Arcnode IT · Legal

Privacy Policy

How Arcnode IT collects, uses, holds, and protects personal information, in accordance with the Australian Privacy Principles.

Version 1.0 · Effective May 2026

1. About this Privacy Policy

1.1  This Privacy Policy explains how Arcnode IT Pty Ltd (ACN 697 143 623, ABN 70 697 143 623) (Arcnode IT, we, us, our) collects, uses, holds, discloses, and protects personal information. We handle personal information in accordance with the Australian Privacy Principles (APPs) set out in Schedule 1 to the Privacy Act 1988 (Cth) (Privacy Act).

1.2  We are committed to protecting the privacy of the people whose information we handle, including our customers, the people who use the systems we manage, prospective customers, suppliers, and visitors to our website.

1.3  In this Policy, personal information has the meaning given in section 6 of the Privacy Act: information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not and whether it is recorded in a material form or not.

1.4  This Policy should be read together with our Terms of Trade. Where we handle personal information as part of providing services to a business customer, the customer is generally responsible for that information under the Privacy Act, and we handle it on the customer's behalf and in accordance with the customer's instructions and our Terms of Trade.

2. What information we collect

The kinds of personal information we collect depend on how you interact with us. They include:

2.1 Information you give us directly

  • name, business name, job title;
  • contact details (email address, phone number, postal or business address);
  • billing and payment information (we do not store full credit card numbers; payment is processed by our payment and accounting providers);
  • information you provide when you enquire about our services, request a quote, or contact our support;
  • login and account details for our Customer Portal.

2.2 Information we collect in the course of providing services

When we manage, support, or work on systems and devices for our customers, we may have access to personal information held on or transmitted through those systems. This may include:

  • information held in the customer's email, file storage, and business applications;
  • user account information and access credentials we are provided to administer systems;
  • device and network information (device names, IP addresses, configuration details);
  • logs and monitoring data generated by the systems we manage;
  • for residential customers, information held on the devices we service.

2.3 Information we collect automatically

  • website usage information (pages visited, time spent, referring site), collected through standard web analytics;
  • technical information about the device and browser you use to access our website or Customer Portal.

3. How we collect information

3.1  We collect personal information in a number of ways, including:

(a)  directly from you, when you contact us, request a quote, become a customer, or use our Customer Portal;

(b)  in the course of providing services, from the systems and devices we manage on a customer's behalf;

(c)  from third parties, such as referrers, with your consent or where the third party is authorised to provide the information;

(d)  automatically, through our website and systems.

3.2  Where it is reasonable and practicable to do so, we collect personal information directly from the individual concerned. Where we collect personal information about an individual from a customer (for example, the customer's staff), we rely on the customer having authority to provide that information to us.

3.3  If you provide us with personal information about another person, you must ensure you are authorised to do so and (where required) that the other person is aware of this Policy.

4. Why we collect, hold, and use information

4.1  We collect, hold, and use personal information for purposes connected with our business, including to:

(a)  provide our services to customers;

(b)  manage, support, monitor, and secure the systems we are engaged to manage;

(c)  respond to enquiries, provide quotes, and communicate with customers and prospective customers;

(d)  manage billing, payments, and our customer relationships;

(e)  operate and improve our website and Customer Portal;

(f)  comply with our legal and regulatory obligations;

(g)  protect the security of our systems and the systems we manage, including detecting, investigating, and responding to security incidents.

4.2  We will only use personal information for the purpose for which it was collected, for a directly related secondary purpose that you would reasonably expect, or where you have consented, or where the use is otherwise permitted or required by law.

Direct marketing

4.3  We may use your contact details to send you information about our services that we believe may be of interest to you. You can opt out of marketing communications at any time by using the unsubscribe link in the communication or by contacting us. We do not sell personal information to third parties for their marketing purposes.

5. When we disclose information

5.1  We may disclose personal information to:

(a)  our personnel and contractors, to the extent they need it to perform their roles;

(b)  third-party service providers who support our business, including our accounting, payment, hosting, monitoring, and software providers, on a need-to-know basis and subject to appropriate confidentiality and security obligations;

(c)  a customer, where the personal information relates to services we provide to that customer;

(d)  professional advisers (such as lawyers, accountants, and insurers);

(e)  regulators, law enforcement, or other parties, where required or authorised by law.

5.2  We do not sell personal information.

Overseas disclosure

5.3  Some of the third-party service providers we use may store or process personal information outside Australia, including in jurisdictions where major cloud and software providers operate data centres. Where we disclose personal information to an overseas recipient, we take reasonable steps to ensure the recipient handles the information consistently with the APPs, having regard to APP 8.

5.4  The countries in which our service providers may store or process data can change as those providers change their infrastructure. We will update this Policy from time to time to reflect material changes. If you would like current information about where your personal information may be processed, please contact us.

6. How we hold and protect information

6.1  We hold personal information in electronic form, in the systems and applications we use to operate our business, and (where applicable) in the systems we manage on customers' behalf.

6.2  We take reasonable steps to protect personal information from misuse, interference, and loss, and from unauthorised access, modification, or disclosure, as required by APP 11. These steps include access controls, multi-factor authentication, encryption in transit, logging and monitoring, personnel training, and incident response procedures. Further detail about our security controls is available in our Information Security Summary.

6.3  We retain personal information only for as long as it is needed for the purposes for which it was collected, or as required by law. When personal information is no longer needed, we take reasonable steps to destroy it or to de-identify it, subject to our backup retention practices and any legal obligation to retain it.

7. Data breaches

7.1  We have procedures in place to identify, contain, assess, and respond to data breaches. Where a data breach we experience is likely to result in serious harm to any individual whose personal information is involved, and the breach is an eligible data breach within the meaning of Part IIIC of the Privacy Act, we will respond in accordance with the Notifiable Data Breaches scheme, including (where required) notifying the affected individuals and the Office of the Australian Information Commissioner (OAIC).

7.2  Where a data breach affects personal information that we handle on behalf of a customer, we will notify the customer in accordance with our Terms of Trade and cooperate with the customer's response, recognising that the customer may have its own obligations under the Notifiable Data Breaches scheme.

8. Accessing and correcting your information

8.1  You have the right under APP 12 to request access to the personal information we hold about you, and under APP 13 to request correction of that information if it is inaccurate, out of date, incomplete, irrelevant, or misleading.

8.2  To make a request, contact us using the details in section 11. We will respond within a reasonable time. We may need to verify your identity before providing access. In some circumstances we may decline a request (for example, where access would unreasonably affect the privacy of others, or where we are permitted to refuse under the Privacy Act); if we do, we will explain why and how you can complain.

8.3  We do not charge for making a request to access or correct your information, although we may charge a reasonable cost for providing access in certain circumstances. We will tell you about any cost before we incur it.

8.4  Where we hold personal information about you on behalf of a customer (for example, you are an employee or client of one of our business customers), we will generally direct your access or correction request to that customer, who is the entity responsible for the information.

9. Cookies and our website

9.1  Our website uses cookies and similar technologies to operate the site, remember your preferences, and understand how the site is used. You can control cookies through your browser settings. Disabling cookies may affect the functionality of the site.

9.2  Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites. We encourage you to review the privacy policies of any third-party websites you visit.

10. Complaints

10.1  If you have a concern about how we have handled your personal information, please contact us using the details in section 11. We will acknowledge your complaint promptly and aim to resolve it within 30 days.

10.2  If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC):

  • Web: oaic.gov.au
  • Phone: 1300 363 992
  • Post: GPO Box 5288, Sydney NSW 2001

10.3  Residential customers in Victoria may also contact Consumer Affairs Victoria (consumer.vic.gov.au, 1300 558 181) in relation to consumer matters.

11. How to contact us

For any privacy-related question, request, or complaint, contact us:

Arcnode IT Pty Ltd

Privacy Officer

Email: legal@arcnode.com.au

Web: arcnode.com.au

Melbourne, Victoria, Australia

12. Changes to this Policy

12.1  We may update this Privacy Policy from time to time to reflect changes in our practices, our service providers, or the law. The current version is published on our website. We encourage you to review this Policy periodically.

12.2  This Policy was last updated in May 2026.

Privacy Policy version 1.0. May 2026.

Published by Arcnode IT Pty Ltd. For questions about this Policy, contact legal@arcnode.com.au.