Bioni Security & Electrical Pty Ltd (“we”, “us”, “our”) respects your privacy and is committed to protecting your personal information. This policy explains what we collect, why we collect it, who we share it with, how we secure it, and how long we keep it. It applies to our website, online shop, quote and service requests, and our installation and maintenance services.
1. Who we are and how to contact us
Bioni Security & Electrical Pty Ltd (ABN 86 628 597 946), of 21B / 65-75 Captain Cook Drive, Caringbah NSW 2229. We hold NSW Security Master Licence 000108088 and NSW Electrical Contractor Licence 35018C.
Privacy enquiries, access and correction requests, and complaints can be directed to our Privacy Officer at info@bionisecurity.com.au.
2. The information we collect
We only collect personal information that is reasonably necessary for our functions and activities:
- Contact and identity details — name, email address, phone number and postal/site address.
- Account details — your email and a securely hashed password (we never see or store your password in readable form), and, for trade accounts, the business name, business address, ABN, licence number and job title you choose to provide. If you choose to sign in with Google, Google provides us with your name and email address to create or access your account.
- Quote and service information — the site type, the works requested, descriptions and your preferred dates.
- Order and delivery information — the products you buy, order and invoice records, and the delivery name, address and phone number you enter at checkout.
- Transaction information — a record that a payment was made, its amount and status. We do not collect or store your full card number (see section 5).
- Technical and usage data — we keep privacy-preserving, first-party website analytics (such as which pages are viewed and approximate visit counts) that help us improve the Site. These do not use cookies and do not identify you: a visitor is represented only by an anonymous, daily-rotating one-way hash derived from technical signals (such as your IP address and browser type) that we cannot reverse to identify you and that cannot be used to track you across other sites or from one day to the next. Separately, if you opt in via our cookie banner, we may load optional third-party analytics (for example Google Analytics) that may set cookies.
- Bot-protection data — to protect our forms (sign-in, registration, password reset and quote requests) from automated abuse, we use Google reCAPTCHA. reCAPTCHA collects hardware and software information (such as your IP address and your interactions with the Site) and sends it to Google for analysis. Your use of reCAPTCHA is subject to Google’s Privacy Policy and Terms of Service.
- Reviews you submit — if you leave a review, your rating, comments and the display name you choose are published publicly on the relevant product or service page.
- Job applications — if you apply for a role through our Careers page, we collect the name, contact details, work history and any links or documents you provide. Because we install and service security systems, some roles may require licence or background checks — we’ll tell you if so during recruitment. Applications are used only to assess you for the role; we keep unsuccessful applications for up to 12 months (so we can consider you for future roles) unless you ask us to delete them sooner.
We do not seek to collect sensitive information (as defined in the Privacy Act). Please do not send us sensitive information unless we specifically request it for a lawful purpose.
3. How and why we use it
We use personal information to:
- prepare quotes, carry out installation and maintenance work, and provide support;
- process orders, payments, deliveries, invoices, warranties and returns;
- send transactional messages (quote and order confirmations, dispatch and tracking updates, invoices);
- operate, secure, analyse and improve the Site and our Services using anonymous and aggregated, de-identified information;
- manage our accounts, security, records and customer relationships; and
- meet our legal, taxation, work-health-and-safety and regulatory obligations.
We do not make decisions about you using automated processing that produce legal or similarly significant effects without human involvement.
4. Direct marketing
We send marketing communications only where you have expressly consented. Every such message includes a simple unsubscribe option, consistent with the Spam Act 2003 (Cth). You can opt out at any time by using that link or by contacting our Privacy Officer.
5. Payments — we never store your card details
Card payments are processed by Stripe, a PCI DSS Level 1 certified payment provider. Your card details are provided directly to Stripe through its secure, hosted checkout and do not pass through, or rest on, our own servers. We receive only a confirmation of the payment (such as its amount and status) and a payment reference, never the full card number.
6. How we secure your information
We take reasonable steps, as required by Australian Privacy Principle 11, to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. Those steps include:
- Encryption in transit — all traffic to and from our website is encrypted using TLS (HTTPS), with strict transport security enforced.
- Password protection — account passwords are stored only as a salted cryptographic hash (scrypt); they are never stored in plain text and cannot be recovered by us.
- Payment isolation — card data is handled by Stripe and never stored on our systems (see section 5).
- Access control — administrative access is restricted to authorised personnel on a least-privilege, role-based basis and is protected by two-step (authenticator-based) verification.
- Application hardening — we apply a Content Security Policy, modern HTTP security headers, automated rate-limiting and bot-detection controls to reduce the risk of attack and abuse.
- Trusted hosting — personal information is hosted with reputable providers, in the Australian (Sydney) region where practicable.
- Monitoring and response — we maintain procedures to detect, assess and respond to security incidents, including under the Notifiable Data Breaches scheme.
Despite these measures, no method of transmission over the internet, or method of electronic storage, is completely secure. While we take reasonable steps to protect your personal information, we cannot guarantee its absolute security, and any information you transmit to us is at your own risk. You are responsible for keeping your account password confidential.
7. How long we keep your information
We keep personal information only for as long as it is needed for the purposes described above, or for as long as we are required to keep it by law, after which we securely delete or de-identify it. Our general retention periods are:
- Enquiries and quote requests you do not proceed with — up to 24 months, then deleted or de-identified.
- Customer accounts — for as long as your account remains active. You may ask us to close and delete it at any time, subject to the records we are required to keep below.
- Orders, tax invoices and financial records — at least 5 years, as required by Australian taxation law, and generally up to 7 years for business records.
- Installation, service and warranty records — for the life of the relevant warranty plus the period in which a related claim could be brought (generally up to 7 years).
- Marketing consent and preference records — until you withdraw consent, plus a short period to evidence compliance with the Spam Act.
- Website logs and consented analytics — for a short period, generally no more than 24 months.
8. Who we disclose it to
We disclose personal information only to the extent necessary, and only to: service providers who help us operate — for example payment processing (Stripe), transactional and marketing email (Resend), delivery and shipping, hosting and database storage, address lookup and mapping, sign-in and bot protection (Google), and, where you consent, analytics and advertising (Google and Meta); professional advisers; and government agencies, regulators or other parties where we are required or authorised by law. We require our service providers to handle personal information consistently with this policy and the Privacy Act. We do not sell your personal information.
9. Overseas disclosure
We host and process personal information in the Australian (Sydney) region where practicable. However, some of our service providers store or process information overseas — including Stripe(payments), Resend (email), Google / Alphabet (sign-in, reCAPTCHA, address lookup, maps and analytics) and Meta (advertising), which are based in the United States, and our hosting and database providers, which are US-headquartered even where data is stored in Australia. Where this occurs, we take reasonable steps to ensure those providers handle your information in a manner consistent with the Australian Privacy Principles.
10. Cookies and analytics
- Strictly necessary — a small number of cookies and similar local storage are needed for the website, your cart, sign-in and security to work. These are always active.
- First-party analytics — our own website analytics are cookieless and anonymous (see section 2). Because they do not identify you or set cookies, they run without needing your consent.
- Optional analytics — third-party analytics (such as Google Analytics) are only loaded if you accept them via our cookie banner. You can decline, or change your choice at any time, and declining does not affect your ability to use the website.
- Optional advertising — if you accept via our cookie banner, we may load an advertising pixel (the Meta/Facebook Pixel) that helps us measure our ads and show relevant ads to people who have visited the Site. It is not loaded unless you consent, and you can decline at any time.
- Advertising “advanced matching” — when the advertising pixel is enabled (i.e. after you consent), Meta’s Automatic Advanced Matching may collect certain contact and identifying details you enter on the Site — such as your email address, phone number, name and address/postcode — and convert them into an irreversible coded value (“hashing”, using SHA-256) in your browser before they are sent to Meta. Meta uses this to match website activity to its users so our advertising is measured and targeted more accurately. Sensitive information (for example financial, health or government-identifier data) is not shared. This processing only occurs with your consent and stops if you decline advertising cookies. See Meta’s Automatic Advanced Matching documentation for details.
11. Access, correction and your choices
You may request access to, or correction of, the personal information we hold about you by contacting our Privacy Officer at info@bionisecurity.com.au. We will respond within a reasonable time. In limited circumstances permitted by law we may decline a request, in which case we will explain why.
12. Complaints
If you have a privacy complaint, please contact our Privacy Officer at info@bionisecurity.com.au and we will investigate and respond. If you are not satisfied with our response, you may refer the matter to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
13. Data breaches
If an eligible data breach occurs that is likely to result in serious harm, we will notify affected individuals and the OAIC as required by the Notifiable Data Breaches scheme under the Privacy Act.
14. Children
Our website and services are intended for adults. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact our Privacy Officer and we will take reasonable steps to delete it.
15. Changes to this policy
We may update this policy from time to time to reflect changes in our practices or the law. The current version is always available on this page, with the “last updated” date shown above. Material changes will be made prominent.
16. Governing law
This policy is governed by the laws of New South Wales and the Commonwealth of Australia.