Privacy Policy

Effective Date: 7^thMay 2026

Last Updated: 15 Mar 2026

1. Introduction

Architechs Australia Pty Limited (ABN 80 620 776 025) (“architechs®”, “we”, “our”, “us”) is committed to protecting the privacy of personal information we collect through our website architechs.com.au and in the course of providing our consulting services and implementation of our products.

This Privacy Policy explains how we collect, use, disclose, store, and protect your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where we engage with individuals located in the European Union or United Kingdom, we also comply with the General Data Protection Regulation (GDPR).

By using our website or submitting information through our forms, you acknowledge that you have read and understood this Privacy Policy.

2. Information We Collect

2.1 Information you provide directly

We collect personal information that you voluntarily provide through our website forms and in the course of engaging with our services. This includes:

Book a Workshop form: name, business email, phone number, company name, job title, location, workshop preferences
Contact Us form: name, business email, phone number, company name, location, enquiry type, message content
FTE Job Applications: name, email, phone number, location, LinkedIn profile URL, CV/resume (uploaded file), role applied for, notice period, salary expectations, right to work status

Global Technology Network (GTN) Applications: name, email, phone number, location, LinkedIn profile URL, CV/resume (uploaded file), primary skill area, years of experience, availability, engagement preferences, location, right to work status

2.2 Information collected automatically

When you visit our website, we may automatically collect:

IP address and approximate geographic location
Browser type and version, operating system, device type
Pages visited, time spent on pages, referring URLs
Interaction data via cookies and similar tracking technologies

2.3 Information from third parties

We may receive information about you from third-party platforms where you have engaged with our content, including LinkedIn and Google Ads, subject to those platforms’ own privacy policies.

3. How We Use Your Information

We collect and use your personal information for the following purposes:

To respond to your enquiries and provide requested information about our services
To process workshop bookings and schedule consultations
To assess job applications for full-time employment positions
To maintain our Global Technology Network talent pool and match you with relevant opportunities
To send confirmation and follow-up communications relating to your enquiry or application
To improve our website, services, and user experience
To comply with legal obligations and regulatory requirements
To protect our rights and prevent fraud or misuse of our services

We will not use your personal information for direct marketing purposes without your explicit consent. You may opt out of marketing communications at any time.

4. Legal Basis for Processing

Under Australian privacy law, we collect and process personal information that is reasonably necessary for our business functions and activities, as permitted by the APPs.

For individuals in the EU/UK only (Australian residents are covered by the APPs above), we process personal information on the following legal bases:

Consent: where you have provided explicit consent via our form checkboxes (e.g., workshop bookings, contact enquiries, job applications, GTN registration)
Legitimate interest: for website analytics and improving our services, where this does not override your fundamental rights
Contractual necessity: where processing is required to deliver services you have requested
Legal obligation: where we are required to retain or disclose information under applicable law

5. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your experience and analyse website usage. We use the following third-party services:

Google Tag Manager (GTM): manages and deploys tracking scripts on our website
Google Analytics 4 (GA4): analyses website traffic, user behaviour, and conversion events
LinkedIn Insight Tag: tracks conversions from LinkedIn advertising campaigns and provides aggregated audience insights
HubSpot Tracking Code: monitors page views and visitor activity for CRM and marketing purposes

Non-essential cookies (analytics, advertising, and CRM tracking) are loaded only after you provide prior, opt-in consent via our cookie banner. The banner offers granular control and a “Reject All” option of equal prominence to “Accept All.” You can withdraw or change your consent at any time via the cookie preferences link on our website. Disabling cookies may affect the functionality of certain features.

Where your browser sends a Global Privacy Control (GPC) signal, we treat it as an opt-out of non-essential tracking for that browser session.

6. Data Storage and Security

Personal information collected through our website forms is stored in:

Supabase: an open-source backend platform hosted on Amazon Web Services (AWS) infrastructure in the Sydney (ap-southeast-2) region. Form submission data is stored in a PostgreSQL database. CV/resume files are stored in Supabase Storage. Supabase employs encryption at rest and in transit, row-level security, and access controls.
HubSpot CRM: contact records are synchronised to our HubSpot CRM for lead management and follow-up. We use an Australian-region HubSpot instance so that customer records remain hosted within Australia. HubSpot is certified under SOC 2 Type II and ISO 27001 frameworks.
Webflow: form submissions may also be temporarily stored in Webflow’s form submission dashboard. Webflow is hosted on AWS and Fastly CDN infrastructure; form submission records are routed to our Australian-region backend immediately upon submission and the Webflow copy is purged on a rolling basis.

We take reasonable steps, including technical and organisational measures, to protect your personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. These measures include encryption, access controls, and regular security reviews.

Sensitive information. Where information you provide as part of a CV, right-to-work declaration, or supporting document includes sensitive information (within the meaning of section 6 of the Privacy Act — for example, health information, religious affiliation, or immigration/visa status), we collect that information only with your express consent and only for the limited purpose of recruitment assessment or contractor onboarding. We apply additional access controls to such information and do not use it for any secondary purpose.

No method of electronic storage or transmission is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Data Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.

Data Type

Retention Period

Rationale

Workshop enquiries

24 months from submission

Follow-up and service improvement

Contact enquiries

24 months from submission

Follow-up and service improvement

FTE applications

12 months from submission

Recruitment assessment and future roles

GTN applications

24 months from submission or last contact (auto-purged thereafter)

Talent pool matching; you may request earlier removal at any time

Website analytics data

26 months (GA4 default)

Website performance analysis

When personal information is no longer required, we will take reasonable steps to destroy or de-identify it.

‍8. Disclosure of Personal Information

We may disclose your personal information to:

Our employees, contractors, and consultants who require access to perform their duties
Third-party service providers who assist us in operating our website and delivering services (listed in Section 6 above)
Professional advisers, including lawyers and accountants, where necessary
Government authorities or law enforcement agencies, where required by law or to protect our legal rights

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

9. Overseas Disclosure

Personal information collected through our website is stored and processed within Australia. We use Australian-region instances of our cloud service providers (backend, CRM, email delivery) so that personal data does not leave Australian jurisdiction in the ordinary course of business.

Limited overseas access may occur in narrow circumstances — for example, vendor support, telemetry, or aggregated/de-identified analytics functions that originate from outside Australia. Where any overseas disclosure of personal information does occur, we take reasonable steps to ensure the recipient does not breach the Australian Privacy Principles (APPs). We remain accountable under APP 8.1 for any act or practice of an overseas recipient that would breach the APPs, unless an exception under APP 8.2 applies.

10. Your Rights

10.1 Rights under Australian law

Under the Privacy Act and APPs, you have the right to:

Request access to the personal information we hold about you
Request correction of inaccurate, out-of-date, or incomplete information
Request deletion of your personal information where it is no longer necessary for the purpose for which it was collected, consent has been withdrawn, or the data was unlawfully collected
Complain about a breach of the APPs

10.2 Additional rights under GDPR (EU/UK individuals)

If you are located in the EU or UK, you also have the right to:

Withdraw consent at any time, without affecting the lawfulness of processing based on consent before withdrawal
Request restriction of processing of your personal information
Request data portability (receive your data in a structured, machine-readable format)
Object to processing based on legitimate interests
Lodge a complaint with a supervisory authority in your jurisdiction

10.3 How to exercise your rights

To exercise any of these rights, contact us at:

Email: privacy@architechs.com.au

We will respond to your request within 30 days. For individuals located in the EU or UK, GDPR provides a one-month response window, which we may extend by up to two further months for complex or numerous requests (with prior notice). We may need to verify your identity before processing your request. If we refuse your request, we will provide written reasons and inform you of your right to complain to the Office of the Australian Information Commissioner (OAIC).

11. Automated Decision-Making

We do not use automated decision-making that produces legal or similarly significant effects on you (for example, automated hiring decisions). The amendments to APP 1 introduced by the Privacy and Other Legislation Amendment Act 2024 (Cth) regarding transparency of substantially automated decision-making commence on 10 December 2026. We will update this policy before that date if our practices change. AI-assisted tools and chatbots. Our website may include an AI-assisted chatbot to help answer enquiries. Conversation transcripts and any personal information you choose to provide through the chatbot are handled in accordance with this policy and stored on our Australian-region backend. The chatbot does not make automated decisions that affect you and does not use your inputs to train third-party models.

12. Children’s Privacy

Our website and services are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected information from a child, we will take steps to delete it promptly.

13. Notifiable Data Breaches

In the event of an eligible data breach that is likely to result in serious harm, we will notify affected individuals and the OAIC as required by the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act. Notification will be made as soon as practicable, and in any event within 30 days of becoming aware of the breach (per section 26WL of the Privacy Act). We maintain a data breach response plan and will act promptly to contain, assess, and remediate any breach.

14. Third-Party Links

Our website may contain links to external websites. We are not responsible for the privacy practices or content of those websites. We encourage you to review the privacy policies of any third-party sites you visit.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated policy on our website with a revised “Last Updated” date. Material changes will be communicated via a notice on our website.