Colbert Group

Privacy Policy

Effective Date: 22 December 2025
Last Updated: 22 December 2025

1. Introduction

The Colbert Group of Companies Pty Ltd and its subsidiaries (collectively, "Colbert Group", "we", "us", or "our") are committed to protecting the privacy and security of personal information. This Privacy Policy explains how we collect, use, disclose, store, and protect personal data in accordance with applicable privacy and data protection laws across our operating jurisdictions: Australia, New Zealand, Singapore, the United States, and the United Kingdom.

This Privacy Policy applies to all entities within the Colbert Group, including but not limited to:

  • Colbert Group of Companies Pty Ltd (the corporate parent entity)

  • Offline Insight

  • Canvass Agency

  • All other entities owned in whole or in part by the Colbert Group

By engaging with our services, visiting our websites, or otherwise interacting with the Colbert Group, you acknowledge that you have read and understood this Privacy Policy.

2. Scope and Application

This Privacy Policy applies to personal information collected from:

  • Clients and prospective clients

  • Employees and contractors

  • Suppliers and business partners

  • Website visitors and users of our digital platforms

  • Any other individuals who interact with the Colbert Group

3. Information We Collect

3.1 Types of Personal Information

We collect the following categories of personal information necessary to provide our services:

  • Contact Information: Name, email address, phone numbers, postal address

  • Professional Information: Job title, company name, business contact details

  • Digital Engagement Data: Information about your interactions with our businesses, including website visits, email engagement, content downloads, and responses to marketing communications

  • Technical Information: IP address, browser type, device information, cookie identifiers, and similar tracking data

  • Communications: Records of correspondence and communications with us

We do not collect sensitive personal data such as financial information, health records, or biometric data.

3.2 Methods of Collection

We collect personal information through various means, including:

  • Direct interactions (in-person meetings, telephone calls, email correspondence)

  • Our websites and mobile applications (where applicable)

  • Third-party data brokers and data suppliers

  • Digital marketing platforms and advertising networks

  • Industry groups and professional organisations

  • Publicly available sources

  • Business partners and affiliates

3.3 Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies across our digital assets to:

  • Enhance user experience and website functionality

  • Analyse website traffic and user behaviour

  • Deliver targeted advertising and personalised content

  • Measure the effectiveness of our marketing campaigns

You can manage cookie preferences through your browser settings. However, disabling certain cookies may limit your ability to use some features of our websites.

4. How We Use Your Information

We collect and process personal information for the following purposes:

4.1 Service Delivery

  • To provide services that clients have purchased

  • To communicate with clients regarding their accounts and services

  • To respond to enquiries and provide customer support

  • To process transactions and manage billing

4.2 Marketing and Sales

  • To send marketing messages and promotional materials to clients, leads, and prospects

  • To conduct targeted advertising campaigns through digital channels

  • To engage in direct outreach via phone calls, emails, and direct messages

  • To analyse marketing performance and optimise campaigns

Marketing Consent: Consent for marketing purposes is obtained as part of our lead generation process. You may withdraw consent or opt out of marketing communications at any time through our preference centre or by contacting us directly.

4.3 Business Operations and Analytics

  • To maintain and improve our services

  • To conduct data analytics and business intelligence

  • To analyse performance metrics and customer satisfaction

  • To develop new products and services

4.4 Automated Decision-Making and Profiling

We engage in automated decision-making and profiling activities through our in-house Customer Relationship Management (CRM) system. This includes:

  • Lead scoring and qualification

  • Customer segmentation for targeted marketing

  • Predictive analytics to improve service delivery

  • AI and machine learning applications to enhance business operations

These automated processes help us allocate resources efficiently and provide more personalised services.

4.5 Legal and Compliance

  • To comply with legal obligations and regulatory requirements

  • To enforce our terms and conditions

  • To protect our rights, property, and safety, and that of our clients and third parties

  • To respond to lawful requests from government authorities

5. How We Share Your Information

5.1 Within the Colbert Group

Personal data is accessible to and may be shared among entities within the Colbert Group for the purposes outlined in this Privacy Policy. All group entities are required to handle personal information in accordance with this policy and applicable privacy laws.

5.2 Third-Party Service Providers

We engage third-party service providers to support our business operations, including:

  • Cloud hosting and data storage providers

  • CRM systems and marketing automation platforms (including HubSpot)

  • Email service providers and communication tools

  • Analytics and data processing services

  • IT support and security services

Personal data is not directly shared with these service providers beyond what is necessary for them to perform their functions. All third-party providers are contractually obligated to maintain appropriate security measures and use personal data only for specified purposes.

5.3 Business Partners and Affiliates

We do not share personal data directly with business partners or affiliates. However, unattributed or aggregated data may be provided as part of the products and services we sell, provided such data does not identify individuals.

5.4 Government Authorities

We may disclose personal information to government authorities, law enforcement, or regulatory bodies only where required by law, including:

  • In response to valid legal processes (subpoenas, court orders, warrants)

  • To comply with regulatory reporting obligations

  • To protect against fraud, security threats, or illegal activities

  • To protect the rights, property, or safety of the Colbert Group, our clients, or the public

5.5 Corporate Transactions

In the event of a merger, acquisition, reorganisation, or sale of assets, personal information may be transferred to the successor entity, subject to the same privacy protections outlined in this policy.

6. International Data Transfers

The Colbert Group operates primarily from Australia, and all data operations are managed from within Australia regardless of the location of clients. However, personal data may be stored on servers located in the United States or other jurisdictions through our third-party service providers.

The location of data storage may change from time to time without prior notice. When personal data is transferred internationally, we implement appropriate safeguards to ensure the data remains protected in accordance with applicable privacy laws, including:

  • Standard Contractual Clauses approved by relevant data protection authorities

  • Adequacy decisions recognising equivalent privacy protections

  • Contractual commitments with service providers to maintain appropriate security standards

We do not transfer personal data to countries outside Australia, New Zealand, Singapore, the United States, and the United Kingdom, except as may be necessary for the provision of services by our technology providers.

7. Data Security

We are committed to protecting personal information through appropriate technical and organisational security measures. Our CRM data is stored within HubSpot, a leading customer relationship management platform with robust security standards.

Security measures include, but are not limited to:

  • Encryption of data in transit and at rest

  • Access controls and authentication mechanisms

  • Regular security monitoring and threat detection

  • Employee training on data protection and security practices

  • Vendor security assessments and contractual security requirements

For detailed information about HubSpot's security practices, please visit: https://legal.hubspot.com/security

Despite our security measures, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect personal information, we cannot guarantee absolute security.

8. Data Retention

We retain personal information indefinitely unless:

  • Disposal is specifically requested by a customer, lead, or data subject

  • Retention is no longer necessary for the purposes for which the data was collected

  • Deletion is required by applicable law

  • We determine that continued retention is no longer appropriate for business purposes

When determining appropriate retention periods, we consider:

  • The nature and sensitivity of the personal information

  • The purposes for which the information is processed

  • Legal, regulatory, and contractual obligations

  • Potential legal claims and disputes

  • Business operational requirements

Upon expiry of applicable retention periods or upon request for deletion, we will securely delete or anonymise personal information in accordance with our data retention and disposal procedures.

9. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

9.1 Right of Access

You have the right to request confirmation of whether we process your personal information and to obtain access to that information.

9.2 Right to Correction

You may request correction or updating of inaccurate or incomplete personal information we hold about you.

9.3 Right to Deletion (Right to be Forgotten)

You may request deletion of your personal information in certain circumstances, including where:

  • The information is no longer necessary for the purposes for which it was collected

  • You withdraw consent (where processing is based on consent)

  • You object to processing and there are no overriding legitimate grounds

  • The information has been unlawfully processed

  • Deletion is required to comply with legal obligations

9.4 Right to Restriction of Processing

You may request restriction of processing of your personal information in certain circumstances.

9.5 Right to Data Portability

Where technically feasible and legally required, you have the right to receive personal information you have provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

9.6 Right to Object

You have the right to object to processing of your personal information for direct marketing purposes at any time. You may also object to processing based on legitimate interests or for research and statistical purposes.

9.7 Right to Withdraw Consent

Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing prior to withdrawal.

9.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the relevant data protection authority in your jurisdiction if you believe we have violated your privacy rights.

9.9 How to Exercise Your Rights

To exercise any of these rights, please contact us using the details provided in Section 15 below. Our team will work with you to fulfil your request in accordance with applicable law. We will respond to requests within the timeframes required by applicable privacy legislation.

We may require verification of your identity before processing requests to protect against unauthorised access to personal information.

10. Marketing Communications and Preference Management

We send marketing communications to clients, prospects, and leads who have provided consent or where we have a legitimate interest to do so. All personal data is housed within HubSpot and updated in line with submissions from clients during lead generation.

You may opt out of marketing communications at any time by:

  • Using the unsubscribe link in marketing emails

  • Accessing our preference centre to manage your communication preferences

  • Contacting us directly using the details in Section 15

Please note that even if you opt out of marketing communications, we may still send you transactional or service-related communications necessary to provide services you have requested.

11. Telemarketing and Email Marketing Compliance

We engage in telemarketing and email marketing activities in compliance with applicable laws and regulations, including:

  • Australia: Spam Act 2003 and Do Not Call Register Act 2006

  • New Zealand: Unsolicited Electronic Messages Act 2007

  • United States: CAN-SPAM Act, Telephone Consumer Protection Act (TCPA), and state-specific regulations

  • United Kingdom: Privacy and Electronic Communications Regulations (PECR)

  • Singapore: Spam Control Act

We maintain opt-out lists and honour do-not-contact requests in accordance with these regulations.

12. Children's Privacy

Our services are directed at businesses and professionals. We do not knowingly collect personal information from children under the age of 13 (or 16 in the UK and EU jurisdictions). If we become aware that we have inadvertently collected personal information from a child under these ages, we will take steps to delete such information promptly.

13. Jurisdiction-Specific Provisions

13.1 Australia

This Privacy Policy complies with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Our Privacy Officer manages compliance with Australian privacy obligations. Australian residents may lodge complaints with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

13.2 New Zealand

We comply with the Privacy Act 2020 (NZ) and the information privacy principles contained therein. New Zealand residents may lodge complaints with the Office of the Privacy Commissioner at www.privacy.org.nz.

13.3 Singapore

We are not currently registered under the Personal Data Protection Act 2012 (PDPA). We are evaluating our obligations under Singapore law and will register as required. Singapore residents may contact the Personal Data Protection Commission at www.pdpc.gov.sg with privacy concerns.

13.4 United States

We operate remotely from Australia with the ability to service clients in all 50 U.S. states. We comply with applicable state privacy laws, including:

  • California: California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)

  • Virginia: Consumer Data Protection Act (CDPA)

  • Colorado: Colorado Privacy Act (CPA)

  • Connecticut: Connecticut Data Privacy Act (CTDPA)

  • Utah: Utah Consumer Privacy Act (UCPA)

California Residents: Under the CCPA/CPRA, California residents have specific rights including the right to know what personal information is collected, the right to delete personal information, the right to opt out of the sale or sharing of personal information, and the right to non-discrimination for exercising these rights. We do not "sell" personal information as defined by the CCPA. However, our use of certain advertising and analytics technologies may constitute "sharing" for cross-context behavioural advertising purposes. California residents may opt out of such sharing by contacting us.

U.S. residents may also have rights under other applicable state laws. To exercise these rights, please contact us using the details in Section 15.

13.5 United Kingdom

We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. UK residents have rights under these laws, including those outlined in Section 9 above. You may lodge complaints with the Information Commissioner's Office (ICO) at www.ico.org.uk.

Legal Basis for Processing (UK and EEA): We process personal information based on the following legal grounds:

  • Consent: Where you have provided clear consent for specific processing purposes

  • Contract: Where processing is necessary to perform a contract with you

  • Legal Obligation: Where processing is required to comply with legal requirements

  • Legitimate Interests: Where processing is necessary for our legitimate business interests, provided these are not overridden by your rights and interests

14. Data Breach Response

In the event of a data breach involving personal information, we will:

  • Promptly investigate the nature and scope of the breach

  • Take immediate steps to contain and remediate the breach

  • Assess the risk to affected individuals

  • Notify relevant data protection authorities within required timeframes where legally mandated

  • Notify affected individuals where required by law or where the breach poses a significant risk

  • Document the breach and our response for regulatory compliance

  • Implement additional safeguards to prevent future breaches

Our data breach response procedures are designed to comply with notification requirements under applicable privacy laws in all jurisdictions in which we operate.

15. Contact Information and Privacy Officer

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Privacy Officer:

Privacy Officer: Lewis Colbert, Group Founder & Managing Director

Company: Colbert Group of Companies Pty Ltd

Email: privacyofficer@colbertgrp.com

Phone: +61 341 511 927

We will respond to all privacy-related enquiries and requests within reasonable timeframes and in accordance with applicable legal requirements.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make material changes to this policy, we will:

  • Update the "Last Updated" date at the top of this policy

  • Notify affected individuals where required by law

  • Publish the updated policy on our websites

We encourage you to review this Privacy Policy periodically to stay informed about how we protect personal information. Your continued use of our services after changes have been made constitutes acceptance of the updated Privacy Policy.

17. Language and Interpretation

This Privacy Policy is prepared in English. In the event of any conflict between the English version and any translation, the English version shall prevail to the extent permitted by law.

Do what your competition can't.

© 2025 Colbert Group of Companies Pty. Ltd. All rights reserved.

Do what your competition can't.

© 2025 Colbert Group of Companies Pty. Ltd. All rights reserved.

Do what your competition can't.

© 2025 Colbert Group of Companies Pty. Ltd. All rights reserved.