Privacy policy

1. Introduction

Kritical Pty Ltd ("Kritical™", "we", "us", "our") is committed to protecting your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy explains how we collect, use, disclose, and manage your personal information.

By using our website at kritical.net or purchasing from our Shopify store, you agree to the collection and use of information as described in this policy.

2. What Personal Information We Collect

We may collect the following types of personal information:

• Identity Information: Full name, company name, job title
• Contact Information: Email address, phone number, postal address
• Transaction Information: Products purchased, order history, payment records (note: we do not store full credit card details — payments are processed by Shopify Payments or other PCI-compliant processors)
• Technical Information: IP address, browser type, device type, pages visited, time on site, referral source
• Communication Information: Enquiry content, support correspondence, consultation notes
• Professional Information: Industry, organisation size, technology environment details provided during service engagements

We only collect personal information that is reasonably necessary for our business functions.

3. Types of information

The Privacy Act 1988 (Cth) (Privacy Act) defines types of information, including Personal Information and Sensitive Information.

Personal Information means information or an opinion about an identified individual or an individual who is reasonably identifiable:

If the information does not disclose your identity or enable your identity to be ascertained, it will in most cases not be classified as "Personal Information" and will not be subject to this privacy policy.

Sensitive Information is defined in the Privacy Act as including information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.

Sensitive Information will be used by us only:

4. How We Collect Personal Information

We collect personal information:

• When you make a purchase through our Shopify store
• When you submit an enquiry, contact form, or quote request
• When you book a discovery call or consultation
• When you subscribe to our newsletter or marketing communications
• When you engage Kritical™ for professional services
• Automatically through cookies and analytics tools when you visit our website
• Through third-party platforms including Microsoft Dynamics 365, where your licence estate is managed

5. How We Use Your Personal Information

We collect Personal Information to provide you with the best service experience possible on the Website and keep in touch with you about developments in our business.

We customarily only disclose Personal Information to our service providers who assist us in operating the Website. Your Personal Information may also be exposed from time to time to maintenance and support personnel acting in the normal course of their duties.

By using our Website, you consent to the receipt of direct marketing material. We will only use your Personal Information for this purpose if we have collected such information direct from you, and if it is material of a type which you would reasonably expect to receive from use. We do not use sensitive Personal Information in direct marketing activity. Our direct marketing material will include a simple means by which you can request not to receive further communications of this nature, such as an unsubscribe button link.

We also use this information for standard business processes and delivery of your goods and services, such as:

• To process and fulfil your product orders and licence deliveries
• To provide, manage, and improve our professional services
• To communicate with you about your order, account, or engagement
• To send you service-related notifications and updates
• To send you marketing communications where you have consented or where permitted by law
• To comply with our legal obligations as an Australian business
• To comply with our obligations to our upstream partners in order to deliver good(s) and service(s) to you
• To improve our website, products, and service offerings
• To manage your licence estate through Microsoft Dynamics 365
• To respond to support requests and enquiries

We do not sell your personal information to third parties.

6. Disclosure of Personal Information

We may disclose your personal information to:

• Microsoft Corporation for licence provisioning, Microsoft 365 account management, and Dynamics 365 ERP integration, in accordance with Microsoft's Privacy Statement
• CrowdStrike Holdings Inc. for Falcon licence provisioning and endpoint management, in accordance with CrowdStrike's Privacy Policy
• PAX8 Inc. for digital product fulfilment through the PAX8 platform
• Shopify Inc. for e-commerce platform operation, payment processing, and order management
• Apple Inc. for Apple Business Manager and device management services
• Payment Processors for secure payment processing (PCI-DSS compliant)

Payment Processors are currently known to be: Shopify Payments, Stripe, Square, AfterPay, ANZ, CBA, NAB, WBC, and similar parties as made available to you within the Website.

• Analytics Providers including Google Analytics, for website performance measurement
• Professional Advisors including legal, accounting, and IT consultants, under confidentiality obligations
• Regulatory Bodies where required by Australian law or a court order

We take reasonable steps to ensure all third parties handle your personal information in accordance with applicable privacy laws.

7. Overseas Disclosure

Some of the third parties listed above are based overseas, including in the United States and Ireland. When we disclose your information to overseas recipients, we take reasonable steps to ensure they handle your information in accordance with the Australian Privacy Principles.

By using our services, you acknowledge that such overseas disclosure may occur.

8. Cookies & Website Analytics

Our website uses cookies and similar tracking technologies to:

• View how you use our website including use of the keyboard and mouse and any other such interactivities with our pages and content
• Remember your preferences and session information
• Analyse website traffic and usage patterns
• Improve website performance and user experience
• Support marketing and advertising measurement

You can disable cookies through your browser settings. Disabling cookies may affect some website functionality. We use Microsoft Clarity, Google Analytics / Google Tag Manager and other similar technologies to measure website traffic data collected is anonymised and subject to Microsoft and/or Google's Privacy Policy.

9. Marketing Communications

We may send you marketing communications about our products, services, and promotions if:

• You have made a purchase or enquiry with us, and have not opted out, or
• You have expressly subscribed to receive marketing from us

You can opt out of marketing communications at any time by:

• Clicking the unsubscribe link in any marketing email
• Emailing sales@kritical.net with "Unsubscribe" in the subject line
• Calling 1300 274 655

We will action all opt-out requests within 5 business days.

10. Data Security

Kritical takes reasonable technical and organisational measures to protect your personal information from unauthorised access, disclosure, alteration, and destruction. These measures include:

• Secure HTTPS encryption on our website and Shopify store
• Access controls and authentication on all internal systems
• Microsoft Dynamics 365 as our secure ERP and CRM platform
• Staff training on privacy and data handling obligations
• Regular security reviews of our own technology environment

Despite these measures, no transmission of data over the internet is completely secure. We cannot guarantee the absolute security of information you transmit to us.

11. Data Retention

We retain your personal information for as long as necessary to fulfil the purposes for which it was collected, including:

• Transaction records: 7 years (as required by Australian taxation law)
• Service engagement records: 7 years
• Marketing opt-out records: Indefinitely (to honour your preferences)
• Website analytics: As per provider retention policies (typically 26 months)

When personal information is no longer required, we take reasonable steps to destroy or de-identify it securely.

12. Access & Correction

Under the Privacy Act 1988, you have the right to:

• Request access to the personal information we hold about you
• Request correction of inaccurate, incomplete, or out-of-date personal information
• Make a complaint about how we have handled your personal information

To make an access or correction request, contact us at:

Email: sales@kritical.net | Post: Kritical Pty Ltd, Level 4, 60 Moorabool Street, Geelong VIC 3220

We will respond to access and correction requests within 30 days. We may require identity verification before processing your request.

13. Privacy Complaints

If you believe we have breached the Australian Privacy Principles, please contact us first at sales@kritical.net. We will investigate your complaint and respond within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

14. Changes to This Policy

We may update this Privacy Policy from time to time. The updated policy will be posted on our website with a revised effective date. We encourage you to review this policy periodically.

15. Contact

For any further information in relation to this policy, please contact: