Privacy Policy

Your privacy is important to us. It is Elker’s policy to respect your privacy regarding any information we may collect from you on this website.

This Privacy Policy explains how Elker Pty Ltd ABN 92 650 350 351 (“Elker”, “we”, “us” or “our”) collects and uses Personal Information through the Elker Website and the Elker Platform, and how it complies with applicable Privacy Laws.

If you have any questions or concerns about this Privacy Policy or our practices in handling Personal Information, please contact our Privacy Officer, Shirli Kirschner, at privacy@elker.com.

For our protocol on updates, see the Updates to This Privacy Policy section below.

Relevant Definitions

  • Authorised Client User: An individual authorised by a Client or Partner to use the Elker Platform to receive, manage and respond to reports, communicate with Reporters, review survey responses, review analytics, or manage the Client’s or Partner’s instance of the Elker Platform.
  • Client: An organisation that has implemented an instance of the Elker Platform and makes that instance available to Authorised Client Users and Reporters.
  • Cookies: Small text files stored on your device when you visit a website.
  • Elker Platform: Elker’s secure online reporting and case management solution.
  • Elker Website: Elker’s marketing website, located at https://elker.com.
  • GDPR: Regulation (EU) 2016/679 (General Data Protection Regulation) and the UK General Data Protection Regulation.
  • Partner: An organisation or individual approved by Elker to provide certain services to a Client using the Elker Platform. The Partner may also be approved to create instances of the Elker Platform and make those instances available to Clients, Authorised Client Users and Reporters.
  • Personal Information: Information that identifies a person or relates to a person who is reasonably identifiable.
  • Privacy Act: Privacy Act 1988 (C’th of Australia).
  • Privacy Laws: Laws and regulations governing Elker’s collection and handling of Personal Information, including the Privacy Act and any applicable Australian State, Territory, or overseas laws (such as the GDPR), to the extent that such laws and regulations apply to Elker’s collection and handling of Personal Information about a particular individual in or related to use of a Client or Partner instance of the Elker Platform, or other acts or practices of Elker.
  • Reporter: An individual who uses the Elker Platform to submit reports or respond to surveys, anonymously, or with that individual’s name.
  • Website User: An individual who visits or uses the Elker Website.

Our Privacy Commitment

Who It Covers

This commitment covers individuals using the Elker Website or the Elker Platform, regardless of where those individuals reside or where Clients or Partners are based.

Our Commitment

We are committed to protecting individuals’ privacy by:

  • ensuring that all Personal Information that we collect is collected by lawful and fair means, and
  • handling Personal Information in accordance with applicable Privacy Laws and this Privacy Policy.

How We Do It

We implement processes, technical, operational and legal (including contractual) safeguards, and assurance controls to meet the requirements of applicable Privacy Laws.

These processes, safeguards and controls address privacy by design and privacy by default, protecting information security and minimising the collection, handling, and disclosure of Personal Information of individuals. We only handle Personal Information to the extent reasonably required in the course of conduct of our business.

Using the Elker Platform

Elker provides the Elker Platform to Clients and Partners.

There are four types of platform users: Clients, Partners, Reporters and Authorised Client Users.

Elker aims to minimise the amount of Personal Information Elker receives about Reporters. Operation of the Elker Platform does not require a Reporter to provide a name, contact details, or other personal identifiers. Reporters may elect to provide such identifiers.

This Privacy Policy covers how Elker handles Personal Information of Reporters and Authorised Client Users we collect through their use of the Elker Platform, including through our interactions with Clients or Partners who authorise use of the Elker Platform. This Privacy Policy does not cover acts or practices of Clients or Partners who authorise use of the Elker Platform. For details on how each Client or Partner who authorises use of the Elker Platform handles Personal Information available to Client or Partner through use of the Elker Platform, Reporters and Authorised Client Users should refer to the relevant Client’s or Partner’s privacy policy and any related privacy collection notices.

The Elker Platform provides de-identified report data by aggregating report data so it no longer relates to any individual. Clients or Partners can access this de-identified data through analytics tools and insights dashboards.

Elker may also use de-identified data to enhance the platform’s functionality and develop its services. Elker follows guidance from the Office of the Australian Information Commissioner regarding the de-identification and handling of Personal Information.

Once we have de-identified Personal Information so it no longer relates to any individual, that information is outside the scope of this Privacy Policy, and the restrictions in this Privacy Policy do not apply to it.

What Information We Collect

Reporters Authorised Client Users Website Users

Why We Collect Personal Information

Reporters Authorised Client Users Website Users

How We Handle Personal Information

Security Measures

We protect the Personal Information of Website Users, Reporters and Authorised Client Users through end-to-end encryption, ISO 27001:2022-certified practices, access controls and authentication, regular security testing, and use of secure AWS hosting. In the case of Reporters and Authorised Client Users, we store all data in locations determined in our contractual agreements with Clients or Partners.

Retention and Disposal

Reporters Authorised Client Users Website Users

Data Quality

We maintain data quality by verifying data accuracy during collection and implementing validation and integrity controls to ensure that data meets predefined standards and rules and is protected against accidental or malicious modification.

Third-Party Disclosure

Reporters Authorised Client Users Website Users

International Data Transfers

Personal Information collected through the Elker Website may be transferred to and processed in countries outside your country of residence. These countries may have different data protection laws.

The Elker Website servers and third-party service providers (sub-processors) operate globally, including in Australia, the United States, and countries within the European Economic Area (EEA).

When we transfer Personal Information internationally, we implement appropriate safeguards to ensure it remains protected in line with this Privacy Policy and applicable data protection laws. For users in the EEA, this may include the use of Standard Contractual Clauses (SCCs), reliance on adequacy decisions by the European Commission, or other lawful transfer mechanisms.

Breach Response

Our reasonable steps to protect information security include regular testing of our systems and development of a data breach response plan. In case of a data breach, we will implement our data breach response plan. We will assess the severity and impact of that breach. Where Personal Information may have been compromised, we will implement processes for minimising damage. Where notification is required, we will notify regulators and the relevant Client or Partner that authorises a Reporter’s or an Authorised Client User’s use of the Elker Platform.

Compliance and Monitoring

We conduct regular privacy audits, security assessments, policy reviews, and staff training programs for compliance with relevant Privacy Laws.

Your Rights

Choices and Control

Reporters Authorised Client Users Website Users

Access Rights and Consent Withdrawal

Reporters Authorised Client Users Website Users

Complaints and External Review

For complaints about Elker’s handling of your Personal Information, you can contact our Privacy Officer.  We will acknowledge complaints within five business days, thoroughly investigate them, provide written responses within thirty days, and document the resolutions.

If you are unsatisfied with our response, you can contact the Office of the Australian Information Commissioner:

Cookies and Tracking Technologies

The Elker Website uses Cookies and tracking technologies (like web beacons or pixels) to collect and use Personal Information about you, including to analyse trends, administer the Elker Website, track Website User behaviour on the Elker Website, and to gather demographic information about our user base as a whole.

We use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your device for a set period or until you delete them).

You can control and manage Cookies in various ways:

  • cookie consent banner — when you first visit the Elker Website, you will be presented with a cookie banner from our cookie consent manager allowing you to provide or withdraw consent for different categories of Cookies,
  • browser settings — most web browsers allow you to control Cookies through their settings preferences. However, if you limit the ability of websites to set Cookies, you may worsen your overall user experience. It may also stop you from using some features of the Elker Website.

For more detailed information on the Cookies we use, their purpose, and how to manage them, please refer to our Cookie Policy.

We do not use Cookies or tracking technologies on the Elker Platform.

Data Sharing and Disclosure (Sub-processors)

We do not sell Personal Information of Website Users. We may share Personal Information of Website Users with third parties only in accordance with this Privacy Policy.

We engage third-party companies and individuals to perform services on our behalf (e.g., Elker Website hosting, analytics, advertising, CRM, communication tools, meeting scheduling, consent management). These third parties act as data processors and are authorised to use Personal Information of Website Users only as necessary to provide these services to us and are obligated to protect that Personal Information. We have Data Processing Agreements (DPAs) in place with these providers where required by applicable law.

Our key sub-processors for the Elker Website include the third parties listed in the table at the end of this Privacy Policy.

Links to Other Websites

The Elker Website may contain links to other websites that we do not operate. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the privacy policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

Updates to This Privacy Policy

We will review this Privacy Policy at least annually and may update it to reflect regulatory changes, improve clarity, or enhance protections as needed. The updated policy will be available on the Elker Website and, be effective upon posting.

Contact Information

  • Privacy Officer: Shirli Kirschner
  • Email: privacy@elker.com
  • Mail: Elker Pty Ltd, PO Box 15, Paddington NSW 2021, Australia

Date of This Privacy Policy

This Privacy Policy was last updated on 3 July 2025.