Last Updated: 1 July 2026
Cloud Advisory Group Pty Ltd (we, us, or our) respects your privacy and is committed to protecting personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy explains how we collect, use, disclose, store, and protect personal information when you visit cloudadvisorygroup.net, contact us, or engage our cloud advisory and managed services.
This policy applies to personal information we handle as an organisation. Where we process personal information on behalf of a client under a services agreement, that processing is governed by the contract and the client’s instructions — not solely by this website policy.
1. Who We Are
CLOUD ADVISORY GROUP PTY LTD
Registered office: Level 3, 161 Bigge Street, Liverpool NSW 2170, Australia
Email: info@cloudadvisorygroup.net
Phone: 02 8416 8037
We provide cloud strategy, migration advisory, security oversight, FinOps, and related professional services to organisations in Australia. For privacy enquiries or requests relating to your personal information, contact us using the details above.
2. Personal Information We Collect
The type of information we collect depends on how you interact with us. We may collect:
- Contact and identity details — name, job title, organisation, work email, phone number, and postal address.
- Enquiry and communications data — information you submit via our contact form, email correspondence, meeting notes, and support requests.
- Professional and project context — service area of interest, environment description, timelines, and constraints you choose to share when scoping advisory work.
- Website usage data — IP address, browser type, device identifiers, pages viewed, referring URL, and approximate location derived from IP (see our Cookie Policy).
- Contract and billing information — where you become a client, we may collect billing contacts, purchase order references, and payment-related records handled through our finance processes.
We do not routinely collect sensitive information (such as health or biometric data) through this website. If sensitive information is required for a specific engagement, we will identify the purpose and seek appropriate consent or rely on another permitted basis under the APPs.
3. How We Collect Personal Information
We collect personal information when you:
- Submit a contact, quote, or consultation request on our website;
- Communicate with us by email, phone, or video conference;
- Attend workshops, discovery sessions, or events we host or sponsor;
- Enter into or perform a contract for advisory or managed services;
- Browse our website, where cookies and server logs generate technical usage data.
We may also receive information from your employer or colleagues when they introduce you as a stakeholder on a client engagement, or from publicly available professional sources (for example, corporate websites or LinkedIn) where relevant to business development — always handled in line with APP 5 notification requirements.
4. Why We Use Personal Information
We use personal information for purposes including:
- Responding to enquiries and providing scoping information or proposals;
- Delivering cloud advisory, architecture, migration, security, and managed services under contract;
- Managing client relationships, service quality, and account administration;
- Issuing invoices, processing payments, and maintaining financial records;
- Improving our website, content, and service offerings through aggregated analytics;
- Complying with legal obligations, responding to regulators, and establishing or defending legal claims;
- Sending service-related notices — we do not sell personal information to third-party marketers.
Where we rely on consent (for example, optional marketing communications), you may withdraw consent at any time by contacting us. Withdrawal does not affect processing already lawfully undertaken.
5. Disclosure of Personal Information
We may disclose personal information to:
- Service providers — hosting, email, CRM, collaboration, analytics, and professional advisers who assist our operations under confidentiality obligations;
- Cloud platform partners — only where necessary to deliver contracted services and where you or your organisation has authorised access;
- Your organisation — where you contact us in a professional capacity, we may share correspondence with your employer as part of delivering the engagement;
- Regulators and law enforcement — where required or authorised by Australian law.
We do not disclose personal information to overseas recipients unless permitted under APP 8 — for example, where you have consented, the disclosure is required for a contract you have with us, or we have taken reasonable steps to ensure the overseas recipient handles the information in accordance with the APPs. Many of our technology providers operate infrastructure outside Australia; we assess these arrangements and impose contractual safeguards where appropriate.
6. Data Security and Retention
We implement technical and organisational measures designed to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. These measures include TLS encryption for website traffic, access controls aligned to role, secure handling of credentials, and staff awareness of confidentiality obligations.
No method of transmission or storage is completely secure. If you believe your interaction with us has been compromised, contact us promptly at info@cloudadvisorygroup.net.
We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, and reporting requirements. Enquiry records are typically retained for up to seven years unless a shorter period applies. Client project records are retained in accordance with contractual and regulatory obligations.
7. Your Rights
Under the Privacy Act, you may request access to personal information we hold about you and request correction if it is inaccurate, out of date, incomplete, irrelevant, or misleading. We will respond within a reasonable period and may require verification of identity.
If you have a privacy complaint, contact us first. We will acknowledge your complaint and aim to resolve it within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
8. Notifiable Data Breaches
If we experience a data breach that is likely to result in serious harm to individuals, we will comply with the Notifiable Data Breaches scheme under the Privacy Act — including assessing the incident, notifying affected individuals and the OAIC where required, and taking remedial action.
9. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in law, technology, or our practices. The current version will always be published on this page with an updated effective date. Material changes will be brought to your attention where we have your contact details and the change affects how we use information we already hold.
Privacy Questions
Who is responsible for my personal data?
Cloud Advisory Group Pty Ltd is the organisation responsible for personal information collected through this website and our direct business relationships, unless we act solely as a processor on behalf of a client under a services contract.
How can I request access to or correction of my data?
Email info@cloudadvisorygroup.net with your request, name, and enough detail for us to locate your records. We respond within a reasonable timeframe under the Privacy Act.
Do you share data with third parties for marketing?
No. We do not sell or rent personal information. Disclosures are limited to service delivery, legal compliance, and operational providers bound by confidentiality.
Is data stored outside Australia?
Some technology providers may process data on infrastructure located overseas. Where this occurs, we take reasonable steps to ensure handling consistent with the APPs, as described in section 5 above.
How does this policy relate to client projects?
When we access your organisation’s systems or data under contract, processing is governed by the statement of work, master services agreement, and your instructions as data controller — contact your account lead for project-specific privacy terms.