Privacy Policy

Chrysalis trading as Chrysalis Advisory Pty Ltd ABN: 70 609 160 143 and Chrysalis Clinical Pty Ltd ABN: 75 648 375 160 and its related bodies corporate (referred to as Chrysalis, weus or our) respect your right to privacy and are committed to safeguarding the privacy of our customers and website visitors and to the protection of personal information that relates to them in accordance with the Australian Privacy Principles (APPs) as set out in the Privacy Act 1988 (Cth) (Privacy Act).

This Privacy Policy describes the manner in which we collect, hold and use information that is covered by the Privacy Act. It is not intended to cover categories of information that are not covered by the Privacy Act. If you wish to make any inquiries regarding this Privacy Policy, you should contact us in any of the ways specified in clause 11.

References in this Privacy Policy to “you” are references to you as an individual and/or as a company, organisation or trust as applicable.

We may, from time to time, review and update this Privacy Policy including to take into account new laws, regulations and technology. All personal information held by us will be governed by our most recent Privacy Policy, posted on our website (Website). Our most recent Privacy Policy will apply to our collection, use and disclosure of Personal Information.

1.  What is considered Personal Information?

Personal Information” is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not, and whether recorded in a material form or not.

Sensitive Information” is Personal Information about an individual that includes health information, genetic information, biometric information or templates, or personal information that is also information or an opinion about an individual’s race or ethnicity, their religious, political or philosophical beliefs, opinions or affiliations, their sexual orientation or criminal record. We will only collect Sensitive Information with your consent. We will assume that you have consented to us collecting any information that you provide to us for use in accordance with this policy, unless you tell us otherwise at the time you provide it to us.

2.  Why do we collect Personal Information?

2.1    Why do we collect your information?

We collect Personal Information from clients and customers, employees, contractors, survey participants and other individuals that is reasonably necessary for one or more of our functions or activities, including: to deliver management consultancy services to our clients (in some cases with support from third party providers), to provide co-working spaces and to conduct our other business functions; to market and sell our products and services; to improve our products, our marketing and to better understand your needs, to provide you with information and updates, to make you aware of new and additional services and opportunities available to you, and to conduct employee related activities. We will only collect Personal Information that is adequate, relevant and limited to what is necessary for the purposes set out in this Privacy Policy.

2.2  How we contact you and how you may deal with us

Chrysalis may contact you using a variety of means including, but not limited to telephone, email, SMS and post.

You have the option to deal with us anonymously or by using a pseudonym. However, you acknowledge that where this is impractical or where the law or a court order provides otherwise, we are not required to provide these options to you.

If you choose not to provide your Personal Information to us, we may not be able to undertake certain activities for you (such as providing you with requested information, products or services, or including the information you provide to us in the course of our delivery of recommendations on a consultancy project to a client).

3.  Collection of Personal Information

3.1  When and how do we collect your information?

We may collect and hold Personal Information about you such as your name, gender, date of birth, contact details (including your address, phone numbers and emails, whether personal or for work), employment information, credit card details, and in some cases information related to your education, health and use of social services.

We collect Personal Information directly from you when you: in the course of delivering a project, when we consult with you directly or in a workshop, when you complete a survey, or when you correspond with us; when we otherwise supply you with services; when you request information about us or our products or services, provide feedback, change your content or email preferences, enter into an agreement or contract with us, fill in a form or a request for services, fill in a form on our website, attend an event, become an employee of Chrysalis, or otherwise contact us by telephone, facsimile, email, post or in person.

If you are based in Europe and/or the GDPR applies to how we collect, use or disclose your Personal Information (including Sensitive Information), we will request that you provide us with your consent to collect, use or disclose your Personal Information. You may withdraw your consent any time in the same manner in which you gave consent or by contacting us in any of the ways set out in clause 11.

Where required by the Privacy Act, PIPEDA or the GDPR, we will seek your consent to the processing of your Personal Information for specific purposes or your explicit consent when processing Sensitive Information (if applicable).

If you provide Personal Information about other individuals to us, you must ensure that you have informed those individuals that you are providing their Personal Information to us and that you have obtained their consent and advised them of our Privacy Policy.

3.2  Do we collect information about you in other ways?

We may also collect Personal Information about you via third parties including from our clients, suppliers, through events or online marketing.

We may also process your Personal Information in performance of our contractual obligations when we receive it from a third party with whom you have entered into a contract or at your request.

In some circumstances we may receive Personal Information that we have not requested. If this occurs, we will comply with our obligations under the Privacy Act, PIPEDA and GDPR. You acknowledge that we may de-identify and/or destroy this information unless we are required to keep it by law.

4.  Information collected via our Website

4.1    Website terms of use

This Privacy Policy governs how we use, collect or disclose Personal Information provided on our Website. By using the Website you agree to the terms and conditions contained in this Privacy Policy.

We will not collect any Personal Information about users of our Website except when they knowingly provide it.

4.2  Click Stream Data

When you visit and browse our Website, our Website host may collect Personal Information for statistical, reporting and maintenance purposes. Subject to clause 6.2, the Personal Information collected by our Website host will not be used to identify you.  The information may include: the number of users visiting our Website and the number of pages viewed; the date, time and duration of a visit; the IP address of your computer; the path taken through our Website; or the browser type, operating system or website visited immediately before coming to our Website.

Our Website host uses this information to administer and improve the performance of our Website, including to assist with the diagnosis of and to provide support for any issues with our Website or services. This information is used in an aggregated manner to analyse how people use our Website, so that we can improve our service.

4.3  Cookies

Cookies are small text files that are transferred to a user’s computer hard drive by a website for the purpose of storing information about a user’s identity, browser type or website visiting patterns.

If you access our Website, a cookie is downloaded onto your computer’s hard drive when you first log on to our Website. Our website uses cookies to make your use of the website easy and meaningful. Cookies do not personally identify you; they merely recognise your Web browser. We may also use this information for development and analytics purpose. You can tailor your experience with these technologies via the privacy and browser settings on your device or by rejecting the cookies.

4.4    Web Beacons

Web beacons are images that originate from a third party site to track visitor activities. We may use web beacons to collect aggregate data and provide this information to our Website host to administer and improve the performance of our Website.

4.5    Links to external websites

If you follow any links to third party external websites from our Website, the Privacy Policy will not apply to those websites which may have their own policies relating to privacy and data collection and website usage. Links to third party websites do not constitute sponsorship or endorsement or approval of these websites. If you choose to access any linked website or to provide any Personal Information on such websites you should review their policies and terms of use to learn more about how they may use your Personal Information. We are not responsible for and will not be liable for the operations or policies of any third party external website.

5.  How we use Personal Information?

5.1  How we use the Personal Information we collect about you?

We use the Personal Information we collect about you for our business functions and activities, which may include the following:

  • to provide you with information or services you have requested;
  • to promote and market our services to you;
  • to personalise and customise your experiences on our Website;
  • to deliver our consulting services to our clients;
  • to provide you with ongoing information about us and our activities;
  • to use aggregated or de-identified information for the purposes of data analysis, research and reporting;
  • to comply with regulatory or other legal requirements;
  • to protect the copyright, trademarks, legal rights, property or safety of Chrysalis, its customers or third parties;
  • for purposes related to the recruitment and employment of our personnel and providing internal services to our staff; and
  • for any other use required or permitted by law or any other purpose communicated to you at the time that the Personal Information was collected or for which you provided your consent

We may use your Personal Information for a secondary purpose if that secondary purpose is related to the purposes listed in this clause 5.1, if we have your consent or if otherwise provided for under the Privacy Act.

Generally, we will only collect and use your Personal Information in accordance with this Privacy Policy. In the event that we collect or use Personal Information in ways other than as stated in this Privacy Policy, we will ensure that we do so in accordance with the Privacy Act.

5.2  Direct marketing

We may use your Personal Information to provide you with direct marketing materials if you would reasonably expect us to or if you consent to receive direct marketing materials. We will seek your consent to provide you with direct marketing materials if we have obtained your Personal Information from a third party. Direct marketing material may include promotional material about us or the products or services we offer.

You may opt out of receiving direct marketing material by contacting us in any of the ways specified in the direct marketing materials or as set out in clause 11.

5.3    Employee records

Employee records are not generally subject to the Privacy Act. As such this Privacy Policy may not apply to the handling of employee related information. Please contact us directly for information about our employee information handling practices.

6.  When do we disclose Personal Information?

6.1  Who do we disclose your Personal Information to?

Depending on the nature of your relationship with us, we may disclose your Personal Information to our shareholders, officers and employees, other businesses within our group of companies, service providers who assist us in our business operations and recruitment activities (including third party service providers based overseas), government agencies, other third parties, (including parties that we engage to provide you with services on our behalf or who are connected with or involved in our relationship with you), or otherwise as required by law.

If there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer to the extent permissible at law our user databases, together with any Personal Information and non-personal information contained in those databases. This information may be disclosed to a potential purchaser under an agreement to maintain confidentiality.

6.2  Service providers

We may also disclose your Personal Information to our Website host or service providers in certain limited circumstances, for example when our Website experiences a technical problem or to ensure that it operates in an effective and secure manner.

Personal information is only disclosed to a third party when it is required for the delivery of our services. To the extent that we do share your Personal Information with a service provider, we would only do so if that party has agreed to comply with our privacy standards as described in this Privacy Policy.

We may also share non-personal, de-identified and aggregated information for research or promotional purposes in connection with providing requested information or services to you, or for the purpose of improving our services. We will not sell your Personal Information to third parties for marketing purposes.

Unless otherwise specified in this Privacy Policy, we or our Website host will not disclose any of your Personal Information to any other organisation unless the disclosure is required by law, is otherwise permitted by the Privacy Act, or is with your consent.

7.  Overseas disclosure and individuals based in Europe

7.1  Disclosure of your Personal Information overseas

Your Personal Information may be disclosed outside of Australia to an entity in a foreign country, including entities in which we have an ownership interest or to third party service providers (Overseas Entities). The country in which these Overseas Entities are located/likely to be located include the United Kingdom and Canada, where we have offices.

It is possible that the Overseas Entities may be subject to foreign laws that do not provide the same level of protection of information as in Australia or that provide a greater level of protection than in Australia. We take reasonable steps to ensure that these overseas entities do not breach the APPs and that they are obliged to protect the privacy and security of your Personal Information and use it only for the purpose for which it is disclosed.

7.2  Personal Information of individuals based in Europe

If you are based in Europe and/or your Personal Information is disclosed to us from an organisation in Europe, the GDPR may apply to how the Personal Information is transferred to us, how we deal with that Personal Information and how we may transfer that Personal Information to third countries.

If the GDPR applies we will comply with our obligations in relation to your rights, how we handle your Personal Information and the requirements for transfers to third countries.

8.  Storage and data security

Chrysalis is committed to ensuring that the information you provide to us is secure. In order to prevent unauthorised access to or disclosure of Personal Information, we have taken steps to put in place suitable physical, electronic and managerial procedures to safeguard and secure Personal Information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.

We aim to keep your Personal Information secure and up to date. We will comply with our obligations under the Privacy Act in relation to any Personal Information that we handle, including information which is held on our computer systems.

Personal Information that is held by us in hard copy is stored securely on our premises and is only disclosed or used for the purposes described in this Privacy Policy.

The Notifiable Data Breaches Scheme (NDB scheme) in Part IIIC of the Privacy Act sets out obligations for notifying affected individuals, and the Australian Information Commissioner (Commissioner), about an “eligible data breach” (as defined in the Privacy Act) which is likely to result in serious harm.

Where a data breach occurs and serious harm to affected individuals is likely, we will notify those individuals and the Commissioner in accordance with our legal obligations.

If you are based in Europe and you provide us with your Personal Information, or your Personal Information is disclosed to us or processed by us, you may have additional rights under the GDPR relating to security and protection of data, notification of “personal data breaches” (as defined in the GDPR), and a right to compensation for damage arising from a personal data breach. If the GDPR applies we will comply with our legal obligations.

You may contact our Privacy Officer via the contact details below should you require additional information.

9.  How long will we keep your Personal Information?

We will keep your Personal Information only for as long as required for our business purposes and otherwise as required by Australian, Canadian and UK law.

Where we no longer need to keep your Personal Information in accordance with this clause 9, we will take reasonable steps to destroy or de-identify your Personal Information.

If you wish to have your Personal Information destroyed or de-identified, please let us know and we will take reasonable steps to do so (unless we need to keep it for legal, auditing or internal risk management reasons, or as otherwise required by law).

10.  Accessing, updating and correcting your Personal Information

We will take reasonable steps to ensure that the Personal Information that we hold is accurate, up-to-date and complete. You can update your Personal Information at any time by contacting us in any of the ways specified in clause 11. We welcome any changes to your Personal Information so as to keep our records up to date.

You are entitled to access Personal Information that we hold about you. If you request access to your Personal Information, we will grant your request unless providing you with access would unreasonably impact upon the privacy of others or is not otherwise permitted under the Australian Privacy Principles or at law. We will endeavor to reply to you within 30 days of receipt of your request/complaint, where appropriate, will advise you the reasons for the outcome of the request/complaint. If we refuse your request to access your Personal Information, we will provide you with written reasons for the refusal.

If you are based in Europe and you provide us with your Personal Information, or your Personal Information is disclosed to us or processed by us, you may have additional rights under the GDPR, including in relation to the right to access your Personal Information, to rectify your Personal Information, to erase your Personal Information (the ‘right to be forgotten’), to restrict processing of your Personal Information and the right to receive your Personal Information (the ‘right of portability’). If the GDPR applies we will comply with our obligations in relation to the exercise of your rights under the GDPR.

To exercise any of your rights in relation to Personal Information, including making a request for access, please contact us in any of the ways specified in clause 11. We are entitled to charge you a fee to comply with your request for information, however, if you are based in Europe, we will not charge you for information we provide to you in accordance with GDPR Article 12(5).

11.  How to contact us, find out more information or make a complaint

If you feel that your privacy has not been respected or that we have conducted ourselves inconsistently with this Privacy Policy, the Privacy Act, a registered APP Code and/or GDPR and PIPEDA in respect of your Personal Information, or for any other queries, problems, complaints or communication in relation to this Privacy Policy, please contact us in any of the following ways:

Name: Chrysalis

Attn: Privacy Officer, Ms Allison Northcott

Post: Suite 2, Level 7, 431 King William Street Adelaide SA 5000



"Can’t thank you enough for the superb facilitation Nick. It exceeded my already high expectations. It was world class. The clear strategic plan we achieved and the communication techniques you showed us are already making a huge impact here. I feel privileged to get this opportunity to work with you and observe the mastery in process."

Dr. Michael Winlo, CEO, Linear Clinical Research

“Nick has worked on several occasions with our Leadership Team of 14 individuals from very diverse working and cultural backgrounds. Through Nick’s skilled coaching and excellence in this field, he has taken our organisation on a positive journey to strengthen our purpose and vision, putting strategic plans together to enable us to strive towards our mission. He has brought about a positive cultural change within the organisation and enabled us to form a cohesive team that continues to build trust in each other. The skills learnt through Nick’s positive, empowering coaching skills have given the Leadership team insight and clear direction of our culture values. The bespoke training manual that he created for the staff continues to be used as a tool for achieving positive outcomes. Due to his skilled coaching, Linear has a united, trusting leadership team, working together with unified purpose.”

Gail Clement, Clinical Unit Manager, Linear Clinical Research

“Chrysalis Advisory provides an extremely professional and comprehensive suite of business services. Nick Northcott is a rarity. He always delivers, goes the extra mile for his clients, and is generous with his time, energy and contacts. In a matter of months, Nick has become my most trusted advisor. He is genuinely interested in assisting others to achieve their goals. I recommend Nick and his team without hesitation.”

Laura Keily, Barrister and Entrepreneur, BSc, LLB (Hons), MCommrclLaw, GAICD

"Nick Northcott expertly facilitated a one-day meeting and workshop bringing together a diverse range of stakeholders across the clinical trials sector. The meeting was the first of its kind and Nick ensured the meeting delivered above and beyond on all objectives, including scoping six high quality projects and setting the tone and high expectations for future events. Nick also provided professional advice and assistance in meeting preparation as well as consolidating the meeting output and crucially identifying a pathway to action via an instructive report. We really look forward to working with Nick again!"

Leanne Weekes, Programme Director, Clinical Trials Impact & Quality

“I engaged Nick’s services in 2017, to assist me in transitioning from a technical expert role into one of being a manager and executive team member of a large organization. It was a great decision. Nick is an attentive listener, he is honest and thoughtful. I trust him wholeheartedly. His broad knowledge, experience in organizations and authenticity have helped me develop the skills needed for my role, many of which were new to me – strategic recruitment, change and project management and having difficult conversations, to name a few. He has always made himself available to me during the challenging moments I have faced. I recommend his services as a coach for any new executive manager without reservation.”

C-level Executive of an ASX 100 company

"Nick has presented as the ‘complete package’. This is a rare blend of technical expertise, emotional and social quotient, higher educational insights, challenging behaviour and the display of a genuine interest in what we want to achieve."

Jenny Taylor, Director of People & Capability, Curtin University

“I have recently worked with both Allison and Nick at Chrysalis Advisory. I consider myself to be a hard taskmaster and I am very impressed. Firstly, I was kept up to date on the status of the matter and with costs at all relevant times. This is very important to me when I brief out a matter. Communication and feedback is essential. Secondly, Allison and Nick are extremely professional and efficient. We conducted a lot of meetings over video on the computer, which was productive and less costly. Thirdly, the matter they dealt with was complex, with a significant degree of technical language and operational networks and also intricate cultural issues. I was impressed with the way they were able to easily master the core issues within a short period of time. Fourthly, the report that was produced at the conclusion of the matter was of a high standard. It was thorough and easy to understand, with supported reasoning. I would recommend Chrysalis Advisory to anyone seeking a professional and high quality workplace investigation to be conducted. Last but not least, both Allison and Nick are delightful people and working with them is a pleasure.”

In-house Counsel Employee Relations National Tourism/Hospitality company

"Allison handled my case with care and sensitivity, wanting to ensure that me, and the other party, were treated fairly at all times. She was very well-prepared with a robust process that seeks to establish the facts through a series of in-depth interviews and a review of other artefacts."

Senior Global IT Business Director, Complainant in a bullying/harassment matter

"Chrysalis Advisory was very responsive to an urgent request we had to help us investigate a complex staff harassment matter. Allison and her team were professional, thorough and worked through the issues in a reasonable timeframe for all concerned."

Board Member Global Not for Profit organisation

“I have worked with Chrysalis Advisory since early 2019 on a number of different projects drawing on their professional and excellent services in the areas of strategy, organisation design, and facilitation. In that time, I have thoroughly enjoyed building a trusted relationship with them. I know they place the best interest of the organisation I lead at the heart of their advice. I highly value the integrity of their approach, their open, candid and direct style, and their ability to deeply listen and seek to understand. They are experts in what they do, enablers of transformation, with a sharp skill for surfacing core issues, challenging assumptions, synthesising, and focusing on root causes and levers that can be truly transformational for an organisation.

Whilst I have worked more often with Nick, I have found both Nick and Allison an absolute pleasure to work with. They bring a valued mix of sharpness and kindness to all the work we have done together. I look forward to working with them again soon, and I highly recommend them to anyone seeking high quality strategic advice.”

Bettina Baldeschi, Chief Executive Officer, IWDA