All IT Services Australia Privacy Policy

Effective Date: 31 March 2026
Last Updated: 31 March 2026

1. Introduction

All IT Services Pty Ltd (“All IT Services”, “we”, “us”, or “our”) is committed to protecting the privacy and security of personal information. We are an Australian managed IT services provider, and we understand the critical importance of data privacy in our industry.

This Privacy Policy sets out how we collect, hold, use, disclose, and otherwise manage personal information in accordance with the Privacy Act 1988 (Cth) (“Privacy Act”), including the Australian Privacy Principles (“APPs”), as amended by the Privacy and Other Legislation Amendment Act 2024 (Cth).

This policy applies to all personal information collected by All IT Services, whether through our website (allitservices.com.au), our IT services and support operations, or any other means.

2. Australian Privacy Principles (APPs) Compliance

We are bound by the APPs contained in the Privacy Act and are committed to complying with all 13 Australian Privacy Principles. This policy is designed to be open, transparent, and easily accessible, in compliance with APP 1.

3. What Personal Information Do We Collect?

The types of personal information we may collect depend on the nature of your interaction with us. This may include:

Identity and Contact Information: Names, email addresses, phone numbers, postal addresses, job titles, and company names.

Technical and IT Service Information: IT system credentials (managed securely on your behalf), device identifiers, IP addresses, network configurations, service desk tickets, remote access session logs, and system performance data collected during the provision of managed IT services.

Financial Information: Billing details, payment information, and account records necessary for providing our services.

Website Usage Data: Information collected automatically when you visit our website, including the domain from which you accessed the internet, date and time of access, referring website addresses, pages accessed, browser type, and operating system.

Communications: Records of correspondence, service requests, feedback, and support interactions.

Employment-Related Information: If you are a prospective employee, we may collect information relevant to your application, including qualifications, work history, and referee details.

We do not intentionally collect sensitive information (such as health information, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, or criminal records) unless required by law, with your explicit consent, or where it is necessary for the provision of IT services (for example, setting up access controls that may involve biometric data).

4. How Do We Collect Personal Information?

We collect personal information through the following means:

Directly from you: When you engage us for IT services, contact us via our website, phone or email, complete a form, subscribe to our newsletters, attend our events, or apply for a position with us.

From third parties: Where necessary and lawful, we may collect personal information from your employer (where they are our client), referees, publicly available sources, industry databases, or other service providers involved in delivering IT services.

Automatically: Through our website via cookies, analytics tools, and similar technologies, as well as through IT monitoring and management tools deployed as part of our managed services.

Where it is reasonable and practicable to do so, we will collect personal information directly from you (APP 3). If we receive unsolicited personal information, we will assess whether we could have lawfully collected it. If not, we will destroy or de-identify the information as soon as practicable (APP 4).

5. Purpose of Collection — Why Do We Collect Personal Information?

We collect and use personal information for the following purposes:

To provide, manage, and support our IT managed services, including helpdesk support, remote monitoring, network management, cybersecurity services, cloud services, and IT procurement.

To communicate with you regarding service delivery, incidents, scheduled maintenance, and updates.

To process billing, invoicing, and payment for our services.

To respond to enquiries, service requests, and feedback.

To improve our services, website, and customer experience.

To comply with legal and regulatory obligations, including data breach notification requirements.

To send you marketing or promotional communications where you have consented or where we are otherwise permitted by law. You may opt out of marketing communications at any time.

To assess employment applications.

We will only use or disclose personal information for the primary purpose for which it was collected, or for a secondary purpose that is directly related and reasonably expected, or where you have consented (APP 6).

6. Direct Marketing

We may use your personal information to send you information about our services, industry insights, cybersecurity alerts, and other communications that we believe may be of interest to you. We will only do so where we have your consent or where otherwise permitted under the Privacy Act.

You may opt out of receiving direct marketing communications at any time by contacting us using the details below or by using the unsubscribe mechanism in our electronic communications. We will action your request promptly and free of charge (APP 7).

7. Disclosure of Personal Information

We may disclose personal information to the following types of third parties where necessary for the purposes outlined in this policy:

Service providers and subcontractors: Technology vendors, cloud hosting providers, software licensors, telecommunications providers, and other IT service partners who assist us in delivering services to you.

Professional advisers: Accountants, auditors, lawyers, and insurers.

Regulatory bodies: Government agencies, regulators, and law enforcement where required or authorised by law.

Related entities: Any related bodies corporate within the All IT Services group.

We will take reasonable steps to ensure that any third party to whom we disclose personal information is bound by privacy obligations consistent with the APPs.

We will not sell your personal information to any third party.

8. Cross-Border Disclosure of Personal Information

In the course of providing IT managed services, we may disclose personal information to overseas recipients, including cloud service providers and technology vendors with operations or data centres located outside Australia. Countries may include the United States, the United Kingdom, the European Union, Singapore, India, and New Zealand.

Before disclosing personal information overseas, we take reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to that information, or that the recipient is subject to a law or binding scheme that is substantially similar to the APPs and that you can enforce (APP 8). Where relevant, we will rely on the overseas data transfer framework established under the Privacy Act, including any countries whitelisted by the Minister as providing substantially similar privacy protections.

9. Data Security

We take the security of personal information seriously. In accordance with APP 11 and the enhanced requirements introduced by the Privacy and Other Legislation Amendment Act 2024, we implement appropriate technical and organisational measures to protect personal information from misuse, interference, loss, and from unauthorised access, modification, or disclosure. These measures include:

Technical measures: Encryption of data at rest and in transit, multi-factor authentication, intrusion detection and prevention systems, firewalls, endpoint protection, regular vulnerability scanning, and access controls based on the principle of least privilege.

Organisational measures: Staff training on privacy and data handling obligations, access restricted to authorised personnel on a need-to-know basis, confidentiality agreements, documented incident response procedures, and regular review of security policies and practices.

When personal information is no longer needed for any purpose for which it may be used or disclosed under the APPs, and we are not required by law to retain it, we will take reasonable steps to destroy or de-identify the information.

10. Notifiable Data Breaches

We comply with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act. In the event of an eligible data breach — where unauthorised access to, or disclosure or loss of, personal information is likely to result in serious harm — we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as soon as practicable.

We maintain an active data breach response plan and conduct regular testing to ensure readiness.

11. Substantially Automated Decision-Making

In accordance with the new transparency obligations introduced by the Privacy and Other Legislation Amendment Act 2024 (commencing 10 December 2026), we are committed to transparency about any use of substantially automated decision-making that uses personal information and could reasonably be expected to significantly affect an individual’s rights or interests.

As at the date of this policy, All IT Services does not use substantially automated decision-making processes that significantly affect individuals’ rights or interests. Should this change, we will update this policy to include details of any such automated decisions, the types of personal information used, and how individuals may seek a review of such decisions.

12. Privacy of Children

Our services are directed to businesses and not to children under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child, we will take reasonable steps to delete or de-identify that information.

We note the requirement under the Privacy and Other Legislation Amendment Act 2024 for the OAIC to develop a Children’s Online Privacy Code by 10 December 2026, and we will comply with any applicable requirements when that code is registered.

13. Statutory Tort — Serious Invasion of Privacy

We acknowledge the new statutory tort for serious invasions of privacy introduced by the Privacy and Other Legislation Amendment Act 2024. We are committed to respecting individuals’ privacy rights and take all reasonable steps to prevent any intrusion upon seclusion or misuse of personal information.

14. Accessing and Correcting Your Personal Information

You have the right to request access to the personal information we hold about you (APP 12). You also have the right to request correction of any personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading (APP 13).

To request access to or correction of your personal information, please contact us using the details below. We will respond to your request within a reasonable period (generally within 30 days) and will not charge you for making the request, although we may charge a reasonable fee for providing access if significant resources are required to locate and compile the information.

If we refuse a request for access or correction, we will provide you with a written explanation of the reasons for the refusal and the mechanisms available to you to complain about the refusal.

15. Complaints

If you believe that we have breached the APPs or that your privacy has been interfered with, you may lodge a complaint with us. Please contact us using the details below, and we will investigate your complaint and respond to you in writing within 30 days.

If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC):

Office of the Australian Information Commissioner
Website: www.oaic.gov.au
Phone: 1300 363 992
Email: enquiries@oaic.gov.au
Post: GPO Box 5218, Sydney NSW 2001

16. Cookies and Website Analytics

Our website uses cookies and similar tracking technologies to improve user experience and analyse website traffic. Cookies are small text files stored on your device that help us understand how visitors interact with our website.

You can manage your cookie preferences through your browser settings. Disabling cookies may affect the functionality of certain features on our website.

We may use third-party analytics services (such as Google Analytics) that collect anonymised or de-identified data about website usage. This data does not personally identify you.

17. Links to Other Websites

Our website may contain links to external websites. We are not responsible for the privacy practices or content of those websites. We encourage you to review the privacy policies of any external websites you visit.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated policy on our website with a revised “Last Updated” date. We encourage you to review this policy periodically.

Material changes will take effect when posted on our website. Where practicable, we will notify you of significant changes by email or through a notice on our website.

19. How to Contact Us

If you have any questions about this Privacy Policy, wish to make a request regarding your personal information, or would like to lodge a complaint, please contact us:

All IT Services Pty Ltd
Phone: 1300 425 548
Website: allitservices.com.au/contact
Email: info@allitservices.com.au

This Privacy Policy was last updated on 31 March 2026 and is compliant with the Privacy Act 1988 (Cth) as amended by the Privacy and Other Legislation Amendment Act 2024 (Cth).