PRIVACY POLICY

1. About This Policy

VirtualX (“we”, “us”, “our”) is an independent technology advisory business headquartered in Brisbane, Queensland, Australia. We are committed to protecting personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This policy explains how we collect, hold, use, and disclose personal information in connection with our website at virtualx.au and our advisory and sales enablement services.

By using our website or engaging our services, you agree to the handling of your personal information as described in this policy.

2. What Personal Information We Collect

We collect personal information that is reasonably necessary to provide our services and communicate with prospective and current clients. This may include:

• Contact details — name, email address, phone number, and organisation name provided through our website contact form, email, or phone enquiries.
• Engagement information — details about your technology environment, providers, contracts, and business circumstances that you share with us in the course of an advisory or sales engagement.
• Client portal access — credentials and activity logs associated with access to our secure client portal.
• Website usage data — anonymised information about how visitors interact with our website, collected via analytics tools (see Section 5).

We only collect information that is necessary for a legitimate purpose. We do not collect sensitive information (as defined under the Privacy Act) unless you have provided it voluntarily in the context of your engagement.

3. How We Collect Personal Information

We collect personal information directly from you where practicable, including when you:

• Submit an enquiry or message through our website contact form
• Contact us by email or phone
• Engage us to deliver advisory or sales enablement services
• Access or use our client portal

We may also receive information about you from third parties where you have authorised this, such as when a colleague or partner refers you to us.

4. How We Use Personal Information

We use personal information for the following purposes:

• To respond to enquiries and assess how we can assist you
• To deliver advisory, fractional CIO, procurement, contract review, and sales enablement services
• To communicate with you about your engagement, including sending proposals, reports, and recommendations
• To manage ongoing client relationships and ensure continuity of service
• To administer access to our client portal
• To comply with our legal obligations

We will not use your personal information for direct marketing without your consent. We do not sell, rent, or trade personal information to any third party.

5. Analytics, Tracking, and Cookies

Our website uses the following third-party services to help us understand website traffic and improve our online presence:

• Google Analytics and Google Ads — used to measure website traffic and the effectiveness of our advertising. Data is collected anonymously and governed by Google’s privacy policy.
• HubSpot — used to manage contact enquiries and track website interactions submitted through our contact form. Information you submit through the contact form is stored in HubSpot’s CRM.
• Vercel Analytics — used to monitor website performance and speed. Data is anonymised and does not include personally identifiable information.

These services may set cookies in your browser. You can disable cookies through your browser settings, though this may affect the functionality of some parts of our website. Most modern browsers also support privacy extensions that allow you to manage or block third-party tracking.

6. Client Engagement Confidentiality

All client engagements are governed by strict confidentiality obligations. We treat information shared with us in the course of an engagement — including details about your providers, contracts, technology environment, and commercial arrangements — with the highest level of discretion.

Specifically:

• We do not discuss one client’s situation, information, or commercial circumstances with any other client or third party.
• All documentation, working files, and materials produced during an engagement remain within your systems at all times. VirtualX does not retain copies of client documents locally after an engagement concludes.
• We do not use information obtained in one client engagement to benefit another client or any other party.

7. Disclosure to Third Parties

We do not disclose your personal information to third parties except in the following circumstances:

• With your consent — for example, when we need to engage a specialist on your behalf as part of an advisory engagement, and you have authorised this.
• Service providers — we use HubSpot (CRM), Google (analytics), and Vercel (hosting and analytics) to operate our website and business. These providers are bound by their own privacy obligations.
• Legal requirements — where we are required by law, court order, or regulatory authority to disclose information.

We do not disclose personal information to overseas recipients except where the services listed above (Google, HubSpot, Vercel) process data on servers located outside Australia. Where this occurs, we take reasonable steps to ensure those providers comply with privacy standards equivalent to the APPs.

8. Data Security

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. This includes:

• Use of reputable, enterprise-grade third-party platforms for data storage and communication
• Restricted internal access to personal information on a need-to-know basis
• Encrypted, session-bound access controls for our client portal
• Not retaining client documentation locally after engagements conclude

While we take these precautions, no data transmission over the internet can be guaranteed as completely secure. If you have concerns about the security of information you have shared with us, please contact us directly.

9. Access and Correction

Under the Privacy Act, you have the right to request access to personal information we hold about you, and to request corrections if that information is inaccurate, out of date, incomplete, or misleading.

To make a request, contact us at hello@virtualx.au. We will respond within a reasonable timeframe and at no charge for standard requests. In limited circumstances, we may decline a request for access or correction — if so, we will explain why in writing.

10. Complaints

If you believe we have handled your personal information in a way that is inconsistent with the APPs, you may lodge a complaint by contacting us at hello@virtualx.au. We will acknowledge your complaint promptly and respond within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or by calling 1300 363 992.

11. Changes to This Policy

We may update this policy from time to time to reflect changes in our services, technology, or legal obligations. The current version will always be available at virtualx.au/privacy-policy. We encourage you to review this page periodically.

12. Contact Us

For any privacy-related questions or requests, please contact us: