Who we are
GMAN IT Pty Ltd (ABN 54 682 331 059) trades as GMAN IT and operates from Melbourne, Victoria, Australia. In this policy, “we”, “us” and “our” mean GMAN IT Pty Ltd. “You” means any individual whose personal information we hold.
We are an APP entity under the Privacy Act 1988 (Cth) and handle personal information in accordance with the thirteen Australian Privacy Principles (APPs). This policy explains what we collect, why, how we protect it, and the rights you hold over it.
Information we collect
We collect only the information we need to assess, deliver and support our engagements:
- Identity and contact data — name, business email, phone number, job title, and the organisation you represent.
- Engagement data — your ABN, billing details, and the responses you provide through the Breach Clock risk quiz, Cyber Risk Assessment intake, and contact forms.
- Technical and security data — infrastructure details, asset inventories, log data, and assessment findings necessary to identify and remediate vulnerabilities.
- Usage data — IP address, browser type, and pages visited, collected through cookies and analytics to operate and secure this website.
We do not seek sensitive information (as defined in the Privacy Act) unless it is required for a specific engagement and you consent to provide it.
How we collect information
Wherever it is reasonable and practicable, we collect personal information directly from you — when you complete a form, book a Cyber Risk Assessment, engage our services, or correspond with our team.
During an engagement we may also collect technical information from systems you authorise us to assess. We collect this only under the scope you agree to in writing, and only for the security purpose it was provided for.
How we use information
We use personal information to:
- deliver assessments, managed security, and managed IT services you engage us for;
- respond to enquiries, prepare quotes, and administer bookings and billing;
- generate your risk summary and Cyber Risk Assessment report;
- operate, secure, and improve this website and the Client Portal;
- meet our legal, tax, and regulatory obligations.
We use information for direct marketing only where you would reasonably expect it or have consented. Every marketing message carries a working unsubscribe option, and we honour opt-outs promptly.
Data sovereignty and storage
Personal and corporate data collected through our services — including Cyber Risk Assessment intake and findings — is stored on infrastructure located within Australia. We do not offshore client data as a matter of routine practice.
Where a service genuinely requires an overseas provider, we will identify the country, take reasonable steps to ensure the recipient handles your information consistently with the APPs, and tell you before that disclosure occurs.
When we disclose information
We do not sell personal information. We disclose it only:
- to trusted service providers (such as payment and scheduling platforms) bound by confidentiality and the APPs;
- where you have asked or consented for us to do so;
- where required or authorised by Australian law, a court, or a regulator.
Payments are processed by our payment provider; we do not store full card numbers on our own systems.
How we protect your information
Security is our discipline, not an afterthought. We apply layered technical and organisational controls — encryption in transit and at rest, least-privilege access, multi-factor authentication, monitoring, and staff vetting — to protect information against misuse, interference, loss, and unauthorised access.
We retain personal information only as long as we need it for the purpose collected or as the law requires, after which we securely destroy or de-identify it. If a data breach is likely to cause serious harm, we will act under the Notifiable Data Breaches scheme and notify affected individuals and the OAIC as required.
This website uses cookies to keep the site functioning, remember your preferences, and measure traffic. You can refuse or delete cookies through your browser settings, though some features may not work as intended. Analytics data is used in aggregate to understand and improve how the site performs.
Accessing and correcting your information
Under the APPs you may ask us for access to the personal information we hold about you and ask us to correct it if it is inaccurate, out of date, or incomplete. We will respond within a reasonable period and will explain our reasons if we are unable to give access or make a correction.
We will not charge you for making a request, though a reasonable cost may apply to providing access in some cases.
Complaints
If you believe we have mishandled your personal information or breached the APPs, contact our Privacy Officer using the details below. We will acknowledge your complaint promptly and aim to resolve it within 30 days.
If you are not satisfied with our response, you may refer the matter to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or 1300 363 992.
Contact us
To exercise your rights, raise a privacy question, or make a complaint, contact our Privacy Officer:
GMAN IT Pty Ltd — Privacy Officer
Melbourne, Victoria, Australia
privacy@gmanit.com.au
gmanit.com.au
We may update this policy from time to time. The current version, with its effective date, will always be published on this page.