top of page
  • Facebook
  • Twitter
  • Instagram

Privacy Policy

This is the privacy policy of Elevaut and our related entities.

In this document, the expressions “we”, “us” and “our” are a reference to Elevaut. The term “you” and “your” refers to the party who this policy relates to, including website users, clients, prospective clients, and end users who interact with systems we build or operate.

The purpose of this policy is to clearly express an up-to-date policy about our management of information.

Your Rights in Relation to Privacy

Elevaut understands the importance of protecting the privacy of an individual’s personal information and adopts the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) (Act).

This Privacy Policy sets out how we collect, use and disclose information about you, how we aim to protect the privacy of your personal information and your rights in relation to your personal information.

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on our website and, where appropriate, sending you a direct notification. Any changes to our Privacy Policy will be published on our website. We encourage you to regularly review this Privacy Policy to stay informed about how we manage your personal information.

A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

Kinds of Personal Information

During the provision of our services or through your use of our website and AI systems, Elevaut may collect your personal information.

Personal information is information or an opinion about an identified, or reasonably identifiable, individual, whether or not the information or opinion is true and whether or not it is recorded in a material form. This includes information generated, collected, or inferred through your interactions with systems we build or operate.

If you’re a client (or potential client), it is likely that you will share, or we will collect, some personal information. This may include, but is not limited to:

  • contact details such as your name, business name, addresses, email addresses and phone numbers;

  • your employment or professional details;

  • details of your company’s ABN and/or ACN;

  • billing and payment information including bank account and credit card details (where applicable);

  • enquiry data submitted through your website forms, landing pages, or booking forms;

  • usage data and interaction patterns with our systems;

  • messages or responses provided via SMS, email, live chat, or social media;

  • voice recordings and call recordings where enabled;

  • call transcripts and summaries generated through AI systems;

  • behavioural patterns and preferences inferred from interactions with our systems;

  • technical data such as API keys, authentication tokens, system logs, and integration settings;

  • CRM-related information provided to us for integration purposes (such as lead status, notes, pipeline stages, and contact records).

Sensitive Information

Sensitive information is defined in the Act to include information or opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.

We do not usually collect sensitive personal information. If Elevaut does collect sensitive information, we will only use and disclose it for the following purposes:

  • for the primary purpose for which it was obtained;

  • for a secondary purpose that is directly related to the primary purpose;

  • with your consent; or

  • where required or authorised by law.

Please notify us as soon as you can of any changes to the information provided to us or if you are aware of any inaccurate, out of date, misleading or false information.

Collection of Personal Information

Generally, Elevaut will collect your personal information through:

  • direct contact with you, whether in person or over the phone, email, or other communication methods;

  • the completion of online contact forms, lead forms or booking forms;

  • CRM integrations and business tools that you authorise us to connect to;

  • information service providers, including social media platforms, or publicly available information.

When you use our website, the following information may be logged for statistical purposes and for marketing and advertising:

  • the date and time of your visit to our website;

  • your IP address;

  • pages that you accessed and documents downloaded; and

  • the type of browser and device you were using.

Elevaut may also collect information about you through your use of our services, including data and metadata obtained from communications made to or from our systems. This information helps us improve service quality, enhance user experience, and support the effective management of communications.

We may automatically collect certain information about your interaction with our website and services (Usage Data). To do this, we may use cookies, pixels and similar technologies (Tracking Technologies). Usage Data may include information about how you access and use our website and your account (if applicable), including device information, browser information, information about your network connection, and your interaction with the services. You can manage preferences regarding Tracking Technologies through your browser settings.

Purpose of Collection

Elevaut may collect and use your personal information for the following purposes:

  • to respond to your enquiries or consultation requests;

  • to provide, operate, support and improve our services;

  • for accounting, billing and internal administrative purposes;

  • to send service-related communications and updates;

  • to provide training or onboarding support to clients;

  • to personalise and enhance your experience with our services;

  • to deliver automated communications (including SMS, email and voice calls) where authorised;

  • to build, configure and maintain CRM and automation workflows;

  • to monitor, test and improve system performance and reliability;

  • to detect and prevent fraud, security incidents, misuse, or abuse of services;

  • to comply with relevant legal and regulatory_ATTACHMENT requirements.

Elevaut may also use your personal information to inform you of products and/or services that may be of interest to you. If you do not wish to receive such communications, you may request not to receive direct marketing communications or use any opt-out mechanism provided.

Disclosure of Personal Information

Generally, Elevaut will only disclose your personal information for the purpose of providing our services. This may include disclosing your personal information to third parties engaged to perform administrative or business management services, including:

  • cloud storage providers;

  • hosting providers;

  • data analytics providers;

  • SMS, email, and voice service providers;

  • CRM and booking platform providers;

  • professional advisers such as accountants, lawyers, or consultants;

  • subcontractors who assist us in delivering services (where applicable).

All such disclosures are made on a confidential basis under appropriate arrangements, and in accordance with applicable law.

Elevaut may also disclose your personal information with your consent or if disclosure is required or authorised by law.

Third Parties

Where reasonable and practicable to do so, we will collect your personal information only from you. However, in some circumstances we may be provided with information about you from third parties, such as:

  • service providers who assist us in operating our business;

  • business partners with whom we collaborate;

  • professional advisers or consultants; or

  • publicly available sources.

Where required, we will take reasonable steps to ensure you are made aware of information provided to us by third parties.

Overseas Disclosure

We may use service providers that store data or process information outside Australia. We will not disclose your personal information outside Australia unless:

  • you expressly consent;

  • the disclosure is required by law; or

  • the disclosure is to service providers who are subject to privacy protections substantially similar to the Australian Privacy Principles.

Before disclosing any personal information to an overseas recipient, we will take reasonable steps to ensure the overseas recipient complies with an appropriate privacy and security scheme, however we cannot guarantee or warrant their compliance in every circumstance.

Security of Your Personal Information

We take reasonable steps to ensure that the personal information we hold is protected from misuse, interference and loss and from unauthorised access, modification or disclosure.

We implement security measures including:

  • access controls and permissions management;

  • secure cloud infrastructure and encryption where applicable;

  • multi-factor authentication where available;

  • audit logging and monitoring practices;

  • safe configuration of integrations and automation workflows.

We typically hold personal information electronically, however we may from time to time hold information in other formats where necessary.

Elevaut will securely destroy or de-identify your personal information when it is no longer required for any legitimate business purpose or legal obligation. Generally, we retain certain information for a minimum of 7 years where required by Australian tax and business laws.

Data Breaches

All staff and contractors are responsible for protecting the confidentiality of client information and business information.

Any actual or suspected data breaches must be immediately reported to our designated Privacy Officer so we can assess and respond in accordance with our obligations under the Notifiable Data Breaches scheme.

What is an eligible data breach?

An eligible data breach, defined in s 26WE(2) of the Act, occurs when:

  • there is unauthorised access to, or unauthorised disclosure of, information; and

  • a reasonable person would conclude that the access or disclosure would be likely to result in serious harm to affected individuals,

or where information is lost in circumstances likely to result in unauthorised access or disclosure, and serious harm is likely.

If there is a suspicion of a breach

If we suspect an eligible data breach has occurred, a reasonable and expeditious assessment will be conducted within 30 days.

If we reasonably believe there has been an eligible data breach, we may prepare a statement setting out:

  • Elevaut’s details;

  • a description of the breach;

  • the kind or kinds of information concerned; and

  • recommendations about the steps affected individuals should take.

If practicable, we will notify affected individuals directly. If not practicable, we may publish the statement and take reasonable steps to publicise its contents.

Maintaining the Quality of Your Personal Information

It is important to us that your personal information is accurate, complete, and up-to-date. We take reasonable steps to ensure that personal information we collect, use, or disclose is accurate, complete, and current.

We encourage you to help us maintain accuracy by:

  • notifying us promptly of any changes to your personal details (such as address, phone number, or email);

  • informing us if you notice any errors or inaccuracies; and

  • responding to requests for verification.

How You May Access Your Personal Information

Under the Act, you have a right to access and seek correction of your personal information that we collect and hold.

If at any time you would like to access or correct the personal information that Elevaut holds about you, please contact our privacy officer using the details below.

To obtain access to your personal information:

  • you may be required to provide proof of identity;

  • you will need to be reasonably specific about the information you require; and

  • we will not charge a fee for making an access request, however we may charge a reasonable administration fee for the actual cost of providing access and will notify you in advance.

If we refuse your request to access or correct your personal information, we will provide written reasons within 30 days, explain how you can make a complaint, and outline other mechanisms available under the Act.

Complaints

Please direct all privacy complaints to our privacy officer. We take privacy complaints seriously and deal with them promptly and confidentially.

You will be informed of the outcome of your complaint following completion of the investigation, which generally will take no more than 30 days.

If you are dissatisfied with the outcome of your complaint, you may refer the complaint to the OAIC. Contact details for the OAIC can be found at www.oaic.gov.au.

Contact Us

For privacy enquiries or complaints, please contact us at:

Elevaut
Email: adnan.h@elevaut.com.au

Version Control

Policy version: 1.0
Policy date: 01/01/2026

bottom of page