Privacy Policy

01 About this Privacy Policy

Effective date: 29 April 2026 | Last updated: 29 April 2026

In this Privacy Policy, "BusinessOps," "we," "us," and "our" means [insert legal entity name], trading as BusinessOps, ABN [insert ABN], located in New South Wales, Australia.

BusinessOps, accessible at businessops.com.au, respects your privacy and is committed to handling personal information responsibly, transparently, and in accordance with applicable Australian privacy laws, including the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This Privacy Policy explains how we collect, use, store, disclose, and protect personal information when you interact with our website, services, digital tools, communications, forms, marketing materials, artificial intelligence-enabled workflows, and related business operations.

This Privacy Policy explains how we handle personal information. Where we rely on consent to collect, use, or disclose personal information, we will seek that consent where required by law or where appropriate in the circumstances. Otherwise, we handle personal information where reasonably necessary for our business activities, to provide our services, or as otherwise permitted by law.

If you have questions about how we handle your personal information, please contact us using the details in section 22.

02 Important Notice

We take reasonable care to protect personal information and operate our website and services responsibly. However, no website, online platform, email system, cloud service, AI tool, or internet transmission is completely secure or error-free.

To the maximum extent permitted by law, we do not guarantee that our website, systems, third-party tools, or digital communications will always be secure, uninterrupted, confidential, accurate, complete, or free from unauthorised access. Users provide information and use our website and services at their own discretion and risk, subject always to rights and protections that cannot be excluded under Australian law.

Nothing in this Privacy Policy limits any rights you may have under the Privacy Act, the Australian Consumer Law, or other laws that cannot lawfully be excluded.

03 What Personal Information We Collect

The types of personal information we may collect depend on how you interact with us. This may include:

• your name;
• business name, role, or job title;
• email address;
• phone number;
• billing or payment-related details;
• enquiry details submitted through website forms;
• project details, business requirements, or service preferences;
• documents, files, images, screenshots, or materials you choose to provide;
• communication history with us;
• IP address, browser type, device information, website usage data, cookies, and analytics information;
• information collected through booking tools, contact forms, CRM systems, email platforms, AI-enabled tools, or other third-party services we use.

We generally do not intend to collect sensitive information unless it is reasonably necessary for a specific purpose and you have consented, or the collection is otherwise permitted by law. Sensitive information may include health information, racial or ethnic origin, political opinions, religious beliefs, biometric information, or other categories recognised under Australian privacy law.

04 How We Collect Personal Information

We may collect personal information when you:

• visit or browse our website;
• submit an enquiry or contact form;
• email, call, message, or otherwise communicate with us;
• request a quote, proposal, consultation, or service;
• subscribe to updates, newsletters, or marketing communications;
• engage us to provide services;
• provide files, documents, screenshots, project briefs, or business information;
• interact with our social media pages, advertisements, or digital content;
• use website cookies, analytics, embedded forms, or third-party integrations.

We may also collect information from publicly available sources, referrals, business directories, social media platforms, professional platforms, analytics providers, advertising platforms, CRM systems, and other third-party service providers where lawful and appropriate.

Collection notices (APP 5): Where required by law, we will notify you of the key matters relating to the collection of your personal information at or before the time we collect it, or as soon as practicable afterwards. This may occur through website forms, engagement letters, email footers, or other appropriate mechanisms.

05 Why We Collect and Use Personal Information

We may collect, hold, use, and disclose personal information for purposes including:

• responding to enquiries;
• providing quotes, proposals, consultations, or services;
• managing client relationships;
• processing payments, invoices, and administrative records;
• operating, maintaining, and improving our website;
• managing bookings, communications, workflows, and customer support;
• conducting business analysis, reporting, quality assurance, and internal administration;
• personalising website content or user experience;
• sending service updates, marketing materials, or relevant business communications;
• improving our services through automation, AI-enabled tools, and internal process optimisation;
• detecting, preventing, or responding to security issues, fraud, misuse, or unlawful activity;
• complying with legal, tax, accounting, regulatory, insurance, and dispute-resolution obligations.

We will not use your personal information for materially unrelated purposes unless we have your consent or are permitted or required to do so by law.

06 Use of Artificial Intelligence and Automation

BusinessOps may use artificial intelligence, automation, machine learning tools, or AI-assisted software to support business operations, including:

• drafting or improving communications;
• organising enquiries or project information;
• summarising documents or client instructions;
• improving workflows and internal efficiency;
• website support, chat, analytics, or customer experience;
• quality assurance, research, or administrative assistance.

Our current use of AI tools is limited to operational support functions. We do not use automated computer programs to make decisions about individuals that would significantly affect their legal rights or interests (such as automated eligibility decisions, approvals, or denials). Where this changes, we will update this Privacy Policy accordingly.

We do not intentionally use client materials, user-submitted content, or personal information to train public or third-party AI models unless this has been clearly disclosed and we have obtained any required consent or contractual permission. Where third-party AI tools are used, we take reasonable steps to use privacy-preserving, enterprise, opt-out, or no-training settings where available.

Where AI tools are used, we take reasonable steps to avoid unnecessary disclosure of personal information. However, some AI-enabled tools may process information through third-party platforms, including cloud-based systems that may operate outside Australia.

You should avoid submitting unnecessary sensitive, confidential, financial, legal, medical, or highly personal information unless specifically requested and appropriate for the service being provided.

AI-generated outputs may contain errors, omissions, assumptions, or inaccuracies. We may review AI-assisted outputs where appropriate, but we do not guarantee that AI-generated or AI-assisted content is complete, accurate, suitable, or free from error. You remain responsible for reviewing and verifying any information, recommendation, document, or output before relying on it, unless otherwise agreed in writing.

Upcoming obligation (10 December 2026): From 10 December 2026, amendments to APP 1 will require organisations to disclose in their privacy policy the types of personal information used in automated decision-making and the types of decisions significantly affecting individuals made automatically. We will update this Policy before that date if our practices change.

07 Cookies, Analytics, and Tracking Technologies

Our website may use cookies, pixels, analytics tools, and similar technologies to:

• improve website functionality;
• remember user preferences;
• understand website traffic and visitor behaviour;
• measure marketing performance;
• improve content, design, and services;
• support security and spam prevention.

These technologies may collect information such as IP address, browser type, device type, pages visited, time spent on pages, referral sources, approximate location, and user interactions. Third-party analytics tools we currently use may include services such as Google Analytics. These tools have their own privacy policies and may transfer data outside Australia.

You can usually manage or disable cookies through your browser settings. However, some parts of the website may not function properly if cookies are disabled. Our website may display a cookie notice that allows you to control your preferences.

08 Marketing Communications

We will only send commercial electronic messages where we have consent or are otherwise permitted by law, including under the Spam Act 2003 (Cth). Our marketing communications will identify BusinessOps as the sender, include our contact details, and provide a functional unsubscribe mechanism.

You may opt out of marketing communications at any time by:

• using the unsubscribe link included in each marketing email;
• contacting us directly using the details in section 22;
• following the opt-out instructions in the relevant communication.

We will process opt-out requests within 5 business days, in accordance with the Spam Act 2003 (Cth).

Even if you opt out of marketing, we may still send you non-marketing communications, such as service updates, invoices, administrative notices, legal notices, or security-related messages.

09 Disclosure of Personal Information

We may disclose personal information to:

• employees, contractors, consultants, and service providers;
• IT, hosting, website, CRM, email, cloud storage, analytics, marketing, payment, bookkeeping, automation, or AI software providers;
• professional advisers, including accountants, lawyers, insurers, and auditors;
• business partners or subcontractors where necessary to provide services;
• regulatory bodies, government agencies, courts, tribunals, or law enforcement where required or authorised by law;
• parties involved in a business sale, restructure, merger, acquisition, or transfer of assets;
• any other person or organisation with your consent.

We take reasonable steps to ensure that third parties handle personal information appropriately and consistently with the APPs. However, to the maximum extent permitted by law, we are not responsible for the privacy, security, accuracy, or practices of third-party websites, platforms, software providers, or external services that we do not control.

We do not sell personal information to advertisers, data brokers, or other third parties.

10 Overseas Disclosure

Some of the third-party tools and service providers we use may store, access, process, or transfer information outside Australia. This may include providers located in countries such as the United States, United Kingdom, European Union, Canada, Singapore, New Zealand, the Philippines, or other jurisdictions, depending on the systems we use from time to time.

Where we disclose personal information to overseas recipients, we remain accountable for ensuring those recipients handle personal information in a manner consistent with the APPs, to the extent required under APP 8. We take reasonable steps to satisfy ourselves that overseas recipients have appropriate privacy and security practices in place before disclosure.

Personal information may be processed through overseas systems where reasonably necessary for our business operations. This does not affect our obligation to handle personal information in accordance with applicable Australian privacy laws.

11 Storage and Security

We may store personal information in electronic systems, cloud platforms, email accounts, CRM systems, document management systems, databases, backup systems, and, where necessary, physical records.

We take reasonable steps — both technical and organisational — to protect personal information from misuse, interference, loss, unauthorised access, modification, and disclosure. These steps may include:

• access controls and password protection on systems holding personal information;
• use of reputable, secure cloud and SaaS providers;
• staff and contractor confidentiality obligations;
• data minimisation practices;
• administrative safeguards and periodic review of our security practices.

However, no method of storage, transmission, or digital processing is completely secure. To the maximum extent permitted by law, we are not liable for unauthorised access, cyber incidents, data loss, corruption, service interruption, or third-party misuse where we have taken reasonable care and the incident is beyond our reasonable control.

12 Data Retention

We retain personal information for as long as reasonably necessary for the purposes for which it was collected, including to provide services, maintain business records, comply with legal and accounting obligations, resolve disputes, enforce agreements, and manage legitimate business interests.

As a general guide, financial, tax, accounting, corporate, client, and administrative records may be retained for at least 5 years, or longer where required by law, contract, insurance, dispute-resolution, professional, or legitimate business requirements. Some records may be retained for 7 years or longer depending on the type of record and applicable legal obligations.

When personal information is no longer required, we will take reasonable steps to destroy, delete, anonymise, or de-identify it, unless we are required or permitted by law to retain it.

13 Access, Correction, and Deletion

You may request access to personal information we hold about you. You may also ask us to correct personal information if you believe it is inaccurate, incomplete, out of date, irrelevant, or misleading.

We will respond to access and correction requests within 30 days of receiving a valid request. We may need to verify your identity before responding.

In some cases, we may refuse access or correction where permitted by law, including where giving access would affect another person's privacy, reveal confidential commercial information, be unlawful, or be unreasonable in the circumstances. If we refuse, we will provide written reasons.

We do not currently charge a fee for processing access requests. If this changes, we will provide advance notice of any fee before processing your request.

You may also contact us to request deletion of personal information or to withdraw consent where we rely on consent. We will consider and respond to such requests in accordance with applicable law and our legal, contractual, record-keeping, and legitimate business obligations.

To make any of these requests, contact us using the details in section 22.

14 Anonymity and Pseudonymity

Where lawful and practical, you may interact with us anonymously or using a pseudonym. However, in many cases, we may need your real details to respond to enquiries, provide services, process payments, verify identity, meet legal obligations, or communicate effectively.

15 Third-Party Links and External Websites

Our website may contain links to third-party websites, platforms, social media pages, tools, plugins, or embedded content.

We do not control third-party websites or services and are not responsible for their privacy policies, security practices, content, accuracy, availability, or handling of personal information. You should review the privacy policies and terms of any third-party website or platform before using them or providing personal information.

16 Client-Provided Materials and Third-Party Information

If you provide us with personal information about another person, you warrant that you have the authority or consent to do so and that the information is accurate, lawful, and appropriate for the purpose for which it is provided.

You are responsible for ensuring that any documents, files, data, or materials you provide to us do not unlawfully infringe the privacy, confidentiality, intellectual property, or legal rights of any third party.

Where we handle personal information contained in client-provided documents, files, systems, exports, screenshots, workflows, databases, or other materials, we generally process that information for the purpose of providing services to the relevant client and in accordance with our agreement with that client. The client is responsible for ensuring that it has provided any required notices, obtained any required consents, and has a lawful basis to provide that information to us, unless we have expressly agreed otherwise in writing.

17 Accuracy of Information

We rely on the information provided to us by users, clients, third parties, and automated systems. While we take reasonable care, we do not independently verify all information provided to us.

You are responsible for ensuring that the personal information you provide is accurate, complete, and up to date. We are not responsible for errors, delays, losses, or issues caused by inaccurate, incomplete, outdated, or misleading information supplied to us.

18 Notifiable Data Breaches

Where required by the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth), we will assess suspected eligible data breaches and take appropriate action. This includes notifying affected individuals and the Office of the Australian Information Commissioner (OAIC) as soon as practicable where an eligible data breach is identified.

An eligible data breach occurs where there is unauthorised access to, or disclosure of, personal information (or loss of personal information where unauthorised access or disclosure is likely), and a reasonable person would conclude this is likely to result in serious harm to individuals whose information is involved.

19 Individual Rights and Remedies

Nothing in this Privacy Policy limits any rights or remedies that individuals may have under applicable privacy laws, including any rights that cannot lawfully be excluded. Australian privacy law may provide individuals with additional rights or remedies for serious invasions of privacy, including under the statutory tort that commenced on 10 June 2025.

20 Complaints

If you have concerns about how we handle your personal information, please contact us first so we can try to resolve the issue. Please include:

• your name and contact details;
• details of your concern;
• any relevant documents or correspondence.

We will acknowledge your complaint within 5 business days and aim to provide a substantive response within 30 days of receiving your complaint. If more time is required, we will advise you of the expected timeframe.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC):

• Website: www.oaic.gov.au
• Phone: 1300 363 992
• Post: GPO Box 5218, Sydney NSW 2001

You may also have the right to bring a direct legal claim for a serious invasion of privacy, as described in section 19.

21 Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our business, website, technology, legal obligations, AI tools, or privacy practices — including to accommodate new obligations as Australian privacy law continues to evolve.

The updated version will be published on our website with a revised "Last updated" date. For material changes, we may take additional steps to notify affected individuals. Your continued use of our website or services after changes are published indicates your acceptance of the updated Privacy Policy.

22 Contact Us