Privacy Policy

Last updated: April 2024 | Cyber Security Consulting Services Pty Ltd (ABN 98 144 950 505)

        Summary: We are committed to protecting your personal information. This policy explains what we collect, why we collect it, how we use it and your rights under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
      

1. About This Policy

Cyber Security Consulting Services Pty Ltd (ACN 144 950 505) ("we", "us", "our") is bound by the Privacy Act 1988 (Cth) ("Privacy Act") and the Australian Privacy Principles (APPs) contained in Schedule 1 to that Act.

This Privacy Policy describes how we collect, hold, use and disclose personal information and how we protect the privacy of individuals who interact with our business, including clients, prospective clients, website visitors, and employees.

By using our website at cybersecurityconsultingservicespty.site or engaging our services, you acknowledge you have read and understood this Privacy Policy.

2. What Personal Information We Collect

We may collect the following categories of personal information:

Identity information: full name, job title, company/organisation name
Contact information: email address, telephone number, postal address
Business information: ABN/ACN, industry, nature of business
Technical information: IP addresses, browser type, pages visited (collected automatically via server logs)
Communication records: emails, form submissions and enquiries sent to us
Service-related information: information you provide during engagement scoping, assessment and reporting processes

We only collect personal information that is reasonably necessary for our functions and activities (APP 3).

3. How We Collect Personal Information

We collect personal information:

Directly from you via enquiry forms, emails or telephone
During the provision of our cybersecurity consulting services
Automatically when you visit our website (server logs, cookies)
From publicly available sources where relevant (e.g., business registers)

Where practicable, we collect personal information directly from you (APP 3.6).

4. Why We Collect and Use Personal Information

We collect and use personal information to:

Provide and administer our cybersecurity consulting services
Respond to enquiries and communicate with clients
Prepare and deliver proposals, reports and invoices
Comply with our legal obligations under applicable Australian law
Improve our website and services
Send you relevant service updates or information (where you have consented)

We will not use or disclose your personal information for purposes other than those stated, or related purposes you would reasonably expect, except with your consent or as required by law (APP 6).

5. Disclosure of Personal Information

We may disclose personal information to:

Our employees and contractors who need it to deliver our services
Third-party service providers (e.g., IT systems, cloud storage) engaged under appropriate data processing agreements
Government authorities, law enforcement or regulators where required by law
The Office of the Australian Information Commissioner (OAIC) where required under the Notifiable Data Breaches (NDB) scheme

We do not sell personal information to third parties.

Overseas Disclosure

Where we disclose personal information to overseas recipients (e.g., cloud service providers with servers outside Australia), we take reasonable steps to ensure the recipient protects your information in accordance with the APPs (APP 8). We will only do this where we are satisfied with the recipient's privacy and security practices.

6. Data Security

We take reasonable steps to protect personal information we hold from misuse, interference, loss, unauthorised access, modification or disclosure (APP 11). Our security measures include:

Encryption of personal information in transit and at rest
Access controls and multi-factor authentication
Regular security assessments of our own systems
Staff training on privacy and information security obligations
Physical security controls for office environments

When personal information is no longer required for the purposes for which it was collected, and retention is not required by law, we will take reasonable steps to destroy or de-identify it (APP 11.2).

7. Notifiable Data Breaches

We comply with the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth). If we become aware of an eligible data breach that is likely to result in serious harm to affected individuals, we will:

Notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable
Notify affected individuals, where required
Take remedial action to contain and address the breach

8. Access and Correction

Under the Privacy Act (APP 12 & 13), you have the right to:

Request access to personal information we hold about you
Request correction of personal information that is inaccurate, out of date, incomplete, irrelevant or misleading

To make an access or correction request, contact us using the details in Section 11. We will respond within 30 days. We may refuse access in limited circumstances permitted by the Privacy Act, and will provide written reasons for any refusal.

9. Cookies

Our website may use cookies or similar technologies to improve your browsing experience and analyse website traffic. You can control cookie settings through your browser. Disabling cookies may affect the functionality of some website features.

10. Links to Third-Party Sites

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies before providing personal information.

11. Complaints and Contact

If you have a complaint about how we have handled your personal information, or wish to make an access or correction request, please contact us:

Privacy Officer
Cyber Security Consulting Services Pty Ltd
Hillside / Sydenham, VIC 3037, Australia
ABN: 98 144 950 505 | ACN: 144 950 505
Email: ceo@cybersecurityconsultingservicespty.site

We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

12. Governing Law

This Privacy Policy is governed by the laws of Victoria, Australia, and applicable Commonwealth law including the Privacy Act 1988 (Cth). Any disputes will be subject to the exclusive jurisdiction of the courts of Victoria.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. The current version will always be available on our website. Your continued use of our services following any update constitutes acceptance of the revised policy.