[ PRIVACY POLICY ]

Privacy Policy

Effective Date: June 2025 · Last Reviewed: June 2026

1. Introduction

EXELCOM (ABN 32 612 637 313) (‘EXELCOM’, ‘we’, ‘us’, or ‘our’) is an Australian managed IT services and cybersecurity company headquartered in New South Wales. We are committed to protecting the privacy of individuals whose personal information we collect, use, and manage in the course of our business operations.

This Privacy Policy explains how EXELCOM handles personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). It applies to our website at exelcom.au, our managed services platform, and all client and business interactions.

By engaging our services, visiting our website, or providing us with your personal information, you consent to the practices described in this Policy.

2. What Personal Information We Collect

We collect personal information that is reasonably necessary for our business functions. The types of information we may collect include:

2.1 Client and Contact Information

  • Full name, job title, and employer/organisation name
  • Business and personal email addresses
  • Phone numbers (direct line and mobile)
  • Business address and billing details
  • ABN or ACN where required for invoicing

2.2 Technical and Service Information

  • IT infrastructure details, system configurations, and network topology (collected during service delivery)
  • Login credentials for managed systems (stored securely in accordance with our security policy)
  • Device identifiers, IP addresses, and endpoint information
  • Incident and support ticket data, including communications relating to IT or cybersecurity issues

2.3 Website and Marketing Information

  • Browser type, IP address, and pages visited on exelcom.au (via cookies and analytics tools)
  • Contact form submissions, including name, email, and message content
  • Information provided when registering for events or requesting a consultation

2.4 Sensitive Information

We do not routinely collect sensitive information (such as health or financial information) unless it is directly relevant to providing our services, and only with your explicit consent or where required by law.

3. How We Collect Personal Information

We collect personal information in the following ways:

  • Directly from you when you contact us, complete a form, or engage our services
  • Through your use of our website and any cookies or tracking technologies
  • From third parties such as referral partners, vendors, or publicly available sources (e.g. LinkedIn) where relevant to a business engagement
  • Automatically during service delivery, including through monitoring tools and security software we operate on your behalf

Where practicable, we will collect personal information directly from the individual concerned.

4. How We Use Personal Information

EXELCOM uses personal information for the following purposes:

  • Providing, managing, and improving our managed IT and cybersecurity services
  • Responding to enquiries, support requests, and client communications
  • Processing invoices, payments, and contractual obligations
  • Maintaining the security and integrity of client systems and our own infrastructure
  • Sending service-related updates, scheduled maintenance notices, and security alerts
  • Marketing our services, including events, newsletters, and product updates (with your consent, or where permitted under the Spam Act 2003 (Cth))
  • Complying with legal, regulatory, and contractual obligations
  • Improving our website, service delivery processes, and client experience

We will not use your personal information for purposes unrelated to those listed above without your consent or unless required by law.

5. Disclosure of Personal Information

EXELCOM may disclose personal information to the following parties:

  • Our employees and contractors who require access to perform their duties
  • IT vendors, cloud platform providers, and technology partners (e.g. Microsoft, Cisco) engaged to support service delivery
  • Professional advisers including lawyers, accountants, and auditors
  • Government authorities, regulators, or law enforcement where required by law
  • Successors in title in the event of a business acquisition or merger

We do not sell personal information to third parties. Any third parties we engage are required to handle personal information in accordance with applicable privacy laws and our data handling requirements.

6. Overseas Disclosure

Some of our service partners and cloud platforms (such as Microsoft Azure, Google Workspace, and other SaaS platforms) may store or process data overseas, including in the United States, Europe, and other jurisdictions. Where this occurs, we take reasonable steps to ensure that overseas recipients handle personal information in a manner consistent with the Australian Privacy Principles.

By using our services, you acknowledge that your personal information may be transferred to and processed in countries outside Australia.

7. Data Security

EXELCOM implements appropriate technical and organisational measures to protect personal information from unauthorised access, disclosure, alteration, or destruction. Our security measures include:

  • Encryption of data in transit and at rest
  • Multi-factor authentication for access to systems holding personal data
  • Role-based access controls and least-privilege principles
  • Regular security assessments, vulnerability scanning, and penetration testing
  • Incident response procedures and breach notification protocols

In the event of an eligible data breach under the Notifiable Data Breaches (NDB) scheme, EXELCOM will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required under the Privacy Act 1988 (Cth).

8. Cookies and Website Analytics

Our website at exelcom.au may use cookies and similar technologies to improve your browsing experience, analyse site traffic, and support our marketing efforts. Cookies may include:

  • Session cookies (deleted when you close your browser)
  • Persistent cookies (remain on your device for a set period)
  • Third-party analytics cookies (e.g. Google Analytics)

You can manage cookie preferences through your browser settings. Disabling cookies may affect certain features of our website. For more detail, see our Cookie Policy.

9. Access and Correction

You have the right to request access to the personal information EXELCOM holds about you, and to request corrections if that information is inaccurate, out of date, or incomplete. To make a request, please contact us using the details in Section 12.

We will respond to access and correction requests within a reasonable timeframe (generally within 30 days) and at no charge, unless the request is excessively complex or repetitive, in which case a reasonable fee may apply.

In some circumstances, we may decline to provide access (e.g. where it would unreasonably impact the privacy of others, or where we are legally required to withhold information). If we decline, we will provide written reasons.

10. Retention and Disposal

EXELCOM retains personal information for as long as it is needed for the purpose for which it was collected, or as required by applicable law or contractual obligations. When personal information is no longer required, we will take reasonable steps to securely destroy, de-identify, or archive it in accordance with our data retention policy.

11. Complaints

If you believe EXELCOM has breached the Australian Privacy Principles or mishandled your personal information, we encourage you to contact us in the first instance so we can attempt to resolve your concern.

If you are unsatisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

  • Website: www.oaic.gov.au
  • Phone: 1300 363 992
  • Mail: GPO Box 5218, Sydney NSW 2001

12. Contact Us

For any privacy-related enquiries, access requests, or complaints, please contact:

Privacy Officer
EXELCOM
Website: https://exelcom.au
Email: privacy@exelcom.au
New South Wales, Australia

13. Updates to This Policy

EXELCOM may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or services. The current version will always be published on our website at exelcom.au/privacy-policy. We encourage you to review this Policy periodically.

Material changes will be communicated via our website or directly to affected clients where appropriate.