanced AI Processing Consent:
   1. Personalized content generation and learning path optimization
   2. Performance analytics and predictive modelling
   3. Advanced coaching insights and recommendations
   4. Content adaptation and cultural customization
3. Marketing and Research Consent:
   1. Marketing communications and program announcements
   2. Anonymized data use for research and service improvement
   3. Case study development and best practice sharing
   4. Industry benchmarking and trend analysis

• Consent Documentation and Management

1. We maintain comprehensive records of all consent including:
   1. Consent Details: Specific permissions granted and processing purposes
   2. Collection Method: How and when consent was obtained
   3. Consent History: Changes, updates, and withdrawal records
   4. Verification: Confirmation of consent validity and participant identity
2. Participants can manage their consent preferences through:
   1. Member Portal: Online dashboard for viewing and updating consent settings
   2. Direct Contact: Email, phone, or written requests for consent changes
   3. Program Coordinators: Support from Partner Elevate staff for consent management
   4. Automated Systems: Unsubscribe links and preference management tools

1. Individual Participant Consent: All program participants must complete the Partner Elevate Privacy Consent Form before accessing services. This form captures individual consent for personal information processing, AI enhancement, coaching recordings, and information sharing preferences; 
2. Company Representative Consent: Authorized company representatives must complete the Client Company Representative Privacy Consent Form covering organizational information, commercial arrangements, and their obligations to facilitate employee consent; 
3. Consent Form Authority: These consent forms are incorporated by reference and have the same legal effect as provisions in this Privacy Policy; 
4. Conflict Resolution: In case of conflict between this Policy and the consent forms, the more privacy-protective provision applies.

• Australian Privacy Law Basis

Under the Privacy Act 1988 (Cth), we process personal information based on:

1. Primary Purpose: Collection and use for the primary purpose for which it was collected (program delivery)
2. Secondary Purpose: Use for related secondary purposes that would be reasonably expected
3. Consent: Explicit consent for specific processing activities, particularly AI-enhanced services
4. Legal Obligation: Processing required to comply with Australian law
5. Legitimate Interests: Processing necessary for legitimate business interests, balanced against individual privacy rights

• GDPR Legal Basis (EU Participants)

For participants in the European Union, we process personal information based on:

1. Contract Performance: Processing necessary to deliver contracted services
2. Consent: Explicit, informed consent for AI processing and marketing communications
3. Legitimate Interests: Processing for service improvement, security, and business operations (with balancing test)
4. Legal Obligation: Compliance with applicable EU and Australian legal requirements
5. Vital Interests: Processing necessary to protect participant safety and wellbeing

• Sensitive Information Processing

For sensitive personal information (e.g. health information, performance evaluations), we rely on:

1. Explicit Consent: Clear, specific consent for collection and processing
2. Employment Context: Processing reasonably necessary for employment-related purposes (with employer consent)
3. Service Delivery: Processing directly related to the provision of coaching and development services

1. Legal Basis by Consent Type
   1. Individual Employee Processing: Based on individual consent obtained through Privacy Consent Form; 
   2. Company Representative Processing: Based on individual consent as business contact; 
   3. Organizational Information: Based on legitimate business interests and contractual arrangements; 
   4. No Deemed Consent: Partner Elevate does not rely on deemed consent from employers for employee personal information.

• Universal Rights (All Participants)

1. Right to Information: Clear, transparent information about how your personal information is collected, used, and processed.
2. Right of Access: Request copies of personal information we hold about you, including AI processing records and automated decision-making details.
3. Right to Correction: Request correction of inaccurate or incomplete personal information in our systems.
4. Right to Restriction: Request limitations on how your personal information is processed or used.
5. Right to Withdrawal: Withdraw consent for specific processing activities without affecting the lawfulness of prior processing.

• Enhanced Rights (EU Participants)

1. Right to Portability: Receive your personal information in a structured, commonly used, machine-readable format.
2. Right to Erasure: Request deletion of your personal information (subject to legal retention requirements).
3. Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
4. Rights Related to Automated Decision-Making: Request human review of automated decisions and receive explanations of AI processing logic.

• Exercising Your Rights

To exercise your privacy rights:

1. For Program Participants:
   1. Email: elevate@partnerelevate.com
   2. Phone: + 61 427 294 056
   3. Online: Member portal at https://www.partnerelevate.com/contact-us
   4. Post: 2/173 Moray Street, New Farm, Queensland, 4005
2. For Client Representatives:
3. Email: elevate@partnerelevate.com
4. 1. Phone: + 61 427 294 056
   2. Account Manager: Direct contact through your designated Partner Elevate representative
5. Response Timeframes:
   1. Standard requests: 30 days from receipt of valid request
   2. Complex requests: Up to 60 days with notification of extension
   3. Urgent requests: Priority handling for security or safety concerns

• Identity Verification

To protect personal information, we may require verification of your identity before processing rights requests through:

1. Account Authentication: Login credentials and security questions
2. Document Verification: Government-issued ID or employment verification
3. Multi-Factor Authentication: Additional security checks for sensitive requests
4. Representative Authorization: Proof of authority for requests made on behalf of others

• Cross-Border Processing

Partner Elevate operates across the Asia-Pacific region and may transfer personal information internationally for:

1. Service Delivery: Providing programs to participants in different countries
2. Client Support: Supporting multinational client organizations
3. AI Processing: Utilizing international AI service providers and cloud infrastructure
4. Business Operations: Managing operations across multiple jurisdictions

• Transfer Destinations

Personal information may be transferred to:

1. Australia: Primary data processing and storage location
2. Asia-Pacific Countries: Singapore, Thailand, and other APJ markets for local service delivery
3. United States: Selected AI service providers and technology platforms
4. European Union: GDPR-compliant service providers and client organizations
5. Other Countries: As required for specific client engagements or service requirements

• Transfer Safeguards

1. For EU Personal Information:
   1. Adequacy Decisions: Transfers to countries with EU adequacy determinations where possible
   2. Standard Contractual Clauses: EU-approved contractual safeguards for transfers to non-adequate countries
   3. Binding Corporate Rules: Internal privacy frameworks for intra-group transfers
   4. Certification Programs: Transfers to certified processors with appropriate safeguards
2. For Australian Personal Information:
   1. Reasonable Steps: Due diligence on recipient country privacy laws and practices
   2. Contractual Protections: Binding agreements requiring equivalent privacy protections
   3. Technical Safeguards: Encryption, access controls, and monitoring for international transfers
   4. Ongoing Monitoring: Regular review of transfer arrangements and recipient compliance

• Transfer Notification and Consent

Participants are informed of international transfers through:

1. Privacy Policy Disclosure: General information about transfer practices and destinations
2. Specific Notifications: Individual notice for transfers to countries without adequate protection
3. Consent Requests: Explicit consent for transfers that may present higher privacy risks
4. Opt-Out Options: Alternative arrangements for participants who object to international transfers

• Service Providers and Processors

Personal information may be shared with carefully selected third parties who assist in service delivery:

1. Technology Providers:
   1. Learning Management System: Platform hosting and management services
   2. AI Service Providers: Content generation, analytics, and assessment tools
   3. Communication Platforms: Email, messaging, and video conferencing services
   4. Payment Processors: Secure handling of financial transactions
2. Professional Services:
   1. Content Specialists: Subject matter experts and curriculum developers
   2. Translation Services: Multi-language content adaptation and localization
   3. Quality Assurance: Independent evaluation and accreditation services
   4. Legal and Compliance: Professional advisors for regulatory compliance
3. All service providers are bound by:
   1. Contractual Obligations: Comprehensive data processing agreements
   2. Confidentiality Requirements: Strict non-disclosure and privacy protections
   3. Security Standards: Appropriate technical and organizational measures
   4. Purpose Limitations: Use restrictions aligned with service delivery requirements
   5. Audit Rights: Partner Elevate's right to monitor and verify compliance

• Client Company Sharing

IMPORTANT: All employee information sharing with Client Companies is subject to individual employee consent. Partner Elevate can only share employee information that participants have specifically consented to share through their individual Privacy Consent Form.

1. Program Administration:
   1. Enrolment Data: Participant names, contact information, and program selections shared with Client Companies for administrative purposes
   2. Progress Reports: Aggregated and individual progress information as requested by Client Companies
   3. Completion Records: Certification and achievement data provided to support Client Company HR and development programs
   4. Attendance Records: Participation and engagement data for Client Company program management
2. Performance Information:
   1. Assessment Results: Skills evaluations and development recommendations (with participant consent)
   2. Coaching Insights: High-level coaching outcomes and development priorities (anonymized where possible)
   3. Learning Analytics: Program effectiveness and participant engagement metrics for Client Company decision-making

• Legal and Regulatory Disclosures

Personal information may be disclosed when required by:

1. Legal Process: Court orders, subpoenas, and regulatory investigations
2. Law Enforcement: Legitimate requests from authorized agencies
3. Regulatory Compliance: Reporting to privacy commissioners and other regulatory bodies
4. Emergency Situations: Protecting health, safety, or security of individuals

• Business Transfers

1. In the event of a merger, acquisition, or business transfer, personal information may be disclosed to:
   1. Prospective Buyers: Due diligence processes with appropriate confidentiality protections
   2. New Owners: Transfer of customer relationships and service obligations
   3. Professional Advisors: Legal, financial, and business advisors involved in transactions
2. Participants will be notified of any business transfers and their rights regarding their personal information.

• Retention Principles

Partner Elevate maintains a comprehensive data retention framework based on:

1. Business Need: Retaining information only as long as necessary for service delivery and business operations
2. Legal Requirements: Compliance with Australian and international retention obligations
3. Participant Rights: Balancing retention needs with individual privacy rights and data minimization
4. Security Considerations: Secure storage throughout the retention period and secure deletion thereafter

• Retention Schedules

1. Program Participant Data:
   1. Active Participation Period: Throughout program enrolment and participation
   2. Post-Program Period: 2 years after program completion for certification verification and alumni services
   3. Assessment Data: 5 years for professional development tracking and skills verification
   4. Coaching Records: 3 years for continuity of development and coaching effectiveness
   5. Communication Records: 1 year after final communication for customer service purposes
2. Client Company Data:
   1. Contract Period: Throughout active service agreements
   2. Post-Contract Period: 7 years for commercial records and dispute resolution
   3. Payment Records: 7 years in compliance with taxation and financial reporting requirements
   4. Communication Records: 3 years for business relationship management
3. Technical and Security Data:
   1. Access Logs: 2 years for security monitoring and incident investigation
   2. System Performance Data: 1 year for platform optimization and troubleshooting
   3. Security Incident Records: 7 years for compliance and risk management
   4. Audit Records: 7 years for regulatory compliance and governance
4. AI Processing Data:
   1. Training Data: Personal information used for AI training is anonymized or deleted within 6 months
   2. Processing Logs: 3 years for AI audit trails and compliance verification
   3. Output Records: 2 years for quality assurance and service improvement
   4. Model Performance Data: Indefinitely in anonymized form for ongoing AI development

• Deletion Procedures

1. Secure Deletion Standards:
   1. Technical Deletion: Complete removal from all systems, backups, and archives
   2. Cryptographic Erasure: Destruction of encryption keys rendering data unrecoverable
   3. Physical Destruction: Secure disposal of hardware containing personal information
   4. Verification Processes: Confirmation of successful deletion through audit procedures
2. Deletion Triggers:
   1. Retention Period Expiry: Automated deletion when retention periods expire
   2. Participant Request: Deletion upon valid erasure requests (subject to legal exceptions)
   3. Business Closure: Comprehensive data deletion upon termination of business relationships
   4. System Migrations: Secure deletion from legacy systems during technology upgrades

• Legal Retention Exceptions

Personal information may be retained beyond standard periods when:

1. Legal Proceedings: Litigation hold requirements preserve relevant information
2. Regulatory Investigations: Compliance with ongoing regulatory inquiries
3. Statutory Obligations: Legal requirements mandate longer retention periods
4. Vital Interests: Protection of health, safety, or security requires continued retention

• Security Framework

Partner Elevate implements comprehensive security measures to protect personal information through:

1. Physical Security:
   1. Secure Facilities: Access-controlled offices with surveillance and intrusion detection
   2. Device Management: Encrypted laptops and mobile devices with remote wipe capabilities
   3. Secure Storage: Locked filing cabinets and restricted access to physical records
   4. Visitor Controls: Registration and escort procedures for facility access
2. Technical Security:
   1. Data Encryption: AES-256 encryption for data at rest and TLS 1.3 for data in transit
   2. Access Controls: Multi-factor authentication and role-based access permissions
   3. Network Security: Firewalls, intrusion detection systems, and secure VPN connections
   4. System Monitoring: 24/7 security monitoring and automated threat detection
   5. Regular Updates: Prompt application of security patches and system updates
3. Organizational Security:
   1. Staff Training: Regular privacy and security training for all personnel
   2. Background Checks: Security screening for employees with access to personal information
   3. Access Reviews: Quarterly reviews of user access rights and permissions
   4. Incident Response: Documented procedures for security incident management
   5. Vendor Management: Security assessments and monitoring of third-party providers

• Platform Security Measures

1. Learning Management System:
   1. User Authentication: Secure login with password complexity requirements and session management
   2. Data Segregation: Logical separation of client data and participant information
   3. Audit Logging: Comprehensive tracking of user activities and system access
   4. Backup Security: Encrypted backups with tested restoration procedures
   5. Vulnerability Management: Regular security assessments and penetration testing
2. Communication Systems:
   1. Email Security: Encryption for sensitive communications and anti-phishing protection
   2. Video Conferencing: End-to-end encryption for coaching sessions and workshops
   3. File Sharing: Secure document sharing with access controls and expiration dates
   4. Mobile Applications: Application security testing and secure development practices

• Third-Party Security Requirements

All service providers must demonstrate:

1. Security Certifications: ISO 27001, SOC 2 Type II, or equivalent security standards
2. Encryption Standards: Appropriate encryption for data processing and storage
3. Access Controls: Restricted access to personal information and audit capabilities
4. Incident Response: Documented security incident procedures and notification requirements
5. Regular Assessments: Ongoing security testing and vulnerability management

• Security Incident Management

Incident Response Process:

1. Detection: Automated monitoring and manual reporting procedures
2. Assessment: Rapid evaluation of incident scope and potential impact
3. Containment: Immediate steps to prevent further damage or data exposure
4. Investigation: Thorough analysis of incident causes and affected information
5. Notification: Timely communication to affected individuals and regulatory authorities
6. Recovery: System restoration and implementation of corrective measures
7. Review: Post-incident analysis and security improvement recommendations

• AI-Specific Security Measures

1. Model Security:
   1. Adversarial Protection: Safeguards against attacks designed to manipulate AI outputs
   2. Model Isolation: Secure separation of AI processing environments from other systems
   3. Version Control: Secure management of AI model updates and deployments
   4. Performance Monitoring: Continuous monitoring for unusual AI behavior or outputs
   5. Access Logging: Detailed tracking of AI model access and usage
2. Training Data Security:
   1. Data Sanitization: Removal of personal identifiers from AI training datasets where possible
   2. Secure Processing: Encrypted environments for AI training and model development
   3. Data Lineage: Tracking of data sources and transformations in AI pipelines
   4. Retention Controls: Secure deletion of training data according to retention schedules
   5. Quality Assurance: Validation of training data accuracy and completeness

• AI Governance Framework

1. Human Oversight:
   1. Review Requirements: Mandatory human review of AI-generated content before delivery
   2. Escalation Procedures: Clear protocols for addressing AI errors or concerns
   3. Quality Metrics: Regular assessment of AI accuracy and performance standards
   4. Bias Detection: Monitoring for unfair or discriminatory AI outputs
   5. Continuous Improvement: Ongoing refinement of AI systems based on performance data
2. Ethical AI Principles:
   1. Transparency: Clear disclosure of AI involvement in service delivery
   2. Fairness: Regular testing for bias and discriminatory outcomes
   3. Accountability: Clear responsibility assignment for AI decisions and outputs
   4. Privacy: Privacy-by-design principles in AI system development
   5. Reliability: Robust testing and validation of AI system performance

• AI Audit and Compliance

1. Regular Audits:
   1. Technical Audits: Assessment of AI system security and performance
   2. Privacy Audits: Review of AI compliance with privacy principles and regulations
   3. Bias Audits: Testing for unfair or discriminatory AI outputs
   4. Effectiveness Audits: Evaluation of AI contribution to service quality and outcomes
2. Documentation Requirements:
   1. Processing Records: Detailed logs of AI processing activities and purposes
   2. Decision Logic: Documentation of AI algorithms and decision-making processes
   3. Impact Assessments: Regular evaluation of AI effects on participant privacy and rights
   4. Compliance Reports: Ongoing monitoring of AI regulatory compliance

• Recording Practices

Partner Elevate may record coaching sessions, workshops, and training activities for:

1. Quality Assurance: Monitoring and improving coaching effectiveness
2. Performance Evaluation: Assessing coach performance and professional development
3. Participant Development: Providing feedback and tracking progress over time
4. Training Purposes: Educating new coaches and improving methodologies
5. Dispute Resolution: Maintaining records for potential conflicts or misunderstandings

• Recording Consent and Notice

1. Pre-Session Notification:
   1. Clear Disclosure: Explicit notice that sessions may be recorded
   2. Purpose Explanation: Detailed information about why recordings are made and how they will be used
   3. Consent Options: Ability to participate without recording (alternative arrangements)
   4. Participant Control: Option to request recording stops during sensitive discussions
2. Consent Documentation:
   1. Written Consent: Signed agreements for session recording
   2. Verbal Confirmation: Audio confirmation of consent at the beginning of recorded sessions
   3. Ongoing Consent: Regular reconfirmation of recording consent for ongoing coaching relationships
   4. Withdrawal Rights: Clear procedures for withdrawing recording consent

• Recording Security and Access

1. Secure Storage:
   1. Encrypted Storage: All recordings stored with strong encryption and access controls
   2. Limited Access: Only authorized personnel can access coaching session recordings
   3. Audit Trails: Comprehensive logging of who accesses recordings and when
   4. Secure Transmission: Encrypted channels for any recording sharing or transmission
2. Access Restrictions:
   1. Need-to-Know Basis: Access limited to coaches, supervisors, and quality assurance personnel
   2. Time Limitations: Access permissions regularly reviewed and updated
   3. Geographic Restrictions: Controls on international access to recording data
   4. Device Controls: Restrictions on downloading or copying recordings to personal devices

• Recording Retention and Deletion

1. Retention Periods:
   1. Active Coaching: Throughout the coaching relationship for continuity and progress tracking
   2. Quality Assurance: Up to 12 months for coach performance evaluation
   3. Training Materials: Anonymized excerpts may be retained longer for coach training (with additional consent)
   4. Dispute Resolution: Extended retention if recordings are relevant to ongoing disputes
2. Secure Deletion:
   1. Automatic Deletion: Recordings automatically deleted when retention periods expire
   2. Participant Request: Deletion upon request (subject to legitimate business needs)
   3. Verification: Confirmation of successful deletion from all systems and backups
   4. Exception Handling: Clear procedures for retention beyond standard periods when legally required

1. Employee Non-Consent: If employees do not provide individual consent, they cannot participate in programs regardless of employer preferences; 
2. Partial Consent: Programs will be adapted to respect individual employee consent choices (e.g., human-only delivery, no employer sharing); 
3. Consent Withdrawal: Individual employees may withdraw consent at any time, potentially affecting their program participation; 
4. Employer Expectations: Client Companies must accept that not all employees may consent to full program participation.

• Participation Rights

1. Voluntary Participation: No individual is required to participate in Partner Elevate programs against their will.
2. Informed Consent: Full disclosure of program requirements, data collection, and privacy implications before participation.
3. Equal Treatment: All participants receive equivalent service quality regardless of their privacy preferences or AI consent decisions.
4. Accommodation: Alternative arrangements for participants who decline certain data processing activities.

• Information Rights

1. Progress Access: Regular access to personal learning progress, assessment results, and development recommendations.
2. Data Explanation: Clear explanations of how personal information is used to enhance program delivery.
3. AI Transparency: Information about AI systems that process personal information and influence program recommendations.
4. Third-Party Sharing: Notice of any personal information sharing with Client Companies or other third parties.

• Control Rights

1. Consent Management: Granular control over different types of data processing and AI applications.
2. Privacy Settings: Ability to adjust privacy preferences and communication settings.
3. Data Correction: Rights to correct inaccurate information and update personal details.
4. Withdrawal Options: Ability to withdraw from programs or specific data processing activities.

• Communication Rights

1. Direct Contact: Access to Partner Elevate privacy officers and data protection personnel.
2. Language Options: Privacy information and communications available in multiple languages where feasible.
3. Complaint Procedures: Clear processes for raising privacy concerns and complaints.
4. Response Guarantees: Timely responses to privacy inquiries and rights requests.

• Legal Obligations for employee consent

Client Companies have mandatory legal obligations under Australian Privacy Act 1988 to: 

1. Inform employees that individual consent is required; 
2. Facilitate collection of individual consent using Partner Elevates Privacy Consent Form; 
3. Ensure employees understand their privacy rights; 
4. Support employee privacy rights exercises throughout the program.

Client Companies engaging Partner Elevate services must:

1. Privacy Disclosure: Inform employees about Partner Elevate's data collection and processing practices before program enrolment.
2. Consent Facilitation: Assist in obtaining appropriate consent from employees for program participation and data processing.
3. Rights Information: Educate employees about their privacy rights and how to exercise them.
4. Communication Support: Facilitate communication between employees and Partner Elevate regarding privacy matters.

• Data Accuracy Responsibilities

1. Information Accuracy: Ensure personal information provided to Partner Elevate is accurate and current.
2. Update Obligations: Promptly notify Partner Elevate of changes to employee information.
3. Verification Procedures: Implement processes to verify employee consent and preferences.
4. Record Keeping: Maintain records of employee notification and consent for audit purposes.

• Privacy Governance

1. Internal Policies: Maintain privacy policies that address the use of Partner Elevate's services.
2. Employee Training: Educate HR and management personnel about privacy obligations related to Partner Elevate programs.
3. Incident Response: Cooperate with Partner Elevate in responding to privacy incidents or complaints.
4. Compliance Monitoring: Regularly review and ensure compliance with privacy obligations.

• International Considerations

For multinational Client Companies:

1. Cross-Border Compliance: Ensure compliance with local privacy laws in all jurisdictions where employees participate.
2. Data Localization: Address any data residency requirements in employee home countries.
3. Regulatory Coordination: Coordinate with Partner Elevate on regulatory compliance across multiple jurisdictions.
4. Cultural Sensitivity: Consider cultural differences in privacy expectations and communication preferences.

• Cookie Usage

Partner Elevate websites and platforms use cookies and similar technologies for:

1. Essential Functionality:
   1. Session Management: Maintaining user sessions and authentication status
   2. Security: Protecting against fraud and unauthorized access
   3. Platform Operation: Enabling core platform features and functionality
   4. Error Tracking: Identifying and resolving technical issues
2. Performance and Analytics:
   1. Usage Analytics: Understanding how users interact with our platforms
   2. Performance Monitoring: Tracking platform performance and optimization opportunities
   3. Feature Usage: Analysing which features are most valuable to users
   4. A/B Testing: Comparing different versions of platform features
3. Personalization:
   1. User Preferences: Remembering user settings and customization choices
   2. Content Recommendations: Suggesting relevant content and resources
   3. Language Settings: Maintaining language and localization preferences
   4. Accessibility: Adapting interfaces for users with specific accessibility needs

• Cookie Types and Duration

1. Session Cookies: Temporary cookies deleted when the browser session ends.
2. Persistent Cookies: Cookies stored for specified periods to remember user preferences and login status.
3. First-Party Cookies: Cookies set directly by Partner Elevate platforms.
4. Third-Party Cookies: Cookies set by external service providers (analytics, support tools, payment processors).

• Cookie Control and Consent

1. Consent Management:
   1. Cookie Banners: Clear notice and consent requests for non-essential cookies
   2. Granular Choices: Separate consent options for different cookie categories
   3. Easy Withdrawal: Simple methods to withdraw cookie consent
   4. Preference Centres: Detailed cookie management interfaces
2. Browser Controls:
   1. Browser Settings: Instructions for managing cookies through browser settings
   2. Opt-Out Tools: Links to third-party opt-out mechanisms where available
   3. Do Not Track: Respect for browser Do Not Track signals where technically feasible

• Third-Party Integrations

1. Analytics Services:
   1. Google Analytics: Website usage analytics (with IP anonymization where possible)
   2. Platform Analytics: Learning management system usage tracking
   3. Performance Monitoring: Application performance and error tracking services
2. Communication Tools:
   1. Email Services: Marketing and transactional email delivery platforms
   2. Chat Systems: Customer support and participant assistance tools
   3. Video Conferencing: Session hosting and recording platforms
3. Payment Processing:
   1. Payment Gateways: Secure transaction processing for program fees
   2. Fraud Prevention: Transaction monitoring and risk assessment tools

All third-party integrations are subject to data processing agreements and privacy requirements.

• Service Provider Categories

1. Technology Infrastructure:
   1. Cloud Hosting: Secure data storage and platform hosting services
   2. Content Delivery: Global content distribution for optimal platform performance
   3. Backup Services: Secure data backup and disaster recovery solutions
   4. Security Services: Threat detection, monitoring, and security assessment tools
2. Professional Services:
   1. Legal Advisors: Privacy law compliance and regulatory guidance
   2. Audit Firms: Independent privacy and security assessments
   3. Translation Services: Multi-language content and communication support
   4. Industry Consultants: Subject matter expertise and content development

• Integration Security Requirements

All third-party integrations must meet stringent security and privacy requirements:

1. Technical Requirements:
   1. Encryption Standards: Minimum AES-256 encryption for data at rest and TLS 1.3 for data in transit
   2. Access Controls: Multi-factor authentication and role-based access management
   3. Audit Capabilities: Comprehensive logging and monitoring of data access and processing
   4. Vulnerability Management: Regular security assessments and prompt patch management
2. Contractual Requirements:
   1. Data Processing Agreements: Comprehensive contracts governing personal information handling
   2. Confidentiality Obligations: Strict non-disclosure and privacy protection requirements
   3. Compliance Commitments: Adherence to applicable privacy laws and regulations
   4. Incident Notification: Prompt reporting of any security incidents or privacy breaches

• Vendor Assessment and Monitoring

1. Due Diligence Process:
   1. Security Assessments: Evaluation of vendor security practices and certifications
   2. Privacy Reviews: Assessment of vendor privacy policies and data handling practices
   3. Reference Checks: Validation of vendor reputation and track record
   4. Financial Stability: Evaluation of vendor business continuity and stability
2. Ongoing Monitoring:
   1. Regular Reviews: Periodic assessment of vendor performance and compliance
   2. Audit Rights: Partner Elevate's right to audit vendor data handling practices
   3. Performance Metrics: Monitoring of service quality and security incident rates
   4. Contract Updates: Regular updates to vendor agreements to address changing requirements

• Data Minimization in Integrations

1. Need-to-Know Principle: Third parties receive only the minimum personal information necessary for their specific services.
2. Purpose Limitation: Vendors may only use personal information for explicitly agreed purposes.
3. Retention Restrictions: Vendors must delete personal information when no longer needed for service delivery.
4. Sharing Prohibitions: Vendors cannot share personal information with other third parties without explicit authorization.

• Incident Detection and Classification

1. Detection Methods:
   1. Automated Monitoring: 24/7 security monitoring systems and intrusion detection
   2. Manual Reporting: Employee and user reporting of potential security incidents
   3. Third-Party Alerts: Notifications from service providers about potential breaches
   4. Regular Audits: Systematic reviews identifying potential security vulnerabilities
2. Incident Classification:
   1. Data Breach: Unauthorized access to, or disclosure of, personal information
   2. Security Incident: Broader security events that may not involve personal information
   3. Privacy Incident: Events affecting individual privacy rights or data processing
   4. Regulatory Incident: Events requiring regulatory notification or investigation

• Immediate Response Procedures

1. Incident Response Team:
   1. Privacy Officer: Leads privacy-related aspects of incident response
   2. IT Security Manager: Manages technical containment and investigation
   3. Legal Counsel: Provides legal guidance and regulatory compliance advice
   4. Communications Manager: Handles internal and external communications
   5. Client Relationship Manager: Manages client communications and support
2. First 72 Hours:
   1. Containment: Immediate steps to prevent further unauthorized access or disclosure
   2. Assessment: Rapid evaluation of incident scope, affected individuals, and potential harm
   3. Documentation: Comprehensive recording of incident details and response actions
   4. Notification: Internal notification to management and incident response team
   5. Regulatory Reporting: Assessment of regulatory notification requirements and timelines

• Investigation and Analysis

1. Technical Investigation:
   1. Forensic Analysis: Detailed examination of affected systems and data
   2. Root Cause Analysis: Identification of incident causes and contributing factors
   3. Impact Assessment: Evaluation of actual and potential harm to affected individuals
   4. Evidence Preservation: Secure collection and storage of incident evidence
2. Privacy Impact Assessment:
   1. Affected Data: Identification of personal information types and sensitivity levels
   2. Affected Individuals: Determination of specific individuals impacted by the incident
   3. Harm Analysis: Assessment of potential adverse effects on affected individuals
   4. Risk Evaluation: Analysis of ongoing risks and required mitigation measures

• Notification and Communication

1. Regulatory Notifications:
   1. Australian Regulator: Notification to the Office of the Australian Information Commissioner (OAIC) within 72 hours if required under the Notifiable Data Breaches scheme
   2. EU Regulators: GDPR-compliant notification to relevant supervisory authorities within 72 hours for EU personal information
   3. Other Jurisdictions: Compliance with applicable breach notification laws in other jurisdictions
2. Individual Notifications:
   1. Direct Communication: Personal notification to affected individuals when required by law or when serious harm is likely
   2. Communication Methods: Email, postal mail, telephone, or public notice as appropriate
   3. Clear Language: Plain English explanations of the incident, potential impacts, and protective actions
   4. Support Resources: Contact information for questions and assistance
3. Client Company Communications:
   1. Immediate Notification: Prompt notification to affected Client Companies
   2. Detailed Briefings: Comprehensive incident reports and impact assessments
   3. Ongoing Updates: Regular communication throughout incident response and recovery
   4. Support Services: Assistance with Client Company employee communications and support

• Recovery and Prevention

1. System Recovery:
   1. Security Enhancements: Implementation of additional security measures to prevent recurrence
   2. System Restoration: Secure restoration of affected systems and services
   3. Monitoring Enhancement: Improved detection and monitoring capabilities
   4. User Communication: Updates to affected users about service restoration and security improvements
2. Preventive Measures:
   1. Policy Updates: Revision of privacy and security policies based on incident lessons
   2. Training Programs: Enhanced staff training on privacy and security best practices
   3. Technology Improvements: Investment in improved security technologies and processes
   4. Vendor Management: Strengthened third-party security requirements and monitoring

• Australian Privacy Law Compliance

1. Privacy Act 1988 (Cth) Compliance:
   1. Australian Privacy Principles: Full compliance with all 13 APPs governing personal information handling
   2. Notifiable Data Breaches: Compliance with NDB scheme requirements for breach assessment and notification
   3. Privacy Commissioner: Cooperation with OAIC investigations and compliance activities
   4. Privacy Reforms: Proactive preparation for anticipated 2025 privacy law reforms
2. Enhanced Penalties Awareness:
   1. Serious Breaches: Understanding of significant penalties for serious or repeated privacy breaches
   2. Prevention Measures: Comprehensive programs to prevent serious privacy violations
   3. Compliance Monitoring: Regular assessment of privacy compliance and risk management
   4. Staff Training: Education on privacy obligations and penalty implications

• International Privacy Law Compliance

1. GDPR Compliance (EU Participants):
   1. Legal Basis: Clear identification and documentation of lawful basis for all processing
   2. Consent Management: GDPR-compliant consent collection and management procedures
   3. Individual Rights: Full implementation of enhanced data subject rights under GDPR
   4. Cross-Border Transfers: Appropriate safeguards for transfers to non-adequate countries
   5. Record Keeping: Comprehensive records of processing activities for GDPR Article 30 compliance
2. Other Jurisdictions:
   1. CCPA Compliance: California Consumer Privacy Act compliance for California residents
   2. PIPEDA Compliance: Personal Information Protection and Electronic Documents Act compliance for Canadian participants
   3. Local Laws: Compliance with applicable privacy laws in all service delivery jurisdictions

• Industry-Specific Regulations

1. Professional Services Standards:
   1. Coaching Ethics: Compliance with professional coaching standards and ethics codes
   2. Education Regulations: Adherence to applicable educational service requirements
   3. Business Advisory Standards: Compliance with business consulting and advisory regulations
2. Technology and AI Regulations:
   1. AI Governance: Compliance with emerging AI governance frameworks and standards
   2. Data Protection: Implementation of data protection by design and by default principles
   3. Algorithmic Accountability: Preparation for potential AI-specific regulatory requirements

• Compliance Monitoring and Reporting

1. Internal Compliance Programs:
   1. Privacy Impact Assessments: Regular PIAs for new or modified processing activities
   2. Compliance Audits: Systematic reviews of privacy practices and regulatory adherence
   3. Staff Training: Ongoing education on privacy obligations and regulatory requirements
   4. Performance Metrics: Key performance indicators for privacy compliance and effectiveness
2. External Reporting:
   1. Regulatory Reporting: Timely submission of required reports to privacy commissioners
   2. Transparency Reports: Public reporting on privacy practices and data processing activities
   3. Industry Participation: Active engagement with industry privacy standards and best practices
   4. Academic Collaboration: Participation in privacy research and thought leadership activities

• Privacy Contact Information

1. Privacy Officer:
   1. Name: Desmond Russell
   2. Title: Chief Partner Officer
   3. Email: elevate@partnerelevate.com
   4. Phone: + 61 427 294 056
   5. Address: 2/173 Moray Street, New Farm, Queensland, 4005
2. General Inquiries:
   1. Email: elevate@partnerelevate.com
   2. Phone: + 61 427 294 056
   3. Website: https://www.partnerelevate.com/contact-us
   4. Business Hours: Monday-Friday, 9:00 AM - 5:00 PM AEST
3. International Contacts:
   1. Name: Desmond Russell
   2. Title: Chief Partner Officer
   3. Email: elevate@partnerelevate.com
   4. Phone: + 61 427 294 056
   5. Address: 2/173 Moray Street, New Farm, Queensland, 4005

• Types of Privacy Inquiries

1. General Privacy Questions:
   1. Privacy policy clarification and explanation
   2. Information about data collection and processing practices
   3. Questions about AI technology and automated decision-making
   4. International data transfer inquiries
2. Rights Requests:
   1. Access requests for personal information
   2. Correction of inaccurate information
   3. Deletion requests (right to erasure)
   4. Consent withdrawal and preference updates
   5. Data portability requests
   6. Objections to processing
3. Complaints and Concerns:
   1. Privacy policy violations or non-compliance
   2. Unauthorized disclosure or access to personal information
   3. Concerns about AI processing or automated decisions
   4. Third-party data sharing issues
   5. Security incident reports

• Complaint Resolution Process

1. Initial Response (5 Business Days):
   1. Acknowledgment: Confirmation of complaint receipt and reference number assignment
   2. Initial Assessment: Preliminary review of complaint nature and jurisdiction
   3. Resource Provision: Information about complaint process and expected timelines
   4. Emergency Procedures: Immediate action for urgent privacy concerns
2. Investigation (30 Days):
   1. Detailed Review: Comprehensive investigation of complaint circumstances
   2. Evidence Gathering: Collection of relevant documentation and system records
   3. Stakeholder Consultation: Communication with relevant staff and service providers
   4. Impact Assessment: Evaluation of any privacy harm or policy violations
3. Resolution (60 Days Maximum):
   1. Findings Report: Detailed explanation of investigation results and conclusions
   2. Corrective Actions: Implementation of necessary changes or improvements
   3. Individual Remedies: Appropriate remedies for affected individuals
   4. Policy Updates: Revision of policies or procedures as needed

• External Complaint Options

If you are not satisfied with Partner Elevate's response to your privacy complaint, you may contact:

1. Australian Complaints:
   1. Office of the Australian Information Commissioner (OAIC)
   2. Website: www.oaic.gov.au
   3. Phone: 1300 363 992
   4. Email: enquiries@oaic.gov.au
   5. Address: GPO Box 5218, Sydney NSW 2001
2. International Complaints:
   1. EU Supervisory Authorities: For GDPR-related complaints from EU residents
   2. Local Privacy Commissioners: In other jurisdictions where applicable
   3. Industry Ombudsmen: Relevant professional association complaint mechanisms

• Complaint Documentation

All privacy complaints are documented with:

1. Complaint Details: Full description of privacy concerns and requested resolution
2. Investigation Records: Comprehensive documentation of investigation activities
3. Resolution Actions: Record of all corrective measures and individual remedies
4. Follow-Up Monitoring: Tracking of implementation effectiveness and ongoing compliance
5. Lesson Integration: Integration of complaint learnings into privacy improvement programs

• Policy Updates

Partner Elevate may update this Privacy Policy to reflect:

1. Legal Changes: New privacy laws or regulatory requirements
2. Business Changes: New services, technologies, or operational practices
3. Security Improvements: Enhanced security measures and data protection practices
4. User Feedback: Improvements based on stakeholder input and complaint resolution

• Notification of Changes

1. Significant Changes:
   1. Email Notification: Direct email to active program participants and Client Company representatives
   2. Website Notices: Prominent notices on Partner Elevate websites and platforms
   3. Account Notifications: In-app notifications for platform users
   4. Client Communications: Direct notification to Client Company account managers
2. Minor Changes:
   1. Website Updates: Updated policy posted on Partner Elevate websites
   2. Version Control: Clear version numbering and change documentation
   3. Change Logs: Detailed description of modifications and effective dates

• Effective Dates

Implementation Timeline:

1. Notice Period: Minimum 30 days advance notice for material changes
2. Effective Date: Clear specification of when changes take effect
3. Transition Period: Reasonable time for users to adjust to new requirements
4. Ongoing Application: Application to all personal information, including previously collected data

• Consent for Changes

1. Material Changes Requiring Consent:
   1. Expanded data collection or new processing purposes
   2. Changes to AI processing applications or automated decision-making
   3. New third-party sharing arrangements or international transfers
   4. Reduced privacy protections or weakened individual rights
2. Consent Collection Methods:
   1. Active Consent: Explicit consent requests for significant changes
   2. Opt-Out Notices: Opportunity to object to or withdraw from new processing activities
   3. Service Continuation: Clear options for users who do not consent to changes
   4. Alternative Arrangements: Modified services for users with different privacy preferences