Privacy Policy.

This Privacy Policy (“Policy”) describes how Aurum Quanta Pty Ltd handles Personal Information collected through aurumquanta.com(the “Site”) and through any business engagement with us. The Policy is published in accordance with the Australian Privacy Principles (“APPs”) set out in Schedule 1 of the Privacy Act 1988 (Cth) (the “Privacy Act”).

In this Policy, “Personal Information” has the meaning given in section 6 of the Privacy Act: information or an opinion about an identified individual, or an individual who is reasonably identifiable. “Sensitive Information” has the meaning given in the same section and includes information about health, racial or ethnic origin, political opinions, religious beliefs, and similar categories. “We”, “us”, and “our” refer to Aurum Quanta Pty Ltd. “You” refers to any individual whose Personal Information we hold.

By using the Site or providing Personal Information to us, you acknowledge the practices described in this Policy. If you do not agree with these practices, please do not use the Site or provide Personal Information to us.

Aurum Quanta Pty Ltd (ABN 20 697 009 322) is an Australian proprietary limited company registered in New South Wales. Our registered office is on public record with the Australian Securities and Investments Commission (ASIC).

Aurum Quanta Pty Ltd is the APP entity responsible for the Personal Information described in this Policy. For all privacy enquiries, contact us at contact@aurumquanta.com. We will respond to your enquiry within 30 days, in accordance with APP 12.

We collect only the Personal Information that is reasonably necessary for the purposes described in Section 4 of this Policy. We do not knowingly collect Sensitive Information without your express consent.

The categories of Personal Information we collect are:

• Contact details. When you submit our contact form or email us directly, we collect your name, email address, the topic of your enquiry, and the content of any message you write.
• Engagement details. If we enter into a commercial engagement with you or your organisation, we collect contact details for engagement participants, business contact information, and information about the work itself as recorded in proposals, statements of work, and correspondence.
• Technical data. Our hosting provider records standard web-server log data when you visit the Site, including your IP address, browser type and version, operating system, referring page, requested URLs, and timestamps. This data is used for security, debugging, and operational purposes.

We do not collect Sensitive Information, government identifiers (such as Tax File Numbers or Medicare numbers), financial account credentials, or information about individuals under the age of 16 (see Section 9).

We collect, hold, use, and disclose Personal Information for the following primary purposes only, in accordance with APP 6:

• To respond to your enquiries and provide information about our services.
• To deliver, manage, and account for engagements with our clients.
• To maintain a contemporaneous record of our communications, as required for professional and legal purposes.
• To improve the security, performance, and operation of the Site.
• To comply with our legal obligations, including taxation, accounting, and record-keeping requirements under Australian law.

We will not use Personal Information for any secondary purpose unless: (a) you have consented to that use; (b) you would reasonably expect us to use the information for that purpose; or (c) we are required or authorised to do so by law.

We do not use Personal Information for direct marketing to third parties, we do not sell or rent Personal Information to anyone, and we do not use client data to train machine learning models that are offered to other clients.

We disclose Personal Information to a small number of trusted third-party service providers who assist us in operating the Site and managing communications. These providers receive only the information necessary to perform their function, are bound by their own privacy policies, and are contractually restricted to handling Personal Information only for the purposes for which we disclose it.

The third parties we use are:

• Plus Five Five, Inc. (United States; operates Resend, our transactional email provider) delivers contact form submissions from our API to our inbox. The form contents pass through Resend in transit. Subject to Resend's privacy policy at resend.com/legal/privacy-policy.
• Vercel Inc. (United States) hosts the Site and retains standard server logs for security and operational purposes.
• Google LLC(United States) serves the web fonts displayed on the Site; your browser establishes a connection to Google's servers when loading pages.

Some of these providers are located outside Australia. By providing Personal Information to us, you consent to its transfer to and storage by these providers in the United States, in accordance with APP 8.1. We take reasonable steps to ensure that overseas recipients handle Personal Information in a manner consistent with the APPs.

We may also disclose Personal Information where required or authorised by law (for example, in response to a court order or valid request from a regulatory authority).

The Site does not set cookies and does not write to your browser's local storage. This is a deliberate choice: we do not need cookies for the Site to function, and we prefer not to leave identifiers in your browser when we can avoid it.

Specifically, we do not use cookies or similar technologies for analytics, advertising, profiling, or cross-site tracking. The Site sets no first-party cookies of any kind. The third-party services described in Section 5 do not set cookies on the Site domain when you visit.

If we add functionality in future that requires cookies or local storage (for example, to remember whether you have dismissed an informational notice, or to support an authenticated client portal), we will use them only for strictly essential functional purposes and update this section accordingly. We will not introduce analytics, advertising, or tracking cookies without updating this Policy first.

We take reasonable steps, as required by APP 11, to protect the Personal Information we hold from misuse, interference, loss, and from unauthorised access, modification, or disclosure. These steps include:

• Encrypted transit (HTTPS/TLS) for all Site traffic.
• Encrypted storage at rest for all communications held by our email and document providers.
• Restricted access to stored Personal Information, granted only to personnel who require it for the purposes described in this Policy.
• Multi-factor authentication on all administrative accounts.
• Prompt deletion of Personal Information once it is no longer needed for the purpose for which it was collected.

Should we become aware of an “eligible data breach” as defined under the Notifiable Data Breaches scheme in Part IIIC of the Privacy Act, we will assess the breach within 30 days and, if the assessment confirms an eligible data breach, notify the Office of the Australian Information Commissioner (OAIC) and any affected individuals as required by law.

We retain Personal Information only for as long as is necessary for the purpose for which it was collected, or as otherwise required by law. Specifically:

• Contact-form submissions and pre-engagement correspondence. Retained for up to 2 years after our last interaction with you, then deleted.
• Engagement records (proposals, statements of work, deliverables, billing correspondence). Retained for at least 7 years after the conclusion of the engagement, in accordance with Australian taxation and corporate record-keeping requirements.
• Web-server logs. Retained by our hosting provider for up to 90 days, after which they are automatically purged.

Where we are required to retain information for longer periods under specific legislation (for example, taxation law), we do so. Where we no longer have a lawful basis to retain Personal Information, we delete or de-identify it.

The Site is not directed at, and we do not knowingly collect Personal Information from, individuals under the age of 16. If you become aware that a person under the age of 16 has provided Personal Information to us, please contact us at contact@aurumquanta.com and we will delete that information promptly.

Under the Privacy Act and the APPs, you have the following rights in relation to Personal Information we hold about you:

• Right to access (APP 12): you can request a copy of the Personal Information we hold about you.
• Right to correction (APP 13): you can ask us to correct Personal Information that is inaccurate, out of date, incomplete, irrelevant, or misleading.
• Right to deletion: you can ask us to delete Personal Information, except where we are required to retain it by law or for the establishment, exercise, or defence of legal claims.
• Right to anonymity or pseudonymity (APP 2): you can deal with us anonymously or pseudonymously where it is lawful and practicable to do so.
• Right to complain if you believe we have breached the APPs in handling your Personal Information (see Section 11).

To exercise any of these rights, email us at contact@aurumquanta.com. We will respond within 30 days. We may need to verify your identity before acting on your request.

If you believe we have breached the APPs or otherwise mishandled your Personal Information, please contact us first at contact@aurumquanta.com so we have an opportunity to address the issue directly. We will acknowledge your complaint within 7 business days and provide a substantive response within 30 days.

If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• Website: oaic.gov.au
• Phone: 1300 363 992
• Email: enquiries@oaic.gov.au
• Post: GPO Box 5288, Sydney NSW 2001

We may update this Policy from time to time to reflect changes in our practices, in the law, or in the third-party services we rely on. When we update the Policy, we will increment the version number and update the “Last updated” date at the top of this page. Material changes will be prominently flagged on the Site for at least 30 days.

Your continued use of the Site after we publish an updated Policy constitutes acceptance of the updated Policy.

For all privacy-related enquiries, including requests under Section 10 and complaints under Section 11, contact us at:

Aurum Quanta Pty Ltd
ABN 20 697 009 322
Sydney, New South Wales, Australia
Email: contact@aurumquanta.com