Privacy Policy

How we collect, use, disclose, and protect personal information in the course of providing our cybersecurity services.

1. Introduction

Galah Cyber Pty Ltd (ABN 92 650 653 366) (“Galah Cyber”, “we”, “us” or “our”) is committed to protecting the privacy of individuals and organisations we engage with. This Privacy Policy explains how we collect, use, disclose and protect your personal information when you visit www.galahcyber.com.au or use our cybersecurity services. By using our website or services, you agree to the terms of this Privacy Policy, which is effective immediately upon posting. We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

2. Information We Collect

2.1 Personal Information

We may collect the following: contact details (name, job title, company name, ABN, business address, phone number, email address), technical information (IP address, browser type and version, operating system, website usage data, cookies and analytics), and service-related information (cybersecurity requirements, system configurations, incident response data, training records and certifications).

2.2 Sensitive Information

We may collect sensitive information only with your explicit consent, such as security clearance information (if required for project engagement), biometric data for access control systems (where applicable), and criminal history information (for security assessments or regulatory compliance).

3. How We Collect Information

We collect information through direct interactions (consultations, enquiries, service agreements), our website (forms, newsletter subscriptions, event registrations), third-party sources (referral partners, business directories), automated technologies (cookies, analytics tools), and during the provision of our cybersecurity services.

4. How We Use Your Information

Your personal information may be used to deliver cybersecurity services and customer support, conduct security assessments, penetration testing and incident response, provide training and awareness programmes, process payments and maintain business records, respond to enquiries and communicate with you, send marketing communications (where you have consented), improve our services and website functionality, and meet legal and regulatory requirements.

5. Disclosure of Personal Information

We may disclose information to: service providers (IT and cloud hosting providers, payment processors and banks, professional advisers such as lawyers, accountants and auditors, and marketing and communications service providers), legal and regulatory bodies (law enforcement agencies, courts, tribunals, regulatory or government authorities), and business purposes (related corporate entities, insurers, potential buyers in the event of a business sale). We do not sell your personal information to third parties for marketing.

6. Data Security

We take reasonable steps to safeguard personal information, including encryption of data at rest and in transit, multi-factor authentication on critical systems, regular security assessments and penetration testing, staff privacy and security training, incident response procedures, and secure disposal of records when no longer required.

7. Data Retention

We retain information for as long as necessary to fulfil the purpose it was collected or as required by law. Typical retention periods include: client records for 7 years after service completion, security incident data for 5 years, marketing consent until withdrawn, and website analytics data for up to 2 years.

8. International Data Transfers

Your personal information may be stored or processed in countries outside Australia (e.g. United States, European Union), where our service providers operate. When transfers occur, we ensure appropriate safeguards, such as standard contractual clauses, binding corporate rules, or your explicit consent.

9. Your Rights

Under Australian privacy law, you have the right to request access to the personal information we hold about you, request correction of inaccurate or incomplete information, withdraw consent and opt out of marketing communications at any time, request deletion of personal information (where legally permitted), and raise a complaint about how we manage your information.

10. Cookies and Online Tracking

Our website uses cookies and analytics to improve functionality and measure engagement. Cookies may collect information about the pages you visit, the time spent on the site, and how you navigate and interact with content. You can disable cookies via your browser, but this may affect functionality.

11. Children’s Privacy

We do not knowingly collect information from individuals under 16 years of age. If you believe we have inadvertently collected such information, please contact us and we will promptly delete it.

12. Changes to this Policy

We may update this Privacy Policy from time to time. Updates will be published on our website, and the revised version will take effect immediately upon posting.

13. Contact Us

For questions, access requests or complaints about how we handle personal information, please contact us:

Galah Cyber Pty Ltd
Email: hello@galahcyber.com.au
Website: www.galahcyber.com.au.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or by phone on 1300 363 992.