CyberCX launches updated Ransomware and Cyber Extortion Best Practice Guide 

Privacy Policy

1. Purpose

CyberCX is committed to protecting the privacy of personal data we handle. We take our obligations under privacy laws seriously and have prepared this document to set out our policy on the protection and handling of personal data and explain more about your privacy rights and inform you of the following:

  • The Personal Data we will collect;
  • Use of collected Personal Data;
  • Who has access to the Personal Data collected;
  • The rights of site users
  • Use of cookies.

This privacy policy applies in addition to the Terms and Conditions of our Site.


For users in the European Union, we adhere to the Regulation (EU) 2016/679 of the European Parliament and of the Council of27 April 2016, known as the General Data Protection Regulation (the “GDPR”).

For users in the United Kingdom, we adhere to the GDPR as enshrined in the Data Protection Act 2018 as relevant also referred to as (the “GDPR”).

We have not appointed a Data Protection Officer as we do not fall within the categories of controllers and processors required to appoint a Data Protection Officer under Article 37of the GDPR.

3. Consent

By using our Site users agree that they consent to the conditions set out in this Privacy Policy.

Users also consent when they engage with us to provide consultant services; communicate with us via social media, phone or email; apply for employment with us; or become a supplier.

When the legal basis for us processing your Personal Data is that you have provided your consent to that processing, you may withdraw your consent at any time. If you withdraw your consent, it will not make processing which we completed before you withdrew your consent unlawful.  You can withdraw your consent via our opt-out form here

4. Legal Basis for Processing

We collect and process personal data about users in the EU only when we have a legal basis for doing so under Article 6 of the GDPR.

We rely on the following legal bases to collect and process the personal data of users:

  1. Users have provided their consent to the processing of their data for one or more specific purposes;
  2. Processing of user personal data is necessary for us or a third party (including our customers) to pursue a legitimate interest. Our legitimate interest is not overridden by the interests or fundamental rights and freedoms of users. Our legitimate interest(s) are: performing contract obligations, provision of information in response to your requests, provision of demonstrations, or making precontractual arrangements with you
  3. Recruit and consider potential employees or applications for employment with us
  4. Consider a potential contractor’s engagement with us
  5. Develop, provide, and improve our services and solution
  6. Inform about our services and solutions
  7. Obtain feedback on our services and solutions
  8. Conduct administrative and business functions
  9. Update our records and keep contact details up to date
  10. Enable you to subscribe to newsletters and mailing lists
  11. Process and respond to privacy questions, concerns and complaints
  12. Fulfil legal and contractual obligations
  13. Undertake any other purpose related to or ancillary to any of the above If you do not provide us with all or part of your personal data, we may not be able to carry out the purposes which are set out above, including the provision of services to you.

5. Types of personal data we collect

The types of personal data we collect, and hold include name, contact details, identification, affiliations, dealings and transactions with us, including by phone, email and online, Internet protocol address, browser type, domain names, times, and operating system. If you apply to work with us, we also collect information about your education, experience, character and background checks including eligibility to work, vocational suitability, identity, health, reference, directorship, financial probity, and criminal record checks. In addition, if you join us, we collect information about your employment or engagement including information about your performance, conduct, use of our IT resources and payroll matters.

6. How we collect personal data

We endeavour to collect personal data directly from the individual or their authorised representative, but may also receive personal data about you from third parties.  Ways we collect include:

  • From the individual directly when they provide details to us. This could be when an individual contacts us by telephone or electronic communications, or when an individual provides us a business card
  • When we conduct our administrative and business functions
  • When the individual purchases our solutions and services
  • When we purchase products and services
  • When the individual creates an account with us
  • When we process orders and payment transactions
  • Where we respond to inquiries and requests
  • When obtaining feedback about our solutions and services
  • When registering for our events, workshops and seminars

Where we have collected personal data from a third party, such as our customers i.e. if you use our services while working for one of our customers, we will receive information (such as your email address, to create an account for you) from that customer. If you work for an organization, we may receive your name and contact details as part of delivery of our products or services, partners, or other third-party companies such as data providers, credit reporting bodies, law enforcement agencies, recruitment companies or publicly available sources.

We may also automatically collect information about you which may observe, detect or create without directly asking you to supply this information. This information is automatically gained through the use of our website or online services. Please refer to the ‘cookies’ section.

7. How we use your personal data and who we may disclose your personal data with

We only use and disclose personal data for the purposes for which it was given to us, or for purposes that are directly related to one of our functions or activities. For example:

  • When customers ask to be on an email or mailing list so that we can send them information about its activities and publications, e.g. cyber security alerts
  • When customers ask us to respond to Tender, Request for Proposal, Request for Information or reports to be emailed, faxed or posted with contact information
  • If you are a contact person for one of our customers or suppliers, personal data about you may be used by us in our dealings with the customer or supplier you represent

We may exchange your personal data with third parties, your organisation, our advisers and representatives, government authorities, our related entities, and our advisors and contractors. Some of our employees are located overseas. Except where specific individual consent has been obtained, we take reasonable steps to ensure that the overseas recipients of your personal data do not breach the privacy obligations relating to your personal data.

International Data Transfers  

We may disclose your personal data to entities located overseas, including the following:

  • Our related bodies corporate located in Australia, United States of America and New Zealand
  • Our data hosting provider AWS and other IT service providers such as Microsoft for website hosting and office 365 and our systems located globally as listed on our sub processor page here
  • Our clients and their related entities located in foreign countries, to the extent that we are acting on their behalf or at their direction in using, storing, or collecting your personal data.

When we transfer personal data we will protect that data as described in this Privacy Policy and comply with applicable legal requirements for transferring personal data internationally.

If you are located in the United Kingdom or the European Union, we will only transfer your personal data if:

  • The country your personal data is being transferred to has been deemed to have adequate data protection by the European Commission or, if you are in the United Kingdom, by the United Kingdom adequacy regulations; or We have implemented appropriate safeguards in respect of the transfer. For example, the recipient is a part to binding corporate rules, or we have entered into standard EU or United Kingdom data protection contractual clauses with the recipient.
  • If you apply to work with us, we may exchange your personal data with educational institutions, recruiters, background checking services, professional and trade associations, law enforcement agencies, referees and your current and previous employers. In addition, if you join us, we may exchange your personal data with your representatives, other employers seeking a reference about you and providers of payroll, superannuation, banking, surveillance and training services.

Other Disclosures

We will not sell or share your personal data with any other third parties except where the law requires it, if it is required for a legal proceeding, to prove or protect our rights and to any buyers or potential buyers in the event that we seek to sell our company.  If you click or follow any external links, we are not responsible for and have no control over their privacy policies or practices.

8. Your rights

Under the GDPR, you have the following rights;

  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability and
  • Right to object

In addition to the Access and correction section, we provide a specific opt-out form where you can request removal from marketing activities, you can ‘unsubscribe’ at the bottom of emails or by sending a request to our Privacy Officer.

9. How we protect your personal data

We hold personal data electronically and in hard copy form, both at our own premises and with the assistance of our service providers. We implement a range of measures to protect the security of personal data, including depending on the circumstances – electronic access controls, premises security and network firewalls. Even though we have taken significant steps to ensure that your personal data is not intercepted, accessed, used, or disclosed by unauthorised persons, you should know that we cannot fully eliminate security risks associated with personal data.

10. Cookies and our Website

This section applies in addition to the other parts of this Privacy Policy accessing our website. As you navigate our Site, certain information may be collected passively, including your Internet protocol address, browser type, domain names, times, and operating system. We may also use session and persistent cookies and navigational data (such as URLs) to gather information regarding the date and time of your visit and the information and services for which you searched and which you viewed. We do not intentionally or knowingly collect or gather personal information about visitors who are minors under the age of 16 years. If a minor has provided us with personal data their parent or guardian may contact our privacy officer.

Our website may use ‘cookies’ from time to time, as do many other websites. A cookie is a piece of information that helps our system to identify and interact more effectively with your browser. The cookie allows us to maintain the continuity of your browsing session and remember your details and preferences when you return. Some cookies can tell how often you use the website, the duration of the visit.  You can configure your web browser application to reject cookie show ever some parts of our Site may not function fully as a result. Our Site may use Google services such as Google Analytics from time to time. For more about how Google collects and processes data, and your privacy choices with Google, please see Google’s privacy and terms policy and their information at

11. Access and Correction

If you would like to know if we have collected your personal data, how we have used your personal data, if we have disclosed your personal data and to who we disclosed your personal data, if you would like your data to be deleted or modified in any way, or if you wish to exercise any of your other rights under the GDPR, please contact our Privacy Office as set out below.

You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (

12. Contacting us

Please contact us if you wish to make a complaint about how we have handled your personal data. We may request additional details from you regarding your concerns and may need to engage or consult with other parties in order to investigate and deal with your issue. We will keep records of your request and any resolution. For any questions and notices, please contact us at:

Privacy Officer
CyberCX Ltd
Phone: 1300 031 274

Email: [email protected]
Mail: Level 27, 101 Collins Street, Melbourne VIC 3000

Ready to get started?

Find out how CyberCX can help your organisation manage risk, respond to incidents and build cyber resilience.