New employee insights: Only 46% of employees feel inspired by their organisation's vision.

Here are 7 ways to bring your vision to life

Privacy Policy

Insync’s full Privacy Policy can be found below. You can jump to a particular section by clicking on the links below.

  1. Why we take your privacy so seriously
  2. Overview of this policy
  3. Children
  4. What information do we collect?
  5. Who is the data controller or processor?
  6. How do we hold the information we collect?
  7. How do we use the information we collect?
  8. Who has access to your personal information?
  9. What are your rights to your personal information?
  10. How long do we retain your personal information?
  11. How do you make a complaint?
  12. Cookies Policy
  13. Additional information
  14. Notification of Data Breaches
  15. Insync contact details
  16. Definitions

Last updated: 22 December 2020

1. Why we take your privacy so seriously

Your privacy and the personal information you provide has always been important to us. As our client, or someone who has received services or care from our client, or who is in a business relationship with our client, your ability to trust that your personal information is being protected is fundamental to our reputation. Without your trust our business is less successful and our reputation diminished. This is why we do everything we can reasonably do to protect your privacy.

We respect your right to be aware of who has information about you, what they are doing with it and why, and who else they are sharing it with. We have developed a privacy compliance culture that ensures supporting systems, policies and processes, work together to constantly deliver this overarching objective, whilst complying with the myriad regulatory requirements that underpin the legal minimums.

The key legislation that shapes most of our policy is the Privacy Act 1988 (Cth), however we also comply with all applicable laws and regulations in all the jurisdictions where we operate.

2. Overview of this policy

This Privacy Policy explains how Insync collects and handles your personal information, and applies to all of our Services, including our websites. We have developed this Privacy Policy to provide you with clear answers to your questions so you can understand how your personal information and data is collected, held, processed, shared and, ultimately, deleted by Insync.

Our basic principles are as follows:

  • we comply with the Australian Privacy Principles established by the Commonwealth Privacy Act 1988 (the Privacy Act) and subsequent amendments,
  • we will always tell you upfront why your data is being collected, how it will be shared and if your individual responses, including your identity, will be shared with, or seen by any other entity
  • we are committed to handling the information you provide responsibly; for example, through some of our Survey product offerings, Clients, their employees and their stakeholders, have the ability to provide feedback. From that work any personal and sensitive information collected by us is treated as private and confidential unless we have informed you otherwise prior to collection or there is a need to release the information under an Australian law or court/tribunal order, and
  • we will take every reasonable and practical precaution to safeguard the security, integrity, and privacy of this information; including securely destroying paper survey responses, regularly deleting survey participant data files, and periodically reviewing, independently testing, and updating our security measures.

We may update this Privacy Policy from time to time and the most current version will be posted on our website. We encourage you to periodically review this page for the latest information on our privacy practices. If you have any questions or concerns about our Privacy Policy, or with the handling of your personal information, please contact our Privacy Officer at

3. Children 

Unless permitted by applicable law, you must not permit any child under the age of 16 to access our Services. We do not intentionally gather personal information from minors. If a minor submits personal information to Insync and we learn that the personal information is the information of a child under 16, we will attempt to delete the information as soon as possible. If you believe that we may have any personal information of a minor please contact Insync at: 

4. What information do we collect?

We collect information relating to you and your use of our Services from a variety of sources. Some of this information is collected directly from you and some of this information is collected from your interaction with our Services, or the Client. How and what information we collect about you will depend on the way that you use our Services, for example, whether you are an Administrator, Respondent, an Individual Feedback User or Visitor. We only collect information through your interaction with these services, not through any other means.

(a) Information we generally collect

  • Contact information: When you provide us with your contact information, whether through use of our Services, a form on our website, or an interaction with our sales or consulting team, we collect your contact information. This information may include, for example, your name, email address and mobile number.
  • Usage information: We collect usage data about you whenever you interact with our Services. This may include which web pages you visit, what you click on, when you performed those actions, and other activities. Please see our Cookie Policy section further below for more information about the cookies we use in our Services.
  • Device and browser data: We collect data from the device you use to access our Services, such as your IP address, operating system, browser details and time of visit. This information may also tell us your location.
  • Cookies Policy and page tags: We use third party tracking services that employ cookies and page tags (also known as web beacons) to collect aggregated and anonymous data about Visitors to our Websites. This data includes usage details and user statistics. Please see our Cookie Policy section for more information about cookies and page tags we use on our Websites along with cookies in surveys and portals.
  • Log data: We keep log files that record data each time a device accesses our servers. The log files contain data about the nature of each access, including the originating IP address. We may combine this automatically collected log information with other information we collect about you. We do this to maintain an audit trail of activity, to improve our Services, to improve our marketing activities, for system analytics, for security and compliance, or to monitor or improve functionality.
  • Referral data: If as a Visitor, you navigate to our Websites from an external source (such as a link on another website or via an email), we record information about the source that referred you to us.
  • Other data you submit: We may collect your personal information or data if you submit it to us in other contexts. For example, by giving us a testimonial or attending an event we host. We may also collect personal information at other points throughout our Services or within our Website that states personal information is being collected.
  • Mobile devices: If you connect to the Services using a service provider that uniquely identifies your mobile device, we may receive this identification information to provide the Services to you.

(b) Information specific to Administrators, Respondents, and Individual Feedback Users

We may collect the following information about Administrators, Respondents, or Individual Users:

  • Information collected from the Client: The information that each Client provides to us is different. In most cases, the Client will provide us with demographic data such as your name, email information, phone number, and other information related to your date of birth or age, gender, length of stay or tenure, location, service, role and/or level within an Organisation’s structure. Some Clients may provide us with additional demographic information so they can better analyse and understand their survey results.
  • Single sign-ons: If you choose to register or login using a third party account (such as Microsoft Azure AD), the authentication of your login details are handled by that third party and we only collect the information you expressly agree to share with us at the time you give permission to link your Insync account with the third party account. By using a Microsoft Single Sign-On account (or other supported SSO), you are allowing us to access your required account information.
  • HRIS or Respondent data: If you integrate a third-party human resource information system or respondent data via an API to import information into our Services, we will also receive information from you or your third party (for example, your name, email address, employment, demographic and other data required for authorization, security, compliance and audit).
  • Survey responses: When you answer a survey, we will store your survey answers and comments.

5. Who is the data controller or processor?

Data protection law in certain jurisdictions differentiates between the “controller” and “processor” of information. For Administrators, Respondents, the Company, which is our Client will be the controller of your personal information and Insync will be the processor. For Visitors, Insync will generally be the controller of your personal information.

6. How do we hold the information we collect?

(a) Security of your personal information

The security of your personal information is very important to us. All your data is private and confidential, and we take reasonable steps to ensure that your personal information is fully encrypted, both at rest and in transit. We follow generally accepted security standards, to protect the personal information submitted to us, both during transmission and once it is received. Insync’s surveys utilise 256-bit TSL encryption over HTTPS communications.

With respect to our client portals, no confidential data is stored on client machines at any time throughout the process and no software is required to be downloaded. Details regarding cookies and tracking is fully disclosed in the Cookies Policy section below.

Please note that transmitting information over the Internet is never completely secure. Although we do our best to protect your personal information, we cannot guarantee that your personal information is absolutely secure in all situations. No one can.

Where we also collect personal information via paper surveys and face to face/virtual focus groups and/or interviews:

  • Paper surveys will generally be scanned and uploaded into our online system, stored locally for a determined period of time and then security destroyed (unless another process is agreed with the Client and communicated to respondents prior to collection).
  • Focus group and interview responses are generally collated without reference to respondent contact details (unless permission from Respondent is granted prior to collection).

Security is a collaborative effort, so we always recommend that you keep your password for logging in to our services a secret and the use of a secure password credentials manager.

For further information on technology and security, visit our website and if you have further questions about the technology and security of our platforms, contact our Technology Team at

If you suspect there has been any unauthorised access, immediately contact our Privacy Officer at

(b) Where your personal information is held

Information including survey data is collected and securely housed within the Microsoft Azure Cloud. This service includes ISO 27001 and Australian IRAP certifications. For backup, availability, redundancy and recovery, two locations are maintained.

Information may also be shared with suppliers and clients from time to time using cloud-based services which are professionally managed, audited, and tested according to documented processes.

For further information on technology and security, visit our website and if you have further questions about the technology and security of our platforms, contact our Technology Team at

c) De-identification of your personal information

As we find it important to retain identifiable data for future research purposes, personal information (e.g. your name and email address) will, if practicable, be stored separately from your responses with internal measures in place to help ensure the identity of the Respondents cannot be readily revealed from the other information. Where we use Respondent details within our Services, we keep passwords and emails separate to survey responses, unless a Respondent volunteers that information as part of their survey response (e.g. contact information is entered by Respondent for an optional follow up).

7. How do we use the information we collect?

(a) How we use your personal information

We use your personal information for a variety of purposes. How and what information we collect about you will depend on the way that you use our Services, for example, whether you are an Administrator, Respondent, or Visitor. In each case, the information we collect, and process is reasonably necessary for our business, including providing you with the Services you would expect from us. We do not collect any information that is not required.

(i) Administrators, Individual Users, and Respondents

Administrators or Individual Users

When you use our services as an Administrator or Individual User, you undertake that you will not use any reports or reporting portals in a way, or with the intention to identify an individual or an individual’s responses.


When you use our Services as a Respondent, we may use your personal information to:

  • provide our Services to the related Client.
  • manage our Services.
  • improve our Services.
  • send you a survey invitation.
  • send you survey reminders.
  • create de-identified aggregated data: To provide Clients with a better understanding of their survey results, we use survey data in a de-identified aggregated form to compare customers’ results to the results of other surveys or other Clients. We also use your survey data to continually improve our Services, including our de-identified aggregated data sets. None of your survey data will be disclosed to other unrelated Clients in a non-aggregated or identifiable form.
  • respond to legal requests and prevent harm: If we receive a legal request or are informed of a situation that may cause harm, or potential harm, to someone, we may need to inspect your personal information or data to respond appropriately to that request or threat.
  • identify you as a user: We may use your information to identify you as a Respondent in our systems.

(ii) Visitors

When you use our Services as a Visitor, we may use your personal information to:

  • contact you for marketing purposes: We may send you news and information about our products or Services that you either request from us, or we believe may interest you (unless prevented by law). In most cases, we will contact you via email.
  • manage our Services.
  • improve our services.

(iii) Anonymity and pseudonyms

In most cases, it will be very difficult for us to provide you with our Services if you do not provide us with your real name and contact details (primarily email). Situations where we might have difficulty interacting with you anonymously, or via a pseudonym, are when you use our Services as a Respondent.

If lawful and practicable, you may use a pseudonym (or simply not identify yourself) when dealing with us. For example, if you have a complaint or concern about our site, or a general question about our Services or this Privacy Policy, you are welcome to contact us without identifying yourself. In some cases, however, if you do not provide us with information, we may not be able to provide you with our products or Services or respond adequately to you.

8. Who has access to your personal information?

(a) General

We will share your personal information with third parties only in the ways that are described in this Privacy Policy. In most cases, the information that we disclose to our employees will be directly necessary to provide our Services to you. However, there may be occasions where we need to disclose your personal information to our employees, service providers, professional advisors or other third parties, including to:

  • Protect our rights or the rights of our employees: There may be situations where disclosing your personal information is necessary to protect the property, health, or safety of Insync or its employees, Clients, or others. For example, exchanging information with other organisations to protect against fraud.
  • Perform actions you request or consent to: You may specifically authorise us to disclose your personal information to a third party. For example, to resolve a dispute regarding our Privacy Policy or to integrate a third-party service. We may also disclose your personal information to a third party with your prior consent.
  • Comply with legal requests: In some situations, we may be compelled to disclose your personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may disclose your personal information to third parties such as law enforcement officials or to comply with court orders, such as subpoenas or other legal processes.
  • Merge or sell our business: We may share some or all of your personal information in connection with or during negotiation of any merger, financing, acquisition or dissolution transaction or proceeding involving the sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of an insolvency, bankruptcy, or receivership, personal information may also be transferred as a business asset. If another company acquires our company, business, or assets, that company will possess the personal information collected by us and will assume and be subject to all the rights and obligations regarding your personal information as described in this Privacy Policy. If Insync is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website, of any change in ownership, uses of your personal information, and choices you may have regarding your personal information.

(b) Disclosures specific to Respondents

When you use our Services as a Respondent, we may also disclose your personal information for the purposes of:

  • Providing the Services: When you answer Surveys, we will disclose that information to the Client. How your answers are displayed and what information may be used to analyse and report your answers (either in an aggregate or individual form) may vary from survey to survey. It is important that you read the Protection Of Your Responses Notice before answering a survey so you understand how your survey answers will be used and the ways they might be shared (if at all).
  • Creating aggregated de-identified data: We may create aggregated de-identified data for any purpose derived from data we hold about you. For example, we may create aggregated de-identified data to share with partners for business or research purposes, or for provision of our Services such as our survey benchmarks.
  • Fulfilling Client requests: Because the Client is the controller of your personal information, we hold and process your personal information on behalf of the Client. There may be occasions when the Client instructs us to disclose your personal information to a third party, such as a consultant or a new service provider. If instructed by the Client to transfer your personal information to a third party, we will sign a data transfer agreement with the Client and the third party if required, to ensure that they continue to observe the Protection of Your Responses Notice for each survey.
  • Preventing harm: We may also disclose your personal information to the Client or relevant authorities if your use of our Services indicates an imminent risk of harm to you or to others around you.

9. What are your rights to your personal information?

(a) General

In Australia you may have rights regarding your personal information, including the right to access, correct, delete, port, limit or stop the use or disclosure of your personal information.

We will respond to requests to access and correct (if necessary) your personal information as soon as possible. You have the following options when exercising your rights:

Access, correction, and deletion: If you want to review, correct (if necessary), or delete the information that we have collected and hold about you, please contact our Privacy Officer at

Data exports: If you request an export of the information that we hold about you, we will provide you with the data in a standard CSV or Excel format. To request a data export, please contact our Privacy Officer at

Newsletter and other communications: If you subscribe to our newsletter(s) or other communications, you may choose to stop receiving those communications by using the unsubscribe instructions included our emails. If there are any ‘unsubscribe’ issues please contact our helpline via

Other queries or requests: If you have a question or want to make a request that is not listed above, please contact our Privacy Officer at

10. How long do we retain your personal information?

(a) Respondents

We retain your personal information for as long as we provide our Services to the Client and until the Client requests us to delete your personal information, or as needed to comply with our legal obligations, resolve disputes or enforce our legal rights. We may keep your personal information in our encrypted and archived backups for up to 90 days from the point that data is no longer required to provide the Services.

(b) Visitors

We will retain your personal information for as long as is necessary to provide our Services to you, or to comply with our legal obligations, resolve disputes, and enforce our legal rights.

11. How do you make a complaint?

(a) Contacting our Privacy Officer

Please contact our Privacy Officer if you have any complaints about our compliance with this Privacy Policy or relevant privacy laws. We will treat your complaint seriously, and will investigate any alleged breach, including how it occurred, and how best to prevent future breaches (if relevant). You can contact our Privacy Officer at

(b) Australian Privacy Act complaints

If you live in Australia and have any complaints regarding our compliance with the Australian Privacy Act, please contact our Privacy Officer at However, if you are dissatisfied with our handling of your complaint, you may raise your complaint with the Office of the Australian Information Commissioner by contacting them at:

12. Cookies Policy

(a) Website tracking

We and our marketing partners, affiliates, or analytics or service providers, use technologies such as cookies, beacons, tags, and scripts, to analyse trends, administer the Website, track users’ movements around the Website, and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual and aggregated basis.

We use cookies to remember users’ settings and preferences, and for session management. Users can control the use of cookies at the individual browser level. If you reject cookies, you may still use our Services, but your ability to use some features or areas of our Services may be limited.

(b) Surveys and Portals

We use and require session cookies for filling out surveys and for authentication to access secure cloud portals. Authentication cookies are retained for the length of a session by default and you can optionally choose to retain cookies to remain logged in for longer periods to selected services.

13. Additional information

(a) Sensitive Personal Data

If you send or disclose any sensitive personal information (e.g. information related to racial or ethnic origin, sexual orientation or physical or mental health condition) to us when using the Services, you consent to our processing and use of such sensitive personal data as necessary to provide the Services. If you do not consent to our processing and use of such sensitive personal information, you must not submit sensitive personal information to our Services. You may subsequently modify or withdraw your consent to processing of sensitive personal data in accordance with applicable laws in certain jurisdictions and according to Section 8 of this Privacy Policy.

If you do not want the Client to send us sensitive personal information about you, you must make such request directly to the Client.

(b) Testimonials

We display Customer or user testimonials and other endorsements on our Websites. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial or any other endorsement, please contact us at

14. Notification of Data Breaches

We recognise the obligation to notify affected individuals, as well as the Australian Information Commissioner, of an ‘eligible data breaches’ as defined for the purposes of Part IIIC of the Act.

15. Insync contact details

If you have any questions, concerns or complaints about our Privacy Policy or our data collection or data processing practices, or if you want to report any data privacy concerns or data security issues, please contact us at the address below, where we will assist or refer your question, concern or complaint to the appropriate party.



Attention: Privacy Officer – Level 27, 367 Collins Street, Melbourne, VIC, 3000, Australia.

16. Definitions

In this Privacy Policy, a reference to:

Administrator means any person who has log in credentials to a Client Portal to review and share survey results;

Client or Company means, in relation to you, the person or entity that has contracted with Insync to allow you to use Insync’s Services. The Client or Company will generally be (i) your employer, or an identified subgroup (i.e., division, department, etc.) within your employer, or (ii) a Client or Company that considers you their client or customer or stakeholder;

Data means any content or data that you or third parties submit to Insync using the Services;

Individual user means a person authorised by you who has access to the feature in our Services which allows individuals to view survey results, share with others, create action plans, and share these action plans with other individuals in their Company;

Insync, we, us, or our means Insync Surveys Pty Ltd (ABN 58 108 768 958) of Level 27, 367 Collins Street, Melbourne VIC 3000, Australia, and any of its related bodies corporate;

Protection of Your Responses Notice means the notice given to Respondents at the time of answering a survey conducted by the Client, including the degree of confidentiality and/or anonymity that the Respondent will have when answering a survey;

Respondent means any person who accesses our Services to answer surveys (either wholly or partially) conducted by the Client using the Services;

Services means all products (including related mobile applications), services and Websites offered by Insync;

Visitor means any person who visits our Websites;

Websites means, collectively, as well as the other websites and portals that Insync operate and that link to this Privacy Policy; and

“You” or “your” means either an Administrator, Respondent, Individual User or Visitor, as applicable.

  • Talk to us

    Let us help you map your success.

    Contact Us