1. Purpose

Phriendly Phishing is committed to protecting the privacy of personal information we handle. We take our obligations under privacy laws seriously and have prepared this document to set out our policy on the protection and handling of personal information and explain more about your privacy rights and inform you of the following:

  • The Personal data we will collect;
  • Use of collected data;
  • Who has access to the data collected;
  • The rights of site users
  • Use of cookies.

This privacy policy applies in addition to the terms and conditions of our Site.


For users in the European Union, we adhere to the Regulation (EU) 2016/679 of the European Parliament and of the Council of27 April 2016, known as the General Data Protection Regulation (the “GDPR”).For users in the United Kingdom, we adhere to the GDPR as enshrined in the Data Protection Act 2018 as relevant also referred to as (the “GDPR”). 

We have not appointed a Data Protection Officer as we do not fall within the categories of controllers and processors required to appoint a Data Protection Officer under Article 37of the GDPR.

3. Consent

By using our Site users agree that they consent to the conditions set out in this Privacy Policy. 

When the legal basis for us processing your personal data is that you have provided your consent to that processing, you may withdraw your consent at any time. If you withdraw your consent, it will not make processing which we completed before you withdrew your consent unlawful.  You can withdraw your consent via our opt-out form here

4. Legal Basis for Processing

We collect and process personal data about users in the EU only when we have a legal basis for doing so under Article 6 of the GDPR. 

We rely on the following legal bases to collect and process the personal data of users:

  • Users have provided their consent to the processing of their data for one or more specific purposes;

  • Processing of user personal data is necessary for us or a third party to pursue a legitimate interest. Our legitimate interest is not overridden by the interests or fundamental rights and freedoms of users. Our legitimate interest(s) are: performing contract obligations, provision of information in response to your requests, provision of demonstrations, or making precontractual arrangements with you

  • Recruit and consider potential employees or applications for employment with us

  • Consider a potential contractor's engagement with us

  • Develop, provide, and improve our services and solution

  • Inform about our services and solutions

  • Obtain feedback on our services and solutions

  • Conduct administrative and business functions

  • Update our records and keep contact details up to date

  • Enable you to subscribe to newsletters and mailing lists

  • Process and respond to privacy questions, concerns and complaints

  • Fulfil legal and contractual obligations

  • Undertake any other purpose related to or ancillary to any of the above If you do not provide us with all or part of your personal information, we may not be able to carry out the purposes which are set out above, including the provision of services to you.

    Legal and regulatory compliance
    Our legitimate business interests, and those of our customers. We rely on our legitimate business interests, and those of our customers to process your personal data. For example, we have a legitimate interest in providing and improving our services; maintaining and improving the security and integrity of our Phishing Platform; minimizing security weaknesses and education for our customers, promoting our Phishing Platform, our services and our brand; research and analytics; and sharing information with our service providers who contribute to our services. In some cases where we send you promotional material by email we obtain your consent as a legal basis to processing your person data.

5. Types of personal data we collect

The types of personal information we collect, and hold include name, contact details, identification, affiliations, dealings and transactions with us, including by phone, email and online, Internet protocol address, browser type, domain names, times, and operating system. If you apply to work with us, we also collect information about your education, experience, character and background checks including eligibility to work, vocational suitability, identity, health, reference, directorship, financial probity, and criminal record checks. In addition, if you join us, we collect information about your employment or engagement including information about your performance, conduct, use of our IT resources and payroll matters.

6. How we collect personal information

Weendeavour to collect personal information directly from the individual or theirauthorised representative, in ways including:

  •  From the individual directly when theyprovide details to us. This could be when an individual contact us by telephoneor electronic communications, or when an individual provides us a business card
  • When we conduct our administrative andbusiness functions
  • When the individual purchases oursolutions and services
  • When we purchase products and services
  • When the individual creates an accountwith us
  • When we process orders and paymenttransactions
  • Where we respond to inquiries and requests
  • When obtaining feedback about oursolutions and services
  • When registering for our events,workshops and seminars

Sometimes we collect personal information from a third party, such as our customers i.e. if you use our Phishing Platform while working for one of our customers, we will receive information (such as your email address, to create an account for you) from that customer. If you work for an organization, we may receive your name and contact details as part of delivery of our products or services such as the Phishing Platform, partners, or other third-party companies such as data providers, credit reporting bodies, lawen for cement agencies, recruitment companies or publicly available sources.

7. Our use and who we may disclose your data with

We only use and disclose personal information for the purposes for which it was given to us, or for purposes that are directly related to one of our functions or activities. For example:

  • When customers ask to be on an email or mailing list so that we can send them information about its activities and publications, e.g. cyber security alerts
  • When customers ask us to respond to Tender, Request for Proposal, Request for Information or reports to be emailed, faxed or posted with contact information
  • If you are a contact person for one of our customers or suppliers, personal information about you may be used by us in our dealings with the customer or supplier you represent

We may exchange your personal information with third parties, your organisation, our advisers and representatives, government authorities, our related entities,and our advisors and contractors. Some of our employees are located overseas. Except where specific individual consent has been obtained, we take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information. International Data Transfers We may disclose your personal information to entities located overseas, including the following:

  • Our related bodies corporate located in Australia, United States of America and New Zealand
  • Our data hosting provider AWS and other IT service providers such as Microsoft for website hosting and office 365 and our systems located globally as listed on our sub processor page here
  • Our clients and their related entities located in foreign countries, to the extent that we are acting on their be half or at their direction in using, storing, or collecting your personal information.

When we transfer personal data we will protect that data as described in this Privacy Policy and comply with applicable legal requirements for transferring personal data internationally.

If you are located in the United Kingdom or the European Union, we will only transfer your personal data if:
The country your personal data is being transferred to has been deemed to have adequate data protection by the European Commission or, if you are in the United Kingdom, by the United Kingdom adequacy regulations; or We have implemented appropriate safeguards in respect of the transfer. For example, the recipient is a part to binding corporate rules, or we have entered into standard EU or United Kingdom data protection contractual clauses with the recipient.

If you apply to work with us, we may exchange your personal information with educational institutions, recruiters, background checking services, professional and trade associations, law enforcement agencies, referees and your current and previous employers. In addition, if you join us, we may exchange your personal information with your representatives, other employers seeking a reference about you and providers of payroll, superannuation, banking, surveillance and training services. 

Other Disclosures
We will not sell or share your data with any other third parties except where the law requires it, if it is required for a legal proceeding, to prove or protect our rights and to any buyers or potential buyers in the event that we seek to sell our company.  If you click or follow any external links, we are not responsible for and have no control over their privacy policies or practices.

8. Your rights

Under the GDPR, you have the following rights;

  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability and
  • Right to object

In addition to the access, correction or complaints section, we provide a specific opt-out form where you can request removal from marketing activities, you can ‘unsubscribe’ at the bottom of emails or by sending a request to our Privacy Officer.

9. How we protect your data

We hold personal information electronically and in hard copy form, both at our own premises and with the assistance of our service providers. We implement a range of measures to protect the security of personal information, including –depending on the circumstances – electronic access controls, premises security and network firewalls. Even though we have taken significant steps to ensure that your personal information is not intercepted, accessed, used, or disclosed by unauthorised persons, you should know that we cannot fully eliminate security risks associated with personal information.

10. Cookies and our Website

This section applies in addition to the other parts of this Privacy Policy accessing our website. As you navigate our Website, certain information may be collected passively, including your Internet protocol address, browser type, domain names, times, and operating system. We may also use session and persistent cookies and navigational data (such as URLs) to gather information regarding the date and time of your visit and the information and services for which you searched and which you viewed. We do not intentionally or knowingly collect or gather personal information about visitors who are minors under the age of 16 years. If a minor has provided us with personal data their parent or guardian may contact our privacy officer. 

Our website may use ‘cookies’ from time to time, as do many other websites. A cookie is a piece of information that helps our system to identify and interact more effectively with your browser. The cookie allows us to maintain the continuity of your browsing session and remember your details and preferences when you return. You can configure your web browser application to reject cookie show ever some parts of our Website may not function fully as a result. Our Website may use Google services such as Google Analytics from time to time. For more about how Google collects and processes data, and your privacy choices with Google, please see Google’s privacy policy and their information at www.google.com/policies/privacy/partners/

11. Access and Correction

If you would like to know if we have collected your personal data, how we have used your personal data, if we have disclosed your personal data and to who we disclosed your personal data, if you wo9uld like your data to be deleted or modified in any way, or if you wish to exercise any of your other rights under the GDPR, please contact our Privacy Office as set out below.

12. Contact

Please contact us if you wish to make a complaint about how we have handled your personal information. We may request additional details from you regarding your concerns and may need to engage or consult with other parties in order to investigate and deal with your issue. We will keep records of your request and any resolution. For any questions and notices, please contact us at:

The Privacy Officer, Phriendly Phishing Pty Ltd
Phone: 1300 407 682
Email: privacy@phriendlyphishing.com.au
Address: Level 4, 330 Collins Street, Melbourne VIC 3000