LEGAL

Privacy Policy

Last updated: May 2025  ·  Cyberfy Pty Ltd

01 — WHO WE ARE

Who we are

Cyberfy Pty Ltd 61631580599 ("Cyberfy", "we", "us", "our") is an Australian cyber security consulting firm. We provide cyber security services including security assessments, compliance advisory, managed security operations, and cyber transformation engagements.

This Privacy Policy explains how we handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) contained in that Act.

We handle personal information about our clients, prospective clients, website visitors, and other individuals we interact with in the course of providing our services. We take our obligations seriously — data protection is, quite literally, what we do.

02 — INFORMATION WE COLLECT

Information we collect

We collect personal information that is reasonably necessary for our business functions. This may include:

Contact and identity information

  • Name, job title, and organisation
  • Email address and telephone number
  • Business address

Engagement and service information

  • Information about your organisation's IT environment, security posture, and infrastructure (to the extent necessary to deliver our services)
  • Correspondence, meeting notes, and project documentation
  • Billing and invoicing information

Website and analytics information

  • IP address and approximate location
  • Browser type and device information
  • Pages visited and time on site
  • Referral source

We do not collect sensitive information (such as health information, racial or ethnic origin, or political opinions) unless it is directly relevant to a specific engagement and you have consented to its collection.

03 — HOW WE COLLECT

How we collect your information

We collect personal information in the following ways:

  • Directly from you — when you contact us via email, phone, or our website; when you engage us for services; or when you attend an event we host.
  • From your organisation — when your employer or a colleague provides your details in the course of establishing or managing an engagement with us.
  • Automatically via our website — through cookies and analytics tools when you visit cyberfy.com.au.
  • From publicly available sources — such as LinkedIn or your organisation's website, where relevant to a business relationship.

Where reasonable and practicable, we collect personal information directly from you.

04 — HOW WE USE IT

How we use your information

We use personal information only for purposes that are directly related to our business functions or that you would reasonably expect. These include:

  • Responding to enquiries and providing quotes or proposals
  • Delivering cyber security services you have engaged us for
  • Managing our client relationship, including billing and communications
  • Sending relevant updates, security alerts, or industry insights (you can opt out at any time)
  • Improving our website and services through anonymised analytics
  • Complying with our legal and regulatory obligations

We will not use your personal information for any other purpose without your consent, unless permitted or required by law.

05 — DISCLOSURE

Disclosure of your information

We do not sell, rent, or trade personal information. We may disclose personal information to:

Service providers

Third-party vendors who assist us in operating our business, including cloud infrastructure providers, email platforms, project management tools, and accounting software. These parties are engaged under contractual obligations to handle personal information appropriately.

Professional advisors

Legal, financial, and accounting advisors, where disclosure is necessary for us to obtain professional advice.

Law enforcement and regulators

Where we are required to do so by law, court order, or at the direction of a government authority.

Business transfers

In the event of a merger, acquisition, or sale of our business or assets, personal information held by us may be disclosed to prospective purchasers under appropriate confidentiality arrangements.

We take reasonable steps to ensure any third parties who receive personal information from us handle it in accordance with the Australian Privacy Principles.

06 — OVERSEAS DISCLOSURE

Overseas disclosure

Some of the third-party service providers we use may store or process data on servers located outside Australia, including in the United States and the European Union. Where this occurs, we take reasonable steps to ensure those parties comply with standards consistent with the Australian Privacy Principles.

By providing us with your personal information, you consent to it being handled by overseas service providers in the manner described above.

07 — STORAGE & SECURITY

Storage and security

We take the security of personal information seriously — it's the nature of what we do. We implement technical and organisational safeguards appropriate to the sensitivity of the information we hold, including:

  • Encrypted storage and transmission
  • Access controls and least-privilege principles
  • Multi-factor authentication on all systems handling personal data
  • Regular security reviews of our own environment

We retain personal information only for as long as is necessary for the purpose for which it was collected, or as required by law. When information is no longer needed, we securely destroy or de-identify it.

Despite our efforts, no system is completely secure. If you become aware of any security concern relating to your information, please contact us immediately.

08 — YOUR RIGHTS

Your rights and access

Under the Australian Privacy Principles, you have the right to:

  • Access the personal information we hold about you
  • Correct information that is inaccurate, out of date, or incomplete
  • Opt out of direct marketing communications at any time
  • Make a complaint about how we have handled your personal information

To exercise any of these rights, please contact us at privacy@cyberfy.com.au. We will respond to access and correction requests within 30 days. We do not charge a fee for handling access requests, though we may charge a reasonable fee to cover our costs if requests are complex or voluminous.

In some circumstances we may decline an access or correction request. If we do, we will explain our reasons in writing.

09 — COOKIES & ANALYTICS

Cookies and website analytics

Our website uses cookies and similar technologies to understand how visitors interact with it. This includes analytics tools that collect anonymised data about page visits, session duration, and referral sources.

You can configure your browser to refuse cookies or to alert you when cookies are being sent. Disabling cookies may affect some functionality of our website.

We do not use cookies to track individuals across third-party websites, and we do not sell data collected through cookies to any party.

10 — CONTACT & COMPLAINTS

Contact and complaints

If you have questions about this Privacy Policy, or wish to make a complaint about how we have handled your personal information, please contact us:

Cyberfy Pty Ltd
Privacy enquiries: privacy@cyberfy.com.au
General: hello@cyberfy.com.au

We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days. If you are not satisfied with our response, you may refer your complaint to the Office of the Australian Information Commissioner (OAIC):

  • Website: www.oaic.gov.au
  • Phone: 1300 363 992
  • GPO Box 5218, Sydney NSW 2001

Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. The current version will always be available on our website. Material changes will be communicated directly to active clients.

Questions about your data?

We're happy to talk through how we handle information and what that means for your organisation.

Get in touch