Privacy Policy 

Gravity IT Pty Ltd (ABN 78 143 251 834) (GRAVITY IT, us, we, our) takes your privacy seriously and is committed to responsible privacy practices. 

Please read the following privacy policy, available at https://www.gravity-it.com/privacy-policy, (Privacy Policy) to understand how we collect, use, disclose, store, handle and protect your personal information. We hope that this will help you make an informed decision about sharing personal information with us. As well as applying to our interactions with you, this Privacy Policy applies to all information collected through this website https://gravity-it.com (Website) and any other websites, platforms and/or apps and products we operate or make available to you. 

This Privacy sits alongside our Terms and Conditions https://gravity-it.com/terms-and-conditions, an any other terms and conditions that apply to the products and services we provide to you. 

1. What is personal information? 

In this Privacy Policy, 'personal information' has the meaning set out in the Privacy Act 1988 (Cth) (Privacy Act). In general terms, personal information is information (whether fact or opinion) about an individual who is identified or reasonably identifiable from that information or other information combined with that information. 

Some types of personal information are classified as 'sensitive information' and/or 'health information', which are subject to additional protection under the Privacy Act. Sensitive information may include information about your racial origin and health status, and health information may include information about a health-related service you have had or will receive, including test results and appointment details. 

2. What types of personal information do we collect? 

The types of personal information we collect about you will depend on the purpose for which the personal information is collected. This can include: 

• in the case of customers procuring our products and/or services – your name, billing or shipping address, email address, telephone number(s), payment information (including credit card information or alternative payment method account information, as this information will be processed by our payment gateway provider Suncorp Bank https://www.suncorp.com or through the SAP Store: https://www.sap.com/store.html, interaction history, business relationship ID, and your order details; 

• in the case of customers purchasing Gravity IT products through the SAP Store https://www.sap.com/store.html or from us directly, your name, billing or shipping address, email address, telephone number(s), payment information (including credit card information or alternative payment method account information), and your order details; 

• in the case of customers using the Gravity IT apps – usage data on how customers interact with the Gravity IT apps, including access dates and times, app features or pages viewed, browser type, app crashes and other system activity; 

• in the case of webinars or other virtual events, registration/participation data and video or audio recordings; 

• In the case of online and/or phone support, GRAVITY IT may record telephone calls or chat sessions to improve the quality of GRAVITY IT’s services but only after informing you accordingly during that call and, subject to applicable law; 

• if you have requested to receive news about exclusive offers, promotions, or events from, GRAVITY IT – your name, mailing or street address, email address, and telephone number(s); 

• if you have contacted us to make a complaint, provide feedback, submit an enquiry, request a call-back– your name, mailing or street address, email address, and telephone number(s); 

• in the case of our brand ambassadors, representatives or supporters – your name, mailing or street address, email address, date of birth, occupation, and social media information; 

• in the case of our sites where we have CCTV technology installed, CCTV footage and recordings; 

• in the case of prospective employees or contractors – information contained in your application or résumé, recorded during any interview, or obtained through any pre-employment checks, and government-issued identifiers such as tax file numbers; and 

• in the case of our suppliers and distributors – your name, mailing or street address, email address, and telephone number(s). 

Your personal information will be processed in accordance with, and we suggest you familiarise yourself with Suncorps' privacy policy here https://www.suncorpbank.com.au/about-us/legal/privacy.html

Generally, we will not collect sensitive information about you. 

We do not collect personal information of individuals under the age of 18 (a minor) and you should refrain from providing any such information to us. If you do provide us with personal information of a minor, we will remove this from our servers and systems. 

3. How do we collect personal information? 

We collect your personal information directly from you, including when you: 

• access or use our Website; 

• access to our products; 

• subscribe to or purchase our products or services; 

• sign up to receive news and exclusive offers, promotions, or events; 

• enter surveys, competitions, promotions or request information or material from us; 

• make inquiries about us or our products or services or otherwise communicate with us by email, by telephone, in person, via a website or otherwise; and 

• apply to work with us or are engaged by us as a contractor. 

Where it is reasonable and practicable to do so, we will only collect personal information about you from you directly and not from third parties. 

In limited circumstances, we may collect personal information about you from publicly available sources (such as the Internet) and from third parties (such as mutual contacts, or if someone makes a purchase on your behalf, or from your referees during the recruitment process if you apply for a job with us). We may also collect personal information through third parties such as our service providers or through promotional and marketing activities. 

Whilst we will always maintain robust privacy practices, we are not responsible for the privacy practices of third parties, including SAP https://www.sap.com/australia/about/legal/privacy.html so you should review their relevant privacy policy to satisfy yourself as to how they protect and handle your personal information. 

We may use the following technologies to collect technical information and general analytics: 

• cookies, which are data files that are placed on your device and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org; 

• log files, which track actions occurring on our Website; and 

• web beacons, tags, and pixels, which are electronic files used to record information about how you browse our Website. 

You may disable your web browser from accepting cookies and other tracking technologies used to collect technical information and general analytics when browsing our Website. If you do so, you can still access our Website, but it may impact your user experience. 

In addition to Gravity IT cookies, certain third parties may deliver cookies to your device for a variety of reasons. For example, we sometimes use various web analytics tools that help us to understand how visitors engage with our Website. Any third party links or advertising on our Website may also use cookies; you may receive these cookies by clicking on the link to the third party site or advertising. We do not control the collection or use of information by these third parties, and these third party cookies are not subject to this Privacy Policy. You should contact these companies directly if you have any questions about their collection and/or use of information. When linking to any other site, you should always check the relevant website's privacy policy before providing any personal information. 

You may also opt out of targeted advertising by using the links below: 

• Facebook; 

• Google; and 

• Bing. 

Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal. 

4. Can you choose not to disclose your personal information? 

You do not have to identify yourself or provide any personal information if you contact us. You can also notify us that you wish to deal with us using a pseudonym. 

However, if we cannot collect personal information about you or if you use a pseudonym, we may not be able to provide you with the information or assistance you require. For example, we will not be able to send you information you have requested if you have not provided us with a valid email address or telephone number. 

5. How do we use your personal information? 

When conducting business through its services, productions and publications, GRAVITY IT processes personal information of individuals, including those of customers, partners, suppliers, vendors, prospects, and any other people with whom we interact. 

In any of these cases, GRAVITY IT may use personal information for one or more of the following uses: 

Products and services 

GRAVITY IT builds and services proprietary applications for both on premise and cloud. Information collected may be used to satisfy contractual and pre-contractual business relationships, including delivery of services, the processing of orders and other business correspondence fulfilling the business relationships with its customers and partners. Personal information may further be used to enable the proper operation and functionality of our products and services or to improve our offerings. 

As a contact person for a customer, partner or prospect, GRAVITY IT will use your personal information for the purchase of GRAVITY IT products and/or services, more specifically managing contacts, opening accounts, managing the services of these contracts, other correspondences such as those required by law and payment notices and general support. 

Personalised content 

With your or your employers prior and current use of GRAVITY IT products or services GRAVITY IT processes information about your interactions with GRAVITY IT across its various business areas and its offerings to provide you with the requested products and services and to improve our personal interactions with you. This data may also be used to effectively operate GRAVITY IT’s business, to the extent permitted by law, GRAVITY IT may combine and use such information in an aggregated manner to help us understand your interests and business demands, develop our business insight and marketing strategies, and to create, develop, deliver, and improve our personalized communications with you. It may also be used by GRAVITY IT to display relevant content on GRAVITY IT owned Websites. Further, we may use your personal information for direct marketing purposes (see ‘Direct Marketing Communications” below). 

Compliance data 

If required by statutory law or regulation GRAVITY IT may process personal information such as date of birth, identity details, other academic credentials, legal proceedings in process, custom controls and export requirements/restrictions to comply with our legal obligations, such as notifying you of matters that we may be required by law to do so. 

Prospective job applicants 

We use your personal information to consider you for a job at Gravity IT (whether as an employee or contractor) or other relationship with us. 

Communication 

GRAVITY IT may communicate with you by email, live chat, contact forms, phone or any other medium regarding any of the above, or to resolve your, a user’s, or a customer’s question or complaint or to investigate suspicious transactions. GRAVITY IT may record telephone calls or chat sessions to improve the quality of GRAVITY IT’s services but only after informing you accordingly during that call and, subject to applicable law, receiving your prior consent before the recording begins. Further, we may verify your identity (for example, if you request access to the personal information, we hold about you). 

6. To whom do we disclose your personal information? 

We may disclose your personal information to the following categories of third parties in connection with the purpose described above (see the “How do we use your personal information?” section): 

GRAVITY IT and GRAVITY IT City (GRAVITY IT Group) 

GRAVITY IT CITY PTY LTD (ABN 15 639 579 570) may also receive or gain access to personal information either when rendering group internal services centrally and on behalf of GRAVITY IT or when personal information is transferred to them on a respective legal basis. In these cases, these entities may process the personal information for the same purposes and under the same conditions as outlined in this Privacy Policy. 

Professional advisors 

GRAVITY IT may engage professional advisors (such as lawyers, accountants or auditors) and insurers. 

Parties involved in the provision of the products or services 

We may share personal information with your employees, contractors or third party services providers who assist us in performing our functions and activities e.g. the provision of the Website, payment systems operators and financial institutions, cloud services providers, data storage providers, shipping companies, telecommunication providers, IT support service providers, and organisations authorised by us to conduct promotional, research or marketing activities. 

Potential third party acquirer of our business or assets 

In the event that GRAVITY IT’s business or any of our business assets are acquired by a third party, GRAVITY IT may share your personal information with that party, and any advisors to that third party. 

Further, GRAVITY IT may share your personal information with any other person as required or permitted by law. If we disclose your personal information to third parties we will use reasonable commercial efforts to ensure that such third parties only use your personal information as reasonably required for the purpose of disclosure and in a manner consistent with applicable laws, for example (where commercially practical) by including suitable privacy and confidentiality clauses in our agreement with a third party service provider to which we disclose your personal information. 

7. Does personal information leave Australia? 

Your personal information may be stored through third party service providers located in New Zealand, the European Union, the UK and North America (including the United States of America). We may disclose your personal information to overseas recipients, such as to our subsidiaries, subscribers, resellers and service providers located overseas, in order to provide their products and services and to obtain services connected with our business. 

New Zealand, the European Union, the United Kingdom and North America (including the United States of America) have data protection laws which protect personal information in a way which is at least substantially similar to the Privacy Act and the Australian Privacy Principles, and there will be mechanisms available to you to enforce protection of your personal information under those data protection laws. In these circumstances, we do not require the overseas recipients to comply with the Privacy Act and the Australian Privacy Principles and we will not be liable for a breach of the Privacy Act or the Australian Privacy Principles if your personal information is mishandled by overseas recipients. 

8. How do we store personal information? 

We store your personal information using electronic record keeping methods in secure databases. We do not combine or link personal information we hold about you with other personal information about you from third party sources.

9. How do we protect your personal information? 

We implement reasonable technical and organisational measures to protect and safeguard your personal information from misuse, loss, theft and unauthorised access, modification or disclosure. 

Technical measures - We maintain physical security over electronic data stores, such as through locks and security systems at our premises. We also maintain computer and network security, for example, we use firewalls (security measures for the internet) and other security systems such as user identifiers and passwords to control access to our computer systems. Depending on the criticality of data, we may employ data encryption techniques to safeguard information. 

Organisational measures – We take organisational steps, processes and action on privacy, including staff privacy and compliance training for securing personal information. 

However, particularly for electronic data stores and due to the fact that the Internet is inherently insecure, we cannot guarantee the security of transmission of personal information disclosed to us online. Accordingly, you transmit your personal information to us online at your own risk and are encouraged to exercise care in sending personal information via the internet. Please notify us immediately if you know or reasonably suspect that your personal information has been subject to any data breach, breach of security or other unauthorised activity. 

10. How long does GRAVITY IT hold your personal information? 

Generally, we will retain your personal information for the period necessary for the purposes for which your personal information was collected (as outlined in this Privacy Policy) unless a longer retention period is required by law or if it is reasonably necessary for us to comply with our legal obligations, resolve a dispute or maintain security. 

If we process your personal information for direct marketing purposes or process your personal information based on your consent, we may retain the information until you ask us to stop and for a short period after that (to allow us to implement your request). We will indefinitely keep a record of the fact that you have asked us not to send you direct marketing or to process your information so that we can respect your request in future. 

When personal information is no longer required, we will take reasonable steps, including the technical and organisational measures set out above (‘How do we protect your information?’) to delete the personal information from our systems or de-identify the personal information. 

11. Automated decision making 

Under the Privacy Act, automated decision making means the use of a computer program to make or directly support the making of a decision, using personal information, which may adversely or beneficially affect an individual’s rights or interests. 

Gravity IT does not rely on automated decision making in the provision of its products and services. 

12. Direct marketing communications 

We will only send you direct marketing communications (either through mail, SMS or email), including any news and exclusive offers, promotions, or events, where you have consented for us to do so. 

You may opt-out of receiving direct marketing communications at any time by contacting us or by using opt-out facilities provided in the direct marketing communications. 

13. Can I use GRAVITY IT’s products and services if I am a minor or child? 

In general, GRAVITY IT’s Website and online services are not directed to users below the age of 18 years, or equivalent minimum age in the relevant jurisdiction. If you are younger than 18, you cannot register with and use these Websites or online services. 

14. How can you access and correct your personal information? 

You may request access to any personal information we hold about you at any time by contacting us at privacy@gravity-it.com. We will provide access to that information in accordance with the Privacy Act, subject to any exemptions that may apply. We may charge an administration fee in limited circumstances, but we will let you know in advance if that is the case. 

If you believe that personal information we hold about you is incorrect, incomplete or inaccurate, then you may request us to amend it by contacting us at privacy@gravity-it.com. Where we agree that the information needs to be corrected, we will update it. If we do not agree, you can request that we make a record of your correction request with the relevant information. 

You can also ask us to notify any third parties that we provided incorrect information to about the correction. We’ll try and help where we can - if we can’t, then we’ll let you know. 

15. Questions or complaints? 

If you have any questions, concerns or complaints about our collection, use, disclosure or management of your personal information, please contact us at privacy@gravity-it.com. 

We are committed to resolving any complaints reasonably and to ensuring that we are doing the right thing by our customers. We will make all reasonable inquiries, and your complaint will be assessed with the aim of resolving any issue in a timely and efficient manner. 

If you have raised a complaint with us and you are unsatisfied with the outcome or have further concerns about the way we handle your personal information, under the Privacy Act, you may complain to the Information Commissioner at the Office of the Australian Information Commissioner, whose contact details are set out below: 

Office of the Australian Information Commissioner
GPO Box 5218 Sydney NSW 2001
Phone: 1300 363 992
Online: www.oaic.gov.au
Email: enquiries@oaic.gov.au 

16. How to contact us 

If you have a query, concern or complaint about the manner in which your personal information has been collected or handled by us or would like to request access to or correction of the personal information we hold about you, please contact us at privacy@gravity-it.com. 

GRAVITY IT will take steps to ensure it verifies your identity to a reasonable degree of certainty before it will process the data protection right you want to exercise. When feasible, GRAVITY IT will match personal information provided by you in submitting a request to exercise your rights with information already maintained by GRAVITY IT. This could include matching two or more data points you provide when you submit a request with two or more data points that are already maintained by GRAVITY IT. 

GRAVITY IT will decline to process requests that are manifestly unfounded, excessive, fraudulent, represented by third parties without duly representing respective authority or are otherwise not required by local law.

17. Individuals located in the European Union or the United Kingdom ONLY 

If you are located in the European Union or the United Kingdom, this clause applies to you in relation to additional rights and information related to compliance with the European Union General Data Protection Regulation (EU) 2016/679 (GDPR) and equivalent UK legislation (UK GDPR). 

Gravity IT may transfer your personal data to countries outside of the EEA or the UK including to such countries in which a statutory level of data protection applies that is not comparable to the level of data protection within the EEA or UK. Whenever such transfer occurs, we will base the transfer on the European Commission Implementing Decision (EU) 2021/914 of June 4, 2021 on standard contractual clauses (EU Standard Contractual Clauses) and, as applicable, the UK International Data Transfer Addendum to the EU Standard Contractual Clauses (UK Addendum) in order to contractually provide that your personal data is subject to a level of data protection that applies within the EEA and UK. You may obtain a redacted copy (from which commercial information and information that is not relevant has been removed) of such Standard Contractual Clauses by sending a request to privacy@gravity-it.com 

You have to the following rights under the GDPR or UK GDPR: 

• the right to access – you can request copies of your personal data from Gravity IT. We may charge you a small fee for this service; 

• the right to rectification – you can request that Gravity IT correct any information you believe is inaccurate. You also have the right to request Gravity IT to complete the information you believe is incomplete; 

• the right to erasure – you can request that Gravity IT erase your personal data, under certain conditions; 

• the right to restrict processing – you can request that Gravity IT restrict the processing of your personal data, under certain conditions; 

• the right to object to processing – you can object to Gravity IT’s processing of your personal data, under certain conditions; and 

• the right to data portability – you can request that Gravity IT transfer the data that we have collected to another organisation, or directly to you, under certain conditions. 

If you make a request or have any queries about this Privacy Policy or our management of your personal data, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at privacy@gravity-it.com 

If you consider your concerns have not been resolved satisfactorily by us, or you have concerns regarding the way we handle your personal information, you can contact: 

• if you are located in the European Union, your local data protection authority: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en#member-de; or 

• If you are located in the United Kingdom, the Information Commissioner’s Office: https://www.ico.org.uk/. 

18. Individuals located in California ONLY 

If you are a resident of the state of California, the California Consumer Privacy Act (CCPA) provides you with additional rights as set forth below: 

• the right to know what personal information we have collected about you, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of personal information we have collected; 

• the right to delete personal information that we have collected about you, subject to certain exceptions; 

• the right to correct inaccurate personal information that we maintain about you; 

• the right to opt-out of the sale or sharing of your personal information; 

• the right to limit the use or disclosure of your sensitive personal information; and 

• the right not to receive discriminatory treatment for the exercise of privacy rights conferred by the CCPA. 

You may exercise these rights by emailing us at privacy@gravity-it.com. We may request certain information from you to verify your identity; the amount and type of information we request will depend on the nature of your request. You can also make a request through an authorised agent. We may require proof that you have designated the authorised agent to act on your behalf and to verify your identity directly with us. Please contact us at privacy@gravity-it.com for more information if you wish to submit a request through an authorised agent. 

We do not have actual knowledge that we sell or share personal information of a person under 16 years of age. We do not sell your personal information or share personal information with third parties for cross-context behavioural advertising and do not offer that opt-out. We do not infer characteristics based on sensitive personal information and therefore do not offer the right to limit the use or disclosures of sensitive personal information. 

Please refer to clause 2 (‘What types of personal information do we collect), clause 3 (‘How do we collect personal information’) and clause 5 (‘How do we use your personal information’) for further information on the types of personal information we collect and will likely have collected during the past 12 months. 

19. Changes to this Privacy Policy 

We may change or update this Privacy Policy from time to time to keep up-to-date with legal requirements and the way we operate our business. An up-to-date version of this Privacy Policy is available at any time on this page. You are responsible for reviewing this Privacy Policy periodically and informing yourself of any changes. We suggest that you check back regularly. If we make significant changes to our Privacy Policy, we will seek to inform you by notice on our Website or by email. 

Last updated: March 2025