HR Risk ScoreBack to Home

Privacy Policy

HR Risk Score — operated by HR Excellence Partners

Last updated: 21 March 2026 · Effective date: 21 March 2026

1. About This Policy

This Privacy Policy applies to the website located at hrriskscore.com.au (“the Platform”) and all associated services operated by Vasily Papadopoulos trading as HR Excellence Partners (ABN: 99 779 323 739) (“we”, “us”, “our”).

We are committed to protecting the privacy of individuals who interact with our Platform in accordance with the Privacy Act 1988 (Cth) (“Privacy Act”) and the Australian Privacy Principles (“APPs”) contained in Schedule 1 of that Act.

This Policy explains how we collect, hold, use, and disclose personal information, and how you can access, correct, or make a complaint about our handling of your personal information.

By accessing or using our Platform, or by providing personal information to us, you acknowledge that you have read and understood this Privacy Policy and consent to our collection, use, and disclosure of your personal information as described herein.

2. What Information We Collect

2.1 Personal Information

We collect the following categories of personal information:

Contact and identity information:

  • Full name
  • Business name and ABN (where provided)
  • Email address
  • Phone number
  • Job title or position

Business profile information:

  • Industry or business sector
  • Number of employees
  • State or territory of operation

Assessment response data:

  • Your responses to the HR health check diagnostic questionnaire (34 questions)
  • Calculated risk scores and category breakdowns
  • Risk band classifications

Payment information:

We do not collect or store credit card details. Payment is processed by Stripe, Inc., a third-party payment processor. We receive only a payment confirmation token, transaction reference, and the fact that payment was successful.

Technical and usage information:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Pages visited and navigation patterns
  • Date and time of access
  • Referring URL

2.2 Sensitive Information

We do not intentionally collect sensitive information as defined in the Privacy Act (including health information, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, or criminal records). If any such information is inadvertently included in free-text fields or correspondence, it will be treated with the protections applicable to sensitive information under the APPs.

2.3 Information About Third Parties

If you provide personal information about your employees or other individuals as part of your assessment responses (for example, in free-text fields), you represent and warrant that you have obtained all necessary consents from those individuals to share their information with us, and that doing so does not breach any obligation of confidence or applicable law.

3. How We Collect Personal Information

We collect personal information:

  • Directly from you, when you complete the onboarding form on the Platform, complete the diagnostic questionnaire, submit payment, contact us by email or phone, or correspond with us in any other way;
  • Automatically, through cookies, server logs, and analytics tools when you access or use the Platform;
  • From third parties, including our payment processor (Stripe) who provides transaction confirmation data, and our email delivery service (Resend) which provides delivery status information.

We will only collect personal information by lawful and fair means, and not in an unreasonably intrusive way.

4. How We Use Your Personal Information

We use your personal information for the following purposes:

Service delivery:

  • To process your registration and onboarding
  • To administer and score your HR diagnostic assessment
  • To generate your HR Risk Score report
  • To deliver your report via email
  • To facilitate your complimentary HR consultation

Communications:

  • To send you your report and any supporting materials
  • To respond to your enquiries
  • To send service-related notifications (e.g., payment confirmation, report availability)
  • To send you information about our services, updates, or educational content that may be of interest to you (you may opt out at any time)

Business operations:

  • To process and record payments
  • To administer our business and maintain internal records
  • To improve our Platform, services, and diagnostic tool
  • To conduct data analysis and research to improve the quality and accuracy of our assessments
  • To train and review the AI-assisted report generation process
  • To detect, investigate, and prevent fraud, security incidents, or technical issues

Legal and compliance:

  • To comply with our legal obligations
  • To enforce our Terms of Service
  • To respond to lawful requests from government agencies or law enforcement

5. AI-Assisted Processing

Our Platform uses artificial intelligence technology provided by Anthropic, PBC (“Anthropic”) to assist in generating the narrative and recommendations contained in your HR Risk Score report.

You should be aware that:

  • Your assessment responses and associated business profile information may be processed by Anthropic’s AI systems as part of report generation.
  • The AI processing occurs on Anthropic’s infrastructure, which may be located outside Australia.
  • The AI-generated content is reviewed by a qualified HR consultant at HR Excellence Partners before delivery to you.
  • The AI does not make autonomous compliance or legal determinations — it assists in presenting findings based on a controlled library of recommendations prepared by HR professionals.
  • We do not use your data to train third-party AI models beyond what is described in Anthropic’s privacy documentation. Anthropic’s privacy policy is available at anthropic.com/privacy.

6. Disclosure of Personal Information

6.1 Service Providers

We may disclose your personal information to third-party service providers who assist us in operating the Platform and delivering our services. These include:

ProviderServiceLocation
Supabase, Inc.Database and infrastructure hostingUSA
Vercel, Inc.Web hosting and deploymentUSA
Stripe, Inc.Payment processingUSA
Resend, Inc.Transactional email deliveryUSA
Anthropic, PBCAI-assisted report generationUSA
Cloudflare, Inc.DNS and web securityUSA

We take reasonable steps to ensure that our service providers are bound by privacy obligations consistent with this Policy and the APPs.

6.2 Cross-Border Disclosure

Some of our service providers are located in the United States of America. Before disclosing personal information to overseas recipients, we take reasonable steps to ensure those recipients handle the information in a manner consistent with the APPs, including through contractual arrangements. By using our Platform, you consent to your personal information being disclosed to these overseas recipients.

6.3 Other Disclosures

We may also disclose personal information:

  • Where required or authorised by Australian law, including to government regulators, courts, or law enforcement agencies;
  • To our professional advisers (lawyers, accountants, auditors) under obligations of confidentiality;
  • In the event of a merger, acquisition, or sale of all or part of our business, to the incoming entity, subject to that entity agreeing to handle personal information in accordance with the APPs;
  • With your express consent.

We will not sell, rent, or trade your personal information to third parties for their own marketing purposes.

7. Data Security

We implement reasonable technical and organisational measures to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. These measures include:

  • Encrypted data transmission (TLS/HTTPS)
  • Access controls and authentication on our systems
  • Row-level security controls on our database
  • Secure, access-controlled cloud storage for reports
  • Limited staff access to personal information on a need-to-know basis

However, no method of transmission over the internet or method of electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee absolute security.

If you become aware of a security concern relating to your information, please contact us immediately at hello@hrriskscore.com.au.

8. Data Retention

We retain personal information for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specifically:

  • Assessment data and reports: Retained for a minimum of 7 years from the date of the assessment, consistent with the record-keeping requirements applicable to business documents under Australian law.
  • Payment records: Retained for a minimum of 7 years from the date of transaction, consistent with Australian tax law requirements.
  • Email correspondence: Retained for 3 years unless a longer period is required for legal or dispute resolution purposes.
  • Technical logs: Retained for up to 12 months.

When personal information is no longer required, we will take reasonable steps to destroy or permanently de-identify it.

9. Cookies and Tracking Technologies

Our Platform uses cookies and similar tracking technologies. Cookies are small data files stored on your device. We use:

  • Strictly necessary cookies: Required for the Platform to function, including session management and security. These cannot be disabled.
  • Analytics cookies: To understand how users interact with our Platform and to improve the user experience.

You may configure your browser to refuse cookies or to alert you when cookies are being sent. However, disabling strictly necessary cookies may impair the functionality of the Platform.

We do not use cookies for advertising or cross-site tracking purposes.

10. Access to and Correction of Personal Information

10.1 Access

Under the Privacy Act, you have the right to request access to the personal information we hold about you. To make an access request, please contact us in writing at hello@hrriskscore.com.au.

We will respond to access requests within 30 days. We may charge a reasonable fee to cover the cost of processing your request.

We may decline to provide access in circumstances permitted by the APPs, including where providing access would be unlawful, where it would have an unreasonable impact on the privacy of other individuals, or where the request is vexatious.

10.2 Correction

If you believe personal information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, you may request that we correct it. We will respond to correction requests within 30 days.

If we disagree that the information is incorrect and decline to correct it, we will provide you with our reasons and information about how to make a complaint.

11. Marketing Communications

Where you have provided your contact details, we may send you information about our services, insights, or resources relevant to HR compliance and workforce management.

You may opt out of marketing communications at any time by:

  • Clicking the “unsubscribe” link in any marketing email; or
  • Contacting us at hello@hrriskscore.com.au

We will action opt-out requests promptly and within 5 business days.

Opting out of marketing communications does not affect our ability to send you service-related communications (e.g., your report delivery, payment confirmation).

12. Anonymised and Aggregated Data

We may use de-identified, aggregated data derived from assessment responses (e.g., average risk scores by industry or state) for research, benchmarking, product improvement, and publication purposes. Such data will not identify any individual or business and is not subject to this Privacy Policy.

13. Complaints

If you believe we have breached the APPs or this Privacy Policy, you may lodge a complaint with us by emailing hello@hrriskscore.com.au.

Please describe the nature of your complaint in as much detail as possible. We will acknowledge your complaint within 5 business days and aim to provide a substantive response within 30 days.

If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC):

  • Website: www.oaic.gov.au
  • Phone: 1300 363 992
  • Post: GPO Box 5218, Sydney NSW 2001

14. Children’s Privacy

Our Platform is intended for use by business owners, managers, and HR professionals. It is not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. If you become aware that a minor has provided us with personal information, please contact us and we will take steps to delete it.

15. Links to Third-Party Websites

Our Platform may contain links to third-party websites. We are not responsible for the privacy practices of those websites. We encourage you to read the privacy policies of any third-party websites you visit.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal obligations. The updated Policy will be posted on our Platform with a revised “Last updated” date.

Where changes are material, we will take reasonable steps to notify users. Continued use of the Platform following notification of changes constitutes your acceptance of the updated Policy.

17. Contact Us

For all privacy-related enquiries, access requests, correction requests, or complaints, please contact:

Privacy Officer

Vasily Papadopoulos trading as HR Excellence Partners

ABN: 99 779 323 739

Email: hello@hrriskscore.com.au

Phone: +61 432 244 744

Website: hrriskscore.com.au | hrexcellencepartners.com.au

This Privacy Policy has been prepared in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles. It does not constitute legal advice. If you require legal advice regarding privacy obligations specific to your business, please consult a qualified Australian privacy lawyer.