Privacy Policy

1. About Us

CX IT Services Pty Ltd (trading as CX IT Services) is a managed IT services provider based in Melbourne, Victoria. We provide IT support, cyber security, cloud services, and related technology services to businesses throughout Australia.

Our registered address is 607 Bourke Street, Melbourne VIC 3000.

2. Information We Collect

We may collect the following categories of personal information:

Identity & Contact Information

• Full name, job title, and company name
• Email address and phone number
• Postal and business address

Technical & Service Information

• Device and network information collected as part of IT support services
• IT environment details (hardware inventory, software licences, infrastructure configuration) necessary to deliver managed services
• Remote monitoring data collected via our remote management and monitoring (RMM) tools
• Support ticket content and communication logs

Financial Information

• Billing contact details and payment information (processed via our secure payment partners - we do not store full card details)
• Invoice and payment history

Website & Marketing Information

• IP address, browser type, and device information
• Pages visited and time spent on our website
• Form submissions, enquiries, and quote requests
• Marketing preferences and communication opt-ins

3. How We Collect Information

We collect personal information in the following ways:

• Directly from you - when you complete a contact form, request a quote, sign a service agreement, or contact us by phone or email
• From our service delivery systems - through RMM agents, ticketing systems, and network monitoring tools deployed as part of an active managed services engagement
• From your use of our website - via cookies, analytics tools, and server logs
• From third parties - referrals, LinkedIn, or publicly available business directories, where permitted

4. Why We Collect Information

We collect and use personal information for the following purposes:

• Delivering, managing, and improving our managed IT and cyber security services
• Responding to enquiries and service requests
• Providing helpdesk and on-site IT support
• Invoicing and account management
• Sending service notifications, maintenance windows, and security alerts relevant to your IT environment
• Marketing communications about our services, where you have opted in or where we have a legitimate interest and you have not opted out
• Complying with our legal obligations under applicable Australian law
• Improving our website and service quality through analytics

We will not use your personal information for any purpose that is unrelated to the above without first obtaining your consent.

5. Disclosure of Information

We may disclose your personal information to:

• Our staff and contractors - technicians, account managers, and support personnel involved in delivering your services
• Technology vendors and sub-processors - including Microsoft, Datto, ConnectWise, and other platforms we use to deliver managed services (each bound by their own privacy and data processing agreements)
• Professional advisers - lawyers, accountants, and insurers, where necessary
• Law enforcement or regulators - where required by law or a valid court order

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.

Overseas Disclosure

Some of our technology platforms store or process data on servers located overseas (including the United States and European Union). Where this occurs, we take reasonable steps to ensure those providers comply with equivalent privacy protections. By using our services, you consent to this transfer where necessary for service delivery.

6. Data Storage & Security

We take data security seriously - it is core to our business. We implement the following safeguards:

• Encryption in transit (TLS 1.2+) and at rest for sensitive data
• Role-based access controls and least-privilege principles across all systems
• Multi-factor authentication (MFA) on all internal platforms
• Regular security reviews aligned to the ASD Essential Eight framework
• Audit logging and monitoring of access to client data

We retain personal information only as long as necessary to fulfil the purposes for which it was collected, or as required by law. Client IT environment data is retained for the duration of the service agreement plus a minimum 7-year period for compliance purposes. Marketing contact data is retained until you withdraw consent or we determine it is no longer required.

7. Cookies & Analytics

Our website uses cookies and similar tracking technologies to:

• Maintain website functionality and session state
• Analyse website traffic and user behaviour (via Google Analytics)
• Improve website performance and content
• Deliver relevant advertising where applicable (via Google Ads and LinkedIn)

You can control cookie settings through your browser preferences. Disabling cookies may affect some website functionality. For more information about how Google Analytics uses data, see Google's Privacy & Terms.

8. Third-Party Services

Our website and service delivery platform may contain links to third-party services. We are not responsible for the privacy practices of those services. We encourage you to review the privacy policies of any third-party service you interact with. Key platforms we use include:

• Microsoft 365 and Azure (cloud services)
• ConnectWise (ticketing and RMM)
• Datto (backup and disaster recovery)
• Google Workspace and Analytics
• Stripe (payment processing)

9. Access & Correction

Under the Australian Privacy Act, you have the right to:

• Request access to the personal information we hold about you
• Request correction of inaccurate, incomplete, or out-of-date information
• Opt out of direct marketing communications at any time

To exercise these rights, contact our Privacy Officer at sales@cxitservices.com.au. We will respond within 30 days. We may require identity verification before releasing or modifying information. In some cases we may be unable to provide access, in which case we will explain the reasons in writing.

10. Complaints

If you believe we have breached your privacy rights, please contact us first:

We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal obligations. The current version is always available at https://www.cxitservices.com.au/privacy-policy. We will notify active clients of material changes by email.

12. Contact Us

For any privacy-related queries, contact us: