Privacy Policy

BUSINESS MARKETING SYSTEMS PTY LTD

PRIVACY POLICY

ABN: 25 139 675 559
Website: www.businessmarketingsystems.com.au
Email: hello@businessmarketingsystems.com.au
Phone: +61 2 8111 8154

1. INTRODUCTION

1.1 Our Commitment

Business Marketing Systems Pty Ltd (“we”, “our”, “us”, “BMS”) is committed to protecting your privacy and complying with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Commonwealth) and applicable privacy laws in New South Wales.

1.2 Scope

This Privacy Policy explains how we collect, use, store, disclose, and protect your personal information when you:

• Visit our website (www.businessmarketingsystems.com.au)
• Use our services
• Communicate with us
• Interact with our marketing materials

1.3 Consent

By providing personal information to us, you consent to its collection, use, and disclosure in accordance with this Privacy Policy.

2. INFORMATION WE COLLECT

2.1 Personal Information

We collect personal information that you voluntarily provide to us, including:

Identity and Contact Information:

• Full name
• Email address
• Phone number (mobile and landline)
• Business name and trading name
• Business address and postal address
• Job title and role
• ABN or ACN

Service-Related Information:

• Current website and hosting details
• Marketing challenges and business goals
• Budget range and service preferences
• Technical requirements and specifications
• Project briefs and requirements
• Business industry and target market

Financial Information:

• Payment method details
• Billing address
• Invoice information
• Credit assessment information (where applicable)

Communication Records:

• Email correspondence
• Phone call records and notes
• Meeting records and consultation notes
• Support ticket communications
• Chat transcripts
• Feedback and survey responses

2.2 Technical Information

We automatically collect certain technical information when you visit our website:

Device and Browser Information:

• IP address and approximate location
• Browser type and version
• Operating system
• Device type and identifier
• Screen resolution
• Language preferences

Website Usage Information:

• Pages visited and time spent
• Links clicked
• Referral sources and search terms
• Date and time of visits
• Navigation paths
• Download history

2.3 Cookie Information and Consent

We use cookies and similar technologies to improve your experience on our website.

Essential Cookies (No Consent Required):

• Session management and authentication
• Security and fraud prevention
• Website functionality and navigation
• Form completion and error prevention

These cookies are necessary for the website to function and are automatically enabled.

Optional Cookies (Consent Required):

• Analytics Cookies: Google Analytics for usage statistics and improvement
• Marketing Cookies: Facebook Pixel, LinkedIn Insight Tag, Google Ads for advertising
• Preference Cookies: Remember your choices and customize your experience

Cookie Consent:

• When you first visit our website:
  • Only essential cookies are active
  • You will see a cookie consent banner
  • You can accept all, reject optional, or customize your preferences
  • Your choice is stored for 12 months

Managing Your Cookie Preferences:

• Cookie settings link in website footer
• Browser settings (block or delete cookies)
• Email: privacy@businessmarketingsystems.com.au

Third-Party Cookies:

• Google Analytics: Google Privacy Policy
• Facebook Pixel: Facebook Privacy Policy
• LinkedIn: LinkedIn Privacy Policy

Do Not Track:

We respect Do Not Track (DNT) browser signals for analytics cookies.
Essential cookies remain active for website functionality even with DNT enabled.

2.4 Third-Party Information

We may receive information about you from:

• Vendasta Technologies: Service delivery, client management data, and business contact information for B2B prospecting
• Lead Finder Jack: Business contact information for B2B prospecting
• Google Analytics: Aggregated website performance data
• Social Media Platforms: When you interact with our social content or advertisements
• Business Partners: Referral information
• Public Sources: ABN Lookup, business directories

3. HOW WE USE YOUR INFORMATION

3.1 Primary Purposes

We use your personal information to:

Service Delivery:

• Provide WordPress development services
• Manage hosting and technical support
• Deliver marketing services and campaigns
• Process payments and invoicing
• Communicate about your projects

Business Operations:

• Respond to enquiries and requests
• Manage client relationships
• Provide customer support
• Maintain service quality
• Fulfil legal and contractual obligations

Marketing and Communications:

• Send service updates and newsletters (with consent)
• Provide relevant offers and promotions
• Conduct market research
• Improve our services

3.2 Legal Basis for Processing

We process your information based on:

• Consent: Where you have given explicit consent
• Contract: To fulfil our service agreements
• Legal Obligation: To comply with Australian law
• Legitimate Interest: For business operations and improvement

3.3 Marketing Communications and Business Outreach

Types of Communications

We send different types of communications based on consent and legal basis:

A. Service-Related Communications (Not Marketing)

• Invoice and payment notifications
• Project updates and deliverables
• Security alerts and urgent technical issues
• Service agreement information

These communications are necessary for service delivery and will continue regardless of marketing preferences.

B. Relationship-Based Marketing (Consent Required)

• Email newsletters and updates
• Promotional offers and special pricing
• Educational content and resources
• Event invitations

We will only send relationship-based marketing with your express consent obtained through:

• Opt-in checkboxes on enquiry forms (unchecked by default)
• Subscription to our newsletter or resources
• Written agreement in service contracts
• Verbal consent recorded in our CRM with date and method

C. Business-to-Business Outreach (Factual Information)

We may contact Australian businesses via email to provide factual information about technical issues or service opportunities that may be relevant to their business operations, in compliance with the Spam Act 2003.

These communications:

• Are sent to business email addresses (not personal addresses)
• Relate to the business functions of the recipient
• Contain factual information about technical issues or services
• Are not primarily promotional in nature
• Always include accurate sender identification and functional unsubscribe mechanism

Sources for business contact information:

• Publicly available business directories and registers
• ABN Lookup and public business listings
• Lead Finder Jack (B2B prospecting service)
• Professional networking platforms (LinkedIn)
• Website contact forms and public business emails

Even for factual business outreach, you can opt out at any time.

Consent Types and Channels

How to Opt-Out

You can opt out of marketing communications at any time via:

Email Marketing:

• Unsubscribe links in every email
• Email to: unsubscribe@businessmarketingsystems.com.au
• Reply with “UNSUBSCRIBE” in subject line

SMS Marketing:

• Reply “STOP” to any SMS
• Email to: unsubscribe@businessmarketingsystems.com.au

Phone Marketing:

• Request removal during any phone call
• Email to: unsubscribe@businessmarketingsystems.com.au
• Written request via mail

B2B Factual Outreach:

• Click unsubscribe link in email
• Reply with “UNSUBSCRIBE” in subject line
• Email to: unsubscribe@businessmarketingsystems.com.au

Suppression and Processing

We maintain suppression lists to honour all opt-out requests:

• Requests processed within 5 business days
• Suppression lists maintained permanently
• We do not remove anyone from suppression lists except at their written request
• Suppression lists checked before every communication

Spam Act 2003 Compliance

All commercial electronic messages comply with the Spam Act 2003:

• Accurate sender identification in every message (name, physical address, email, phone)
• Functional unsubscribe mechanism in every message
• Physical business address included
• Consent obtained or legitimate exemption applies
• Unsubscribe requests processed within 5 business days

To report spam or lodge a complaint: spam@acma.gov.au

4. HOW WE SHARE YOUR INFORMATION

4.1 Service Providers

We share information with trusted service providers:

Technology Partners:

• Vendasta Technologies: White-label service delivery
• Google Workspace: Email and collaboration tools
• Cloud Hosting Infrastructure: Amazon Web Services (AWS), CloudWays, RackNerd, DigitalOcean, Vultr, Linode
• Cloudflare: Website security and performance

Marketing Tools:

• Mailchimp: Email marketing
• Google Ads: Advertising services
• Facebook/Meta: Social media advertising
• LinkedIn: B2B marketing

Business Services:

• Stripe: Payment processing
• Xero: Accounting and invoicing
• CRM Systems: GoHighLevel, HubSpot (Business Marketing Systems CRM service providers)
• Domain Registrars: Various registrars for domain name registrations and updates
• Roboform: Secure password and profile data management
• Professional advisors: Legal and accounting services

4.2 Legal Disclosures

We may disclose information when required by:

• Australian law or court orders
• Law enforcement agencies
• Regulatory authorities
• To protect our legal rights
• To prevent fraud or illegal activities

4.3 Business Transfers

If our business is sold or merged, personal information may be transferred to the new owner, subject to the same privacy protections.

4.4 International Transfers

Some service providers operate overseas. We ensure appropriate safeguards are in place, including:

• Contractual clauses for data protection
• Compliance with Australian Privacy Principles
• Use of services in countries with adequate privacy laws

Primary locations include:

• United States (cloud services)
• Canada (Vendasta Technologies)
• European Union (some marketing tools)

5. DATA SECURITY

5.1 Security Measures

We implement appropriate technical and organisational measures:

Technical Security:

• SSL/TLS encryption for data transmission
• Encrypted storage for sensitive data
• Regular security updates and patches
• Firewalls and intrusion detection
• Access controls and authentication
• Regular security audits

Operational Security:

• Staff training on data protection
• Confidentiality agreements
• Access on need-to-know basis
• Secure disposal of data
• Incident response procedures
• Regular backup procedures

5.2 Data Breach Response

In the event of an eligible data breach under the
Notifiable Data Breaches scheme (Privacy Act 1988):

Notification Timeframes:

• We will assess whether the breach is likely to result in serious harm
• Notify affected individuals within 30 days if serious harm is likely
• Notify the Office of the Australian Information Commissioner (OAIC) within 30 days
• Provide details of the breach and steps to mitigate harm

Our Response Process:

1. Contain the breach immediately upon discovery
2. Assess the severity and impact within 72 hours
3. Notify OAIC and affected individuals as required by law
4. Take remedial action to prevent recurrence
5. Review and improve security measures
6. Document all actions taken for compliance purposes

What is an Eligible Data Breach:

• There is unauthorised access to or disclosure of personal information
• Personal information is lost in circumstances where unauthorised access or disclosure is likely to occur
• The breach is likely to result in serious harm to affected individuals

You Can Assist By:

• Reporting suspected breaches immediately to:
  security@businessmarketingsystems.com.au
• Following our security recommendations
• Keeping your contact details updated for notifications
• Maintaining security of your login credentials

For More Information:

• 
  OAIC Notifiable Data Breaches
  
• Email:
  enquiries@oaic.gov.au
  or Call: 1300 363 992

5.3 Your Responsibilities

You can help protect your information by:

• Keeping login credentials secure
• Using strong passwords
• Notifying us of any security concerns
• Keeping your contact information updated

6. DATA RETENTION

6.1 Data Retention Periods and Justification

We retain personal information only as long as necessary for legal, business,
and service delivery purposes:

Active Clients:

• Retention: Duration of service plus 7 years from final invoice
• Justification: Contract performance, warranty claims, Australian Taxation
  Office requirements (Income Tax Assessment Act 1936 Section 262A), dispute
  resolution period (NSW Limitation Act 1969)

Completed Projects:

• Retention: 7 years from final invoice or project completion
• Justification: Tax obligations, warranty claims, professional indemnity
  insurance requirements, limitation periods for legal claims

Enquiries Not Converted to Clients:

• Retention: 2 years from last contact
• Justification: Legitimate business interest in follow-up, client relationship
  development, understanding of market needs

Marketing Lists:

• Retention: Until opt-out or 3 years of inactivity (whichever is sooner)
• Justification: Consent-based marketing, business development, Spam Act
  compliance requires permanent suppression list for opt-outs

Financial Records:

• Retention: 7 years from transaction date
• Justification: Income Tax Assessment Act 1936 Section 262A (mandatory tax record retention)

Legal Documents (Contracts, Disputes, Complaints):

• Retention: 7 years from completion or resolution
• Justification: Limitation periods under NSW Limitation Act 1969 (6 years for
  contracts, plus 1 year administrative buffer)

Website Analytics and Usage Data:

• Retention: 26 months (Google Analytics default)
• Justification: Understanding user behaviour, improving services, marketing effectiveness

Email Communications:

• Retention: Duration of relationship plus 7 years
• Justification: Service delivery records, dispute resolution, contract performance evidence

After Retention Periods Expire:

• Personal information is securely deleted or de-identified
• De-identified data may be retained for statistical analysis and business improvement
• Backup systems are purged according to rotation schedules (90-day backup retention)
• Suppression lists (unsubscribe/opt-out) are retained permanently for Spam Act compliance

Early Deletion Requests:

You may request early deletion of your personal information. We will comply unless:

• Retention is required by Australian law (e.g., tax records)
• Retention is necessary for legal claims or disputes
• Retention is necessary for our legitimate business interests and your request
  does not override those interests

To request early deletion:
privacy@businessmarketingsystems.com.au

6.2 Deletion and De-identification

When retention periods expire:

• Personal information is securely deleted
• Or de-identified for statistical purposes
• Backups are purged according to rotation schedules

7. YOUR RIGHTS

7.1 Access Rights

You have the right to:

• Request access to your personal information
• Receive a copy in a portable format
• Know how we use your information
• Know who we share it with

7.2 Correction Rights

You can:

• Request correction of inaccurate information
• Update your details at any time
• Add explanatory notes to your records

7.3 Other Rights

You may also:

• Opt-out of marketing communications
• Request deletion (subject to legal requirements)
• Object to certain processing
• Withdraw consent (where processing is based on consent)
• Make a complaint (see Section 10)

7.4 Exercising Your Rights

To exercise your rights:

• Email: privacy@businessmarketingsystems.com.au
• Phone: +61 2 8111 8154
• Post: Privacy Officer, Business Marketing Systems, 81-83 Campbell Street, Surry Hills NSW 2010

We will respond within 30 days and may require identity verification.

8. COOKIES AND TRACKING

8.1 Cookie Management

You can manage cookies through:

• Browser settings (block or delete cookies)
• Our cookie consent banner
• Opt-out links in our emails

8.2 Do Not Track

We respect Do Not Track browser signals for analytics cookies but essential cookies remain active for website functionality.

8.3 Third-Party Tracking

Third-party services may use their own cookies:

• Google Analytics: Google Privacy Policy
• Facebook Pixel: Facebook Privacy Policy
• LinkedIn: LinkedIn Privacy Policy

9. CHILDREN’S PRIVACY

9.1 Age Restrictions

• Our services are for businesses and individuals over 18
• We do not knowingly collect information from children under 16
• If we discover such collection, we will delete the information

9.2 Parental Rights

Parents or guardians who believe we have collected information from their child should contact us immediately.

10. COMPLAINTS AND DISPUTES

10.1 Internal Complaint Process

Step 1: Contact Our Privacy Officer

• Email: privacy@businessmarketingsystems.com.au
• Phone: +61 2 8111 8154
• Include: Nature of complaint, how privacy was breached, desired outcome

Step 2: Investigation

• We acknowledge complaints within 2 business days
• Investigation completed within 30 days
• Written response provided with findings

Step 3: Internal Review

• If unsatisfied, request review by senior management
• Review completed within 14 days
• Final decision provided in writing

10.2 External Complaint Options

Office of the Australian Information Commissioner (OAIC)

• Website: www.oaic.gov.au
• Phone: 1300 363 992
• Email: enquiries@oaic.gov.au

Community Justice Centres NSW

• Free mediation services for privacy disputes
• Phone: 1800 990 777
• Website: www.cjc.justice.nsw.gov.au

10.3 Legal Action

Privacy complaints may also be pursued through:

• NSW Civil and Administrative Tribunal (NCAT)
• Federal Court of Australia
• Federal Circuit Court of Australia

11. INTERNATIONAL VISITORS

11.1 GDPR Compliance (European Visitors)

For visitors from the European Union, we provide additional protections under GDPR:

• Lawful basis for processing
• Data portability rights
• Right to erasure (“right to be forgotten”)
• Data Protection Officer contact available

11.2 CCPA Compliance (California Visitors)

For California residents, additional rights include:

• Right to know categories of information collected
• Right to delete personal information
• Right to opt-out of sale (we do not sell personal information)
• Non-discrimination for exercising rights

12. CHANGES TO THIS POLICY

12.1 Updates

We may update this Privacy Policy to reflect:

• Changes in law or regulations
• New services or technologies
• Improved privacy practices
• Feedback from clients and regulators

12.2 Notification

We will notify you of material changes via:

• Website announcement
• Email notification (for clients)
• 30 days notice for significant changes

12.3 Version Control

• Current Version: 1.0
• Effective Date: 9 September 2025
• Last Review: 9 September 2025
• Next Review: 9 September 2026

13. CONTACT INFORMATION

Privacy Officer

Bradley C Hughes
Business Marketing Systems Pty Ltd
Email: privacy@businessmarketingsystems.com.au
Phone: +61 2 8111 8154

General Contact

Email: hello@businessmarketingsystems.com.au
Phone: +61 2 8111 8154
Website: www.businessmarketingsystems.com.au

Postal Address

Business Marketing Systems
81-83 Campbell Street
Surry Hills NSW 2010

Complaints

Email: complaints@businessmarketingsystems.com.au
Phone: +61 2 8111 8154

14. DEFINITIONS

Personal Information: Information about an identified or reasonably identifiable individual

Sensitive Information: Information about race, ethnicity, politics, religion, trade union membership, sexual orientation, criminal history, health, or biometric data

Processing: Any operation performed on personal information including collection, use, storage, disclosure, or deletion

Data Breach: Unauthorised access, disclosure, or loss of personal information

Consent: Freely given, specific, informed, and unambiguous agreement

De-identification: Process of removing or altering information to prevent identification of individuals

15. ACKNOWLEDGEMENT

By using our website or services, you acknowledge that you have read, understood, and agree to this Privacy Policy.

For any questions or concerns about this Privacy Policy or our privacy practices, please contact our Privacy Officer.

APPENDIX: AUSTRALIAN PRIVACY PRINCIPLES SUMMARY

We comply with all 13 Australian Privacy Principles:

1. Open and transparent management of personal information
2. Anonymity and pseudonymity options where lawful and practicable
3. Collection only when reasonably necessary
4. Dealing with unsolicited personal information appropriately
5. Notification of collection circumstances
6. Use or disclosure only for primary or related purposes
7. Direct marketing only with consent
8. Cross-border disclosure with appropriate protections
9. Adoption, use or disclosure of government identifiers restrictions
10. Quality of personal information maintained
11. Security of personal information protected
12. Access to personal information provided
13. Correction of personal information when required