We are committed to protecting the privacy of personal information we handle. We take our obligations under privacy laws seriously and have prepared this document to set out our policy on the protection and handling of personal information and explain more about your privacy rights.

This Privacy Policy applies to us as Phriendly Phishing Pty Ltd ACN 666 287 047. You may contact us at any time to find out the current list of entities to which this Privacy Policy applies.

Types of personal information we collect

The types of personal information we collect and hold include name, contact details, identification, affiliations, dealings and transactions with us, including by phone, email and online.

If you apply to work with us, we also collect information about your education, experience, character and background checks including eligibility to work, vocational suitability, identity, health, reference, directorship, financial probity, and criminal record checks.

In addition, if you join us, we collect information about your employment or engagement including information about your performance, conduct, use of our IT resources and payroll matters.

We collect some of this personal information under laws including the Corporations Act, Fair Work Act, Superannuation Guarantee (Administration) Act, and Income Tax Assessment Act.

Why we collect and handle personal information

We collect personal information to enable us:

  • To respond to enquiries and requests from individuals and businesses. For example, when customers ask us to respond to Tender, Request for Proposal, Request for Information or reports to be emailed, faxed or posted with contact information;

  • To consider potential employee’s or application for employment with Phriendly Phishing;

  • To consider potential contractor’s engagement with Phriendly Phishing; – To open and administer our client accounts during sales and/or the delivery cycle;

  • To communicate marketing and sales initiatives such as Phriendly Phishing publications, information about our service offerings, events, seminars and other business programs. For example, when individuals and businesses request demonstrations, download content, contact us or ask to be on an email or mailing list, Phriendly Phishing can send them information about its activities and publications, e.g. cyber security alerts; events, publications etc

If you do not provide us with all or part of your personal information, we may not be able to carry out the purposes which are set out above, including the provision of professional services to you.

How we collect personal information

We endeavour to collect personal information directly from the individual or their authorised representative.

Sometimes we collect personal information from a third party or a publicly available source. In limited circumstances, we may receive personal information about third parties from individuals who contact us and supply us with the personal information of others in the documents they provide to us.

We only collect personal information for purposes that are directly related to our sales, employment, training or consulting delivery activities.

We also collect personal information (including contact details) as part of our normal communication processes directly related to those purposes, including:

  • When an individual electronically communicates to staff members;

  • When an individual telephone us;

  • When you are identified as a Phriendly Phishing supplier;

  • When an individual hand us their business card.

Use and Disclosure

We only use personal information for the purposes for which it was given to us, or for purposes that are directly related to one of our functions or activities. For example:

  • When customers ask to be on an email or mailing list so that Phriendly Phishing can send them information about its activities and publications, e.g. cyber security alerts

  • When customers ask us to respond to Tender, Request for Proposal, Request for Information or reports to be emailed, faxed or posted with contact information

  • If you are a contact person for one of our suppliers, personal information about you may be used by Phriendly Phishing in its dealings with the supplier you represent

We exchange your personal information with parties including your organisation, advisers and representatives, government authorities, our related entities, and our advisors and contractors.

If you apply to work with us, we may exchange your personal information with educational institutions, recruiters, background checking services, professional and trade associations, law enforcement agencies, referees and your current and previous employers.

In addition, if you join us, we may exchange your personal information with your representatives, other employers seeking a reference about you and providers of payroll, superannuation, banking, surveillance and training services.

Some of the third parties described above may be located in New Zealand, Hong Kong, Singapore, Taiwan, United Kingdom, United States, Guernsey and other countries.

Data Quality

We take steps to ensure that the personal information we collect is accurate, up to date and complete.

These steps include maintaining and updating personal information when individuals advise us that their personal information has changed, and at other times as necessary.

Any changes, relevant omissions or inaccuracies in their personal information will be updated as soon as practicable.

Data Security

We hold personal information electronically and in hard copy form, both at our own premises and with the assistance of our service providers. We implement a range of measures to protect the security of personal information, including – depending on the circumstances – electronic access controls, premises security and network firewalls. Even though we have taken significant steps to ensure that your personal information is not intercepted, accessed, used, or disclosed by unauthorised persons, you should know that we cannot fully eliminate security risks associated with personal information.


When no longer required, personal information is destroyed in a secure manner or deleted according to Phriendly Phishing’s information security policy.

Privacy, cookies and our websites

This section applies in addition to the other parts of this Privacy Policy where you access our Website, which is the website under the domain names “phriendlyphishing.com, phriendlyphishing.com.au, phriendlyphishing.com/uk and phriendlyphishing.co.nz”.

As you navigate our Website, certain information may be collected passively, including your Internet protocol address, browser type, domain names, times, and operating system. We may also use session and persistent cookies and navigational data (such as URLs) to gather information regarding the date and time of your visit and the information and services for which you searched and which you viewed. We do not intentionally gather personal information about visitors who are minors.

Our Website may use ‘cookies’ from time to time, as do many other websites. A cookie is a piece of information that helps our system to identify and interact more effectively with your browser. The cookie allows us to maintain the continuity of your browsing session and remember your details and preferences when you return. You can configure your web browser application to reject cookies however some parts of our Website may not function fully as a result.

Our Website may use Google services such as Google Analytics from time to time. For more about how Google collects and processes data, and your privacy choices with Google, please see Google’s privacy policy and their information at www.google.com/policies/privacy/partners/.

Overseas Recipients

We may disclose personal information to our related bodies corporate, third party suppliers and service providers located overseas for some of the purposes listed in Section 2.2. Some of our employees are located overseas. Except where specific individual consent has been obtained, we take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information.

We may disclose your personal information to entities located overseas, including the following:

  • Our related bodies corporate located in Australia, United States of America and the United Kingdom

  • Our data hosting and other IT service providers, located globally

  • Our clients and their related entities located in foreign countries, to the extent that we are acting on their behalf or at their direction in using, storing, or collecting your personal information.

Access and Correction

If you wish to get access to the personal information we hold about you, or request that we change that personal information, we will allow access or make the changes unless we consider that there is a sound reason under the Privacy Act, relevant Freedom of Information (FOI) Act or other relevant law to withhold the information, or not make the changes.


Please contact us if you wish to make a complaint about how we have handled your personal information. We may request additional details from you regarding your concerns and may need to engage or consult with other parties in order to investigate and deal with your issue. We will keep records of your request and any resolution.


The Privacy Officer, Phriendly Phishing Pty Ltd
Phone: 1300 407 682
Email: privacy@phriendlyphishing.com
Address: Level 4, 330 Collins Street, Melbourne VIC 3000

Legal and Regulatory

The Phriendly Phishing services are delivered within the following legal and regulatory framework:

  • Privacy Act 1988 (Privacy Act)

  • Privacy Regulation 2013

The privacy officer provides advice on any relevant changes.

Our Obligations Under the Privacy Act

This Policy covers all personal information that is collected or maintained by Phriendly Phishing. Personal information is defined in this context as “information or an opinion, in any form and whether true or not, about an individual whose identity is apparent or can be reasonably ascertained from the information or opinion”.