top of page

Privacy Statement &
Data Confidentiality Statement

Privacy Statement

Privacy Statement– Compliance with the Privacy Act 1988 and Australian Privacy Principles (APPs)

​

We are committed to complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) in the way we collect, use, disclose, and manage your personal information.

​

1. What Information We Collect (APP 1, APP 3)

We only collect information that is reasonably necessary for conducting your Essential Eight assessment. This may include:

  • Contact information (name, email, phone)

  • Questionnaire responses

  • System configuration details and security control information

  • Information you voluntarily provide during the engagement

We do not collect sensitive personal information unless required and with your consent.

​

2. How We Collect Information (APP 3, APP 5)

Information is collected directly from you through:

  • Online or PDF questionnaires

  • Secure file transfer

  • Interviews or consultation meetings

Where information is collected, we will take reasonable steps to ensure you are aware of the purpose and our privacy practices.

​

3. Purpose of Use (APP 6)

Your information will be used solely for the following purposes:

  • Conducting your Essential Eight gap assessment

  • Preparing your security report and findings

  • Communicating with you about the engagement

We do not use your data for marketing, profiling, or any secondary purpose.

​

4. Storage, Security, and Retention (APP 11)

We apply industry-standard security controls to protect your information during the assessment stage, including:

  • Encrypted storage

  • Restricted access

  • Secure transfer protocols

We retain personal or assessment data only for the duration required to complete your report.

All raw data (e.g. questionnaires, screenshots, system exports) is permanently deleted after project completion, unless you request or authorise otherwise.

​

5. Disclosure to Third Parties (APP 6, APP 8)

We do not sell, share, or disclose your information to third parties.

No offshore or external providers are used for processing client data unless explicitly agreed in writing.

We do not transmit your data outside Australia.

​

6. Access and Correction (APP 12, APP 13)

You may request access to, or correction of, any personal information we hold about you.

Requests can be made via [your business email], and we will respond within a reasonable timeframe.

​

7. Anonymity and Pseudonymity (APP 2)

Where lawful and practical, you may choose not to identify yourself.

However, Essential Eight assessments normally require identifiable organisational contact details for accuracy and reporting.

​

8. Complaints (APP 1, APP 7)

If you believe your privacy rights have been breached, you may contact us at [your business email].

If unresolved, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

​

Data Confidentiality Statement

Data Confidentiality Statement

(Aligned with the Privacy Act 1988 and Australian Privacy Principles)

We treat all organisational information provided during the Essential Eight engagement as confidential. We make the following legally compliant commitments:

​

1. Confidential Use Only

All data you provide will be used exclusively for performing your Essential Eight assessment and producing your official report.

​

2. No Unauthorised Disclosure

Your information will not be disclosed to third parties, external vendors, or subcontractors without your explicit written consent, consistent with APP 6.

​

3. Data Retention

Assessment data is not retained beyond the project completion, except where required by law or expressly authorised by you.

​

4. Data Deletion

All assessment materials are securely destroyed using approved digital-wipe or controlled-deletion methods, in accordance with APP 11 (security of personal information).

​

5. Internal Access Controls

Only authorised staff directly involved in your engagement will have access to your data. Access is restricted and logged.

​

6. No Overseas Transfer

We do not transfer or store your data outside Australia unless specifically authorised, in compliance with APP 8 (cross-border disclosure).

​

7. NDA Availability

We are happy to sign a Non-Disclosure Agreement (NDA) upon request.

E8Compliance

E8 Compliance is a specialised cybersecurity & Essential Eight advisory practice
delivered by Nebula Data Pty Ltd (ABN 82 631 708 668).

Nebula Data provides the legal, operational, and contractual framework
under which all E8 Compliance services are delivered.

  • LinkedIn

08 7228 5289

darren.shamsharip@e8compliance.com.au

L12, 115 Grenfell St, Adelaide, SA5000

 

© 2025 by E8Complaince. Powered and secured by Nebula data 

 

bottom of page