Privacy Policy

Cloud Guardians PTY LTD

ABN 88 645 260 304

Sydney, Australia

Website: https://cloudguardians.com.au/

1. Introduction

Cloud Guardians PTY LTD (ABN 88 645 260 304) ("Cloud Guardians", "we", "us" or "our")provides information technology and cybersecurity products and services to individuals and organisations in Australia and internationally.

We are committed to protecting the privacy of the personal information we collect and handle. This Privacy Policy explains how we collect, use, disclose, store, and protect personal information, your rights, and how to contact us about a privacy matter.

This Policy is designed to comply with:

•    The Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs); and

•    The European Union General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR) in respect of individuals located in the European Economic Area (EEA) and, where applicable, the United Kingdom.

By accessing our website, purchasing our products or services, or otherwise providing personal information to us, you acknowledge that you have read and understood this Policy.

2. What this Policy covers

This Policy applies to personal information we collect through:

•    our website at https://cloudguardians.com.au/and any related subdomains;

•    our IT and cybersecurity products, platforms, and services;

•    communications with us by email, telephone, online forms, support channels, or in person; and

•    our business and commercial dealings(for example, with clients, suppliers, contractors, and partners).

Our website and services may contain links to third-party websites and services that we do not control. This Policy does not apply to those third parties, and we encourage you to review their privacy notices.

3. The kinds of personal information we collect

Depending on your relationship with us, we may collect and hold thefollowing kinds of personal information:

•    Identity and contact information — name, job title, employer, business and personal email address, postal address, and telephone number.

•    Account information — username, authentication credentials, security questions, and account preferences.

•    Transaction and billing information — billing name and address, purchase history, invoices, and limited payment-related details. When you pay using cryptocurrency or other electronic payment methods, payments are processed by third-party payment providers (see Section 7); we do not store full payment card numbers or private wallet keys.

•    Service and technical information — information generated through your use of our products and services, including configuration data, security event and log data, support tickets, and correspondence.

•    Website and device information — IP address, browser type and version, operating system, device identifiers, referring URLs, pages viewed, and other analytics and cookie data (see Section 12).

•    Verification and compliance information — information required to meet our legal, regulatory, anti-money-laundering, "know your customer" / "know yourbusiness", and fraud-prevention obligations, which may include identification documents and business records.

•    Marketing preferences — your contactand subscription preferences and your responses to our communications.

Sensitive information

We do not generally collect "sensitive information" (as defined in the Privacy Act 1988 (Cth)) or "special category data" (asdefined in the GDPR). Where the provision of our cybersecurity services requires us to handle such information, we will do so only with your consent or as otherwise permitted or required by law, and we will apply additional safeguards.

4. How we collect personal information

We collect personal information in a number of ways, including:

•    directly from you — when you contact us, register for an account, request a quote, purchase or use our products and services, submit a support request, or subscribe to communications;

•    automatically — through cookies and similar technologies when you use our website and services (seeSection 12);

•    from third parties — such as your employer or organisation, our business partners and resellers, payment and verification providers, publicly available sources, and referees, where it is unreasonable or impracticable to collect the information directly from you; and

•    through the operation of our services —for example, security logs and telemetry generated while providing cybersecurity monitoring or managed services.

Where we collect personal information from a third party, we take reasonable steps to ensure you are made aware of the matters set out in this Policy.

5. Why we collect, hold, use, and disclose personal information

We collect, hold, use, and disclose personal information for the following purposes:

•    to provide, operate, maintain, and support our IT and cyber security products and services;

•    to create and administer accounts and manage our relationship with you;

•    to process orders, payments, invoices, and refunds;

•    to respond to your enquiries and provide customer and technical support;

•    to detect, prevent, investigate, and respond to security incidents, fraud, abuse, and unlawful activity;

•    to verify identity and meet "know your customer" / "know your business" and other compliance obligations;

•    to improve, develop, and personalise our products, services, and website;

•    to send administrative communications, service notices, and, where permitted, marketing communications;

•    to comply with our legal and regulatory obligations and to establish, exercise, or defend legal claims; and

•    for any other purpose disclosed to you at the time of collection or to which you consent.

If we do not collect the personal information we request, we may be unable to provide our products or services to you, respond to your enquiry, or process your transaction.

6. Legal bases for processing (GDPR)

Where the GDPR applies to our processing of your personal data, werely on one or more of the following legal bases:

•    Performance of a contract — to provide products and services you have requested and to manage our contractual relationship with you.

•    Legitimate interests — to operate, secure and improve our business and services, prevent fraud and abuse, and conduct direct marketing, provided these interests are not overridden by your rights and freedoms.

•    Legal obligation — to comply with laws and regulatory requirements that apply to us.

•    Consent — where werely on your consent (for example, certain marketing or cookies), which you may withdraw at any time without affecting the lawfulness of processing before withdrawal.

7. Disclosure of personal information

We may disclose personal information to:

•    service providers and contractors who perform functions on our behalf, such as hosting, cloud infrastructure, data storage, analytics, customer support, payment processing, identity verification, and professional advisers (lawyers, accountants, auditors);

•    payment providers — including third-party cryptocurrency and electronic payment processors for the purpose of processing transactions and meeting associated compliance obligations;

•    our related entities, business partners and resellers in connection with providing our products and services;

•    government, law enforcement and regulatory authorities where required or authorised by law, or to protect our rights, property or safety or that of others;

•    a successor entity in connection with a merger, acquisition, financing, reorganisation or sale of all or part of our business; and

•    other parties where you have consented or as otherwise permitted under the Privacy Act 1988 (Cth) or theGDPR.

We require our service providers to protect personal information consistently with applicable privacy laws and to use it only for the purposes for which it was disclosed.

We do not sell personal information.

8. Cross-border disclosure and international transfers

We are based in Australia and use service providers and infrastructure that may be located in, or accessible from, countries outside Australia, including in the EEA, the United Kingdom, the United States and other jurisdictions.

Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure the recipient handles the information in a manner consistent with the APPs, except where an exception under APP 8 applies.

For transfers of personal data out of the EEA or United Kingdom that are subject to the GDPR, we implement an appropriate transfer mechanism, such as an adequacy decision of the European Commission or the use of Standard Contractual Clauses approved by the European Commission (together with any supplementary measures required), or another lawful transfer mechanism. You may contact us to request further information about these safe guards.

9. Data security

We take reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification ordisclosure. As a cyber security company, our measures include technical and organisational controls such as encryption in transit and (where appropriate) at rest, access controls and least-privilege principles, network and endpoint security, monitoring and logging, secure development practices, and stafftraining.

No method of transmission or storage is completely secure. While wework to protect personal information, we cannot guarantee absolute security.

If we become aware of a data breach that is likely to result in serious harm, we will respond in accordance with the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth) and, where the GDPR applies, our breach-notification obligations under Articles 33 and 34 of the GDPR.

10. Data retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, including providing our products and services, complying with our legal, accounting, tax, and regulatory obligations, resolving disputes, and enforcing our agreements. When personal information is no longer required, we take reasonable steps to securely destroy or de-identify it.

11. Your rights and choices

Access and correction (Australia)

Under the APPs, you may request access to the personal information we hold about you and ask us to correct it if it is inaccurate, out of date, incomplete, irrelevant, or misleading. We will respond within a reasonable period. We may charge a reasonable fee for giving access (but not for making arequest). If we refuse access or correction, we will provide reasons and information on how to complain.

Additional rights under the GDPR

If you are located in the EEA or the United Kingdom and the GDPR applies, you may, subject to certain conditions and exceptions, have the right to:

•    access your personal data;

•    request rectification of inaccurate or incomplete data;

•    request erasure ("right to be forgotten");

•    restrict or object to processing (including processing based on legitimate interests and direct marketing);

•    data portability;

•    withdraw consent where processing is based on consent; and

•    lodge a complaint with a supervisory authority (see Section 14).

To exercise any of these rights, contact us using the details inSection 15. We may need to verify your identity before responding.

Marketing

You can opt out of marketing communications at any time by using the unsubscribe link in our emails or by contacting us. We will still send you essential service and administrative communications.

12. Cookies and similar technologies

Our website uses cookies and similar technologies to operate the site, remember your preferences, analyse usage, and improve performance and security. Some cookies are strictly necessary for the website to function; others are used for analytics or marketing and, where required by law, are used only with your consent.

You can control or disable cookies through your browser settings and, where provided, through our cookie-preference tools. Disabling certain cookies may affect the functionality of the website.

13. Children's privacy

Our products and services are intended for businesses and individuals aged 18 and over. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us, and we will take appropriate steps to delete it.

14. Complaints

If you have a concern or complaint about how we have handled your personal information, please contact us first using the details in Section 15. We will acknowledge your complaint and aim to resolve it within a reasonable period.

If you are not satisfied with our response, you may complain to:

•    Australia: the Office ofthe Australian Information Commissioner (OAIC) — www.oaic.gov.au, telephone1300 363 992.

•    EEA / United Kingdom: your localdata protection supervisory authority. In the United Kingdom, this is the Information Commissioner's Office (ICO) — www.ico.org.uk.

15. How to contact us

For any privacy questions, requests, or complaints, please contact:

Privacy Officer

Cloud Guardians PTY LTD

ABN 88 645 260 304

Sydney NSW 2000, Australia

Email: team@cloudguardians.com.au

Telephone: +61 478 421 943

16. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be notified through our website or by other appropriate means. Your continued use of our website, products, or services after an update constitutes acceptance of the revised Policy.