Privacy Policy

This Privacy Policy applies to all personal information collected by IT Semantics Pty Ltd (we, us or our) via the website located at www.itsemantics.com (Website).

What information do we collect?

The kind of Personal Information that we collect from you will depend on how you use the website. The Personal Information which we collect and hold about you may include:

We collect the following personal information from website users and clients: name, email address, phone number, company name, job title, IP address, browser type and version, device information, location data, business requirements and project specifications, technical environment details, system integration needs, communication preferences, and any other information voluntarily provided through contact forms, consultation requests, or service enquiries. For clients engaging our IT consulting and systems integration services, we may also collect business contact details, organisational structure information, technical infrastructure data, and project-related documentation necessary to deliver our services effectively.

Types of information

The Privacy Act 1998 (Cth) (Privacy Act) defines types of information, including Personal Information and Sensitive Information.

Personal Information means information or an opinion about an identified individual or an individual who is reasonably identifiable:

• whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or not.

If the information does not disclose your identity or enable your identity to be ascertained, it will in most cases not be classified as “Personal Information” and will not be subject to this privacy policy.

Sensitive Information is defined in the Privacy Act as including information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.

Sensitive Information will be used by us only:

• for the primary purpose for which it was obtained; for a secondary purpose that is directly related to the primary purpose; and
• with your consent or where required or authorised by law.

How we collect your Personal Information

• We may collect Personal Information from you whenever you input such information into the Website, related app or provide it to Us in any other way.
• We may also collect cookies from your computer which enable us to tell when you use the Website and also to help customise your Website experience. As a general rule, however, it is not possible to identify you personally from our use of cookies.
• We obtain your express consent before placing non-essential cookies on your device. You may categorise cookies as essential (required for Website functionality), analytics (to improve our services), or marketing (for promotional purposes), and you may withdraw consent at any time through your browser settings or our preference center.
• We generally don’t collect Sensitive Information, but when we do, we will comply with the preceding paragraph.
• Where reasonable and practicable we collect your Personal Information from you only. However, sometimes we may be given information from a third party, in cases like this we will take steps to make you aware of the information that was provided by a third party.
• All employees and contractors accessing Personal Information must complete documented privacy training covering Australian Privacy Principles, data handling procedures, security protocols, and breach notification requirements. Training records are maintained and verified annually, with role-specific training provided for personnel in IT consulting, system integration, and support roles.

Purpose of collection

• We collect Personal Information to provide you with the best service experience possible on the Website and keep in touch with you about developments in our business.
• We customarily only disclose Personal Information to our service providers who assist us in operating the Website. Your Personal Information may also be exposed from time to time to maintenance and support personnel acting in the normal course of their duties.
• All service providers and maintenance personnel who access Personal Information are contractually bound to comply with the Australian Privacy Principles and maintain security standards equivalent to ISO 27001 or equivalent frameworks. Service providers must notify us of any suspected data breach within [HOURS] hours, and we retain audit rights to verify ongoing compliance with these obligations.
• By using our Website, you consent to the receipt of direct marketing material. We will only use your Personal Information for this purpose if we have collected such information direct from you, and if it is material of a type which you would reasonably expect to receive from use. We do not use sensitive Personal Information in direct marketing activity. Our direct marketing material will include a simple means by which you can request not to receive further communications of this nature, such as an unsubscribe button link.
• We maintain a register of all service providers with access to Personal Information, documenting the categories of data accessed, processing purposes, and security certifications. Service providers must execute Data Processing Agreements that include liability provisions for unauthorised access or disclosure, data return or destruction obligations upon termination, and restrictions preventing further disclosure without our prior written consent.

Security, Access and correction

• We store your Personal Information in a way that reasonably protects it from unauthorised access, misuse, modification or disclosure. When we no longer require your Personal Information for the purpose for which we obtained in, we will take reasonable steps to destroy and anonymise or de-identify it. Most of the Personal Information that is stored in our client files and records will be kept for a maximum of 7 years years to fulfill our record keeping obligations.
• The Australian Privacy Principles:
• permit you to obtain access to the Personal Information we hold about you in certain circumstances (Australian Privacy Principle 12); and allow you to correct inaccurate Personal Information subject to certain exceptions (Australian Privacy Principle 13).
• Where you would like to obtain such access, please contact us in writing on the contact details set out at the bottom of this privacy policy.
• We maintain documented data destruction procedures that include secure deletion protocols, cryptographic erasure for digital records, and audit trails for all destruction activities. Different retention periods apply based on data categories: client transaction records and system integration logs are retained for [NUMBER] years, general client contact information for [NUMBER] years, and financial records for [NUMBER] years in accordance with applicable legal and regulatory requirements.
• Upon request, we will provide you with a detailed breakdown of the specific retention period applicable to your Personal Information based on its category and the legal or contractual obligations governing its storage. You may request early destruction of your Personal Information where no legal, regulatory or contractual obligation requires its continued retention, subject to our verification of such request and confirmation that destruction will not prejudice any ongoing or reasonably anticipated legal proceedings.

Complaint procedure

If you have a complaint concerning the manner in which we maintain the privacy of your Personal Information, please contact us as on the contact details set out at the bottom of this policy. All complaints will be considered by our Privacy Officer and we may seek further information from you to clarify your concerns. If we agree that your complaint is well founded, we will, in consultation with you, take appropriate steps to rectify the problem. If you remain dissatisfied with the outcome, you may refer the matter to the Office of the Australian Information Commissioner.

Notification and Consent

We will notify you prior to transferring your Personal Information to jurisdictions without substantially similar data protection laws and obtain your express consent where required by the Privacy Act 1988 (Cth). For IT consulting services involving cloud infrastructure or international client systems, you may specify preferred data storage locations or object to transfers to particular jurisdictions by providing written notice to us within [DAYS] days of notification.

Overseas transfer

Your Personal Information will not be disclosed to recipients outside Australia unless you expressly request us to do so. If you request us to transfer your Personal Information to an overseas recipient, the overseas recipient will not be required to comply with the Australian Privacy Principles and we will not be liable for any mishandling of your information in such circumstances.

How to contact us about privacy

If you have any queries, or if you seek access to your Personal Information, or if you have a complaint about our privacy practices, you can contact us through: privacy@itsemantics.com.

Complaint handling timeframes and escalation

We will acknowledge all complaints within 10 business days of receipt and complete our investigation within [DAYS] days, providing you with a written decision including reasons for our determination. If you remain dissatisfied with our response, you may escalate the matter to our Privacy Officer for review or lodge a complaint directly with the Office of the Australian Information Commissioner.

Data breach notification

Upon discovery of a suspected data breach, we will immediately investigate and assess whether the breach constitutes an eligible data breach under the Privacy Act 1988 (Cth). If the breach is likely to result in serious harm to affected individuals, we will notify affected clients within 3 days of making that determination. Notification will include details of the breach, affected data categories, remedial actions taken, and contact information for further inquiries.

International transfer safeguards

Where overseas transfer is necessary for service delivery (including cloud infrastructure, international client systems, or cross-border consulting engagements), we will implement Standard Contractual Clauses or equivalent safeguards to protect your Personal Information. We remain accountable for compliance with the Australian Privacy Principles by overseas recipients and will obtain your written consent before transferring Personal Information to jurisdictions without substantially similar data protection laws. You may specify preferred data storage locations or object to transfers to particular jurisdictions by providing written notice within 5 days.