Legal

Privacy Policy

Last updated: 1 May 2026 · Effective: 1 May 2026

Contents

  1. Who we are
  2. Information we collect
  3. How we collect it
  4. How we use it
  5. Disclosure to third parties
  6. Overseas transfers
  7. Storage and security
  8. Retention
  9. Your rights
  10. Cookies and analytics
  11. Children
  12. Changes to this policy
  13. Contact & complaints

1. Who we are

This Privacy Policy explains how MPIT PTY LTD (ABN 36 639 649 308), located at 2/4 Coobowie St, Broadbeach Waters QLD 4218, Australia (“MPIT”, “we”, “us”, or “our”) handles personal information.

We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where we deal with individuals in the European Economic Area or the United Kingdom, we also act consistently with the General Data Protection Regulation (GDPR) and UK GDPR where they apply to our processing.

2. Information we collect

We only collect personal information that is reasonably necessary for one or more of our functions or activities. Categories include:

  • Identity and contact details — name, business name, email, phone number, postal or business address.
  • Engagement details — project briefs, scope documents, authorisation forms, billing information.
  • Technical information — IP address, browser type, device identifiers, pages viewed and timestamps when you visit this site.
  • Communication content — messages you send through our contact form, by email, or other channels.
  • Engagement-derived data — for security engagements, data we discover or are given access to under a written scope of work (such as logs, configurations, or sample artefacts).

We avoid collecting sensitive information (e.g. health, racial or ethnic origin, political opinions) unless it is strictly necessary, you have consented, or we are required by law.

3. How we collect it

  • Directly from you, when you fill out the contact form, email us, or sign an engagement.
  • Automatically, when you interact with this website (cookies, log files, analytics).
  • From your authorised representatives (e.g. a colleague signing an engagement on your behalf).
  • From publicly available sources where this is relevant to a prospective engagement.

4. How we use it

We use personal information to:

  • Respond to enquiries and provide quotes.
  • Deliver, manage, and invoice our services.
  • Maintain records required for tax, audit, and other regulatory obligations.
  • Improve our website and services, and prevent fraud or misuse.
  • Send service-related notices and, where you have opted in, marketing material you can unsubscribe from at any time.

5. Disclosure to third parties

We do not sell personal information. We share it only where necessary, including with:

  • Our staff, contractors, and professional advisers under confidentiality.
  • Cloud hosting, email, accounting, and analytics providers (e.g. Google, AWS, Microsoft) acting as our processors.
  • Law enforcement, regulators, or other parties when required or authorised by law.
  • Successors in the event of a sale or restructure of our business.

6. Overseas transfers

Some of our service providers store data outside Australia (typically in the United States, the European Union, or Singapore). We take reasonable steps to ensure overseas recipients handle personal information consistently with the APPs.

7. Storage and security

We apply controls appropriate to the sensitivity of the information, including encryption in transit, access control, multi-factor authentication, hardened endpoints, and least-privilege practices for our security engagements. No system is perfectly secure; we ask that you also take reasonable steps to protect the credentials and information you share with us.

8. Retention

We retain personal information only for as long as we need it for the purposes described above, or as required by law (for example, tax records are typically retained for at least seven years). When no longer required, information is destroyed or de-identified.

9. Your rights

You may:

  • Request access to the personal information we hold about you.
  • Ask us to correct information that is inaccurate, incomplete, or out of date.
  • Withdraw consent for marketing communications.
  • Where GDPR or UK GDPR applies, request erasure, restriction, portability, or object to certain processing.

We will respond to verified requests within a reasonable time and free of charge in most cases.

10. Cookies and analytics

This site uses cookies and similar technologies to remember preferences and to analyse traffic. See our Cookie Policy for details and how to manage them.

11. Children

Our services are intended for businesses and adults. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact us so we can delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the most recent change. Continued use of our services after a change constitutes acceptance of the updated policy.

13. Contact & complaints

To exercise any right above, ask a question, or make a complaint, contact us at info@mpit.com.au or write to MPIT PTY LTD, 2/4 Coobowie St, Broadbeach Waters QLD 4218, Australia.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

Related documents

Terms of Service Cookie Policy Acceptable Use Policy Disclaimer Responsible Disclosure