Privacy Policy

Version 1.2: 2 April 2024
SurePact Holdings Pty Ltd, ACN 620 288 048
SurePact Pty Ltd, ACN 623 890 077


1.1  This Privacy Policy sets out how SurePact Pty Ltd (ABN 72 623 890 077) (SurePact), its ultimate holding company SurePact Holdings Pty Ltd (ABN 86 620 288 048) and any Australian subsidiaries of that ultimate holding company (SurePact Group, we, us, or our) handles your Personal Information.

1.2  This Privacy Policy follows the standards of the Australian Privacy Principles set by the Australian Government for the handling of Personal Information under the Privacy Act 1988 (Cth) (Privacy Act).

1.3  By publishing this Privacy Policy, we aim to make it easy for our customers and the public to understand what Personal Information we collect and hold, why we do so, how we collect that information, and the rights an individual has with respect to their Personal Information in our possession.


2.1  Our Privacy Policy deals with how we handle “personal information” as it is defined in the Privacy Act (Personal Information).

2.2  Our Privacy Policy does not apply to information we collect in the course of business that is not Personal Information.

2.3  Our Privacy Policy applies to all of the ways in which we collect, hold, use and disclose Personal Information, both electronically or in hardcopy.

2.4  If you provide us with Personal Information (including Sensitive Information) about someone else, you must only do so if that person consents to you doing so and consents to us collecting, holding, using and disclosing their Personal Information in accordance with our Privacy Policy.

2.5  Our website and services are not directed to, or intended to be used by persons under the age of 18 years. We do not knowingly collect Personal Information from persons under the age of 18 years. If we become aware that a person under the age of 18 has provided us with Personal Information, we will take steps to delete such information. If you become aware that a person under the age of 18 has provided us with Personal Information, please contact us using the details set out in Section 10 below.


3.1  In the course of business it is necessary for us to collect Personal Information. The type of information we collect includes:

(a) Identifying Information. We may collect personal details such as an individual’s name, location, date of birth, nationality, and family details;

(b) Contact Information. We may collect information such as an individual’s email address, telephone & fax number, usernames and passwords, residential, business and postal address and other information that allows us to contact the individual;

(c) Financial Information. We may collect financial information related to a customer such as any bank or credit card details used to transact with us and other information that allows us to transact with a customer and/or provide them with our services;

(d) Statistical Information. We may collect information about an individual’s online and offline preferences, habits, movements, trends, decisions, associations, memberships, finances, purchases and other information for statistical purposes

(e) Sensitive Information. We may collect certain types of ‘sensitive information’ as it is defined in the Privacy Act (Sensitive Information), such as information relating to an individual’s membership of a trade union, or a professional or trade association, where the collection is reasonably necessary for one or more of our functions or activities, and you have consented to such collection.

3.2  We may collect other Personal Information about an individual from time to time, where reasonably necessary for, or directly related to one or more of our functions or activities, which we will handle in accordance with this Privacy Policy.

3.3  If you do not provide certain Personal Information we may need from you, we may not be able to provide you with the products or services you require.

3.4  Our website uses cookies. The main purpose of cookies is to identify users and to prepare customised web pages for them. Cookies do not identify you personally, but they may link back to a database record about you. We use cookies to monitor usage of our website and to create a personal record of when you visit our website and what pages you view so that we may serve you more effectively.


4.1  We collect Personal Information about you in the following ways:

(a) When you give it to us. We collect information when you provide us with information. For example, when you contact us in any way, when you make an enquiry, when you’re setting up an account, subscription or membership with us, or where we ask you to provide certain Personal Information;

(b) When you access or use our services. For example, when an individual submits information containing Personal Information to be communicated or managed using our system, or access our system via the internet;

(c) When you visit our offices. For example, we may require visitors to sign in before entering our office. We may on occasion and subject to consent, photograph or video people in our offices for marketing and promotional purposes;

(d) Receiving goods and services. For example, when an individual supplies us with Personal Information in the context of providing us goods or services;

(e) From third parties. In some cases, we may collect Personal Information from a third party, such as through your representatives, contractors who provide services to us, or third parties who refer you to us because they think you may be interested in our products or services.

(f) Via pixel tags. Pixel tags enable us to send email messages in a format customers can read and they tell us whether mail has been opened.

4.2  When we collect Personal Information from an individual directly, we will take reasonable steps to ensure that an individual is aware of when their Personal Information is being collected at the time of collection, including by referring individuals to our Privacy Policy.

4.3  Where we obtain Personal Information without an individual’s knowledge (such as when an individual discloses information to us by mistake, or where information is disclosed to us by a third party) we will either delete/destroy the information, or take reasonable steps to inform the individual that we hold such information, in accordance with the Privacy Act and Australian Privacy Principles. Those reasonable steps may include relying on the third party to notify the individual of the disclosure to us.


5.1  We will not use or disclose any Personal Information for a purpose other than for which it was collected, unless:

(a) we secure your consent to use the Personal Information for a secondary purpose; or

(b) such use or disclosure is otherwise permissible under the Privacy Act.

5.2  We retain Personal Information for the period necessary to fulfil the purposes for which it was collected, or as required by law. We may de-identify information about you so that you can no longer be identified through that information. We may then use and disclose that de-identified information in the course of our business.

5.3  We use Personal Information that we collect about you for the following purposes:

(a) Operational purposes: To operate our business, including our website, and provide you with any goods and services you have requested from us;

(b) To communicate with you, including:

(i) Verifying an individual’s identity;

(ii) Providing you with information you’ve requested from us, or information we are required to send to you;

(iii) Operational communications, like changes to our goods, services and website, security updates, or assistance with using our goods, services and website. We may utilise third-pay service providers to communicate with an individual in respect of such operational communications;

(iv) Marketing communications (about us or another product or service we think you might be interested in) in accordance with your marketing preferences; and

(v) Communications about competitions, surveys and questionnaires we are conducting (which we may engage a third party to assist with); 

(c) To support you: This may include assisting with the resolution of technical support issues or other issues relating to our goods, services and website, whether by email, in person support or otherwise;

(d) Security: To detect and prevent any fraudulent, malicious activity, and ensure all users of our goods, services and websites are doing so fairly and in accordance with our terms and conditions, or not otherwise engaged in any unlawful activity;

(e) To enhance our goods, services and website: For example, by tracking and monitoring your use of our goods, services and website to enable us to improve and optimise them to provide more efficient products;

(f) To market to you, by sending you marketing communications. You can opt out of receiving marketing communications from us by contacting us, or following the “unsubscribe” link in the communication;

(g) To analyse, aggregate and report: We may use the personal data we collect about you and other users of our goods, services and websites to produce aggregated and anonymised analytics and reports, which we may share publicly or with third parties.

(h) As required or permitted by any law, including the Privacy Act.

5.4  We will not sell an individual’s Personal Information to unrelated third parties under any circumstances.

5.5  We may disclose Personal Information about an individual with:

(a) Other members of the SurePact Group;

(b) Our staff who need the information to discharge their duties;

(c) Our business partners, agents and service providers, including information technology service providers;

(d) Professional advisors who we engage to provide advice to our business;

(e) Prospective purchasers of all or part of our business or shares on our company or a related entity; and

(f) Governmental authorities of third parties who ask us to disclose that information, as required under any applicable law (including to identify potentially fraudulent, deceptive or unlawful activity).

5.6 We will not disclose an individual’s Personal Information to overseas recipients (outside of Australia) unless:

(a) The overseas recipient is subject to a law, or binding scheme that has the effect of protecting the Personal Information in a way that, overall, is at least substantially similar to the way the Australian Privacy Principles protect the information, and mechanisms exist for the individual to enforce that protection of the law or binding scheme;

(b) We have entered into an enforceable contractual arrangement with the overseas recipient that requires the overseas recipient to handle the Personal Information in accordance with the Australian Privacy Principles; or

(c) The relevant individual consents to the disclosure (after being informed the protections offered by the Australian Privacy Principles will not apply to the disclosure of the Personal Information to the overseas recipient).

5.7  We acknowledge that, as at the date of this Privacy Policy, we disclose limited Personal Information to overseas recipients. It is not practicable for us to specify in advance all countries to which your Personal Information may be disclosed, but such countries may include the Philippines, and in any event will be disclosed in accordance with Section 5.6.


6.1  We have appointed a Privacy Officer to oversee the management of this Privacy Policy and compliance with the Privacy Act. This officer may have other duties within our business and also be assisted by internal and external professionals and advisors.

6.2  We will take all reasonable precautions to protect an individual’s Personal Information from unauthorised access. This includes appropriately securing our physical facilities and electronic networks.

6.3  We use SSL encryption to transfer data and industry standard encryption for data storage at rest. Despite this, the security of online transactions and the security of communications sent by electronic means or by post cannot be guaranteed. Each individual that provides information to us via the internet or by post does so at their own risk. We cannot accept responsibility for misuse or loss of, or unauthorised access to, Personal Information where the security of information is not within our control.

6.4  We generally hold the Personal Information that we collect in electronic databases, some of which may be held on our behalf by third party data storage providers.

6.5  If we collect Personal Information about an individual from a third party, we endeavour to handle that information in a manner which is consistent with the third party’s own privacy policy and which is consistent with the third party’s own obligations under the Privacy Act. We will work with the third party organisation in order to address any security or related privacy issues which may arise in relation to Personal Information which they have provided to us. Ultimately, however, it remains the third party’s responsibility to ensure that it is complying with the Privacy Act and its own privacy policies when dealing with us.

6.6  If an individual suspects any misuse or loss of, or unauthorised access to, their Personal Information, they should contact us immediately at the contact details set out in Section 10 below.


7.1  We take reasonable steps to ensure that any of your Personal Information which we hold is accurate, complete and up-to-date.

7.2  Users of services provided by SurePact can update their Personal Information themselves, via accessing their own user profile within the main application.

7.3  If you want to access any of the Personal Information that we hold about you or to correct some aspect of it (for example, because you think it is incomplete or incorrect) please contact us in writing via the contact details set out in Section 10 below.

7.4  We will respond to a request to correct your Personal Information within 30 days of receiving your written request. To protect the integrity and security of the information we hold, we may ask that you follow a defined access procedure, which may include steps to verify your identity.

7.5  We will not charge you a fee for making an application to access the Personal Information we hold about you. However, if, we incur expenses for providing access to your Personal Information, we may charge a reasonable, non-excessive fee for processing your request. We will advise you of these charges before proceeding and may require you to pay these charges upfront (before providing access). This fee may reflect costs such as:

(a) staff costs in searching for, locating and retrieving the requested Personal Information, and deciding which Personal Information to provide to the individual;

(b) staff costs in reproducing and sending the Personal Information; and

(c) costs of postage or materials involved in giving access.

7.6  There may be cases where we are unable to provide the information you request, such as where it would interfere with the privacy of others or result in a breach of confidentiality. In these cases we will let you know why we cannot comply with your request. We may be unable to correct information about you if doing so would be contrary to law.

7.7  It is an individual’s responsibility to provide us with accurate and truthful Personal Information. We cannot be liable for any information that is provided to us that is incorrect or incomplete.


8.1  If you are concerned about the way in which we handle your Personal Information, and think we may have breached the Australian Privacy Principles, or any other relevant obligation, please contact our Privacy Offer in writing via the contact details set out in Section 10 below.

8.2  If you make a complaint, we will contact you to let you know we are investigating your complaint. We will make a decision about your complaint and write to you to explain our decision.

8.3  If we have not responded to you within a reasonable time or if you feel that your complaint has not been resolved satisfactorily, you can contact us to discuss your concerns. You acknowledge you will first attempt to resolve the complaint directly with us via the process outlined above before contacting any regulatory authority, including the Office of the Australian Information Commissioner (OAIC). Contact details for the OAIC can be found on the OAIC’s webpage ( If we become aware of any unauthorised access to an individual’s Personal Information we will inform them at the earliest practical opportunity once we have established what Personal Information was accessed and how it was accessed.


9.1  From time to time, we may send an individual important notices, such as changes to our terms, conditions and policies. Because this information is important to the individual’s interaction with us, they may not opt out of receiving these communications.


10.1  If you need to contact us or want any further information from us on privacy matters, please contact our Privacy Officer at:

The Privacy Officer
SurePact Pty Ltd
Level 10
15 Green Square Close
Fortitude Valley
Brisbane 4006

We prefer to communicate with you by email – this ensures you are put in contact with the right person, in accordance with regulatory time frames. 


11.1  We may make changes to this Privacy Policy from time to time, to take into account changes to our standard practices, procedures and processes or where necessary to comply with new laws and regulations (including changes to the Privacy Act). The latest version of this Privacy Policy will always be available on our webpage (

See what SurePact can do for you

Are you ready to make your funding go further? 

Book your demo now to see how SurePact makes grant management simple.

SurePact demo available Monday - Friday, 9AM - 5PM and will run for approximately 30 minutes.