Privacy Policy

How we handle your information.

Last updated: 25 April 2026 Version 1.0 (draft)
Draft content — pending legal review. This document is currently in draft and has not yet been reviewed by a qualified Australian solicitor. It is provided in good faith to describe our current practices, but should not be treated as a final or legally binding statement. For questions, contact 1300 625 536.

01Who we are

This Privacy Policy applies to personal information handled by Mallen Services Pty. Ltd. (ABN 66 630 719 970), operator of the website mallen.com.au and provider of electronic security and IT services. In this policy, "we", "us" and "our" refer to Mallen Services.

We take privacy seriously and handle personal information in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth).

02What information we collect

We collect personal information when you interact with us, including when you:

  • Submit a contact form, support ticket, or rate calculator registration on our website
  • Call us or send us a message
  • Engage our services as a client, or as the representative of a client organisation
  • Interact with systems we monitor on behalf of a client (for example, logging into a device that we monitor)

The categories of personal information we may collect include:

  • Contact information: name, email address, phone number, company or site name, job title
  • Service information: details of your site, devices, issues reported, and support history
  • Technical information: IP addresses, device hostnames, and device status information from systems we monitor for our clients
  • Account information: records of services provided, invoices, and correspondence

We do not knowingly collect sensitive information (as defined under the Privacy Act) through our website forms. We do not collect information from children under 16.

03How we use your information

We use personal information for the following purposes:

  • Responding to your enquiries, support tickets, and service requests
  • Providing and administering our services, including monitoring, maintenance, billing, and reporting
  • Communicating with you about services we provide or that you have enquired about
  • Complying with our legal and regulatory obligations, including those under our Master Security Licence
  • Maintaining our internal records and improving our services

We do not use your information for automated decision-making or profiling that produces legal or similarly significant effects.

04Where your information is stored

Personal information we collect through the website is processed and stored in the following systems:

Microsoft Dynamics 365
Our customer relationship management and field service platform. Hosted by Microsoft in Australian data centres. Used to store contact records, support cases, opportunities, and service history.
Microsoft Power Automate
Used to route form submissions from the website into Dynamics 365.
Microsoft Teams
Used for internal notifications when forms are submitted.
SyncroMSP
Used for remote monitoring and management of endpoints on client sites. Stores device status, limited diagnostic information, and ticket correspondence.
Zabbix (self-hosted)
Used for network and infrastructure monitoring. Stores device status and performance metrics.

We have assessed these services and are satisfied they provide appropriate protections. Microsoft is certified under international security standards including ISO 27001, ISO 27018, and SOC 2.

05Who we share information with

We do not sell personal information. We may share personal information in limited circumstances:

  • Service providers: the platforms listed in section 04, acting as data processors on our behalf under contractual obligations
  • Legal and regulatory obligations: where we are required by law to disclose information, including under our Master Security Licence obligations
  • Business transfers: if Mallen Services is sold or merged, information may be transferred to the acquiring entity, subject to continued application of this policy
  • With your consent: where you have specifically authorised us to share information with a third party

We do not transfer personal information overseas other than incidentally through our use of Microsoft services, which are primarily hosted in Australia.

06How long we keep information

We retain personal information only for as long as necessary to fulfil the purposes described in this policy, or as required by law. Specific retention periods:

  • Client service records: seven years after the end of the client relationship, consistent with Australian commercial record-keeping requirements
  • Enquiries from prospects who do not become clients: typically two years, after which the record is archived or deleted
  • Support ticket content: retained for the life of the client relationship plus seven years, for historical troubleshooting and audit purposes
  • Website webhook logs and rate-limit records: retained for 90 days maximum

07Your rights

Under Australian privacy law, you have rights in relation to personal information we hold about you, including the right to:

  • Request access to the personal information we hold about you
  • Request correction of information that is inaccurate, out of date, incomplete, or misleading
  • Request deletion of your information (subject to our legal obligations to retain certain records)
  • Opt out of direct marketing communications (though we do not currently conduct direct marketing campaigns through the website)
  • Make a complaint about our handling of your personal information

To exercise any of these rights, contact us using the details in section 10 below. We will respond to access and correction requests within 30 days.

08Cookies & tracking

This website does not currently use tracking cookies or any third-party analytics. We plan to introduce Google Analytics in the future to help us understand how visitors use the website. When Google Analytics is introduced, we will update this policy to include:

  • The specific data Google Analytics collects (typically limited to anonymised usage patterns: pages visited, time on site, rough geographic location, device type)
  • How to opt out, both through our own cookie controls and through Google's opt-out tools

The website does use essential functional storage (such as remembering your rate calculator session) for features you have explicitly initiated. This information does not leave your browser.

09Security of your information

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure. These steps include:

  • Encrypted connections (HTTPS) for all website traffic
  • Microsoft 365 multi-factor authentication for all staff accessing client data
  • HMAC-signed webhooks between website forms and Power Automate, to prevent tampering
  • Rate limiting and honeypot protections on public forms
  • Regular review of access permissions

No method of transmission or storage is completely secure. If we become aware of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner in accordance with the Notifiable Data Breaches scheme.

10Contact & complaints

To make a privacy enquiry, access request, correction request, or complaint, contact:

The Privacy Officer
Mallen Services Pty. Ltd.
Phone: 1300 625 536
Web: mallen.com.au/#contact

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or 1300 363 992.

11Changes to this policy

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Substantive changes will be communicated to active clients via email or a notice on the website. You should review this policy periodically to stay informed of how we handle your information.

Mallen Services Pty. Ltd. · ABN 66 630 719 970 · Master Security Licence 000105997 (NSW)