Privacy Policy
1. About This Policy
CISO PTY LTD ("we", "us", "our"), trading as CISO24 and CISOHub, is committed to protecting your personal information in accordance with the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and applicable provisions of the Spam Act 2003 (Cth). This policy explains how we collect, hold, use and disclose personal information.
2. Information We Collect
We collect personal information that is reasonably necessary for our business functions. This may include:
- Name, email address, organisation and message content submitted via our contact form
- Booking details submitted through our scheduling platform (Cal.com)
- Business contact details provided during engagements or correspondence
- Technical data such as IP address, browser type and pages visited, collected automatically for security monitoring and analytics
We do not collect sensitive information (as defined in the Privacy Act) unless directly relevant to a specific engagement and with your consent.
3. How We Use Your Information
We use personal information to:
- Respond to enquiries and schedule consultations
- Deliver contracted cyber security services
- Communicate service updates or relevant information you have requested
- Maintain security of our website and systems
- Comply with legal and regulatory obligations
We do not use your information for direct marketing unless you have opted in, and you may opt out at any time.
4. Third-Party Services
We use the following third-party services that may process personal information on our behalf:
- EmailJS — processes contact form submissions
- Cal.com (cal.eu) — processes booking and scheduling data
- Cloudflare — provides hosting, CDN and security services
- Google Fonts — delivers web fonts (IP address may be logged by Google)
These providers are bound by their own privacy policies and we select services that offer appropriate data protection measures.
5. Partnerships & Subcontractors
In delivering our services, we may engage trusted partners, subcontractors or specialist third parties to assist with specific aspects of an engagement — for example, penetration testing, specialist auditing, SIEM implementation support, or AI solution delivery. Where this occurs:
- We will inform you prior to sharing any personal or confidential information with a subcontractor
- Subcontractors are bound by confidentiality agreements and are required to handle personal information in accordance with the APPs
- We remain accountable for the protection of your information throughout the engagement
6. Disclosure & Cross-Border Transfer
We do not sell or rent personal information. We may disclose information where required by Australian law, regulation or court order. Some third-party services listed above may store data outside Australia. Before any cross-border transfer, we take reasonable steps to ensure the overseas recipient complies with the APPs or substantially similar protections, consistent with APP 8.
7. Data Security
We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access and modification. Measures include encrypted connections (TLS), content security policies, access controls and regular security reviews. When personal information is no longer needed for any purpose for which it may be used or disclosed, we take reasonable steps to destroy or de-identify it.
8. Your Rights
Under the Australian Privacy Principles, you have the right to:
- Request access to the personal information we hold about you (APP 12)
- Request correction of inaccurate, out-of-date or incomplete information (APP 13)
- Withdraw consent for any processing based on consent
- Lodge a complaint if you believe your privacy has been breached
To exercise these rights, contact us at the details below. We will respond within 30 days.
9. Data Breach Notification
In the event of an eligible data breach as defined under the Notifiable Data Breaches (NDB) scheme, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by Part IIIC of the Privacy Act.
10. Cookies & Tracking
This website does not use advertising cookies or third-party tracking pixels. Cloudflare may set essential security cookies for DDoS protection and bot management. No personal profiling is performed.
11. Changes to This Policy
We may update this policy from time to time. Material changes will be noted on this page with an updated effective date. We encourage you to review this page periodically.
12. Contact
For privacy enquiries, access requests or complaints:
CISO PTY LTD
ABN 77 674 597 310 | ACN 674 597 310
Email:
Web: ciso24.org
If you are unsatisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).