Privacy Policy

Privacy Policy

Privacy Policy

Introduction

Please read the following Privacy Policy (the “Privacy Policy”) carefully to understand how and why our web servers use your personal data in order for you to access and browse our website, www.australia-global-talent.com, (the “Website”).

Henley & Partners

The Henley & Partners Group is an international group of companies that provides residence and citizenship planning services to clients and advisory services to governments all over the world.

The Henley & Partners Group is made up of different legal entities, the details of which can be found here. This Privacy Policy is issued on behalf of Henley & Partners Group, so when it mentions “Henley & Partners”, “We”, “Us”, or “Our” in this Privacy Policy, we are referring to the relevant entity in the Henley & Partners Group responsible for processing your data. We will let you know which entity will be the data controller for your data when you obtain any of our services. There will be instances where your personal data would be collected, held, and processed by us in countries where local data protection laws will additionally apply. You may refer to the relevant jurisdiction below for more information on the respective local data protection laws insofar as privacy policy notification is concerned.

Henley & Partners Group Holdings Ltd (company registration number C 58006), of Malta, is the data controller and is responsible for this Website. Our full details are available below (see section P., ‘How to contact us’).

General information

We have structured our Website so that you can visit us on the internet without identifying yourself or revealing any personal information.

Once you choose to provide us with personal information, we will protect such information and use it only in the ways described below.

Purpose of this Privacy Policy

We are committed to respecting and protecting your privacy at all times. Henley & Partners will not sell, rent, transfer, or otherwise make available to others any information about any person visiting our Website except as expressly provided for in this Privacy Policy.

The purpose of this Privacy Policy is to:

  • Set out the type of personal data Henley & Partners will collect from you and how we will use your personal information (see section A., ‘The personal data we collect from you’ below)
  • Set out the basis on which any personal data is processed by Henley & Partners (see sections B., ‘How we use your information’ and C., ‘Legal basis for processing’ below)
  • Make you aware of how Henley & Partners will handle your personal data
  • Clarify Henley & Partners’ obligations under the data protection regulations with regard to processing your personal data lawfully and responsibly
  • Inform you of your data protection rights (see section K., ‘Your rights as a data subject’ below)

We process your personal data appropriately and lawfully, following applicable data protection regulations and the General Data Protection Regulation EU 2016/679 (the “GDPR”), which has been in force since 25 May 2018.

We will comply with local data protection laws in the jurisdictions we operate in and to do so, the personal information we hold about you must be:

  • Used by us lawfully, fairly, and in a transparent way
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
  • Relevant to the purposes we have told you about and limited only to those purposes
  • Accurate and kept up to date
  • Kept only as long as necessary for the purposes we have told you about
  • Kept securely

This Privacy Policy should be read in conjunction with our Cookie Policy and any other Privacy Notices we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Policy was last updated in June 2024.

A. The personal data we collect from you

While using this Website, you may contact our representatives and obtain information relating to the residence and/or citizenship programs or the services offered by Henley & Partners Group and start the process of obtaining any of the services in which you may be interested. You may also contact us if you are looking for a career opportunity or wish for us to provide you with further information to support your press or media work. You may also contact us for general enquiries or if you are planning to be our suppliers.

We will collect and process the following personal data about you:

These are personal details and include your first name, last name, nationality, country of residence, e-mail address, and phone number. These details also include information on which services you are interested in or details about your enquiry. The information you give us may also include data about any marketing preference.

Such information may be provided by you in the following circumstances:

  • Filling in an enquiry form on the Website
  • Corresponding with us by post, phone, e-mail, or otherwise when you apply for our services
  • Corresponding with us by post, phone, e-mail, or otherwise when you apply for our services
  • Subscribing to our services or publications
  • Requesting marketing to be sent to you
  • Giving us some feedback
  • Starting negotiations for or entering into a contract to supply goods and/or services to us

To the extent you engage our services or where you might apply for a job opportunity, you may be required to provide further information. Where you are a business user, we may also require further information before we enter into a commercial relationship with you.

Such additional information may include payment details such as banking information, VAT numbers, and/or tax IDs in order for us to process payments in relation to our services. We may also require you to provide us with information that might be needed to establish and serve as proof of your identification, such as copies of your passport or national ID card. Where you are a job applicant, you will be required to provide a copy of your up-to-date CV.

Where we are collecting or processing further information, we will provide you with separate privacy notices that further describe how and why we are using your personal data.

Where we are required to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the services as agreed or we may not be able to enter into a contract with you, but we will notify you if this is the case at the time. We may have to terminate that contract with you as a result.

2. The information we collect about you from our Website

Whenever you visit our Website, we will automatically collect the following:

  • Technical information: including the IP address used to connect your computer to the internet, your log-in information, the browser type and version, the full uniform resource locators (URL), and the clickstream to, through, and from our Website (including date and time), as well as other information regarding your experience on our Website such as page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
  • Location information: We may receive information about your location and may determine your location through your IP address and, when accessing the Website through a mobile device, by using the data that we collect from that device. This includes information about the wireless networks or cell towers near your mobile device at the time of access.

Our Website uses cookies to distinguish you from other users of our Website. This helps ensure that we provide you with a good experience when you browse our Website and allows us to improve it. For detailed information on the cookies we use, and the purposes for which we use them, see our Cookie Policy.

3. Information we receive from other sources

We may receive personal data about you from various third parties and publicly available sources as set out below:

  • Technical data from Google Analytics advertising features, including Google AdWords, Facebook Pixel’s, Google Tag Manager, Amiando, Microsoft Dynamics, LinkedIn, Gmail, and other ad hoc paid media partnerships.
  • Identity, contact, and background data from publicly available sources, compliance databases, and/or compliance and due diligence service providers within and outside the EU so we can confirm that you are a suitable client of or supplier to us.

B. How we use your information

1. The information you give us

We shall use this information:

  • To facilitate the provision of the services that you request and where we need to perform the contract we are about to enter into or have entered into with you
  • Where it is necessary for our legitimate interests (or those of a third party), and where your interests and fundamental rights do not override those interests
  • To resolve any issues that you have reported and to provide support-related services
  • To manage the supplier relationship you have with us

2. The information we collect about you from our Website

We shall use this information:

  • To administer our Website and for internal operations, including troubleshooting, and in order to keep our Website safe and secure
  • To improve our Website to ensure that content is presented most effectively for you
  • To ensure that content displayed on the Website is presented in a user-friendly manner

3. Information we receive from other sources

We will combine information we receive from other sources with information you provide to us and information that we collect from you. We will use your information only for purposes as described in the paragraphs above.

C. Legal Basis for processing

We shall only process your personal data insofar as this is necessary for us to be able to provide the services we offer and/or for the purposes indicated in this Privacy Policy (see section B., ‘How we use your information’).

We may also process your personal data based on any legitimate interest or in order to comply with any legal obligations. These interests and obligations may include the exercise or defense of legal claims or in order to comply with an order of any court, tribunal, or authority, or disclosure to a government or regulatory entity.

Generally, we do not rely on consent as a legal basis for processing your personal data. However, where your consent is required, we will provide you with a form requesting explicit consent to do so.

D. Marketing

You will receive marketing communication if you have requested such information from us by providing us with your details through this Website and have consented and opted-in to receiving such information. Where we have entered a business relationship (namely a contract) with you, we may inform you about our activities, offers, or other information that we believe would be useful to you in accordance with our legitimate interest.

We will centralize the provision of marketing communications through Henley & Partners South Africa (Pty) Ltd, a Henley & Partners entity based in South Africa. The purpose of doing so is to ensure that you receive the marketing communications you have consented to and that no further marketing information is sent to you. Since, in certain circumstances, this will constitute a transfer of personal data outside the European Economic Area (the “EEA”), please refer to Section F. of this policy below, ‘Transfers of data to third countries’, which further outlines the manner in which we transfer personal data outside the EEA and the appropriate safeguards we adopt. Additionally, the Protection of Personal Information Act of South Africa also applies to the processing of personal data for marketing purposes due to the location of our marketing team in South Africa.

We share your personal data with third party for marketing purposes only with your explicit consent. Prior to utilizing analytics for marketing campaigns, we require your consent for marketing cookies. We transfer your data in a hashed form, using the SHA256 algorithm, to the marketing service provider. Third parties may collect data on our website for purposes such as (i) storing and accessing tracking technologies, (ii) conversion tracking, (iii) delivering targeted ads, and (iv) improving third-party products to optimize our marketing campaigns. The collected information may include details such as the URL address, types of device, browser, operating system information, and your IP address. For more information on the specific service providers and their privacy policies, please refer to the Cookie Policy table that lists the cookies and links to their respective privacy policies.

Please note that you have the right to access, correct, erase, or transfer your personal data held by any third-party service providers. You may also have the right to object to, or request the restriction of, certain processing activities. To exercise these rights, please contact the respective service provider directly. Visit our Cookie Policy for further information related to marketing and third-party cookies used on our website. You have the right to withdraw consent or to object to receiving marketing information at any time by contacting DPO@henleyglobal.com or clicking the unsubscribe button. Once you have withdrawn your consent or object to any one of the purposes listed herein, we will stop sending you any marketing communications. If you choose not to consent or to object to any one of the purposes listed herein or withdraw your consent at any time, we will still be able to provide our services; however, we would not be able to provide you with the full range of services that we offer, and it may affect the efficiency with which we provide the services you request.

E. Disclosure of your information

We may disclose your personal data to any of our international offices or the companies that form part of Henley & Partners Group that may act as joint data controllers or data processors to the company. These offices or companies will be the data controller for your data when you obtain our services and/or they may provide administration, controls, and reporting services. For a full list of the Henley & Partners Group companies who may receive this information, please click here. All Henley & Partners Group companies respect and protect the security of your personal data in accordance with the applicable law (including the GDPR) and apply the security measures and safeguards as described below (see section H., ‘Data security’ below).

We may need to share personal data with government agencies and authorities in the country where you seek to obtain residence or citizenship. We shall only provide the necessary information in order to perform services under our contract with you.

We may be required to share your data with local agents or other service suppliers (in their capacity as data processors), which is necessary for us to provide the services you request. These local agents and suppliers store and process your data based on strict confidentiality and subject to the appropriate security measures and safeguards in place as described in section H. below.

We may also share your data with other third parties in their capacity as data controllers such as legal, tax, real estate, immigration or other advisors and consultants, (international) banks for payment details, or third parties providing other or additional services or goods to you such as real estate agencies, owners, or developers who you might wish to engage with under separate terms and conditions between you and such third parties. These third parties will process your data in their own right as data controllers and their data protection policies and processes shall become applicable.

We may also disclose or share your data if we are under a duty to do so in order to comply with any legal obligation, judgment, or under an order from a court, tribunal, or authority. We may also disclose your data to enforce our terms of use, or to protect our rights, property, or safety, that of our partners or other users of our Website. This includes exchanging information with other companies and organizations for the purposes of anti-money laundering or KYC checks, compliance with anti-bribery or corruption laws, and/or fraud protection.

F. Transfers of data to third countries

Where we share your personal data with internal or external third parties, this may involve transferring your data outside the EEA. We will transfer your personal data in accordance with standard contractual clauses (namely, the European Commission: Model contracts for the transfer of personal data to third countries, also known as ‘SCC’) to ensure that your personal data is protected and transferred securely in compliance with applicable law, including the GDPR.

Henley & Partners Group Holdings Ltd acts as the EU data representative of all our offices located outside the EEA. You may address any issues, queries, or concerns that you may have to Henley & Partners Group Holdings Ltd by sending an e-mail with ‘Data protection’ in the subject line to the following address: EUrepresentative@henleyglobal.com.

G. Third party access to your personal data

We work closely with third parties to provide you with the services you request on our Website. These third parties include cloud storage providers, analytics providers, and search engine information providers. We will only work with third-party providers that comply with applicable laws in the jurisdictions in which we operate and that abide by the GDPR and, if applicable, agree to be bound by the SCC (as defined in section F., ‘Transfers of data to third countries’) to adequately protect and safeguard your personal data.

H. Data security

We will ensure that appropriate security measures are taken against unlawful or unauthorized processing of personal data, and against the accidental loss of or damage to personal data.

The transfer of information between our Website and your device is protected with transport layer security (TLS) certificates. When the Website is accessed using compatible browsers, that technology protects personal information using both server authentication and data encryption to ensure that personal information is safe and secure while in transit. The mainstream browser versions compatible with this technology are Internet Explorer (from version 11), the Mozilla Firefox (from version 27), Google Chrome (from version 32), and Apple Safari (from version 7).

All personal data is stored in a secure server environment that uses a firewall and other advanced technology to protect against interference or unauthorized access. The servers are located in Malta and in Switzerland. Usernames and passwords are issued to persons authorized to access the personal data, such as our employees, who are bound by confidentiality not to disclose any personal data.

No method of transmission of data is 100% secure, and absolute security cannot be guaranteed.

I. Data storage

We shall only store your data as long as is strictly necessary for the purposes for which it was collected (that is, to provide you with our services or to satisfy any legal, accounting, or reporting requirements). In any case, retention of data shall not exceed 10 years from the date of termination or completion of the services. This period of retention enables us to use the data for defending potential legal claims, taking into account the applicable limitation periods under relevant laws, as well as, if applicable, to comply with anti-money laundering or KYC laws and regulations, anti-bribery or corruption laws and regulations, and accounting and tax laws applicable to certain jurisdictions in which we operate.

J. Data minimization

Whenever and to the extent possible, we anonymize the data that we hold about you when it is no longer necessary to identify you from that data.

K. Your rights as a data subject

You are entitled to exercise the following rights under the GDPR:

1. The right to access information

You have the right to request information as to whether or not your personal data is being processed by Henley & Partners as well as information as to how and why it is processed by sending an e-mail to DPO@henleyglobal.com. You shall receive one electronic copy of the information free of charge via e-mail. We may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive, in which case we may also refuse to comply with your request in these circumstances.

2. The right to object

You may contact us at any time by e-mailing DPO@henleyglobal.com to ask us not to process your personal data, if our legal grounds for processing is that it is necessary for a legitimate interest pursued by us or a third party or for marketing purposes (for example, receiving information from us about upcoming events, newsletters, and publications). In the case of your written objection, your data will no longer be processed for such purposes.

3. The right to correction

You have the right to obtain correction of any inaccurate personal data about you that we have processed, update any data that is out-of-date, and complete any incomplete personal data including by means of a supplementary statement.

4. The right to erasure

You have the right to obtain the erasure of personal data we have concerning you when it is no longer required, for cases where:

  • You withdraw your consent to us processing your personal data on which the processing is originally based or where no other legal grounds for processing exists
  • Your personal data is no longer necessary in relation to the purpose for which it was originally collected
  • You object to the processing and there are no overriding legitimate grounds for the processing for marketing communication
  • Your personal data has been unlawfully processed
  • Your personal data must be erased to comply with a legal obligation to which we are subject

5. The right to restriction of processing

You have the right to restrict our processing activities where:

  • You contest the accuracy of this personal data, for a period enabling Henley & Partners to verify the accuracy of the same personal data
  • Our processing is deemed unlawful, and you oppose the erasure of your personal data and request restriction of its use instead
  • We no longer need your personal data for the purposes stated in this Privacy Policy, but you require it for the establishment, exercising, or defending of legal claims
  • You have objected to our processing pending the verification of whether the legitimate grounds of our processing activities overrode those pertaining to you

6. The right to data portability

As from 25 May 2018, you shall have the right to receive your personal data in a structured and machine-readable format and transmit this data to another data controller (as defined in the GDPR).

L. Right to withdraw consent

Where you may have provided your consent to the collection, processing, and transfer of your personal information for a specific purpose (for example, for marketing), you have the right to withdraw your consent for that specific processing at any time, or you may withdraw your consent to this Privacy Policy. To withdraw your consent, please contact DPO@henleyglobal.com. This will not affect the lawfulness of the processing we carried out on the basis of such consent before its withdrawal. Once we have received notification that you have withdrawn your consent, we will no longer process your information for that purpose unless we have another legitimate basis for doing so in law. Withdrawal of consent to this Privacy Policy will result in us having to terminate our services with you immediately.

M. Quality of website and overall experience

To improve the quality and overall user experience of the Website as well as facilitate event bookings and client event registrations, we use Google Analytics advertising features, as well as Xing Events, a subsidiary brand of New Work SE, and Microsoft Dynamics CRM.

If you would like to opt out of Google Analytics for display advertising, you may do so by using the ads preference manager.

In addition, there is a Google Analytics ‘opt-out browser’ add-on that you can download at https://tools.google.com/dlpage/gaoptout.

You may withdraw your consent given for any of the purposes listed above at any time. This does not affect the lawfulness of your personal data for these purposes prior to your withdrawal. You may send us an e-mail at DPO@henleyglobal.com indicating your withdrawal of consent and specifying which processing activities such withdrawal relates to.

N. Complaints

We welcome any comments, complaints, and queries in relation to data protection. As indicated above, you may contact our data protection officer at DPO@henleyglobal.com or use the contact details at section P. ‘How to contact us’ below, and we shall try our best to deal with any issue or concern you may have.

If we fail to address the concerns, you have the right to lodge a complaint with the Information and Data Protection Commissioner at idpc.org.mt as the relevant national supervisory authority on all data protection matters.

O. Changes to this Privacy Policy

Any changes we make to this Privacy Policy in the future will be posted on this page, and where appropriate, notified to you via e-mail.

P. How to contact us

If you have any questions regarding this Privacy Policy, or if you would like to send us your comments, please contact us today. Alternatively, write to us using the details below:

Henley & Partners Group Holdings Ltd
Pendergardens Business Tower, Level 2
Saint Andrews Road, Paceville
St. Julian‘s, STJ 9023
Malta

Phone: + 356 2138 7400

Please check back frequently to see any updates or changes to this Privacy Policy.

We use cookies to give you the best possible experience. Click Accept all to proceed as specified, or click Allow selection to choose the types of cookies you will accept. For more information please visit our Cookies Policy.