Privacy Policy
Safeguarding personal information with transparency and care.
About Total Calibration
Total Calibration Pty Ltd (“we”, “our”, “us”) delivers specialist Microsoft 365 content-management and data-governance solutions under the Total Calibration and Lanteria Asia-Pacific brands.
Leveraging two decades of SharePoint and Microsoft Purview expertise, we design and implement robust content-management and data-governance frameworks that empower organisations to find, protect and govern their information with confidence.
Total Calibration is a small Australian business that may be exempt from certain provisions of the Privacy Act 1988 (Cth). We nonetheless follow the Australian Privacy Principles (APPs) as a matter of good practice.
Why we collect personal information
We collect, hold, use and disclose personal information to:
- supply and support our products and services
- respond to enquiries or support requests
- manage subscriptions, events, and marketing preferences
- improve our website, content and user experience through analytics
- comply with legal or regulatory obligations.
What we collect
| Category | Typical examples | How obtained |
|---|---|---|
| Identity data | name, job title, organisation | webforms, e-mail, telephone |
| Contact data | e-mail address, phone number, postal address | webforms, e-mail, telephone |
| Technical data | IP address, browser type, device identifiers, Microsoft 365 tenant IDs | cookies, server logs, Microsoft Graph APIs |
| Usage data | pages visited, buttons clicked, interaction timestamps | first-party analytics |
| Support data | error logs, configuration details, screenshots | voluntary submission during support |
| Employee Information | personal details (name, date of birth, contact details), employment data (position, start date, line manager, work location), payroll & leave data (bank account, TFN, super fund, leave balances, timesheets, compliance items) | Accessed temporarily inside the client’s own Lanteria environment only when the client expressly grants us support access. No copies are downloaded or retained once the ticket is resolved; access is logged and strictly limited to the scope of the request. |
How we collect information
We collect personal information:
- directly from you (online forms, e-mails, phone calls, meetings);
- indirectly through your use of our website, products or Microsoft 365 solutions or Lanteria hosted software
- from third parties where you have authorised the disclosure.
Under the Privacy Act we rely on:
- APP 3 – Collection where the information is reasonably necessary for our functions;
- APP 6 – Use & disclosure for the purposes above or as otherwise permitted;
- APP 7 – Direct marketing (with clear opt-out);
- APP 11.3 – Security measures (technical and organisational) introduced by the 2024 reforms
Automated decision-making
We do not currently use fully automated decision-making that produces legal or similarly significant effects. If we introduce such technology, we will notify affected individuals in advance and explain how to request human review.
Disclosure to third parties and overseas recipients
We do not sell or rent personal information. We only disclose it when necessary to deliver our services, run our business, or meet legal obligations. Typical recipients are:
- Service providers – e.g. cloud hosting, software, analytics, payment, mailing and professional advisers who assist us to operate.
- Customer data is stored in Microsoft data centres located in Australia; Microsoft acts solely as our infrastructure provider and does not access the information for its own purposes.
- Where customers use our Lanteria-hosted software, their data is processed within that environment under the same privacy safeguards.
- Related entities and contractors performing work on our behalf under confidentiality terms.
- Government agencies, regulators or law-enforcement bodies when we are legally required to do so (e.g. court orders, statutory notices).
- Prospective purchasers or advisers in connection with a merger, acquisition or asset sale, but only under strict confidentiality.
Some suppliers may operate or store data outside Australia. When this occurs, we take reasonable steps—contractual, technical or organisational—to ensure that the information is protected to Australian privacy standards.
Data security
We protect personal information with administrative, technical and physical safeguards that align with the Australian Cyber Security Centre Essential Eight and other recognised industry standards. At a high level we:
- apply strong encryption for data in transit and at rest
- enforce multi-factor authentication and least-privilege access
- train staff in privacy and cyber-security awareness at least once a year
- maintain a documented incident-response plan and test it regularly.
- These controls are reviewed whenever new threats, technologies or regulatory guidance emerge to ensure they remain effective and proportionate.
- documented incident-response and data-breach procedures.
Retention & erasure
We keep personal information only as long as necessary for the purpose for which it was collected and for any legal or audit requirements. You may request deletion (right to erasure). Unless an exception applies, we will action validated requests within 30 days.
Your rights
You may:
- request access to the personal information we hold about you (APP 12);
- request correction of inaccurate or incomplete information (APP 13);
- object to direct marketing;
- request erasure or a pause on processing in certain circumstances;
- seek civil redress for a serious invasion of privacy once the new tort commences on 10 June 2025 (latest) and
- complain to us and, if unresolved, to the OAIC.
Cookies & tracking technologies
We use first-party cookies for essential site functions, preferences and aggregated analytics. You can disable non-essential cookies via your browser without affecting core site functionality.
Data breaches
Although we are exempt from the mandatory Notifiable Data Breaches (NDB) scheme, we voluntarily follow its principles. If we become aware of a data incident that is likely to cause serious harm, we will:
- Contain and investigate immediately to confirm what happened and what information is affected.
- Notify affected individuals as soon as practicable—normally within 72 hours—explaining:
- the nature of the breach;
- the information involved;
- recommended steps you should take; and
- how we are remediating the issue.
- Inform the OAIC of material breaches and cooperate with any enquiries.
- Review and strengthen controls to reduce the risk of recurrence.
You can report any suspected data incident to our Privacy Officer at privacy@totalcalibration.com.au.
Doxxing protection
Under the 2024 reforms, malicious disclosure of personal data (“doxxing”) is a criminal offence. We will cooperate with law-enforcement authorities and take reasonable steps to prevent unauthorised disclosure.
Complaints & contact
If you have a privacy enquiry or complaint, please contact:
Privacy Officer
Total Calibration Pty Ltd
E-mail: privacy@totalcalibration.com.au
Phone: 1300 457 496
We will acknowledge your complaint within five business days and aim to resolve it within 30 days. If you are not satisfied, you may lodge a complaint with the Office of the Australian Information Commissioner (www.oaic.gov.au).
Changes to this policy
We may update this policy to reflect changes in legislation, technology or our practices. The latest version is always available on this page with the revision date.
