Digital Water Solutions Pty Ltd (Australia) and Digital Water Solutions NZ Limited (New Zealand) (“DWS”, “we”, “our”, “us”) are committed to protecting the privacy and security of personal information entrusted to us.
We comply with all relevant privacy and data protection laws, including:
The Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs)
The Notifiable Data Breaches Scheme (NDB Scheme)
The New Zealand Privacy Act 2020 and the Information Privacy Principles (IPPs)
This policy explains how we collect, use, disclose, store, protect, and manage personal information across all DWS services, including consulting, software sales, technical support, training, digital solutions, and general business operations.
2Information We Collect
We collect only the personal information necessary for our business functions, regulatory obligations, and service delivery.
2.1 Identification Information
Names, job titles, contact details
Employer and organisational information
Professional memberships (e.g. RPEQ, Engineering NZ)
2.2 Business, Project & Technical Data
Project-related communication and records
System login logs, audit trails, IP addresses
Information provided during technical support, training, workshops, and digital services delivery
2.3 Financial & Transactional Information
Invoicing details, payments, purchase history
Software licensing details and support records
2.4 Recruitment & HR Information
CVs, qualifications, background checks
Reference information
Employment-related data for applicants or contractors
2.5 Sensitive Information
We do not actively collect sensitive information unless required by law or provided explicitly with consent (e.g. health information for workplace safety or accessibility). Collection practices comply with APP 3, APP 5, and NZ IPP 1–4.
3How We Collect Information
Personal information is collected through various lawful and reasonable methods, including:
Directly from individuals during communication, onboarding, training, or support requests
From clients or project partners as part of contracted service delivery
Automatically through digital tools and platforms, such as Microsoft 365 (SharePoint, OneDrive, Teams), CRM systems, analytics tools (Google Analytics, Microsoft Clarity), and logging and monitoring systems
Where required, we provide collection notices and obtain consent in line with APP 5 and NZ IPP 3.
4How We Use Information
We use personal information only for legitimate business purposes, including:
Delivering engineering consulting, modelling, analytics, and digital services
Managing software sales, licensing, subscriptions, and support
Responding to support requests and resolving technical issues
Coordinating training, workshops, and user enablement
Financial management, invoicing, and commercial reporting
Recruitment, onboarding, and HR administration
Meeting legal, regulatory, and insurance requirements
Improving our systems, cybersecurity, and service quality
Marketing communications (only with consent where required)
All use complies with APP 6, APP 7, and NZ IPP 8–10.
5Disclosure of Information
We may disclose personal information to:
Subcontractors, project partners, or alliance partners
Cloud service providers and IT vendors (e.g. Microsoft, Autodesk)
Insurers, legal advisors, auditors, payroll and accounting providers
Regulatory authorities when required by law
Training partners or certification bodies
We do not sell or rent personal information. Disclosures occur only where permitted under APP 6, APP 8, and NZ IPP 11–12, and only the minimum necessary information is shared.
6Cross-Border Disclosures
DWS operates in Australia and New Zealand and uses cloud platforms that may store data in multiple regions. We take reasonable steps to ensure overseas recipients provide privacy protections consistent with the APPs and NZ IPPs, including:
Using reputable cloud vendors with ISO 27001 / SOC2 / IRAP-equivalent security
Implementing contractual safeguards
Ensuring data is stored in approved geographies where possible
Protecting personal information is a priority. We implement multiple layers of security, including:
Multi-Factor Authentication (MFA) and conditional access policies
Encryption in transit and at rest
Endpoint Detection & Response (EDR) tools
Microsoft 365 security features (Defender, DLP, secure sharing)
Access permissions based on least-privilege principles
Audit logs, monitoring, and intrusion detection
Staff cybersecurity training and acceptable use policies
If a breach occurs that is likely to result in serious harm, we will comply with the NDB Scheme (Australia) and the NZ Privacy Act breach notification requirements.
8Retention & Destruction of Information
We retain information only for as long as necessary for legal and regulatory requirements, contractual obligations, ongoing project or support needs, and auditing and compliance obligations.
After the required period, information is securely destroyed or de-identified using approved methods including secure digital deletion, overwriting, and controlled access archiving. This approach complies with APP 11.2 and NZ IPP 9.
9Your Rights
You have the right to request:
Access to your personal information
Correction of inaccurate or incomplete information
Withdrawal of consent (where consent was the legal basis)
Deletion or restriction of processing where legally permitted
Information about how your data has been used or disclosed
Requests can be made using the contact details below. We will respond within reasonable statutory timeframes. Governed by APPs 12–13 and the NZ Privacy Act 2020.
10Cookies & Tracking Technologies
Our website and digital platforms use cookies and tracking technologies to enhance user experience, improve security, and support analytics and performance monitoring. Tools may include Google Analytics, Microsoft Clarity, and other secure analytics services.
Users can manage cookie preferences using our cookie settings tool, or disable cookies via browser settings. Disabling cookies may affect website functionality.
11Changes to this Policy
DWS may update this Privacy Policy to reflect legislative changes, operational updates, or improved data handling practices. The current version will always be available on our website.