Privacy policy · CCP Australia.

Computer Consultant Professionals Pty Ltd (ACN 128 752 607, trading as CCP Australia) is committed to protecting your privacy. This policy explains what personal information we collect, why we collect it, how we use it, how we keep it secure, who we share it with, and how you can access, correct, or complain about our handling of it. It applies to the ccp.com.au website and to personal information we collect through service engagements.

Who we are

Entity: Computer Consultant Professionals Pty Ltd (trading as CCP Australia).
ABN: 19 128 752 607. ACN: 128 752 607.
Address: Unit 18, 8 Tomlinson Road, Welshpool WA 6106.
Phone: (08) 9467 2269.
Privacy contact: privacy@ccp.com.au.

We are an "APP entity" under the Privacy Act 1988 (Cth) and we comply with the 13 Australian Privacy Principles (APPs). We also handle sensitive information, credentials, and business data on behalf of our clients under the Master Terms of Service; that operational handling is governed by the client's service contract rather than this policy.

What personal information we collect

We only collect information that is reasonably necessary for our functions and activities. The kinds of personal information we collect include:

• Contact details you submit. Name, business name, email, and optional phone number submitted through the lead-qualification form, the contact form, a pricing or Essential Eight assessment download, or a newsletter signup.
• Information you share in conversations. The content of enquiries, call notes, meeting notes, and email correspondence with our team.
• Operational information for active client engagements. Business systems information, device identifiers, staff lists, vendor lists, configuration and access records, and similar operational data required to deliver managed IT services. This information is handled under your service contract.
• Website usage data. Pages viewed, referring site, device type, approximate location (city or region, derived from IP), interactions with embedded YouTube videos, scroll depth on long-form pages, file downloads, outbound link clicks, and form interactions. Collected by Google Analytics 4 (loaded via Google Tag Manager) and by our hosting provider's standard access logs. We do not collect anything that personally identifies you through analytics, and we don't link analytics data to leads collected through forms.
• Cookies and similar identifiers. Strictly-necessary cookies to run the site (theme preference, multi-step form state). Google Analytics 4 cookies (`_ga`, `_ga_*`) for aggregate measurement. Cloudflare Turnstile cookies during a form submission. We do not run third-party behavioural advertising trackers and we do not use cross-site tracking pixels.

We do not seek to collect sensitive information (as defined in the Privacy Act) through the website. If we need to collect sensitive information in the course of a service engagement, we will ask for your consent at the point of collection.

How we collect personal information

Directly from you, in most cases: when you fill out a form, email us, call us, meet with us, or engage us for services. We may also collect limited information from publicly available sources (for example, your business address from your public website or a regulator's register) when we are preparing a proposal. Where we receive information about you from a third party (for example, a referral), we take reasonable steps to notify you.

Why we collect it and how we use it

We use personal information for the following purposes:

• Responding to enquiries and providing information you have asked for (proposals, assessments, PDF downloads, quotes).
• Qualifying, scoping, and delivering services under a Master Terms of Service and Order Form.
• Billing, administration, and record-keeping as required by our contract with you and by Australian tax and commercial law.
• Direct marketing to existing clients and to people who have given us their details through a form on this website, in line with the Spam Act 2003 (Cth). Every marketing email carries a functional unsubscribe link. You can opt out at any time by emailing privacy@ccp.com.au.
• Improving the site and our services through aggregate analytics and feedback.
• Security, fraud prevention, and compliance with our legal and contractual obligations.

Cookies, analytics, and logs

The website uses a small number of cookies and web-storage items in three categories.

Strictly necessary. Theme preference, multi-step form state, and Cloudflare Turnstile (a bot challenge that runs only when you submit the lead-qualifier form). These keep the site working; you can't reasonably opt out without breaking the site.

Analytics — Google Analytics 4 via Google Tag Manager. We use Google Analytics 4 to understand which pages are useful, where visitors get stuck, and what the site needs. The container is loaded through Google Tag Manager (GTM-5ZBRQ4N) and the analytics property is configured with IP anonymisation, no Google Signals, and no advertising-data sharing. The events we collect are aggregated behaviour: page views, scroll depth, video play/progress/complete on embedded YouTube videos, outbound link clicks, file downloads, and form interactions. We do not send personally identifiable information to Google through this channel; lead-form contents are sent through a separate, server-side path that Google Analytics does not see.

Google sets first-party cookies for this purpose (typically _ga and _ga_*). Data is stored in Google's infrastructure and may be processed in the United States and other regions where Google operates; we have configured the property to apply the standard data-processing terms required for transfers from Australia.

Server access logs. Our web hosting provider keeps standard logs (source IP, user agent, request path, timestamp) for a short period for security and diagnostics. These logs are not used for marketing.

How to opt out. You can block or clear cookies in your browser. You can install the official Google Analytics Opt-out browser add-on to disable Google Analytics on every site you visit, including this one. You can also block the googletagmanager.com domain at the network level. None of these will prevent you from reading content on this site.

Who we share it with

We do not sell personal information. We share personal information only with trusted service providers and only to the extent required to run our business:

• Infrastructure and tooling providers (for example, our email platform, our CRM, our ticketing system, our accounting software, our web host, our analytics tooling). Each is bound by its own privacy and security obligations.
• Professional advisers (accountants, lawyers, auditors) where needed for the operation of our business.
• Regulators and law enforcement where we are required or authorised by law.
• Successors, in the event of a sale, merger, or restructure of the business, subject to equivalent privacy protections.

Overseas disclosures

Some of the tools we use store data on servers outside Australia (commonly in the United States or the European Union). Where that is the case, we take reasonable steps to ensure the recipient handles the information consistently with the Australian Privacy Principles, or we rely on a specific exception under APP 8. By submitting information through this website you consent to that disclosure.

How we keep it secure

We run our own managed security stack: multifactor authentication on all staff accounts, endpoint detection and response on every staff device, a central password manager, 24x7 security operations monitoring, regular patching, and regular backups. Staff access is role-based and audited. Hard copies are stored in a physically-secured office in Welshpool, Western Australia.

We keep personal information only for as long as we reasonably need it for the purpose it was collected, or as required by law (for example, record-keeping obligations under tax and corporations law). When we no longer need it, we destroy it or de-identify it.

Access and correction

You can ask to see the personal information we hold about you, and ask us to correct it if it is wrong. Email the request to privacy@ccp.com.au. We will verify your identity, then respond within 30 days. There is no fee for a reasonable request.

In rare cases we may decline access (for example, where giving access would unreasonably affect another person's privacy, or where the information is subject to legal privilege). If we decline, we will tell you in writing why, and how to escalate.

Complaints

If you believe we have mishandled your personal information, tell us first. Email privacy@ccp.com.au with enough detail to identify the issue. We will acknowledge within 7 days and give a substantive response within 30 days.

If you are not satisfied with our response, you can escalate to the Office of the Australian Information Commissioner (OAIC): oaic.gov.au, 1300 363 992.

Product and service-specific policies

One of our products has its own privacy policy because it collects data through a browser extension: