Privacy Policy

Compliance365 Pty Ltd 68677952359 ("Compliance365", "we", "us", "our") is committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) (as amended by the Privacy and Other Legislation Amendment Act 2024) and the Australian Privacy Principles (APPs). This policy applies to all personal information collected through our website, services, and business operations.

1. Open and Transparent Management of Personal Information

This policy explains how we collect, use, disclose, and manage personal information. It is freely available on our website at www.compliance365.com.au/privacy or by request via info@compliance365.com.au. We review and update this policy periodically to reflect changes in our practices or applicable law.

2. Anonymity and Pseudonymity

Wherever lawful and practical, you may choose to interact with us anonymously or under a pseudonym — for example, when submitting general website enquiries or using our readiness checklist tools. However, providing your name and contact details is required if you wish to receive a personalised response or engage our services.

3. Types of Personal Information We Collect

We may collect the following categories of personal information:

• Contact and identity details: name, email address, phone number, organisation name, and job title;
• Enquiry and service content: information you provide through contact forms, email, our AI chat tool, or readiness checklist assessments;
• Booking information: name, email, and scheduling preferences provided through our Calendly booking tool;
• Website usage data: IP address, browser type, pages visited, session duration, scroll and click behaviour, and device information — collected via analytics and behavioural tracking tools (see Section 16);
• Business visitor data: company name and approximate location inferred from IP address via our B2B visitor identification tool (see Section 16).

We do not collect sensitive information (as defined under the Privacy Act) such as health, financial, racial, religious, or biometric information, unless you choose to provide it voluntarily and we have obtained your express consent.

4. How We Collect Personal Information

We collect personal information:

• Directly from you when you complete a contact, enquiry, or assessment form on our website;
• When you interact with our AI chat assistant;
• When you book a call via our Calendly scheduling tool;
• When you correspond with us by email or telephone;
• Automatically through website analytics and behavioural tracking tools when you visit our website (see Section 16);
• Through third-party platforms that notify us of business visitors to our website.

5. Unsolicited Personal Information

If we receive personal information we did not request (for example, information included in an unsolicited email), we will assess whether it could have been lawfully collected under the APPs. If not, we will destroy or de-identify it as soon as practicable, unless doing so would be unlawful.

6. Purpose of Collection and Use

We collect and use personal information to:

• Respond to your enquiries and provide information about our services;
• Deliver, manage, and improve our compliance consulting and assurance services;
• Facilitate scheduling and meeting bookings;
• Operate and improve our website, tools, and communications;
• Provide personalised responses through our AI chat assistant;
• Identify business visitors to our website for the purpose of sales outreach (via Apollo.io — see Section 16);
• Send service updates, resources, or event invitations where you have consented to receive these;
• Comply with our legal obligations.

We will not use or disclose personal information for a purpose other than the primary purpose of collection without your consent, unless an exception under the Privacy Act applies.

7. Consent

By submitting personal information to us — whether via a contact form, email, our AI chat tool, or a service engagement — you consent to its collection, use, and disclosure in accordance with this Privacy Policy.

Where we rely on consent for a specific purpose (such as direct marketing), we will seek that consent separately and clearly. You may withdraw consent at any time by contacting us at info@compliance365.com.au. Withdrawing consent may limit our ability to provide certain services or respond to enquiries.

8. Work Performed Within Client Environments

We deliver consulting and managed compliance services within our clients' own secure environments (e.g., Microsoft 365, SharePoint, Intune, Defender, and similar platforms). We do not host, process, or store any sensitive, confidential, or health-related data belonging to client organisations on our own systems. Access to client environments is strictly limited to authorised personnel and is used solely for the purpose of performing contracted services under written engagement terms. Any access arrangements are governed by our client contracts, which include appropriate confidentiality and data handling obligations.

9. AI Chat Tool

Our website includes an AI-powered chat assistant. When you use this feature, the content of your messages is transmitted to a cloud-hosted API endpoint (hosted on Amazon Web Services in Australia and/or the United States) and processed to generate a response.

We recommend you do not enter sensitive personal information, confidential business data, or regulated information into the chat tool. Messages may be retained for a limited period for the purpose of improving service quality, subject to applicable data retention limits.

10. Readiness Checklist and Assessment Tools

Our website provides interactive readiness checklist tools (covering frameworks such as ISO 27001, SOC 2, Essential Eight, and others). These tools collect organisation name, contact name, and email address for the purpose of generating and optionally emailing a personalised PDF assessment report. This information is processed client-side (in your browser) and, where you elect to receive a PDF copy, transmitted via our secure API to your nominated email address. We do not retain checklist responses beyond what is necessary to deliver your report.

11. Disclosure of Personal Information

We may disclose limited personal information to trusted third-party providers who assist us in operating our website, delivering services, and managing communications, including:

• Amazon Web Services (AWS): cloud hosting for our contact form and AI chat API endpoints (regions: ap-southeast-2 / us-east-1);
• Microsoft 365: email, document management, and business operations;
• Google Analytics 4: website performance analytics;
• Microsoft Clarity: website behavioural analytics (session recordings, heatmaps);
• Apollo.io: B2B website visitor identification for sales outreach purposes;
• Calendly: appointment scheduling (name, email, and meeting preferences);
• Google Fonts: web font delivery (IP address disclosed to Google on page load);
• Auditors, professional advisers, or regulators where required by law or professional obligation.

We do not sell personal information to third parties. We take reasonable steps to ensure third-party providers handle personal information in a manner consistent with the APPs and applicable privacy law.

12. Direct Marketing

We may send marketing communications about our services, resources, or events where you have consented to receive them, or where permitted under applicable law. Each marketing communication will include a clear mechanism to opt out. You can unsubscribe at any time by selecting "unsubscribe" in any email or by contacting us at info@compliance365.com.au. We will action opt-out requests promptly and within 5 business days.

13. Cross-Border Disclosure

Some of our third-party service providers store or process data outside Australia, including in the United States and European Economic Area. These providers include AWS, Google, Microsoft, Apollo.io, and Calendly. Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure that recipient does not breach the APPs in relation to that information. By using our website or services, you acknowledge that your information may be transferred to and processed in countries outside Australia, consistent with APP 8.

14. Government Identifiers

We do not adopt, use, or disclose government-issued identifiers (such as Tax File Numbers, Medicare numbers, or driver licence numbers) as our own identifiers for individuals, except as required or authorised by law.

15. Quality, Security, and Retention of Personal Information

We take reasonable steps to ensure that personal information we hold is accurate, complete, and up to date. Personal information is stored with appropriate technical and organisational safeguards including encryption in transit and at rest, access controls, and audit logging.

We retain personal information only for as long as necessary to fulfil the purpose for which it was collected, or as required by law. When no longer required, information is securely deleted or de-identified. You may request correction of your personal information at any time.

16. Cookies, Analytics, and Behavioural Tracking

Our website uses the following tools, which may set cookies or collect usage data:

• Google Analytics 4 (GA4): collects anonymised usage data including pages visited, session duration, and approximate geographic location. Data is processed by Google LLC (United States). Google Privacy Policy.
• Microsoft Clarity: records anonymised session replays, heatmaps, and click/scroll behaviour to help us understand how our website is used. Clarity may record interactions with form fields (excluding sensitive inputs). Data is processed by Microsoft Corporation. Microsoft Privacy Statement.
• Apollo.io: a B2B visitor identification tool that uses your IP address and browsing behaviour to infer your company name and industry for sales outreach purposes. This tool does not identify individuals by name. Apollo Privacy Policy.
• Google Fonts: web fonts loaded from Google servers, which may log your IP address.
• Calendly: sets cookies when you visit our booking page and collects name, email, and scheduling preferences. Calendly Privacy Policy.

You may disable cookies or limit tracking via your browser settings or a browser extension such as uBlock Origin. Note that disabling cookies may affect the functionality of some features. Our analytics tools are loaded only after page load (lazy-loaded) to minimise unnecessary data collection.

We do not use cookies for automated decision-making that produces legal or similarly significant effects on individuals.

17. Access and Correction

Under the Privacy Act, you have the right to request access to personal information we hold about you, and to request correction of information that is inaccurate, incomplete, or out of date. To make a request, email info@compliance365.com.au with sufficient detail to identify the information concerned. We will respond within 30 days and may require verification of identity before providing access. We will not charge a fee for making an access request, though reasonable costs may apply for complex requests.

If we decline an access or correction request, we will provide written reasons and advise you of available complaint mechanisms.

18. Data Breach Notification

We maintain an internal data breach response plan. In the event of an eligible data breach under the Notifiable Data Breaches (NDB) scheme (Part IIIC of the Privacy Act), we will:

• Assess the breach as soon as practicable;
• Notify the Office of the Australian Information Commissioner (OAIC) as required by law;
• Notify affected individuals if the breach is likely to result in serious harm.

19. Privacy Complaints

If you believe we have breached this policy or your rights under the Privacy Act, please contact us in the first instance at info@compliance365.com.au. We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• Website: www.oaic.gov.au
• Phone: 1300 363 992
• Post: GPO Box 5218, Sydney NSW 2001

20. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal obligations. Material changes will be notified via our website. We encourage you to review this policy periodically. Continued use of our website or services after a change is posted constitutes acceptance of the updated policy.

21. Contact Us

For all privacy enquiries, access requests, or complaints, please contact:

Compliance365 Pty Ltd
Email: info@compliance365.com.au
Website: www.compliance365.com.au

Last updated: May 2026