Privacy Policy

Grozaic Pty Ltd (ABN: 93 692 317 730) (“Grozaic”) is committed to protecting personal information and maintaining the highest standards of data integrity and security.

This Privacy Policy explains how we collect, use, store, and protect personal information in connection with our platform and Services.

Grozaic Pty Ltd (“Grozaic”, “we”, “us”, or “our”) operates a team performance diagnostic platform and provides related analytics and advisory Services.

We are committed to protecting personal information and handling it in a transparent, secure, and responsible manner.

If you have any questions regarding this Privacy Policy, you may contact us at:

Email: support@grozaic.com

This Privacy Policy explains how we collect, use, store, disclose, and protect personal information when you:

• Visit our website
• Register for or purchase a Grozaic Team Dynamics Assessment
• Participate in a team diagnostic survey
• Access or use our platform
• Communicate with us
• Subscribe to marketing communications

This Policy applies to corporate clients, individual participants, website visitors, and prospective customers.

We may collect the following categories of personal information:

• Full name
• Email address
• Telephone number
• Company name
• Job title
• Account login credentials

• Responses to diagnostic surveys
• Role or team-level information
• Participation metadata (e.g., completion status, timestamps)
• Organisational context provided during on-boarding

• Billing address
• Company billing details
• Transaction information

Payments are securely processed through third-party payment providers (currently Stripe).

We do not store full credit card details.

• IP address
• Device type
• Browser type
• Website usage data
• Cookie data
• Analytics information

• Communication preferences
• Newsletter subscription data

We collect personal information:

• Directly from you when you complete forms, create an account, or participate in assessments
• From corporate clients who engage our Services
• Automatically through cookies and analytics tools
• Through third-party service providers that support our platform

Depending on the context, Grozaic may act as either a data processor or a data controller.

For assessment and survey data collected through our platform on behalf of a client organisation, Grozaic acts as a data processor.

In this capacity:

• The client organisation determines the purpose and lawful basis for processing.
• Grozaic processes data solely in accordance with the client’s instructions.
• Requests to access, correct, or delete assessment data should generally be directed to the client organisation.

Grozaic acts as a data controller for data we collect and determine the purpose of processing, including:

• Website visitor information
• Marketing and newsletter subscriptions
• Sales inquiries
• Customer support communications
• Billing and payment information
• Diagnostic Data usage in whitepapers, reports or published performance data

In these cases, Grozaic determines how and why personal information is processed.

Where applicable under data protection laws, Grozaic processes personal information based on one or more of the following legal grounds:

• Contractual necessity – to provide Services requested by you or your organisation
• Legitimate interests – to improve our Services, maintain security, and develop benchmarking insights
• Consent – for marketing communications and certain cookies
• Legal obligations – to comply with applicable laws and regulatory requirements

Where Grozaic acts as a data processor, the client organisation determines the lawful basis for processing.

We use personal information to:

• Deliver and administer Grozaic assessments
• Generate team-level analytics and reports
• Provide customer support
• Communicate about Services and updates
• Process payments
• Improve our platform and methodologies
• Comply with legal obligations
• Send marketing communications (where consent has been provided)

We do not sell personal information.

Grozaic operates a diagnostic and benchmarking platform.

Individual Responses

Individual survey responses are de-identified before inclusion in reports.

Organisational Data

Client organisations retain ownership of identifiable organisational data submitted to the platform.

Aggregated & Anonymised Data

Grozaic may:

• Aggregate data across organisations
• Use anonymised data for benchmarking, research, analytics, product development, and thought leadership

Such data will not identify any individual participant or organisation.

Grozaic retains ownership of aggregated benchmark datasets and analytical methodologies derived from anonymised data.

We may disclose personal information to:

• Cloud hosting and infrastructure providers
• Analytics providers
• Payment processors
• IT and security service providers
• Professional advisors
• Regulatory authorities if required by law

We ensure that third-party service providers are contractually required to handle personal information securely and in accordance with applicable laws.

Grozaic operates internationally. Personal information may be processed and stored on servers located in the United States. In some cases, data may also be accessed by authorized service providers located in other jurisdictions.

We take reasonable steps to ensure appropriate safeguards are in place for such transfers.

We retain personal information only for as long as necessary to:

• Provide our Services
• Maintain benchmarking integrity
• Comply with legal obligations
• Resolve disputes

Where possible, assessment data is anonymised for long-term benchmarking use.

You may request deletion of personal information, subject to contractual and legal requirements.

We implement reasonable technical and organisational safeguards to protect personal information from unauthorised access, misuse, disclosure, loss, or alteration.

However, no system is completely secure, and we cannot guarantee absolute security.

Grozaic maintains robust technical and organisational safeguards to ensure the confidentiality, integrity, and availability of platform data.

• In-Transit Security: All data transmitted between user interfaces and Grozaic servers is encrypted using industry-standard SSL/TLS protocols.
• At-Rest Encryption: Sensitive data is secured within our databases using advanced, industry-recognized encryption algorithms to prevent unauthorized access.

• Role-Based Access Control (RBAC): Grozaic enforces strict logical access controls. System data is restricted exclusively to authorized personnel required to perform specific operational duties.
• Personnel Protocols: All employees undergo mandatory privacy and security training and are bound by strict confidentiality agreements. Internal access logs are continuously monitored and audited.

• Privacy by Design: Security and privacy considerations are taken into account during the Grozaic software development lifecycle, including code reviews and security reviews conducted as part of the development workflow prior to deployment.
• Data Anonymization: To protect individual identities while delivering team performance diagnostics, data is anonymized and aggregated wherever applicable.

• Environment Security: Grozaic servers are hosted in secure, controlled, and compliance-certified data centers equipped with 24/7 monitoring.
• Infrastructure Monitoring: Our infrastructure includes monitoring practices, periodic security reviews, and security updates aimed at identifying and addressing potential security threats.

We use cookies and similar technologies to:

• Enable website functionality
• Improve user experience
• Analyse website traffic
• Support marketing activities

You may manage cookie preferences through your browser settings. Additional details are available in our Cookie Policy.

Grozaic’s Services are not directed to individuals under the age of 16.

We do not knowingly collect personal information from children under 16. If we become aware that such data has been collected, we will take reasonable steps to delete it.

Depending on your jurisdiction and our role (processor or controller), you may have the right to:

• Request access to personal information
• Request correction of inaccurate data
• Request deletion of personal data
• Object to certain processing activities
• Withdraw consent for marketing communications
• Lodge a complaint with a relevant regulatory authority

Where Grozaic acts as a processor, requests should generally be directed to the client organisation.

Where Grozaic acts as a controller, you may contact us directly at support@grozaic.com.

We may need to verify your identity before responding to requests.

If you have concerns about how we handle personal information, please contact us at support@grozaic.com.

We will investigate and respond within a reasonable time-frame.

You may also lodge a complaint with the relevant privacy regulator in your jurisdiction.

We may update this Privacy Policy from time to time.

The most current version will always be posted on our website with a revised “Last Updated” date.

Continued use of our Services after updates constitutes acceptance of the revised Policy.