Privacy Policy.

CyberSec People Pty Ltd (ABN to be confirmed) ("CyberSec People", "we", "our", "us") is a specialist cybersecurity recruitment firm based in Queensland, Australia. We provide recruitment services including permanent placement, retained search, and executive search for the cybersecurity industry.

This Privacy Policy explains how we collect, hold, use, disclose and otherwise manage personal information in connection with our recruitment services, our website (cybersecpeople.com), and our interactions with candidates, clients, referees, and website visitors.

We are bound by the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth). This policy satisfies our obligations under APP 1 to manage personal information in an open and transparent way.

The types of personal information we collect depend on the nature of your interaction with us. As a recruitment agency, we collect information that is reasonably necessary to provide our services.

We collect personal information directly from you wherever possible. This includes when you:

• ›Submit your CV or apply for a role through our website or job board
• ›Contact us via email, phone, or our website contact form
• ›Attend an event, conference, or meetup where we are present (e.g. BSides, SecTalks, CrikeyCon)
• ›Connect with us on LinkedIn or other professional platforms
• ›Are referred to us by a colleague, client, or community member
• ›Register interest in our services or subscribe to communications

We may also collect personal information from third parties, including publicly available sources (such as LinkedIn, GitHub, or professional directories), referees you have nominated, our clients, and professional networks within the cybersecurity community.

Where we collect information about you from a third party, we will take reasonable steps to ensure you are made aware of this collection and the matters set out in this policy.

We collect, hold, use and disclose your personal information for purposes directly related to our recruitment services, including:

• ›Assessing your suitability for current or future roles with our clients
• ›Matching candidates with appropriate job opportunities
• ›Communicating with you about roles, your application status, or our services
• ›Providing recruitment services to our clients, including sharing candidate profiles with their consent
• ›Conducting reference checks and verifying qualifications
• ›Managing our business relationship with clients and candidates
• ›Sending you relevant job opportunities, industry news, or event invitations (with your consent)
• ›Complying with our legal obligations, including workplace health and safety, anti-discrimination, and employment law
• ›Improving our services and website experience
• ›Internal research, analysis, and business development

We will not use or disclose your personal information for purposes other than those described above without first obtaining your consent, unless required or authorised by law.

Sensitive information is a special category of personal information under the Privacy Act 1988. It includes information about racial or ethnic origin, political opinions, religious beliefs, trade union membership, sexual orientation, criminal record, and health information.

We will only collect sensitive information where it is reasonably necessary for our functions and with your explicit consent. In the context of recruitment, this may include:

• ›Criminal history checks where required by the role or client (e.g. government security clearances)
• ›Health information where relevant to a genuine occupational requirement
• ›Diversity information where voluntarily provided for equal opportunity monitoring

We will always explain why sensitive information is being collected and will only disclose it with your consent or as required by law.

In the course of providing our recruitment services, we may disclose your personal information to:

• ›Our clients (prospective employers) for the purpose of assessing your suitability for a role. We will always seek your consent before sharing your profile with a specific client
• ›Referees nominated by you, for the purpose of conducting reference checks
• ›Third-party service providers who assist us in delivering our services, including our applicant tracking system (Loxo), website hosting, email communications, and analytics providers
• ›Professional advisers such as accountants and lawyers
• ›Government authorities where required or authorised by law
• ›Our related entities, if applicable

We require all third-party service providers to handle your personal information in accordance with this policy and applicable privacy laws. We do not sell your personal information to any third party.

Some of the third-party services we use to operate our business may store or process data outside of Australia. This may include:

Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure the recipient handles the information in accordance with the APPs, or that the recipient is subject to a law or binding scheme that is substantially similar to the APPs. Where this is not possible, we will seek your consent before making the disclosure.

When you visit our website, we may collect certain information automatically, including your IP address, browser type, operating system, referring URLs, pages visited, and the date and time of your visit. This information is collected through analytics tools and is used to improve our website and understand how visitors interact with our content.

Our website may use cookies and similar technologies to enhance your browsing experience. Cookies are small text files stored on your device. You can control cookie settings through your browser preferences. Disabling cookies may affect some functionality of our website.

Our website may contain links to third-party websites (such as LinkedIn, job boards, or event pages). We are not responsible for the privacy practices of these external sites and encourage you to review their privacy policies.

We take reasonable steps to protect the personal information we hold from misuse, interference, loss, and from unauthorised access, modification, or disclosure. Our security measures include:

• ›Secure, access-controlled systems for storing personal information
• ›Encryption of data in transit (SSL/TLS) on our website
• ›Access restrictions so that only authorised personnel can access personal information
• ›Regular review of our information security practices
• ›Use of reputable third-party service providers with appropriate security measures

While we take all reasonable precautions, no method of electronic storage or transmission is completely secure. We cannot guarantee the absolute security of your information.

We retain personal information for as long as it is reasonably necessary for the purposes described in this policy, or as required by law. For candidates, this typically means we retain your information for the duration of our professional relationship and for a reasonable period afterwards, in case suitable opportunities arise.

If you would like us to remove your personal information from our systems, please contact us using the details below. We will take reasonable steps to destroy or de-identify your personal information once it is no longer needed, unless we are required by law to retain it.

Under the APPs, you have the right to request access to the personal information we hold about you, and to request that we correct any information that is inaccurate, out of date, incomplete, irrelevant, or misleading.

To request access to or correction of your personal information, please contact us using the details provided below. We will respond to your request within a reasonable timeframe (generally within 30 days). We may need to verify your identity before processing your request.

In some circumstances, we may refuse access or correction in accordance with the exceptions set out in the Privacy Act. If we refuse your request, we will provide you with written reasons and information about how to complain.

If you believe we have breached the APPs or handled your personal information inappropriately, you are entitled to make a complaint. Please contact us using the details below and we will investigate your complaint and respond within a reasonable timeframe (generally within 30 days).

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page.

We encourage you to review this policy periodically to stay informed about how we protect your personal information.

If you have any questions about this Privacy Policy, wish to make a complaint, or would like to request access to or correction of your personal information, please contact us: