1. Introduction

Bendigo Cloud Solutions ("we", "us", "our") is committed to protecting your privacy and handling personal information responsibly. We comply with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (Privacy Act) and other applicable privacy laws.

"Personal information" means information or an opinion about an identified individual, or an individual who is reasonably identifiable (e.g., name, email address, phone number).

This policy applies to personal information we collect through our website, services, customer interactions, and business operations. It does not cover customer content you upload to our cloud services (see Section 5).

We may update this policy from time to time. Changes will be posted on our website, with the updated effective date noted.

2. Types of Personal Information We Collect and Hold

We collect only the personal information necessary for our functions and activities. This may include:

  • Contact details (name, email, phone, address)
  • Business details (company name, ABN, role)
  • Billing and payment information (credit card details, processed via secure third-party providers)
  • Account credentials (usernames, passwords — stored securely)
  • Technical information (IP address, device details, usage logs from our services)
  • Communication records (emails, support tickets)
  • Sensitive information (rarely, and only with consent, e.g., health data if relevant to specialised services)

We do not collect sensitive information unless required and with your explicit consent.

3. How We Collect Personal Information

We collect personal information:

  • Directly from you (e.g., when you sign up for services, fill forms, contact support)
  • Automatically (e.g., via cookies or analytics on our website — see Section 10)
  • From third parties (e.g., payment processors, referrals, or subcontractors with your consent)

We aim to collect information by fair and lawful means, and where possible, directly from you.

Where practicable, you may deal with us anonymously or using a pseudonym, but this may limit service provision.

4. Purposes for Collecting, Holding, Using, and Disclosing Personal Information

We use personal information for:

  • Providing and managing our cloud solutions (account setup, hosting, support)
  • Billing and payments
  • Communicating with you (updates, newsletters — with opt-out)
  • Improving services (analytics, feedback)
  • Legal compliance
  • Direct marketing (only with consent or for existing customers; opt-out available)

We will not use or disclose your information for unrelated purposes unless permitted by law or with consent.

5. Customer Content in Our Cloud Services

You upload and control your own data ("Customer Content"). We act only as a processor and do not own this content.

  • We access Customer Content only as needed (support, backups, authorisation).
  • You remain responsible for compliance with privacy laws regarding your content.
  • We apply strong security; we recommend you encrypt sensitive data.
  • Our Service Agreement or Data Processing Addendum governs this relationship.

6. Disclosure of Personal Information

We may share personal information with:

  • Service providers / subcontractors (hosting, payments, IT)
  • Related companies
  • Professional advisors (lawyers, accountants)
  • Regulators or as legally required

All recipients are required to protect data in line with the APPs.

7. Overseas Disclosure

We may store or process information overseas (e.g., via providers in Australia, United States, Singapore, or other countries where subcontractors operate).

We take reasonable steps to ensure equivalent protection (APP 8). Using our services implies consent to this; contact us for details.

8. Security of Personal Information

We use reasonable measures including:

  • Encryption
  • Access controls
  • Firewalls
  • Regular security reviews

Data is retained only as needed, then securely destroyed or de-identified.

We comply with mandatory data breach notification requirements.

9. Access and Correction

You may request access to or correction of your personal information. We usually respond within 30 days at no charge (unless exceptions apply).

10. Website and Cookies

Our site uses cookies and analytics tools (e.g., Google Analytics) for experience and usage insights. Manage preferences via your browser settings.

11. Complaints

Contact us first if you believe we’ve breached privacy obligations. If unsatisfied, lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

12. Changes to This Policy

We review this policy regularly. Significant changes will be notified via our website and/or email.