About this policy
Sybre Pty Ltd (ABN 31 686 919 719) (“Sybre”, “we”, “us” or “our”) is an Australian managed services provider (MSP) delivering IT, cloud, security, and automation services.
We are committed to protecting the privacy of the personal information we handle. This policy explains how we collect, hold, use, and disclose personal information in accordance with the Privacy Act 1988 (Cth) (the Act) and the Australian Privacy Principles (APPs).
This policy applies to all business conducted by Sybre in Australia, including our website (sybre.com.au), our services, and our interactions with clients, prospective clients, suppliers, and job applicants.
What is personal information
Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not and whether recorded in a material form or not, as defined in the Act.
The personal information we collect
The kinds of personal information we collect and hold depend on our relationship with you. It may include:
- Identity and contact details, such as your name, job title, organisation, email address, phone number, and business address;
- Billing and account information, such as purchase history, payment details, and service records;
- Records of our communications with you, including emails, phone calls, support tickets, and meeting notes;
- Information you provide when you enquire about our services, register for an event, subscribe to communications, or download content from our website;
- If you apply for a role with us, recruitment information such as your resume, qualifications, work history, and referee details; and
- Technical information about your use of our website, collected through cookies and similar technologies. Detailed information is available in our Cookie Policy.
We do not collect sensitive information (as defined in the Act) unless you consent or the collection is required or authorised by law. Any sensitive information we hold is protected with a higher level of security.
How we collect personal information
We collect personal information:
- Directly from you, through email, phone calls, meetings, our website, support requests, and contracts;
- From your organisation, where you are its representative or nominated contact;
- From third parties, such as recruitment agencies, technology vendors, event partners, and publicly available sources; and
- Automatically through our website, as described in our Cookie Policy.
Where reasonable and practicable, we collect personal information directly from you. If we receive personal information we did not solicit, we will determine whether we could have collected it under the APPs and, if not, destroy or de-identify it where lawful and reasonable to do so.
You may deal with us anonymously or using a pseudonym where it is lawful and practicable, for example when making a general enquiry. However, we generally cannot provide our services or do business with you without identifying you.
Personal information we handle when delivering services
As an MSP, we manage, monitor, and support IT systems on behalf of our clients. In doing so, our personnel may incidentally access personal information stored within client systems, such as user account details, mailboxes, and files.
We access this information only as necessary to deliver the contracted services, and we handle it in accordance with our client agreements, this policy, and the Act. Responsibility for the content of client systems remains with the client as the owner of that data.
Why we collect, hold, and use personal information
We collect, hold, and use personal information to:
- Provide, support, and administer our services, and fulfil our contractual obligations;
- Respond to enquiries, service requests, and support tickets;
- Process orders, billing, and payments;
- Manage our relationships with clients, suppliers, and partners;
- Verify identity and maintain the security of our systems and services;
- Assess job applications and manage recruitment;
- Conduct client satisfaction surveys and market research;
- Send you information about our services, events, and offers, where permitted (see Direct marketing below);
- Improve our services and website; and
- Comply with our legal and regulatory obligations.
We may be unable to provide our services or fulfil our contractual obligations if you do not provide the personal information we require.
Direct marketing
We may send you marketing communications about our services and events where you have consented, or where you would reasonably expect to receive them and we comply with the Act and the Spam Act 2003 (Cth).
Every marketing communication we send includes a simple way to opt out, such as an unsubscribe link. You can also opt out at any time by emailing [email protected]. We do not sell personal information to third parties.
When we disclose personal information
We may disclose personal information to:
- Technology vendors, distributors, and service providers engaged to deliver equipment, software, or services in fulfilment of our contractual obligations;
- Third parties who provide services to us, such as accounting, legal, insurance, IT platforms, and professional advisers;
- A prospective buyer or seller, and their advisers, if we buy or sell any business or assets, subject to appropriate confidentiality obligations; and
- Regulators, law enforcement, and other parties where required or authorised by law, or where necessary to protect the rights, property, or safety of Sybre, our clients, or others.
We only use third party service providers that are bound to maintain appropriate levels of data protection, security, and confidentiality.
Overseas disclosure
We store and process most personal information in Australia. However, some of the cloud platforms and software services we use, such as productivity, ticketing, monitoring, and marketing platforms, may store or process data in overseas locations, including the United States, and other countries in which our vendors operate.
Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure the recipient handles it in a manner consistent with the APPs, including through contractual safeguards and vendor due diligence.
Data quality
We take reasonable steps to ensure the personal information we collect, hold, use, and disclose is accurate, complete, and up to date. Please let us know if your details change or if you believe information we hold about you is inaccurate.
Data security
We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. Our measures include:
- Access controls that limit access to personal information to personnel who require it;
- Encryption, multi-factor authentication, and monitoring across our systems;
- Security policies, procedures, and staff training aligned with industry standards; and
- Due diligence and contractual safeguards over our vendors and service providers.
Data retention
We retain personal information only for as long as it is needed for the purposes for which it was collected, or as required by law. When personal information is no longer required, we take reasonable steps to destroy or de-identify it securely.
Data breaches
We maintain a data breach response plan. If a data breach occurs that is likely to result in serious harm to individuals, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme under the Act.
Government identifiers
We do not adopt government related identifiers (such as tax file numbers or Medicare numbers) as our own identifiers, and we do not use or disclose them except as permitted by the Act.
Access and correction
You may request access to, or correction of, the personal information we hold about you by contacting us at [email protected].
We will respond within a reasonable period, generally within 30 days. We do not charge a fee for making a request, though we may charge a reasonable fee for providing access. If we refuse a request, we will give you written reasons and information about how to complain about the refusal.
Complaints
If you have a complaint about how we have handled your personal information, please contact us at [email protected]. We will acknowledge your complaint promptly, investigate it, and respond within a reasonable period, generally within 30 days.
If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner:
- Web: oaic.gov.au
- Phone: 1300 363 992
- Post: GPO Box 5288, Sydney NSW 2001
Contact us
Sybre Pty Ltd
Suite 203, Level 8, 99 Walker St, North Sydney NSW 2060
Email: [email protected]
Changes to this policy
We may update this policy from time to time to reflect changes in our practices, services, or legal obligations. When we do, we will update the “last updated” date at the top of this policy and publish the current version at sybre.com.au. We encourage you to review it periodically.
