Your Privacy Matters

CyberSec People Pty Ltd (ABN registered, referred to as "we", "us", or "our") is an Australian-based cybersecurity executive search and recruitment firm. We are committed to protecting the privacy of candidates, clients, referees, and visitors to our website in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This policy explains what personal information we collect, why we collect it, how we use and store it, and your rights regarding that information.

In the course of providing recruitment and executive search services, we may collect the following types of personal information:

• >Name, email address, phone number, and other contact details
• >Employment history, qualifications, skills, and professional certifications
• >Resume/CV, cover letters, and portfolio materials
• >Referee names and contact details (with your consent)
• >Salary expectations and current remuneration details
• >Right to work status and visa information
• >Information provided through our website contact form (name, email, company, role requirements, and message content)
• >LinkedIn profile URLs and other publicly available professional information

We may also collect sensitive information where it is directly relevant to a role and you have provided consent. This could include criminal history checks or professional membership details required by a client for a specific engagement.

We collect personal information directly from you when you:

• >Submit your details through our website contact form
• >Send us your resume or CV via email
• >Speak with us at industry events, conferences, or meetups (such as BSides, Black Hat, or SecTalks)
• >Connect with us through professional networking platforms
• >Are referred to us by someone in your professional network (with appropriate context)
• >Engage with us as a client seeking to fill a role

We may also collect information from publicly available sources such as LinkedIn, GitHub, conference speaker lists, and professional directories where that information is relevant to executive search activities.

We collect and use personal information for purposes directly related to our recruitment and executive search services:

• >Assessing your suitability for current or future executive search mandates
• >Matching candidates with client requirements for security leadership roles
• >Contacting you about relevant career opportunities
• >Facilitating introductions between candidates and clients
• >Conducting reference checks (with your prior consent)
• >Responding to enquiries submitted through our website
• >Managing our client relationships and search mandates
• >Complying with legal and regulatory obligations

We will not use your personal information for purposes unrelated to recruitment without your consent. We do not sell personal information to third parties. We do not use candidate data for direct marketing unrelated to career opportunities.

We may disclose your personal information to:

• >Clients (prospective employers) when presenting you as a candidate for a specific role, and only with your knowledge and consent
• >Referees you have nominated, for the purpose of conducting reference checks
• >Third-party service providers who assist us with IT systems, data storage, or communications (all bound by confidentiality obligations)
• >Government bodies or regulators where required by law

We will not share your resume or personal details with any client without discussing it with you first. Confidentiality is fundamental to how we operate. If you tell us something in confidence, it stays that way.

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. Our security measures include:

• >Encrypted data storage and secure cloud-based systems
• >Access controls limiting who within our team can view personal information
• >Secure communication channels for sharing sensitive candidate information
• >Regular review of our data handling practices

Given we work in cybersecurity recruitment, we hold ourselves to the same standards we expect of the leaders we place.

We retain personal information for as long as it is needed for the purposes described in this policy, or as required by law. For candidates, we typically retain your information to consider you for future opportunities unless you ask us to remove it.

When personal information is no longer needed, we will take reasonable steps to destroy or de-identify it securely.

Some of our search mandates involve roles with companies that have operations outside Australia, and some of our technology service providers may store data overseas. Where we disclose personal information to overseas recipients, we take reasonable steps to ensure they handle it consistently with the APPs.

Under the Australian Privacy Principles, you have the right to:

• >Request access to the personal information we hold about you
• >Request correction of any information that is inaccurate, out of date, or incomplete
• >Request deletion of your personal information from our systems
• >Withdraw consent for us to use your information for future opportunities
• >Ask us not to share your details with specific companies or individuals

To exercise any of these rights, contact us at [email protected]. We will respond to access and correction requests within 30 days.

Our website may use cookies and similar technologies to improve your experience and understand how visitors use the site. We may collect:

• >Browser type and operating system
• >Pages visited and time spent on the site
• >Referring website or source
• >IP address (anonymised where possible)

You can configure your browser to refuse cookies, though this may affect some site functionality.

If you believe we have breached the Australian Privacy Principles or handled your personal information inappropriately, you can lodge a complaint by contacting us at [email protected]. We will investigate and respond within 30 days.

If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. The updated version will be posted on this page with a revised "last updated" date. We encourage you to review this policy periodically.

If you have any questions about this privacy policy or how we handle your personal information, contact us: