Privacy Policy

1 About this Privacy Policy

This is the Privacy Policy of Caznet Pty Ltd (ABN 47 143 897 303) (Caznet, we, us, our).

We are committed to complying with the Australian Privacy Principles (APPs) as set out in the Privacy Act 1988 (Cth). This Privacy Policy explains how we manage the personal information we collect in connection with our business.

2 Our services

We provide business telecommunications services including internet access (NBN, enterprise ethernet and fibre), cloud-based telephone systems (Cloud PBX, SIP Trunks, Microsoft Teams Calling), managed network services, and data centre co-location services.

Some of our services may be used by customers to collect, process or disclose personal information. Our obligations with respect to personal information processed by customers using our services are limited to those imposed on us by applicable law.

3 The kinds of personal information we collect and hold

We collect and hold the following types of personal information:

(a) Prospective customers. We collect contact details and other information provided to us when a person or organisation enquires about our services.

(b) Customers. We collect contact details of our customers and their personnel, together with subscription, plan and service details, support tickets and billing information including payment details.

(c) Services data. In limited circumstances, and where strictly necessary to deliver our services, we may collect data transferred or disclosed by a customer while using our services.

(d) Technical data. We collect technical information about customer networks, devices, systems and support enquiries, including IP addresses, user access logs, server names and addresses, network names, serial numbers, allocated bandwidth, error messages, hostnames, subnet masks, router names and other information about a customer's services and infrastructure.

(e) Officers, employees and contractors. We collect personal information about our officers, employees and contractors including: names, phone numbers, ABNs, residential and business addresses, professional references, employment history, skills and qualifications, police check results, bank account details, tax file numbers, superannuation details, identification documents, medical information and emergency contact details.

(f) Analytics and security data. We collect analytics data such as user location, device information and time spent accessing our services to understand how our services are used. Except where required for security purposes, this data is de-identified and not held in a form that could reasonably be expected to identify an individual.

(g) Communications data. We are required to retain certain data about communications under Part 5-1A of the Telecommunications (Interception and Access) Act 1979 (Cth) (TIA Act). This data is retained for 2 years from the date it is created. Subscriber information is retained for 2 years from the date the relevant account is closed. Data retained under the TIA Act may be disclosed to law enforcement agencies.

4 How we collect and hold personal information

We collect personal information about current and prospective customers in the following ways:

• when a person contacts us with enquiries about our services, whether by email, via our website or by telephone;
• when we exchange business details with customers and prospective customers;
• during the preparation, negotiation and performance of service contracts;
• when information is voluntarily disclosed to us via telephone, email or online forms;
• when customers transfer, disclose or otherwise process personal information using our services, where strictly necessary for our performance of those services; and
• where we are required to intercept or retain data under applicable law.

We collect personal information about our officers, employees and contractors in the following ways:

• when we carry out background checks during recruitment;
• when they respond to or enquire about employment or contractor opportunities, or when we conduct reference checks;
• when we exchange business details;
• during the operation of our business, including through lawful workplace monitoring; and
• when information is otherwise voluntarily provided to us.

We hold personal information in our offices, computer systems and third-party hosting facilities. In particular:

• we use reputable cloud and hosting providers;
• personal information provided by email is held on our servers or those of our cloud-based email providers, which operate restricted-access security protocols;
• we use cloud-based CRM and business platforms to hold information about current and prospective customers;
• personal information is held on computers and devices in our offices and at the premises of our personnel; and
• hard copy personal information is held in secure files and folders.

5 Purposes for which we collect, hold, use and disclose personal information

We collect, hold, use and disclose personal information for the following purposes:

• to enforce our legal rights and comply with our legal obligations;
• to set up and provide services to customers;
• to communicate with customers and prospective customers about our services;
• to issue billing information and notices, and to process payments;
• to provide customers with information about promotions, new products and solutions we make available;
• to handle complaints and support enquiries; and
• to manage our relationships with our officers, employees and contractors.

6 How we secure personal information

We take reasonable steps to protect personal information against loss, unauthorised access, modification, disclosure and other misuse. Our security measures include:

• electronic security measures including anti-virus management and firewalls;
• security audits of our systems to identify and address potential risks;
• physical security measures including access controls, cabinet locks and surveillance in our facilities;
• privacy and confidentiality obligations imposed on all employees, agents and contractors by their employment contracts or contractor agreements;
• password protection and access control procedures applied to our computer systems; and
• secure de-identification or destruction of personal information that we no longer require or are required by law to destroy.

7 Disclosure of personal information

We only disclose personal information to third parties in the following circumstances:

• where disclosure is required to deliver or facilitate the functionality of services that a customer engages us to provide;
• when we engage third-party contractors to assist with hosting, consulting or other professional services. We ensure all contractors are aware of their privacy and information security obligations and are bound by appropriate agreements;
• when engaging third parties to conduct marketing communications or customer satisfaction surveys. All individuals will be given the opportunity to opt out of direct marketing;
• when providing information to our legal, accounting or financial advisers, insurers or debt collectors where required in connection with our business;
• where a person has given written consent to disclosure of their personal information;
• where disclosure is necessary to protect the safety or vital interests of any person;
• for the conduct of proceedings before any court or tribunal;
• where we de-identify personal information for use in research or analytics;
• in the event of a merger, sale of assets, restructure or similar corporate event, where collected information may be transferred to the relevant surviving or acquiring entity; and
• where we are required to disclose information in response to lawful requests from government or law enforcement authorities, or where otherwise required by law.

We do not sell or rent personal information to any third party.

8 Interacting with us anonymously

You can browse our public website without providing personal information. However, when you submit an enquiry form or enter into a service contract with us, we need to collect personal information for identification purposes and to provide our services.

You may contact us using a pseudonym when making initial enquiries about our services, though we will need your identity confirmed before we can provision a service.

9 Offshore disclosure

We may hold personal information on servers located in Australia and overseas, including in the United States. We may disclose personal information to offshore service providers who assist us with operating our business and delivering our services.

We take reasonable steps to ensure that any overseas recipients handle personal information in a manner consistent with the Australian Privacy Principles.

10 How to access and correct personal information held by us

Subject to verification of your identity, you may contact us to access or request correction of personal information that we hold about you. We will handle all such requests in accordance with our obligations under the Privacy Act.

We may charge a reasonable fee for providing access to personal information, except where doing so would be contrary to applicable law.

11 Retention and de-identification of personal information

Where we no longer require personal information for the purpose for which it was collected, and we are not required by law to retain it, we will take reasonable steps to de-identify or securely destroy that information.

Billing and account records are generally retained for a minimum of 7 years. Communications data retained under the TIA Act is held for the periods specified in that legislation.

12 Opt-out for direct marketing

You may opt out of the use of your personal information for direct marketing at any time by contacting us or by clicking the "Unsubscribe" link in any of our marketing emails. Please allow a reasonable time for your request to be processed.

If you are an existing customer, you cannot opt out of receiving transactional communications related to your active services.

13 Contact details

To contact us about this Privacy Policy, to access or correct personal information we hold about you, or to make a privacy complaint, please reach out to our Privacy Representative:

We will use our best endeavours to resolve any privacy complaint within a reasonable timeframe, working with you to reach an appropriate outcome.

If you are not satisfied with the outcome of your complaint, or you wish to raise a complaint about a breach of the Australian Privacy Principles, you may refer the matter to the Office of the Australian Information Commissioner: