Privacy Policy

1. What we collect

Personal information collected through conscierra.au, our portals, the contact form, or the standard performance of our services may include:

• Names, business addresses, business email addresses, phone numbers
• Company / organisation identifiers
• Information you provide in enquiry messages
• IP address and basic browser metadata (collected automatically for security + analytics)
• Cookie data (see Cookie Policy)

Personal information is defined under the Act as information about an individual whose identity is apparent or reasonably ascertainable. Aggregated and anonymised information that does not identify individuals is not personal information under the Act.

2. How we use it

Personal information you provide is used for the primary purpose you provided it — typically responding to enquiries, delivering services under a current engagement, account administration, security operations, and statutory record-keeping — and for directly related secondary purposes.

Automatically-collected information (logs, usage telemetry) is aggregated for internal analysis to improve and maintain our websites and services. Aggregated information does not identify individuals and is not republished externally except in anonymised form.

3. Disclosure

We do not sell personal information. We will not disclose your personal information without your consent except:

• Where the disclosure is required or authorised by law
• Where the disclosure is necessary to prevent or lessen a serious and imminent threat to the life or health of an individual
• To approved sub-processors who deliver part of our services under written data processing agreements that bind them to the same protection standards as ours (Microsoft Azure, Xero, Mailchimp where applicable, and others disclosed on request)

We are not responsible for the privacy practices of external websites linked from conscierra.au.

4. Retention & destruction

Personal information that is no longer required by us — and that we are not required by law to retain — is destroyed in accordance with our certified Record Keeping Policy and Data Security Policy.

Standard retention defaults:

• Contact form enquiries: 24 months after last contact, then destroyed
• Engagement-related records: retained for the contract term + 7 years (financial / regulatory minimum)
• Operational telemetry / security logs: 12 months

5. Your rights

Under the Queensland Information Privacy Act 2009 and the Commonwealth Privacy Act 1988 (Australian Privacy Principles), you have the right to:

• Request access to your personal information we hold
• Request correction of inaccurate information
• Request deletion where retention is not required by law
• Complain about how we handle your personal information

To exercise these rights or make a complaint, contact:

If your complaint is not resolved to your satisfaction, you may also contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

6. Cookies

Our website uses cookies. See our Cookie Policy for details on what we set, why, and how to manage your preferences.

7. Security

We hold ISO 9001 (Quality Management) and ISO/IEC 27001 (Information Security Management) certifications, and align our delivery to ISO/IEC 42001:2023 (AI Management Systems). Personal information is protected by access controls, encryption in transit and at rest, logging and monitoring, and incident response per our certified Security Incident Management Policy.

In the event of an information security incident involving personal information, we will notify affected individuals and the OAIC in accordance with the Notifiable Data Breaches scheme of the Privacy Act 1988.

8. Changes to this policy

We may revise this policy from time to time. The current effective date appears below. Substantive changes will be highlighted on this page for a period of at least 30 days before they take effect.

Effective

17 May 2026

Last reviewed

17 May 2026

Responsible

Managing Director, B & A Technologies Pty Ltd

Contact

info@conscierra.au