Privacy Policy.

Information we collect

We collect various types of personal information, including but not limited to:

• Login credentials
• Payment details
• Email address
• Name
• Phone numbers
• Address

Types of information

Personal information, as defined under the Privacy Act 1988 (Cth), means information or an opinion about an identified individual, or an individual who is reasonably identifiable.

Sensitive information, as defined under the Privacy Act 1988 (Cth), includes details about an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record, or health information.

We collect and handle sensitive information only with your consent or as permitted by law.

How we collect personal information

We collect personal information directly from you when you provide it to us through our website, digital documentation, over the telephone, related apps, or other means.

Purpose of collection

We collect personal information to provide you with our services, improve our offerings, and communicate with you about updates and developments.

When this policy applies

• Collection: during the process of collecting personal information from you through our website, digital documentation, telephone, related apps, or other means.
• Handling and storage: when handling, storing, and securing your personal information to protect it from unauthorised access, misuse, modification, or disclosure.
• Communications: in managing communications and services provided to you, including direct marketing communications, where you have consented to receive them.
• Third-party disclosure: when disclosing personal information to third-party service providers who assist us in providing our services, and to other parties as required by law.

Disclosure to third parties

We may disclose personal information to third-party service providers who assist us in providing the services we offer and manage, and to other parties as required by law. These third parties are obligated to protect your information and use it solely for the purpose of providing services to us or as required by law.

By using our services, you consent to receive direct marketing communications from us, provided we have obtained your information directly from you and the communication is of a type you would reasonably expect. We provide an option to unsubscribe from such communications.

Cookies and website analytics

This website uses cookies and similar technologies to remember your theme preference, measure site usage, and (via Microsoft Clarity) record anonymised session replays for usability analysis. Session replay captures page interactions such as scrolls and clicks, but not keystrokes entered into password fields or payment-card fields. You can disable cookies in your browser settings; some features of the site may not work as expected if you do.

We also load HubSpot tracking on this website and use a HubSpot-hosted embedded form on our Contact page. Information you submit through the contact form, and analytics events captured by HubSpot and Microsoft Clarity, are processed by those vendors on their infrastructure as part of the services they provide to us.

Security, access, and correction

We store your personal information in a way that reasonably protects it from unauthorised access, misuse, modification, or disclosure.

When we no longer require your personal information for the purpose for which we obtained it, we will take reasonable steps to destroy, anonymise, or de-identify it.

Most personal information stored in our client files and records is kept for a maximum of 7 years to fulfil our recordkeeping obligations.

The Australian Privacy Principles permit you to obtain access to the personal information we hold about you in certain circumstances (Australian Privacy Principle 12), and allow you to correct inaccurate personal information subject to certain exceptions (Australian Privacy Principle 13).

To request access or correction, please contact us in writing using the details at the bottom of this policy.

Complaints

If you have a complaint about the manner in which we maintain the privacy of your personal information, please contact us using the details at the bottom of this policy. All complaints will be considered by our Customer Success team, and we may seek further information from you to clarify your concerns. If we agree that your complaint is well-founded, we will, in consultation with you, take appropriate steps to rectify the problem. If you remain dissatisfied with the outcome, you may refer the matter to the Office of the Australian Information Commissioner at oaic.gov.au.

Overseas transfer

We do not transfer the personal information we hold about you as a client outside Australia unless you request us to do so. If such a transfer occurs at your request, your information may not be protected by Australian privacy laws.

Website analytics and contact-form submissions are processed by the third-party vendors described under “Cookies and website analytics” on their infrastructure as part of the services they provide to us.

Data breach notification

In line with the SMB1001:2026 cybersecurity framework, in the unlikely event of a data breach that is likely to result in serious harm to you, we will promptly notify you and the Office of the Australian Information Commissioner (OAIC) as required by law. Our notification process includes:

• Detection: continuous monitoring and alerting to detect breaches promptly.
• Response: immediate steps to contain the breach, assess its extent, and mitigate harm.
• Notification: we will inform affected individuals and the OAIC of the breach, including a description of the breach, the kind of information involved, and recommendations about the steps you should take in response.
• Prevention: review and enhance our security measures to prevent future breaches, aligned to the SMB1001:2026 framework, covering governance, identity and access controls, data protection, configuration hardening, backup and recovery, staff training, and incident response.

Contact us

If you have questions about our privacy practices, wish to access or correct your personal information, or have a privacy-related complaint, please contact us at service@evolvetech.com.au.