Privacy Policy

The protection of your personal data is important to us. Therefore, we would like to inform you in the following which data of your visit will be used for which purposes. Constant technological development, changes to our services or the legal situation and other reasons may require adjustments to our data protection information.

The protection of your personal data is important to us. Therefore, we would like to inform you in the following which data of your visit will be used for which purposes.

Constant technological development, changes to our services or the legal situation and other reasons may require adjustments to our data protection information. We, therefore, reserve the right to change this privacy policy at any time and ask you to inform yourself regularly about the current status.

Responsible for data processing on this homepage is:

Overdose Group APAC Limited trading As “Overdose.”
Suite 1, Level 2/20 Augustus Terrace, Parnell, Auckland 1010, New Zealand
Contact Us

Our satellite offices:

Brisbane – 76-84 Brunswick St, Fortitude Valley QLD 4006, Australia
Kyiv – Telephone Number: 0681539336
Melbourne – 11 Wilson St, South Yarra Victoria 3141, Australia
Seattle – 712 N 34th St, Seattle, WA 98103, USA
Singapore – 122b Telok Ayer Street, Singapore 068591, Singapore
Sydney – 388 George Street, George Street, Sydney NSW 2000, Australia

General information on data protection

The term personal data is defined as akin in all applicable and published Data Protection Regulations. According to this, it is individual information about the personal or factual circumstances of a specific or identifiable natural person. This includes, for example, your civil name, your address, your telephone number or your date of birth.

Unless otherwise stated in the following sections, no personal data is collected, processed or used when you use our website. When you access our website, some information is transmitted, such as IP address, type and version of the web browser used, the operating system used, the website from which you came and the time of the request.

We cannot use this data to identify individual users. The information is only statistically evaluated by us and used exclusively to improve the attractiveness, content and functionality of our websites.

The Regulations

As a Global Company, we are subject to a vast selection of Data Protection Laws, which include New Zealand`s Privacy Act 2020, Australia’s Privacy Act 1988, California Consumer Privacy Act of 2018, New York`s Privacy Act, Washington Privacy Act, Singapore’s Personal Data Protection Act and of course the EU’s General Data Protection Regulation. Whilst we operate according to the very specific country provisions in all our satellite offices, we strive to apply the most stringed Data Protection Standards across all our operations and have thus implemented the principles set out in the GDPR across all our offices. 

Legal basis for the processing of personal data

We base the use of your data on the following legal grounds:

If the processing of personal data is carried out for the fulfilment of contracts concluded with us, it is based on Art. 6 para. 1 lit. b GDPR. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.

Insofar as we obtain the consent of the data subject for the processing operations of personal data, on Art. 6 (1) lit. a GDPR.

If the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, this is based on Art. 6 (1) (c) GDPR.

In the event that vital interests of the data subject or another natural person make processing of personal data necessary, on Art. 6 (1) (d) GDPR.

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) (f) GDPR serves as the legal basis for the processing.

Your rights as a data subject

First of all, we would like to inform you here about your rights as a data subject.

You have a number of ‘Data Subject Rights’ below is some information on what they are and how you can exercise them.

Right to information: You can request information from us as to whether and to what extent we process your data.

Right to rectification: If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.

Right to erasure: You may request that we erase your data if we are processing it unlawfully or if the processing disproportionately interferes with your legitimate interests in protection. Please note that there may be reasons that prevent immediate deletion, e.g. in the case of legally regulated retention obligations. Irrespective of the exercise of your right to deletion, we will delete your data immediately and completely, insofar as there is no legal or statutory obligation to retain data in this respect.

Right to restriction of processing: You may request us to restrict the processing of your data if you dispute the accuracy of the data for a period of time that allows us to verify the accuracy of the data, the processing of the data is unlawful, but you object to erasure and request restriction of data use instead, we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or you have objected to the processing of the data.

Right to data portability: You may request that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format and that you may transfer this data to another controller without hindrance from us, provided that we process this data on the basis of a revocable consent given by you or for the performance of a contract between us, and this processing is carried out with the aid of automated procedures. If technically feasible, you may request us to transfer your data directly to another controller.

Right to object: If we process your data for legitimate interest, you may object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the assertion, exercise or defence of legal claims. You may object to the processing of your data for the purpose of direct marketing at any time without giving reasons.

Right of complaint: If you are of the opinion that we violate data protection law when processing your data, please contact us so that we can clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision. If you wish to assert any of the aforementioned rights against us, please contact us. In case of doubt, we may request additional information to confirm your identity.

Where the processing of your personal information is based on consent, you have the right to withdraw that consent without detriment at any time.

The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.

We encourage you to get in touch if you have any concerns with how we collect or use your personal information.

California Specific Rights

If you are a California resident, you have the following rights:

You have the right to:

  • request, up to two times each year, access to categories and specific pieces of personal information about you that we collect, use, disclose, and sell.
  • request that we delete personal information that we collect from you, subject to applicable legal exceptions.
  • “opt-out” of the “sale” of your “personal information” to “third parties”

In addition, under California’s “Shine the Light” law, California residents who provide personal information (as defined in the statute) to obtain services are entitled to request and obtain from us, once per calendar year, information about the personal information we shared, if any, with other businesses for marketing purposes. If applicable, this information would include the categories of personal information and the names and addresses of those businesses with which we shared such personal information for the immediately prior calendar year (e.g., requests made in the current year will receive information about the prior year).

Am I Obligated To Provide Data?

The processing of your data is necessary for the conclusion or fulfilment of the contract you have entered into with us. If you do not provide us with this data, we will usually have to refuse to conclude the contractor will no longer be able to perform an existing contract and consequently have to terminate it. However, you are not obliged to give your consent to data processing with regard to data that is not relevant for the fulfilment of the contract or that is not required by law.

NYC and Washington PII Statement

Commercial Partners: Individual(s) or companies that have been approved by us as a recipient of organizational PII and from which Overdose. has received confirmation of their data protection practices conformance with the requirements of this policy. Commercial Partners include all external providers of services to Overdose. and include proposed Commercial Partners. No PII information can be transmitted to any vendor in any method unless the vendor has been pre-certified for the receipt of such information.

PII Training: All new hires entering Overdose. who may have access to PII are provided with introductory training regarding the provisions of this policy, a copy of this policy and implementing procedures for the department to which they are assigned. Employees in positions with regular ongoing access to PII or those transferred into such positions are provided with training reinforcing this policy and procedures for the maintenance of PII data and shall receive annual training regarding the security and protection of PII data and company proprietary data

PII Audit(s): Overdose. conducts audits of PII information maintained by Overdose. in conjunction with fiscal year closing activities to ensure that this policy remains strictly enforced and to ascertain the necessity for the continued retention of PII information. Where the need no longer exists, PII information will be destroyed in accordance with protocols for the destruction of such records and logs maintained for the dates of destruction.

Data Breaches/Notification: Databases or data sets that include PII may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, Overdose. will notify all affected individuals whose PII data may have been compromised, and the notice will be accompanied by a description of the action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible.

Confirmation of Confidentiality: All company employees must maintain the confidentiality of PII as well as company proprietary data to which they may have access and understand that such PII is to be restricted to only those with a business need to know. Employees with ongoing access to such data will sign acknowledgement reminders annually attesting to their understanding of this company requirement.

Violations of PII Policies and Procedures: Overdose. views the protection of PII data to be of the utmost importance. Infractions of this policy or its procedures will result in disciplinary actions under Overdose.’s discipline policy and may include suspension or termination in the case of severe or repeat violations. PII violations and disciplinary actions are incorporated in Overdose.’s PII onboarding and refresher training to reinforce Overdose.’s continuing commitment to ensuring that this data is protected by the highest standards.

Automated decision-making and profiling

We do not use automation for decision-making and profiling

Do Not Track 

Do Not Track is a privacy preference you can set in most browsers. We support Do Not Track because we believe that you should have genuine control over how your info gets used and our site responds to Do Not Track requests.

Do Not Sell My Personal Information

We do not sell information that directly identifies you, like your name, address or phone records.

Direct marketing

From time to time we may use the personal information we collect from you to identify particular products offers which we believe may be of interest to you. We may contact you to let you know about these products and services and how they may benefit you.

You may give us your consent in a number of ways including by selecting a box on a form where we seek your permission to send you marketing information, or sometimes your consent is implied from your interactions or relationship with us. Where your consent is implied, it is on the basis that you would have a reasonable expectation of receiving a marketing communication based on your interactions or relationship with us.

Direct Marketing generally takes the form of e-mail but may also include other less traditional or emerging channels. These forms of contact will be managed by Overdose., or by our contracted service providers. Every directly addressed marketing form sent or made by us or on our behalf should include a means by which customers may unsubscribe (or opt-out) of receiving similar marketing in the future.

Data deletion and storage period

The deletion of the personal data collected by us takes place as soon as the purpose of the storage no longer applies.

Data is stored if this is provided for by law, a regulation under Union law or other regulations.

Furthermore, the data will be deleted when a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or fulfilment of a contract or to protect our legitimate interests (e.g. exercising rights).

Data transfer internally and to third party providers

Your data will not be transferred to third parties unless we are legally obliged to do so, or the transfer of data is necessary for the execution of the contractual relationship, or you have previously given your express consent to the transfer of your data. Please note this may require us to transfer your data with our satellite offices or to external service providers and those will of course only receive your data insofar as this is necessary to process your order. In these cases, the scope of the transmitted data is limited to the necessary minimum. If our service providers come into contact with your personal data, we ensure that they comply with the provisions of the data protection laws in the same way. Please also note the respective data protection information of the providers. The respective service provider is responsible for the content of third-party services, whereby we check the services for compliance with the legal requirements within the scope of reasonableness.

Data security

We have taken extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security procedures are regularly reviewed and adapted to technological progress.


It is important that the data we hold about you is accurate and current; therefore please keep us informed of any changes to your personal data.

Children Data

Our website is not intended for children and we do not knowingly collect data relating to children. If you become aware that your child has provided us with Personal Data, without parental consent, please contact us and we will take the necessary steps to remove that information from our server.

What are the categories of data subjects?

Customers, interested parties, visitors, members and users of the online offer as well as our business partners.

Sources and origin of the data

Which data we process is determined by the respective context: this depends on whether you simply browse our website or enter a query in our contact form, for example, or whether you send us a membership application or submit a query.

Online presences in social media

We maintain online presences in Facebook, Instagram, LinkedIn on the basis of our legitimate interests and in order to communicate with customers, interested parties, members and users who are active there. Unless otherwise stated in this policy, we process the data of users if they communicate with us within the social networks and platforms, e.g. write articles on our online presences or send us messages.

When you visit our website

When visiting this website, your browser transmits the following types of data, which are stored by us:

  • the browser type and language,
  • the IP address of the accessing computer,
  • the server requests (e.g. page requests) including time and
  • the referrer URL (i.e. the address of the previously visited website if you have reached our website by clicking on a hyperlink from there).

These first three types of data are technically necessary in order to correctly display the pages of this website that you have accessed. In addition, they may be used, if necessary, to maintain the secure operation of this website (e.g. to defend against hacking attempts). The IP address and browser language are also used to suggest the appropriate language setting for our website. The referrer URL is used in anonymised form for statistical purposes. For reasons of technical security and in particular to defend against attempted attacks on our web server, this type of data is also stored for a certain period of time on the basis of our legitimate interests.

Contacting Us

We collect and process the following data within the scope of a contact request:

You can use our website to send us various types of queries, e.g. to join us as a member or to enquire about specific services. A contact form is used in each case to record the contact data necessary for communication (e.g. name, company name or e-mail address) and to record the content of your message. This data is used for customer relationship management (contact history) and to answer/fill your request.


We send newsletters, e-mails and other electronic notifications with promotional information and only with the consent of the recipients or legal permission. Apart from that, our newsletters contain information about our products, offers, and promotions. Registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an email in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other email addresses. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. The legal basis for the storage is Art. 6 Para. 1 lit. a) GDPR.

Data retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, the data processed by us will be deleted or restricted in their processing in accordance with Art. 17 and 18 GDPR. If the data is not deleted because they are required for other and legally permissible purposes, their processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

When do we disclose your Personal Data?

We may share your information with organisations that help us provide the services described in this policy and who may process such data on our behalf and in accordance with this policy, to support our online offer and our services. If you wish to learn more about how the relevant provider processes your personal data, please follow the link embedded in the above mentioned providers name.

Typically and unless otherwise stated in this policy, data may be shared on the basis of our contractual and pre-contractual obligations, in accordance with Art. 6 para. 1 lit. b) GDPR. Equally, if you have consented to it, or where there we have a legal obligation to do so or on the basis of our legitimate interests (e.g. when using agents, hosting providers, tax, business and legal advisors, customer care, accounting, billing and similar services that allow us to perform our contractual obligations, administrative tasks and duties efficiently and effectively).

If we commission third parties to process data on the basis of a so-called “processing agreement”, this is done on the basis of Art. 28 GDPR.

In relation to metadata obtained about you, we may share a cookie identifier and IP data with analytic service providers to assist us in the improvement and optimisation of our website which is subject to our Cookies Policy.

We may also disclose information in other circumstances such as when you agree to it or if the law, a Court order, a legal obligation or regulatory authority ask us to. If the purpose is the prevention of fraud or crime or if it is necessary to protect and defend our right, property or personal safety of our staff, the website and its users.

Integration Of Services And Contents Of Third Parties

We use within our online offer on the basis of our legitimate interests (Art. 6 para. 1 lit. f. GDPR), content or services offered by third-party providers in order to integrate their content and services.

This always requires that the third-party providers of this content are aware of your IP address since the content or service could not send to your browser without the IP address. The IP address is thus required for the display of this content and we endeavour to use providers that only use your IP address for the delivery of the content or services. However, Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of the visit and other information about the use of our online offer, as well as be linked to such information from other sources.

The below list shows our third Party service providers. This of course is non-exhaustive and will be updated alongside the changes we implement on our website. If you wish to learn more about our service providers please follow the link to their relevant Piracy policy. We use the following Service providers:

Cloudflare, Yoast, Hubspot, Taggbox, Google,Facebook, Instagram, LinkedIn ,Microsoft Clarity, Gravity Forms,, Zoom, WordPress,


We offer you a chat function on our website for the purpose of establishing contact and personal consultation. In the process, the following data is transmitted:

  • The IP address of the user
  • Web page accessed

The following data is collected and processed by us in the context of using the chat function:

  • The IP address of the user
  • Referring URL
  • If applicable, the search engine used
  • Search engine keywords used, if applicable
  • Indicator for returning visitors incl. number of visits
  • If applicable, previous chats
  • Chat history, if applicable
  • The browser history on our website
  • Time spent on our website
  • Username (optional)

The legal basis for the processing of data transmitted in the course of a use of the live chat function is our legitimate interest. If the chat contact aims at the conclusion of a contract, the additional legal basis for the processing is the performance of a contract. The processing of personal data from the chat function serves us solely to process the contact. In the event of contact being made via chat, this also constitutes the necessary legitimate interest in processing the data.

Hosting and Content Delivery Networks (CDN)

This website is hosted by an external service provider (Cloudflare). The personal data collected on this website is stored on Cloudflare’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact data, names, website accesses and other data generated via a website. Cloudflare is used for the purpose of fulfilling the contract with our potential and existing visitors and users and in the interest of a secure, fast and efficient provision of our online offer by a professional provider. Cloudflare will only process your data to the extent necessary to fulfil its service obligations and follow our instructions regarding this data.

Social Media Functions and Widgets

Within our online offer, functions and widgets of Facebook, Instagram, LinkedIn are integrated. When you click on or use any of those functions and widgets, your browser establishes a direct connection to Facebook, Instagram, LinkedIn. The function or widget then transmits log data to Facebook, Instagram, LinkedIn. This log data may contain your IP address, the address of the visited websites, type and settings of the browser, date and time of the request, your usage of Facebook, Instagram, LinkedIn,as well as cookies. Those may also include the display of our post, the link to our profile, the possibility to interact with the posts and functions, as well as to measure users’ reach (so-called conversion measurement).


We use Zoom to conduct our online sessions. Insofar as you call up the Zoom website Zoom is responsible for data processing. However, accessing the Zoom website is only necessary to download the Zoom software. You may also use “Zoom” if you enter the respective meeting ID and, if applicable, further access data for the meeting directly in the “Zoom” app. If you do not want to or cannot use the “Zoom” app, the basic functions can also be used via a browser version, which you can also find on the Zoom website.

You may have the opportunity to use the chat, question or survey functions in a tutoring session. In this respect, the text entries you make are processed in order to display them in the tutoring session and, if necessary, to record them. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device are processed accordingly during the meeting. You can switch off or mute the camera or microphone yourself at any time via the Zoom applications.

To participate in a tutoring session or to enter the meeting room, you must at least provide information about your name.

International transfers

We may transfer your personal information within our satellite offices and to third parties. For example, our Websites are hosted on servers within Europe and the United States of America, and our third-party service providers operate around the world.  We will only transfer your personal information if adequate protection measures are in place. To ensure that your personal information does receive an adequate level of protection we use the following protection measures:

  • Transferring to countries approved.
  • Using model contractual clauses and standard contractual clauses.

Further details in respect of protective measures are available on request.


This policy and our commitment to protecting the privacy of your personal data can result in changes to this policy. Please regularly review this policy to keep up to date with any changes.

Queries and Complaints

Any comments or queries on this policy should be directed to us. If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us.