Privacy Policy

Effective date: 1 January 2025

1. About this policy

AMRIX PTY LTD (ABN 20 693 581 029) ("AMRIX", "we", "us", "our") is committed to protecting the privacy of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at amrix.com.au or engage our services.

This policy complies with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). By using our website or engaging our services, you consent to the practices described in this policy.

2. Information we collect

We may collect the following types of personal information:

  • Identity information: name, company name, job title
  • Contact information: email address, phone number, postal address
  • Billing information: invoice details, payment records (payment card data is processed by Stripe and never stored by AMRIX)
  • Service information: details of IT systems, infrastructure, and business requirements you provide during engagements
  • Technical data: IP address, browser type, pages visited, and time spent on our website (collected automatically via analytics)
  • Communications: records of emails, form submissions, and support requests you send to us

We collect personal information only where it is reasonably necessary for our functions and activities. We do not collect sensitive information unless required for a specific service and with your explicit consent.

3. How we use your information

We use your personal information for the following purposes:

  • To respond to enquiries and provide quotes for services
  • To deliver managed IT, Microsoft 365, web development, IT strategy, and cyber security services
  • To issue invoices and process payments
  • To communicate about active engagements, support requests, and service updates
  • To maintain service records and support continuity
  • To comply with legal and regulatory obligations
  • To improve our website and service offerings based on usage patterns

We do not use your information for direct marketing without your consent. We do not sell your personal information to third parties. Ever.

4. Third-party service providers

We use the following trusted third-party services to operate our business. Each provider has their own privacy practices and your data may be processed by them in the course of service delivery:

  • Stripe — Payment processing. Card data is handled directly by Stripe and subject to PCI-DSS compliance. AMRIX does not store payment card numbers. Stripe Privacy Policy: stripe.com/privacy
  • Xero — Accounting and invoicing. Invoice data including name, email, and billing details is stored in Xero. Xero Privacy Policy: xero.com/au/legal/privacy
  • Microsoft 365 — Email, document storage, and internal communications. Data is stored in Microsoft Azure datacentres, which may include datacentres located outside Australia (primarily in Australia East/Southeast regions where available). Microsoft Privacy Statement: microsoft.com/en-au/privacy
  • Cloudflare — Website security, DDoS protection, and Turnstile captcha. Cloudflare processes request metadata including IP addresses. Cloudflare Privacy Policy: cloudflare.com/privacypolicy

We do not disclose your personal information to any other third parties without your consent, except where required by law.

5. Overseas disclosure

AMRIX primarily stores and processes your data within Australia. However, some third-party services (Microsoft Azure, Cloudflare) may process data on infrastructure located outside Australia. These providers operate under binding privacy frameworks and data processing agreements that meet or exceed Australian Privacy Principle 8.1 requirements.

We will not otherwise disclose your personal information to overseas recipients without your consent, unless required by law.

6. Data retention

We retain personal information for as long as necessary to deliver services and meet legal obligations:

  • Financial records (invoices, payment records, billing correspondence): retained for a minimum of 7 years in accordance with Australian taxation and financial reporting obligations
  • Service records and support history: retained for the duration of the engagement and for 3 years following its conclusion
  • Website enquiry data: retained for 2 years from the date of enquiry
  • Technical/analytics data: retained in aggregate form; identifiable data purged after 12 months

When retention periods expire, data is securely deleted or de-identified.

7. Data security

We take reasonable technical and organisational steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. Security measures include:

  • Encrypted communications (TLS/HTTPS) for all web interactions
  • Access controls limiting who can view personal data
  • Multi-factor authentication on internal systems
  • Regular security reviews consistent with our Security+ certified practices

No method of electronic transmission or storage is 100% secure. If you believe a data breach has occurred, please contact us immediately at accounts@amrixgroup.com.au.

8. Cookies and tracking

Our website uses minimal cookies for analytics purposes only. We do not use advertising cookies, third-party tracking pixels, or cookies that profile you for commercial targeting. You may configure your browser to refuse cookies; however, some site features may not function correctly if you do so.

Analytics data is collected in aggregate to understand how visitors use the site and to improve performance. Individual visitor sessions are not sold or shared with third parties.

9. Your rights — access and correction

Under the Australian Privacy Principles, you have the right to:

  • Request access to the personal information we hold about you
  • Request correction of any personal information that is inaccurate, incomplete, or out of date
  • Make a complaint if you believe we have breached the Australian Privacy Principles

To exercise these rights, contact us at accounts@amrixgroup.com.au. We will respond within 30 days. In some circumstances, we may be unable to provide access (for example, where disclosure would be unlawful) — in such cases we will explain why.

10. Privacy complaints

If you have a complaint about how we have handled your personal information, please contact us first:

AMRIX PTY LTD
Email: accounts@amrixgroup.com.au
Address: Sydney NSW 2000, Australia

We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days. If you are not satisfied with our response, you may escalate to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

11. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. Material changes will be notified via the website. The effective date at the top of this page reflects when the current version came into force.