Privacy Policy 2025

Feisty Fox Security Pty Ltd (ACN 667 026 262) is a business registered in Australia (collectively referred to as we, our or us). We respect your privacy and are committed to meeting our privacy obligations (to the extent relevant and applicable) in the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth) (Privacy Act).

This document sets out how we will manage your personal information and is referred to as our Privacy Policy.

References to "you" and "your" in this Privacy Policy refer to individuals about whom we collect personal information directly or through third parties.

In this Privacy Policy you will see the terms 'personal information' and 'sensitive information' used.

These terms have the following meaning:

  • Personal information means information or an opinion about an identified individual or an individual who is reasonably identifiable whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not.
  • Sensitive information is defined in the Privacy Act as including information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.

In this Privacy Policy, and unless otherwise stated, all references to 'personal information' include 'sensitive information'.

Consent

You consent to the collection, process, use, storage and disclosure of your personal information in the manner set out in this Privacy Policy, for the purposes outlined in this Privacy Policy and any other purposes related to those purposes.

You provide this consent by:

  • engaging with us;
  • accessing or using any of the following websites including all the materials displayed on the following websites (which includes this website):
  • feistyfoxsecurity.com
  • purchasing or using our platform, training and any other products and services provided by us (Services); or
  • through any other interactions with us.

We will not use your personal information for any purposes other than the purposes set out in this Privacy Policy and purposes related to that, unless we obtain your prior consent.

Changes to the Privacy Policy

We may amend this Privacy Policy from time to time at our sole discretion.

If we make changes to our Privacy Policy, we will notify you by issuing an updated version of our Privacy Policy on our Website and such changes will be effective immediately.

You agree that such notification will constitute our notice to you of the changes and your continued access or use of the Website, use of the Services or interaction with us following such notice means that you accept and agree to be bound by the updated version of our Privacy Policy.

Personal Information We Collect

Type of personal information collected

The type of personal information that we collect will vary depending on the circumstances, but will typically include:

  • your name, phone contact details, email, address information and other contact details;
  • your social security number, ID number, driver’s license number, profile photo and passport;
  • information about your employer or an organisation that you represent;
  • your professional details;
  • industry that you work in;
  • bank information such as name of financial institution at which you have a bank account, account number, type of account, branch, IBAN and credit / debit card details;
  • tax file numbers;
  • superannuation information; and
  • any additional personal information you provide to us, or authorise us to collect, as part of your interaction with us.

We may also collect personal information about your use of the Website including your:

  • IP address;
  • browser type, version and language;
  • operating system;
  • device name or identification number;
  • location;
  • pages viewed while Browse the Website or Services; and
  • page access times.

We do this by using cookies in accordance with our Cookies Policy.

Who we collect Personal Information from

We may collect personal information about the following:

  • Customers and prospective customers. This information is collected when you enquire about our Services or when you become our customer, a record is made which includes your personal information.
  • Prospective employees or applicants when recruiting, such as your name, contact details, qualifications and work history. Generally, we will collect this information directly from you although we may also collect this information from third parties (for example, from recruitment agencies or referees you have nominated).
  • Website visitors or users when you access, use any features of, or make an enquiry or purchase our Services through the Website.
  • Other individuals who we may collect personal information about such as:
  • customers and members of the public whose personal information are publicly and commercially available on the surface, deep and dark web (including information that can only be accessed through payment or authentication); and
  • our individual service providers and contractors and other individuals who interact with us on a commercial basis.

How we collect Personal Information

Ways we collect personal information. We may collect personal information in a number of ways, including:

  • when you register for the Services or purchase any Services from us;
  • when you correspond with us;
  • when you provide (or update) personal information in connection with our provision of Services to you, or your provision of products or services to us;
  • when you enquire or apply for employment with us;
  • when you access or use our Website;
  • when interact with us electronically or in person;
  • when you access our office or systems; and/or
  • from publicly available information.

Collect information from third parties. We generally collect personal information directly from you. We may also collect personal information about you from other sources, for example:

  • affiliated and related companies;
  • third-party suppliers and contractors (including, for example third party payment gateways providers) who assist us to operate our business and provide the Services;
  • our customers (such as your employer) so we can provide our Services to those customers;
  • companies contracted by us or you to provide products and services (including the Services) to you; and
  • the internet, Social Media / Networking.

We use social networking services and social media such as LinkedIn to communicate with the public. When you interact with us using these services, we may collect your personal information. The social networking service will also handle your personal information for its own purpose, and you should refer to their privacy policy for details.

Collect information automatically.

Personal information may be collected automatically when you access, or use any features or links contained in, the Website. This is because our Website uses cookies and/or other similar technologies. A “cookie” is a small file stored on your computer's browser, which assists in managing customised settings of the Website and delivering content. Most browsers allow you to choose whether to accept cookies or not. You can use the settings in your browser to control how your browser deals with cookies. However, in doing so, you may be unable to access certain pages or content on our Website.

Anonymity and pseudonyms

We will provide individuals with the opportunity of remaining anonymous or using a pseudonym in their dealings with us where it is lawful and practicable (for example, when making a general enquiry).

Generally, it is not practicable for us to deal with individuals anonymously or pseudonymously on an ongoing basis. If we do not collect personal information about you, you may be unable to utilise our Services, access our information or otherwise interact with us.

We may be required or authorised by or under an Australian law, or a court/tribunal order, to only deal with individuals who have identified themselves, in which case you may not be able to deal with us if you choose to remain anonymous or use a pseudonym.

Why we use personal information

Purpose for using your personal information

We understand the importance of data minimisation.

We collect and use your personal information only to the extent reasonably necessary to carry out our business, to assess and manage our customers’ needs, to provide our products and services, and to improve, innovate our products and services. We may also collect and use your personal information to fulfil administrative functions associated with those products and services, for example billing, entering into contracts with you or your employer and/or third parties and managing customer or partner relationships; and to protect the copyright, trademarks or other intellectual property or legal rights and the property or safety of us, the Website, our customers and/or any other third parties.

Although the specific purpose for which we usually collect and use personal information depends on the nature of your interaction with us, to achieve the purposes for which we use your personal information (as specified in this section), our use of your personal information may include, for example:

  • enabling your access to the Website;
  • providing Services;
  • undertaking tasks required for, incidental or otherwise related to the provision of Services;
  • measuring usage and traffic statistics of the Website;
  • receiving and/or accessing information, products or services from third party partners, suppliers or their associate parties (Third Party Providers) for or in relation to the provision of Services;
  • contacting you regarding your use of our Website or Services;
  • contacting you in relation to payment, comments, complaints, enquiries or dispute resolution;
  • collecting payments from you or your employer;
  • providing, developing or improving our Website and Services;
  • verifying your identity;
  • considering you for a job with us (whether as an employee or contractor) or in the context of other relationships with us or as otherwise required as part of an employment process;
  • addressing any issues or complaints that we or you have regarding our relationship;
  • communicating with Third Party Providers with respect to our business, system or the Services;
  • maintaining or optimising publicity;
  • conducting marketing activities, such as sending you marketing communications including messages via mail, email, text message, and social media;
  • for market research purposes and to innovate our delivery of the Services;
  • for statistical analysis purposes (whether for commercial or non-commercial purposes);
  • operating our business or maintaining our products or systems; and
  • maintaining a secure online environment.

Disclosure of personal information

Who we disclose personal information to.

We may disclose your personal information for the purposes described in the "Why we use personal information" section of this Privacy Policy. This includes disclosing your personal information to:

  • our related bodies corporate;
  • our employees and contractors, including employees and contractors of our related bodies;
  • third parties that provide goods and services to us (including Website and data hosting providers, and other suppliers);
  • our accountants, insurers, lawyers, auditors and other professional advisers and agents;
  • payment system operators or providers of payment application and services;
  • credit reporting bodies;
  • any third parties necessary to verify your information (e.g. referees or ID verifiers);
  • third parties that assist with the distribution of marketing messages and the support of such messages;
  • data analytics providers;
  • our Third Party Providers for the purposes in relation to providing the Services to you as a customer or for maintaining their products or systems;
  • in the event that we or our assets are acquired or considered for acquisition by a third party, that third party and its advisors;
  • third parties that require the information for law enforcement or to prevent a serious threat to public safety (including governmental, police authorities and the judiciary);
  • if you are an individual contractor to us or a prospective or current employee, to our related companies and HR related service providers (e.g. for outsourced payroll processing);
  • integrated services providers when we integrate third party services on our Website; or
  • any other third party with your consent.

We may also disclose your personal information if it is required to do so by law or legal process, including:

  • in order to establish, exercise or defend its legal rights (including but not limited to debt recovery, credit rating services, and employment related matters);
  • as required or authorised by law; or
  • to the extent required to permit is to investigate suspected fraud, harassment or other violations of any law, rule or regulation, our policies, or the rights of third parties or any other suspected conduct We deem improper.

If there is a change of control in our business or a sale or transfer of business assets, we may transfer to the extent permissible at law our user databases, together with any personal information and non-personal information contained in those databases. This information may be disclosed to the purchaser under an agreement to maintain confidentiality.

Disclosure outside of Australia

We may disclose your personal information outside of Australia to:

  • our related bodies; or
  • third party service providers whose servers may be located outside Australia including information technology and related infrastructure providers, data hosting, customer relationship management and e-signature software, and accounting or payroll service providers.

We may disclose your personal information to a recipient outside of Australia with your prior consent.

We may also disclose your personal information to a recipient outside of Australia if:

  • we (acting reasonably) believe that the recipient of the information is subject to a law, binding scheme or contract which effectively upholds principles for fair handling of the information that are substantially similar to the Australian Privacy Principles;
  • the transfer is necessary for the performance of a contract between you and us, or for the implementation of pre-contractual measures taken in response to your request;
  • the transfer is necessary for the conclusion or performance of a contract concluded in your interest between us and a third party;
  • all of the following apply:
  • the transfer is for your benefit;
  • it is impracticable to obtain your consent to that transfer; and
  • if it were practicable to obtain such consent, you would be likely to give it; or
  • we have taken reasonable steps to ensure that the information which it has transferred will not be held, used or disclosed by the recipient of the information inconsistently with the APPs.

The locations of recipients outside of Australia to whom we will disclose personal information to are:

  • the United States of America;
  • the United Kingdom; and
  • Europe.

Marketing

We aim to give you a highly personalised experience when using the Website and the Services. In order to do so, we may use or disclose your personal information for the purpose of informing you about our Services, upcoming promotions and events, or other opportunities that may interest you. If you do not want to receive direct marketing communications, you can opt-out at any time by contacting us using the contact details below, or request to unsubscribe from the mailing list by clicking ‘Unsubscribe’ at the bottom of the email. If you opt-out of receiving marketing material from us, we may still contact you in relation to our ongoing relationship with you.

Security and removal of your personal information

Security of your personal information

We will implement and maintain reasonable and appropriate safeguards consistent with accepted industry practices to help keep your personal information reasonably safe. This includes Information and Communication Technology security, access security, internal training programs and data breach response protocols.

Removal of your personal information when no longer needed

We will take commercially reasonable steps to destroy or anonymise or de-identify such information if:

  • we no longer require your personal information for the purpose for which we obtained it or any other legitimate purposes;
  • we are not required to keep your personal information by law, by a court or by a regulator.

if our document retention policies require us to keep your personal information in which case we will not keep your personal information for longer than seven years unless:

  • the law requires us to hold your personal information for a longer period, or delete it sooner;
  • you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law;
  • we bring or defend a legal claim or other proceedings during the period we retain your personal information, in which case we will retain your personal information until those proceedings have concluded and no further appeals are possible; or
  • in limited cases, existing or future law or a court or regulator requires us to keep your personal information for a longer or shorter period.

Notifiable data breaches

The Notifiable Data Breaches (NDB) scheme in Part IIIC of the Privacy Act requires entities to notify affected individuals and the Australian Information Commissioner about any ‘eligible data breaches’. In the event of an ‘eligible data breach’, we will notify the affected individuals and the Commissioner in accordance with our legal obligations under the Privacy Act and our data breach response plan.

Circumstances where we will not be responsible

We are not responsible, and will not be liable, for any unauthorised access, use, modification or disclosure of this information beyond our reasonable control.

You also acknowledge and agree that the transmission of information over the internet is not completely secure, and we cannot guarantee the security of any information transmitted to our Website.

Any transmission is at your own risk, and you should ensure that any payment transactions you make are made in a secure environment.

We recommend that you keep confidential any personal security codes and passwords and take steps to keep such details safe.

Accuracy, access and correction of your personal information

You may access your personal information held by us on request. To request access to your personal information please email our Privacy and Data Protection Officer at info@feistyfoxsecurity.com. We reserve the right to charge a reasonable administration fee for this access. We will use commercially reasonable endeavour to ensure that the personal information we hold about you is accurate. You can help us to do this by letting us know promptly if you notice errors or discrepancies in information we hold about you and letting us know promptly if your personal details change. We may decline your request to access or correct your personal information in certain circumstances in accordance with the APPs. If we do refuse your request, we will provide you with a reason for our decision and, in the case of a request for correction, we will include a statement with your personal information about the requested correction. If we correct personal information about you that we previously disclosed to a third party pursuant to this Privacy Policy who is an APP entity under the Privacy Act, you are entitled to request us to notify such third party of the correction. We will take reasonable steps (if any) to give that notification after receipt of your request unless it is impracticable or unlawful for us to do so.

Complaints

As a valuable customer, if you have any complaints in relation to this Privacy Policy or privacy practice, please feel free to contact us via info@feistyfoxsecurity.com.

A complaint should identify whether it is about:

  • the collection of personal information;
  • the use of personal information;
  • the disclosure of personal information;
  • the security or storage of personal information;
  • the accuracy of personal information;
  • a refusal to give access to or provide about their personal information;
  • a refusal to change or delete personal information; and/or
  • any other issues with respect to our management or protection of your personal information.

We value your opinions and take complaints very seriously. Upon receiving written notice of your complaint about privacy, we will use commercially reasonable endeavour to investigate your compliant and may require additional information from you to confirm your identity or complete our investigation. We will respond in a timely manner to advise you of the outcome. You are invited to respond to this outcome. If a response is received from you, we will assess your response and advise if it has changed the outcome.

If you are unsatisfied with the final outcome, we will advise further options including, if appropriate, making a complaint with the Office of the Australian Information Commissioner.

How to Contact Us

If you would like to access your personal information, have a query in relation to this privacy policy or would like to complain about our handling of your personal information, please contact our Privacy and Data Protection Officer by email at info@feistyfoxsecurity.com or by mail to:

  • Privacy and Data Protection Officer
  • PO Box 1214, Gungahlin, ACT, Australia 2912