Square IT Services Pty Ltd
ABN 42 623 812 555
PO Box 416, Dingley Village VIC 3172
03 9551 7909 | info@squareit.com.au | www.squareit.com.au
PRIVACY POLICY
1. Introduction
Square IT Services Pty Ltd (ABN 42 623 812 555) (Square IT, we, us, our) is committed to protecting the privacy of individuals whose personal information we collect and handle in the course of providing IT managed services.
This Privacy Policy explains how we collect, use, store, disclose, and protect personal information in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs).
While Square IT is a sole operator business and may qualify for the small business exemption under the Privacy Act, we have chosen to adopt and publish this Privacy Policy because:
• Some of our customers operate in sectors that handle sensitive information, including health information (pharmacy clients) and personal information of children (early learning centres);
• We may access or come into contact with personal information held by our customers’ systems in the course of delivering IT services; and
• We believe transparent privacy practices are essential to maintaining trust with our customers and their clients.
2. Personal Information We Collect
2.1 Information About Our Customers
We collect personal information about our business customers and their authorised contacts, including:
• Names, job titles, and contact details (email address, phone number, business address);
• Billing and payment information (invoicing details, ABNs — we do not store credit card numbers);
• Communications and instructions sent to us via email or phone;
• Information about your IT environment, including device names, user accounts, software, and network configuration.
2.2 Information We Encounter in the Course of Delivering Services
When we access a customer’s systems to deliver IT services (such as remote support, monitoring, backup, or endpoint management), we may encounter personal information held by the customer about their own clients, employees, or other individuals. This may include:
• Names and contact details of the customer’s staff or clients;
• In the case of pharmacy clients: health-related information stored on dispensing or practice management systems;
• In the case of early learning centres: personal information of children and their families.
Square IT does not collect or retain this information for its own purposes. We access it only to the extent necessary to perform the requested service. The customer remains the data controller for their clients’ information and is responsible for appropriate disclosure to those individuals.
2.3 Information We Do Not Collect
We do not knowingly collect sensitive personal information (such as health information, racial or ethnic origin, or financial account credentials) for our own business purposes. We do not collect personal information from individuals who are not our customers or customer contacts.
3. How We Collect Personal Information
We collect personal information directly from you when you:
• Contact us to enquire about or engage our services;
• Enter into a Master Services Agreement or accept a quote;
• Communicate with us by email, phone, or through our support systems;
• Provide us with access to your IT systems for the purpose of service delivery.
We may also collect information automatically through our remote monitoring and management (RMM) platform (SyncroMSP) when a monitoring agent is installed on a managed device. This information relates to device health, performance, and configuration — not to the personal activities of device users.
4. How We Use Personal Information
We use the personal information we collect to:
• Provide, manage, and improve the IT services we deliver to you;
• Communicate with you about your services, including support requests, renewals, and service updates;
• Issue invoices, process payments, and manage our billing relationship with you;
• Maintain records of instructions, recommendations, and service history;
• Comply with our legal and regulatory obligations;
• Protect the security and integrity of our own systems and those of our customers.
We do not use your personal information for marketing purposes without your consent, and we do not use information we encounter in your systems for any purpose other than delivering the service you have requested.
5. Disclosure of Personal Information
5.1 Third-Party Vendors
In delivering our services, we work with a number of trusted third-party vendors. Personal information (typically limited to customer contact and account details) may be shared with these vendors only to the extent necessary to provision or manage the relevant service:
• Microsoft (via Synnex Australia) — Microsoft 365 licensing and services;
• Datto (Kaseya) — Microsoft 365 cloud backup (Australian data residency confirmed);
• OpenText (Webroot) — endpoint security and antivirus management;
• Synergy Wholesale — domain name registration and DNS management;
• SyncroMSP — remote monitoring, management, and ticketing platform;
• Xero — invoicing and billing.
Each of these vendors operates under their own privacy and data handling policies. We take reasonable steps to ensure our vendors maintain appropriate data security standards.
5.2 Other Disclosures
We may also disclose personal information:
• Where required or authorised by law (e.g., in response to a lawful request from a regulatory authority or court);
• To a credit collection agency where an account is overdue and collection action is necessary (limited to the information required for that purpose);
• With your consent.
We do not sell, rent, or trade personal information to any third party for marketing or commercial purposes.
6. Storage & Security
Personal information held by Square IT is stored within our Microsoft 365 environment, which is protected by:
• Multi-factor authentication (MFA) enforced on all accounts;
• Role-appropriate access controls;
• Microsoft’s enterprise-grade security infrastructure.
Customer credentials and sensitive access information are stored in an encrypted file within our secured Microsoft 365 environment. We do not store passwords in plain text.
We take reasonable steps to protect personal information from misuse, loss, unauthorised access, modification, or disclosure. However, no system is completely secure, and we cannot guarantee absolute security.
We retain personal information for as long as necessary to deliver the relevant service and meet our legal obligations. When information is no longer required, we take reasonable steps to destroy or de-identify it.
7. Sensitive Information & Regulated Sectors
Square IT recognises that some of our customers operate in regulated environments that involve sensitive personal information:
7.1 Health Information (Pharmacy Clients)
Some of our customers are retail pharmacies whose systems contain health information about their patients. Where we are engaged to support these systems, we access health information only to the extent strictly necessary to perform the requested technical task. We do not copy, retain, or use health information for any other purpose.
Pharmacy clients are responsible for ensuring that their own privacy obligations under the Privacy Act (including the Health Privacy Principles where applicable) are met, and that their patients are appropriately informed about how their health information is handled.
7.2 Children’s Information (Early Learning Centres)
Some of our customers are early learning centres whose systems contain personal information about children and their families. Where we access these systems, we treat children’s personal information with the highest level of care. We do not retain, copy, or use this information beyond what is strictly necessary to deliver the requested service.
Early learning centre clients are responsible for compliance with their obligations under applicable child safety and privacy legislation, including ensuring appropriate consent has been obtained from parents or guardians for the collection and handling of children’s personal information.
8. Access & Correction
You have the right to request access to the personal information we hold about you, and to ask us to correct information that is inaccurate, out of date, incomplete, or misleading.
To make an access or correction request, please contact us at:
• Email: info@squareit.com.au
• Phone: 03 9551 7909
• Post: PO Box 416, Dingley Village VIC 3172
We will respond to access and correction requests within a reasonable timeframe, generally within 30 days. In some circumstances we may decline a request, in which case we will explain why in writing.
9. Privacy Complaints
If you believe we have mishandled your personal information or breached the Australian Privacy Principles, we encourage you to contact us directly in the first instance so we can attempt to resolve the matter:
• Email: info@squareit.com.au
• Phone: 03 9551 7909
We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days. If we are unable to resolve your complaint to your satisfaction, you may refer the matter to the Office of the Australian Information Commissioner (OAIC):
• Website: www.oaic.gov.au
• Phone: 1300 363 992
• Post: GPO Box 5218, Sydney NSW 2001
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal obligations. The current version is always available on our website at www.squareit.com.au. We will notify existing customers of material changes by email.
The effective date at the top of this document indicates when the current version came into effect.
Square IT Services Pty Ltd | ABN 42 623 812 555
PO Box 416, Dingley Village VIC 3172 | 03 9551 7909 | info@squareit.com.au
Version 1.0 — Effective 1 July 2026

