Privacy Policy

The Virtual IT Department Pty Ltd is committed to providing quality services to you and this policy outlines our ongoing obligations to you in respect of how we manage your Personal Information. We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The NPPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information. A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at

Our Commitment

We are committed to protecting your privacy. We have been certified ISO27001/2022, which is an international standard for information security management. This means that we have implemented rigorous controls to protect your personal information, including:

  • Physical security: We have implemented physical security measures to protect our systems and data, such as access control, video surveillance, and fire suppression systems.
  • Information security: We have implemented technical and organisational security measures to protect our systems and data, such as firewalls, intrusion detection systems, and data encryption.
  • Risk management: We have a process for identifying, assessing, and mitigating risks to our information security.
  • Compliance: We are committed to complying with all applicable data privacy laws and regulations.

The new controls added in ISO 27001/2022 include:

Risk assessment: The new standard requires organisations to conduct a risk assessment to identify and assess the risks to their information security.

Threat modelling: The new standard requires organisations to perform threat modelling to identify and mitigate the threats to their information security.

Privacy impact assessment: The new standard requires organisations to conduct a privacy impact assessment for any project or activity that could impact the privacy of individuals.

Data protection by design and default: The new standard requires organisations to implement data protection measures by design and default.

Data minimisation: The new standard requires organisations to minimise the amount of personal data they collect and process.

You can view and confirm our certification via the JASANZ register:

What is personal information and why do we collect it?

Personal Information is information or an opinion that identifies an individual.  This Personal Information is obtained in many ways including interviews, correspondence, by telephone and facsimile, by email, via our website, from your website, from media and publications, from other publicly available sources, from cookies and from third parties. We don’t guarantee website links or policy of authorised third parties. We collect your Personal Information for the primary purpose of providing our services to you, providing information to our clients and marketing. We may also use your Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure. You may unsubscribe from our mailing/marketing lists at any time by contacting us in writing. When we collect Personal Information we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.  We will hold personal information for no longer than necessary to achieve the relevant purposes set out in this Privacy Policy.

Sensitive Information

Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information. 

Sensitive information will be used by us only:
• For the primary purpose for which it was obtained
• For a secondary purpose that is directly related to the primary purpose
• With your consent; or where required or authorised by law.

Third Parties

Where reasonable and practicable to do so, we will collect your Personal Information only from you. However, in some circumstances we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.

Disclosure of Personal Information

Your Personal Information may be disclosed in a number of circumstances including the following:
• Third parties where you consent to the use or disclosure; and
• Where required or authorised by law.

Security of Personal Information

Your Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorized access, modification or disclosure.  It may be stored at our offices and in other facilities that we own or license from third parties, like data centres.  We implement generally accepted standards of technology and operational security to protect personal information from loss, misuse, or unauthorised alteration or destruction.  We will notify you as required by data protection legislation in the event of any breach of your personal data which might expose you to serious risk.

Access to your Personal Information

You may access the Personal Information we hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access your Personal Information, please contact us in writing. The Virtual IT Department Pty Ltd will not charge any fee for your access request, but may charge an administrative fee for providing a copy of your Personal Information. In order to protect your Personal Information we may require identification from you before releasing the requested information.

Maintaining the quality of your Personal Information

It is an important to us that your Personal Information is up to date. We will take reasonable steps to make sure that your Personal Information is accurate, complete and up-to-date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.

Policy Updates

This Policy may change from time to time and is available on our website.

If you have any queries or complaints about our Privacy Policy please contact us at:

The Virtual IT Department PtyLtd
Suite 6, Level 3, C307, 175 Maroondah Hwy, Ringwood, Victoria 3134
Telephone: 1300 10 10 40

Subscribe to our newsletter for great monthly business resources.
Join Us!