Privacy Policy

Last updated: 20 May 2026  |  Effective: 20 May 2026

TechAssist MSP Pty Ltd (ABN 87 665 988 750) trading as TechAssist (“TechAssist”, “we”, “us”, “our”) is committed to protecting the privacy of personal information we collect, hold, use and disclose. We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This policy explains how we handle personal information of website visitors, prospective clients, current clients, end users of our services, suppliers, and others who interact with us in the course of business. By using our website, engaging our services, or providing personal information to us, you acknowledge the practices set out in this policy.

1. What personal information we collect

We collect personal information that is necessary for one or more of our business functions or activities. Depending on your relationship with us, this may include:

• Identity and contact information — name, job title, business name, business address, postal address, email address, phone number.
• Service delivery information — information required to deliver managed IT, cybersecurity, and cloud services, including authentication credentials supplied by your organisation, device identifiers, network configuration data, system event logs, and ticket history.
• Communications — records of telephone calls, emails, support tickets, instant-message conversations, meeting notes, and other correspondence between you and our staff.
• Billing and financial information — billing contact details, purchase order numbers, and bank or payment processor reference data (we do not store full credit card numbers — payments are handled by accredited third-party processors).
• Website information — IP address, browser type, device identifier, referring URL, pages visited, and date and time of access, collected through standard server logs.

Sensitive information. We do not generally collect sensitive information (as defined in the Privacy Act). Where collection is necessary — for example, accessibility or health information needed to deliver a service to a specific user — we will only collect it with your consent or where authorised by law.

2. How we collect personal information

Wherever practical, we collect personal information directly from you. We may collect it through:

• Website enquiry forms and contact forms.
• Email, telephone, video conferencing and in-person conversations.
• Service delivery interactions (helpdesk tickets, remote support sessions, on-site visits).
• Onboarding documentation supplied during the commencement of services.
• Automated logging from managed devices, network equipment, and cloud platforms operated under your engagement with us.

Occasionally we may collect personal information about you from a third party — for example, a referee provided by your business, a referrer who has introduced us, or a publicly accessible source such as your business website or registered company information.

3. Anonymity and pseudonymity

Where lawful and practicable, you may interact with us anonymously or using a pseudonym — for example, when making a general enquiry. In most service delivery contexts (such as raising a support ticket on a managed device), anonymity is not practical because we need to identify the affected user and authorisation level.

4. How we use your personal information

We use personal information for the primary purpose for which it was collected, and for related secondary purposes you would reasonably expect. Specifically, we may use your information to:

• Respond to enquiries, prepare proposals, and provide quotations.
• Deliver, support, monitor, and bill for the IT, cybersecurity, and cloud services we provide to you or your organisation.
• Maintain accurate documentation of your environment, ticket history, and service consumption.
• Send service-related communications (maintenance notices, security advisories, change notifications, billing).
• Comply with our legal, regulatory, and industry obligations — including incident response, breach notification, audit, and tax obligations.
• Improve our services based on aggregated, de-identified usage and operational data.
• Manage and resolve complaints.

5. Direct marketing

We may, from time to time, send you marketing communications relevant to our services — for example, an occasional newsletter, a service update, or an invitation to an industry event. We will only send marketing communications where we have your consent or where the communication is permitted under the Privacy Act and Spam Act 2003 (Cth).

Every marketing communication we send will include an unsubscribe link. You can also opt out at any time by emailing privacy@techassist.com.au with the word “unsubscribe” in the subject.

We do not sell, rent or trade personal information to other organisations. We do not use personal information for advertising profiling.

6. Disclosure of personal information

We may disclose personal information to:

• Our staff and contractors — on a need-to-know basis for service delivery, support, and administration. All staff and contractors are bound by confidentiality obligations.
• Third-party service providers we use to deliver our services to you — including cloud platform providers (such as Microsoft, vendors of remote-monitoring and management software, security vendors, payment processors, accounting software providers, and document storage providers). These providers are contractually required to handle personal information in line with the Privacy Act.
• Your nominated representatives — for example, individuals you have authorised to act on your account.
• Government, law enforcement, and regulatory bodies — where required or authorised by law (including under the Notifiable Data Breaches scheme), or in response to a lawful request.
• Professional advisors — our auditors, lawyers, insurers, and accountants, where required to do so for legitimate business reasons.

7. Overseas disclosure

Some of the cloud platforms, software-as-a-service providers and infrastructure providers we use to deliver our services store or process personal information outside Australia. We take reasonable steps to ensure that any overseas recipient handles your personal information in accordance with the Australian Privacy Principles.

Wherever practicable, we use Australian data centres for the storage of client personal information (including, where you have engaged us to manage Microsoft 365 services, the Australian Microsoft cloud regions). However, certain ancillary services — including some security telemetry, threat intelligence, support tooling, and email delivery — may involve transfer to or storage in the United States, Europe, or other jurisdictions with adequate privacy protections.

8. How we store and protect personal information

We take reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. These measures include:

• Encryption of personal information in transit and at rest where practicable.
• Multi-factor authentication on systems holding personal information.
• Role-based access control with least-privilege principles.
• Endpoint detection and response, patching, and vulnerability management aligned to the ACSC Essential Eight.
• Staff training in cybersecurity and privacy practices.
• Audit logging and monitoring of access to personal information.
• Regular backups and tested disaster recovery procedures.
• Secure disposal of personal information when no longer required.

No security measure is perfect. If we become aware of an eligible data breach affecting your personal information, we will notify you and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme.

9. Retention and disposal

We retain personal information only for as long as is reasonably necessary to deliver the services for which it was collected, meet our legal and regulatory obligations, and resolve disputes. When personal information is no longer required, we take reasonable steps to securely destroy or de-identify it.

10. Your rights — access and correction

Under the Privacy Act, you have the right to request access to the personal information we hold about you and to request correction of any information that is inaccurate, incomplete or out of date.

To make an access or correction request, contact us using the details in Section 13. We will respond within a reasonable period (generally 30 days) and may need to verify your identity before providing access. In some cases we may refuse access where the law allows or requires — for example, where access would prejudice the privacy of another person. If we refuse, we will provide written reasons.

There is no fee to make a request. If a request involves significant effort to comply, we may charge a reasonable cost-recovery fee and will agree this with you before commencing work.

11. Website, cookies and analytics

Our website uses cookies for essential functionality (such as session handling and security) and for visitor analytics. We do not currently run third-party advertising cookies, behavioural retargeting pixels, or social media tracking widgets that follow you across other sites.

Google Analytics and Google Search Console

We use Google Analytics 4 (GA4), integrated through the Google Site Kit plugin, to understand how visitors find and use our website. This helps us improve content, navigation, and the services we offer. Google Analytics:

• Sets first-party cookies (commonly _ga and _ga_*) to distinguish unique visitors and sessions.
• Collects technical information including IP address (anonymised before processing), browser type, device type, operating system, referrer, pages viewed, time on site, and broad geographic region.
• Transmits this information to Google LLC servers, which may be located in the United States or other jurisdictions Google operates in. Google is bound by its own privacy commitments and the relevant cross-border data transfer mechanisms.
• Does not collect personally identifiable information such as your name or email address through this tracking.

We use the analytics data in aggregate only. We do not use it to build individual marketing profiles, sell to third parties, or combine with personally identifiable information you provide through our contact forms.

Opting out of Google Analytics. If you do not want Google Analytics to record your visits, you can install the official Google Analytics Opt-out Browser Add-on, or disable cookies in your browser settings. Doing so will not affect your ability to use this website.

Server logs

Standard web server logs separately capture IP address, browser type, pages requested, and timestamps for operational, performance, and security purposes (including detection of malicious activity). This data is held for a limited period and is not used to build a marketing profile.

Cookie control

You can disable or delete cookies through your browser settings. Most modern browsers also offer “private” or “incognito” modes that limit cookie persistence. Disabling cookies will not materially affect your ability to use the public areas of this website, though some features (such as form submission) may not work correctly without essential cookies enabled.

12. Complaints

If you believe we have breached the Privacy Act or this policy, please contact us in the first instance using the details in Section 13. We take complaints seriously and will respond within a reasonable timeframe — generally within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

Office of the Australian Information Commissioner
GPO Box 5288, Sydney NSW 2001
Phone: 1300 363 992
Website: www.oaic.gov.au

13. Contact us

For privacy queries, data access requests, complaints, or to update your contact preferences:

TechAssist MSP Pty Ltd  |  ABN 87 665 988 750
Email: privacy@techassist.com.au
Phone: 1300 028 324
Postal: Melbourne, Victoria, Australia

14. Changes to this policy

We may update this policy from time to time to reflect changes in our practices, legal obligations, or the services we offer. The “Last updated” date at the top of this page indicates the most recent revision. Material changes will be communicated to existing clients via email. We recommend you review this page periodically.