Book meeting

Privacy Policy

Privacy Policy

Privacy Policy

Popa Consultants Pty Ltd (“we”, “us”, “our”) is committed to protecting your personal information in accordance with the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs). Last Updated: 18 December 2025.

This policy applies to all personal information we collect through our website at www.popa.com.au, through the provision of IT Managed Services, and through any other dealings with clients, prospective clients, and third parties.

Section 1

What Is Personal Information?

Personal information means information or an opinion about an identified individual or an individual who is reasonably identifiable, whether the information is true or not, and whether recorded in a material form or not (Privacy Act 1988, s 6).

This includes your name, email address, phone number, business details, and technical information collected in the course of providing our services. It does not include information that cannot reasonably identify you.

Section 2

What Information Do We Collect?

The type of personal information we collect depends on how you interact with us. This may include:

  • Identity and contact details — name, job title, email address, phone number, and business address
  • Service and account information — login credentials, system access details, and service configurations provided for the purpose of delivering IT support
  • Financial information — billing details, payment method, and invoice history
  • Technical data — IP addresses, device information, network logs, and system diagnostics collected in the course of managed services
  • Communications — emails, support tickets, and records of correspondence with our team
  • Website usage data — cookies, page visits, and referral sources collected when you visit our website
Section 3

How We Collect Personal Information

We collect personal information through the following means:

  • Directly from you — when you complete our contact form, request a quote, or engage our services
  • Through our service delivery — including remote monitoring tools, ticketing systems, and network management platforms
  • From third parties — such as your organisation’s IT systems accessed for service delivery, or referrals from business partners
  • Automatically — through cookies and analytics tools when you visit our website

Where practicable, we will give you the option to interact with us anonymously or using a pseudonym (APP 2). However, this may limit our ability to provide certain services.

Section 4

Why We Collect and Use Your Information

We collect and use personal information only for purposes that are reasonably necessary for our business functions (APP 3), including:

  • Providing, managing, and improving our IT Managed Services
  • Responding to service requests, support tickets, and enquiries
  • Sending invoices and processing payments
  • Communicating about changes to our services or policies
  • Meeting our legal and regulatory obligations
  • Improving our website and service delivery through analytics

We will not use your personal information for any purpose other than those stated above, or for which you have given consent, without notifying you in advance.

Section 5

Disclosure of Personal Information

We may disclose your personal information to third parties only where necessary and permitted under the APPs (APP 6), including:

  • Technology vendors and subcontractors — such as cloud platforms, software providers, and technical support partners who assist in delivering our services
  • Payment processors — to facilitate direct debit and invoice payments
  • Professional advisors — including lawyers, accountants, and auditors under obligations of confidentiality
  • Regulators and law enforcement — where required or authorised by Australian law

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

Overseas Disclosures

Some of our technology vendors and cloud platforms may be located or store data outside Australia. Where we disclose personal information to overseas recipients, we take reasonable steps to ensure they handle it in accordance with the APPs or an equivalent privacy framework (APP 8). By using our services, you acknowledge that such overseas disclosure may occur.

Section 6

Data Security

We implement reasonable technical and organisational measures to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure (APP 11). These measures include:

  • Encrypted data storage and transmission (TLS/SSL)
  • Role-based access controls and multi-factor authentication
  • Network monitoring and intrusion detection
  • Regular security patching and vulnerability assessments
  • Staff training on privacy and data handling obligations

Despite these measures, no system is completely secure. We encourage you to notify us immediately if you suspect any unauthorised access to your information.

Notifiable Data Breaches

We comply with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988. If we become aware of an eligible data breach that is likely to result in serious harm to affected individuals, we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as soon as practicable. Under the Cyber Security Act 2024, we are also subject to mandatory reporting obligations for ransomware and cyber extortion payments to the Australian Signals Directorate (ASD) within 72 hours.

Section 7

Data Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law (APP 11.2). Retention periods are determined by:

  • The nature of the service relationship and any ongoing legal obligations
  • Australian tax and financial record-keeping requirements (generally 5–7 years)
  • Contractual obligations with clients and third parties

When personal information is no longer required, we take reasonable steps to destroy or de-identify it securely.

Section 8

Your Rights

Under the Privacy Act 1988 and the APPs, you have the right to:

  • Access — request access to personal information we hold about you (APP 12)
  • Correction — request correction of inaccurate, out-of-date, incomplete, or misleading information (APP 13)
  • Complaint — lodge a complaint with us or directly with the OAIC if you believe we have breached the APPs

We will respond to access and correction requests within a reasonable timeframe (typically 30 days) and at no charge unless the request is unreasonably complex or burdensome.

Privacy Tort

As of June 2025, individuals may also bring a direct action against organisations for serious invasions of privacy under the statutory tort introduced by the Privacy and Other Legislation Amendment Act 2024. We take these obligations seriously and are committed to handling your personal information with care.

Section 9

Cookies and Website Analytics

Our website uses cookies and similar tracking technologies to improve user experience and gather analytics. Cookies may collect information such as your IP address, browser type, pages visited, and time spent on the site.

You may disable cookies through your browser settings; however, this may affect the functionality of our website. We use Google Analytics to understand how visitors interact with our site. Data collected by Google Analytics is subject to Google’s Privacy Policy.

Section 10

Direct Marketing

We may use your contact details to send you information about our services, industry updates, or relevant IT news where you have consented or where we have an existing business relationship (APP 7).

You may opt out of marketing communications at any time by clicking “Unsubscribe” in any email or contacting us directly. We will process opt-out requests within a reasonable timeframe at no charge.

Section 11

Contact and Complaints

If you have any questions about this Privacy Policy, wish to access or correct your personal information, or want to make a complaint, please contact us:

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or by calling 1300 363 992. The OAIC can investigate complaints and take enforcement action under the Privacy Act.

Section 12

Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The current version will always be available on our website. We encourage you to review this policy periodically. Material changes will be communicated by email to active clients.

This policy was last reviewed and updated on 18 December 2025 and reflects obligations under the Privacy Act 1988 including amendments introduced by the Privacy and Other Legislation Amendment Act 2024.

Make Appointment

Book a 30 minutes free consultation

Not sure where to start? Our friendly team is here to help. Book a free 30-minute consultation and discover how Popa Consultants can simplify your IT and keep your business moving forward.

Get Started

We use successful strategies we’ve developed over the last 20 years to inspire, motivate and inovate your business on transforming, growing, and becoming more productive through better technology

Services

IT Management
Cybersecurity
IT Strategy
Cloud Computing

Quick Links

About Us
Services
Contact
Blog

Contact us

WeWork – 222 Exhibition Street,
Melbourne CBD 3000
+61 414 683 950
info@popa.com.au

Copyright © 2026 PopaConsultants All rights reserved.

Terms & Conditions
Privacy Policy
Acceptable Use Policy