Morrisec Privacy Policy

Get In Touch

INTRODUCTION

Morrisec values the trust placed in us by our clients, partners, and staff, and is committed to protecting the privacy of all personal information we handle.

We comply with the Privacy Act 1988 (Cth) and other applicable privacy laws and regulations and maintain alignment with recognised privacy principles.

This Policy outlines how Morrisec collects, uses, stores, discloses, and protects personal information in the limited circumstances where it is required for our legitimate business activities.

SCOPE

This Policy applies to all Morrisec operations and personnel. It covers:

  • Personal information relating to Morrisec employees, contractors, and job applicants; and
  • Personal information incidentally collected from client representatives, suppliers, or business contacts (e.g. names, email addresses, phone numbers).

Morrisec does not process or store client or customer PII as part of service delivery.

What is Personal Information

“Personal information” means any information or opinion about an identified individual or an individual who is reasonably identifiable.

Examples relevant to Morrisec may include:

  • Employee or contractor contact details
  • Applicant resumes and qualifications
  • Client or supplier contact information

Morrisec does not collect sensitive information (as defined under the Privacy Act) such as health, biometric, or financial data.

Collection of Personal Information

Morrisec collects personal information only when it is necessary and directly related to business functions, such as:

  • Managing employment, payroll, or recruitment
  • Conducting business with clients and partners
  • Communicating with professional contacts
  • Distributing newsletters or event information (where subscribed)

Information is collected fairly, lawfully, and transparently, and only from reliable and legitimate sources.

We may collect personal information:

  • Directly from individuals (via email, online forms, or meetings)
  • During recruitment or onboarding processes
  • From publicly available professional information (e.g. LinkedIn) for legitimate business contact purposes

Consent & Choice

Morrisec obtains consent prior to or at the point of collection where required.
By providing personal information, individuals consent to its use in accordance with this Policy.

Individuals may withdraw consent or request limited use of their information at any time by contacting privacy@morrisec.com.au.

If consent is withdrawn, Morrisec will explain any potential impact on our ability to maintain employment, contractual, or service relationships.

Use and Disclosure of Personal Information

Personal information is used only for the purposes for which it was collected or for directly related purposes that would be reasonably expected, including:

  • Administering employment and payroll
  • Managing client, supplier, or partner communications
  • Providing requested information or services
  • Complying with legal or regulatory obligations

Morrisec does not sell, rent, or share personal information for marketing purposes.
Personal information may be disclosed to third parties only where:

  • Required or authorised by law; or
  • Necessary for legitimate business operations (e.g. Microsoft, HubSpot, QuickBooks), all of which have appropriate privacy and security controls.

 No personal information is disclosed overseas.

Data Quality and Accuracy

Morrisec takes reasonable steps to ensure personal information is accurate, complete, and up to date.

Employees and contractors can view and correct their information through internal systems or by contacting the Privacy Officer.

Data Security and Protection

Morrisec protects personal information through a layered security approach that includes:

  • Multi-factor authentication and role-based access controls
  • Encryption and security features
  • Regular monitoring of access and security logs
  • Restricting data access to authorised personnel only

Privacy controls are monitored for effectiveness and updated as part of ongoing information security and privacy reviews.

Retention and Disposal

Personal information is retained only as long as necessary to fulfil its purpose or comply with legal obligations.

Retention periods are guided by Morrisec’s Data Lifecycle and Retention Schedule.

When no longer required, information is securely deleted or anonymised.

For HR data, this includes secure disposal following offboarding.

Access and Correction

Individuals may request access to, or correction of, their personal information at any time.
Requests should be directed to privacy@morrisec.com.au and will be handled within three (3) business days, subject to identity verification.

If access is refused, Morrisec will provide written reasons unless restricted by law.

Website & Online Activity

Morrisec’s website uses minimal cookies for analytics and functionality.

Cookies do not identify users and may be disabled through browser settings.

We use Google Analytics to understand website traffic, but data is anonymised wherever possible.

Any direct marketing (e.g. newsletters) is sent only to individuals who have opted in, in compliance with the Spam Act 2003 (Cth).

Individuals can unsubscribe at any time.

Complaints and Dispute Resolution

Individuals may raise privacy concerns or complaints by contacting the Privacy Officer at privacy@morrisec.com.au.

Complaints are acknowledged within five (5) business days and investigated promptly.

If the matter is unresolved, individuals may escalate the complaint to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

Monitoring, Review, and Improvement

This Policy is reviewed annually or sooner if legislative, business, or operational changes occur.

Prior versions are retained through SharePoint version control.

Changes are communicated to staff via internal channels and to external parties via the Morrisec website.

CONTACT DETAILS