Privacy Policy

Nexios Pty Ltd Last updated: 1 March 2026

1. Introduction

Nexios Pty Ltd (ABN 45 684 995 659) ("Nexios", "we", "our", or "us") is an Australian software company that builds and operates proprietary software products and provides professional technology services to businesses across Australia and internationally.

This Privacy Policy governs how we collect, use, disclose, store, and protect personal information in connection with:

• Our corporate website at nexios.com.au
• Our professional services engagements (software development, consulting, cloud and DevOps, QA, and cybersecurity)
• Our corporate communications, recruitment, and business operations

Important — Product-Specific Policies: Each Nexios software product operates under its own dedicated Privacy Policy. If you are a user of a Nexios product, please refer to the privacy policy published within that product or on its dedicated product website. This Policy does not govern the collection or processing of personal information that occurs within any Nexios product.

We are committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). By accessing our Website or engaging our services, you acknowledge that you have read and understood this Privacy Policy.

2. Scope of This Policy

This Privacy Policy applies specifically to:

• Visitors to nexios.com.au
• Prospective clients who submit enquiries, book consultations, or request proposals
• Current and former service clients of Nexios
• Business contacts and partners
• Job applicants and contractors

This Policy does not apply to:

• End users of Nexios software products — refer to the applicable product's own Privacy Policy
• Data processed by Nexios on behalf of service clients as a data processor — in such cases, the client's own privacy policy and data processing agreement govern

3. Our Products and Their Policies

Nexios develops and operates a portfolio of software products. Each product is a distinct offering with its own data practices, user base, and compliance obligations. Accordingly, each product maintains an independent Privacy Policy, accessible within the product itself or on its dedicated product website.

If you are a Nexios product user, you should:

1. Refer to the Privacy Policy specific to the product you are using
2. Direct privacy-related queries to that product's dedicated support team
3. Note that product privacy policies may be updated independently of this corporate Privacy Policy

If you are uncertain which policy applies to your situation, contact us at privacy@nexios.com.au and we will direct you to the appropriate policy and contact.

4. What Personal Information We Collect

We collect only the personal information reasonably necessary to operate our business and deliver our services. This may include:

Contact and Identity Information

• Full name
• Email address
• Phone number
• Job title and organisation name
• Business address

Enquiry and Communication Data

• Messages submitted through our website contact and consultation forms
• Email and written correspondence
• Meeting notes and call records

Website Usage Data

• IP address
• Browser type and version
• Pages visited and time spent on site
• Referring URL and traffic source
• Device type and operating system

Billing and Commercial Information

• Invoicing and purchase order details
• Payment records (we do not store full card details — payments are handled by PCI-DSS compliant third-party processors)
• Contract and engagement records

Recruitment Information (job applicants only)

• Résumé and professional portfolio
• Employment history and qualifications
• References and, where applicable and consented to, background check results

5. How We Collect Personal Information

We collect personal information through the following means:

• Directly from you when you complete a form on our website, send an email, book a consultation, or execute a service agreement
• Through your use of our website via cookies and analytics tools (see Section 10)
• From third parties such as referral partners, LinkedIn, or publicly available professional directories, where relevant to a business enquiry or recruitment process
• In the course of delivering services, where we may incidentally handle personal information contained in materials you provide

We will always endeavour to collect personal information directly from you in the first instance.

6. Why We Collect and Use Personal Information

We collect and use your personal information for the following purposes:

• To respond to enquiries and provide information about our services and product portfolio
• To deliver contracted professional services and manage client relationships
• To issue invoices, process payments, and maintain financial and commercial records
• To send service-related communications, including project updates and support correspondence
• To send marketing communications about our services, products, and events where you have consented or where permitted under the Spam Act 2003 (Cth)
• To improve our website and service offerings through aggregated, anonymised analytics
• To assess job applications and manage recruitment and onboarding processes
• To comply with our legal, regulatory, and contractual obligations
• To protect the security and integrity of our systems, products, and business operations

We will not use your personal information for purposes incompatible with the reason it was originally collected without your prior consent.

7. Disclosure of Personal Information

We do not sell, rent, or trade your personal information. We may disclose your personal information to:

Technology and Service Providers Third-party vendors supporting our business operations, including cloud hosting providers, CRM and project management platforms, accounting systems, and payment processors. All providers are contractually bound to handle personal information securely and solely for the specified purpose.

Professional and Legal Advisers Lawyers, accountants, auditors, and insurers where necessary to operate our business or manage a legal matter.

Regulatory and Government Bodies Where required or authorised by law, including in response to a lawful request from a government agency, regulator, or court. Where permitted, we will notify you before making such a disclosure.

Internal Product Teams Where you interact with both our corporate services and a Nexios product, limited contact information may be shared internally with the relevant product team to coordinate your experience. Such sharing is subject to internal data governance controls and does not grant product teams access to broader corporate engagement records.

Business Transfers In the event of a merger, acquisition, corporate restructure, or sale of a business unit or product, personal information relevant to that transaction may be transferred. We will provide reasonable notice to affected individuals before their information is transferred and becomes subject to a new or different privacy policy.

We require all third parties to respect the security of your personal information and handle it in accordance with applicable privacy laws.

8. Overseas Disclosure

Some third-party service providers we engage may store or process data outside Australia, including in the United States and the European Union. Where we disclose personal information to overseas recipients, we take reasonable steps to ensure they handle it in a manner consistent with the Australian Privacy Principles, including through contractual data protection obligations.

By providing your personal information to us, you acknowledge it may be transferred to, stored in, or processed in countries outside Australia.

9. Data Security

We apply layered technical and organisational security controls to protect personal information against unauthorised access, disclosure, alteration, loss, and destruction, including:

• Encryption of data in transit (TLS 1.2 or higher) and at rest using industry-standard algorithms
• Role-based access controls limiting personal information to personnel with a legitimate operational need
• Regular internal and third-party security assessments of our corporate systems and vendor relationships
• Secure, verified data disposal procedures when information is no longer required
• Mandatory security awareness training for all staff handling personal information

No method of electronic transmission or storage is completely secure. We cannot guarantee absolute security and encourage you to take reasonable steps to protect information you transmit to us electronically.

10. Cookies and Website Analytics

Our corporate website uses cookies and similar tracking technologies to operate effectively and understand how visitors engage with our content.

Types of cookies we use:

• Strictly necessary cookies — essential for core website functionality and cannot be disabled
• Analytics cookies — collect anonymised, aggregated data to help us improve content and user experience (e.g. Google Analytics)
• Preference cookies — remember your settings and choices across visits
• Marketing cookies — used, where consented, to serve relevant content and measure the effectiveness of campaigns

You may control or disable non-essential cookies through your browser settings or our cookie consent manager. Disabling certain cookies may affect website functionality. Where required by law, we obtain your consent before placing non-essential cookies.

Note: Individual Nexios products may use cookies and tracking technologies that are governed separately. Refer to each product's Privacy Policy for details.

11. Retention of Personal Information

We retain personal information only as long as necessary to fulfil the purpose for which it was collected, or as required by law:

• Client service records — retained for a minimum of seven (7) years from the date of the last transaction, in compliance with Australian tax and corporations law
• Prospective client enquiry data — retained for up to two (2) years from last contact, then securely deleted unless an engagement has commenced
• Marketing opt-out records — retained indefinitely to honour your communication preferences
• Job applicant information — retained for twelve (12) months following conclusion of a recruitment process, then securely destroyed unless you consent to longer retention for future opportunities

When personal information is no longer required, we take reasonable steps to destroy or permanently de-identify it.

12. Marketing Communications

Where you have provided consent or where permitted under the Spam Act 2003 (Cth), we may send you marketing communications about our services, products, industry insights, and events.

You may opt out at any time by:

• Clicking the unsubscribe link in any marketing email we send
• Emailing us directly at privacy@nexios.com.au

We will action opt-out requests within five (5) business days. Even after opting out, we may still send you transactional or service-related messages necessary to manage an active engagement.

Note: Opting out of Nexios corporate marketing does not automatically unsubscribe you from communications sent by individual Nexios products. Manage product-level communication preferences within each product directly.

13. Your Rights

Under the Australian Privacy Principles, you have the right to:

• Access the personal information we hold about you
• Correct personal information that is inaccurate, incomplete, out of date, or misleading
• Complain about how we have handled your personal information

Submit requests to our Privacy Officer using the contact details in Section 15. We will acknowledge requests within five (5) business days and respond substantively within thirty (30) days. We do not charge a fee for access requests in ordinary circumstances, though we may impose a reasonable fee where a request requires substantial effort. Where we are unable to fulfil a request, we will provide a written explanation.

14. Complaints

If you believe we have mishandled your personal information or breached the Australian Privacy Principles, we encourage you to contact us in the first instance so we can attempt to resolve your concern promptly and directly.

If you are dissatisfied with our response, you may lodge a complaint with:

Office of the Australian Information Commissioner (OAIC) Website: www.oaic.gov.au Phone: 1300 363 992 Post: GPO Box 5218, Sydney NSW 2001

15. Contact — Privacy Officer

For all privacy-related enquiries, access requests, corrections, or complaints relating to this Policy:

Privacy Officer Nexios Pty Ltd Email: privacy@nexios.com.au Phone: 0402 743 563 / 08 8989 2838 Post: 84 Smith Street, Darwin NT 0800, Australia

For privacy matters relating to a specific Nexios product, contact that product's support team directly or refer to its dedicated Privacy Policy.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, product portfolio, or legal obligations. Updates will be published on our Website with a revised "Last updated" date. For material changes, we will take reasonable steps to notify affected individuals directly where possible.

We encourage you to review this Policy periodically. Continued use of our Website or services following an update constitutes acceptance of the revised Policy.

This Privacy Policy was last updated on 1 March 2026 and applies to Nexios Pty Ltd (ABN 45 684 995 659), a company registered in Darwin, Northern Territory (NT), Australia. It governs corporate and services-related personal information only. Each Nexios product maintains its own independent Privacy Policy.