Aussie Owned and Operated ICT Consultancy & Professional Services

Free Initial Consult
Plan With Us

Privacy Policy

1. Introduction

This privacy policy outlines how InnovateX Tech Solutions Pty Ltd as trustee of the Johnson Family Trust, an Australian based company, collects, uses, stores, shares, and protects your personal and company information. This policy applies to our website (https://innovatexsolutions.com.au), services, and any related applications or platforms we operate. We are committed to complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

2. Information We Collection

We may collect the following types of personal information:

  • Personal Details: Name, email address, phone number, postal address, or other contact details provided when you engage with our services, fill out forms, or contact us.
  • Professional Information: Job title, company name, or other business-related data relevant to our consulting services.
  • Usage Data: Information about how you interact with our website or services, such as IP address, browser type, device information, pages visited, and time spent on our platforms.
  • Cookies and Tracking Technologies: Data collected via cookies, web beacons, or analytics tools to enhance user experience and analyse website performance.
  • Client Project Data: Information provided during consulting engagements, such as technical specifications, corporate templates, processes, strategies, business data, or other project-related information.
  • Subcontractor Information: Details provided through our Subcontractor Information Form or Subcontractor Agreement, as outlined in Section 11.
  • Client Environment and Business Information: Information about client ICT environments and business operations, including managed services data, as outlined in Section 10.
  • Recruitment Information: Personal and professional information, such as CVs or job applications, collected via platforms like LinkedIn or Seek for recruitment purposes, if applicable, as outlined in Section 12.

3. Purpose of Data Collection

We collect personal information for the following purposes:

  • Provide and deliver ICT consulting services, including project management, strategic advice, technical support and customised solutions.
  • Communicate with you regarding our services, respond to enquiries, or provide updates.
  • Improve our website, services, and user experience through analytics and feedback.
  • Send marketing or promotional materials via email, SMS, or other channels, where you have provided express consent in accordance with the Spam Act 2003 (Cth).
    You may unsubscribe at any time using the instructions provided in these communications or by contacting us.
  • Comply with legal obligations, such as record-keeping or reporting requirements.
  • Protect the security and integrity of our systems and services.
  • Manage subcontractor engagements, including payments and compliance, as outlined in Section 11.
  • Provide consulting, support, and managed services by analysing client environments and business needs, as outlined in Section 10.
  • Facilitate recruitment processes, if applicable, by collecting and processing candidate information.

4. How We Use Your Information

Your personal information is used to:

  • Deliver tailored ICT consulting services and fulfil contractual obligations.
  • Process payments or invoices for our services.
  • Analyse usage trends to enhance our website and service offerings.
  • Personalise your experience, such as customising content or recommendations.
  • Conduct marketing activities, such as newsletters or event invitations, with your consent.
  • Meet legal, regulatory, or compliance requirements under Australian law.
  • Administer subcontractor agreements, including verification and payment processing.
  • Assess and support client ICT environments and business operations to deliver consulting and support services, including managed services.
  • Process recruitment applications, if applicable, to evaluate candidates for subcontractor or employment opportunities.

5. Data Sharing and Disclosure

We may share your personal information only in the following limited circumstances, ensuring compliance with contractual and legal obligations:

  • Service Providers: With trusted third-party providers (e.g., cloud hosting, payment processors, monitoring software, or log management systems) who assist in delivering our services, subject to strict confidentiality agreements Any client data processed by these third-party tools is subject to their respective privacy policies, and we provide clients a list of these tools and their policies as part of services agreements or upon request.
  • Business Partners: With partners involved in joint projects or services, only with your express consent or as strictly necessary to fulfill our obligations under the Prime Contract or other agreements, and only where permitted by contractual terms.
  • Legal Requirements: When required by law, such as in response to a court order, regulatory request, or to protect our legal rights, in accordance with the Privacy Act 1988.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, with notice provided to you as required by law.
  • Contractual Limitations: We will not share your personal information, including client environment, business, or subcontractor data, with third parties if such sharing is restricted by contractual agreements, non-disclosure agreements (NDAs), or confidentiality clauses in client contracts or the ICT Professional Services Subcontractor Agreement, except where explicitly permitted by those agreements or by law.
  • Emergency Data Sharing: In the event of a data breach or emergency, we may share personal information as permitted by the Privacy Act 1988 to reduce harm to individuals, such as sharing details with government agencies to enhance protections.

We do not sell your personal information to third parties.

6. Data Storage and Security

We primarily store personal information on secure platforms hosted in Australia. In cases where data is processed or stored overseas (e.g., by third-party service providers such as cloud platforms or monitoring tools), we ensure compliance with APP 8.1 by using providers in jurisdictions with comparable privacy laws or implementing contractual safeguards, such as Standard Contractual Clauses, as detailed in Section 14. We employ industry-standard security measures, including encryption, access controls, and regular security assessments, to protect your data from unauthorised access, loss, or misuse. However, no system is completely secure, and we cannot guarantee absolute security.

7. Data Breach Notification

If a data breach occurs that is likely to result in serious harm, we will promptly notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988. We will take immediate steps to mitigate harm and provide guidance on protective actions you can take.

8. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes outlined in this policy or as required by law, after which it is securely deleted or de-identified in accordance with APP 11.2:

  • Client and Subcontractor Data: Retained for the duration of our business relationship and for 7 years thereafter to comply with tax and legal obligation under the Taxation Administration Act 1952 (Cth) and other laws (e.g., financial records, service agreements).
  • Website Usage Data: Retained for up to 12 months to support website analytics and improve user experience, unless a longer period is justified for specific business needs (e.g., longitudinal trend analysis), after which is de-identified or securely deleted.
  • Client Environment and Business Information: Retained for up to 7 years for data related to tax, legal, or contractual obligations (e.g., billing records, service agreements). Technical data, such as system logs, monitoring data, or network traffic data, is retained for shorter periods (e.g., 12 months) unless required for ongoing services, after which it is de-identified or securely deleted.

9. Your Rights

Under the Australian Privacy Principles, you have the following rights regarding your personal information:

  • Access: Request access to the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request deletion of your data, subject to legal or contractual obligations
  • Opt-Out: Opt out of marketing communications at any time by clicking “unsubscribe” in emails or contacting us
  • Complaint: Lodge a complaint if you believe we have mishandled your information.

To exercise these rights, contact us as [email protected]. We will respond within 30 calendar days, in accordance with OAIC guidelines.

10. Client Environment and Business Information

If you engage our consulting, support, or managed services, we collect information about your ICT environment and business operations to provide tailored solutions. This includes:

  • IT Environment Data: Details about your hardware, software, network configurations, system architecture, security settings, or other technical specifications provided during consulting engagements or support requests.
  • Business Information: Information about your business operations, such as organisational structure, business processes, business plans, operational needs, or strategic objectives relevant to our services.
  • Managed Services Data: Data required for managed services, including, but not limited to:
    • Monitoring Data: Information collected through real-time monitoring of your ICT systems, such as server performance, application status, or security alerts.
    • Log Management Data: System logs, error reports, or audit trails generated by your ICT infrastructure to diagnose issues, ensure compliance, or optimise performance.
    • Network Traffic Data: Data related to network activity, such as bandwidth usage, traffic patterns, or security events, to support network management and cybersecurity services
  • Support Related Data: Logs, error reports, or diagnostic information collected during technical support activities to resolve issues or optimise systems.

This information is used solely for:

  • Delivering Consulting Services: Analysing your ICT environment and business needs to design, implement, or optimise ICT solutions.
  • Providing Support Services: Diagnosing and resolving technical issues, improving system performance, or ensuring security compliance
  • Providing Managed Services: Monitoring and managing your IT systems, analysing logs, and overseeing network traffic to ensure operational efficiency, security, and compliance with service level agreements.
  • Fulfilling Contractual Obligations: Meeting the requirements of our service agreements with you, including those under the Prime Contract.
  • Compliance: Ensuring adherence to relevant laws or standards, such as cybersecurity regulations or industry best practices.

Use of Third-Party Tools: We may use third-party tools and platforms (i.e., monitoring software, log management systems, or cybersecurity platforms) to deliver consulting, support, or managed services. We take reasonable steps to minimise unnecessary capture of client data by these tools, but any data processed is subject to the respective privacy policies of these providers. We will provide you with a list of third-party tools used and links to their privacy policies as part of our service agreements or upon request. We strongly encourage you to review these policies to understand how your data is handled.

Client environment and business information is collected directly from you (e.g., through consultations, forms, support, tickets, or service agreements) or generated during our service delivery (e.g., system diagnostics, monitoring tools, or log analysis). It is stored securely on our systems and retained as outlined in Section 8. Access to this information is restricted to authorised personnel and, where necessary, trusted third-party service providers under strict confidentiality agreements.

11. Subcontractor Information

If you are a subcontractor, we collect information through our Subcontractor Information Form and the ICT Professional Services Subcontractor Agreement to facilitate engagements. This includes:

  • Business Details: Trading name, Australian Business Number (ABN) or Australian Company Number (ACN), business structure (e.g., sole trader, company, partnership, trust), principal place of business, and postal address.
  • Contact Information: Name, position title, phone number, and email address of the authorised representative for notices and correspondence.
  • Insurance Details: Information about required insurance policies, including details about insurer, policy types, policy numbers, coverage amounts, and expiry dates, with copies of Certificates of Currency provided.
  • Personnel Information: Names, roles, and Criminal History Check details (issued within the last 12 months) for personnel performing services under the Subcontractor Agreement.
  • Bank Details: Bank name, account name, BSB, account number and accounting client keys (if using Xero) for payment processing.
  • Compliance Information: ABN verification, GST compliance status, and confirmation of independent contractor status under the Fair Work Act 2009.
  • Website Consent: Consent to include your name, position, and photograph on our website’s Our team section, including photograph of you, if provided.

This information is used solely for:

  • Processing Payments: Facilitating payment for services rendered, including invoicing and electronic funds transfer (EFT)
  • Management engagements: Administering and fulfilling obligations under the Subcontractor Agreement, including coordinating services with the Prime contract
  • Verifying Compliance: Ensuring compliance with the Subcontractor Agreement and applicable laws, such as the Privacy Act 1988 (Cth), Fair Work Act 2009, and Workers’ Compensation and Rehabilitation Act 2003 (Qld).
  • Audit Purposes: Supporting the Contractor’s audit rights to verify insurance, qualifications, and compliance, as specified in the Subcontractor Agreement.
  • Website Display: Display consented information on our website, if applicable.
  • Recruitment: Evaluating candidates for subcontractor or employment opportunities, if applicable.

Subcontractor information is collected directly from you via the Subcontractor Information Form or Subcontractor Agreement and stored securely on our servers. It is retained for 7 years to comply with tax and legal obligations, after which it is securely deleted or anonymised. Access is restricted to authorised personnel and, where necessary, trusted third-party service providers under strict confidentiality agreements.

12. Recruitment Information

If you apply for a role with us as a candidate for employment or subcontractor engagement, we collect personal and professional information to evaluate your application. This includes:

  • Personal Details: Name, email address, phone number, postal address, or other contact information provided in your application.
  • Professional Information: CV’s, qualifications, employment history, references, or other data submitted via platforms like LinkedIn, Seek, or directly through our website or email.
  • Assessment Data: Information generated during the recruitment process, such as interview notes, test results, or background checks (e.g., Criminal History Checks, if required for the role).

This information is used solely to:

  • Evaluate Candidates: Assess your suitability for employment or subcontractor roles.
  • Communicate with You: Provide updates on your application status or request additional information.
  • Comply with Legal Obligations: Meet requirements for background checks or record-keeping under applicable laws, such as the Fair Work Act 2009.
  • Store for Future Opportunities: Retain your information for future roles, with your consent.

We may use third-party recruitment platforms (e.g., LinkedIn, Seek) or applicant tracking systems to manage your application. Data processed by these platforms is subject to their respective privacy policies, which we encourage you to review. We will provide links to these policies upon request.

Recruitment information is collected directly from you (e.g., via applications, forms, or interviews) or from third parties (e.g., recruitment platforms, referees) with your consent. It is stored securely on our servers or trusted third-party systems and retained for up to 12 months, unless you are engaged as an employee or subcontractor, in which it is retained as outlined in Section 11. Access is restricted to authorised personnel and, where necessary, trusted third-party services providers under strict confidentiality agreements.

13. Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google, Inc., to collect and analyse information about how visitors use our site. Google Analytics collects the following types of data:

  • Usage Data: IP address, browser type, device information, pages visited, referral sources, and time spent on our website.
  • Cookies: Google Analytics used cookies to track user interactions and generate reports on website activity

This data is used to:

  • Understand user behaviour and improve our website’s functionality and content.
  • Generate aggregated and anonymised reports on website performance.

Google Analytics may store data on servers outside Australia. We ensure that any data transfers comply with APP 8.1, using Google’s data processing agreements to safeguard your information. You can opt out of Google Analytics tacking by:

  • Adjusting your browser settings to block cookies
  • Using the Google Analytics Opt-Out Browser Add-On
  • Managing cookie preferences through our website’s cookie consent tool.

For more information on how Google handles your data, see Google’s Privacy Policy.

14. Cookies and Tracking Technologies

Our website uses cookies and similar technologies, including Google Analytics, to enhance functionality and analyse performance. You can manage cookie preferences through your browser settings.

15. International Data Transfers

If we transfer your data outside Australia (e.g., to cloud servers or international partners, including Google Analytics), we ensure compliance with APP 8.1 by using providers in jurisdictions with comparable privacy laws or by implementation contractual safeguards, such as Standard Contractual Clauses.

16. Third Party Links

Our website or services may contain links to third-party websites. We are not responsible for their privacy practices, and we encourage you to review their policies before providing personal information.

17. Children’s Privacy

Our services are not directed to individuals under 16. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 16, we will promptly delete it and notify the affected individual or guardian, as appropriate.

If you believe we have collected such information, please contact us immediately.

18. Changes to This Privacy Policy

We review and update this policy periodically to ensure it reflects our current practices and complies with legal requirements. We will notify you of significant changes via our website or by email. The updated policy will be effective from the date posted.

19. Contact Us

For questions, concerns, or to exercise your privacy rights, please contact us at [email protected]. Alternatively, you can contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au to lodge a privacy complaint.

 

Last Updated: 22 July 2025