Privacy & Information Security Policy

Responsible AI Digital Transformation Agency

1.Introduction

 

AI Consulting Group (“we”, “us”, “our”) is committed to safeguarding the privacy of all individuals (“you”, “your”) whose information we handle. This Policy explains how we collect, use, disclose, store, secure, and dispose of Personal Information under the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and, where applicable, the EU General Data Protection Regulation (GDPR).

 

2.What We Collect & Why

Personal Information

We collect only the information necessary to deliver our services and manage our relationship with you. This may include:

  • Identifying Details: Names, job titles, organization, contact information (email, phone, address).
  • Engagement Data: Documents or materials you provide to support our work together.
  • Transaction Data: Billing and payment information when you purchase services.

Secondary Uses: We may use Personal Information for directly related purposes—such as service improvements or client communications—where you would reasonably expect this. You can opt out of promotional communications at any time.

Sensitive Information

If we ever collect Sensitive Information (e.g. health data, criminal history, political beliefs), we will do so only with your explicit consent or where legally required, and use it solely for its intended purpose.

3.How We Collect Information

  • Directly from You: Through forms, consultations, emails, phone calls, our website.
  • From Third‑Party Sources: Such as publicly available records or partners—only when you have been informed or have consented.

4.Use & Disclosure of Personal Information

  • Primary Purpose: To provide consulting and advisory services, manage projects, and communicate effectively.
  • Disclosure:
    • To service providers (e.g. IT hosting, analytics, accounting) under strict confidentiality agreements.
    • Where required by law or with your explicit consent.
  • No Unauthorized Sharing: We do not sell or rent your information to external parties.

5.Your Rights & Choices

Access & Correction

You may:

  • Access the Personal Information we hold about you.
  • Correct any inaccuracies or update incomplete details.

Erasure & Restriction

You may:

  • Request deletion of your data (subject to legal or contractual obligations).
  • Limit how we process your information.

Data Portability

Where technically feasible, receive your Personal Information in a structured, commonly used format.

To exercise any rights, contact us (Section 13). We may request proof of identity and, for extensive requests, charge a nominal administrative fee.

6.Data Security Measures

Technical Safeguards

  • Encryption: Data encrypted in transit (TLS) and at rest (AES‑256 or equivalent).
  • Network Defences: Firewalls, intrusion detection, antivirus, continuous monitoring.

Organizational Controls

  • Access Management:
    • Role‑based permissions following Zero Trust principles.
    • Two‑Factor Authentication (2FA) for all staff.
  • Confidentiality Agreements: All personnel sign binding privacy and security commitments.
  • Audits & Testing: Regular internal audits and third‑party security assessments.

Data Handling

  • Secure Storage & Disposal: Retain only as needed, then securely destroy or anonymize.
  • Monitoring: Automated alerts for unusual access or transfers.

7.Breach Response

If a data breach occurs, we will:

  1. Contain & Mitigate immediately.
  2. Notify affected individuals and regulators as required.
  3. Investigate root causes.
  4. Update controls and policies to prevent recurrence.

8.Data Retention

We keep Personal Information only for as long as needed to fulfill our services or comply with legal requirements. When no longer necessary, we securely delete or anonymize the data.

9.Third‑Party Service Providers

We engage trusted partners (e.g. IT infrastructure, analytics, payment processors) bound by contract to adhere to privacy and security standards equivalent to ours. They process data only on our instruction.

10.Maintaining Data Quality

We take reasonable steps to ensure Personal Information is accurate, complete, and up‑to‑date. Please notify us of any changes so we can correct our records promptly.

11.Policy Updates

This Policy may be revised over time. The most current version will always be available on our website.

12.Training & Awareness

All team members receive:

  • Onboarding & Annual Refresher Training on privacy principles and cybersecurity best practices.
  • Role‑Specific Training where handling Sensitive Information or critical systems.

13.Contact Us

For questions, complaints, or to exercise your privacy rights, please contact our Privacy Officer:

Email: info@aiconsultinggroup.com.au
Phone: (02) 8283 4099

By engaging with AI Consulting Group, you acknowledge that you have read and agree to this Privacy Policy. We are dedicated to protecting your Personal Information and respecting your privacy.