Exploit Security Pty Ltd is committed to providing quality services to you and this policy outlines our ongoing obligations to you in respect of how we manage your Personal Information.
We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The NPPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information.
A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at www.aoic.gov.au.
Personal Information Collection
Information we collect
We may collect personal information from individuals or organizations during the course of providing our penetration testing services, through our website, or other communication channels. The types of personal information we may collect include, but are not limited to:
Name, contact information (email address, phone number, address), and job title.
Payment information, such as credit card details, if applicable.
Technical information (IP address, browser type, device information) collected automatically when you visit our website.
As a penetration testing company, we may receive sensitive information about your organization's systems, networks, and infrastructure during the assessment process. We consider all the data we collect, including technical details and system configurations, as sensitive and handle it with the utmost care.
Data Use and Purpose
We use personal information and sensitive data to conduct our penetration testing services and deliver the agreed-upon assessments to our clients. The data collected during the engagement is used solely for the purpose of identifying vulnerabilities and providing detailed reports and recommendations.
We may use your contact information to communicate with you regarding the assessment process, share progress updates, and address any inquiries or concerns.
We may use and disclose personal information when required to comply with applicable laws, regulations, or legal proceedings.
Confidentiality and Access Control
We maintain strict access controls to limit access to personal information and sensitive data. Only authorized personnel directly involved in the assessment process are granted access to such data.
We utilize industry-standard encryption protocols to secure data during transmission and storage.
Third Party Security
We carefully select and vet third-party service providers who may handle personal information during the course of delivering our services. These providers must adhere to strict data security standards and contractual obligations to protect your information.
We do not sell, trade, or rent personal information to third parties. We may share personal information with trusted third-party service providers involved in the assessment process to facilitate the delivery of our services. These third parties are bound by contractual obligations to maintain the confidentiality and security of the data.
We may disclose personal information if required by law or in response to valid legal requests from governmental authorities or law enforcement agencies.
You have the right to access, correct, or request the deletion of your personal information that we hold. If you wish to exercise any of these rights or have questions about your data's processing, please contact us using the information provided below.