Privacy

Privacy policy

This policy explains how Infosec Pty Ltd (ABN 51 168 719 846, ACN 168 719 846) collects, holds, uses and discloses personal information. It is intended to meet the requirements of the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth).

Who this policy applies to

This policy applies to people who visit this website, contact us electronically, engage us for services, or interact with us in the course of business.

Personal information we collect

• Contact and business details (e.g., name, email address, organisation, role)
• Communications you send to us (emails and attachments)
• Website technical data (e.g., IP address, user agent, request metadata) recorded in server logs for security and operational purposes
• Service delivery information provided by a client in the course of an engagement (which may include personal information and, in some cases, sensitive information)

How we collect personal information

• Directly from you when you email us or otherwise contact us
• Automatically when you access this website (via standard server logging)
• From our clients or their authorised representatives when we are engaged to perform services

Why we collect, hold, use and disclose personal information

• To respond to enquiries and provide services
• To manage client relationships, contracts, invoicing, and service delivery
• To protect this website and our systems (including monitoring, abuse prevention, and incident investigation)
• To comply with legal obligations

What happens if you do not provide information

If you do not provide the personal information we request, we may not be able to respond to your enquiry or provide the relevant services.

Disclosure to third parties

We may disclose personal information to:

• Service providers who support our operations (e.g., hosting, email, backups, and security tooling)
• Professional advisers (e.g., legal, accounting) where necessary
• Law enforcement or regulators where required or authorised by law

Overseas disclosure

We may use service providers located outside Australia (for example, where infrastructure is hosted in Australia or Europe, or where an email service processes data internationally). Where we disclose personal information overseas, we take reasonable steps to ensure the recipient handles that information in a manner consistent with the APPs.

Direct marketing

We do not send bulk marketing emails by default. If we ever send direct marketing communications, we will do so in accordance with applicable law and provide a simple opt‑out.

Cookies and tracking

This website is designed to be simple and does not include third‑party advertising trackers by default. Like most websites, our server may record basic request information in logs. If we add analytics or other third‑party services in future, we will update this policy.

Security and retention

• We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure.
• We keep personal information only for as long as needed for the purposes described above (or as required by law), then delete or de‑identify it where appropriate.

Anonymity and pseudonymity

Where practicable, you may deal with us anonymously or using a pseudonym. This may not be practical where we need to verify your identity to provide services or meet legal obligations.

Access and correction

You may request access to, or correction of, personal information we hold about you by contacting us. We may need to verify your identity before processing a request.

Complaints

If you believe we have mishandled your personal information, please contact us so we can investigate and respond. If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC).

Notifiable Data Breaches

If a data breach occurs that is likely to result in serious harm, we will respond in line with the Notifiable Data Breaches scheme, including notifying affected individuals and the OAIC where required.

Changes to this policy

We may update this policy from time to time. The latest version will be published on this page.

Last updated: 9 April 2026