Our Approach Services AI Assessment Penetration Testing Compliance Contact Talk to an Expert
← Back to home
Legal — Privacy

Privacy Policy

🇦🇺 All data is processed and stored exclusively within Australia. QTech Cyber complies with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the Security of Critical Infrastructure Act 2018. No personal or client data is transferred offshore.

1. Our Commitment to Australian Privacy Law

Quantech Services - QTech Cyber (ABN: 66 525 431 947) ("QTech Cyber", "we", "us", "our") is an Australian company and is bound by the Privacy Act 1988 (Cth) and the thirteen Australian Privacy Principles (APPs) contained in Schedule 1 of that Act. We are committed to protecting the privacy of individuals whose personal information we collect, hold, use, and disclose in the course of our business activities. This Privacy Policy describes our obligations and your rights under Australian privacy law. We review and update this policy annually or whenever there is a material change to our data handling practices.

🇦🇺 All personal information collected through this website and our service engagements is stored, processed, and retained exclusively on Australian soil. We do not transfer personal information offshore and we do not engage any overseas recipients within the meaning of APP 8.

2. What Personal Information We Collect

We collect personal information that is reasonably necessary for our business functions. This may include:

  • Identity information: name, job title, and organisation name
  • Contact details: email address, phone number, and business address
  • Engagement information: project scope, system descriptions, and security requirements provided during service enquiries or delivery
  • Technical data: IP addresses, system logs, and configuration data accessed under written authorisation during penetration testing or security assessments
  • Communications: records of enquiries, correspondence, and service feedback
  • Financial information: invoicing and payment records (no credit card data is stored by us)

We collect only the minimum amount of personal information necessary for the identified purpose, consistent with the data minimisation principles under APP 3 and the Notifiable Data Breaches (NDB) scheme guidelines issued by the Office of the Australian Information Commissioner (OAIC).

3. How We Collect Personal Information

We collect personal information directly from individuals in most cases — for example, when you submit an enquiry via our website, engage us for services, or correspond with us by email or phone. Where it is reasonable and practicable to do so, we collect personal information only from the individual concerned (APP 3.5). We do not collect sensitive information (as defined in the Privacy Act) unless it is directly relevant to a service engagement and we have obtained the individual's consent or are otherwise permitted by law.

Our website does not use cookies, tracking pixels, behavioural analytics, or third-party advertising scripts. The only external resource loaded by this website is Google Fonts for typography rendering, which does not transmit any personal information about visitors to Google.

4. Purpose of Collection and Use

We collect and use personal information for the following primary purposes (APP 6):

  • Responding to enquiries about our cybersecurity services
  • Delivering contracted services including penetration testing, AI security assessments, consultancy, and managed security
  • Managing our contractual and legal obligations
  • Issuing invoices and processing payments
  • Communicating with clients about service delivery, findings, and remediation
  • Complying with applicable Australian laws, regulations, and court or government orders

We will not use personal information for direct marketing without first obtaining explicit consent from the individual (APP 7). We do not disclose personal information to third parties for their own marketing purposes under any circumstances.

5. Disclosure of Personal Information

We do not sell, rent, or trade personal information. We may disclose personal information to:

  • Our employees, contractors, and subcontractors who need it to deliver services — all of whom are bound by confidentiality obligations
  • Australian government agencies or law enforcement where required or authorised by law
  • Professional advisers (legal, accounting) bound by duties of confidentiality

We do not disclose personal information to overseas recipients (APP 8.1). All our service delivery infrastructure and subcontractors are located within Australia.

6. Australian Data Sovereignty and Storage

All personal information and client data is stored exclusively within Australia on infrastructure subject to Australian law, consistent with the Security of Critical Infrastructure Act 2018 (Cth), the Protective Security Policy Framework (PSPF), and the Australian Government Information Security Manual (ISM). We do not replicate data to overseas cloud regions for any purpose including backup, disaster recovery, or performance optimisation. Our infrastructure providers are contractually required to store and process all data within Australian borders.

7. Security of Personal Information

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure (APP 11). Our security measures include end-to-end encryption for data in transit, encrypted storage at rest, access controls based on the principle of least privilege, audit logging of all access to personal information, and annual security assessments of our own systems. Employees with access to personal information receive regular privacy and security training.

8. Notifiable Data Breaches

QTech Cyber is subject to the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth). In the event of an eligible data breach — one that is likely to result in serious harm to one or more individuals — we are legally required to notify both the affected individuals and the OAIC as soon as practicable after becoming aware of the breach. We maintain a Data Breach Response Plan that is tested annually.

9. Your Rights Under the Australian Privacy Principles

Under the Privacy Act and the APPs, you have the following rights:

  • Access (APP 12): You may request access to personal information we hold about you. We will respond within 30 days. We may charge a reasonable fee for providing access.
  • Correction (APP 13): You may request correction of inaccurate, out-of-date, incomplete, irrelevant, or misleading personal information.
  • Anonymity (APP 2): Where lawful and practicable, you may interact with us anonymously or using a pseudonym.
  • Complaint: You may lodge a complaint with us about a breach of the APPs. If unresolved, you may refer the complaint to the OAIC.

10. Complaints and Contact

To exercise your rights, lodge a privacy complaint, or request our full Privacy Policy document, contact our Privacy Officer:

Email: privacy@qtechcyber.ai
Response time: We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days.
External complaints: If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or by calling 1300 363 992.