Privacy Policy

SixVM IT Solutions ("SixVM", "we", "us" or "our") is committed to protecting the privacy of individuals whose personal information we handle. This Privacy Policy explains how we collect, use, disclose, store and protect your personal information, and how you may access or correct it.

This policy is prepared in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) contained in Schedule 1 of that Act, as well as the Spam Act 2003 (Cth). It also reflects our obligations under the Notifiable Data Breaches (NDB) scheme (Part IIIC of the Privacy Act 1988).

By accessing our website, using our services, or providing us with your personal information, you consent to the collection, use and disclosure of your personal information as described in this policy.

SixVM IT Solutions is an information technology company based in Perth, Western Australia, providing a broad range of IT services to businesses and residential customers across Australia. Our services include web development, IT support, app development, AI & automation, network infrastructure, cloud solutions, server management and cyber security.

We collect personal information that is reasonably necessary for our business functions and activities. The types of personal information we may collect include, but are not limited to:

Identity & Contact Information

• Full name and preferred name
• Postal address and physical location (suburb/city)
• Email address
• Phone number(s)
• Business name and ABN (for commercial clients)

Service & Technical Information

• Details of the IT services or support requested
• Device information (operating system, hardware specifications) relevant to service delivery
• Network configuration details required for troubleshooting or setup
• Login credentials for systems and platforms we are engaged to manage (stored and handled securely)
• Remote access session data where applicable

Financial Information

• Billing name and address
• Invoice and payment records
• Payment method details — note that card payments are processed by our third-party payment processor and we do not store full card numbers

Communications & Feedback

• Content of enquiries, support requests, quotes and correspondence
• Feedback, reviews and survey responses
• Records of service appointments and call notes

Website Usage Data

• IP address and approximate geographic location
• Browser type and version, operating system
• Pages visited, time on page, referral source
• Cookie identifiers and analytics data (see Section 11)

We generally do not collect sensitive information (as defined in the Privacy Act, e.g. health information, racial or ethnic origin, political opinions, criminal record). In the rare circumstance this becomes relevant, we will seek your explicit consent beforehand.

Consistent with APP 3 (Collection of Solicited Personal Information), we collect personal information only by lawful and fair means, and only if it is reasonably necessary for our functions. We collect personal information in the following ways:

• Directly from you — when you complete online forms (booking, consultation, contact or feedback forms on our website), communicate with us by phone, email, in person or via social media, or when you engage us to provide services.
• Automatically via our website — through cookies, web beacons and analytics tools when you browse our website (see Section 11).
• From third parties — in limited circumstances, we may receive personal information from business partners, referral sources, or publicly available sources (e.g. social media profiles or business directories) where you have made that information publicly available or have consented to its disclosure.
• During service delivery — when you provide us with access to devices, systems or networks as part of delivering our IT support or managed services.

Where it is reasonably practicable to do so, we will collect personal information directly from you. If we collect personal information about you from a third party, we will take reasonable steps to notify you of this collection, unless doing so would be impracticable or unreasonable in the circumstances.

In accordance with APP 3.3, we only collect personal information that is reasonably necessary for one or more of our functions or activities. The primary purposes for which we collect your personal information are:

• To provide, manage and deliver IT services and support to you
• To respond to enquiries, provide quotes and schedule appointments
• To process payments and manage billing and invoicing
• To communicate with you about your service bookings, projects and account
• To improve our website, services and customer experience
• To send you service updates, maintenance notifications or important account communications
• To comply with our legal and regulatory obligations
• To send you direct marketing communications about our services, where you have consented or where permitted by law (see Section 12)
• For internal business analysis, planning and reporting purposes
• To manage complaints and resolve disputes

If we collect your personal information for a secondary purpose, we will only use or disclose it for that purpose if you have consented to such use or if an exception under the Privacy Act applies (e.g. if it is directly related to the primary purpose of collection, or required by law).

Consistent with APP 6 (Use or Disclosure of Personal Information), we will only use or disclose personal information for the primary purpose for which it was collected, a directly related secondary purpose, or with your consent. Specifically, we use your personal information to:

• Fulfil service requests, bookings and contracts
• Create and manage client accounts and service records
• Issue invoices, process payments and maintain financial records
• Communicate service updates, scheduling changes or follow-ups
• Provide technical support, remote assistance and on-site services
• Improve the content, functionality and security of our website
• Conduct customer satisfaction surveys and request reviews
• Send marketing communications (subject to your consent and opt-out rights)
• Investigate and resolve complaints or disputes
• Meet legal, tax, accounting and regulatory obligations
• Detect, prevent and respond to fraud, security incidents or policy violations

Under APP 6, we may disclose your personal information to third parties only where necessary for our business operations, or where permitted or required by law. We may disclose information to:

Service Providers & Contractors

• Cloud hosting and infrastructure providers — to host our website and store business data securely
• Payment processors — to facilitate secure payment transactions (e.g. Stripe, Square or similar providers)
• Email and communication platforms — for sending transactional and marketing emails
• CRM and business management software providers — to manage client records and service scheduling
• Analytics providers — to help us understand website usage (e.g. Google Analytics, with appropriate data processing terms in place)
• Subcontractors or technicians — where a specialist contractor is engaged to assist with a specific service on our behalf

Professional Advisors

• Accountants, auditors and tax advisors (as necessary for our compliance obligations)
• Legal advisors (where required to provide advice or respond to legal proceedings)

Regulatory & Government Bodies

• The Australian Taxation Office, ASIC, or other regulatory bodies where required by law
• Law enforcement agencies where required or authorised by law
• The Office of the Australian Information Commissioner (OAIC) in relation to a privacy complaint or investigation

All third-party service providers we engage are required to handle personal information in a manner consistent with the Australian Privacy Principles. We enter into data processing agreements with service providers where appropriate.

We do not sell, rent or trade your personal information to third parties for their marketing purposes.

Some of our third-party service providers are located overseas, or may process or store data on servers located outside Australia. In accordance with APP 8 (Cross-border Disclosure of Personal Information), before disclosing personal information to an overseas recipient, we take reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to that information.

Countries where your personal information may be processed or stored by our service providers may include, but are not limited to:

• United States of America — cloud hosting providers (e.g. Amazon Web Services, Google Cloud, Microsoft Azure), analytics platforms and payment processors
• European Union / European Economic Area — certain SaaS platforms that operate data centres within the EU, which are subject to the EU General Data Protection Regulation (GDPR)
• Singapore and other Asia-Pacific jurisdictions — regional data centres of cloud infrastructure providers

Where personal information is disclosed to overseas recipients, we take reasonable steps — including through contractual protections such as Standard Contractual Clauses or equivalent measures — to ensure those recipients handle your information consistently with Australian privacy standards.

Consistent with APP 11 (Security of Personal Information), SixVM takes reasonable steps to protect personal information from misuse, interference, loss, and from unauthorised access, modification or disclosure.

Our security measures include, but are not limited to:

• Encrypted storage and transmission of personal information (TLS/SSL protocols)
• Password-protected systems with access controls and multi-factor authentication (MFA)
• Role-based access controls — staff access to personal information is limited to what is necessary for their role
• Regular security audits, vulnerability assessments and software updates
• Physical security measures for any on-premises systems and equipment
• Staff training on privacy and information security obligations
• Incident response and data breach management procedures
• Use of reputable, security-certified cloud service providers

Whilst we implement reasonable security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your personal information transmitted to or from our website. You acknowledge this risk when providing information to us online.

If you suspect your personal information has been compromised, please contact us immediately at info@sixvm.com.au.

We retain personal information for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting or reporting requirements.

• Client service records — retained for a minimum of 7 years after the end of a client relationship, consistent with Australian tax and corporations law requirements
• Financial and billing records — retained for 7 years as required by the Income Tax Assessment Act 1997 and related legislation
• Website analytics data — typically retained in aggregated or anonymised form; identifiable data is retained according to the applicable third-party provider's retention policy (e.g. Google Analytics defaults)
• Marketing contact lists — retained until you unsubscribe or withdraw consent; we honour opt-out requests promptly
• Enquiry and correspondence records — retained for a reasonable period after resolution, generally 2–5 years

When personal information is no longer required and no legal obligation requires its retention, we take reasonable steps to destroy or permanently de-identify it, in accordance with APP 11.2.

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyse website traffic and understand user behaviour. A cookie is a small text file stored on your device by your browser.

Types of Cookies We Use

• Strictly Necessary Cookies — essential for the website to function properly (e.g. session management, form submission security). These cannot be disabled.
• Performance & Analytics Cookies — used to collect information about how visitors use our website (e.g. Google Analytics). Data is collected in an aggregated, anonymous form where possible.
• Functionality Cookies — allow the website to remember your preferences and provide enhanced features.
• Marketing & Targeting Cookies — used to deliver relevant advertisements and track campaign performance. These are only set with your consent.

Managing Cookies

You can control or disable cookies through your browser settings at any time. Most browsers allow you to:

• View what cookies are stored and delete them individually
• Block third-party cookies
• Block cookies from particular sites
• Block all cookies from being set

Please note that disabling certain cookies may affect the functionality and performance of our website. For instructions on managing cookies in your specific browser, refer to your browser's help documentation.

Google Analytics

We use Google Analytics to help us understand how our website is used. Google Analytics collects information such as how often users visit the site, what pages they visit, and what other sites they used prior to arriving. Google Analytics collects only the IP address assigned to you on the date you visit the site, not your name or other identifying information. We do not combine the information collected through Google Analytics with other personally identifiable information. You can opt out of Google Analytics by installing the Google Analytics opt-out browser add-on.

Consistent with APP 7 (Direct Marketing) and the Spam Act 2003 (Cth), we may use your personal information to send you direct marketing communications about our IT services, special offers, or industry updates, only where:

• You have expressly consented to receive such communications; or
• You are an existing client and the communication relates to similar services to those you have already engaged us for, and we provide a clear and conspicuous opt-out mechanism in each communication (inferred consent, in accordance with the Spam Act).

Your Right to Opt Out

You have the right to opt out of receiving direct marketing communications from us at any time. You may exercise this right by:

• Clicking the "Unsubscribe" link included in every marketing email we send
• Emailing us at info@sixvm.com.au with the subject line "Unsubscribe"
• Calling us on 0450 722 596

We will process your opt-out request as soon as practicable and within 5 business days of receipt, consistent with our obligations under the Spam Act 2003 and APP 7.

Please note that opting out of marketing communications does not affect our ability to send you essential service-related communications (e.g. appointment confirmations, invoices, security notices) which are not considered direct marketing.

Electronic Messaging Compliance

All commercial electronic messages (emails, SMS) sent by SixVM will:

• Clearly identify SixVM IT Solutions as the sender
• Include our accurate contact details
• Include a clear and functional unsubscribe mechanism
• Not be sent to email addresses or phone numbers harvested without consent

Under APP 12 (Access to Personal Information) and APP 13 (Correction of Personal Information), you have the right to:

• Request access to the personal information we hold about you
• Request that we correct personal information that is inaccurate, out-of-date, incomplete, irrelevant or misleading

How to Make a Request

To make an access or correction request, please contact our Privacy Officer in writing:

How We Will Respond

• We will respond to your request within 30 days of receipt.
• We may require you to verify your identity before granting access or making corrections.
• Access will generally be provided free of charge; however, if your request requires significant effort, we may charge a reasonable fee and will advise you of this in advance.
• If we refuse access or decline to correct information, we will provide reasons for that decision and information about how to make a complaint.
• If we are unable to correct information as requested, we will associate a statement from you with the relevant record noting the correction you sought.

In some circumstances, access to personal information may be restricted, for example where providing access would pose a serious threat to someone's safety, or where granting access would have an unreasonable impact on the privacy of other individuals.

SixVM complies with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth). We are required to notify the Office of the Australian Information Commissioner (OAIC) and affected individuals if a data breach is likely to result in serious harm to any individuals whose personal information is involved.

What Is a Notifiable Data Breach?

A notifiable data breach occurs when there is:

• Unauthorised access to, or disclosure of, personal information we hold; or
• Loss of personal information that we hold; and
• The breach is likely to result in serious harm to one or more individuals whose personal information was involved.

Our Response Obligations

In the event of a suspected eligible data breach, we will:

• Conduct a prompt assessment of whether a breach has occurred and whether it is likely to result in serious harm
• Take immediate steps to contain the breach and mitigate potential harm
• Notify the OAIC as soon as practicable (and within 30 days of becoming aware of the breach where required)
• Notify affected individuals directly wherever it is reasonably possible to do so
• Provide clear advice on steps individuals can take to protect themselves

If you believe your personal information held by us may have been compromised, please contact us immediately at info@sixvm.com.au or 0450 722 596.

If you believe we have breached the Australian Privacy Principles, the Spam Act 2003, or otherwise mishandled your personal information, you have the right to make a complaint. We take all privacy complaints seriously and will respond promptly and fairly.

Step 1 — Contact Us Directly

In the first instance, please contact our Privacy Officer with details of your complaint:

We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days. If further time is needed, we will inform you of the delay and the expected timeframe for resolution.

Step 2 — Office of the Australian Information Commissioner (OAIC)

If you are not satisfied with our response, or if we fail to respond within a reasonable timeframe, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC):

• Website: www.oaic.gov.au
• Phone: 1300 363 992
• Email: enquiries@oaic.gov.au
• Post: GPO Box 5218, Sydney NSW 2001

For complaints relating to spam or unsolicited commercial electronic messages, you may also contact the Australian Communications and Media Authority (ACMA) at www.acma.gov.au.

Our website and services are not directed at children under the age of 15. We do not knowingly collect personal information from children under 15 without the consent of a parent or guardian. If you believe we have inadvertently collected personal information about a child under 15 without appropriate consent, please contact us immediately and we will take prompt steps to delete such information.

Where our services are engaged by a parent, guardian or educator on behalf of a minor (for example, home IT support), we will handle any related personal information with appropriate care.

We may update this Privacy Policy from time to time to reflect changes in our practices, services or legal obligations. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Post a notice on our website where appropriate
• Notify existing clients by email where the changes are significant

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information. Your continued use of our website or services after any changes take effect constitutes your acceptance of the updated policy.

The current version of this Privacy Policy was last updated on 1 April 2026.

If you have any questions, concerns or requests relating to this Privacy Policy or how SixVM IT Solutions handles your personal information, please contact our Privacy Officer:

We are committed to handling all privacy-related enquiries in a prompt, fair and transparent manner consistent with our obligations under Australian privacy law.