Privacy Policy

Last updated: 29 January 2026

1. Introduction

S5 Technology Group Pty Ltd (ABN omitted) (“S5”, “we”, “us” or “our”) is committed to protecting the privacy of personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This Privacy Policy explains how we collect, hold, use, disclose and protect personal information when you: - Visit our website at https://www.s5.technology; - Engage us for managed IT, cloud, security, monitoring, backup, SOC or professional services; or - Otherwise interact with us as a customer, supplier, partner or website user.

By using our services or providing personal information to us, you acknowledge that you have read and understood this Privacy Policy.

2. Who We Are

Company name: S5 Technology Group Pty Ltd
Registered locations: - 50/25–27 Hay Street, Port Macquarie NSW 2444
- 138 Kendal Street, Cowra NSW 2794
- 167 Eagle Street, Brisbane QLD 4000

Website: https://www.s5.technology

3. Our Role – Controller and Service Provider

Depending on the context, S5 acts as:

  • A controller of personal information (for example, information about our customers, contacts, suppliers and website users); and
  • A service provider / processor when we manage, monitor, back up, secure or support customer systems on their behalf.

When acting as a service provider, we process personal information strictly in accordance with our customer contracts and documented instructions.

4. Personal Information We Collect

4.1 Information we collect directly

We may collect personal information including: - Name - Email address - Phone number - Business address - Job title and employer - Billing and payment details - Communications with us

4.2 Managed services, logs and monitoring data

When providing managed IT, cloud, security, monitoring, backup or SOC-related services, we may collect or generate information that incidentally contains personal information, including: - Usernames and user identifiers - IP addresses and device identifiers - Authentication and access logs - Email metadata and system metadata - File paths, timestamps and audit records - Backup data that may include end-user content

This information is collected solely for the purposes of delivering contracted services such as system administration, security monitoring, incident response, compliance, troubleshooting and backup recovery.

4.3 Identity verification information

Where required by law, contract or for fraud prevention, we may collect limited identity verification information such as: - Date of birth - Government-issued identification (where strictly necessary)

Such information is collected only where reasonably necessary and is subject to enhanced security controls.

4.4 Website usage and technical data

We may collect information such as: - IP address - Browser type and version - Pages visited and time spent - Device and operating system information

5. Cookies and Tracking Technologies

We use cookies and similar technologies to: - Ensure essential website functionality - Remember user preferences - Analyse website usage - Support marketing and advertising activities

Cookies may be session-based or persistent. You can control cookies through your browser settings. Disabling cookies may affect website functionality.

Where analytics or advertising cookies are used, you may opt out using provider tools (such as Google Ads or Analytics opt-out mechanisms).

6. How We Use Personal Information

We use personal information to: - Deliver and manage our services - Monitor, secure and support customer systems - Manage customer relationships and accounts - Provide technical support and incident response - Process payments and billing - Communicate service-related information - Send marketing communications (where permitted) - Meet legal and regulatory obligations

7. Disclosure of Personal Information

We may disclose personal information to:

7.1 Service providers and subcontractors

Including trusted third parties who assist us in delivering services, such as: - Security Operations Centre (SOC) providers - Monitoring and alerting providers - Backup and disaster recovery providers - Cloud infrastructure providers

All subcontractors are contractually required to: - Use information only for authorised purposes - Implement appropriate security controls - Comply with Australian privacy obligations

7.2 Business operations

  • Professional advisers (legal, accounting, insurance)
  • Payment processors
  • Insurers and auditors

7.3 Legal requirements

Where required or authorised by law, court order or regulatory authority.

8. Data Storage and Residency

All customer data, including logs, backups and monitoring data, is stored and processed in Australia.

We do not intentionally transfer customer personal information outside Australia. If this position changes, we will update this Privacy Policy and ensure compliance with APP 8 (cross-border disclosure).

9. Data Retention and Deletion

We retain personal information only for as long as necessary to: - Provide contracted services - Meet legal and regulatory obligations - Resolve disputes and enforce agreements

Retention periods for logs, backups and monitoring data are governed by customer contracts and service schedules. Secure deletion or destruction is performed at the end of retention periods or upon customer instruction, unless retention is required by law.

10. Data Security

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure, including: - Access controls and least-privilege principles - Encryption where appropriate - Network and system security monitoring - Security logging and auditing - Staff training and confidentiality obligations

Despite these measures, no system is completely secure, and we cannot guarantee absolute security.

11. Notifiable Data Breaches

We comply with the Notifiable Data Breaches (NDB) scheme under the Privacy Act.

In the event of an eligible data breach involving personal information, we will: - Promptly assess the incident - Notify affected customers and individuals where required - Notify the Office of the Australian Information Commissioner (OAIC) in accordance with the law

12. Access, Correction and Complaints

You may request: - Access to personal information we hold about you - Correction of inaccurate, outdated or incomplete information

Requests can be made using the contact details below. We will respond within a reasonable timeframe.

If you have a complaint about how we handle personal information, please contact us first. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at https://www.oaic.gov.au.

13. Marketing Communications

We may send marketing communications where permitted by law. You may opt out at any time by: - Using the unsubscribe link in our communications; or - Contacting us directly.

14. Third-Party Websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those websites and encourage you to review their privacy policies.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Updates will be published on our website, and the “Last updated” date will be revised accordingly.

16. Contact Us

If you have any questions or requests regarding this Privacy Policy or privacy matters, please contact us:

Website: https://www.s5.technology/contact