AffinityMSP

Privacy Policy

How we collect, use, and protect your personal information

Privacy Commitment

This Privacy Policy describes how Affinity MSP Pty Ltd (ABN: 72 636 443 457) ("we", "us", "our") AffinityMSP is committed to protecting your privacy and complying with the Australian Privacy Principles under the Privacy Act 1988 (Cth). This policy explains how we handle your personal information.

1. About This Privacy Policy

This Privacy Policy describes how Affinity MSP Pty Ltd (ABN: 72 636 443 457) ("we", "us", "our") collects, uses, discloses, and manages personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

Key Information:

  • Entity: Affinity MSP Pty Ltd
  • ABN: 72 636 443 457
  • Service: Cybersecurity Assessment Platform
  • Jurisdiction: Australia
  • Governing Law: Privacy Act 1988 (Cth)
  • Last Updated: 12/03/2026

2. Personal Information We Collect

We collect personal information that is reasonably necessary for our cybersecurity assessment services. The types of personal information we collect include:

2.1 Information You Provide Directly

Contact Information

  • • First name and last name
  • • Business/company name
  • • Email address
  • • Mobile phone number
  • • Business address (if provided)

Technical Information

  • • Website URL for assessment
  • • Domain ownership details
  • • Security assessment preferences
  • • Communication preferences

2.2 Information We Collect Automatically

Technical Data

  • • IP address and location data
  • • Browser type and version
  • • Device information and operating system
  • • Website usage patterns and analytics
  • • Security scan results and technical findings
  • • Service interaction logs and timestamps

2.3 Information from Third Parties

We may collect information from publicly available sources such as domain registration databases, DNS records, and security databases to perform comprehensive security assessments.

3. How We Use Your Personal Information

We use your personal information for the following purposes, in accordance with the Australian Privacy Principles:

Primary Purposes

  • Perform cybersecurity assessments on your specified domains
  • Generate and deliver security reports and recommendations
  • Provide customer support and technical assistance
  • Communicate about audit results and security recommendations

Secondary Purposes

  • Improve our services and develop new security features
  • Conduct analytics to enhance user experience
  • Send relevant cybersecurity updates and insights
  • Comply with legal obligations and industry standards

⚠️ Important: Consent Required

We will only use your personal information for purposes you have consented to, or as otherwise permitted under the Privacy Act 1988. You can withdraw consent at any time by contacting our Privacy Officer.

4. Disclosure of Personal Information

We may disclose your personal information to third parties in the following circumstances:

4.1 Service Providers

We may share your information with trusted service providers who assist us in delivering our services:

  • • Cloud hosting and infrastructure providers
  • • Email service providers for notifications
  • • Analytics and monitoring services
  • • Payment processors (if applicable)
  • • Technical support and maintenance providers

All service providers are bound by confidentiality agreements and must comply with Australian privacy laws.

4.2 Legal Requirements

We may disclose personal information where required or permitted by law, including:

  • To comply with court orders, subpoenas, or legal processes
  • To assist law enforcement agencies with investigations
  • To protect our rights, property, or safety, or that of others
  • In connection with business transfers or restructuring

4.3 Overseas Disclosure

Some of our service providers may be located overseas, including:

  • • United States (cloud hosting and analytics)
  • • European Union (security scanning services)
  • • Singapore (data processing and storage)

We ensure overseas recipients are bound by privacy obligations substantially similar to the APPs.

5. Data Security and Storage

5.1 Security Measures

We implement comprehensive security measures to protect your personal information:

Technical Safeguards

  • • End-to-end encryption in transit and at rest
  • • Multi-factor authentication systems
  • • Regular security audits and penetration testing
  • • Secure cloud infrastructure (SOC 2 compliant)
  • • Automated backup and disaster recovery

Administrative Controls

  • • Role-based access controls
  • • Staff privacy training and confidentiality agreements
  • • Incident response and breach notification procedures
  • • Regular privacy impact assessments
  • • Vendor security assessments

5.2 Data Retention

Retention Periods

  • Contact Information: Retained for 3 years after last service interaction
  • Security Audit Results: Retained for 12 months for comparison purposes
  • Technical Logs: Retained for 6 months for security and troubleshooting
  • Marketing Communications: Until you unsubscribe or withdraw consent
  • Legal Requirements: As required by applicable laws (typically 7 years)

We securely delete or anonymize personal information when no longer required.

5.3 Data Breach Response

In the event of a data breach that may cause serious harm, we will:

  • Notify the Office of the Australian Information Commissioner within 72 hours
  • Notify affected individuals as soon as practicable
  • Provide clear information about the breach and recommended actions
  • Implement immediate containment and remediation measures

6. Your Privacy Rights

Under the Privacy Act 1988 and Australian Privacy Principles, you have the following rights:

Access Rights (APP 12)

You can request access to the personal information we hold about you, including how we collected it and how we use it.

Correction Rights (APP 13)

You can request correction of personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading.

Consent Withdrawal

You can withdraw consent for processing your personal information at any time, subject to legal and contractual restrictions.

Deletion Rights

You can request deletion of your personal information where we no longer need it for our business purposes.

Complaint Rights

You can make a complaint about how we handle your personal information to our Privacy Officer or the OAIC.

Portability Rights

You can request your personal information in a structured, commonly used format for transfer to another service provider.

How to Exercise Your Rights

To exercise any of these rights, please contact our Privacy Officer:

  • • Email: privacy@affinitymsp.com.au
  • • Phone: 1300 AFFINITY
  • • Post: Privacy Officer, Affinity MSP Pty Ltd, Suite 101 - 21/35 Ricketts Road, Mount Waverley VIC 3156

We will respond to your request within 30 days and may require identity verification.

7. Cookies and Online Tracking

We use cookies and similar technologies to enhance your experience and analyze website usage:

Essential Cookies

Required for website functionality, security, and service delivery. Cannot be disabled.

Analytics Cookies

Help us understand website usage and improve our services. Can be disabled in browser settings.

Functional Cookies

Remember your preferences and settings to enhance user experience.

You can control cookies through your browser settings. However, disabling certain cookies may affect website functionality.

8. Contact Us and Complaints

8.1 Privacy Officer Contact

Affinity MSP Privacy Officer

  • Email: privacy@affinitymsp.com.au
  • Phone: 1300 AFFINITY
  • Post: Privacy Officer
    Affinity MSP Pty Ltd
    ABN: 72 636 443 457
    Suite 101 - 21/35 Ricketts Road
    Mount Waverley, Victoria, 3156
    Australia

Business Hours

  • Monday - Friday: 9:00 AM - 5:00 PM AEST
  • Saturday: 9:00 AM - 1:00 PM AEST
  • Sunday: Closed
  • Public Holidays: Closed

Emergency privacy matters will be addressed within 24 hours.

8.2 Complaint Process

How to Make a Privacy Complaint

  1. 1. Contact Us: Submit your complaint to our Privacy Officer with details of the issue
  2. 2. Investigation: We will investigate your complaint within 30 days
  3. 3. Response: We will provide a written response with our findings and any actions taken
  4. 4. Resolution: If you're not satisfied, we will work with you to find a resolution

8.3 External Complaints

Office of the Australian Information Commissioner (OAIC)

If you're not satisfied with our response to your privacy complaint, you can contact the OAIC:

  • • Website: www.oaic.gov.au
  • • Phone: 1300 363 992
  • • Email: enquiries@oaic.gov.au
  • • Post: GPO Box 5218, Sydney NSW 2001

9. Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations.

Notification of Changes

  • Minor Changes: Updated policy posted on website with revision date
  • Material Changes: Email notification to registered users
  • Significant Changes: Prominent website notice and consent re-collection if required

Continued use of our services after policy updates constitutes acceptance of the changes.

Policy Version Information

  • Current Version: 1.0
  • Effective Date: 12/03/2026
  • Last Reviewed: 12/03/2026
  • Next Review: 12/03/2027

10. Definitions

Personal Information
Information or an opinion about an identified individual, or an individual who is reasonably identifiable.
Australian Privacy Principles (APPs)
The 13 principles in the Privacy Act 1988 that regulate how personal information is collected, used, disclosed, and stored.
Sensitive Information
A subset of personal information that includes health information, racial or ethnic origin, political opinions, religious beliefs, and biometric data.
Data Breach
Unauthorized access to or disclosure of personal information that could result in serious harm to affected individuals.