Last updated: 28 May 2026
Purpose
Cybernion Pty Ltd ABN 67 664 957 519 is committed to protecting personal information and handling it in a lawful, fair and transparent way.
This Privacy Policy explains how Cybernion collects, uses, holds and discloses personal information through our website, client engagements, business development activities, supplier relationships, events, training, recruitment and general business operations.
This policy applies to personal information handled by Cybernion. It does not replace any confidentiality, security, data handling or contractual obligations agreed separately with clients.
Who we are
Cybernion is an Australian cybersecurity consultancy providing security advisory, assurance, governance, risk, compliance, IRAP readiness, IRAP assessment support, ISO 27001, ISO 42001, Essential Eight, SOC 2, penetration testing and related services.
For privacy enquiries, contact us at:
Personal information we collect
The personal information we collect depends on how you interact with us.
We may collect your name, role, organisation, email address, phone number, business address, enquiry details, meeting notes, proposal information, billing details and other information you choose to provide.
For client engagements, we may collect business contact details, project information, stakeholder details, system owner details, supplier contact details, evidence ownership information, interview notes and information contained in documents shared with us.
For suppliers, partners and subcontractors, we may collect business contact details, professional credentials, insurance details, contract details, payment information and information needed to assess capability, availability and suitability.
For events, training or speaking engagements, we may collect registration details, attendance information, contact details and communications relating to the event.
For recruitment or contractor engagement, we may collect information such as your resume, employment history, qualifications, professional memberships, references, identity information, work rights, security clearance information and background screening information where relevant and lawful.
We do not intentionally collect sensitive information unless it is reasonably required for a specific purpose, you have provided consent, or collection is otherwise permitted by law.
How we collect personal information
We may collect personal information directly from you when you contact us, complete a website form, email us, speak with us, attend a meeting, request a proposal, engage our services, subscribe to updates, attend an event, apply for a role or otherwise interact with Cybernion.
We may also collect personal information from your organisation, your authorised representatives, clients, suppliers, business partners, publicly available sources, professional networks, government or procurement platforms, and third-party service providers where relevant to our work.
Where clients provide documents, evidence or system information to Cybernion, those materials may contain personal information about staff, contractors, suppliers, customers or other stakeholders. Clients are responsible for ensuring they have authority to provide that information to Cybernion.
Why we use personal information
We use personal information to operate Cybernion and deliver our services.
This may include responding to enquiries, preparing proposals, entering into contracts, delivering client engagements, conducting security assurance activities, preparing reports, managing projects, communicating with stakeholders, issuing invoices, managing suppliers and subcontractors, supporting procurement processes, improving our services, maintaining business records and meeting legal or regulatory obligations.
We may also use personal information to send relevant business updates, service information or event communications. You can opt out of marketing communications at any time.
We do not sell personal information.
Client engagement information
During security advisory, assurance, audit readiness, IRAP readiness, ISO 27001, ISO 42001, Essential Eight, SOC 2, penetration testing or related work, Cybernion may receive information about systems, suppliers, users, administrators, project teams, evidence owners and control responsibilities.
We handle this information carefully and use it only for the agreed engagement purpose, related quality assurance, legal compliance, record keeping and legitimate business purposes.
Where engagement materials contain confidential, sensitive, classified or security-relevant information, additional contractual, security or handling requirements may apply.
Disclosure of personal information
We may disclose personal information where reasonably required for our business operations or service delivery.
This may include disclosure to clients, authorised client representatives, subcontractors, consultants, professional advisers, insurers, auditors, payment providers, IT and cloud service providers, document storage providers, email and collaboration platforms, accounting systems, legal advisers, government agencies, procurement platforms and regulators where required or permitted by law.
We may also disclose information where you have consented, where disclosure is necessary to protect our legal rights, where required to investigate or respond to security incidents, or where required to comply with a court order, legal obligation or regulatory requirement.
Subcontractors or delivery partners engaged by Cybernion are expected to handle information in accordance with appropriate confidentiality, security and privacy obligations.
Overseas disclosure
Cybernion may use cloud, email, collaboration, storage, security, accounting, payment, analytics or business systems that store or process information in Australia or overseas.
The countries where information may be processed depend on the service provider, hosting arrangement and engagement requirements, and may change over time.
Where we disclose personal information overseas, we take reasonable steps to ensure appropriate privacy, confidentiality and security protections are in place.
Website, cookies and analytics
When you visit our website, we may collect information such as your IP address, browser type, device information, pages visited, referral source, time spent on pages and general usage information.
Our website may use cookies, analytics tools and similar technologies to operate the site, understand visitor behaviour, improve performance and support basic security monitoring.
You can manage or disable cookies through your browser settings. Some website features may not work properly if cookies are disabled.
Security of personal information
Cybernion takes reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure.
These steps may include access controls, multi-factor authentication, secure storage, encryption where appropriate, least privilege access, confidentiality obligations, secure document handling, supplier due diligence and internal security practices.
No method of transmission or storage is completely secure. If we become aware of a data breach involving personal information, we will assess and respond to it in accordance with applicable legal obligations.
Retention and disposal
We retain personal information for as long as reasonably required for the purpose for which it was collected, including service delivery, legal, contractual, insurance, accounting, audit, dispute resolution and business record requirements.
When personal information is no longer required, we take reasonable steps to destroy, delete or de-identify it, unless we are required or permitted to retain it.
Access and correction
You may request access to personal information we hold about you.
You may also ask us to correct personal information if you believe it is inaccurate, out of date, incomplete, irrelevant or misleading.
We may need to verify your identity before responding. In some cases, we may refuse access or correction where permitted by law. If we refuse a request, we will provide reasons where appropriate.
Privacy complaints
If you have a privacy concern or complaint, please contact us first so we can review and respond.
Contact: info@cybernion.com
Please include enough information for us to understand the issue and respond appropriately.
We will aim to acknowledge your complaint within a reasonable time and work with you to resolve it. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner.
Anonymity and pseudonymity
Where practical, you may interact with Cybernion anonymously or using a pseudonym.
However, this may not be practical where we need to respond to an enquiry, prepare a proposal, deliver services, verify identity, meet contractual obligations, process payments or comply with legal requirements.
Third-party websites
Our website may contain links to third-party websites, platforms or services.
Cybernion is not responsible for the privacy practices, security or content of third-party websites. You should review the privacy policies of those third parties before providing personal information to them.
Changes to this policy
We may update this Privacy Policy from time to time to reflect changes to our business, services, legal obligations or privacy practices.
The updated version will be published on our website with the revised date.
Contact us
For privacy enquiries, access or correction requests, or complaints, contact:
Cybernion Pty Ltd
Email: info@cybernion.com
Website: cybernion.com.au
