CIRCLE LEADERSHIP GLOBAL
Privacy Policy

 

This Privacy Policy explains how Ninety Million Pty Ltd trading as Circle Leadership (“Circle Leadership”, “we”, “us”, “our”) collects, uses, discloses and protects your personal information. We are committed to protecting your privacy and handling your information responsibly.

Circle Leadership is a leadership and organisational development consultancy operating across Australia, New Zealand, Canada, the United Kingdom and the United States. We comply with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and, where they apply, the UK and EU General Data Protection Regulation (GDPR) and other privacy laws of the countries in which we operate.

This policy applies to personal information collected through our websites (including circleleadership.global, circleleadershipglobal.com and circleleadershipglobal.ai), our platforms (including Kajabi, Microsoft 365 and Circle.so), our events and programs, and our offline interactions and client program delivery.

1. Definitions

  • Account Holder means the primary account holder who has entered into our services agreement with us.
  • Users means all registered users of our services, including client employees and administrators.
  • Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable. In the UK and EU this is referred to as “personal data”.
  • Data Protection Laws means applicable privacy legislation, including the Privacy Act 1988 (Cth), the UK GDPR and EU GDPR, and other applicable privacy laws.
  • Security Incident means any unauthorised access, disclosure, loss or breach of security affecting personal information.

2. Our role: controller and processor

We handle personal information in two distinct capacities, and your rights and our obligations differ accordingly.

Individual clients and website users

When you deal with us directly — for example as an individual client, program participant, subscriber or website visitor — we act as the controller of your personal information and are responsible for how it is handled under this policy.

Corporate-client employees

When we deliver programs to a corporate client, we process the personal information of that client’s employees and participants on the client’s behalf, under a data processing agreement. In these cases the client is the controller and we act as a processor (or, in some cases, a joint controller). We process this information:

  • Only for the purposes of delivering the program and as instructed by the client.
  • Only for the duration of the program plus any agreed retention period.
  • In accordance with the client’s data handling requirements and applicable Data Protection Laws.
  • With strict access controls and security measures.
  • Never for direct marketing without the explicit permission of both the client organisation and the individual.

3. The personal information we collect

The personal information we collect depends on how you interact with us. It may include:

  • Identity and contact details: name, postal address, email address and telephone number.
  • Professional information: job title, employer, company information, professional history and qualifications.
  • Account information: login credentials and profile details for any account you create on our platforms.
  • Transaction and payment information: details of programs, events and services you purchase. Card payments are processed by our payment providers (Kajabi and Stripe); we do not store your full card details.
  • Program and participation data: learning progress, completion and engagement records, and responses to surveys, diagnostics and assessments.
  • Community activity: posts, comments and interactions within our Circle.so community.
  • Communications: records of your correspondence with us.
  • Technical and usage information: IP address, device and browser type, operating system, and how you use our websites and platforms, collected automatically (see Section 8).

We generally do not collect sensitive information. If we ever need to, we will only do so with your consent or where we are otherwise permitted by law.

4. How we collect your personal information

We collect personal information:

  • Directly from you, when you register for a program or event, create an account, make a purchase, subscribe to our communications, participate in our community, complete an assessment, or contact us.
  • From our corporate clients, where they provide employee details so we can deliver a program.
  • Automatically, as you use our websites and platforms, through cookies and similar technologies (see Section 8).
  • From third parties, such as our platform and payment providers, and publicly available professional sources such as LinkedIn.

Where it is reasonable and practicable, we collect personal information directly from the individual concerned. If you provide us with personal information about another person, you must ensure you are authorised to do so (see Section 11).

5. How we use your personal information

We use personal information for the purposes for which it was collected and for related purposes you would reasonably expect, including to:

  • Deliver our leadership programs, events and services, and manage participation, progress and completion.
  • Create and administer accounts and provide platform access and support.
  • Process payments and manage our billing and contractual arrangements.
  • Communicate with you, including program-related and service communications.
  • Screen for potential risk or fraud and maintain the security of our systems.
  • Send marketing communications where permitted (see Section 7).
  • Generate analytics and anonymised aggregate reports to improve our services.
  • Comply with our legal obligations and enforce our rights.

For our UK and EU clients and users, we rely on one or more lawful bases under the GDPR to process personal data, including: performance of a contract; your consent; compliance with a legal obligation; and our legitimate interests in operating and promoting our business in a way that does not override your rights and freedoms.

6. How we disclose your personal information

We do not sell your personal information. We may disclose it to:

  • Our team and Circle Leaders, to deliver our programs and services.
  • Service providers, who support our business, including Kajabi (learning platform and payments), Stripe (payment processing), Microsoft 365 (communications and document storage), and Circle.so (community platform), as well as email, marketing and analytics providers. These providers may only use your information to perform services for us.
  • Our corporate clients, in relation to their own employees’ program participation, as set out in Section 2.
  • Professional advisers and authorities, where required or authorised by law, or to protect our rights, safety or property.
  • A purchaser, in connection with a sale, merger or restructure of our business.

Overseas disclosure

Because we operate internationally and use cloud-based providers, your personal information may be stored or processed outside the country in which you are located. This includes the United States (where providers such as Kajabi, Stripe, Microsoft and Circle.so host data), as well as Australia, New Zealand, Canada and the United Kingdom.

Where we disclose personal information overseas, we take reasonable steps to ensure it is handled consistently with this policy and applicable Data Protection Laws. For personal data transferred from the UK or EU, we put in place appropriate safeguards, such as standard contractual clauses, where required.

7. Direct marketing

We may send you marketing communications about our programs, events and services where you have requested them, where you are an existing client, or where we are otherwise permitted to do so. Every marketing email includes an unsubscribe link.

You can opt out at any time using the unsubscribe link or by contacting us (see Section 13). We will continue to send communications necessary for your account, purchases or program participation. We never use corporate-client employee data for direct marketing without the explicit permission of both the client and the individual.

8. Cookies and analytics

Our websites and platforms use cookies and similar technologies to make them work, remember your preferences, and understand how they are used. Some cookies are essential for platform functionality; others help us analyse usage and performance.

We may use analytics tools, such as Google Analytics, to understand how our websites are used so we can improve them. Marketing-related cookies are only used with your consent. You can manage or disable cookies through your browser settings, though some features may not work if you do.

[Note for Circle Leadership: confirm which analytics and marketing tools are actually in use, and trim this section to match before publishing.]

9. How we protect your information

We take reasonable steps to protect your personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. Our measures include access controls, encryption in transit, secure authentication, regular backups, and engaging reputable providers who maintain industry-standard security across our core platforms (Microsoft 365, Kajabi and Circle.so).

No method of transmission or storage is completely secure. While we strive to protect your information, we cannot guarantee its absolute security, and any transmission is at your own risk.

Security incidents and data breaches

We maintain procedures for handling security incidents. If a Security Incident occurs that affects your personal information, we will:

  • Promptly assess and contain the incident.
  • Notify affected individuals and relevant authorities where required by law, including under the Notifiable Data Breaches scheme in Australia and equivalent obligations in other jurisdictions.
  • Investigate and implement measures to prevent recurrence.
  • Document the incident and our response.

10. How long we keep your information

We keep personal information only for as long as we need it for the purposes for which it was collected, including to provide our services, to meet our legal, accounting and reporting obligations, and to resolve disputes or enforce our agreements. For corporate-client programs, we retain employee data for the duration of the program plus any retention period agreed with the client.

When we no longer need your personal information, we take reasonable steps to securely destroy or de-identify it.

11. Account Holder responsibilities

If you are an Account Holder and provide us with personal information about other people (such as your employees or program participants), you are responsible for ensuring that:

  • You have the appropriate authority or consent to share that information with us.
  • You inform us promptly if any such consent is withdrawn.
  • The information you provide is accurate and kept up to date.
  • You notify us immediately of any Security Incident you become aware of.
  • You and your Users access and use our platforms securely and in compliance with our policies.

12. Your rights and choices

You have rights in relation to the personal information we hold about you. Depending on where you are located, these may include the right to:

  • Access the personal information we hold about you.
  • Correct information that is inaccurate, out of date or incomplete.
  • Request deletion of your information.
  • Opt out of marketing communications.
  • Request data portability.
  • Restrict or object to certain processing (for UK and EU individuals under the GDPR).

To exercise any of these rights, please contact us (see Section 13). We may need to verify your identity first, and we will respond within the timeframes required by law. There is generally no charge to access your information, though we may charge a reasonable fee in some circumstances. Where you are a corporate-client employee, some requests may need to be directed to your employer as the controller of that data.

13. Complaints and how to contact us

If you have a question, concern or complaint about how we have handled your personal information, please contact us first. We will acknowledge your complaint and aim to resolve it promptly.

Privacy Officer

Ninety Million Pty Ltd trading as Circle Leadership

22 Corella Street, Forest Glen QLD 4556, Australia

Email: [email protected]

If you are not satisfied with our response, you may lodge a complaint with the relevant privacy regulator. In Australia, this is the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au. In the United Kingdom, this is the Information Commissioner’s Office (ICO) at www.ico.org.uk.

14. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we do, we will post the updated version on our website and change the version number and “Last updated” date above. Where changes are significant, we will take reasonable steps to notify affected individuals.

This document is a template prepared to reflect Circle Leadership’s operations. It is not legal advice. Given operations across multiple jurisdictions and the processing of corporate-client employee data, we recommend it be reviewed by a qualified privacy lawyer before publication.

 

Ninety Million Pty Ltd trading as Circle Leadership

Version 3.0  |  Last updated: 15 June 2026