Privacy Policy

Last Updated: 1 December 2025

Evalu8 Cybersecurity (“we”, “us”, “our”) is committed to protecting your privacy and handling your personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).

This Privacy Policy explains how we collect, use, store, disclose, and protect your personal information.

By using this website or providing your personal information, you agree to the terms of this Privacy Policy.

1. What Personal Information We Collect

We may collect personal information from you when you:

  • complete forms or questionnaires
  • book a consultation
  • subscribe to resources or updates
  • download guides or tools
  • contact us directly
  • interact with our website, systems, or services

The personal information we collect may include:

  • name
  • email address
  • phone number
  • business name
  • business address
  • Australian Business Number (ABN) or Australian Company Number (ACN)
  • role or position within the business
  • website address
  • number of staff
  • industry or business type
  • general business information relevant to cybersecurity assessment
  • your interactions with our communications and website
  • technical information such as IP address, browser type, device data, and pages visited

We do not intentionally collect sensitive information unless you provide it voluntarily and it is relevant to our services.

2. Unsolicited Personal Information

If we receive personal information that we did not solicit, we will:

  • determine whether we could have lawfully collected that information, and
  • if not, destroy or de-identify it as soon as practicable, provided it is lawful and reasonable to do so.

3. How We Collect Your Information

We collect personal information in ways including:

  • directly from you (forms, calls, emails, consultations)
  • through website interactions and analytics
  • through third-party tools used for scheduling, communication, or document handling
  • from publicly available information (where relevant)

We may also collect information via cookies or tracking technologies (see Section 9).

We do not buy, sell, or trade personal information.

4. How We Use Your Information

We use personal information to:

  • provide our cybersecurity coaching, advisory, or evaluation services
  • communicate with you about your booking or enquiry
  • deliver resources, tools, and guides you request
  • improve our website, services, and client experience
  • understand common small business cybersecurity needs
  • send marketing or educational content if you have opted in
  • comply with legal and regulatory obligations

Marketing Communications

You will only receive marketing or educational content if you have explicitly opted in. You may unsubscribe at any time.

Legal Basis for Processing

We collect and use your personal information only where it is:

  • necessary to provide our services
  • necessary to communicate with you
  • required for compliance with Australian law
  • carried out with your consent (where required)

We do not sell your personal information.

5. How We Store and Protect Your Information

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure.

Our security measures include:

  • password protection on all systems
  • multi-factor authentication (MFA) on all cloud services where available
  • access controls limiting who can view your information
  • secure, reputable cloud-based platforms for communication and document handling
  • encrypted storage on platforms that support encryption
  • regular updates and security practices aligned with industry standards

While no system is completely secure, we follow best-practice measures appropriate for a professional cybersecurity advisory business.

6. Data Retention and Destruction

We retain personal information only for as long as necessary to:

  • provide our services
  • support your engagement with us
  • comply with legal and regulatory obligations

When personal information is no longer required, we take reasonable steps to destroy or permanently de-identify it, provided it is lawful and reasonable to do so.

This includes secure digital deletion or permanent anonymisation.

7. Disclosures to Other Parties (Including IT Providers)

We may disclose your personal information to:

  • your nominated IT service provider, but only with your explicit consent and only when necessary to support the services we deliver
  • contractors or service providers assisting with business operations
  • third parties when required by Australian law

We do not disclose your personal information for unrelated marketing purposes.

8. Third-Party Services and Overseas Disclosure

We may use reputable third-party providers for:

  • bookings
  • surveys
  • email communications
  • cloud document storage
  • analytics and website tracking

These providers may store information outside Australia.

By using this website or our services, you consent to this overseas disclosure.

We take reasonable steps to ensure third-party providers comply with privacy and security requirements.

We are not responsible for the privacy practices of external websites linked from our site. We encourage you to read their privacy policies.

9. Cookies, Analytics and Tracking

Our website may use cookies and similar technologies to:

  • analyse website traffic
  • understand how visitors engage with our content
  • improve user experience

You may:

  • disable cookies through your browser settings, or
  • manage preferences through our cookie consent banner (if displayed)

Note: disabling cookies may affect website functionality.

10. Social Media Interactions

You may interact with us through social media platforms such as LinkedIn, Facebook, YouTube, or other channels we use now or in the future.

Any information you share on these platforms is handled according to the privacy policies of the platform provider.

We do not collect, store, or use personal information from social media interactions beyond what is reasonably necessary to respond to your enquiry or engagement.

11. User-Generated Content

We may offer online community spaces such as:

  • Facebook groups
  • LinkedIn groups
  • membership forums
  • private communities for programs or courses
  • comment-enabled areas on our website

Any information you choose to post in these spaces may be visible to other members or the public.

We encourage caution when sharing personal information in these environments.

If you provide feedback, testimonials, or comments, we may use this content for business purposes, but we will only include identifying details with your explicit consent.

12. Accessing or Correcting Your Information

You may request access to the personal information we hold about you — or ask us to correct information that is inaccurate, out of date, incomplete, or misleading.

Email your request to: 

We will respond within a reasonable timeframe.

13. Making a Privacy Complaint

If you believe we have breached the Australian Privacy Principles or mishandled your personal information, you may submit a complaint.

Please contact us at:   

We will:

  • acknowledge your complaint
  • investigate the matter
  • aim to provide a response within 30 days

If you are not satisfied with our response, you may contact:

Office of the Australian Information Commissioner (OAIC) https://www.oaic.gov.au

14. Updates to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page.

Your continued use of this website after any updates are posted constitutes acceptance of the revised policy.

15. Contact Us

For questions about this Privacy Policy or how we handle your personal information, you may contact us at:

Email:

Scroll to Top