Privacy Policy

nsis.com.au — Next Step Infrastructure Services Pty Ltd

Next Step Infrastructure Services Pty Ltd (ABN 11 633 735 369), trading as Next Step ("Next Step", "we", "us" or "our"), is committed to protecting the privacy of individuals who visit our website at nsis.com.au (the "Website") or otherwise deal with us.

This Privacy Policy explains what personal information we collect through the Website, how we collect it, why we collect and use it, who we disclose it to, and how you can access or correct your personal information or raise a concern.

This Privacy Policy applies to the Website only. It does not apply to our client support portal (support.nsis.com.au) or client management portal (nsis.myportal.net.au), which we make available to our managed services clients under separate client agreements and which may be subject to additional or different terms.

We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). We apply the standards in this Policy as a matter of good practice regardless of whether we currently qualify for the "small business operator" exemption under that Act.

1. What personal information we collect

Depending on how you interact with the Website, we may collect:

  • Contact information, such as your name, business or organisation name, job title, email address, phone number and postal address.
  • Enquiry information, such as the details you provide when you contact us, request a call-back, book a free IT Health Check, request a quote, or otherwise submit an enquiry through a form on the Website, including information about your current IT environment, challenges or requirements.
  • Technical information, such as your IP address, browser type and version, device type, operating system, referring website, pages viewed, and the date, time and duration of your visit.
  • Communications, including records of emails, phone calls or other correspondence between you and us.
  • Recruitment information, if you apply for a role with us or submit an unsolicited application or resume through the Website.

We do not intentionally collect sensitive information (as defined in the Privacy Act, such as health or criminal record information). Please do not include sensitive information in any enquiry you submit to us unless we have specifically requested it and you have given your consent.

2. How we collect personal information

We collect personal information:

  • directly from you, when you complete a form on the Website (for example, our contact form or "Book a Free IT Health Check" form), subscribe to updates, or otherwise correspond with us;
  • automatically, through cookies and similar tracking technologies when you browse the Website (see section 4 below); and
  • from third parties, such as business partners, referral sources, publicly available sources (for example, LinkedIn or a company website), or our service providers, where you have interacted with us or where it is reasonable in the circumstances to do so.

Where practicable, we collect personal information directly from you. If we receive unsolicited personal information that we did not seek and determine we could not have lawfully collected, we will destroy or de-identify it as soon as practicable, provided it is lawful and reasonable to do so.

3. Why we collect, hold, use and disclose personal information

We collect, hold, use and disclose personal information for purposes including:

  • responding to your enquiries and providing information about our services;
  • assessing and progressing a booking, quote request or IT Health Check;
  • marketing and promoting our services to you, including sending newsletters, case studies or event invitations, where you have consented or where we are otherwise permitted to do so;
  • operating, maintaining and improving the Website, including analysing how visitors use it;
  • managing recruitment, where you apply for a role with us;
  • complying with our legal obligations and resolving disputes; and
  • any other purpose disclosed to you at the time of collection, or to which you have otherwise consented.

We will only use or disclose personal information for a secondary purpose where permitted under the Privacy Act — for example, where that purpose is related to the primary purpose of collection and you would reasonably expect it, or where the use or disclosure is required or authorised by law.

4. Cookies and similar technologies

Like most websites, the Website uses cookies and similar tracking technologies (such as tags and web beacons) to operate effectively and to help us understand how visitors use the site. These may include:

  • Strictly necessary cookies, required for core website functionality;
  • Analytics cookies, which help us understand visitor numbers, traffic sources and how visitors move through the Website (for example, using tools such as Google Analytics); and
  • Marketing and advertising cookies, which may be used by us or our advertising partners (for example, Google, Meta or LinkedIn) to measure the performance of our advertising and to show more relevant content to you on other websites.

Most browsers allow you to refuse, block or delete cookies through their settings. If you do this, some parts of the Website may not function as intended. Third parties described above may collect information about you when you visit other websites, in accordance with their own privacy policies.

5. Disclosure of personal information

We may disclose personal information to:

  • our employees and contractors, on a need-to-know basis, to provide our services;
  • IT, hosting, cloud storage, email and marketing service providers we engage to operate the Website and manage our business (for example, website hosting providers, customer relationship management (CRM) platforms, email marketing platforms and analytics providers);
  • our professional advisers, such as accountants, auditors and lawyers; and
  • any other party where you have consented, or where disclosure is required or authorised by law.

Some of our service providers may store or process personal information outside Australia, including in the United States, where a number of major cloud, analytics and marketing platforms are based. Where we disclose personal information overseas, we take reasonable steps to ensure the recipient handles it consistently with the Australian Privacy Principles, including through contractual protections, except where an exception under APP 8.2 applies.

We do not sell personal information to third parties.

6. Data quality and security

We take reasonable steps to ensure the personal information we hold is accurate, complete and up to date, and to protect it from misuse, interference, loss, and unauthorised access, modification or disclosure. These steps include access controls, staff training, use of reputable third-party service providers, and technical safeguards appropriate to the sensitivity of the information involved.

No method of transmission or storage is completely secure, and we cannot guarantee the absolute security of personal information.

We retain personal information only for as long as reasonably necessary to fulfil the purposes for which it was collected, or as required by law, after which it is securely destroyed or de-identified.

7. Direct marketing

We may send you direct marketing communications about our services, such as newsletters, event invitations or case studies, where you have provided your details to us and have not opted out, or otherwise in accordance with the Privacy Act and the Spam Act 2003 (Cth). You may opt out of marketing communications at any time by using the unsubscribe link in the relevant communication, or by contacting us using the details in section 11.

8. Data breaches

If we experience a data breach involving personal information that is likely to result in serious harm to any individual, we will comply with our obligations under the Notifiable Data Breaches scheme in Part IIIC of the Privacy Act, including notifying affected individuals and the Office of the Australian Information Commissioner (OAIC) where required.

9. Access, correction and complaints

You may request access to, or correction of, the personal information we hold about you by contacting us using the details in section 11. We will respond within a reasonable period. We may need to verify your identity before providing access, and in some circumstances permitted under the Privacy Act we may refuse a request for access or correction, in which case we will provide our reasons.

If you believe we have breached the Australian Privacy Principles or mishandled your personal information, you can lodge a complaint with us using the details in section 11. We will investigate and respond within a reasonable time. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner:

  • Website: www.oaic.gov.au
  • Phone: 1300 363 992

10. Third-party links and portals

The Website may contain links to third-party websites, including our client support portal, client management portal, and the websites of our technology partners. We are not responsible for the privacy practices or content of those third-party sites, and encourage you to review the privacy policy of any third-party website you visit.

11. Contact us

If you have a question, request or complaint about this Privacy Policy or how we handle your personal information, please contact us:

Next Step Infrastructure Services Pty Ltd

ABN: 11 633 735 369

Address: 8 Binney Rd, Kings Park NSW 2148

Phone: 1800 10 10 15

Email: sales@nsis.com

12. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. The updated version will be posted on this page with a revised "last updated" date. We encourage you to review this page periodically.

This Privacy Policy was last updated on 14 July 2026.