Privacy Policy

Last updated:

This Privacy Policy explains how DHI ("we", "our", "us")—based in Melbourne, Australia—collects, uses, discloses, and protects personal information. It covers data provided when you submit an enquiry, communicate with us by email or phone, meet with our team, or interact with our website and related digital services. We aim to be transparent, practical, and compliant with Australian privacy law while providing you with clear choices and support.

Who We Are

DHI is a technology and insights company headquartered in Melbourne, Australia. We provide products and consulting services that combine qualitative expertise and data‑driven analytics. References to “DHI”, “we”, or “us” in this Policy mean the DHI entity responsible for handling your personal information, which can be contacted using the details in the Contact Us section.

What This Policy Covers

This Policy describes how we handle personal information relating to individuals who interact with us, including website visitors, prospective and current customers, suppliers and their representatives, event participants, and job applicants. “Personal information” means information about an identified individual or an individual who is reasonably identifiable. We use the terms “process” and “processing” to refer to activities such as collecting, using, storing, disclosing, and otherwise handling personal information.

Information We Collect

We collect only the personal information we reasonably need to respond to enquiries, operate our business, and deliver services. The personal information we handle typically includes:

  • Identity and contact: name, role/title, organisation, email address, phone number, and location (e.g., city, country) so we can respond effectively and tailor communications.
  • Enquiry details: the information you share about your goals, timelines, scope, data sources, constraints, and any background materials you provide (documents or links) to help us evaluate how we can assist.
  • Commercial records: notes of meetings or workshops, proposals, quotes, statements of work, contracts, and communications relating to negotiation or delivery of services.
  • Website/technical data: IP address, device and browser type, pages viewed, referring/exit pages, timestamps, approximate location, and cookie identifiers to maintain site reliability and understand usage trends.
  • Support interactions: helpdesk or email threads, issue descriptions, diagnostic logs, and resolution notes so we can track and improve support quality.
  • Preference data: your stated interests (e.g., sectors, product features), communication preferences, and event participation to keep messages relevant.

How We Use Information

We use personal information for the purposes below. Where required, we will ask for your consent, and you can withdraw it at any time.

  • Responding to enquiries: to contact you, understand your needs, provide information about our capabilities, and schedule meetings or demonstrations.
  • Scoping and delivery: to prepare proposals and statements of work, onboard project teams, deliver services, and manage project communications and change requests.
  • Operations and security: to administer our website and infrastructure, monitor performance, detect fraud or abuse, and keep systems secure and reliable.
  • Service improvement: to analyse trends, develop new features, improve documentation and processes, and train staff using aggregated insights.
  • Legal and compliance: to maintain business records, manage risk, resolve disputes, and comply with applicable laws, regulations, and professional obligations.
  • Updates and invitations: where appropriate, to send product news, thought leadership, and event invitations—always respecting your preferences and applicable laws.

Governing Law and Legal Basis

We operate from Melbourne, Australia. We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where we handle personal information of individuals in other jurisdictions (such as the European Economic Area or the United Kingdom), we may also rely on legal bases recognised under the EU/UK GDPR, in addition to meeting our Australian obligations.

  • Australia (Privacy Act 1988 (Cth) and APPs): We collect personal information where it is reasonably necessary for our functions or activities (APP 3), provide collection notices (APP 5), use and disclose information for the primary purpose of collection or a related secondary purpose you would reasonably expect (APP 6), take reasonable steps to protect information (APP 11), manage cross‑border disclosures responsibly (APP 8), and respond to access and correction requests (APPs 12 and 13).
  • EU/UK (where applicable): For individuals located in the EEA or UK, our processing may rely on one or more of the following legal bases: consent; performance of a contract or steps at your request prior to entering a contract; legitimate interests (for example, responding to your enquiry, improving services, securing systems); and compliance with legal obligations. Where required, we implement additional safeguards such as Standard Contractual Clauses or UK International Data Transfer Agreements for cross‑border transfers.

How We Collect Information

We collect personal information in several ways depending on your interactions with us:

  • Directly from you: when you complete forms, send emails, book meetings, or speak with our team.
  • Automatically: when you use our website or digital services, through cookies, logs, and similar technologies.
  • From third parties: such as event partners, referrers, publicly available sources, or service providers assisting with recruitment, marketing, or security.

Sensitive Information

We generally do not seek to collect sensitive information (for example, health information or information about racial or ethnic origin). If such information is necessary for a specific purpose, we will only collect and process it with your consent or where otherwise permitted by law, and we will apply additional protections appropriate to its sensitivity.

Data Sharing

We disclose personal information in limited circumstances and with appropriate safeguards. Typical disclosures include:

  • Service providers: we engage trusted vendors for cloud hosting, email and collaboration, analytics, customer support, security monitoring, and document storage. These providers process personal information on our instructions and are subject to confidentiality and security obligations.
  • Professional advisers: accountants, auditors, insurers, and legal advisers may access limited information where reasonably necessary for advisory, audit, or insurance purposes.
  • Legal and safety: we may disclose information when required by law, regulation, court order, or to protect rights, privacy, safety, systems, or property of you, us, or others.
  • Business changes: if we undergo a merger, acquisition, or reorganisation, information may be transferred under appropriate confidentiality and safeguard arrangements.

Data Retention

We retain personal information only for as long as necessary for the purposes set out in this Policy, including responding to enquiries, providing services, and meeting legal, accounting, and reporting obligations. We apply retention criteria that consider the nature of the data, legal limitation periods, operational needs, and our obligations under the Privacy Act and APPs. We periodically review the information we hold and securely delete or de‑identify data that is no longer required.

For guidance, enquiry correspondence is typically reviewed every 12–24 months if no engagement proceeds; project and contract records are generally retained for at least 7 years to meet legal and tax requirements; and system logs may be retained for shorter operational periods. Actual retention times may vary based on legal or business requirements.

Security

We use administrative, technical, and physical safeguards designed to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. Measures include account access controls, encryption in transit (e.g., HTTPS/TLS), hardened and monitored cloud infrastructure, vulnerability management, least‑privilege access, staff training, and documented incident response processes. While no method is entirely risk‑free, we actively assess and improve our controls.

Storage and Location

We store personal information in secure systems operated by us and by reputable cloud service providers. Data may be stored in Australia or in other jurisdictions where our service providers operate. We select providers that implement robust security controls and enter into contracts that govern confidentiality, security, and permitted processing activities.

International Transfers

We may process and store information in Australia and in other countries where our service providers are located. When disclosing personal information overseas, we take reasonable steps to ensure that the recipient will handle it in a manner consistent with the APPs (APP 8). Where GDPR/UK GDPR applies, we implement appropriate safeguards for cross‑border transfers, such as Standard Contractual Clauses or the UK International Data Transfer Agreement, and assess the risk profile of relevant jurisdictions and vendors.

Your Rights

Depending on your location and subject to applicable law, you may have rights over your personal information. These can include rights to access, correction, deletion, restriction or objection to processing, and portability. We will not discriminate against you for exercising these rights.

Australia: You may request access to the personal information we hold about you and request corrections if you believe it is inaccurate, incomplete, or out‑of‑date. We will respond within a reasonable time and, where we refuse a request as permitted by law, we will provide written reasons and how to lodge a complaint.

EEA/UK (where applicable): You may have additional rights including erasure, restriction, objection to processing (including direct marketing), and data portability. Where processing is based on consent, you can withdraw consent at any time without affecting prior processing.

How to exercise your rights: Contact us using the details below. To protect your privacy, we may ask you to verify your identity before we act on your request. We aim to respond promptly in accordance with applicable laws.

Your Choices

You can manage how we use your information for certain activities:

  • Marketing communications: unsubscribe using the link in our emails or contact us to update your preferences.
  • Cookies: adjust your browser settings to block or delete cookies. Some features may not function without certain cookies.
  • Direct marketing: you can ask us at any time not to use your details for direct marketing.
  • Information you provide: if you choose not to provide requested information, we may be unable to respond fully to your enquiry or deliver requested services.

Cookies and Analytics

We use cookies and similar technologies to keep our site secure and reliable, remember preferences, and understand aggregate usage patterns. Categories may include essential/strictly necessary cookies, functionality cookies, performance/analytics cookies (e.g., via Google Analytics or Tag Manager), and security‑related cookies. Where configured, analytics tools may truncate or anonymise IP addresses and report trends in aggregate.

You can control cookies via your browser settings (e.g., blocking or clearing cookies). Disabling some cookies may affect site functionality. Where local law requires, we will present consent choices or honour platform signals as applicable.

Third‑Party Links

Our website may link to third‑party websites, documents, or services for your convenience. We are not responsible for the privacy practices, content, or security of those third parties. We recommend reviewing the privacy statements and terms of any third‑party services you use.

Children’s Privacy

Our services are intended for business and professional audiences and are not directed to children. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will take appropriate steps to delete the information or obtain verifiable consent, as required by law.

Changes to This Policy

We may update this Privacy Policy to reflect operational, legal, or regulatory changes. We will post the updated version on this page and revise the “Last updated” date above. Material changes that meaningfully affect how we handle your information will be highlighted where feasible. We encourage you to review this page periodically.

Contact Us

If you have questions, requests, or concerns about this Privacy Policy or how we handle personal information, please contact:

DHI
121 King Street
Melbourne 3000 VIC, Australia
insights@dhi-ai.com · +61 451 396 871

Complaints in Australia: If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC). Visit oaic.gov.au, call 1300 363 992, or write to GPO Box 5218, Sydney NSW 2001.