Facebook X-twitter Linkedin Instagram Youtube Tiktok

IT Security, AI & Data Compliance Policy

Purpose

Rotapix is committed to delivering secure, reliable, and responsible digital services that protect the interests of our clients, end-users, and the broader community. This Policy sets out our company-wide approach to managing:

  • IT security and infrastructure stability;
  • Responsible and ethical use of Artificial Intelligence (AI);
  • Compliance with Australia’s Privacy Act 1988 (Cth) and guidance issued by the Office of the Australian Information Commissioner (OAIC).

Definitions

Personal Information — as defined in Privacy Act 1988 (Cth), s 6(1).

Hosting Environment — includes all Rotapix-managed servers, cloud infrastructure, backend systems, plugins, theme files, and administrative interfaces.

AI Tool — any system, software or model that uses algorithms or machine learning to perform automated or semi-automated tasks.

Data Breach — unauthorised access to, disclosure of, or loss of personal information, as defined in Part IIIC of the Privacy Act 1988.

Hosting Environment Security

  • Rotapix strictly prohibits any direct third-party or client backend access.
  • All server-level permissions, configurations, plugin management, and theme file editing are controlled by authorised in-house technical personnel only.
  • Access controls are reviewed regularly to ensure the principle of least privilege.
  • All system users receive mandatory annual cybersecurity training.
  • Any security vulnerabilities or incidents are escalated immediately through our incident response plan.

Responsible AI Governance

  • Rotapix designs, tests, and monitors AI systems to comply with Australian law, the OAIC AI Ethics Framework, and relevant industry standards.
  • AI systems undergo regular reviews to detect and mitigate bias, discrimination, and inaccuracies.
  • Where AI is deployed for decision-making that affects individuals, Rotapix will provide meaningful information about how the decision was made, to the extent practicable.
  • Rotapix will conduct Privacy Impact Assessments (PIAs) for any new AI solutions or significant changes that involve high-risk processing of personal data.

Data Privacy & Australian Privacy Principles (APPs)

Rotapix manages all personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs):

  • Collection & Use: We collect, use, store, and disclose personal information lawfully, fairly, and transparently.
  • Purpose Limitation: Personal information is used only for the purpose for which it was collected, unless another lawful purpose applies.
  • Security: We apply robust technical and organisational measures, including encryption, secure storage, and access controls, to protect personal information (APP 11.1).
  • Retention & Destruction: Personal information is only retained for as long as necessary for legitimate business or legal purposes. Data no longer required is securely destroyed or de-identified (APP 11.2).
  • Notifiable Data Breaches: Any eligible data breach will be managed and notified in accordance with the OAIC’s Notifiable Data Breaches (NDB) scheme.

Data Subject Rights

  • Individuals may request access to, or correction of, their personal information (APPs 12 & 13).
  • Requests can be made via the contact channels below and will be actioned within a reasonable timeframe.
  • Rotapix provides information on how AI tools process data when requested, where feasible.

Privacy Impact Assessments

  • PIAs are mandatory for projects involving high-risk personal information handling or significant AI system deployment.
  • PIAs are conducted in accordance with the OAIC’s Guide to Undertaking Privacy Impact Assessments.

Plugins, Themes, Updates & System Changes

  • All plugin installations, theme file changes, updates, or other system code modifications are performed only by Rotapix’s authorised technical team.
  • Clients may request updates, plugin changes, or theme edits through official support channels; these requests will be reviewed and implemented only if they meet Rotapix’s security, AI governance, and privacy compliance standards.

Policy Breaches

  • Any attempt to bypass or violate this Policy—including unauthorised access, system interference, or misuse of AI tools—may be treated as a material breach and may result in suspension or termination of services.
  • Employees and contractors must report suspected breaches via internal channels; Rotapix provides whistleblower protections consistent with Australian law.

Contact & Complaints

Contact Rotapix:
📧 Email: office@rotapix.com
📞 Phone: 1300 799 616

Complaints:

  • Individuals may raise privacy concerns or complaints through the contact details above.
  • Rotapix will investigate all complaints and respond in writing within 30 days.

Review & Amendments

  • This Policy will be reviewed at least annually or as required to reflect changes in law, technology, or business operations.
  • Updates to this Policy will be communicated to affected stakeholders as appropriate.

Connect with us to find out how we can help you and your business.

Set up a meeting

Contact us

1300 799 616
  • Level 6 Suite 123/330
    Wattle St Ultimo NSW 2007
Facebook X-twitter Linkedin Instagram Youtube Tiktok

More about Rotapix

Find Us HERE

© 2002-2025 Rotapix Interactive Media. A Subsidiary of Q Interactive Media Pty Ltd

ABN: 59 660 628 320

Facebook Twitter Linkedin Instagram Youtube Tiktok