Privacy Policy

Introduction

ComplianceKit (we, us, our) is committed to protecting your privacy and complying with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth). This Privacy Policy explains how we collect, use, disclose, and protect your personal information.

We are a Technology & IT Services business operating in Australia, and we take our privacy obligations seriously.

1. Open and Transparent Management of Personal Information (APP 1)

We manage personal information in an open and transparent way. This Privacy Policy sets out:

• The kinds of personal information we collect and hold
• How we collect and hold personal information
• The purposes for which we collect, hold, use and disclose personal information
• How you may access and seek correction of personal information
• How you may complain about a breach of the APPs and how we will deal with such a complaint
• Whether we are likely to disclose personal information to overseas recipients

2. Anonymity and Pseudonymity (APP 2)

Where it is lawful and practicable, you have the option of not identifying yourself, or using a pseudonym when dealing with us. However, in most cases, we will need to collect your personal information to provide you with our services.

3. Collection of Solicited Personal Information (APP 3)

What Personal Information We Collect

We collect personal information that is reasonably necessary for our business functions and activities. The types of personal information we may collect include:

• Name and contact details (email, phone, address)
• Payment and financial information
• Account credentials and login information
• Device and browser information

How We Collect Personal Information

We collect personal information directly from you when you:

• Register for an account or subscribe to our services
• Make a purchase or place an order
• Contact us via email, phone, or our website
• Complete forms or surveys
• Use our website, app, or online services
• Interact with us on social media

We may also collect information automatically through cookies and similar technologies when you use our website or digital services.

Collection from Third Parties

In some circumstances, we may collect personal information from third parties, including:

• Publicly available sources
• Our service providers and business partners
• Social media platforms (if you connect your account)
• Other organisations, where you have consented to such disclosure

4. Dealing with Unsolicited Personal Information (APP 4)

If we receive personal information we did not solicit, we will determine whether we could have collected it under APP 3. If not, we will destroy or de-identify the information as soon as practicable, provided it is lawful and reasonable to do so.

5. Notification of Collection (APP 5)

When we collect personal information, we will take reasonable steps to notify you of certain matters, including:

• Our identity and contact details
• The purposes for which we collect the information
• The consequences if we do not collect the information
• The organisations to which we usually disclose information
• Information about our privacy policy
• Whether we are likely to disclose information to overseas recipients
• How you may access and seek correction of the information
• How you may complain about a breach of privacy

6. Use or Disclosure of Personal Information (APP 6)

Primary Purpose

We will only use or disclose your personal information for the purpose for which it was collected (the primary purpose), or for a related secondary purpose where you would reasonably expect us to do so.

We collect and use personal information for the following purposes:

• To provide our products and services to you
• To process transactions and orders
• To communicate with you about our services
• To respond to your inquiries and provide customer support
• To improve our products, services, and website
• To comply with legal and regulatory requirements
• To prevent fraud and ensure security

Secondary Purposes

We may use or disclose your personal information for secondary purposes where:

• You have consented to the use or disclosure
• You would reasonably expect us to use or disclose the information for that purpose
• The use or disclosure is required or authorised by law
• We reasonably believe the use or disclosure is necessary to prevent a serious threat to life, health, or safety

7. Direct Marketing (APP 7)

We may use your personal information to send you direct marketing communications about our products and services, including:

• Email marketing

You can opt out of receiving marketing communications at any time by:

• Using the unsubscribe link in our emails
• Replying "STOP" to SMS marketing messages
• Contacting us using the details below
• Updating your preferences in your account settings

If you opt out of marketing communications, we may still send you non-promotional messages related to our business relationship, such as service updates and administrative notices.

8. Cross-border Disclosure of Personal Information (APP 8)

We do not disclose personal information to overseas recipients. All personal information is processed and stored within Australia.

9. Adoption, Use or Disclosure of Government Related Identifiers (APP 9)

We will not adopt a government-related identifier (such as a driver's licence number or Medicare number) as our own identifier of individuals. We will only use or disclose government-related identifiers where required or authorised by law.

10. Quality of Personal Information (APP 10)

We take reasonable steps to ensure that the personal information we collect, use, or disclose is accurate, up-to-date, complete, and relevant. We encourage you to contact us if any of your personal information is incorrect or has changed.

11. Security of Personal Information (APP 11)

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure.

Technical Security Measures

The specific technical measures we implement include:

• Encryption of data in transit and at rest using industry-standard protocols
• Network security controls including firewalls and intrusion detection systems
• Secure backup systems with encryption and access controls
• Access logging and monitoring of systems containing personal information
• Multi-factor authentication for access to sensitive systems

Data Breach Response

In the event of a suspected or confirmed data breach, we will:

• Immediately investigate and contain the breach
• Assess whether the breach is likely to result in serious harm
• Notify affected individuals and the Office of the Australian Information Commissioner (OAIC) if required under the Notifiable Data Breaches (NDB) scheme
• Take remedial action to prevent similar breaches in the future
• Provide affected individuals with recommendations on steps they can take to protect themselves

Data Destruction and De-identification

When we no longer need personal information for any purpose, and we are not required by law to retain it, we will take reasonable steps to securely destroy or permanently de-identify the information.

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your experience and collect information about how you use our services. You can control cookies through your browser settings, but please note that disabling cookies may affect the functionality of our website.

12. Access to Personal Information (APP 12)

You have the right to request access to the personal information we hold about you. To request access, please contact us using the details provided below.

We will respond to your request within a reasonable timeframe (generally within 30 days). In some circumstances, we may need to deny your request, such as where:

• Giving access would pose a serious threat to life, health, or safety
• Giving access would have an unreasonable impact on the privacy of others
• The request is frivolous or vexatious
• Giving access would be unlawful
• Legal proceedings are underway or anticipated

If we deny your request, we will provide you with written reasons for the denial and information about how you may complain about the refusal.

13. Correction of Personal Information (APP 13)

You have the right to request correction of personal information we hold about you if you believe it is inaccurate, out-of-date, incomplete, irrelevant, or misleading.

To request a correction, please contact us using the details below. We will respond to your request within a reasonable timeframe and take reasonable steps to correct the information.

If we refuse to correct personal information, we will provide you with written reasons and information about how you may complain about the refusal. You may also request that we associate a statement with the information noting that you believe it is inaccurate, out-of-date, incomplete, irrelevant, or misleading.

Data Retention

We retain personal information for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. When personal information is no longer needed, we take reasonable steps to destroy or de-identify it.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website (http://www.compliancekit.co) and updating the "Last Updated" date.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Your Rights Under Australian Privacy Law

Right to Sue for Serious Invasions of Privacy

Since 10 June 2025, Australian law provides individuals with a statutory right to take legal action for serious invasions of privacy under the Privacy Act 1988 (Cth).

You may be able to commence legal proceedings if someone:

• Intrudes upon your personal seclusion (for example, through unauthorized surveillance or intrusive behavior), OR
• Misuses your personal information in a way that seriously invades your privacy

To establish a claim, you would need to demonstrate that the invasion of privacy was serious. The court can award damages (including compensation for emotional distress) and grant injunctions to prevent further invasions of privacy.

This statutory right operates independently from your ability to make a complaint to us or to the Office of the Australian Information Commissioner (OAIC).

Please note: If you believe ComplianceKit has seriously invaded your privacy, we encourage you to first contact us using the process described below, so we can attempt to resolve your concerns. You may also wish to seek independent legal advice about your rights.

Complaints and Contact

Complaint Process

If you believe we have breached the Australian Privacy Principles, you may lodge a complaint with us. We will:

1. Acknowledge your complaint within 7 days
2. Investigate the matter thoroughly
3. Respond to your complaint within 30 days (or notify you if we need more time)
4. Provide you with our decision and reasons

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

Office of the Australian Information Commissioner
GPO Box 5218, Sydney NSW 2001
Phone: 1300 363 992
Email: enquiries@oaic.gov.au
Website: www.oaic.gov.au

This Privacy Policy was generated on 24 March 2026 and complies with the Australian Privacy Principles under the Privacy Act 1988 (Cth).

This privacy policy is hosted and maintained by ComplianceKit
Last updated: 24 February 2026