Privacy Policy

1. Introduction

This Privacy Policy explains how Slash Tech Australia Pty Ltd ("Slash Tech", "we", "us", or "our") collects, uses, discloses, and protects personal information in connection with our hardware, software, automation, and consulting services, through our website at slashtech.com.au, and in the course of our recruitment and supplier engagement activities.

We are committed to handling personal information responsibly and in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

Scope. This policy applies to personal information collected through our website, client engagements, platforms and dashboards we operate, IoT and telemetry systems we design or deploy, recruitment activities, supplier engagements, and communications with us.

2. Who We Are

Slash Tech Australia Pty Ltd (ABN 78 687 964 889; ACN 687 964 889), trading as Slash Group, is an Australian-based applied R&D and technology services company, building hardware, software, and automation systems for industrial, environmental, government, and IoT clients. We are headquartered in Brisbane, Queensland, with our registered office at 19 Lutwyche Road, Windsor QLD 4030 and our principal place of business at Unit 12/783 Kingsford Smith Drive, Eagle Farm QLD 4009.

3. Information We Collect

Client details, website visitors, platform usage, field deployments, job applicants, and suppliers.

From clients and prospective clients

• Contact details of representatives (name, email address, phone number, role or title)
• Business information (company name, ABN, address)
• Account credentials and service configuration preferences
• Contract and correspondence records
• On a case-by-case basis, personal information of the client's own customers, employees, or other individuals where it is reasonably necessary to deliver an engagement (for example, a dataset we are asked to migrate, analyse, or process). In those cases we generally act as a service provider to the client and handle that information in accordance with our written agreement with that client.

From website visitors

• Browser type and version, operating system, IP address
• Pages visited, navigation patterns, time and date of visits
• Referring website or source
• Device type
• Information collected by Cloudflare for security, performance, and analytics purposes
• Once enabled, information collected by Google Analytics 4 (subject to your cookie consent — see Section 9)

From platform and dashboard users

• Usernames and email addresses
• User preferences and settings
• Access logs and activity records
• IP addresses

From IoT and field deployments (where applicable)

Operational and environmental data collected through systems we design and deploy (for example, sensor readings, device status, telemetry) is generally not personal information. Where such data is or becomes identifiable to an individual, this policy applies to that data.

From job applicants

• Name, contact details, resume / CV, cover letter, work history, education, and any other information you choose to provide in your application
• Information you submit through our careers page, LinkedIn, or Indeed
• Notes and correspondence during the recruitment process, including interview notes
• Reference information, where you provide referees and we contact them with your consent

We do not currently conduct background checks or right-to-work verification. If we introduce these in future, we will obtain your consent and update this policy accordingly.

From contractors and suppliers

Where you provide goods or services to us, we collect information necessary to engage and pay you, including name, business name, ABN, contact details, address, and bank account details.

Sensitive information

We do not seek to collect "sensitive information" as defined in the Privacy Act (including health information, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, or criminal record). If we ever need to collect sensitive information, we will only do so with your consent and where it is reasonably necessary for one of our functions or activities.

4. How We Collect Information

Direct contact, automated tools, platforms, and authorised providers.

• Directly from you when you contact us, submit an enquiry through our contact form or Microsoft Bookings, sign up for resources, apply for a role, or engage our services
• Automatically through cookies, analytics tools, and server logs when you visit our website
• Through our platforms when clients or their users interact with systems we operate
• From third-party service providers where you have authorised this
• From referees you nominate during recruitment
• From clients, where they provide us with information about their personnel, customers, or counterparties for the purpose of an engagement
• From publicly available sources such as LinkedIn, company registers, or industry directories, where this is relevant to a business-to-business relationship

Where we collect personal information about you from a third party, we will, where reasonable, take steps to ensure you are made aware of this collection.

5. Why We Collect It

Primary and secondary purposes.

Primary purposes

• Providing, managing, and improving our services
• Responding to enquiries and communications
• Establishing and maintaining client accounts
• Billing and account administration
• Authenticating users and managing access
• Assessing job applications and managing recruitment
• Engaging and paying contractors and suppliers

Secondary purposes

• Sending service updates, field notes, or marketing communications (where you have consented or it is otherwise permitted under the Spam Act 2003)
• Analysing website usage to improve our site
• Meeting legal and regulatory obligations
• Maintaining security and detecting fraud or misuse of our systems
• Protecting our legal interests

We will not use your personal information for a purpose other than those described here without your consent, unless required or permitted by law.

6. Disclosure of Personal Information

Service providers, clients, legal requirements, AI tools, and business transfers.

We do not sell personal information. We may share it with:

Service providers and sub-processors

Third parties who support our operations, such as cloud infrastructure providers, productivity and email platforms, accounting providers, recruitment platforms, and analytics tools. These parties are required to handle information in accordance with applicable privacy laws and our confidentiality obligations.

The principal sub-processors and service providers we use as at the date of this policy are:

This list may change from time to time. Material changes will be reflected in updates to this policy.

Clients

Where we operate systems on behalf of clients, we may share relevant user or operational data with that client as directed.

Artificial intelligence tools

We use artificial intelligence (AI) tools — including Claude (Anthropic), ChatGPT (OpenAI), and Microsoft Copilot — to assist with our work. We use these tools on paid business or enterprise plans, which under the providers' terms in force at the date of this policy do not use customer inputs to train their models.

We may input information, including personal information, into these tools where it is reasonably necessary for our work and where doing so is consistent with our obligations to you or our client. We take reasonable care to:

• use paid business-tier plans rather than consumer plans;
• avoid inputting sensitive information unless it is essential to the task;
• avoid inputting information that the relevant client has asked us not to share with AI tools; and
• disclose our use of AI to clients on request.

If you are a client and you would prefer that we do not use AI tools in connection with your engagement, please let us know in writing and we will accommodate that request where reasonably practicable.

Legal requirements

Where required or authorised by law, including to respond to lawful requests from government or regulatory bodies, or to protect the safety, rights, or property of Slash Tech or others.

Business transfers

In the context of a merger, acquisition, or sale of assets, personal information may be transferred as part of that transaction, subject to equivalent privacy protections.

7. Overseas Disclosure

Data location and accountability for overseas recipients.

We primarily store and process data in Australia. Several of the providers listed in Section 6 are based in or process data in jurisdictions outside Australia, principally the United States.

Where personal information is disclosed to an overseas recipient, we take reasonable steps to ensure that recipient handles your information consistently with the APPs, including by entering into written agreements that impose appropriate privacy and security obligations. Under APP 8, we remain accountable for the handling of your personal information by overseas recipients, even where contractual protections are in place.

By providing personal information to us, you acknowledge that it may be transferred to, stored in, or accessed from countries outside Australia for the purposes described in this policy.

8. Direct Marketing

When we send it and how to opt out.

We do not currently send marketing emails or operate a newsletter. If we begin doing so, we will only send marketing communications to you where you have consented, or where the Spam Act 2003 and APP 7 otherwise permit.

Every marketing communication will include a clear and functional way to unsubscribe. You can also opt out at any time by contacting us at contact@slashtech.com.au.

9. Cookies and Tracking

What we use and how to manage it.

Our website uses cookies and similar technologies to support site functionality, analyse usage, and remember preferences.

Cloudflare

We use Cloudflare to deliver our website, protect against attacks, and analyse aggregate traffic. Cloudflare sets cookies that are necessary for security, load balancing, and bot mitigation. These cookies are required for the website to function correctly.

Google Analytics 4

We are in the process of implementing Google Analytics 4 (GA4) to better understand how visitors use our website. Once enabled, GA4 will set non-essential cookies that collect information about your use of the site. We will only enable these cookies where you have given consent through our cookie banner. Analytics data will be retained for 26 months before being automatically deleted by Google.

Categories we use

• Essential cookies — required for the site to function (Cloudflare security, load balancing)
• Analytics cookies — help us understand how visitors use the site (GA4, once enabled, subject to consent)
• Preference cookies — remember your settings

We do not currently use advertising or third-party tracking cookies. If this changes, we will update this policy and, where required, seek your consent.

Managing cookies

You can manage or disable cookies through your browser settings. Disabling essential cookies may affect site functionality. Once our cookie consent banner is live, you will be able to change or withdraw your preferences at any time through that interface.

10. Security

How we protect your information and our breach obligations.

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, and disclosure. These measures include:

• Multi-factor authentication on critical business systems
• Access controls based on the principle of least privilege
• Encryption of data in transit (TLS) and, where supported by our providers, at rest
• Use of reputable third-party providers for hosting and infrastructure
• Keeping operating systems, browsers, and applications up to date
• Secure development practices, including peer code review and dependency scanning
• Regular security reviews
• Incident response procedures aligned with the Notifiable Data Breaches scheme

No system can be guaranteed to be completely secure.

Notifiable Data Breaches

In the event of a data breach that is likely to result in serious harm, we will comply with our obligations under the Notifiable Data Breaches (NDB) scheme in Part IIIC of the Privacy Act 1988, including notifying affected individuals and the Office of the Australian Information Commissioner (OAIC) within 30 days of becoming aware of the eligible breach.

11. Retention and Disposal

How long we keep it and how we destroy it.

We retain personal information only for as long as we need it for the purposes described in this policy, or as required by law. When no longer needed, personal information is securely deleted, destroyed, or de-identified.

Our standard retention periods are:

• Marketing and contact form submissions that do not become a client engagement: 24 months from the date of last interaction, then deleted.
• Client engagement records: 7 years from the end of the engagement, to align with record-keeping obligations under Australian taxation and corporations law, then deleted or de-identified.
• Unsuccessful job applicants: 12 months from the date of decision, unless the applicant opts in to remain in our talent pool, then deleted.
• Successful job applicants who become employees or contractors: for the duration of the engagement and for the period required by applicable employment, taxation, and corporations law thereafter.
• Website analytics (GA4, once enabled): 26 months, after which data is automatically deleted by Google.
• Cloudflare logs: as set by Cloudflare's standard retention, typically a short rolling window for security and analytics purposes.

Specific retention periods may also be adjusted to reflect data type, sensitivity, client requirements, or applicable legal or regulatory obligations.

12. Your Rights

Access, correction, and complaints under the Privacy Act.

Under the Privacy Act 1988, you have the right to:

• Access personal information we hold about you
• Correct information that is inaccurate, incomplete, or out of date
• Make a complaint if you believe we have mishandled your personal information
• Opt out of direct marketing communications at any time

Exercising your rights

To exercise any of these rights, contact our Privacy Officer at contact@slashtech.com.au. We will:

• respond within 30 days of receiving your request;
• provide access free of charge (we may charge a reasonable fee only for the costs of providing access in particular formats, and only where this is permitted by the Privacy Act);
• verify your identity before providing access; and
• explain in writing if we are unable to grant the request in whole or in part, and why.

Complaints

If you are unsatisfied with our response, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or on 1300 363 992.

13. Children

Not directed to individuals under 18.

Our services and website are not directed at individuals under 18. We do not knowingly collect personal information from children. If you believe we have done so, please contact us and we will delete the information promptly.

14. Changes to This Policy

How we will notify you of updates.

We may update this policy from time to time. The current version is always available at slashtech.com.au/privacy. We will notify clients of material changes via email or through our platform. The "Last Updated" date at the top of this page reflects when the policy was last revised.

15. Contact Us

Reach our Privacy Officer.

Privacy Officer: Javier Bates, Slash Tech Australia Pty Ltd

Email: contact@slashtech.com.au

Address: Unit 12/783 Kingsford Smith Drive, Eagle Farm QLD 4009, Brisbane QLD Australia

Registered office: 19 Lutwyche Road, Windsor QLD 4030

Phone: 07 3111 5053