Legal Documentation

Privacy Policy

How Core Haven Pty. Ltd. collects, uses, and protects your information

Last updated: December 25, 2025

Core Haven Pty. Ltd. (ABN: XX XXX XXX XXX) ("we", "our", "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our managed IT infrastructure services.

1. Information We Collect

1.1 Personal Information

We may collect the following personal information:

  • Name, email address, phone number, and job title
  • Business name, ABN, and billing address
  • Payment and credit card information (processed securely through third-party providers)
  • Technical contact information and system administrator details
  • Authentication credentials and access logs

1.2 Technical Information

We automatically collect technical data including:

  • IP addresses, device information, and browser types
  • System logs, performance metrics, and usage statistics
  • Network traffic data and security event logs
  • Configuration and infrastructure topology information

1.3 Business Data

As part of providing managed IT services, we may have access to your business data stored on our infrastructure. We treat all client data with strict confidentiality.

2. How We Use Your Information

We use collected information for the following purposes:

  • Service Delivery: To provide, maintain, and improve our IT infrastructure and managed services
  • Technical Support: To respond to support requests, troubleshoot issues, and provide assistance
  • Security & Monitoring: To detect, prevent, and respond to security threats and unauthorized access
  • Billing & Invoicing: To process payments and manage your account
  • Compliance: To meet regulatory requirements including APRA CPS 234 and SOC 2
  • Communication: To send service updates, security alerts, and important notifications
  • Analytics: To analyze usage patterns and improve service performance
  • Legal Obligations: To comply with applicable laws and regulations

3. Data Security

Core Haven implements enterprise-grade security measures to protect your information:

  • Encryption: Data encrypted at rest (AES-256) and in transit (TLS 1.3)
  • Access Controls: Role-based access control (RBAC) and multi-factor authentication (MFA)
  • Monitoring: 24/7 security monitoring and intrusion detection systems
  • Data Centers: Australian Tier III+ data centers with physical security controls
  • Backups: Regular encrypted backups with geo-redundant storage
  • Incident Response: Documented incident response procedures and security team
  • Compliance: Regular security audits and penetration testing
  • Employee Training: Mandatory security awareness training for all staff

4. Data Location & Sovereignty

Australian Data Residency: All client data is stored exclusively in Australian data centers located in Sydney and Melbourne. We do not transfer data outside of Australia unless explicitly authorized by you.

This ensures compliance with Australian data sovereignty requirements and provides additional protection under Australian privacy laws.

5. Information Sharing & Disclosure

We do not sell or rent your personal information. We may share information with:

  • Service Providers: Trusted third-party vendors who assist in service delivery (e.g., payment processors, cloud infrastructure providers)
  • Legal Requirements: Government authorities when required by Australian law or court order
  • Business Transfers: In the event of a merger, acquisition, or sale of assets (with notice to affected clients)
  • Authorized Partners: With your explicit consent for specific purposes

All third-party service providers are bound by confidentiality agreements and must comply with Australian privacy standards.

6. Your Privacy Rights

Under the Australian Privacy Act 1988 and APPs, you have the right to:

  • Access: Request a copy of your personal information we hold
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal obligations)
  • Objection: Object to processing of your information for certain purposes
  • Data Portability: Request transfer of your data in a machine-readable format
  • Complaint: Lodge a complaint with us or the Office of the Australian Information Commissioner (OAIC)

To exercise these rights, please contact our Privacy Officer at privacy@corehaven.com.au

7. Data Retention

We retain information for as long as necessary to:

  • Provide ongoing services to you
  • Comply with legal, regulatory, and accounting obligations (minimum 7 years for financial records)
  • Resolve disputes and enforce agreements
  • Maintain security and audit logs (typically 12-24 months)

Upon service termination, we will securely delete or anonymize your data in accordance with our data retention schedule and your service agreement.

8. Compliance & Certifications

Core Haven maintains compliance with:

  • Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs)
  • APRA CPS 234 Information Security requirements
  • ISO/IEC 27001 Information Security Management
  • SOC 2 Type II compliance
  • Essential Eight Maturity Level 3
  • HIPAA compliance for healthcare clients (where applicable)
  • PCI DSS for payment card data handling

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Material changes will be notified to clients via email and posted on our website at least 30 days before taking effect.

Continued use of our services after policy changes constitutes acceptance of the updated policy.

10. Contact Us

For privacy-related inquiries, requests, or complaints, please contact:

Privacy Officer
Core Haven Pty. Ltd.

Email: info@corehaven.com.au

Phone: 1300 XXX XXX

Address: [Your Business Address], Australia