Skip to main content

Privacy Policy

How we collect, use, and protect your personal information

Policy Details

Last updated: 11 October 2025

Entity: Sumit Consulting Pty Ltd (ABN: 33 631 523 709)

Registered office: 316/63 Hall Street, Bondi Beach, NSW 2026, Australia

Contact: malachy@sumitconsulting.com.au (preferred)

1. Who we are and what this policy covers

Sumit Consulting Pty Ltd ("Sumit Consulting", "we", "us" or "our") is a professional consultancy providing quantity surveying and commercial management services. This Privacy Policy explains how we collect, use, disclose and protect personal information when you use our website, engage our services, subscribe to our updates, or apply for a role with us.

This policy is intended to comply with Australia's Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). If we are a small business that would otherwise be exempt, we nevertheless choose to handle personal information in accordance with the APPs as a matter of best practice. Where applicable, we also comply with the Notifiable Data Breaches (NDB) scheme.

Note: In addition to this Privacy Policy, we provide a short Collection Notice at the point where personal information is collected (e.g., sign‑up forms, career applications). See Annexes A and B.

2. Types of personal information we collect

The types of personal information we collect depend on how you interact with us. Common categories include:

2.1 Website visitors and subscribers

  • Identification and contact details (name, email, phone, employer, role, region).
  • Marketing preferences and consent records (including double opt‑in status).
  • Website usage data (e.g., IP address, device and browser type, pages visited, referring/exit pages, timestamps), and cookies or similar technologies (see Annex C: Cookies Notice).
  • Any information you provide in contact forms or surveys.

2.2 Clients and prospective clients

  • Contact and business details (name, role, company, ABN, address, email, phone).
  • Information about the engagement (scope, project and commercial information, correspondence).
  • Billing and payment information.
  • Records of our communications, proposals, statements of work and deliverables.

2.3 Job applicants and referees (careers page)

  • CV/resumé, cover letter, work history, qualifications, licences, professional memberships, referee details.
  • Right‑to‑work information, background screening results (where applicable and lawful).
  • Sensitive information only with consent or where authorised by law (e.g., health/disability information for workplace adjustments; professional association/union membership if you choose to provide it). We do not require you to disclose sensitive information to be considered for a role.

2.4 Other information sources

Public sources (e.g., LinkedIn, public websites, media) and third‑party service providers (e.g., recruiters), where lawful.

We do not intentionally collect information about children, and our website and services are not directed to persons under 16.

3. How we collect personal information

We collect personal information in the following ways:

  • Directly from you via our website forms (contact, newsletter/blog sign‑up, careers), email, phone, meetings and events.
  • Automatically via cookies, pixels and analytics tools when you use our website (see Annex C).
  • From third parties: recruiters, referees, your employer (if engaging our services), publicly available sources, and service providers who assist us.
  • From documents you upload (e.g., CVs) and the metadata associated with those files.

We collect personal information only by lawful and fair means and where reasonably necessary for our functions and activities.

4. Why we collect, use and disclose personal information

We use personal information for the following purposes:

  • Providing and improving our services, including project delivery, customer support, and quality assurance.
  • Operating our website, diagnosing issues, and enhancing security and performance.
  • Marketing and communications, including sending newsletters, articles, event invitations and updates you've opted‑in for (we use double opt‑in), and tailoring content based on your interests. You can unsubscribe at any time (see Section 10). We action unsubscribe requests within 5 working days.
  • Recruitment and talent pooling, including assessing applications, arranging interviews, contacting referees, verifying qualifications and right‑to‑work (where lawful), and considering you for future roles.
  • Business operations, including billing, record‑keeping, analytics, training, legal compliance, risk management, fraud prevention and dispute resolution.
  • Research and benchmarking using de‑identified or aggregated data (which is no longer personal information) to improve our services and insights.

Where required, we obtain your consent (for example, for sensitive information or certain marketing activities). Otherwise, we rely on the collection being reasonably necessary for our functions or activities and consistent with the APPs.

We do not sell personal information.

5. Direct marketing and your choices

  • We send commercial electronic messages (emails/SMS) only with your consent or as otherwise permitted by law.
  • Our messages identify us as the sender and include a functional unsubscribe. If you unsubscribe, we will stop sending marketing within a reasonable time (usually within 5 business days).
  • We may create custom audiences with advertising platforms (e.g., providing hashed email addresses to show ads to our subscribers). If you prefer we do not use your information in this way, you can opt out at any time via the unsubscribe link or by contacting us (see Section 15).

Unsubscribe requests do not affect important service communications (e.g., engagement updates, billing) that are not considered marketing.

6. Cookies, analytics and similar technologies

We use cookies and similar technologies to run our site, understand usage, and improve content. Categories may include:

  • Strictly necessary (security, network management, site functionality);
  • Performance/analytics (e.g., page views, dwell time);
  • Functional (preferences);
  • Advertising/retargeting (only where you have given consent, if required).

You can manage your preferences via our cookie banner (where available) or by adjusting your browser settings. Blocking some cookies may impact site functionality. See Annex C for more detail.

7. Use of AI and automated tools

We may use reputable third‑party AI‑assisted tools (e.g., drafting, analytics, document processing) to support our work. When doing so, we:

  • limit disclosures to what is reasonably necessary for the relevant task;
  • seek to disable data retention or model‑training on your content where the provider offers that setting, or otherwise apply contractual and technical safeguards;
  • prefer de‑identification of data wherever feasible; and
  • do not use AI to make automated decisions about you that have legal or similarly significant effects without appropriate human review and/or your consent.

If you do not want your information processed using AI tools, please contact us to discuss alternatives.

8. Disclosing personal information

We disclose personal information to:

  • Service providers that help us operate (e.g., cloud hosting and storage, email and collaboration platforms, CRM/marketing tools, website and analytics providers, IT and security support, recruitment systems, background‑check providers, professional advisers). Examples may include Microsoft 365, SharePoint/OneDrive, website hosting and email marketing providers, and analytics platforms.
  • Your referees, recruiters and background screeners (with your consent and where lawful) during recruitment.
  • Our professional advisers, insurers, auditors and regulators where necessary.
  • Related entities or potential acquirers (in the context of a corporate transaction), subject to confidentiality safeguards and where lawful.

Where we disclose information to third parties, we require them to handle personal information in accordance with applicable law and appropriate confidentiality and security obligations.

9. Cross‑border disclosure of personal information

Some service providers or their infrastructure may be located overseas. As at the date of this policy, based on the tools we may implement (e.g., GoDaddy, Microsoft 365, Airtable, Mailchimp, Salesforce, HubSpot, Supabase, LinkedIn), we may disclose personal information to recipients in the following countries:

  • Australia
  • United States
  • European Union (including Germany/Ireland)
  • United Kingdom
  • Singapore
  • Canada

We will update this list as we finalise providers or if our hosting locations change.

Before disclosing personal information overseas, we take reasonable steps to ensure the recipient does not breach the APPs in relation to your information (for example, by using providers with robust privacy and security controls and appropriate contractual terms). Where required, we will obtain your consent to the overseas disclosure.

10. Your choices and control

  • Unsubscribe: You can unsubscribe from marketing at any time using the link in our emails/SMS or by contacting us.
  • Cookies: Adjust your cookie preferences via our banner (where enabled) or your browser settings (see Annex C).
  • Anonymity/pseudonymity: Where lawful and practical, you may interact with us without identifying yourself or by using a pseudonym. Some services may not be available without certain details.

11. Access and correction

You may request access to the personal information we hold about you and request corrections if it is inaccurate, out‑of‑date, incomplete, irrelevant or misleading. We will respond within a reasonable time (usually within 30 days). In some cases we may need to verify your identity or may lawfully refuse access (we will explain why). Access may attract a reasonable administrative fee if significant effort is required.

12. Security

We take reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure, including:

  • access controls and least‑privilege permissions;
  • encryption in transit and at rest (where supported);
  • secure configuration, logging and monitoring;
  • staff confidentiality and awareness measures; and
  • vetting and contracting with reputable service providers.

No method of transmission or storage is fully secure. If you suspect a security incident, please contact us immediately.

13. Retention and deletion

We retain personal information only as long as necessary for the purposes described above or to meet legal, tax and accounting requirements. Typical periods are:

  • Client and project records: minimum 7 years after engagement completion;
  • Marketing subscribers: until you unsubscribe or after a period of inactivity (with regular suppression list maintenance);
  • Recruitment: application materials for up to 24 months, or longer with your explicit consent for talent‑pooling; background‑check records per legal requirements;
  • Website analytics logs: per tool default cycles or shorter, where feasible.

When information is no longer required, we take reasonable steps to de‑identify or destroy it securely.

14. Data breaches

If we experience a data breach that is likely to result in serious harm to individuals, and where we are subject to the NDB scheme, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required. We also maintain an internal data breach response plan.

15. How to contact us and complaints

If you have a question, request or complaint about privacy, please contact us:

Email: malachy@sumitconsulting.com.au

Post: Privacy Officer, Sumit Consulting Pty Ltd, 316/63 Hall Street, Bondi Beach, NSW 2026, Australia

Please provide enough details for us to investigate. We will acknowledge and respond within a reasonable period. If you are not satisfied with our response, you may contact the OAIC: www.oaic.gov.au | enquiries@oaic.gov.au | 1300 363 992.

16. Changes to this policy

We may update this policy from time to time. The latest version will be posted on our website with the effective date. Material changes will be communicated where appropriate.

17. Definitions

  • Personal information: Information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not and whether recorded in a material form or not.
  • Sensitive information: Includes information about health, biometric data, racial or ethnic origin, political opinions, religious or philosophical beliefs, sexual orientation or practices, criminal record, and trade union membership.

Annex A — Collection Notice (Website contact/newsletter/blog sign‑up)

When you submit this form, Sumit Consulting Pty Ltd (ABN 33 631 523 709) collects your name, contact details and any optional information you provide to: respond to your enquiry; send you articles, newsletters and event invitations if you opt in; and maintain our subscriber lists. If you do not provide required information, we may be unable to respond or provide updates.

We may disclose your information to our service providers (e.g., website host, email, CRM and analytics providers) and to our professional advisers where necessary. Some recipients may be located overseas (see our Privacy Policy for a list of countries and safeguards). We handle personal information in accordance with our Privacy Policy, which explains how to access or correct your information, how to complain, and how to contact us. You can unsubscribe from marketing at any time using the link in our emails or by contacting us.

By submitting this form, you consent to us sending you the types of communications you have selected. We use double opt‑in to confirm your subscription. Read our full Privacy Policy for details. For privacy queries, email malachy@sumitconsulting.com.au.

Annex B — Collection Notice (Careers & recruitment)

By applying for a role with Sumit Consulting Pty Ltd (ABN 33 631 523 709), you consent to our collection of the personal information in your application (e.g., name, contact details, CV, qualifications, work history, referees), and to us using it to: assess your application; contact you about your candidacy; conduct reference checks; verify qualifications and right‑to‑work (where lawful); and consider you for current or future roles.

We may disclose your information to referees, recruitment and background‑check service providers (where applicable), IT and HR systems providers, and our professional advisers. Some recipients may be located overseas (see our Privacy Policy for countries and safeguards).

Sensitive information (e.g., health or disability information for workplace adjustments; trade union membership) will only be collected with your consent or where authorised by law and used strictly for the relevant purpose. Please do not include sensitive information we have not requested.

If you are unsuccessful, we may retain your application for up to 24 months, or longer with your explicit consent, for future opportunities. Our Privacy Policy explains access/correction rights and how to make a complaint. For privacy queries, email malachy@sumitconsulting.com.au.

Annex C — Cookies & Similar Technologies (Website)

We use cookies, tags, pixels and local storage to operate our website, measure performance, and improve content. We categorise cookies as:

  1. Strictly necessary – required for core site functions (e.g., security, session management); cannot be switched off.
  2. Performance/analytics – help us understand how visitors use the site (e.g., pages viewed, time on page).
  3. Functional – remember preferences and enhance features.
  4. Advertising/retargeting – deliver more relevant ads; set only with your consent (if required in your jurisdiction).

Managing cookies:

  • Use our cookie banner (if enabled) to accept/reject non‑essential categories.
  • You can also control cookies via your browser settings. Blocking some cookies may limit functionality.

Examples of tools we may use (subject to implementation):

  • Analytics: Google Analytics 4 (IP generalisation, retention controls), privacy‑respecting alternatives.
  • Advertising pixels: (Optional) LinkedIn Insight Tag and Matched Audiences (hashed identifiers) for custom audiences/retargeting; used only with consent where required and not installed on pages that capture sensitive information.
  • Tag management: Google Tag Manager or similar.

See our full Privacy Policy for more on how we process personal information and your choices.

Annex D — Data Breach Response (summary)

We maintain a data breach response process that includes: identifying and containing incidents; assessing risks; taking remedial action; notifying affected individuals and the OAIC where required; and learning from incidents to improve controls. If you suspect a breach, contact malachy@sumitconsulting.com.au promptly.

Annex E — Marketing Consent Wording (example for sign‑up forms)

Tick‑box (unticked by default): Yes, I'd like to receive articles, insights and event invitations from Sumit Consulting by email. I understand Sumit uses double opt‑in and I can unsubscribe at any time.

Footer: By subscribing, you agree to our Privacy Policy. Every email includes an unsubscribe link and our contact details.

Annex F — Recruitment Consent Wording (example for careers form)

By submitting this application, I confirm that the information provided is accurate and I consent to Sumit Consulting collecting, using and disclosing my personal information as described in the Careers Collection Notice, including contacting my referees and verifying my right to work (where lawful). I also consent to Sumit Consulting retaining my application materials for up to 24 months, and understand I can opt‑in to longer retention for talent‑pooling and withdraw consent at any time by contacting malachy@sumitconsulting.com.au.

© Sumit Consulting Pty Ltd. All rights reserved.

Back to top