AI Use Policy — Neon Reindeer Marketing

1. Purpose and Scope

Neon Reindeer Marketing is committed to using artificial intelligence (AI) responsibly, in ways that support our mission and protect the people we serve. We advise organisations on responsible and ethical AI adoption in marketing — and we hold ourselves to the same standards we recommend to our clients.

This policy sets out how our organisation will adopt and use AI safely, ethically, and in compliance with relevant laws. It covers:

• How and why we use AI tools in our work
• Approved, conditional, and prohibited AI uses
• How personal information is handled when AI is involved
• Our automated decision-making disclosures, consistent with the Privacy and Other Legislation Amendment Act 2024 (Cth)^[1] and the forthcoming APP 1.7^[4] obligations
• Roles and responsibilities for AI governance across the organisation
• Your rights as a client, enquirer, or other individual whose information we may hold

Who this policy applies to

This policy applies to all staff, volunteers, board members, contractors, and third parties who use AI tools or systems on behalf of Neon Reindeer Marketing, or who process data related to our work using AI.

What AI this policy covers

This policy applies to any tool or system that generates, recommends, classifies, predicts, or makes decisions using patterns learned from data. This includes:

• Generative AI tools such as ChatGPT, Microsoft Copilot, Google Gemini, and Claude
• AI features embedded in existing software, including CRM systems, email platforms, HR tools, and accounting software
• AI-powered analytics, reporting, or recommendation tools
• Custom or purpose-built AI systems developed for or by the organisation
• AI agents that take actions or make decisions with limited human intervention

Relationship to other policies

This policy should be read alongside our Privacy Policy, Data Protection and Information Security Policy, and Website Terms of Use. Where this AI Use Policy and the Privacy Policy address the same matter, the more specific provision applies.

2. Key Terms

The following definitions apply throughout this policy.

Artificial Intelligence (AI)

Technology that infers from inputs how to generate outputs such as predictions, content, recommendations, or decisions. Includes both narrow (task-specific) and general-purpose systems.

Generative AI (GenAI)

AI that can create new content such as text, images, code, or audio based on patterns learned from training data. Examples include ChatGPT, Claude, and Copilot.

AI Model

The core component of an AI system that has been trained on data to recognise patterns and produce outputs. Models are embedded within AI systems and tools.

AI Agent(s) or Agentic AI

An AI system that can take actions, use tools, or interact with other systems with a degree of autonomy, rather than simply generating content for a human to act on.

AI System

A combination of AI models and other components (interfaces, data, tools) that together perform tasks. When this policy refers to AI tools or systems, it includes both.

Shadow AI

The use of AI tools or systems that have not been approved by the organisation. See Section 5.3.

AI Register

The organisation's maintained record of all AI tools and systems in use, their purpose, the data they access, and the person accountable for each. See Section 11.

Training Data

The data used to build and refine an AI model. Some AI tools use inputs provided by users as training data unless users opt out.

3. Guiding Principles

Neon Reindeer Marketing adopts the following principles to guide all AI use. These are grounded in Australia's AI Ethics Principles^[5] and reflect our obligations to the communities we serve.

4. How We Use AI in Our Services

AI tools assist our advisory team across several aspects of service delivery. In all cases, AI is used to augment human judgement, not replace it. Our advisors review, validate, and take professional responsibility for every recommendation and deliverable.

Research and analysis

We use AI-assisted tools to accelerate literature reviews, regulatory scanning, and market research. Outputs are reviewed and assessed by our team before informing any client advice.

Document drafting and content support

AI tools may support drafting of governance frameworks, policy templates, reports, and communications. Drafts are reviewed and approved by practitioners before delivery.

Data and pattern analysis

Where clients share anonymised marketing data or process documentation for audit purposes, AI tools may assist in identifying patterns or anomalies. Where agreed in writing and with your express consent, anonymised data may also be used to identify broader sector patterns or improve our service quality — this will always be clearly scoped in the engagement terms. We take reasonable steps to ensure raw data is not retained beyond the scope of the engagement.

Internal operations

We use AI tools to support scheduling, note-taking, and internal knowledge management. These uses do not involve client personal information unless expressly agreed as part of an engagement.

AI in our own marketing activities

Like most marketing organisations, we use technology platforms to run our own marketing and business development activities. Many of these platforms — including CRM systems, email marketing tools, website analytics, advertising platforms, and social media management software — embed AI-driven capabilities such as audience segmentation, predictive lead scoring, personalisation engines, content optimisation, and automated campaign tools.

Our commitments for AI used in NRM's own marketing are:

• Responsible selection: Before activating AI-driven features in any marketing tool, we assess the tool against our responsible AI standards (see Section 9). We consider what data the feature processes, how that data is used, whether outputs are explainable, and whether the capability is proportionate to the task.
• Human oversight of consequential decisions: No person is subjected to a substantially automated decision about how or whether we engage with them. AI tools may assist us in prioritising follow-up, segmenting audiences, or personalising communications — but a human reviews and approves those outputs before acting on them.
• Data minimisation and privacy by design: Where marketing tools apply machine learning to personal or behavioural data, we configure those tools to collect only what is necessary, apply appropriate data retention settings, and avoid sharing personal information with AI systems for purposes beyond the specific task.
• No deceptive or manipulative targeting: We do not use AI-driven targeting to exploit psychological vulnerabilities, create artificial urgency, or engage in practices designed to manipulate rather than inform.
• Transparency about AI-generated content: Where we use AI tools to generate or substantially draft marketing content, we apply human editorial review before publication. We do not pass off AI-generated content as unassisted human writing.
• Analytics and measurement: We use website and campaign analytics to understand how our marketing performs in aggregate. Where analytics platforms apply machine learning to infer audience characteristics or intent, we note this as part of our tool assessments.
• Policy currency: We review this section whenever we materially change the marketing tools or AI configurations we use.

5. Approved and Prohibited Uses

All AI use at Neon Reindeer Marketing falls into one of three categories. All AI use must comply with applicable privacy and data protection legislation, including the Privacy Act 1988 (Cth).

6. Automated Decision-Making Transparency

Neon Reindeer Marketing does not subject any person to a decision made solely by automated means that produces a legal or similarly significant effect on them. Where AI tools assist in producing recommendations or assessments that inform a decision about a person, a human reviews and takes responsibility for that decision before it is acted upon.

Where clients engage us to design or audit automated decision-making systems, we apply the following transparency principles in our advice:

• Explainability: Decisions affecting individuals should be explainable in plain language.
• Contestability: Individuals should have a meaningful avenue to challenge or seek review of automated decisions that affect them.
• Oversight: Human oversight must be proportionate to the consequence — higher consequence decisions require more robust review.
• Documentation: Automated decision processes should be documented, including their data inputs, logic, and known limitations.

7. Personal Information and AI Tools

The handling of personal information in AI contexts is governed by the Privacy Act 1988 (Cth)^[2] and the Australian Privacy Principles (APPs). Our approach:

• Collection minimisation: We do not input personal information into AI tools unless it is necessary for the specific task and we have appropriate authority to do so.
• No client personal data in public tools: Personal information collected from or about our clients or their stakeholders is not entered into publicly accessible generative AI tools (such as ChatGPT or similar consumer products) without explicit written consent and appropriate data processing terms in place.
• AI tool agreements: Where we use AI tools in delivering services, we maintain records of the relevant data processing terms and assess whether those terms adequately protect personal information under Australian law.
• Visitor data: Personal information collected through our website (see our Privacy Policy) is not shared with AI processing platforms. Website analytics are aggregated and do not individually identify visitors.
• Staff awareness: All personnel are trained on the boundaries of permissible AI use in relation to personal information (see Section 13).

8. Generative AI and Content Disclosure

Neon Reindeer Marketing uses generative AI tools as part of our production workflow. Our disclosure commitments are:

• Human authorship and review: All content published under NRM's name — including reports, articles, training materials, policy documents, proposals, and website copy — is reviewed and approved by a qualified human before release, regardless of the extent of AI assistance.
• Disclosure on request: Where a client asks whether AI was used in producing a deliverable, we answer honestly and specifically.
• Standing disclosure: Documents where AI played a substantial drafting role carry an AI disclosure statement. This website carries a footer disclosure on all pages.
• No ghost-writing misrepresentation: We do not represent AI-generated content as entirely unassisted human writing in contexts where that distinction is material (e.g., academic, regulatory, or legal submissions).
• Accuracy responsibility: We take responsibility for the factual accuracy, legal correctness, and quality of all content we publish, regardless of how it was produced. AI tool outputs are treated as drafts requiring verification, not as authoritative sources.

9. Third-Party AI Tool Assessment and Procurement

Before adopting any new AI tool — whether for internal operations or client-facing use — Neon Reindeer Marketing applies a threshold assessment. This assessment considers:

• Data handling: What personal or confidential information does the tool process? Where is data stored? What are the vendor's data retention and deletion practices?
• Model transparency: Does the vendor disclose what training data was used? Are outputs explainable? Is the model's decision logic accessible?
• Bias and fairness: Has the tool been tested for bias relevant to our use case? Are there published bias audits or fairness evaluations?
• Security: What security certifications does the vendor hold? How are vulnerabilities disclosed and patched?
• Contractual protections: Do the vendor's terms include appropriate data processing agreements, liability protections, and compliance representations?
• Regulatory alignment: Does the tool comply with, or is it compatible with, our obligations under the Privacy Act 1988 (Cth) and, where applicable, the EU AI Act?

Tools that do not meet our threshold on data handling or regulatory alignment are not used in client-facing work until those gaps are resolved or mitigated.

10. Roles and Responsibilities

11. AI Register, Monitoring and Incidents

AI Register

Neon Reindeer Marketing maintains an internal AI Register recording the AI tools we use, their purpose, the data they process, applicable agreements, and our assessment outcomes under Section 9. The Register is reviewed at least annually and updated when new tools are adopted or existing tools materially change.

Monitoring

We periodically review our AI tool outputs for quality, accuracy, and consistency with our values. Where we identify systematic errors or bias in AI-generated content, we adjust our use of that tool and document the finding.

Incidents

An AI-related incident includes: inadvertent disclosure of personal information through an AI tool; an AI tool producing materially false or harmful output that was published; a security breach involving an AI platform we use; or a client complaint relating to our AI use. Incidents are logged, investigated, and — where required under the Privacy Act 1988 (Cth) — reported to the OAIC and affected individuals in accordance with the Notifiable Data Breaches scheme.

12. Your Rights

If you are an individual whose personal information has been handled by Neon Reindeer Marketing in connection with an AI tool, you have rights under the Privacy Act 1988 (Cth), including:

• The right to access personal information we hold about you (APP 12)
• The right to request correction of inaccurate, out-of-date, incomplete, irrelevant, or misleading information (APP 13)
• The right to complain about a breach of the APPs to us, and if not resolved to your satisfaction, to the OAIC

To exercise these rights, contact us at admin@neonreindeer.com. We will respond within 30 days.

13. Staff Training and AI Literacy

All personnel working with Neon Reindeer Marketing — including contractors and associates — are required to:

• Read and acknowledge this policy before commencing AI-related work
• Complete foundational AI literacy training appropriate to their role before using AI tools in client-facing work
• Stay informed of material updates to this policy
• Raise questions or concerns about AI use with the Principal Consultant

NRM's AI literacy training resources and credentials are documented in our CPD Log. Given that AI governance is our core practice area, we treat ongoing professional development in this domain as a professional obligation, not merely a compliance requirement.

14. Policy Updates

This policy is reviewed every six months (in June and December each year) and updated when:

• We materially change the AI tools we use or the purposes for which we use them
• Relevant legislation or regulatory guidance changes (including amendments to the Privacy Act 1988 (Cth), new OAIC guidance, or EU AI Act implementation updates affecting our clients)
• A significant AI-related incident occurs that reveals gaps in our current approach
• We receive material client or stakeholder feedback about our AI practices

Material updates are noted on this page with the revision date. The current version of this policy is always the version published at www.neonreindeermarketing.com/ai-policy.html.

Current version: Draft 2  |  Updated: June 2026  |  Next review: December 2026  |  Review cycle: 6-monthly

References

1. Australian Privacy Principles — OAIC
2. Privacy Act 1988 (Cth) — Federal Register of Legislation
3. Australia's AI Ethics Principles — Department of Industry
4. Voluntary AI Safety Standard — Australian Government
5. Privacy — Attorney-General's Department
6. EU AI Act (Regulation EU 2024/1689) — EUR-Lex
7. Privacy and AI — OAIC Guidance

15. Contact

Questions about this policy or our AI practices should be directed to:

Complaints about our handling of personal information in AI contexts can also be directed to the Office of the Australian Information Commissioner (OAIC) if not resolved to your satisfaction.