Privacy Policy

AUIT Pty Ltd (“AUIT“, “we“, or “us“) is a leading Australian managed IT services provider committed to protecting your privacy. We provide IT support and solutions to small businesses, and this Privacy Policy outlines how we collect, use, disclose, and protect your personal information. We manage personal data in an open and transparent way in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). In line with our commitment to information security, we also adhere to industry best practices (including alignment with the ISO/IEC 27001 information security standard) to safeguard your data. Importantly, all customer data is stored exclusively on servers located within Australia – we do not transfer your personal information overseas. By using our services or visiting our website, you agree to the practices described in this Privacy Policy.

Information We Collect

We only collect information that is reasonably necessary for our business functions as an IT managed service provider. The types of personal and business data we may collect include:

Contact and Identity Information: Name, business name, job title, address, phone number, email address, and other contact details of clients and their authorized users. This may be collected when you engage our services, fill out our contact form, or communicate with us by phone or email.
Service-Related Information: Information needed to provide IT services, such as company domain names, user account usernames, and in some cases credentials or access tokens for systems we manage (stored securely). We may also maintain records of assets and devices (e.g. computer names or inventory IDs) to support endpoint management, network administration, and cloud services management.
System and Usage Data: Technical data from endpoints and systems under our management. For example, we might collect device identifiers, IP addresses, operating system details, login timestamps, and system logs as part of system monitoring and support. This data helps us monitor performance, detect security events, and troubleshoot issues on your IT infrastructure.
Support Records: When you seek user support, we record information related to your request. This can include descriptions of the problem, screenshots or error logs you share, and our actions taken. We may also record phone calls or keep email/chat correspondence for quality and training purposes.
Backup Data: If you use our data backup and recovery services, we will handle copies of your files and system data to back them up. These backups might contain any type of information present on your systems (including personal information about your staff or customers). We treat all such data as confidential and use it only to perform backup and restoration as needed.
Website Usage Data: When you visit our website (auit.com.au), we collect basic information automatically. This includes your IP address, browser type, and browsing behavior on our site (pages visited, time spent, etc.). We use cookies and similar technologies to collect some of this data (see Cookies below). This information is generally not identified with you personally, and is used for website analytics and improving user experience.

We collect most personal information directly from you or your organization (for example, when you sign up for our services or submit a support ticket). In some cases we may receive information from third parties – for instance, if your employer (our client) provides us with your contact details as an authorized contact, or if we integrate with third-party tools that furnish information to us. If we receive personal information about you from a third party and it’s not already obvious to you, we will take reasonable steps to notify you that we have received your information.

We do not generally collect sensitive personal information (such as health data or information about race, religion, etc.) unless it is necessary for a specific service you have requested and you have given consent. Our services are primarily focused on business IT systems, so such sensitive data is seldom relevant. If we ever need to handle sensitive information, we will only do so with your consent or as required by law.

How We Use Your Information

AUIT uses the collected information for purposes that are related to our core business of providing managed IT services. The main purposes for which we collect, hold, and use personal information include:

Providing and Managing Services: We use your information to deliver our managed IT services to you. This includes setting up and administering user accounts, monitoring your IT infrastructure, managing endpoints, performing data backups, and resolving support issues. For example, we might use device and user data to proactively detect an issue on a workstation and notify you. All use of personal data in this context is aimed at maintaining and supporting your IT systems as part of our service agreement.
Communication: We use contact information (like email and phone numbers) to communicate with you about service-related matters. This may include sending service notifications, alerts about your systems (e.g. a detected threat or outage), maintenance announcements, updates to our services, and responding to inquiries or support requests you initiate. We may also contact you to provide user support or to ask for feedback on our services.
Improvement and Analytics: We may analyze aggregated usage data (such as common support issues or system performance metrics) to improve our services and troubleshoot problems. For instance, we might review support ticket trends to identify frequently occurring issues and enhance our solutions. This analysis is done on de-identified or aggregate data; it does not focus on any one individual’s personal information.
Backup and Recovery Operations: If we are managing your data backups, we use the data you entrust to us solely to perform backup, storage, and restoration as needed. In the event of data loss at your end, we use the backed-up data to restore your systems to their previous state. We do not access or use the contents of your files except as necessary to verify backup integrity or perform recovery during an incident.
Security and Risk Management: Information (like log-in logs or network traffic data) may be used to secure your systems and our services. For example, we might review logs or alerts to detect unauthorized access or malware on your network. We also use data internally to ensure the security of our own platforms and to prevent fraud or misuse of our services.
Business Administration: We will use some information for internal business operations such as billing, account management, maintaining our client records, and enforcing our terms of service. For example, we’ll use your contact details to send invoices and process payments, or to remind you about contract renewals.
Marketing (Opt-in): From time to time, we may use your contact information to inform you of new services, features, or special offers that we believe could benefit your business. We will only send you marketing communications if you have consented to receive them, or if you would reasonably expect to receive such communications from us in the context of our relationship (e.g. existing clients). You can unsubscribe or opt-out of marketing messages at any time by contacting us or using the unsubscribe link provided in emails. We will respect your choice and refrain from sending further marketing materials once you opt out.
Legal Compliance and Protection: Where required, we will use your information to comply with legal obligations. For instance, we may retain certain records to fulfill taxation or accounting requirements, or use/disclose information if needed to respond to lawful requests by government authorities. We may also use and disclose information as necessary to enforce our contracts or to protect our rights, property, or safety (or that of our clients and others), for example in investigating a security incident or fraud.

We will not use your personal information for purposes other than those outlined above unless we obtain your consent or are required/allowed by law to do so. If we ever need to use your information for a new purpose that is not related to the original reason it was collected, we will seek your permission first. We may use personal information for secondary purposes that are closely related to the primary purpose (in circumstances where you would reasonably expect such use). In all cases, we aim to be transparent about why we are collecting your data and how we plan to use it. If you have any questions about the purpose of any data collection, please feel free to ask.

Disclosure to Third Parties

AUIT understands the importance of keeping your information confidential. We do not sell or rent your personal information to third parties for marketing or any other purposes. We only disclose personal information to third parties in a few circumstances, such as:

Service Providers (Processors): We may share necessary personal information with third-party providers that help us deliver our services. This includes, for example, secure data center and cloud infrastructure providers, telecommunications providers, software vendors (such as remote management, monitoring, or ticketing software), and backup storage providers. Any third-party we engage will only use your information to perform services on our behalf, and we contractually require them to handle data with strict confidentiality and security. All such providers that store or process data for us are located in Australia and/or operate on systems within Australia, so your data remains within Australian jurisdiction. We also take steps to ensure these providers meet high security standards (for instance, our data center partners are ISO 27001 certified or equivalent).
Your Organization and Authorized Contacts: If you are an end-user or employee of one of our business clients, we may share certain information about your use of our services with the account holder (your employer or the organization that engaged us). For example, when we resolve a support ticket you raised, we might report the outcome to your company’s IT manager. We only share such information internally within your organization as needed for service and oversight purposes, under the direction of our client.
Legal Requirements: We may disclose personal information to government agencies, law enforcement, regulators, courts, or other authorities if required to comply with a legal obligation, or in response to a lawful request (such as a subpoena, warrant, or court order). We will only do so after verifying the request’s validity and only the minimum data necessary will be disclosed.
Consent: We will disclose your personal information to a third party if you have given us your explicit consent to do so. For example, if you ask us to coordinate with a third-party vendor or consultant on an IT project and authorize us to share relevant details, we will do so with your permission.
Business Transfers: In the event that AUIT undergoes a business transaction such as a merger, acquisition by another company, or sale of all or part of our assets, personal information we hold may be among the assets transferred. In such cases, we will ensure that the new owner similarly honors the commitments we have made in this Privacy Policy regarding your personal information. We will also notify you or provide an announcement on our website if a transfer affects your personal data, so you remain informed.

Outside of the situations above, we do not disclose your personal information to any other third parties. In particular, we do not share or transfer personal data to any overseas recipients. All customer data is kept within Australia in line with our data residency commitment. If in the future we consider disclosing information overseas, we will update this policy and comply with APP requirements for cross-border data disclosure.

Data Security and Storage

We take the security of your data extremely seriously and implement robust measures to protect it. AUIT maintains physical, electronic, and managerial security practices to safeguard personal information against risks such as loss, misuse, unauthorized access or disclosure, alteration, and destruction. Key aspects of our data security program include:

Secure Australian Data Centers: All personal information and customer data we hold is stored on secure servers located in Australia. We utilize reputable Australian data centers and cloud services with strong security credentials (for example, facilities that are certified to ISO/IEC 27001 standards for information security management). By keeping data onshore, we ensure it is protected under Australian data protection laws and avoid the risks of overseas transfers.
Encryption and Access Control: We employ encryption to protect personal data during transmission and in storage wherever feasible. For instance, our websites and remote management tools are encrypted using HTTPS/TLS, and any sensitive credentials or backup data we store is encrypted at rest. We also restrict access to personal information on a need-to-know basis: only authorized AUIT staff or contractors who require the information to perform their duties are granted access. User accounts are protected by strong passwords (and multi-factor authentication where applicable), and our internal systems are monitored for unauthorized access attempts.
Organizational Policies and Training: AUIT has internal policies and procedures designed to maintain security and confidentiality. We train our employees about their privacy and security obligations, and we ensure that staff handling personal information are aware of the need to keep it confidential. We also require any contractors or partners to adhere to similar security and privacy standards.
Network and Endpoint Security: As an IT service provider, we utilize advanced security tools to protect data, including firewalls, intrusion detection systems, anti-malware software, and endpoint protection on devices. We actively monitor our networks and the systems we manage for any signs of compromise. Regular vulnerability assessments and updates are carried out to keep systems secure.
Backups and Business Continuity: Data entrusted to us is regularly backed up (with encryption) to prevent loss. In the case of any system failure or disaster, we have business continuity and disaster recovery plans to ensure data can be restored and our services can continue with minimal disruption.
Audit and Compliance: We periodically review and audit our security controls to ensure they remain effective and up-to-date with evolving threats. Our commitment to standards like ISO 27001 means we follow a continual improvement process for information security. We also remain compliant with relevant Australian regulations such as the Notifiable Data Breaches scheme under the Privacy Act. This means if an eligible data breach occurs (for example, a serious security incident involving personal information), we will promptly notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by law.

Despite our stringent security measures, no method of electronic storage or transmission is 100% secure. However, we strive to use industry best practices to protect your personal data. In the unlikely event of a security breach, we will take immediate steps to mitigate the issue and prevent further unauthorized access.

We retain personal information only for as long as it is needed for the purposes described in this Policy (or as required by law). When we no longer require personal information (and when retention is not required by law or a legitimate business purpose), we take reasonable steps to destroy or permanently de-identify the information. For example, we may securely erase electronic files or shred physical documents containing personal data. Backup data is purged or overwritten on a regular schedule once it exceeds the retention period.

Cookies and Website Analytics

Like many websites, the AUIT website uses “cookies” and similar technologies to enhance user experience and gather information about visitors. Cookies are small text files placed on your computer or device when you visit our site. We use cookies for several purposes, including:

Essential Functions: Some cookies are necessary for our website to function properly. For instance, if our site has a client login portal or remembers your preferences (such as your preferred contact details in a form), cookies enable those features. These cookies do not collect personal information beyond what is necessary for the service.
Analytics and Performance: We use cookies to collect anonymous information about how visitors use our website. This data helps us understand which pages are popular, how users navigate the site, and where we can improve the user experience. For example, we might use Google Analytics or a similar tool that sets cookies to track page view statistics. The information collected (such as your IP address, browser type, pages visited and time spent) is aggregated and does not directly identify you. It is used solely for statistical analysis so we can make our website more useful and effective.
Security and Spam Prevention: We may use cookies or third-party services (like Google reCAPTCHA) to help secure our website, e.g. to distinguish genuine users from bots and protect our contact forms from spam. These services may set a cookie or collect certain information (like mouse movements or IP address) to function. This is done to ensure that interactions with our site are authentic and secure.

All cookies used by AUIT are handled in compliance with the Privacy Act. Cookies by themselves do not tell us who you are, but if you have voluntarily submitted personal information to us (such as via a contact form), cookies may be associated with that information in our systems to provide a tailored experience (for example, remembering your login session). We do not use cookies to serve targeted advertising, and we do not share cookie data with third-party advertisers.

You have control over cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies or notify you when a cookie is being placed. You can also delete cookies from your device at any time. Please note, however, that if you disable or reject cookies, some features of our site may not function correctly (for example, you might not be able to log in or have your preferences remembered).

By continuing to use our website without disabling cookies, you consent to our use of cookies as described in this section. We include this disclosure about cookies in our Privacy Policy as a matter of transparency and best practice, ensuring you are informed about what data is collected through your visit to our site.

Your Rights: Access and Correction

AUIT respects your rights to know about and control your personal information. Under Australian privacy law, you have the right to request access to personal information that we hold about you, and to request correction of any inaccuracies. We have processes in place to help you exercise these rights:

Accessing Your Information: You may request details of the personal information we hold about you at any time. If you would like a copy of your data or to confirm what information we have, please contact us (see Contact Us section below). For security reasons, we will need to verify your identity before releasing any personal data – for example, we might ask you to submit the request in writing and provide a form of identification. This is to ensure we do not inadvertently give your information to an unauthorized person. In normal circumstances, we will provide you with access to your information within a reasonable timeframe. If for some reason we are unable to grant access (for instance, if it would unreasonably affect someone else’s privacy or if it relates to anticipated legal proceedings), we will explain the reasons and, where possible, work with you to provide an appropriate solution. We will not charge you any fee for lodging an access request. However, if fulfilling your request requires significant resources (e.g. retrieving archived data or producing a large volume of material), we may charge a reasonable administration fee for the cost of providing you with copies. We will let you know in advance if any such fee applies, and it will only cover our direct costs.

Correcting Your Information: We take reasonable steps to ensure that the personal information we collect is accurate, up-to-date, and complete. If you believe any information we hold about you is incorrect, incomplete, or outdated, you have the right to request that we correct it. You can contact us with details of the information to be changed, and we will promptly update our records. If we are unable to correct your information (for example, if we disagree that the information is incorrect), we will let you know the reason. You then have the right to provide a statement outlining the correction you sought, and we will keep that statement with the relevant record. Our goal is to make sure we have the correct facts so we can continue to provide quality services to you.

Opting Out of Communications: As mentioned earlier, if you have subscribed to any of our marketing communications or newsletters, you can opt out at any time. Every marketing email will include an “unsubscribe” link. You can also instruct us directly (via email or phone) to stop sending you marketing material, and we will comply promptly. Note that even if you opt out of marketing messages, we may still send you essential service or transactional communications (such as invoices or security alerts) as these are not promotional.

Anonymity: Wherever lawful and practicable, you have the option to remain anonymous or use a pseudonym when dealing with us. For example, if you just have a general inquiry about our services, you do not have to provide your name. However, for most of our managed IT services, we need to know who we are dealing with to effectively assist you (especially for support and security reasons). In such cases, we might not be able to provide certain services or support if you choose not to identify yourself.

Complaints and Feedback

We take privacy compliance very seriously. If you have a concern or complaint about how we have handled your personal information, please let us know so we can address the issue. You can contact us using the details in the Contact Us section. Please provide as much information as possible about your concern, and any supporting details. We will acknowledge your complaint and investigate it promptly. Our aim is to resolve all privacy complaints in a fair and efficient manner.

If you make a privacy complaint, we will respond to you as soon as practicable, typically within 30 days. We may ask for further information if needed and will inform you of the outcome of our investigation. If a mistake or failure on our part is identified, we will take steps to fix it and to prevent it from happening again.

If you are not satisfied with our response to your privacy complaint, you have the right to escalate the matter to the Office of the Australian Information Commissioner (OAIC). The OAIC is the independent regulator for privacy in Australia. You can contact the OAIC to lodge a complaint using the details below:

Office of the Australian Information Commissioner (OAIC):
Website: oaic.gov.au
Telephone: 1300 363 992 (within Australia)
Mailing Address: GPO Box 5218, Sydney NSW 2001, Australia.

We value your feedback on our privacy practices. If you have any questions or suggestions regarding this Privacy Policy or how we protect your information, please feel free to contact us.

Changes to This Policy

From time to time, AUIT may update or amend this Privacy Policy to reflect changes in our practices or to ensure compliance with new laws and regulations. We reserve the right to modify this Policy at any time. If we make any significant changes, we will post the updated Privacy Policy on our website (at auit.com.au) and update the effective date. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Where appropriate (and required by law), we may also notify you directly of material changes – for example, via email or through a notification on our client portal.

Your continued use of our services or our website after any changes to this Privacy Policy will be deemed acceptance of those changes. This Privacy Policy is intended to be readily accessible to you; the latest version will always be available on our website.

This Privacy Policy was last updated on May 7, 2025.

Contact Us

If you have any questions about this Privacy Policy or wish to exercise your privacy rights, please contact us using the information below. We are here to help and will respond as promptly as possible:

AUIT Pty Ltd
Address: Unit 14/98 Sawmill Circuit, Hume ACT 2620, Australia
Phone: (02) 6176 3499 (Office hours: Monday – Friday, 8:30am – 5:30pm AEST)
Email: [email protected] (for privacy inquiries or requests)

You may also reach out to us through the contact form on our website or by emailing your account manager or support contact at AUIT. Please specify that your inquiry is related to privacy so we can route it to our privacy officer or appropriate team member.

We are committed to ensuring the privacy and security of our clients’ information. Thank you for trusting AUIT with your IT managed services needs. We will continue to uphold the highest standards of confidentiality, security, and compliance in all our dealings with your personal data.