Tommy Associates Pty Ltd
Tommy Logo

Privacy Policy

Last updated date: 25th August 2022

Tommy Associates Pty Ltd., and its subsidiaries (herein “Tommy”) are committed to protecting your Personal Information and processing it responsibly. This Privacy Policy (“Policy”) describes our general practices relating to the collection, use and disclosure of data relating to our websites’ and physical sites’ visitors, consumers, and individuals within our client, supplier and business partner organisations with whom we have or contemplate a business relationship (“Personal Information”).This Policy does not apply to the data about our customers’ users or prospective users which Tommy processes as a service provider on our customers’ behalf. (please see Tommy’s Service Provider Privacy Policy for related details).European Citizen? Learn more about Tommy’s compliance with GDPR here.

The Personal Information Tommy Collects

Directly from You

Tommy collects Personal Information directly from you when you interact with us online, in person or through other communication channels. For example:

  • When you request information about our services, chat with Tommy online, register for a webinar or download content from our website or mobile app, we collect your contact information such as name, telephone number, mailing address and email address;
  • When you register for and/or engage with us at a trade show or other event, we collect your contact information and employment-related information such as the name of your employer and job title;
  • When you create an account on a Tommy platform, we collect authentication credentials such as username and password;
  • When you optionally enable contact-syncing, we collect the contacts stored on your device including first name, last name, phone number and email address;
  • When you enter a contest or a sweepstakes, we collect your contact information and employment-related information;
  • When you access our website, we automatically collect information about your device and use of the website through cookies and similar technologies —See Tommy’s Cookie Policy;
  • When you interact with the emails that we send to you, we automatically collect information about your activity, such as whether you opened the email;
  • When you give us permission to post a customer testimonial, we collect photos or videos as well as your opinions;
  • When you respond to a survey, we collect your contact information and your opinions on our product and services;
  • When you engage with us via a social media platform, we collect contact information that includes social media handles;
  • When you contact our customer support centre, we collect voice recordings or chat transcripts;
  • When you visit our offices, we collect your contact information and details about your visit such as the time and date of your arrival and departure; we may also capture your image through security cameras;
  • We may also collect other information you may choose to provide through our interactions.

From Other Sources

Tommy also obtains Personal Information from third parties. For example:

  • Other companies provide us with the contact information and employment-related information of businesses or individuals that they think may be interested in our products or services;
  • Tommy purchases contact information and other information from third parties and combines it with information we already have to develop marketing leads and tailor advertising to customers and prospects;
  • A colleague at your organisation may share your contact information with us because they think you will be interested in our products or services;
  • Tommy collects contact information from publicly available sources as permitted by applicable law.

How Personal Information is Used

Tommy uses Personal Information to, among other things:

  • Develop and maintain business relationships;
  • Personalise users’ experience on our websites and while using our applications;
  • Contact-sync data collected is used for matching users together as contacts within Tommy;
  • Plan and manage Tommy-sponsored events;
  • Send marketing communications;
  • If you decide you do not want to receive marketing communications from Tommy, you can opt-out by clicking on the “unsubscribe” link provided at the bottom of every marketing email;
  • Understand how you interact with our marketing communications in order to provide tailored communications;
  • Send informational communications such as invitations to events, satisfaction surveys, training and product alerts;
  • Conduct sweepstakes and contests;
  • Communicate with customers concerning normal business administration such as projects, services and billing;
  • Provide access to information systems and premises;
  • Develop and improve our products, services, software and website through research, development, analytics and business intelligence;
  • Comply with data protection legislation, information security requirements and other legal requirements;
  • Manage claims with and between customers, Tommy, individuals and/or third parties, including beyond termination of an Agreement;
  • Manage Tommy’s internal operations;
  • Respond to inquiries and feedback from business contacts;
  • Prevent fraud;
  • Conduct internal audits or investigations;
  • Manage network security, which includes disaster recovery and business continuity;
  • Publish customer testimonials;
  • Display targeted ads through social media platforms which are sent to groups of people who may be interested in our products and services—see Privacy Policies of the social media platforms for more information about this kind of advertising.

Depending on the circumstances and applicable law, Tommy processes Personal Information on a number of lawful bases, including obtaining your consent, performance of a contract, compliance with a legal obligation, to protect yours or someone else’s vital interests, to perform a task in the public interest or for other legitimate interest. In Europe and other jurisdictions where this is permitted, we rely on “legitimate interest” for example, for fraud prevention, network security, resolving product issues, planning and managing Tommy events, developing and improving our services, sending informational communications and some direct marketing.

Tommy does provide a feature to Team account holders that utilises personal information, for specific details on how Tommy handles information we commonly refer to as biometric information please read the biometric statement here. Please not that Tommy is acting as a Service Provider to your employer / team account owner when collecting and handling that data.

In some cases, Tommy de-identifies or anonymises Personal Information in support of legitimate business purposes. Once deidentified or anonymised, such data is no longer considered Personal Information. When using deidentified or anonymised data, Tommy does not attempt to reidentify the data.

How Personal Information is Used

Phone Numbers & Contacts

To connect you with people you already know (your social graph) we collect up-to-date contact details from your device. We ask your permission before enabling this feature. We only collect the number, name (first and last) and email address and we use this to automatically notify you when people you know create their own Tommy accounts. We also use it to display the names of contacts on your device when you access the “Invite Friends” feature, these are shortcuts to you starting an invitation process using your own SMS or Email tools. No communication is sent to your contacts from within Tommy unless you have explicitly invited a contact to join a Team account as a Team Member.
You can always stop automatic syncing of contacts data by going to Contacts > New Contacts > Settings.

Subsidiaries and Affiliates

We share Personal Information with subsidiaries and affiliates of Tommy.

Service Providers

We share Personal Information with companies or individuals that provide us with services. These services include, among other things, providing products and services to you on our behalf, creating or maintaining our databases, researching and analysing the people who request information from us, preparing and distributing communications, managing events or responding to inquiries. Service providers can only process Personal Information as instructed by Tommy.


We share Personal Information with other companies that provide products or services that we think will be of interest to you.

Blogs, Online Postings and Testimonials

We allow users to share comments, postings, testimonials, or other information. If you choose to submit such information to us, the information you submit will be available generally to the public. Information you provide in these areas may be read, collected and used by others who access them.

Business Transition

In the event that Tommy, or any portion of our assets, are acquired, sold, or transferred, Tommy will disclose Personal Information with the company involved to complete the business transition, including at the negotiation stage.

Applications and Tools

We offer tools, widgets and applications on our website such as search engine functionalities, that are powered by third parties. If you use those applications or tools, any Personal Information that you provide will be shared with the third party that provides that functionality. The third party’s use of that Personal Information is subject to their Privacy Policy.

Law Enforcement

We may report to law enforcement agencies any activities that we reasonably believe to be unlawful, or that we reasonably believe will aid a law enforcement investigation into unlawful activity. In addition, we reserve the right to release your Personal Information to law enforcement agencies if we determine, in our sole judgment, that either you have violated our policies, or the release of your Personal Information will protect the rights, property, or safety of Tommy, or another person.

Legal Process

We may share your Personal Information with others as required by, or permitted by, law. This includes sharing your Personal Information with governmental entities, or third parties in response to subpoenas, court orders, other legal process, or as we believe is necessary to exercise our legal rights, to defend against legal claims that have been brought against us, or to defend against possible legal claims that we determine in our sole discretion might be brought against us.

Third Party Websites

Our website, emails, or our application may link to third parties’ websites. It is also possible that third parties’ websites or emails may link to our website. We are not responsible for the content or the privacy practices employed by third parties and Personal Information collected by third parties is not governed by Tommy’s Privacy Policy. We encourage you to read the Privacy Policies of these websites before transmitting any Personal Information to third parties.

Cross Border Transfers

To run our business, we may store and process your Personal Information in any country where Tommy and authorised third parties operate. When we transfer your Personal Information in this manner across country borders, we implement adequate measures for its protection, and for compliance with applicable laws.

Tommy utilises the adequacy determinations made by the European Commission to transfer Personal Information to countries with data protection that is adequate to the EU. Tommy also utilises Standard Contractual Clauses (SCCs) for the transfer of Personal Information from the EU and Switzerland to other countries.

How Personal Information is Protected

Tommy has implemented policies and procedures to protect Personal Information. Tommy uses recognised industry standard security safeguards appropriate to the sensitivity of the Personal Information. Tommy reviews its security policies and procedures on a regular basis and updates them as needed to maintain their relevance. Tommy makes reasonable security arrangements to protect Personal Information from and against risks, such as loss or theft, as well as unauthorised access, collection, use, disclosure, copying, modification, disposal and destruction. The methods of protection include physical measures, organisational measures and technological measures. Tommy requires all third parties to whom it transfers Personal Information to maintain adequate safeguards in compliance with applicable laws and standards to protect Personal Information. In the event that Tommy is required by law to inform you of a breach of your Personal Information, we will notify you electronically, in writing or by telephone, if permitted by law.

Retention of Personal Information

Tommy will retain your Personal Information for as long as necessary to fulfil the purpose for which it was collected or as required to comply with legal obligations. These legal obligations are reflected in an internal retention policy and schedule. At the end of the retention period, Tommy will securely delete the Personal Information. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further use of such data.

Do Not Track Disclosure

Do Not Track (DNT) is a preference that users can set for their browsers to opt out of the online tracking activities by some websites. Tommy does not respond to DNT signals in browsers.

How to Exercise Your Rights

Tommy makes reasonable efforts to keep Personal Information as accurate, complete and up-to-date as is necessary to fulfil the purposes for which the information is to be used. Unless Tommy is permitted or required by law to prohibit access, you can view and if necessary, update and correct your Personal Information. Depending on the jurisdiction in which you are, you may have additional rights such as the right to request deletion of your Personal Information, the right to restrict or object to processing your Personal Information by Tommy or the right to transfer your Personal Information to another organisation. Individuals can submit requests for any of these rights by contacting the Chief Privacy Officer. Note that, as required by law, we will require you to prove your identity. We may verify your identity by phone call or email. Depending on your request, we will ask for information such as your name and contact information. We may also ask you to provide a signed declaration confirming your identity. In some circumstances, you may designate an authorised agent to submit requests on your behalf. We will require verification that you provided the authorised agent permission to make a request on your behalf. 

If we become aware of any ongoing concerns or problems with our service, we will take these issues seriously and work to address these concerns. If you have any further queries relating to our Policy, or you have a problem or complaint, please contact us. For more information about privacy issues in Australia and protecting your privacy, visit the Australian Federal Privacy Commissioner’s web site:

How to Contact Tommy

For privacy-related questions, comments or concerns, contact Tommy at:

Chief Privacy Officer

PO Box 583

Sanctuary Cove QLD 4217


Email: [email protected]

Changes to this Privacy Policy

Tommy will update this Policy periodically to reflect changes to our privacy practices. We will provide notice online when we make any material changes to this Policy.

Tommy complies with GDPR. Visit our GDPR FAQs to learn more.