Privacy Policy for PCI Compliance Australia

Personal Information: When you register, sign up for Services, or contact us, we may collect name, email address, phone number, billing information, company details, and payment details (processed via secure third-party gateways compliant with PCI DSS).

Usage Data: Automatically collected data includes IP address, browser type, device information, pages visited, time spent, and interaction data (e.g., via cookies, logs, or analytics tools).

Scan and Hosting Data: For scans, we collect vulnerability scan results and server data. For hosting, we collect server logs, backup data, and monitoring alerts. This may include sensitive data you store on hosted servers, which we handle as a processor under PCI DSS.

Other Data: Information from third parties (e.g., payment processors) or public sources.

We do not intentionally collect data from children under 13. If we learn of such collection, we will delete it.

To provide and maintain Services (e.g., perform scans, host servers, send reports and alerts).

To process payments and manage billing.

To communicate with you (e.g., emails about scans, compliance updates, or support).

To monitor and improve Services (e.g., analytics for security and performance).

To comply with legal obligations, including PCI DSS reporting.

For marketing (with your consent), such as newsletters about compliance tips.

Service Providers: With vendors for hosting, payments, analytics, or security (e.g., cloud providers, email services), bound by confidentiality and PCI compliance.

Compliance and Legal: To auditors, regulators, or law enforcement if required (e.g., for PCI audits or subpoenas).

Business Transfers: In mergers, acquisitions, or asset sales, your data may be transferred.

We do not sell your personal information. Sharing is limited to what's necessary for Services.

We implement reasonable security measures compliant with PCI DSS Level 1, including encryption, access controls, firewalls, and regular audits. Automated backups occur daily for hosting. However, no system is 100% secure; you use the Services at your own risk. Notify us of any suspected breaches.

We retain personal information as needed for Services, legal compliance, or business purposes (e.g., scan reports for 7 years per Australian tax laws). Usage data is retained for up to 2 years. You may request deletion, subject to legal requirements.

Under Australian Privacy Principles (APP) and applicable laws:

Access, correct, or delete your data.

Opt out of marketing communications.

Complain to us or the Office of the Australian Information Commissioner (OAIC).

Contact us to exercise rights. We respond within 30 days.

We use cookies for functionality, analytics, and advertising. You can manage preferences via browser settings, but this may limit Services.

Data may be stored or processed outside Australia (e.g., in secure cloud servers). We ensure equivalent protections via contracts or certifications.

We may update this Policy with notice via the Site or email. Continued use constitutes acceptance.

For privacy questions, contact our Data Protection Officer at [insert contact, e.g., privacy@pcicompliance.com.au].

This Policy complies with the Australian Privacy Act 1988 and PCI DSS. For EU/UK users, we align with GDPR where applicable.