Skip to content

Privacy Policy

1      Introduction

1.1     Purpose and Context

1.1.1         Maxsum Consulting is a Managed IT Services Provider providing Managed IT Services support, technical services, project and professional services and consulting services on a range of information technology processes, systems, services and products for small-to-medium sized business, professional and not-for-profit organisations.

1.1.2         This policy sets out Maxsum Consulting’s approach to privacy, and the collection, use, handling and disposal of private and/or personal information, with reference where relevant to controls and treatments to minimise data privacy risk, business risk and efficiently respond to incidents within the context of the Maxsum Information Security Management System (ISMS), collection of personal information via public communication forums such as the Maxsum website/s, and the collection and use of personal information required for contracted service provision.

1.2     Scope

1.2.1         This Privacy Policy applies to you as a user of our Website/s or any services provided by us, a prospective client or client who we do business with and covers all information which we collect from or about you.

1.2.2         This Privacy Policy also applies to our clients and prospective clients in circumstances where information is collected from or provided by third parties on your behalf.

1.2.3         By visiting or using our Website/s you agree to the collection, storage, usage and disclosure of your information by us in the manner as described in this Privacy Policy.

1.2.4         By visiting or using our Website/s, products or services or contacting us, you acknowledge that you understand and agree to the collection, storage, usage and disclosure of your information by us in manner described in this Privacy Policy.

1.3     Variations & Supplementary Provisions

1.3.1         By entering into a Managed IT Services Agreement with Maxsum, you further acknowledge that you understand and agree to the collection, storage, usage and disclosure of your information by us in the manner set out in the Managed IT Services Agreement Schedule 3 Terms & Conditions, in addition to the general provisions set out in this Privacy Policy.

1.3.2         By entering into a Supplier, Vendor or Contracting Agreement with Maxsum, you further acknowledge that you understand and agree to the collection storage, usage and disclosure of your information by us in the manner set out in the Maxsum Consulting Information Security Policy for Suppliers and/or associated Terms & Conditions, in addition to the general provisions set out in this Privacy Policy.

1.4     Policy References

1.4.1         For the purpose of this and all Maxsum Consulting Information Security Policies, Maxsum Consulting may be denoted variably as “Maxsum”, “the Company”, “the organisation”, “we” or “us”.

1.4.2          You means the person or entity that accesses the Website/s or uses our services and your has a corresponding meaning.

1.4.3         Personal Information has the meaning provided for that term under the Privacy Act, meaning information or an opinion relating to an individual which can be used to identify that individual. This may include your name, address, telephone number, email address and profession or occupation.

1.4.4         Privacy Officer means the individual nominated by Maxsum Consulting from time to time;

1.4.5         Website/s means maxsum.com, including all content, trademarks, and related services, products, related website/s, tools and applications, as well as any services provided by Maxsum Consulting including managed, technical, consulting or procurement services ;

2      Personal Information

2.1     The Australian Privacy Principles

2.1.1         We are bound by the Australian Privacy Principles (“APPs”) contained in the Privacy Act (Cth).

2.1.2         The APPs establish minimum standards for the private sector in relation to the collection, handling, use, disclosure, management, access, correction and disposal of Personal Information about natural persons.

2.2     What information is collected

2.2.1         We may collect and hold information about you which we consider is required in order for us to provide our services to you, including without limitation the following types of Personal Information:

  1. name and contact details such as your home address and telephone number;
  2. occupation;
  3. personal preferences;
  4. employment history;
  5. identification documents;
  6. details of your property and entities;
  7. details of companies or other entities whom you are associated with;
  8. information in relation to your dietary or mobility requirements where you seek to attend an event we arrange;
  9. information you supply when submitting forms in relation to any promotion or engagement we offer;
  10. references provided in support of applications;
  11. details of your liabilities;
  12. testimonials and feedback; financial information and payment details, including credit card and banking details, assets, liabilities, income and outgoings;
  13. credit information including credit reports from credit reporting agencies;
  14. information from your interaction with the Website/s and its content, our services and our advertising, including without limitation device identifiers, device type, geo-location information, connection information, statistics on page views, traffic to and from the Website/s, mobile network information, time, date, referring URL, the type of operating system and browser, ad data, IP address and standard web log data; and
  15. any other information provided by you to us including without limitation through use of the Website/s or services;
  16. information you provide to us by completing any questionnaire, subscription, registration and application forms;
  17. details of visits including volume of traffic, logs (internet protocol address and location of device) and resources accessed; and
  18. any other information we consider may assist us in providing or marketing our business.

2.2.2         In principle, we do not seek to collect, require or hold Personal Information that is Sensitive Information under the Privacy Act, except if specifically required or directed by legal, law enforcement or regulatory authorities to the extent permitted by law or in relation to a directive issued to us.

2.2.3         We understand the importance of protecting children’s privacy. Our Website/s and related sites, including any presence we hold on Facebook, Twitter, Snapchat, LinkedIn or other social media sites, are not intentionally designed for or directed at children.

2.3     How information is collected and held

2.3.1         We generally collect Personal Information:

  1. directly from you, your representatives and advisers, our clients and their authorised representatives;
  2. indirectly from you when you make an enquiry with us by phone or email or when you complete an application form or a questionnaire or engage us to provide work for you or when you visit the Website/s (this includes data that is automatically recorded by our internet service provider);
  3. from third parties such as regulatory authorities, public registers, other organisations, government agencies and information or service providers such as those that provide analyses on data or a professional adviser on your behalf when they contact us or use questionnaires or application forms;

2.3.2         We take all reasonable steps to ensure that the information we collect is stored in a secure environment and protected from unauthorised access, modification or disclosure.

2.3.3         We may hold information both in hard copy form and electronically at our premises and with various service providers that assist us with information storage.

2.3.4         You are not permitted to not identify yourself or use a pseudonym when dealing with us, as it is impracticable for us to deal with individuals who have not identified themselves or used a pseudonym. For example, we need your Personal Information so that we can undertake a identity, authority or security check to ensure that we are able to act on your behalf.

2.3.5         Electronic information may also be backed up on a secure server administered by a provider nominated by us. To the best of our knowledge, these servers are located in Australia however we make no guarantee that they are in Australia and you consent to your information being stored on foreign-based servers.

2.3.6         We may also utilise cloud service providers located overseas for the limited purpose of performing the services of storing and ensuring we may access the Personal Information stored.

2.3.7         We do not intentionally “disclose” information to them, and rather allow them to “use” it (as defined under the Privacy Act) for the purposes stated above.

2.3.8         You consent to this use, and if it inadvertently becomes a disclosure then you consent to that disclosure.

2.3.9         Despite the above, the transmission and exchange of information is carried out at your own risk. We cannot guarantee the security of any information that you transmit to us, or that you receive from us.

2.3.10      Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that information that we collect will not be disclosed in a manner that is inconsistent with this Privacy Policy.

2.4     Why information is collected

2.4.1         Our principal purpose in collecting, using and storing your Personal Information is to provide our services in a personalised, safe and efficient manner. The information we collect is necessary for us to provide you with our services (and you authorise us to use your information in this way), which includes:

  1. providing you with information about our business and services including marketing and promotional material;
  2. to conduct our business including if it is necessary for the performance of services to you or in connection with you;
  3. to provide, administer, market, improve, analyse and manage our services;
  4. to communicate with you and respond to your enquiries;
  5. to comply with our legal obligations;
  6. to facilitate our internal business operations;
  7. to combine or aggregate your Personal Information with information we collect from third parties and use it for the purposes set out in this Privacy Policy;
  8. coordinating events and competitions;
  9. assessing your credit worthiness;
  10. researching, developing, improving and marketing our services; and
  11. to protect a person’s rights, property or safety.

2.4.2         If we are unable to collect, use and disclose your Personal Information in accordance with this Privacy Policy, we may not be able to effectively deliver our services to you and we may prohibit your access of the Website/s.

2.5     If we can’t collect your Personal Information

2.5.1         If you do not provide us with the Personal Information described above, some or all of the following may happen:

  1. we may not be able to provide the requested products or services to you, either to the same standard or at all;
  2. we may not be able to provide you with information about products and services that you may want; or
  3. we may not be able to tailor the content of our Website/s to your preferences and your experience of our Website/s may not be as enjoyable or useful.

2.5.2         You are not permitted to not identify yourself or use a pseudonym when dealing with us, as it is impracticable for us to deal with individuals who have not identified themselves or used a pseudonym. For example, we need your Personal Information so that we can undertake a identity or authority check and confirm we are able to act on your behalf.

2.6    Who we disclose information to

2.6.1         We may disclose information about you to:

  1. specific third parties that you have authorised to receive information held by us;
  2. our employees, related bodies corporate, contractors or external service providers for the operation of our Website/s or business, fulfilling requests or responding to enquiries from you or providing products or services to you including, without limitation, web hosting providers, IT systems administrators, mailing houses, couriers, payment processors, data entry service providers, electronic network administrators, debt collectors, utilities providers, and professional advisors such as accountants, solicitors, business advisors and consultants;
  3. specific third parties where it is necessary for the purpose of, or in connection with, legal proceedings;
  4. any relevant authority or enforcement body;
  5. such entities that we propose to merge with or be acquired by;
  6. social media sites; or
  7. to any other person where otherwise required or permitted to by any law.

2.6.2         We will not share, sell, rent or disclose your Personal Information in ways different from what is disclosed in this Privacy Policy.

2.7     Access and Correction

2.7.1         Subject to the Privacy Act, you may request to access the Personal Information we hold about you by contacting us. All requests for access will be processed within a reasonable time.

2.7.2         In certain instances we may not be required or able to provide you with access to your Personal Information. If this occurs we will give you reasons for our decision not to provide you with such access to your Personal Information in accordance with the Privacy Act.

2.7.3         There is no application fee for making a request to access your Personal Information.  However, we may charge an administrative fee for the provision of information in certain circumstances, such as if you make repeated requests for information or where the information is held by a third-party provider.

2.8     Archiving/Destruction of information

2.8.1         All information is retained at a minimum for the period of time required to fulfil our business needs and legal obligations (usually at least seven (7) years).

2.8.2         Where that information is no longer required, it will be archived, destroyed, deleted or disposed of in a secure manner.

3      Third Party Links

3.1.1         Our Website/s may contain links to other sites over which we have no control. Those links are provided for your convenience only, and we are not responsible for how they may handle your Personal Information.

3.1.2         If you request information from another organisation through the use of the Website/s, it is your obligation to check the Privacy Policy of that organisation to confirm how they will handle your information. We are not responsible for the way in which other third parties collect, store, disclose or otherwise handle information provided to them through the Website/s.

4      Cookies

4.1.1         We use cookies on our online services to monitor your use of the Website/s, to measure usage sessions accurately and to provide you a more effective service. Cookies are also used to improve the functionality of the Website/s.

4.1.2         If you prefer not to enable us to use cookies most browsers have a facility that will allow you to disable cookies altogether, please refer to your browser’s help menu to find out how to do this. Doing so may affect your browsing experience and certain functions of the Website/s may not work.

5      Marketing

5.1.1         If you do not wish to receive marketing information from us, you may withdraw your consent at any time using the unsubscribe option included in the email or other material. Alternatively, you may contact us and we will process your request.

6      Notifiable Data Breaches

6.1.1         In the event that there is a data breach and we are required to comply with the notification of eligible data breaches provisions in Part IIIC of the Privacy Act 1988 (Cth) or any other subsequent sections or legislation which supersede this Part IIIC, we will take all reasonable steps to contain the suspected or known breach where possible and follow the following process set out under this clause.

6.1.2         If we have reasonable grounds to suspect that the data breach is likely to result in serious harm to any individuals involved, then, if (and only if) we are required to do so under the Privacy Act:

  1. We will take all reasonable steps to ensure an assessment is completed within thirty (30) days of the breach;
  2. If remedial action is successful in making serious harm no longer likely, then no notification or statement will be made; and
  3. Where we are aware of reasonable grounds to believe serious harm is likely, as soon as practicable, we will provide a statement to each of the individuals whose data was breached or who are at risk. The statement will contain details of the breach and recommendations of the steps each individual should take. We will also provide a copy of the statement to the Office of the Australian information Commissioner.
  4. We will review the incident and take action to prevent future breaches.

7      Complaints and Contact

7.1.1         If you have any questions or concerns about this Privacy Policy, or believe that a breach of privacy has occurred, please contact our Privacy Officer so that we may investigate such incident.

7.1.2         We use a formal procedure for the investigation and management of privacy breaches. Once a complaint has been received, the Privacy Officer will undertake an investigation in order to determine the nature of the breach and the reason it occurred. If a breach is found to have occurred, the matter will be escalated to our management. The information storage and handling process will then be rectified to prevent any further breaches.

7.1.3         We will contact you in order to inform you of the outcome of any investigation concerning your Personal Information and to discuss any concerns you may have and possible resolutions to those concerns. We will acknowledge and respond to all genuine enquiries, concerns and complaints in writing within thirty (30) days of the date of receipt.

Position                    Privacy Officer

Telephone               (03) 4433 9200

Email                        info@maxsum.com

Postal Address        130 Mollison Street, Bendigo VIC 3550

8      Further information

If we do not resolve your enquiry, concern or complaint to your satisfaction or you require further information in relation to any privacy matters, please contact the Office of the Australian information Commission at:

Telephone                1300 363 992

Email                         enquiries@oaic.gov.au

Office Address         Level 3, 175 Pitt Street, Sydney NSW 2000

Postal Address        GPO Box 5218, Sydney NSW 2001

Website                     www.oaic.gov.au

9     Updates to this Policy

9.1.1         We may update this Privacy Policy from time to time and any amendments will apply to information we hold at the time of the update.

9.1.2         If amended, the updated Privacy Policy will be available from our Website/s. Please ensure that you check our Website/s to view the current Privacy Policy or contact us for a copy, as your continued use of the Website/s indicates your acceptance of our then current Privacy Policy.

Wishing you a happy and safe Festive Season. Our offices will be closed from 5pm Friday December 20 and will reopen Monday January 6. Please call 1300 629 786 for Critical Incident assistance over this time.