Effective Date: 7 April 2025
Next Review Date: 7 April 2026
Policy Owner: Luke McFarland

1. Purpose

LAMC Advisory Pty Ltd ("we", "us", "our") is committed to protecting the privacy, confidentiality, and security of personal data collected in the course of providing advisory, cybersecurity, infrastructure management, digital strategy, and consultancy services.
This policy outlines our approach to complying with the Australian Privacy Act 1988 (Cth) and the European General Data Protection Regulation (EU) 2016/679 (GDPR).

2. Scope

This policy applies to all employees, contractors, consultants, partners, and third parties who have access to personal information collected, processed, or stored by LAMC Advisory Pty Ltd.

3. Definitions

• Personal Information: Any information or opinion about an identified individual or an individual who is reasonably identifiable.

• Sensitive Information: Includes information about race, religion, health, political opinions, sexual orientation, etc.

• Data Subject: An individual whose personal data is processed.

• Processing: Any operation performed on personal data (e.g., collection, storage, use, disclosure).

4. Data Collection

We collect personal information lawfully and fairly, and only when necessary to deliver our services, comply with legal obligations, or pursue legitimate business interests.
Data may include:

• Name, title, contact details

• Business and employment information

• Financial information for billing purposes

• Technical data, IP addresses, website analytics

We do not collect sensitive information unless required by law or with explicit consent.

5. Data Use

We use personal information for purposes including:

• Delivering and managing advisory, cybersecurity, and consulting services

• Client relationship management

• Marketing and communication (with opt-out options)

• Billing, accounting, and legal compliance

We only use personal information for the purpose it was collected for, or a related secondary purpose expected by the individual.

6. Data Storage and Security

We implement appropriate technical and organisational measures to ensure the security of personal data, including:

• Access control and authentication

• Data encryption (in transit and at rest)

• Secure physical and cloud-based storage solutions

• Regular security assessments and audits

• Staff training on data protection and cybersecurity

7. Data Disclosure

Personal data may be disclosed to:

• Third-party service providers (e.g., IT hosting, CRM systems)

• Regulatory authorities (where required by law)

• Contractors engaged in service delivery (under strict confidentiality terms)

We ensure all third parties maintain an adequate level of data protection.

We do not sell or rent personal data.

8. Data Transfers

When transferring personal data outside Australia or the European Economic Area (EEA):

• We ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses under GDPR)

• We comply with Australian cross-border disclosure requirements under APP 8

9. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected or as required by law (e.g., tax or contractual obligations).
When no longer required, data is securely deleted or de-identified.

10. Data Subject Rights

Individuals have rights regarding their personal data:

• Access: Request access to personal data we hold

• Correction: Request correction of inaccurate or incomplete data

• Erasure: Request deletion ("right to be forgotten")

• Objection: Object to certain types of processing

• Portability: Request a copy of personal data in a portable format (GDPR only)

Requests can be made by contacting us at [enquiries@lamcadvisory.com].

Requests will be responded to within 30 days unless otherwise permitted under law.

11. Data Breaches

We maintain a data breach response plan in line with the Notifiable Data Breaches (NDB) scheme (Australia) and GDPR Articles 33 and 34.
We will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) or relevant EU authorities where required.

12. Marketing Communications

We only send direct marketing communications with consent or where permitted by law.
Recipients can opt-out at any time by clicking the unsubscribe link or contacting us directly.

13. Roles and Responsibilities

• Luke McFarland (Data Protection Officer) is responsible for ensuring compliance with this policy and acting as the primary point of contact for privacy inquiries.

• All staff and contractors are responsible for understanding and complying with this policy.

14. Policy Review

This policy will be reviewed annually and updated as necessary to reflect changes in regulations, business practices, or technology.

---

Contact Details
LAMC Advisory Pty Ltd
Email: enquiries@lamcadvisory.com
Phone: +61 405 667 645
LinkedIn: linkedin.com/in/lukeam