Privacy Policy

This Privacy Policy applies when accessing this website, any products or services (separately and together termed as the "website") made available by SupplyDIO Pty Ltd (ABN: 97 684 695 734) ("SupplyDIO"). By accessing or using the website, you are deemed to have accepted and agreed to this Privacy Policy.

SupplyDIO has adopted the Australian Privacy Principles ("APPs") in the Privacy Act 1988 (Cth) (the "Privacy Act"). The Privacy Act defines personal information, and the APPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information.

Access the APPs on The Office of the Australian Information Commissioner website here: https://www.oaic.gov.au/privacy/australian-privacy-principles.

1. Our Policy

Sets out:

  1. the types of personal information we collect, use and hold;
  2. how, when and why we collect, use and hold personal information;
  3. how, when and why we disclose personal information, including overseas transfers;
  4. how we secure personal information;
  5. a person's right to access their personal information and correct it; and
  6. how to contact us (including for complaints) regarding privacy matters.

It also discloses how SupplyDIO manages personal information when:

  • providing services and products for our customers; and
  • using it in our internal business operations (such as employment, events, and procurement).

Many of our services do not involve us collecting personal information, but where necessary for us to do so (including as part of our providing services) we collect, use, hold and disclose personal information of our customers. This can include the personal information of our customers' own customers, suppliers, employees and representatives (being "End Users").

We only use this personal information so we can perform our services for customers. For example, we may use personal information to administer our contracts with a customer, or we may collect (or rather 'see') personal information when we are engaged to provide a monitoring service. We do not copy or hold a customer's personal information unless it is necessary for the service and only for such time as is necessary (or as required by law).

In many cases we rely on our customers to give or obtain the consents we require to collect, use, hold and disclose personal information. This includes our customers having notified their End Users that they will be disclosing an End User's personal information to us.

Some of our services make it impracticable to obtain consent directly from an individual -- for example if we are engaged to conduct monitoring of large list provided to us or there are multiple customers with the same suppliers, we would not be able to obtain the consent of the individuals prior to commencing monitoring. We ask our customers to clearly understand our services so that they are aware of any privacy implications and obtain any required consents from their End Users.

Outside of our service offerings, for activities such as our internal functions (e.g. employing staff and engaging contractors) and public events (e.g. seminars and conferences) we can collect personal information. The way we collect, use, hold and disclose personal information for those activities will depend on the nature of the activities.

2. Collection

2.1. Personal information from our service offerings

We collect personal information based on our different service offerings. Broadly speaking this can be split into two categories:

(1) Business Contact Information or "BCI" being information relating to each person who is involved in normal business communication, services or transactions with us. This kind of information includes: a person's name, email, telephone numbers, title, their employer's name, any authority to sign documents or place orders with us, and any other details that may be disclosed to us; and

(2) Service Dependent Information or "SDI" being information that relates to the personal information of our client's customers, suppliers, employees and representatives, which is provided to us or we may see due to the nature of the software, service or product being supplied. This can include a name, email or physical addresses, telephone numbers, government identifiers, or other sensitive information.

All of our service offerings will involve us collecting BCI, but only some will involve us collecting SDI.

2.2. Personal information from outside our service offerings

When an individual interacts with the SupplyDIO outside of our software, product or service offerings, we may collect personal information depending on the nature of the interaction including:

  • Contact Information: including a person's name, contact details, identification, mailing address, email address, telephone number, and other personal identifiers.
  • Online and technical information: affiliations, dealings and transactions with us, including by online, internet address, browser type, domain names, times, interactions with our websites, applications, operating system and other information collected using cookies and similar technologies.
  • Biometric identifiers: including facial recognition data, fingerprints, and video footage.
  • Employment and contractor information:
    • When you apply to work with us we collect your contact information, and information about your education, experience, and character, information about your right to work in Australia (such as your citizenship or visa details), referee information, as well as any details or information required for us to conduct background checks or validate any of this information.
    • When you are working for us, we will collect information about your: employment or engagement activities including information about your performance; next of kin and similar contacts; behaviour and conduct (while at work, and if relevant any behaviour outside of working hours that can be reasonably connected to us); use of our IT resources; leave and payroll matters, such as bank and superannuation details, medical certificates and other leave reasons or supporting documents.

For further details that may apply as an employee or contractor, please refer to our internal resources or (as appropriate) request further information during any employment process.

  • Interaction information: including visitor logs and information collected when you attend SupplyDIO offices or sponsored events.

2.3. How and when we collect personal information

When providing our software, products and services to customers, we collect personal information directly from individuals but may also receive personal information about a person from our customer, or third parties (such as that person's employer or service provider, third party data brokers, insurers and government agencies) depending on the circumstances.

Examples of when we collect personal information from an individual include when:

  • an individual provides us their details. This could be when an individual contacts us by telephone or electronic communications, or when an individual provides us a business card;
  • an individual (or an organisation they represent) buys services from us, or sells goods or services to us;
  • an individual creates any type of account with us;
  • we process orders and payment transactions;
  • we obtain feedback about our solutions and services;
  • an individual registers for our events, workshops and seminars;
  • an individual applies to work for us, or during the course of their employment with us.

We may also collect personal information about an individual from a customer or third parties when:

  • that person uses our services or products whilst working for or interacting with one of our customers;
  • an organisation the person buys goods or services from or interacts with is our customer;
  • a person's details are used as contact details or when signing for receipt of any products or services we provide (such as by couriers or third party software licence vendors);
  • third parties make inquiries of us about a person (for example, law enforcement agencies or parties undertaking reference or character checks);
  • we engage with data or information brokers or providers, credit reporting bodies or recruitment companies; or
  • we use publicly available sources of information.

We may also automatically collect information about activity on our website through the use of cookies, for example we may collect and use information about a person's language preferences, login information, or time spent viewing certain webpages. Please refer to our Cookies Notice for more information about our use of cookies.

2.4. How we use the personal information we collect

SupplyDIO uses personal information:

  • for the purposes we have collected it for, or an actual or potential relationship;
  • where an individual has consented, in the manner set out in that consent;
  • to improve, develop, and provide our services;
  • for BCI, to engage in normal business communication, services or transactions and events, and marketing activities relating to our business and services, in addition to other uses in this policy;
  • to carry out our business functions, such as customer, supplier or employee onboarding (including financial due diligence, or background checks), and other purposes notified;
  • to process and respond to any privacy questions or complaints from an individual about their personal information; and
  • to the extent relevant, to fulfil any legal duty or obligation required of us under an applicable law, regulation, accounting standard or the rules of a stock exchange.

2.5. How we disclose personal information

We may disclose personal information to a third party in order to fulfil our contractual or legal obligations, or conduct our normal business activities. These third parties include:

Third party category Examples of purposes for disclosure
SupplyDIO's third party suppliers for the provision of products or services to our customers To our product vendors when an individual or their company orders their products, so as to facilitate the transaction and licensing allocation; and to inform that individual or their company of related product opportunities.
SupplyDIO's third party suppliers for our internal activities Where our employees are required to undertake a background check -- our third party background check providers. Where a person requests to attend an offsite conference -- the owners or managers (including their agents) of such external conference and related facilities.
An individual's current or former employer or another nominated person When considering whether to employ an individual we may conduct reference and character checks with associates who know the individual.
SupplyDIO's external professional advisors and representatives Where we require legal, financial, accounting or professional advice.
Government agencies or authorities (in regions in which we operate) Where we are required by law or a legal instrument to disclose information, or we are permitted to do so under a law and it is appropriate to do so (such as where an individual is at risk of, or at risk of causing harm).

Other than the examples provided above, we will only disclose personal information to other third parties where the law requires it, if it is required for a legal proceeding, to prove or protect our rights or to any buyers or potential buyers in the event that we seek to sell all or part of our business.

3. International Data Transfers

SupplyDIO's head office is based in Australia. We may transfer personal information:

  • to a third party vendor located in another country where: we have been asked to provide a product or service; and it is necessary for us to pass on this information to facilitate this supply, to that country.

4. Data processors and hosting

SupplyDIO uses AWS and Microsoft for our hosting. Our Microsoft 365 tenancy is located in Australia, and we utilise AWS instances in focused in Australia to store specific types of data and personal information.

5. Your right to access and correct your personal information

Individuals have the right to request access to, or the correction of, the personal information we hold about them. To do so, please see the Contact Us section below.

6. How we store and secure your personal information

We hold personal information electronically and in hard copy form, both at our own premises and digitally in our cloud hosting with the assistance of our third party service providers.

We are ISO 27001 certified. This means we have a system to manage risks related to the security of data handled by us, and that this system respects all the best practices and principles enshrined in this internationally recognised standard, and our conformity with such practices and principles have been assessed by an independent third party audit.

The management of our environment is also aligned with standards such as the Australian Government's Essential Eight (E8), and Information Security Manual (ISM).

We have systems in place to: audit and monitor access to information we hold; identify, and if required, block information from leaving our systems; prohibit unauthorised access from persons external or internal to our systems; encrypt, log and as needed, delete or anonymise information; and we otherwise keep personal information secure while it is being stored and encrypted while in transit.

7. Contacting us

7.1. Access or correction requests

A request to access or correct personal information about an individual must be made to the Privacy Officer in writing via email: [email protected] *

* Please do not include any sensitive information within your email or mail.

If you have filed a complaint with us and we do not adequately answer your concerns, you will have the right to make a complaint in writing to the Office of the Australian Information Commissioner (www.oaic.gov.au).

Any requests must identify the person making the request so we can be satisfied that they have a right to access the personal information about them. We may take steps to validate a person's identity, including by engaging one of our third party providers to assist.

A request should also contain a description of what personal information the individual believes we hold so we can consider how access can be provided or whether correction is appropriate.

7.2. Complaints

If a person believes we have mismanaged the handling of their personal information they may complain to us about our handling of their personal information by writing to the SupplyDIO Privacy Officer.

When we receive a complaint we will:

  • Conduct an initial assessment of the complaint (including ensuring the complaint is by the person to whom the personal information belongs).
  • Notify the complainant that their complaint has been received and what actions SupplyDIO will take next (such as requiring more information, dismissing the complaint, or commencing an investigation).
  • Where we decide to investigate the complaint we will notify the complainant of the estimated duration, and provide periodic updates on the complaint's status. On completion of a complaint investigation, we will provide the complainant with a summary of our findings and determination.

8. Opting out of communications

We may send you emails concerning our products and services, events and other engagement activities if you have provided us with your contact details. We may also send you any service-information that you have requested from us. You have the right to opt out of receiving marketing communications from us.

If consent is withdrawn we may not be able to provide products or services in part or full.

Last updated: 03 June 2026

SupplyDIO