Privacy Policy
Privacy Policy
Effective Date: 23 July 2023 | Last Updated: 3 July 2025
Your Privacy Matters to Us
At Cyberhaven Technologies, we are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, and protect your data when you interact with our services. We take every step to ensure that your information is handled securely, in compliance with all relevant data protection laws. Your trust is essential to us, and we are dedicated to safeguarding your privacy every step of the way.
1 Introduction
Vstrah Pty Ltd (ABN 31 669 458 986), trading as Cyberhaven Technologies (“Cyberhaven Technologies”, “we”, “us”, “our”), respects your right to privacy. We are bound by the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs) and, where applicable, other international frameworks such as the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
This policy explains what personal information we collect, why, how we use and disclose it, how we secure it, and the choices you have. It applies to all websites, portals, applications, products and services offered or operated by Cyberhaven (collectively, “Services”), unless a separate privacy notice is supplied for a particular Service.
2 Definitions
| Term | Meaning |
|---|---|
| Personal Information | Information or opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not and whether recorded in material form or not (s 6, Privacy Act 1988). |
| Sensitive Information | A subset of personal information that includes health data, racial or ethnic origin, biometric identifiers, religious beliefs, sexual orientation, etc. |
| Processing / Handle | Any operation performed on personal information, including collection, storage, use, disclosure, destruction. |
| Data Subject / Consumer / You | Any natural person whose personal information is processed by Cyberhaven. |
3 What We Collect
| Category | Typical Examples |
|---|---|
| Identity & Contact | Full name, postal & billing addresses, e‑mail, telephone numbers, date of birth, government identifiers where permitted (e.g. TFN on employment paperwork). |
| Professional & Employment | Résumés, employment history, professional certifications, LinkedIn profile information, background‑check results (where required by law). |
| Financial & Transactional | Credit‑card or bank details (tokenised or encrypted), billing history, purchase orders, invoices, payment approvals. |
| Technical & Usage | IP address, device type, browser version, referring pages, time‑zone, interaction logs, error diagnostics, cookies and similar technologies—see Schedule A. |
| Support & Communications | Emails, chat transcripts, call recordings, ticket history, feedback forms, survey responses. |
| Location | City, state, country or geolocation data derived from IP address or device (when you grant permission via app). |
| Sensitive Information (limited) | Only where strictly necessary—e.g. health data for workplace injury reporting, or diversity information if you choose to provide it voluntarily. In all cases we seek explicit consent. |
4 How We Collect Information
- Directly from you when you complete web forms, create an account, engage support, pay invoices, visit our premises, or apply for a job.
- Automatically through cookies, server logs, analytics tools and security monitoring systems.
- Third parties or public sources: channel partners, recruitment agencies, credit‑reference providers, social‑media platforms (subject to their privacy settings), and public registers (ASIC, ABN Lookup, etc.).
- Referral or delegation from one of our clients if you are their employee or customer and they engage us on your behalf (we act as their service provider).
5 Why We Collect and Use Your Information
| Purpose | Legal/Lawful Basis* |
|---|---|
| Provide, customise and maintain our IT, cybersecurity, web & software services. | Contract performance; legitimate interests. |
| Verify identity, create accounts, manage access and authorisation. | Contract; legal obligation (e.g. KYC requirements). |
| Process payments, issue invoices & administer billing queries. | Contract; legal obligation (tax law). |
| Recruit, onboard, manage and pay personnel, interns and contractors. | Contract; consent (sensitive data); legitimate interests. |
| Improve services, conduct analytics, troubleshoot, test, and enhance security. | Legitimate interests. |
| Market relevant products or send updates with your consent or as permitted by law. | Consent; legitimate interests. |
| Comply with laws, respond to lawful requests, enforce agreements. | Legal obligation. |
* Where GDPR applies, our primary lawful bases are contract performance, legal obligation, legitimate interests(balanced against your rights), and consent for specific optional activities.
6 Disclosure of Personal Information
We never sell your information. We may disclose it to:
- Internal staff of Vstrah Pty Ltd/Cyberhaven, under strict need‑to‑know access controls.
- Service providers (data‑centre hosts, SaaS vendors, payment gateways, background‑check agencies, courier firms) bound by confidentiality and security obligations.
- Affiliated business entities for intra‑group administration and consolidated reporting.
- Clients where we act as their managed‑service provider and you are their authorised user.
- Regulators, courts and law‑enforcement when required by law or to defend legal rights.
- Prospective purchasers in connection with a merger, acquisition or asset sale (subject to confidentiality).
Cross‑border disclosures may occur where our cloud infrastructure or vendors reside outside Australia (e.g. AWS, Microsoft 365). We take reasonable steps to ensure overseas recipients handle your data in a manner consistent with the APPs, including contractual safeguards and, where GDPR applies, Standard Contractual Clauses.
7 Data Security
We employ a layered security program combining:
- Encryption in transit (TLS 1.2+) and at rest (AES‑256).
- Role‑based access control (RBAC), multi‑factor‑authentication (MFA) and least‑privilege principles.
- ISO 27001‑aligned policies, periodic penetration testing and vendor risk assessments.
- Physical safeguards (24/7 surveillance, secure server rooms, visitor logs).
- Staff training on privacy, social engineering, secure coding and incident response.
- Business Continuity & Disaster Recovery (BCDR) plans with off‑site backups.
Despite best efforts, no method of transmission or storage is completely secure. If a data breach arises that is likely to cause serious harm, we will notify affected individuals and the OAIC (and any other relevant authority) in accordance with the Notifiable Data Breaches Scheme and GDPR articles 33–34 if applicable.
8 Data Retention & Destruction
We retain personal information only for as long as necessary to fulfil the purposes outlined in this policy or as required by law (e.g., tax, employment, audit). Retention periods vary:
- Contracts & invoices – 7 years (ATO record‑keeping).
- Job applicant data – 2 years (or sooner if consent is withdrawn).
- Customer support logs – up to 3 years post‑closure.
- Security logs – maximum 12 months unless needed for investigation.
Data scheduled for deletion is securely erased or anonymised following industry standards (NIST SP 800‑88).
9 Your Rights and Choices
| Under the APPs (Australia) | Under the GDPR (EU/EEA Residents) |
|---|---|
| Access and correct personal information. | Access, rectify, erase (“right to be forgotten”). |
| Complain to the Office of the Australian Information Commissioner (OAIC) if unsatisfied. | Restrict or object to processing; data portability; lodge a complaint with an EU supervisory authority. |
| Opt out of direct marketing (spam regulation). | Withdraw consent at any time; object to automated decision‑making. |
To exercise these rights, email privacy@cyberhaven.com.au or write to us (see Section 13). We may verify your identity before fulfilling requests and may refuse or limit actions where legally permitted (e.g., frivolous or vexatious requests, or where disclosure would impact another’s privacy).
10 Marketing & Communications Preferences
We may email you newsletters, security advisories, event invitations or special offers relevant to your relationship with Cyberhaven. You can opt out by:
- Clicking “unsubscribe” in any marketing email; or
- Contacting us at support@cyberhaven.com.au.
Transactional or service‑related notices (e.g., password resets, outage alerts) are not considered marketing and are sent as necessary.
11 Cookies, Analytics & Tracking Technologies
Our websites use first‑party and third‑party cookies, pixels and similar tools for authentication, remembering preferences, measuring traffic and improving usability. We do not use cookies to serve behavioural advertising unless you expressly consent.
You may disable cookies via browser settings or amplify privacy by using plug‑ins (such as uBlock Origin). However, certain features may become unavailable. For details see Schedule A: Cookie Categories.
12 Third‑Party Links
Our Services may include links to external websites or social‑media platforms. We are not responsible for the privacy practices or content of those sites. We recommend reviewing their privacy statements before providing personal information.
13 Children’s Privacy
Our Services are not directed to children under 16. We do not knowingly collect personal information from minors without verifiable parental consent. If you believe a child has provided us information, please contact us and we will act promptly to delete it.
14 Automated Decision‑Making & Profiling
Cyberhaven does not engage in solely automated decisions that produce legal or similarly significant effects on individuals (GDPR Art. 22). Where we use analytics or risk‑scoring tools, human oversight remains integral.
15 Policy Updates
We may amend this Privacy Policy periodically to reflect changes in laws, technology or business operations. The revised version will be posted at www.cyberhaven.com.au/privacy with a new “Last Updated” date. If changes materially impact your rights, we will provide advance notice via email or prominent site banner. Your continued use of the Services after the effective date constitutes acceptance.
16 Complaints & Contact Information
If you have a question, concern or complaint about privacy, please contact:
Privacy Officer
Vstrah Pty Ltd t/a Cyberhaven Technologies
Suite 18, 162 Macquarie Street, Hobart TAS, 7000, Australia
📞 (03) 6164 8899 | 📧 privacy@cyberhaven.com.au
We aim to respond within 30 days. If you are dissatisfied with our response in Australia, you may complain to the Office of the Australian Information Commissioner (www.oaic.gov.au). EU residents may contact their local supervisory authority.
Schedule A – Cookie Categories
| Category | Purpose | Lifespan | Opt‑Out |
|---|---|---|---|
| Strictly Necessary | Session management, load balancing. | Session | Browser settings (may disrupt login). |
| Performance / Analytics | Visitor counts, page performance (e.g., Google Analytics IP‑anonymised). | 1 day – 24 months | Browser add‑ons (e.g., GA Opt‑out). |
| Functionality | Remembering preferences (language, theme). | 30 days | Disable in settings. |
| Security | Detect abuse, rate‑limit traffic (e.g., Cloudflare _cfduid). | 30 days | N/A (essential). |
Schedule B – Key Third‑Party Service Providers
| Provider | Service | Location of Processing | Safeguards |
|---|---|---|---|
| Hostinger | Cloud hosting (Sydney region) | Australia | ISO 27001; encryption at rest. |
| Microsoft 365 | Email & collaboration | Australia / EU | Data‑processing terms; SCCs. |
| Stripe | Payment processing | USA / EU | PCI‑DSS; SCCs. |
| QuickBooks (Intuit) | Accounting & invoicing | NZ / USA | ISO 27001; encryption. |
Version 1.0.1 © Cyberhaven Technologies (ABN 31 669 458 986) – All rights reserved.
Let’s Work Together
Get in Touch
Quick Links
Services
Contact Information
-
Suit 18 162 Macquarie Street, Hobart, 7000, Tasmania
-
Suit 8A 340-344 Elizabeth Street, North Hobart, 7000, Tasmania
Copyright © 2025 cyberhaven technologies. All rights reserved
Acknowledgement of Country
© Cyberhaven Technologies — A Trading Name of VSTRAH PTY LTD (ABN 31 669 458 986)
Cyberhaven Technologies is a proudly Tasmania-based business operated by VSTRAH PTY LTD. We deliver expert solutions in cybersecurity, software and app development, cloud computing, managed IT services, UI/UX design, and digital strategy. “Cyberhaven Technologies” is our trading name used to better connect with clients and enhance brand recognition in the competitive technology sector.
Corporate Responsibility & Disclaimer
All content, services, and information provided on this website are published in good faith and for general information purposes only. While we make every effort to ensure accuracy, reliability, and currency, Cyberhaven Technologies (VSTRAH PTY LTD) makes no warranties or representations, express or implied, about the completeness, correctness, suitability, or availability of the website or the information, products, services, or related graphics contained on the site for any purpose. Users are advised to consult with our team for tailored advice before acting on any information.
Commitment to Privacy & Ethics
We are committed to data protection, equal opportunity, ethical innovation, and the support of emerging professionals. Our operations comply with the Australian Privacy Principles and industry standards. For details, please refer to our Privacy Policy and Terms & Conditions.