Legal

Privacy Policy

We take privacy seriously. This policy explains how we collect, hold, use and disclose personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

Last updated 28 June 2026

1. About this policy

This Privacy Policy applies to Troy Overend, trading as Gold Coast Managed I.T. (ABN 65 425 450 090) of Level 4, 50 Cavill Avenue, Surfers Paradise QLD 4217. It covers personal information we collect through our website, services, social media, email, phone and in person.

We are bound by the Australian Privacy Principles set out in the Privacy Act 1988 (Cth) (Privacy Act) and, where applicable, the Notifiable Data Breaches scheme.

2. What is personal information

"Personal information" has the meaning given in the Privacy Act — generally, information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether recorded in a material form or not.

3. What we collect

3.1 Information you give us

  • Name, business name, email address, phone number and postal address.
  • Job title, role and information about the business you represent.
  • Information you provide in enquiries, support tickets, job applications, contracts and meetings.
  • Payment details (processed by our payment provider — we do not store full card numbers).

3.2 Information we collect automatically

  • Device and browser information, IP address, approximate location, and pages viewed.
  • Cookies and similar technologies — see our Cookie Policy.
  • Service telemetry from devices, networks and applications we manage on your behalf (under your direction).

3.3 Information we collect from third parties

We may collect information from publicly available sources, referral partners, vendors (e.g. Microsoft), credit reporting bodies (only with your consent, where required), and from individuals authorised to act on your behalf.

3.4 Sensitive information

We generally do not collect sensitive information. If we need to, we will obtain your consent unless an exception under the Privacy Act applies.

3.5 Job applicants

For job applicants we may also collect resumes, work history, references, qualifications and the results of background or right-to-work checks (with your consent where required).

4. Why we collect and use personal information

  • To provide, support, maintain and improve our services and respond to enquiries.
  • To send quotes, contracts, invoices and account communications.
  • To detect, prevent and respond to cyber security incidents and abuse of our systems.
  • To meet legal, regulatory, tax and accounting obligations.
  • To send marketing about our services in accordance with the Spam Act 2003 (Cth) — you can unsubscribe at any time using the link in our emails.
  • To assess job applications and conduct recruitment.

5. When we disclose personal information

We may disclose personal information to:

  • Our staff, contractors and professional advisers, on a need-to-know basis.
  • Suppliers and subprocessors that help us deliver our services (e.g. Microsoft 365, hosting providers, helpdesk and PSA tools, backup providers, payment processors).
  • Law enforcement, regulators and courts where required or authorised by law.
  • A purchaser or potential purchaser of our business, under appropriate confidentiality protections.

We do not sell personal information.

6. Overseas disclosure

Some of our service providers store or process data outside Australia, including in the United States and the European Union (for example, Microsoft cloud services, our email provider and analytics provider). Before disclosing personal information overseas, we take reasonable steps to ensure recipients handle it in a way consistent with the APPs, including through contractual protections.

7. How we hold and protect personal information

We hold personal information in secure cloud and on-premises systems. We use a range of administrative, physical and technical safeguards, including:

  • Role-based access controls and multi-factor authentication for staff.
  • Encryption in transit (TLS) and at rest for systems that support it.
  • Endpoint protection, patching and vulnerability management on our internal systems.
  • Staff training on privacy, security and the handling of confidential information.
  • Vendor due diligence for the subprocessors we rely on.

No method of transmission or storage is 100% secure. While we work hard to protect your information, we cannot guarantee absolute security.

8. Data retention

We retain personal information only for as long as needed for the purposes set out in this policy and to meet our legal, tax and contractual obligations. We then take reasonable steps to destroy or de-identify it. Specific retention periods may apply where required by law (for example, tax records under the Income Tax Assessment Act).

9. Your rights — access and correction

You can request access to the personal information we hold about you, and ask us to correct it if it is inaccurate, out of date, incomplete, irrelevant or misleading. To make a request, contact us using the details below. We will respond within a reasonable time (usually within 30 days) and may need to verify your identity first. We do not generally charge for access requests, though a reasonable cost-recovery fee may apply for large or complex requests.

10. Marketing and unsubscribing

Where we send you direct marketing, we comply with the Spam Act 2003 (Cth). Every marketing email includes a clear unsubscribe option, and we honour opt-out requests promptly. You can also email us to be removed from marketing lists.

11. Cookies and analytics

Our website uses cookies and similar technologies. See our Cookie Policy for details on what we use, why, and how to manage your preferences.

12. Data breach response

We have an incident response process to identify, contain, assess and remediate security incidents. Where an eligible data breach occurs that is likely to result in serious harm, we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as required under the Notifiable Data Breaches scheme.

13. Children

Our services are intended for businesses and not directed at children under 16. We do not knowingly collect personal information from children.

14. Complaints

If you believe we have breached the APPs or mishandled your personal information, please contact our Privacy Officer at privacy@goldcoastmanagedit.com.au. We will acknowledge your complaint promptly and aim to respond substantively within 30 days.

If you are not satisfied with our response, you can complain to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or call 1300 363 992.

15. Changes to this policy

We may update this Privacy Policy from time to time. The current version is the one published on this page, with the "Last updated" date at the top.

16. Contact us

Privacy Officer
Troy Overend, trading as Gold Coast Managed I.T.
Level 4, 50 Cavill Avenue, Surfers Paradise QLD 4217
Email: privacy@goldcoastmanagedit.com.au
Phone: 0492 805 556