Data Security Policy

Effective Date: 22/10/24

At AusGarage Pty Ltd (“AusGarage”), we take the protection of client and customer data seriously. This Data Security Policy outlines how we safeguard the data entrusted to us in the course of providing our services.

1. Data Storage and Security

We store client data using secure third-party platforms. Depending on the nature of the services provided, data may be stored or accessed through:

• Third-party platforms such as Google Ads, Meta, Mailchimp, Klaviyo, and Active Campaign for campaign management and email marketing purposes.

• Internal storage solutions, including secure Google Drive folders, for temporary storage when conducting database health checks or analysing customer insights.

Where possible, we use platforms that employ strong security measures, such as:

• Encryption: Data is encrypted where available, both in transit and at rest.

• Access Control: Only authorized team members working directly on the client’s project have access to client and customer data.

2. Password Management

We use LastPass, a secure password management tool, to ensure that all passwords for platforms and services used for client projects are stored and managed securely. LastPass provides:

• Encrypted password storage, ensuring that login credentials are protected from unauthorized access.

• Two-factor authentication (2FA) for added security when accessing sensitive accounts.

• Secure sharing of passwords, ensuring that only authorized team members can access necessary platforms.

3. Access Management

• Restricted Access: Access to client customer data is limited to team members actively working on the client’s project.

• Client Contact Data: Basic client contact details (e.g., full name, company name, email, role, phone number) are shared across our internal team to ensure effective communication and client experience.

• Client’s Responsibility: Clients are responsible for providing accurate and up-to-date access credentials for the platforms we manage on their behalf.

4. Managing Data Security Risks

While AusGarage takes every precaution to ensure the safety and security of client and customer data, we understand that security risks exist. To mitigate risks, we:

• Use secure platforms and tools with encryption and access control.

• Conduct security reviews of the platforms and tools we use to ensure they meet industry standards.

• Actively monitor for vulnerabilities and take immediate action where necessary to prevent or mitigate breaches.

5. Data Breach Protocol

In the event of a data breach involving client or customer data, AusGarage will take the following steps:

1. Immediate Client Notification: Clients will be notified within 24 hours of AusGarage becoming aware of the breach. Initial contact will be made via email, phone, or text, depending on the time and urgency.

2. Follow-up: If there is no response to the initial notification, we will follow up within 24 hours using alternative contact methods to ensure the client is informed.

3. Mitigation Efforts: Immediate actions will be taken to stop further data loss, including an internal investigation. If necessary, we will bring in third-party experts to assist in the investigation.

4. Reporting: A full report will be provided to the client, including a timeline of when the breach occurred, actions taken, and the cause of the breach (if determined). We will review and update security protocols to prevent a recurrence.

5. Client Debrief: A meeting will be arranged with the client to discuss the breach, its impact, and our action plan for future prevention.

6. Data Minimization

AusGarage practices data minimization, meaning we only collect and store client and customer data that is necessary for the specific services provided. Once the project is completed, we either:

• Delete the data after the services are no longer required.

• Securely archive the data, based on the client’s instructions and the nature of the service.

7. Compliance with Regulations

AusGarage complies with the Australian Privacy Principles (APPs) and ensures that all data is managed in accordance with applicable privacy laws. If any client’s data is subject to the General Data Protection Regulation (GDPR), we will ensure compliance with GDPR requirements.

8. Contact Us

If you have any questions or concerns regarding our Data Security Policy, please contact us at:

Email: info@ausgarage.com.au

Phone: (07) 3074 9571

Mailing Address: 19/1645 Ipswich Rd, Rocklea QLD 4106