Maxil Systems logo
Maxil Systems
Trust & Transparency

Privacy Policy

This Privacy Policy explains how Maxil Systems (“we”, “us”, “our”) collects, uses, discloses and protects personal information when we provide our services and when you use our websites, products and related services.

Effective date: 25 October 2025

Contents

  1. Who we are
  2. Data we collect
  3. How we use your data
  4. Legal bases
  5. Sharing & sub-processors
  6. International transfers
  7. Retention
  8. Security
  9. Your rights
  10. Cookies
  11. Children’s data
  12. How to contact us
  13. Changes to this policy

1) Who we are

Maxil Systems is an Australia-based security and compliance consultancy. Our principal place of business is Sydney, Australia. For privacy queries, contact us at [email protected].

2) Data we collect

Information you provide

  • Contact details (name, email, phone, company, role).
  • Account, billing and correspondence information.
  • Project artefacts provided during engagements (e.g. policies, process maps, logs), which may contain personal information controlled by our clients.

Information we collect automatically

  • Usage and device information (browser type, pages visited, time on page, approximate location derived from IP).
  • Diagnostics and telemetry from our websites and tools.

Sensitive information

We do not intentionally collect sensitive information unless required for specific engagements and agreed in writing. Where necessary, we will apply additional safeguards and minimisation.

3) How we use your data

  • To provide, operate and improve our services and websites.
  • To communicate with you (support, updates, proposals, invoices).
  • To meet legal, regulatory and audit obligations.
  • To maintain security (fraud prevention, incident response).
  • With your consent—for example, marketing communications you can opt out of at any time.

Where the EU/UK GDPR applies, we rely on the following legal bases: (a) performance of a contract; (b) legitimate interests (e.g. securing our services, improving user experience); (c) consent where required; and (d) compliance with legal obligations. In Australia, we handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

5) Sharing & sub-processors

We may share personal information with trusted service providers who process data on our behalf (“sub-processors”) for hosting, email, analytics, support and similar functions. We require contractual commitments, confidentiality and appropriate security from all providers.

Our current list of sub-processors is maintained at /sub-processors. We will update that page when providers are added or changed.

6) International transfers

Your information may be processed in countries outside your own. Where required, we implement appropriate safeguards—for example, Standard Contractual Clauses (SCCs) or equivalent mechanisms—and ensure providers commit to robust security controls.

7) Retention

We retain personal information only for as long as necessary to fulfil the purposes outlined in this Policy, to comply with legal obligations, resolve disputes, and enforce agreements. We apply role-based access and scheduled review/deletion for client artefacts.

8) Security

  • Logical access controls, MFA and least-privilege permissions.
  • Encryption in transit and at rest where supported.
  • Secure development and change control practices.
  • Vendor risk management and confidentiality undertakings.
  • Incident response procedures and breach notification where required.

9) Your rights

Depending on your location, you may have rights to:

  • Access, correct, update or delete your personal information.
  • Object to or restrict certain processing.
  • Data portability.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with a supervisory authority.

Where we process client-provided data as a processor, please contact the relevant client (controller). For requests we control directly, email [email protected].

10) Cookies

We use essential cookies to deliver core site functionality and may use optional analytics cookies to understand usage and improve performance. Where required, we will present a banner to obtain your consent and provide controls to manage preferences.

11) Children’s data

Our services are not directed to children and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can take appropriate action.

12) How to contact us

Email: [email protected]
Location: Sydney, Australia

13) Changes to this policy

We may update this Policy from time to time. Material changes will be noted on this page and, where appropriate, communicated to you. Please review this page periodically.

Last updated: 25 October 2025
View Sub-processors