1. What is “personal information”?

Personal information” means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not and whether recorded in a material form or not.

2. What personal information we collect

• 
  Name, email address, phone number
• 
  Organisation or business name and role
• 
  Your message, brief, and any attachments you submit
• 
  Information you provide during calls or meetings

• 
  IP address, device identifiers, browser type and version
• 
  Pages viewed, links clicked, referring pages, session duration
• 
  Approximate location (derived from IP address)
• 
  Date and time of visits and interactions

Service delivery (where you engage us)

Depending on the service, we may collect or be provided access to information required to perform the engagement, including:

• 
  Domains and DNS records, email configuration metadata (e.g., SPF, DKIM, DMARC settings)
• 
  Website configuration details, logs, security headers, and related technical information
• 
  Workspace administration details for Google Workspace or Microsoft environments (as required)
• 
  Compliance documentation and governance artefacts supplied by your organisation

3. How we collect personal information

We collect personal information in a range of ways, including when you:

• 
  Visit and use our website (including via cookies and server logs)
• 
  Submit a contact form, request a quote, or email us
• 
  Engage us to provide services and supply required information or system access required for delivery
• 
  Communicate with us by email, phone, or other channels

4. Why we collect, hold, and use personal information

Where required, we collect personal information only with consent, where necessary to perform a contract, or where required or authorised by law. We collect and use personal information to:

• 
  Respond to enquiries, provide quotes, and communicate with you
• 
  Deliver, manage, and support our services
• 
  Verify identity and reduce fraud, misuse, and unauthorised access
• 
  Maintain the security and integrity of our website and systems
• 
  Improve our website, services, and customer experience
• 
  Manage administration, invoicing, record keeping, and internal operations
• 
  Comply with legal obligations and enforce our rights and agreements

We do not sell personal information.

5. Cookies, analytics, and tracking

Our website may use cookies and similar technologies to operate the site, remember preferences, measure performance, and analyse usage patterns. You can manage cookies through your browser settings. Blocking cookies may affect certain website functionality. We do not use cookies for advertising or behavioural profiling.

6. Disclosure of personal information

We may disclose personal information to third parties where it is reasonably necessary for business operations and service delivery, including:

• 
  Website hosting and infrastructure providers
• 
  Email and communications providers
• 
  Analytics and performance tooling providers
• 
  Cloud storage and document management providers
• 
  Payment and billing providers (where applicable)
• 
  Professional advisers (legal, accounting, insurance)
• 
  Regulators, courts, or law enforcement where required or authorised by law

We take reasonable steps to ensure third-party providers handle personal information appropriately.

7. Overseas disclosures

Some third-party providers we use may store or process information outside Australia. Where this occurs, we take reasonable steps to ensure appropriate protections are in place and that handling remains consistent with this Privacy Policy and applicable law. Where required, we take reasonable steps to ensure overseas recipients do not breach the Australian Privacy Principles.

8. Security of personal information

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. Safeguards may include access controls, secure storage practices, and operational security measures.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

9. Data retention

We retain personal information only for as long as necessary to fulfil the purposes described in this Privacy Policy, including legal, accounting, and contractual obligations. When no longer required, we take reasonable steps to delete or de-identify the information.

10. Direct marketing

If we send marketing communications, we will do so in accordance with applicable Australian laws, including the Spam Act 2003, and will provide a way to opt out.

11. Access and correction

You may request access to personal information we hold about you, or request corrections, by contacting us (see Section 14). We may need to verify your identity before responding. In some circumstances, we may refuse access or correction where permitted by law.

12. Data breaches

If we become aware of a data breach involving personal information, we will take steps to contain and assess it and, where required, comply with the Notifiable Data Breaches (NDB) scheme notification obligations.

13. Third-party websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We encourage you to review their privacy policies before providing personal information.

14. Complaints and contact

For privacy enquiries, access or correction requests, or complaints, please contact us via:
Email: security@vexro.com.au

We will respond to privacy enquiries and complaints within a reasonable timeframe, usually within 30 days. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC).

15. Responsible disclosure

We welcome responsible disclosure of security vulnerabilities relating to our website or systems. Please report issues to security@vexro.com.au. We ask that researchers act in good faith and do not exploit vulnerabilities beyond what is necessary to confirm their existence.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The current version will be published on our website and will take effect from the date shown at the top of the policy.