Privacy Policy

NiftyComputing ("NiftyComputing", "we", "us" or "our") is an Australian managed IT services provider operating from Bendigo / Castlemaine, Victoria. We provide managed IT, cybersecurity, cloud and IT consulting services to dental practices, trades, real estate agencies and small businesses across Australia.

We are committed to protecting your privacy and handling your personal information openly, transparently and in accordance with Australian law — including the Privacy Act 1988 (Cth) (the "Privacy Act"), the 13 Australian Privacy Principles (APPs), the Notifiable Data Breaches scheme, and the reforms introduced by the Privacy and Other Legislation Amendment Act 2024 (Cth).

This policy explains what personal information we collect, why we collect it, how we use and disclose it, how we keep it secure, and the rights and choices available to you.

"Personal information" has the meaning given in section 6 of the Privacy Act — broadly, information or an opinion about an identified individual, or an individual who is reasonably identifiable. Depending on how you interact with us, we may collect:

• Identity and contact information — your name, business name, job title, email address, phone number and postal/business address.
• Account information — login credentials (passwords are stored only as salted hashes), authentication tokens and account preferences.
• Service and support information — details of the systems we manage for you, support tickets, communications, and information you provide when requesting a free IT review or quote.
• Technical and device information — IP address, browser type, device identifiers, operating system, referring pages, pages visited and timestamps (collected via cookies and server logs).
• Image and gallery content — images and metadata uploaded to or displayed on our gallery (admin users only).
• Billing information — billing contact details and transaction records. We do not store full payment card numbers; payments are processed by PCI-DSS compliant third parties.

Sensitive information (as defined in the Privacy Act, including health information): we do not seek to collect sensitive information. Where it is unavoidable in the course of IT support (for example, incidental access to systems containing health records of a dental practice client), we will only handle it with consent and in accordance with APP 3.

Wherever it is reasonable and practicable, we collect personal information directly from you — for example, when you complete a contact form, request a free IT review, sign up for an account, engage us for services, email or call us, or upload content to an admin area.

We may also collect information from third parties, such as publicly available business directories, our subcontractors, referrers, or analytics and authentication providers, where you have consented or where this is permitted by the APPs.

We collect, hold, use and disclose personal information to:

• provide, maintain and improve our IT, cybersecurity and cloud services;
• respond to enquiries, quotes and free IT review requests;
• create and manage user accounts and authenticate users;
• communicate with you about your services, support requests and account;
• send service updates, invoices and (where permitted) marketing communications;
• comply with our legal, regulatory, tax and contractual obligations;
• detect, investigate and prevent fraud, abuse and security incidents;
• monitor, secure and improve our website and services.

We will not use your personal information for a secondary purpose unless an exception under APP 6 applies (for example, you have consented, or the secondary purpose is related to the primary purpose and you would reasonably expect it).

We may send you marketing communications about our services where you have opted in or where APP 7 otherwise permits. Every marketing email contains a clear unsubscribe link. You can also opt out at any time by emailing privacy@niftycomputing.au. We comply with the Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth).

Our website uses cookies and similar technologies to operate the site, remember your preferences, secure authenticated sessions and understand how visitors use the site. Cookies we use include:

• Strictly necessary cookies — required for the site to function (e.g. session and authentication).
• Functional cookies — remember preferences such as theme.
• Analytics cookies — help us understand aggregated visitor behaviour.

You can disable cookies in your browser settings, however parts of the site may not function correctly.

We may disclose personal information to:

• Service providers and contractors who help us deliver our services — for example, hosting, database, authentication, email, analytics, payment processing and helpdesk providers — bound by confidentiality and privacy obligations;
• Professional advisers such as lawyers, accountants and auditors;
• Government, regulatory and law enforcement bodies where required or authorised by law (including the OAIC, the ATO, courts and tribunals);
• A successor entity in connection with a sale, merger or restructure of our business.

We do not sell your personal information.

Some of our service providers store or process data outside Australia. The countries to which your personal information may be disclosed currently include the United States, the European Union (Ireland and Germany) and Singapore, depending on the location of cloud infrastructure used by our authentication, hosting, email and analytics providers.

Before disclosing personal information overseas, we take steps as required by APP 8 to ensure the recipient does not breach the APPs in relation to that information, including using contractual protections. You acknowledge that, where you consent to a cross-border disclosure, APP 8.1 may not apply.

In line with the transparency requirements introduced by the Privacy and Other Legislation Amendment Act 2024 (which require entities to disclose certain automated decision-making from December 2026), we confirm that:

• We do not use automated decision-making systems (including AI) to make decisions that have a legal or similarly significant effect on you, such as decisions about pricing, eligibility, employment or service refusal.
• We may use AI-assisted tools to triage support tickets, generate draft content and analyse aggregated website usage, but a human always reviews any decision that materially affects you.

If this changes, we will update this policy and provide meaningful information about the kinds of personal information used, the kinds of decisions made and how they are made.

We take reasonable steps under APP 11 to protect personal information from misuse, interference, loss, and unauthorised access, modification or disclosure. These steps include:

• encryption of data in transit (TLS 1.2+) and at rest;
• hashing and salting of passwords (we never store plain-text passwords);
• role-based access controls and the principle of least privilege;
• multi-factor authentication for administrative access;
• secure, audited cloud infrastructure;
• regular patching, vulnerability scanning and backups;
• staff training on privacy and information security;
• documented incident response and notifiable data breach procedures.

No method of transmission or storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

We retain personal information only for as long as is necessary for the purposes for which it was collected, or as required by law (for example, the Income Tax Assessment Act 1936 (Cth) and Corporations Act 2001 (Cth) require certain records to be kept for at least 5–7 years).

When personal information is no longer needed and we are not legally required to retain it, we will take reasonable steps to destroy or de-identify it in accordance with APP 11.2.

We comply with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act. If we suffer an eligible data breach that is likely to result in serious harm to any individual, we will:

• contain and assess the breach as soon as practicable (and in any event within 30 days);
• notify the affected individuals and the Office of the Australian Information Commissioner (OAIC) without undue delay; and
• describe the breach, the kinds of information involved and the recommended steps you should take in response.

You have the right to:

• Access the personal information we hold about you (APP 12);
• Correct personal information that is inaccurate, out of date, incomplete, irrelevant or misleading (APP 13);
• Withdraw consent for direct marketing or optional uses at any time;
• Deal with us anonymously or under a pseudonym where it is lawful and practicable to do so (APP 2);
• Make a complaint about how we have handled your personal information.

To exercise any of these rights, please contact us using the details below. We will respond within a reasonable period (typically within 30 days). We may need to verify your identity before acting on your request. Access is generally free, however we may charge a reasonable cost-recovery fee for fulfilling large or complex requests.

Since 10 June 2025, individuals in Australia have a direct statutory cause of action for serious invasions of privacy under Schedule 2 of the Privacy and Other Legislation Amendment Act 2024. We design our processes, contracts and security controls with this in mind and welcome feedback if you believe any of our practices fall short.

If you believe we have breached the APPs, the Privacy Act, or this policy, please contact our Privacy Officer first using the contact details below. We will acknowledge your complaint promptly and aim to resolve it within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner:

• Website: www.oaic.gov.au
• Phone: 1300 363 992
• Post: GPO Box 5288, Sydney NSW 2001

Our services are directed to businesses, not children. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with personal information, please contact us and we will take steps to delete it.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements or for other operational reasons. The "Last updated" date at the top of this page reflects the most recent revision. Material changes will be communicated through our website or by direct notice where appropriate.

For privacy questions, requests or complaints, please contact our Privacy Officer:

See also our Terms of Service.