Privacy Statement

North Security.Digital (north) is committed to ensuring compliance with the Privacy Act 1988 (Cth) (“Privacy Act”). All north staff receive on-going education in relation to amendments to the Privacy Act 1988 and the Australian Privacy Principles.



north has adopted and will apply the Australian Privacy Principles contained in the Privacy Amendment (Enhancing Privacy Protection) Act 2012, to govern the ways in which it collects, uses and disposes of personal information that comes into its possession. north will ensure that it complies with the Australian Privacy Principles and will take such steps that are reasonable in the circumstances to implement practices, procedures and systems to enable north to deal with inquiries or complaints from individuals about north’s compliance with the Australian Privacy Principles.


north will not collect personal information unless the information is reasonably necessary for, or directly related to, one or more of the business’ functions or activities. This may include information regarding the financial position and whereabouts of an individual or business or other factual information necessary for north’s clients to make informed decisions. The nature of the personal information we collect will vary according to the nature of the matter for which we act on our client’s behalf and typically includes information such as an individual’s name, contact details, date of birth, gender, marital status, household information, occupation and employment information and financial information.

north will seek to collect personal information about an individual from that individual at first instance, except in circumstances where it is unreasonable or impracticable to do so. north will only collect information without the knowledge of the investigated individual when it is reasonably necessary for, or directly related to, one or more of north functions and activities.

Personal information may also be collected for north marketing purposes. north will not use nor disclose personal information without the person’s consent, unless: investigating suspected fraudulent or unlawful activity; it is required or authorised by law; it is required for law enforcement or; it is required for emergency reasons.

Usage of Information

north will use the personal information it collects to: provide evidence and information to clients; provide notification to clients and other contacts in relation to relevant legal developments; conduct administration relating to services provided; fulfil all legal and regulatory requirements. north will only use or disclose personal information for the purpose it was collected. Information collected will only be used for a particular purpose, unless the individual has consented to the secondary purpose, or in circumstances where the individual would reasonably expect north to use the information for a secondary purpose when it is directly related to the primary purpose, or related to the primary purpose in circumstances where the information is not sensitive. north will take steps to de-identify the information it receives when reasonable in the circumstances.

In the event that north receives personal information that is unsolicited, north will take such steps that are reasonable in the circumstances to notify the individual of the collection of unsolicited information, or where possible, will de-identify or destroy the unsolicited information. north will only use unsolicited information in the event that the unsolicited information is reasonably necessary for, or directly related to, one or more of north functions and activities in accordance with the Australian Privacy Principles and this Privacy Policy.

Information Quality

north will take steps as are reasonable in the circumstances to ensure that the personal information it uses is accurate, complete and up-to-date. north will also take such steps that are reasonable in the circumstances to ensure that the personal information it uses is relevant to the purpose for which the information was collected.

Information Security

north will take reasonable steps to ensure that all information collected is stored in a secure environment, to ensure integrity of the information and that it is only accessible to those persons whom north authorise to do so. north will also take steps that are reasonable in the circumstances to protect the information from misuse, interference, loss and/or from unauthorised access, modification and/or disclosure.  The personal information stored is secured within systems certified as ISO 27001 compliant.

north will, where practicable and permitted by law, destroy or permanently de-identify personal information that is no longer needed.

In the event that information collected is to be disclosed to an overseas recipient, north will first take steps that are reasonable in the circumstances to ensure that the overseas recipient does not breach the Australian Privacy Principles in relation to that information.



Where lawful and practical, north will give individuals the option of not identifying themselves when dealing with the company. This includes offering individuals the ability to use a pseudonym when dealing with the company.

Sensitive Information

north may collect sensitive information for the purposes of providing the services. Sensitive information includes information relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health or sexual preferences. north will only collect sensitive information where:

  • It is required by law; or
  • An individual has expressly or impliedly consented to its collection; or
  • The information is necessary such as where it is required for a legal or equitable claim.
Access and Correction

north adheres to and agrees to comply with the Freedom of Information Act. If an individual requests to view personal information held on them, north will take all reasonable steps to confirm the identity of the person and respond within 14 days. Under certain circumstances north reserves the right to deny access to personal information in circumstances where it would be unreasonable to do so. north will always provide reason(s) should it deny access to or correction of personal information it holds and will provide same to the requested party by written notice.

If an individual advises north that personal information held on them is inaccurate, incomplete or not up to date, north will take reasonable steps to update the information accordingly. Should there be a disagreement between north and the individual about whether the personal information is complete or up-to-date and the individual requests, north will take reasonable steps to associate a statement from the individual that the information is not correct with the relevant record(s) held by north.

Looking to improve your security and digital operations? Speak to our team and we’ll show you how.