About Us
Summit Group Digital Pty Ltd (ABN 15 691 798 277) operates under the brand names Summit and Summit Markets. References to "we", "us", "our" or "Summit" in this Policy refer to Summit Group Digital Pty Ltd trading as Summit and Summit Markets.
This Privacy Policy explains how we collect, use, store and disclose your personal information when you use this website and our membership and research service. We are committed to handling your information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.
Information We Collect
Information you give us
- Your name, email address and phone number when you apply for access, book a call, or contact us.
- Information you choose to share about your portfolio, holdings, goals and circumstances so we can prepare a read or deliver our research.
- Billing details, which are processed and held by our payment provider; we do not store full card numbers.
- Any information you provide when you contact us for support or enquiries.
Information we collect automatically
- Basic technical data such as your browser type, device, approximate location and the pages you view, collected through privacy friendly, consent based analytics.
Dealing With Us Anonymously
You can browse this site and make general enquiries without telling us who you are. However, because our membership involves preparing research about your own portfolio and managing your billing, it is not practicable for us to deliver the membership if you do not identify yourself. Where it is lawful and practicable to do so, we will let you interact with us anonymously or using a pseudonym.
Legal Bases for Processing
We collect and use your personal information where it is reasonably necessary for our functions and activities, on the following bases:
- To perform our agreement with you, for example to deliver your membership and the research you request.
- For our legitimate interests in operating, securing and improving our service, for example privacy friendly analytics.
- To comply with our legal obligations, for example tax and record keeping.
- With your consent, which you may withdraw at any time, for example marketing emails and, for visitors in the European Union, the EEA and the United Kingdom, analytics cookies.
How We Use Your Information
We use your personal information to:
- Assess and respond to your application and determine whether we are a fit.
- Prepare the research you ask for and deliver our membership and service.
- Communicate with you about your enquiry, your account and any changes to our service or policies.
- Operate, secure and improve this site.
- Comply with our legal obligations.
- Send you updates where you have opted in. You may opt out at any time.
We do not sell, rent or trade your personal information.
How We Make Decisions
Decisions about your application and your membership are made by a person, not by an automated system. We may use software to organise and review the information you give us, but a founder reviews and decides each application. If this ever changes and we begin using automated decision making that could significantly affect you, we will update this Policy to explain the kinds of personal information used and the kinds of decisions involved before doing so.
Holdings and Financial Information
If you share details of what you hold so we can prepare a read, we treat that as confidential and use it only to deliver the research you requested. We do not trade on your behalf, we do not handle your funds, and we do not pass your holdings to third parties for their own use.
Session Recordings
Where you take part in a live group education session, that session may be recorded so members who miss it can catch up. Any recording is made available to members only, is kept confidential, and we will make clear at or before the session if it is being recorded.
Sharing and Disclosure
We may share your information with:
- Service providers who help us run the business, such as our payment provider (Stripe), product analytics (PostHog), scheduling (Google Calendar), database and hosting (Supabase, Vercel) and email delivery (Resend), solely to deliver our service and under confidentiality obligations.
- Professional advisers: legal, accounting and compliance professionals where required.
- Law enforcement or regulatory bodies: where required by law or to protect the rights and safety of ourselves and others.
Any third party providers are required to handle your data in accordance with applicable privacy laws and our instructions.
Cookies and Analytics
We use a privacy friendly analytics tool (PostHog) that sets first party cookies to understand how the site is used, including which pages you view and how the application flow performs, so we can improve it. We mask anything you type, we do not use advertising or cross site tracking cookies, and we never sell your data. Visitors in the European Union, the EEA and the United Kingdom are asked to opt in before any analytics cookies are set, in line with local law. Elsewhere, analytics runs by default, and you can opt out at any time by clearing your browser data for this site. We also store a small amount of information in your browser to remember how you reached us, such as a referral link. Our booking page embeds Google Calendar, which may set Google cookies in your browser.
Data Security
We take reasonable technical and organisational steps to protect your information from misuse, interference, loss, and unauthorised access, modification or disclosure. These include restricting access to personal information to people who need it, using reputable service providers, and encrypting data in transit. When we no longer need your personal information for any purpose for which it may be used or disclosed, and we are not required by law to retain it, we take reasonable steps to destroy it or to de-identify it. No method of electronic transmission or storage is completely secure, so we cannot guarantee absolute security.
Data Breach Notification
We maintain a data breach response plan. If we become aware of a breach involving your personal information, we will promptly assess whether it is likely to result in serious harm to any affected individual. Where a breach is likely to result in serious harm and we have not been able to prevent that risk through remedial action, we will notify you and the Office of the Australian Information Commissioner as soon as practicable, in line with the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth). Our notification will describe the breach, the kinds of information involved, and the steps you can take in response. We expect any service provider that processes personal information on our behalf to alert us without undue delay of any actual or suspected breach affecting that information.
Data Retention
We keep your personal information only for as long as we need it:
- Membership and billing records: for the life of your membership and then up to 7 years, to meet our tax and record keeping obligations.
- Applications that do not proceed to membership: up to 12 months.
- Support and enquiry correspondence: up to 2 years.
- Analytics data: kept in aggregated, de-identified form.
After these periods we delete or de-identify your information. You may request deletion of your personal data at any time, subject to any legal obligation we have to retain certain records.
International Data Transfers
Some of our service providers store or process personal information outside Australia. Based on our current providers, this includes the United States (Stripe, PostHog, Supabase, Vercel, Resend and Google). The countries where your information is handled may change if we change providers, and we will keep this Policy up to date.
Before disclosing personal information to an overseas recipient we take reasonable steps to ensure the recipient does not breach the Australian Privacy Principles, including putting in place contractual data protection terms with our providers. Under Australian Privacy Principle 8 we remain accountable for personal information we disclose overseas. You can ask us at any time which providers handle your information and where, by emailing us at the address in the Contact section.
Children
Our service is offered only to adults and is not directed to persons under 18 years of age. We do not knowingly collect personal information from anyone under 18. If we become aware that we have inadvertently collected information from a person under 18, we will promptly delete it and close any associated application or account.
Your Rights
Subject to applicable law, you have the right to access the personal information we hold about you, ask us to correct it, request deletion where legally permissible, and opt out of marketing at any time. To exercise any of these rights, email us at summitgroupdigitalptyltd@gmail.com. We will respond to access and correction requests within a reasonable time, and generally within 30 days. We do not charge a fee for making a request, although in limited cases we may charge a reasonable cost of giving access. If we refuse access or correction, we will tell you why in writing and explain how you can complain. If you believe we have breached the Australian Privacy Principles, you may also lodge a complaint with the Office of the Australian Information Commissioner at www.oaic.gov.au.
Updates to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. The effective date at the top of this document reflects the most recent update, and the current version is always the one published here. If we make a material change, we will let you know by email or a prominent notice on our platforms before it takes effect.
General Provisions
If any part of this Policy is found to be invalid or unenforceable, the remaining parts continue in full force and effect. This Policy is governed by the laws of New South Wales, Australia.
Contact
For any privacy related queries, requests or complaints, contact us at summitgroupdigitalptyltd@gmail.com.