Skip to content

Services

SEO (search engine optimisation)Google AdsWebsite DevelopmentCustom CRM DevelopmentAI ConsultingAll services overview
Plans & pricingContactGet started
Legal

Lead Data & Data Processing Addendum

Last updated: 22 June 2026

How we access and handle lead, enquiry, campaign, analytics and CRM data when we deliver our services.

This addendum applies where True North Innovations Pty Ltd (ABN 34 677 383 149) ("TNI", "we", "us" or "our") accesses, receives, stores, reviews, reports on or otherwise handles Lead Data for a client.

It forms part of the Engagement between TNI and the Client.

1. Purpose

TNI needs limited access to lead, enquiry, CRM, analytics, advertising and campaign data to provide digital marketing, website, CRM, tracking, reporting and optimisation services.

This addendum explains the permitted purposes, privacy responsibilities, security obligations and limits on use.

2. What Lead Data means

Lead Data means information captured or generated through:

  1. website forms;
  2. contact forms;
  3. quote forms;
  4. landing pages;
  5. booking forms;
  6. phone call tracking;
  7. chat tools;
  8. email enquiries;
  9. CRM records;
  10. advertising campaigns;
  11. analytics systems;
  12. conversion tracking;
  13. Google Ads, Google Analytics, Google Search Console, Google Tag Manager and similar platforms;
  14. Meta or other advertising platforms;
  15. reports and dashboards; and
  16. other digital channels connected with the Services.

Lead Data may include names, phone numbers, email addresses, business names, enquiry content, campaign source, landing page, form URL, message content, lead status, appointment status, conversion data and related metadata.

3. Client role and responsibility

The Client is usually the business collecting personal information from its own leads, customers, website visitors and enquirers.

The Client remains responsible for its own privacy, collection and consent practices.

The Client must ensure that its website, landing pages, forms, privacy policy, collection notices and customer communications tell individuals, where required, that their information may be disclosed to and handled by service providers such as digital marketing agencies, website developers, hosting providers, CRM providers, analytics providers, advertising platforms, automation providers, payment providers and AI-assisted productivity or reporting tools where reasonably required for the Services.

The Client warrants that it is entitled to give TNI access to Lead Data for the purposes in this addendum.

4. TNI role

TNI handles Lead Data as a service provider to the Client and only for purposes connected with the Services.

TNI will not use Lead Data for unrelated purposes.

TNI will not sell, rent or trade Lead Data.

TNI will not use a Client's Lead Data to market unrelated TNI services to those leads unless the individual has separately consented or the law permits it.

5. Permitted purposes

TNI may access and use Lead Data only for purposes directly connected with the Services, including:

  1. receiving and routing enquiries;
  2. monitoring whether forms and integrations work;
  3. identifying spam, irrelevant or low-quality enquiries;
  4. assessing lead quality;
  5. reviewing enquiry content so campaigns can be improved;
  6. attribution and source tracking;
  7. conversion tracking;
  8. campaign optimisation;
  9. SEO and content improvement;
  10. Google Ads and paid campaign improvement;
  11. CRM workflow and automation;
  12. call tracking and appointment tracking;
  13. reporting to the Client;
  14. troubleshooting technical issues;
  15. auditing service performance;
  16. maintaining records of services provided; and
  17. meeting legal, accounting, insurance or dispute requirements.

6. Minimisation

TNI will only access, use and retain Lead Data to the extent reasonably necessary for the permitted purposes.

Where practical, TNI will use aggregated, de-identified or minimised data for reporting, analysis and training of internal processes.

TNI will not intentionally submit sensitive information, bank account details, passwords or unnecessary personal information into AI tools. Where AI-assisted tools are used, TNI will use minimised, de-identified or business-level information where practical.

7. Sensitive information

The Client must not configure forms, landing pages, CRM fields or campaigns to collect sensitive information unless:

  1. it is genuinely necessary for the Client's business;
  2. the Client has obtained all required consents;
  3. the Client has appropriate privacy notices in place;
  4. TNI has agreed in writing; and
  5. appropriate security and handling arrangements are agreed.

Sensitive information includes health information, racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, union membership, sexual orientation, biometric information and criminal record information.

If sensitive information is accidentally provided to TNI or captured in a system TNI manages, TNI may delete, de-identify, restrict access to, or return that information unless it is necessary and lawful to retain it.

8. Subcontractors and service providers

TNI may use staff, contractors, subcontractors and service providers to deliver the Services.

These may include providers for website hosting, cloud infrastructure, email, CRM, analytics, advertising, call tracking, form processing, automation, reporting dashboards, AI-assisted tools, security, backups and professional advice.

TNI will take reasonable steps to ensure persons and providers who access Lead Data are subject to confidentiality and data-handling obligations appropriate to their role.

9. Overseas handling

Some service providers may store or process Lead Data outside Australia.

TNI may use providers in these categories:

  1. hosting and cloud infrastructure;
  2. email and SMTP;
  3. CRM and ERP systems;
  4. analytics and tracking;
  5. advertising platforms;
  6. call tracking and form tools;
  7. payment processors;
  8. AI-assisted productivity and reporting tools;
  9. security, backup and support tools; and
  10. professional advisers.

Likely overseas processing locations may include Australia, the United States, the European Union, the United Kingdom, Singapore and other locations used by the relevant provider.

The Client authorises TNI to use reputable overseas and cloud-based providers where reasonably required to deliver the Services, provided TNI takes reasonable steps to protect Lead Data and limit disclosure to what is reasonably necessary.

The Client must ensure its own privacy policy and collection notices disclose overseas handling where required.

10. Security

TNI will take reasonable technical and organisational steps to protect Lead Data from misuse, interference, loss, unauthorised access, unauthorised modification and unauthorised disclosure.

These steps may include access controls, limiting access, password and credential management, multi-factor authentication where available, secure cloud and hosting providers, secure payment processing through Stripe, audit logs where available, backups, confidentiality obligations and deletion or de-identification where appropriate.

11. Client security responsibilities

The Client is responsible for securing its own accounts, controlling its own users, removing former staff and suppliers, maintaining passwords and multi-factor authentication, avoiding unnecessary collection of personal information, keeping website and privacy notices up to date, notifying TNI of suspected account compromise, and following TNI's reasonable security instructions.

12. Data breach notification

If TNI becomes aware of actual or suspected unauthorised access to, loss of, or unauthorised disclosure of Lead Data, TNI will notify the Client without undue delay.

TNI will reasonably assist the Client to assess, contain, investigate and respond to the issue.

Where the Notifiable Data Breaches scheme applies, the Client and TNI will cooperate to determine notification responsibilities.

13. Retention and deletion

TNI will retain Lead Data only for as long as reasonably necessary for the Services, reporting, support, legal, accounting, insurance, dispute, audit, quality and business record purposes.

On termination or reasonable written request, TNI will return, delete or de-identify Lead Data in its control where reasonably practicable, except where retention is required or permitted for legal, accounting, insurance, dispute, audit, backup or legitimate business purposes.

TNI may retain aggregated or de-identified data that does not identify individuals or the Client's confidential information, including performance benchmarks, reporting structures, campaign learnings and operational analytics.

14. No direct relationship with leads

Unless separately agreed, TNI does not become responsible for providing services directly to the Client's leads or customers.

The Client remains responsible for responding to leads, providing goods or services to them, handling customer complaints and complying with laws that apply to the Client's own business.

15. Conflict

If this addendum conflicts with the main Terms & Conditions, this addendum applies to Lead Data handling to the extent of the conflict.

16. Contact

True North Innovations Pty Ltd
ABN: 34 677 383 149
Email: info@truenorthinnovations.com.au
Phone: 03 4158 4444

Ready to find your true north?

Get a free, no-obligation quote. Tell us about your business and we'll show you the clearest path to more customers.

Get a free quoteCall 03 4158 4444