Privacy Policy

Introduction

3 Point Security (referred to in this policy as “we”, “us” or “our”) is committed to protecting the privacy of individuals and safeguarding personal information. This policy explains what personal information we collect, why we collect it, how we use and store it, and the choices you have about your data. 

A privacy policy is a legally required document that discloses our data‑handling practices and must describe the types of personal data collected, how it is collected and kept safe, and whether it is shared with others.

We may update this policy from time to time to reflect changes in law or our business practices. Any significant changes will be posted on our website; continued use of our services after changes constitutes acceptance of the updated policy .

What Is Personal Information?

In this policy, personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable. Examples include a person’s name, contact details, location data, IP address and any other information that could reasonably identify them.

Information We Collect

We only collect personal information that is necessary to provide our services and operate our business . Depending on your interaction with us, we may collect:

• Identity and contact details: name, business name, job title, postal and email address, phone number.
• Technical information: IP address, device identifiers and browser type when you visit our website.
• Service details: information you provide when requesting cybersecurity assessments or advisory services, including details about your business’s IT environment and potential vulnerabilities.
• Payment details: billing information necessary to process payments for our services.
• Marketing preferences: records of communications with you, your preferences for receiving marketing communications and responses to our surveys.
• Recruitment information: if you apply for a job, CVs and references as part of the recruitment process.
• Other personal information you choose to provide: e.g. comments you submit via our website contact form or emails.

We do not seek to collect sensitive personal information (such as health or credit details) unless it is directly relevant to the service we are providing and you have given us consent.

How We Collect Information

We collect personal information in several ways, including :

• Directly from you: when you contact us by phone, email or via our website; when you complete our online forms or questionnaires; when you attend our events; or when you engage us to provide services.
• Automatically: through cookies and similar technologies when you use our website (see Section 5).
• From third parties: such as business partners, publicly available sources or referees (for recruitment). We will always take steps to ensure such information was collected and supplied to us in compliance with privacy laws.

Cookies and Tracking Technologies

Our website uses cookies and other tracking technologies to improve your experience, analyse usage patterns and maintain the security of the site. Cookies collect information such as IP address, browser type, the pages you visit and links you follow. You can manage your cookie preferences through your browser settings; however, disabling cookies may affect functionality and your experience on our site.

Why We Collect and How We Use Information

We collect and use personal information for the following purposes:

• Providing services: to conduct cybersecurity assessments, vulnerability management and related consulting; to analyse and prioritise risks; and to deliver tailored recommendations.
• Communications: to respond to enquiries, provide quotes, schedule consultations, send appointment confirmations, and deliver reports or recommendations.
• Account and relationship management: to administer contracts, process payments, issue invoices, manage accounts and provide customer support.
• Improving our services: to review and improve our offerings, develop new services, perform analytics and conduct market research.
• Marketing: to send newsletters and promotional materials about our services or events that we believe may be of interest; you may opt out at any time.
• Legal and security purposes: to comply with our legal obligations (e.g., under the Privacy Act), resolve disputes, enforce agreements, detect fraud, and protect our clients, employees and systems from security threats.

We will not use personal information for purposes unrelated to those above without your consent.

Disclosure of Personal Information

We do not sell personal information. We may disclose personal information to third parties where reasonably necessary to operate our business, including :

• Service providers: third‑party vendors that assist us with functions such as cloud hosting, data storage, IT support, email and marketing platforms, payment processing and analytics. These providers are engaged under contractual arrangements that require them to handle personal information securely and only for our authorised purposes.
• Professional advisors: accountants, auditors, lawyers and insurers for the purpose of obtaining professional advice.
• Regulatory bodies: government agencies, law enforcement, courts or other third parties where required or authorised by law (e.g., in relation to cyber incident reporting or fraud prevention).
• Business transfers: if we sell or transfer part or all of our business or assets, personal information may be transferred to the purchaser, subject to confidentiality arrangements.

If we share information with marketing partners for targeted advertising, we do so only where you would reasonably expect such disclosure and where appropriate consents are obtained.

Overseas Transfers

Some of our service providers may operate outside Australia (e.g., cloud providers located in the United States, the United Kingdom or Singapore). If we need to transfer personal information overseas, we will take reasonable steps to ensure that the recipient protects the information in a manner consistent with Australian privacy laws.

Data Security

We take data security seriously. Personal data collected from individuals must be kept secure and only accessible by authorised personnel . We implement physical, technical and administrative safeguards, including:

• Secure data storage: data is stored on secure servers in controlled facilities; we use encryption and secure connections.
• Access controls: access to personal information is limited to staff who need it to perform their duties; all staff are bound by confidentiality obligations.
• Security monitoring and testing: we conduct regular risk assessments and vulnerability testing to ensure our systems remain resilient.
• Incident response: we have procedures to respond to security incidents and data breaches in accordance with legal requirements.

Despite our efforts, no system can be completely secure. We cannot guarantee absolute security, but we commit to notify you and relevant authorities of any data breach where required by law.

Data Retention

We hold personal information only as long as necessary for the purposes for which it was collected or as required by law . Generally, this means we retain information for the duration of our relationship with you plus any period required for legal, accounting or reporting obligations. When the information is no longer required, we securely destroy or de‑identify it.

Access and Correction

You have the right, under the Australian Privacy Principles, to request access to the personal information we hold about you and to request correction if you believe it is inaccurate, out-of-date or incomplete . To request access or correction:

1. Contact us using the details in Section 13.
2. Provide sufficient information to verify your identity.
3. Specify the information you wish to access or correct.

We will respond within a reasonable time and may charge a reasonable fee to cover retrieval costs. In rare cases we may refuse access if permitted by law (e.g., if providing access would unreasonably affect someone else’s privacy). If we refuse, we will explain why.

Complaints

If you have concerns about how we handle your personal information or believe we have breached the Australian Privacy Principles, please let us know . To lodge a complaint:

• Contact us in writing (see Section 13).
• Provide as much detail as possible about your concern.
• We will require proof of identity to process your complaint and will aim to respond within 30 days

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) via the OAIC website (www.oaic.gov.au).

Contact Us

For questions about this policy, to access or correct your personal information, or to make a complaint, please contact our Privacy Officer:

3 Point Security

Melbourne VIC, Australia

Tel: 03 4320 5300

Email: info@3pointsecurity.au

Effective date: This policy is effective from 30 August 2025 and replaces any previous Privacy Policy. We encourage you to review it periodically for updates.