Privacy Policy
This policy explains how Kongo Group Pty Ltd collects, holds, uses and discloses personal information, and how you can access or correct your information or make a complaint. We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
1. Who we are
Kongo Group Pty Ltd, trading as Kongo Industries, is a CRM consultancy that designs, implements and supports CRM platforms and related integrations, principally on HubSpot. Our office is at Level 4, 459 Church Street, Richmond VIC 3121, Australia.
This policy covers personal information we collect and hold in the course of running our business, including information about clients, prospective clients, suppliers, website visitors and job applicants. Section 4 explains how we handle personal information contained in systems we operate on behalf of clients.
2. What personal information we collect
We collect the following kinds of personal information:
- Business contact information: name, role, organisation, work email address and work phone number of clients, prospective clients and suppliers.
- Enquiries and correspondence: information you provide through website forms, email or meetings, including meeting recordings and transcripts where you have been informed that a call is being recorded.
- Billing information: invoicing contacts and payment records. Card payments are processed by our payment provider; we do not store card numbers.
- Website usage information: pages visited, approximate location, and device and browser data, collected via cookies and analytics (see section 8).
- Job applicant information: CVs, work history and referee details provided to us.
We do not collect sensitive information as defined in the Privacy Act (such as health information, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, criminal record or biometric information), and we do not adopt, use or disclose government related identifiers.
3. How we collect and hold personal information
We collect personal information directly from you when you submit a form on this website, email or call us, meet with us, or work with us during an engagement. In some cases your organisation provides us with your details, for example when you are nominated as a project contact. Website usage information is collected automatically as described in section 8.
Personal information is held in our CRM, email and document systems, billing systems, and the AWS (Sydney) infrastructure that runs our own platforms. We retain personal information only as long as it is needed for the purposes set out in section 5 or as required by law, after which it is deleted or de-identified.
We protect personal information with technical and organisational measures including multi-factor authentication across our systems, encryption in transit and at rest, least-privilege access controls, central logging, and a tested incident response plan. We operate an AI management system aligned to ISO/IEC 42001 (certification in progress) and our security controls are continuously monitored on Vanta, our compliance platform. Our current certifications, policies and control status are published at trust.hellokongo.com.
4. Personal information we handle on behalf of clients
In implementing and supporting CRM systems, our consultants may access personal information held in systems controlled by our clients, such as customer records. We access that information only as necessary to configure, test and support the relevant system on the client’s instruction, using named accounts with least-privilege access. We do not use it for our own purposes or disclose it to any other party.
For that information, the client remains the entity responsible under the Privacy Act, and the client’s own privacy policy applies. Our obligations to clients are set out in our engagement terms.
5. How we use personal information
We collect, hold and use personal information to:
- deliver and support our services;
- manage accounts, engagements and billing;
- respond to enquiries;
- operate and improve this website and our own systems;
- send marketing communications about our services, each of which includes an unsubscribe option;
- assess job applications; and
- comply with our legal obligations.
We do not sell personal information.
6. Disclosure of personal information
We disclose personal information to the service providers we use to run our business, including our CRM and marketing platform, cloud hosting providers, payment processors, communication and meeting tools, and the AI tools described in section 7. We may also disclose personal information to professional advisers, and to government agencies or regulators where required by law.
Some of these providers store or process data outside Australia, principally in the United States. Where that occurs, we take reasonable steps to ensure personal information is handled consistently with the APPs, including contracting with providers under data processing terms and reviewing their security posture as part of our vendor management programme. Our own platform infrastructure is hosted in AWS Sydney.
7. AI and automated processing
We use AI systems in delivering our services and operating our business. Each system is governed by our AI management system, aligned to ISO/IEC 42001 (certification in progress), which includes impact assessments and a maintained risk register. No decision that produces a legal or similarly significant effect on an individual is made solely by automated means. Further information about the AI systems we use is available at trust.hellokongo.com.
8. Cookies and analytics
This website runs on HubSpot and uses cookies for analytics and to remember preferences, including which pages are visited, the approximate location of visitors, and whether a visitor has been to the site before. We use this information to understand how the website is used and to improve it.
You can manage cookies through the consent banner on this website and through your browser settings, including blocking or deleting cookies. The website remains usable without them, although some forms and preferences may not function as smoothly.
9. Access, correction and complaints
You may request access to the personal information we hold about you, request a copy of it, or ask us to correct it. Contact us at adrian@hellokongo.com, by post at Kongo Group Pty Ltd, Level 4, 459 Church Street, Richmond VIC 3121, or by phone on +61 414 280 097. We respond to requests within 30 days and do not charge a fee for making a request.
If you believe we have mishandled your personal information, please contact us first using the details above. We will investigate and respond in writing within 30 days. If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or on 1300 363 992.
10. Data breaches
We are subject to the Notifiable Data Breaches scheme under the Privacy Act. If a data breach occurs that is likely to result in serious harm, we will assess it promptly and notify the OAIC and affected individuals as the scheme requires.
11. Changes to this policy
We review this policy regularly and update it when our practices change. The current version, including its effective date, is always available on this page.