Privacy statement: This privacy statement applies to CybInsights and its related companies. CybInsights secures personal information. 

What does the privacy statement address? 

This statement describes CybInsights' handling of personal information in these situations: 

1. Providing services to clients. 

2. While someone is using the CybInsights website. 

3. During other business operations. 

Website areas: Please be aware that some CybInsights website sections could have distinct privacy statements for data collected on them. 

Applicable laws:  In accordance with the Australian Privacy Act 1988 and other relevant legislation, including spam and telemarketing laws, CybInsights follows the Australian Privacy Principles (APPs). Where relevant, CybInsights follows data protection laws from other regions, for example, the GDPR. 

Australian Privacy Principles (APPs):  The APPs provide legal protection for personal information, covering its entire lifespan. Under the APPs, individuals can access and correct their personal data. CybInsights takes these obligations seriously and maintains an internal privacy policy. 

Personal Information Collection: CybInsights may receive personal information from clients to deliver services or conduct due diligence. This information can include data about clients' employees, members, customers, or related third parties. We may also collect personal information from other sources, such as directly from individuals or from publicly available information. 

The personal information collected can include: 

1. Contact details 

2. Dates of birth 

3. Gender 

4. Employment and financial records 

5. Complaint details 

CybInsights may also collect sensitive personal information with consent or when provided by clients6. CybInsights ensures clients have obtained necessary consents for the collection, use, and disclosure of such information. We also collect personal information from suppliers, contractors, and third-party service providers. We may collect personal information during business operations such as surveys or research, clearly explaining the activity and purpose of collection. CybInsights does not intentionally collect information from children under 15. 

Using personal information: Personal information is used to provide agreed services to clients, as governed by client agreements. Using information varies based on the services provided. Examples of use include helping employees manage tax affairs, improving service quality, or managing cybersecurity risks. When collecting personal information during other business activities, clear information about the activities and how the information will be used will be provided. Non-personal, de-identified, and aggregated information may be used for data analytics, research, and promotional purposes. Personal information collected via the website or other sources may be used to provide promotional materials and communications about services of interest. Personal information will not be used to market third-party goods and services without consent. The website is managed and improved, and content is tailored to provide a personalised experience. Feedback on services may be sought, and research may be conducted using aggregated results. 

Disclosure of Personal Information: Personal information will only be disclosed as outlined in the statement and will not be sold to third parties for advertising. Information may be disclosed to third parties assisting in providing services or operating the business, with safeguards to protect the information. Disclosure may be required to law enforcement, regulatory, or government agencies to comply with legal obligations. We may share non-personal, de-identified, and aggregated information with third parties for data analytics, research, and promotional purposes. 

Social Media: The website may host social media applications where users can share content. CybInsights has limited control over how other users handle personal information shared on these applications. 

Legal Basis for Processing Information (GDPR): Where GDPR applies, we may process personal information based on consent, legitimate interest, or legal obligations. We process sensitive personal information with explicit consent, legal requirement, or necessity for legal claims. 

Protection of Information: Personal information is held in hard copy and electronic formats, with physical, operational, and technological security measures. These measures include staff education and training, access controls, technological security measures (firewalls, encryption), and physical security measures (security passes, monitoring).