Legal

Privacy policy.

Last updated: 11 July 2026

Think ICT (ABN 91 700 103 386, “Think ICT”, “we”, “us”, “our”) provides managed IT services to small and medium businesses across Melbourne and Australia. This policy explains how we collect, hold, use and disclose personal information, and how you can access or correct your information or make a complaint.

We handle personal information in line with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth), even where our current size means the Act's small business exemption may apply to us. This matters to us, given the trust our clients place in us to manage their IT systems and data.

1. Scope of this policy

This policy covers:

  • personal information collected through our website, thinkict.com.au
  • personal information we collect from prospective and current clients in the course of providing managed IT services
  • personal information we may access on behalf of clients while delivering managed services, for example end-user account details within a client's Microsoft 365 tenant

Where we handle personal information on a client's behalf as part of a managed services engagement, we do so as a contracted service provider acting under that client's instructions. The client remains responsible for their own privacy obligations to their staff and customers. Our handling of that information is governed by our services agreement with the client, not this policy.

2. What personal information we collect

Website visitors

When you contact us through our website or book a consultation, we collect:

  • your name
  • email address
  • phone number
  • business name
  • details of your enquiry, including which service you're interested in

We use Formspree, a third-party form processing service, to handle contact form submissions. Formspree is based in the United States, so information you submit through our contact form is processed on servers located outside Australia.

Prospective and current clients

If you engage with us as a prospective or current client, we may also collect:

  • business details, including ABN, industry, number of staff and IT environment
  • billing and payment details
  • correspondence between us, including emails, call notes and meeting records

Managed services delivery

Where we provide managed IT services, identity management or cyber security services, we may need to access personal information held within a client's systems to do our job. This can include staff names, email addresses, device information, login activity and system logs. We only access this information as needed to deliver the agreed services, and only for clients who have engaged us under a signed services agreement.

3. How we collect personal information

We collect personal information:

  • directly from you, when you fill out a form, call us, email us or speak with us
  • through our website hosting and form provider, Formspree
  • from within a client's IT environment, where we have been engaged to manage or support that environment

We do not knowingly collect personal information from you without your knowledge, other than the limited technical information, such as IP address, automatically logged by our website host as part of standard web traffic.

4. Why we collect, hold, use and disclose personal information

We use personal information to:

  • respond to enquiries and provide quotes
  • deliver managed IT services under a signed agreement
  • manage billing and account administration
  • maintain the security and reliability of the systems we manage
  • comply with our legal and regulatory obligations
  • improve our services and website

We do not sell personal information, and we do not use it for direct marketing without your consent.

5. Cookies and website analytics

Our website uses Cloudflare Web Analytics, a privacy-friendly, cookieless analytics tool. It reports aggregate figures such as page views and referrers. It does not use tracking or advertising cookies, does not build a profile of you, and does not identify you personally.

When you first visit, we ask whether you are happy for us to load this analytics. Your choice is stored in your browser’s local storage on your device. It is not a cookie, and it is never shared. You can change your choice at any time using the Cookie preferences link in the footer. If you decline, no analytics are loaded.

We do not use advertising cookies. If we introduce other analytics or marketing tools in future, we will update this policy to explain what is collected and how you can opt out.

6. Disclosure of personal information

We may disclose personal information to:

  • our staff and subcontractors, where needed to deliver services to you
  • our software and hosting providers, including Formspree (contact form processing, United States) and Cloudflare (website hosting and analytics)
  • Microsoft, where services involve Microsoft 365, Entra ID or Azure
  • Okta, where services involve identity management delivered through the Okta platform
  • our accounting, legal and insurance providers, where required for us to operate our business
  • government or regulatory bodies, where required by law

Some of these providers store or process information outside Australia, including in the United States. Where we disclose personal information overseas, we take reasonable steps to ensure the recipient handles it consistently with the Australian Privacy Principles, including relying on the provider's own privacy and security commitments.

7. Data security

We hold personal information using a combination of technical and organisational safeguards, including access controls, encryption, multi-factor authentication and endpoint security, consistent with the same cyber security standards we help our clients achieve. We review our own security posture against the ACSC Essential Eight framework.

No system is completely secure. If you have concerns about the security of your information, contact us using the details below.

8. Data breach notification

If we become aware of a data breach that is likely to result in serious harm to individuals, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in line with the Notifiable Data Breaches scheme, regardless of whether the small business exemption applies to us.

9. Access and correction

You can ask us for access to the personal information we hold about you, or ask us to correct it, by contacting us using the details below. We will respond within a reasonable time, and there's no charge to make a request. In some cases, we may need to verify your identity before releasing information, or we may not be able to provide access if an exception under the Privacy Act applies.

10. Complaints

If you have a concern about how we’ve handled your personal information, contact us first at connect@thinkict.com.au so we can try to resolve it directly. If you’re not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner at oaic.gov.au.

11. Third-party links

Our website may contain links to third-party websites, including vendor and partner sites. We aren't responsible for the privacy practices of those sites. We encourage you to review their privacy policies before providing any personal information.

12. Children's privacy

Our website and services are intended for business use and are not directed at children. We don't knowingly collect personal information from children.

13. Changes to this policy

We may update this policy from time to time to reflect changes in our practices or legal obligations. The version published on our website is always the current version. We'll update the date at the top of this policy when changes are made.

14. Contact us

For any questions about this policy or how we handle personal information, contact us:

Think ICT

Melbourne, VIC, Australia

E: connect@thinkict.com.au

P: +61 421 166 191

ABN: 91 700 103 386