Legal
Privacy Policy
Aligned with the Privacy Act 1988 (Cth), the Australian Privacy Principles, and the ACSC Essential Eight. Last updated 4 May 2026.
1. Who we are
Grimace Remote (ABN 46 116 499 723) is a sole-trader IT support and website design business based in East Gippsland, Victoria. This Privacy Policy explains how we collect, use, store and disclose personal information in compliance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
2. Information we collect
Only what is needed to deliver remote support or website work: your name, contact details, business name and ABN where relevant, and information you choose to share during a session (e.g. error messages, screenshots). We avoid collecting sensitive information and do not collect government identifiers.
3. How we use it
To respond to enquiries, deliver the service requested, issue tax invoices and meet ATO record-keeping obligations. We do not sell or rent personal information.
4. Remote sessions and data handling
Sessions run on enterprise-grade remote support software with 256-bit AES encryption and TLS 1.2+, multi-factor authentication on the technician account, and a single-use secure link issued only after you confirm you wish to proceed. You watch every action live and can disconnect at any moment. Once a session ends, no client files, screenshots, credentials or session recordings are retained — only invoice line items kept for ATO records.
5. Australian Privacy Principles (APPs)
We handle personal information in accordance with all 13 APPs — open and transparent management (APP 1), anonymity where practicable (APP 2), only collecting what is needed (APP 3), notification of collection (APP 5), use only for the primary purpose (APP 6), security (APP 11), and access and correction on request (APPs 12 & 13).
6. Security — ACSC Essential Eight alignment
Our practices are aligned with the Australian Cyber Security Centre Essential Eight: application control, patching applications, Office macro hardening, user application hardening, restricting administrative privileges, OS patching, multi-factor authentication and regular backups.
7. Storage and overseas disclosure
Records are stored in Australia where practicable. Email and accounting tools (e.g. Microsoft 365, Xero) may process data in overseas data centres under their own APP-compliant arrangements.
8. Notifiable data breaches
We comply with the Notifiable Data Breaches scheme. If a breach is likely to result in serious harm, we will notify you and the Office of the Australian Information Commissioner (OAIC) as soon as practicable.
9. Access, correction and complaints
Email support@grimaceremote.com.au to request access, correction, or to lodge a privacy complaint. We respond within 30 days. Unresolved complaints can be escalated to the OAIC at oaic.gov.au.
Grimace Remote · ABN 46 116 499 723 · East Gippsland, Victoria, Australia