• Cymax Pty Ltd commitment to privacy

1. Cymax Pty Ltd (ABN: 48 095 099 737), its subsidiaries and affiliates in Australia (collectively referred to as “we” and “us”) are committed to managing personal information in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth) and in accordance with other applicable privacy laws.

1. This document sets out our policies for managing your personal information and is referred to as our Privacy Policy.

1. In this Privacy Policy, “we” and “us” refers to Cymax Pty Ltd and “you” refers to any individual about whom we collect personal information.

• Australian Privacy Principles 

We will treat all personal information in accordance with any and all obligations that are binding upon us under the Privacy Act 1988 (Cth) (“Privacy Act”). The Privacy Act lays down 13 key principles in relation to the collection and treatment of personal information, which are called the “Australian Privacy Principles.”

• What is “personal information”?

Personal information held by Cymax may include your:

1. name and date of birth;
2. residential and business postal addresses, telephone/mobile/fax numbers and email addresses;
3. bank account and/or credit card details for agreed billing purposes;
4. any information that you provided to us by you during your account creation process or added to your user profile;
5. preferences and password for using our website or online support portal and your computer and connection information; and
6. any information that you otherwise share with us.

• About Cymax Pty Ltd

1. Cymax Pty Ltd is a provider of IT solutions.

1. Cymax Pty Ltd offers a complete range of IT services, including Managed IT services, Cloud solutions, voice (VoIP) services, data services and IT support and can also assist with the procurement, implementation and management of hardware, software and databases. We can also oversee your disaster recovery testing to ensure your data is safe and meets compliance requirements.

1. Please contact us for a full list of the companies which comprise Cymax Pty Ltd and which are subject to this Privacy Policy.

• What information does Cymax Pty Ltd collect about you?

Clients and prospective clients

1. When you enquire about our services or when you become a client of Cymax Pty Ltd, a record is made which includes your personal information.

1. The type of personal information that we collect will vary depending on the circumstances of collection and the kind of service that you request from us, but will typically include:

1. your name, e-mail, postal address and other contact details;
2. information about your employer or an organisation who you represent;
3. your professional details; and
4. any additional personal information you provide to us, or authorise us to collect, as part of your interaction with Cymax Pty Ltd.

Prospective employees or applicants

1. We collect personal information when recruiting personnel, such as your name, contact details, qualifications and work history. Generally, we will collect this information directly from you.

1. We may also collect personal information from third parties in ways which you would expect (for example, from recruitment agencies or referees you have nominated). Before offering you a position, we may collect additional details such as your tax file number and superannuation information and other information necessary to conduct background checks to determine your suitability for certain positions (for example, positions which involve working with children).

1. We may also collect personal information when we conduct police or background checks on individuals when recruiting personnel. We do this in accordance with legal obligations, for ensuring the safety and security of our services, preventing fraudulent activities, or complying with regulatory or law enforcement requests.

Other individuals

1. Cymax Pty Ltd may collect personal information about other individuals who are not clients of Cymax Pty Ltd. This includes customers and members of the public who participate in events we are involved with, individual service providers and contractors to Cymax Pty Ltd, and other individuals who interact with Cymax Pty Ltd on a commercial basis. The kinds of personal information we collect will depend on the capacity in which you are dealing with Cymax Pty Ltd.

1. If you are participating in an event we are managing or delivering, we may take images or audio-visual recordings which identify you.

1. In limited circumstances, Cymax Pty Ltd may collect information which is considered sensitive information. For example, if you are injured at an event promoted or delivered by Cymax Pty Ltd we may collect health information about you in an emergency or otherwise with your consent.

1. We may collect personal information about children (for example, when children participate in events we are involved with). Where children do not have sufficient maturity and understanding to make decisions about their personal information, we will require their parents or guardians to make decisions on their behalf.

1. You can always decline to give Cymax Pty Ltd any personal information we request, but that may mean we cannot provide you with some or all of the services you have requested. If you have any concerns about personal information we have requested, please let us know.

Visitors to our websites

1. The way in which we handle the personal information of visitors to our websites is discussed in clause 6 below.

• How and why does Cymax Pty Ltd collect and use your personal information?

1. Cymax Pty Ltd collects personal information reasonably necessary to carry out our business, to assess and manage our clients’ needs, and provide services including Managed IT services, Cloud solutions, voice (VoIP) services, data services and IT support and other related services such as the procurement, implementation and management of hardware, software and databases, disaster recovery testing and compliance testing. We may also collect information to fulfil administrative functions associated with these services, for example billing, entering into contracts with you or third parties and managing client relationships, and for any other purpose reasonably considered necessary in relation to the operation of our business

1. The purposes for which Cymax Pty Ltd usually collects and uses personal information depends on the nature of your interaction with us, but may include:

1. responding to requests for information and other general inquiries;
2. providing IT support via our online support portal and to verify your identity when you access these services;
3. making changes or updating your services, as well as responding to queries or feedback;
4. managing, planning, advertising and administering programs, events, competitions and performances;

1. maintaining and developing our business systems and infrastructure, including researching, developing, expanding, testing and upgrading of facilities and services;
2. informing you of our activities, events, facilities and services;

1. recruitment processes (including for volunteers, internships and work experience); and

1. responding to enquires and complaints.

1. Cymax Pty Ltd generally collects personal information directly from you. We may collect and update your personal information over the phone, by email, over the internet or social media, or in person. We may also collect personal information about you from other sources, for example:

1. our affiliated and related companies; and

1. third party suppliers and contractors who assist us to operate our business.

1. Cymax Pty Ltd also collects and uses personal information for market research purposes and to innovate our delivery of products and services.

• How does Cymax Pty Ltd interact with you via the internet?

1. You may visit our website (cymax.com.au) without identifying yourself. If you identify yourself (for example, by providing your contact details in an enquiry or IT support request), any personal information you provide to Cymax Pty Ltd will be managed in accordance with this Privacy Policy.

1. Our website uses cookies in order to:
   1. remember your preferences for using this site;
   2. manage the signup process when you create an account with us;
   3. recognise you as logged in while you remain so. This avoids your having to log in again every time you visit a new page;
   4. show relevant notifications to you (eg, notifications that are relevant only to users who have, or have not, created an account or subscribed to newsletters or email or other subscription services); and
   5. remember details of data that you choose to submit to us (eg, through online contact forms or by way of comments, forum posts, chat room messages, reviews, ratings, etc).
   6. Many of these cookies are removed or cleared when you log out but some may remain so that your preferences are remembered for future sessions.
2. In some cases, third parties may place cookies through this site. For example:
   1. Google Analytics, one of the most widespread and trusted website analytics solutions, may use cookies de-identified data about how long users spend on this site and the pages that they visit;
   2. Google AdSense, one of the most widespread and trusted website advertising solutions, may use cookies to serve more relevant advertisements across the web and limit the number of times that a particular advertisement is shown to you; and
   3. third party social media applications (eg, Facebook, Twitter, LinkedIn, Pinterest, YouTube, Instagram, etc) may use cookies in order to facilitate various social media buttons and/or plugins in this site.

1. You can use the settings in your browser to control how your browser deals with cookies. However, in doing so, you may be unable to access certain pages or content on our website.

1. Cymax Pty Ltd’s website may contain links to third-party websites. Cymax Pty Ltd is not responsible for the content or privacy practices of websites that are linked to our website and we we recommend that you refer to the privacy statement of the websites you visit. This Privacy Policy applies to this site only and Cymax assumes no responsibility for the content of any third party websites.

1. We may use the Google AdWords and/or Facebook re-marketing services to advertise on third party websites to previous visitors to this site based upon their activity on this site. This allows us to tailor our marketing to better suit your needs and to only display advertisements that are relevant to you. Such advertising may be displayed on a Google search results page or a website in the Google Display Network or inside Facebook. Google and Facebook may use cookies and/or pixel tags to achieve this. Any data so collected by Google and/or Facebook will be used in accordance with their own respective privacy policies. None of your personal Google and/or Facebook information is reported to us.
2. You can set preferences for how Google advertises to you using the Google Ads Settings page (https://www.google.com/settings/ads). Facebook has enabled an AdChoices link that enables you to opt out of targeted advertising.

• Can you deal with Cymax Pty Ltd anonymously?

Cymax Pty Ltd will provide individuals with the opportunity to remain anonymous or use a pseudonym in their dealings with us where it is lawful and practicable (for example, when making a general enquiry). Generally, it is not practicable for Cymax Pty Ltd to deal with individuals anonymously or pseudonymously on an ongoing basis. If we do not collect personal information about you, you may be unable to utilise our services or participate in our events, programs or activities we manage or deliver.

• How does Cymax Pty Ltd hold information?

1. Cymax Pty Ltd stores information in paper-based files or other electronic record keeping methods in secure databases (including trusted third party storage providers based in Australia or overseas). Personal information may be collected in paper-based documents and converted to electronic form for use or storage (with the original paper-based documents either archived or securely destroyed). We take reasonable steps to protect your personal information from misuse, interference and loss and from unauthorised access, modification or disclosure.

1. Cymax Pty Ltd maintains physical security over paper and electronic data stores, such as through locks and security systems at our premises. We also maintain computer and network security, for example, we use firewalls (security measures for the internet) and other security systems such as user identifiers and passwords to control access to our computer systems.

1. Our websites do not necessarily use encryption or other technologies to ensure the secure transmission of information via the internet. Users of our websites are encouraged to exercise care in sending personal information via the internet.

1. We take steps to destroy or de-identify information that we no longer require.

• Does Cymax Pty Ltd use or disclose your personal information for direct marketing?

1. Cymax Pty Ltd may use or disclose your personal information for the purpose of informing you about our services, upcoming promotions and events, or other opportunities that may interest you. If you do not want to receive direct marketing communications, you can opt-out at any time by contacting us using the contact details below.

1. If you opt-out of receiving marketing material from us, Cymax Pty Ltd may still contact you in relation to its ongoing relationship with you.

• How does Cymax Pty Ltd use and disclose personal information?

For clients

1. The purposes for which we may use and disclose your personal information will depend on the services we are providing you. For example, if you have engaged us to deliver a service, we may disclose information about you to third party service providers where this is relevant to our services.

For customers and participants

1. If you are a customer or participant in an event, we may disclose your personal information to our clients and venues where this is reasonably necessary for, and relevant to, the delivery of the event. We may use images or audio-visual recordings which identify you for promotional purposes where you would reasonably expect this to occur.

Disclosure to contractors and other service providers

1. Cymax Pty Ltd may disclose information to third parties we engage in order to provide our services, including contractors and service providers used for data processing, data analysis, customer satisfaction surveys, information technology services and support, website maintenance/development, printing, archiving, mail-outs, and market research.

1. Personal information may also be shared between related and affiliated companies of Cymax Pty Ltd, located in Australia or overseas.

1. Third parties to whom we have disclosed your personal information may contact you directly to let you know they have collected your personal information and to give you information about their privacy policies.

Use and disclosure for administration and management

1. Cymax Pty Ltd will also use and disclose personal information for a range of administrative, management and operational purposes. This includes:

1. administering billing and payments and debt recovery;

1. planning, managing, monitoring and evaluating our services;

1. quality improvement activities;

1. statistical analysis and reporting;

1. training staff, contractors and other workers;

1. risk management and management of legal liabilities and claims (for example, liaising with insurers and legal representatives);

1. responding to enquiries and complaints regarding our services;

1. obtaining advice from consultants and other professional advisers; and

1. responding to subpoenas and other legal orders and obligations.

Other uses and disclosures

1. We may use and disclose your personal information for other purposes explained at the time of collection or otherwise as set out in this Privacy Policy.

• Does Cymax Pty Ltd disclose your personal information overseas?

1. Cymax Pty Ltd is a global organisation and works with clients, service providers, sponsors and commercial interests across the globe. It is likely that your personal information will be disclosed to overseas recipients.

1. Unless we have your consent, or an exception under the Australian Privacy Principles applies, we will only disclose your personal information to overseas recipients where we have taken reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles in relation to your personal information.

1. Entities which are related entities of Cymax Pty Ltd or are otherwise affiliated with Cymax Pty Ltd in the United States of America, the United Kingdom, and India. In circumstances where your information is disclosed to overseas recipients, those recipients are likely to be located in countries in the regions in which Cymax Pty Ltd and its related entities and affiliates operate.

• GDPR 

1. Cymax welcomes the General Data Protection Regulation (“GDPR”) of the European Union (“EU”) as an important step forward in streamlining data protection globally.  We intend to comply with the data handling regime laid out in the GDPR in respect of any personal information of data subjects in the EU that we may obtain.
2. The requirements of the GDPR are broadly similar to those set out in the Privacy Act and include the following rights:

1. you are entitled to request details of the information that we hold about you and how we process it.  For EU residents, we will provide this information for no fee;
2. you may also have a right to:

1. have that information rectified or deleted;
2. restrict our processing of that information;
3. stop unauthorised transfers of your personal information to a third party;
4. in some circumstances, have that information transferred to another organisation; and
5. lodge a complaint in relation to our processing of your personal information with a local supervisory authority; and

1. where we rely upon your consent as our legal basis for collecting and processing your data, you may withdraw that consent at any time.

1. If you object to the processing of your personal information, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations.  However, please be aware that:

1. such objection or withdrawal of consent could mean that we are unable to provide our services to you, and could unduly prevent us from legitimately providing our services to other customers/clients subject to appropriate confidentiality protections; and
2. even after you have chosen to withdraw your consent, we may be able to continue to keep and process your personal information to the extent required or otherwise permitted by law, in particular:

1. to pursue our legitimate interests in a way that might reasonably be expected as part of running our business and which does not materially impact on your rights, freedoms or interests; and
2. in exercising and defending our legal rights and meeting our legal and regulatory obligations.

1. Data that we collect about you may be stored or otherwise processed by third party services with data centres based outside the EU, such as Google Analytics, Microsoft Azure, Amazon Web Services, Apple, etc and online relationship management tools.  We consider that the collection and such processing of this information is necessary to pursue our legitimate interests in a way that might reasonably be expected (eg, to analyse how our customers/clients use our services, develop our services and grow our business) and which does not materially impact your rights, freedom or interests.
2. Cymax requires that all third parties that act as “data processors” for us provide sufficient guarantees and implement appropriate technical and organisational measures to secure your data, only process personal data for specified purposes and have committed themselves to confidentiality.

• How can you access or seek correction of your personal information?

1. You are entitled to access your personal information held by Cymax Pty Ltd on request. To request access to your personal information please contact our privacy officer using the contact details set out below.
2. In some cases, we may refuse to give you access to personal information that we hold about you. This may include circumstances where giving you access would:

1. be unlawful (eg, where a record that contains personal information about you is subject to a claim for legal professional privilege by one of our contractual counterparties);
2. have an unreasonable impact on another person’s privacy; or 
3. prejudice an investigation of unlawful activity.

1. We may also refuse access where the personal information relates to existing or anticipated legal proceedings, and the information would not be accessible by the process of discovery in those proceedings.
2. If we refuse to give you access, we will provide you with reasons for our refusal.

1. You will not be charged for making a request to access your personal information but you may be charged for the reasonable time and expense incurred in compiling information in response to your request.

1. We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and up-to-date. You can help us to do this by letting us know if you notice errors or discrepancies in information we hold about you and letting us know if your personal details change.

1. However, if you consider any personal information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading you are entitled to request correction of the information. After receiving a request from you, we will take reasonable steps to correct your information.

1. We may decline your request to access or correct your personal information in certain circumstances in accordance with the Australian Privacy Principles. If we do refuse your request, we will provide you with a reason for our decision and, in the case of a request for correction, we will include a statement with your personal information about the requested correction.

• What should you do if you have a complaint about the handling of your personal information?

1. You may contact Cymax Pty Ltd at any time if you have any questions or concerns about this Privacy Policy or about the way in which your personal information has been handled.

1. You may make a complaint about privacy to the privacy officer at the contact details set out below.

1. The privacy officer will first consider your complaint to determine whether there are simple or immediate steps which can be taken to resolve the complaint. We will generally respond to your complaint within a week.

1. If your complaint requires more detailed consideration or investigation, we will acknowledge receipt of your complaint within a week and endeavour to complete our investigation into your complaint promptly. We may ask you to provide further information about your complaint and the outcome you are seeking. We will then typically gather relevant facts, locate and review relevant documents and speak with individuals involved.

1. In most cases, we will investigate and respond to a complaint within 30 days of

receipt of the complaint. If the matter is more complex or our investigation may take longer, we will let you know.

1. If you are not satisfied with our response to your complaint, or you consider that Cymax Pty Ltd may have breached the Australian Privacy Principles or the Privacy Act, a complaint may be made to the Office of the Australian Information Commissioner. The Office of the Australian Information Commissioner can be contacted by telephone on 1300 363 992 or by using the contact details on the website (www.oaic.gov.au).

• How changes are made to this Privacy Policy?

Cymax Pty Ltd may amend this Privacy Policy from time to time, with or without notice to you. We recommend that you visit our website (cymax.com.au) regularly to keep up to date with any changes.

• How can you contact Cymax Pty Ltd?

The contact details for Cymax Pty Ltd are:

1.  The Privacy Officer

1. 4a, 2404 Logan Road, Garden City Office Park, Eight Mile Plains, Queensland, 4113

1. privacy@cymax.com.au

This Privacy Policy was last updated on 6 December 2023.