Effective Date: [Date]
Last Updated: [Date]

1. About This Privacy Policy

This Privacy Policy explains how FNQ Virtual Support ("we," "us," "our," or "the Company") collects, uses, stores, and protects your personal information in accordance with Australian privacy laws, including the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

We are committed to protecting your privacy and handling your personal information in an open and transparent manner.

 

Contact Information

Business Name: FNQ Virtual Support
ABN: [Insert ABN]
Address: [Insert Business Address], Cairns, Queensland, Australia
Email: [Insert Email Address]
Phone: [Insert Phone Number]
Website: [Insert Website URL]

​

2. What Personal Information We Collect

We may collect the following types of personal information from you:

​

Personal Information

• Full name and contact details (address, phone number, email address)

• Date of birth and age

• Business information (company name, ABN, role/position)

• Payment and billing information (credit card details, bank account information)

• Communication records (emails, phone calls, meeting notes)

• Website usage information (IP address, browser type, pages visited)

• Location data (if you enable location services)

• Photos and videos (if provided for business purposes)

​

Sensitive Information

We may collect sensitive information only with your express consent or where otherwise permitted by law, including:

• Health information (if relevant to providing services)

• Financial information

• Any other information classified as sensitive under the Privacy Act

​

Information We Don't Collect

We do not intentionally collect personal information from individuals under 18 years of age without parental consent.

 

3. How We Collect Personal Information

We collect personal information through various methods:

​

Direct Collection

• Online forms on our website

• Email communications

• Phone conversations

• Face-to-face meetings

• Written contracts and agreements

• Payment processing systems

• Social media interactions

​

Indirect Collection

• Third-party service providers (payment processors, website analytics)

• Publicly available sources

• Business directories

• Referrals from existing clients

• Marketing platforms and tools

​

Website Cookies and Tracking

Our website uses cookies and similar tracking technologies to:

• Improve website functionality and user experience

• Analyse website traffic and usage patterns

• Provide personalised content

• Enable social media features

• Support marketing and advertising activities

You can control cookies through your browser settings, though disabling cookies may affect website functionality.

​

4. Why We Collect Personal Information

We collect personal information for the following purposes:

​

Primary Purposes

• Providing virtual assistant services (website creation, social media management, and administrative support)

• Processing payments and maintaining financial records

• Communicating with clients about services

• Managing client relationships and accounts

• Fulfilling contractual obligations

​

Secondary Purposes

• Marketing and promotional activities (with consent)

• Improving our services and business operations

• Legal compliance and record-keeping

• Preventing fraud and security threats

• Conducting business analytics and research

​

5. How We Use and Disclose Personal Information

​

Use of Personal Information

We use your personal information to:

• Deliver the virtual assistant services you have requested

• Process payments and manage billing

• Communicate with you about our services

• Send marketing materials (only with consent)

• Comply with legal obligations

• Protect our business interests and legal rights

​

Disclosure of Personal Information

We may disclose your personal information to:

​

Service Providers and Contractors

• Payment processors and banks

• Website hosting providers

• Email marketing platforms

• Accounting and bookkeeping services

• Legal and professional advisors

• IT support and cloud storage providers

​

Legal Requirements

• Government agencies and regulators, when required by law

• Law enforcement agencies

• Courts and tribunals

• Other parties, as required by court order or subpoena

​

Business Transfers

• In connection with a merger, acquisition, or sale of business assets

We do not sell, rent, or trade your personal information to third parties for their marketing purposes without your explicit consent.

 

6. Overseas Disclosure of Personal Information

We may disclose your personal information to overseas recipients in the following circumstances:

​

Cloud Storage and Services

Your information may be stored on servers located outside Australia, including but not limited to:

• United States (cloud hosting providers)

• European Union (software service providers)

• Other jurisdictions where our service providers operate

​

Third-Party Services

We use various online tools and platforms that may store or process data overseas, including:

• Email marketing platforms

• Website analytics tools

• Project management software

• Communication platforms

​

Our Obligations

When disclosing personal information overseas, we take reasonable steps to ensure that overseas recipients:

• Handle your information in accordance with the Australian Privacy Principles

• Provide adequate protection for your personal information

• Comply with contractual privacy and security obligations

We remain accountable for how overseas recipients handle your personal information unless an exception applies under the Privacy Act.

 

7. Data Security and Storage

Security Measures

We implement reasonable security measures to protect your personal information from:

• Unauthorised access, modification, or disclosure

• Misuse, interference, or loss

• Cybersecurity threats and data breaches

Our security measures include:

• Secure server hosting with encryption

• Strong password policies and multi-factor authentication

• Regular software updates and security patches

• Staff training on privacy and security procedures

• Controlled access to personal information on a need-to-know basis

​

Data Retention

We retain your personal information only as long as necessary for:

• The purposes for which it was collected

• Legal or regulatory requirements

• Legitimate business purposes

Specific retention periods include:

• Client records: 7 years after completion of services (for tax and business purposes)

• Financial records: 7 years as required by taxation law

• Marketing communications: Until you unsubscribe or withdraw consent

• Website analytics: 26 months (as per Google Analytics default)

​

Data Destruction

When personal information is no longer needed, we take reasonable steps to:

• Securely destroy or delete the information

• De-identify the information where appropriate

• Ensure disposal methods prevent unauthorised access or reconstruction

​

8. Your Privacy Rights

Under Australian privacy law, you have the following rights:

​

Access Right

You can request access to the personal information we hold about you. We will provide access unless an exception applies under the Privacy Act.

​

Correction Right

You can request correction of personal information that is inaccurate, incomplete, or out-of-date. We will take reasonable steps to correct the information or, if we disagree, attach a statement of the requested correction.

​

Anonymity and Pseudonymity

Where practical, we will offer you the option to:

• Deal with us anonymously

• Use a pseudonym

This may not be possible when we are required by law to identify you or when identification is necessary to provide our services effectively.

 

Opt-Out Rights

You can opt-out of:

• Direct marketing communications at any time

• Certain data collection practices (subject to service limitations)

• Email newsletters and promotional content

​

Data Portability

Upon request, we will provide your personal information in a structured, commonly used format where technically feasible.

 

Complaints

You have the right to make a complaint about our privacy practices (see Section 10 for details).

​

9. Direct Marketing

Consent Requirements

We will only send you direct marketing communications if:

• You have provided explicit consent, or

• You would reasonably expect to receive such communications based on our business relationship, and

• You have not opted out of receiving such communications

​

Marketing Activities

Our direct marketing may include:

• Email newsletters about our services

• Promotional offers and service updates

• Industry insights and business tips

• Invitations to events or webinars

​

Opt-Out Process

You can opt out of direct marketing at any time by:

• Clicking the "unsubscribe" link in our emails

• Emailing us at [Insert Email Address]

• Call us at 0407 140 608

• Using the contact form on our website

We will process your opt-out request within 5 business days and will not charge any fee for this service.

​

10. Complaints and Contact Information

Making a Complaint

If you have concerns about our privacy practices, you can:

1. Contact us directly:

   • Email: [Insert Email Address]

   • Phone: [Insert Phone Number]

   • Mail: [Insert Business Address], Cairns, Queensland, Australia

2. What to include in your complaint:

   • Your contact details

   • Details of your privacy concern

   • Any relevant supporting information

   • Your preferred resolution

3. Our response process:

   • We will acknowledge your complaint within 5 business days

   • We will investigate your complaint thoroughly

   • We will provide a written response within 30 days

   • If we need more time, we will contact you to explain why

 

External Complaints

If you are not satisfied with our response, you can lodge a complaint with:

Office of the Australian Information Commissioner (OAIC)

• Website: www.oaic.gov.au

• Phone: 1300 363 992

• Email: enquiries@oaic.gov.au

• Mail: Office of the Australian Information Commissioner, GPO Box 5218, Sydney NSW 2001

​

11. Data Breach Notification

In the event of an eligible data breach that is likely to result in serious harm, we will:

1. Assess the breach within 30 days of becoming aware of it

2. Notify the Office of the Australian Information Commissioner as soon as practicable

3. Notify affected individuals where contact is practicable, including:

   • A description of the data breach

   • The kinds of information involved

   • Steps we have taken to address the breach

   • Recommendations for steps you can take

   • Our contact details for further information

​

What constitutes an eligible data breach:

• Unauthorised access to, or disclosure of, personal information

• Loss of personal information in circumstances where unauthorised access or disclosure is likely

• The breach is likely to result in serious harm to affected individuals

​

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

• Changes in our business practices

• Changes in privacy laws and regulations

• Feedback from clients and stakeholders

• Technology updates and new services

​

Notification of Changes

When we update this Privacy Policy, we will:

• Post the updated policy on our website

• Update the "Last Updated" date

• Notify you by email if changes are significant (where we have your consent to do so)

• Provide reasonable notice of material changes

​

Accessing Current Policy

The current version of our Privacy Policy is always available on our website at [Insert URL].

​

13. Definitions

Australian Privacy Principles (APPs): The 13 principles in the Privacy Act that govern how personal information is collected, used, stored, and disclosed.

Eligible Data Breach: A data breach likely to result in serious harm to individuals whose personal information is involved.

Personal Information: Information or opinion about an identified individual or someone who is reasonably identifiable.

Sensitive Information: A subset of personal information, including health information, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, criminal records, and biometric information.

Use: Handling personal information within your organisation.

Disclosure: Releasing personal information from your organisation to external parties.

​

14. Compliance Framework

Legal Basis for Processing

Our collection and use of personal information is based on:

• Consent (express or implied)

• Contractual necessity

• Legal obligations

• Legitimate business interests

• Vital interests (in emergency situations)

​

International Compliance

While this policy is primarily designed for Australian privacy law compliance, we also consider:

• General Data Protection Regulation (GDPR) requirements for EU clients

• Privacy laws in other jurisdictions where we provide services

• International best practices for data protection

​

Regular Review

We conduct regular reviews of our privacy practices to ensure:

• Ongoing compliance with applicable laws

• Effectiveness of our privacy controls

• Alignment with industry best practices

• Responsiveness to stakeholder feedback

This Privacy Policy was last updated on [Date] and is effective as of [Date].

For any questions about this Privacy Policy or our privacy practices, please contact us using the details provided in Section 10.