WhiteCave Privacy Policy

​

PURPOSE

WhiteCave Pty Ltd (“WhiteCave”, “we”, “our”) is committed to protecting your privacy. This policy explains how we collect, use, disclose and safeguard Personal Information when providing cybersecurity consulting, managed detection and response, and related services.

​

SCOPE

The policy applies to all Personal Information handled by WhiteCave staff, contractors and authorised third parties worldwide.

​

OBJECTIVE

• Provide clear and transparent information about WhiteCave’s privacy practices.

• Demonstrate compliance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs) and, where relevant, the EU and UK GDPR.

​

POLICY

​

1. Personal Information

“Personal Information” is any information or opinion that identifies an individual. We collect items such as:

• Names, titles and employer details

• Postal and email addresses, phone numbers and login identifiers

• Usage data from our websites, portals and security platforms

We collect information via meetings, phone, email, secure portals, cookies and trusted third parties. We use it to deliver and improve our services, manage accounts, conduct analytics, meet legal obligations and, where you have consented, send marketing updates (you may opt out at any time).

When reasonable, we will explain why information is requested and how it will be used at or before the point of collection.

​

2. Sensitive Information

WhiteCave does not intentionally collect Sensitive Information (for example, health records or political opinions). If such data is unavoidably processed, we will only:

• Use it for the purpose for which it was supplied

• Use or disclose it for a directly related secondary purpose

• Do so with your consent or as required by law

​

3. GDPR Roles

Depending on the engagement:

• Data Controller is usually the enterprise customer.

• Processor – WhiteCave processes data on behalf of the Controller under documented instructions.

• Joint Controller – in some managed services we and specific vendors jointly determine processing means and purposes.

​

4. Third‑Party Sharing

We share Personal Information only:

1. With your explicit consent.

2. With sub‑processors listed below, under written agreements that mirror this policy.

3. Where required by law or court order.

4. To our professional advisers (eg auditors, insurers) under confidentiality.

We do not sell or lease customer information.

​

5. Security of Personal Information

WhiteCave maintains administrative, technical and physical safeguards aligned with ISO 27001 and industry good practice to protect data against loss, misuse and unauthorised access. Records are retained for at least seven years or longer where required. When data is no longer needed we securely destroy or de‑identify it.

​

6. Your Rights

Subject to applicable law you may:

• Request access to and a copy of your Personal Information.

• Ask us to correct inaccurate or outdated data.

• Request deletion or restriction of processing.

• Object to direct marketing.

• Receive your data in a portable format.

Contact details are below. We will respond within 30 days.

​

7. Access & Correction

Requests should be made in writing. We will verify your identity before releasing information. No fee is charged for access, but a reasonable administration fee may apply for copies.

​

8. Cookies & Analytics

Our websites use cookies and similar technologies to personalise content and analyse traffic. You can refuse cookies via browser settings; certain features may not function.

​

9. Policy Updates

We review this policy at least annually or when laws, services or business practices materially change. Updated versions will be published on whitecave.com.au/privacy.

​

10. Complaints & Enquiries

Questions or complaints should be directed to privacy@whitecave.com.au.

We will acknowledge complaints within five business days and aim to resolve them within 30 days. Unresolved concerns may be referred to the Office of the Australian Information Commissioner (OAIC).